]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Make some fields optional when uploading a video
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
0e1dc3e7
C		 1/* tslint:disable:no-unused-expression */
2
3import * as request from 'supertest'
4import 'mocha'
5
6import {
7 ServerInfo,
8 flushTests,
9 runServer,
10 uploadVideo,
11 getVideosList,
12 makePutBodyRequest,
13 createUser,
14 loginAndGetAccessToken,
15 getUsersList,
16 registerUser,
17 setAccessTokensToServers,
18 killallServers,
19 makePostBodyRequest,
20 getUserAccessToken
21} from '../../utils'
757f0da3 22import { UserRole } from '../../../../shared'
0e1dc3e7
C		 23
24describe('Test users API validators', function () {
25 const path = '/api/v1/users/'
26 let userId: number
27 let rootId: number
28 let videoId: number
29 let server: ServerInfo
30 let serverWithRegistrationDisabled: ServerInfo
31 let userAccessToken = ''
32
33 // ---------------------------------------------------------------
34
35 before(async function () {
36 this.timeout(120000)
37
38 await flushTests()
39
40 server = await runServer(1)
41 serverWithRegistrationDisabled = await runServer(2)
42
43 await setAccessTokensToServers([ server ])
44
45 const username = 'user1'
46 const password = 'my super password'
77a5501f
C		 47 const videoQuota = 42000000
48 await createUser(server.url, server.accessToken, username, password, videoQuota)
0e1dc3e7
C		 49
50 const videoAttributes = {}
51 await uploadVideo(server.url, server.accessToken, videoAttributes)
52
53 const res = await getVideosList(server.url)
54 const videos = res.body.data
55 videoId = videos[0].id
56
57 const user = {
58 username: 'user1',
59 password: 'my super password'
60 }
61 userAccessToken = await getUserAccessToken(server, user)
62 })
63
64 describe('When listing users', function () {
65 it('Should fail with a bad start pagination', async function () {
66 await request(server.url)
67 .get(path)
68 .query({ start: 'hello' })
69 .set('Accept', 'application/json')
86d13ec2 70 .set('Authorization', 'Bearer ' + server.accessToken)
0e1dc3e7
C		 71 .expect(400)
72 })
73
74 it('Should fail with a bad count pagination', async function () {
75 await request(server.url)
76 .get(path)
77 .query({ count: 'hello' })
78 .set('Accept', 'application/json')
86d13ec2 79 .set('Authorization', 'Bearer ' + server.accessToken)
0e1dc3e7
C		 80 .expect(400)
81 })
82
83 it('Should fail with an incorrect sort', async function () {
84 await request(server.url)
85 .get(path)
86 .query({ sort: 'hello' })
87 .set('Accept', 'application/json')
86d13ec2 88 .set('Authorization', 'Bearer ' + server.accessToken)
0e1dc3e7
C		 89 .expect(400)
90 })
86d13ec2
C		 91
92 it('Should fail with a non authenticated user', async function () {
93 await request(server.url)
94 .get(path)
95 .set('Accept', 'application/json')
96 .expect(401)
97 })
98
99 it('Should fail with a non admin user', async function () {
100 await request(server.url)
101 .get(path)
102 .set('Accept', 'application/json')
103 .set('Authorization', 'Bearer ' + userAccessToken)
104 .expect(403)
105 })
0e1dc3e7
C		 106 })
107
108 describe('When adding a new user', function () {
109 it('Should fail with a too small username', async function () {
110 const fields = {
111 username: 'ji',
112 email: 'test@example.com',
77a5501f 113 password: 'my_super_password',
757f0da3 114 role: UserRole.USER,
77a5501f 115 videoQuota: 42000000
0e1dc3e7
C		 116 }
117
118 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
119 })
120
121 it('Should fail with a too long username', async function () {
122 const fields = {
123 username: 'my_super_username_which_is_very_long',
124 email: 'test@example.com',
77a5501f 125 password: 'my_super_password',
757f0da3
C		 126 videoQuota: 42000000,
127 role: UserRole.USER
0e1dc3e7
C		 128 }
129
130 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
131 })
132
563d032e
C		 133 it('Should fail with a not lowercase username', async function () {
134 const fields = {
135 username: 'Toto',
136 email: 'test@example.com',
137 password: 'my_super_password',
138 videoQuota: 42000000,
139 role: UserRole.USER
140 }
141
142 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
143 })
144
0e1dc3e7
C		 145 it('Should fail with an incorrect username', async function () {
146 const fields = {
147 username: 'my username',
148 email: 'test@example.com',
77a5501f 149 password: 'my_super_password',
757f0da3
C		 150 videoQuota: 42000000,
151 role: UserRole.USER
0e1dc3e7
C		 152 }
153
154 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
155 })
156
157 it('Should fail with a missing email', async function () {
158 const fields = {
159 username: 'ji',
77a5501f 160 password: 'my_super_password',
757f0da3
C		 161 videoQuota: 42000000,
162 role: UserRole.USER
0e1dc3e7
C		 163 }
164
165 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
166 })
167
168 it('Should fail with an invalid email', async function () {
169 const fields = {
170 username: 'my_super_username_which_is_very_long',
171 email: 'test_example.com',
77a5501f 172 password: 'my_super_password',
757f0da3
C		 173 videoQuota: 42000000,
174 role: UserRole.USER
0e1dc3e7
C		 175 }
176
177 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
178 })
179
180 it('Should fail with a too small password', async function () {
181 const fields = {
182 username: 'my_username',
183 email: 'test@example.com',
77a5501f 184 password: 'bla',
757f0da3
C		 185 videoQuota: 42000000,
186 role: UserRole.USER
0e1dc3e7
C		 187 }
188
189 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
190 })
191
192 it('Should fail with a too long password', async function () {
193 const fields = {
194 username: 'my_username',
195 email: 'test@example.com',
196 password: 'my super long password which is very very very very very very very very very very very very very very' +
197 'very very very very very very very very very very very very very very very veryv very very very very' +
77a5501f 198 'very very very very very very very very very very very very very very very very very very very very long',
757f0da3
C		 199 videoQuota: 42000000,
200 role: UserRole.USER
0e1dc3e7
C		 201 }
202
203 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
204 })
205
206 it('Should fail with an non authenticated user', async function () {
207 const fields = {
208 username: 'my_username',
209 email: 'test@example.com',
77a5501f 210 password: 'my super password',
757f0da3
C		 211 videoQuota: 42000000,
212 role: UserRole.USER
0e1dc3e7
C		 213 }
214
215 await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
216 })
217
218 it('Should fail if we add a user with the same username', async function () {
219 const fields = {
220 username: 'user1',
221 email: 'test@example.com',
77a5501f 222 password: 'my super password',
757f0da3
C		 223 videoQuota: 42000000,
224 role: UserRole.USER
0e1dc3e7
C		 225 }
226
227 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
228 })
229
230 it('Should fail if we add a user with the same email', async function () {
231 const fields = {
232 username: 'my_username',
233 email: 'user1@example.com',
77a5501f 234 password: 'my super password',
757f0da3
C		 235 videoQuota: 42000000,
236 role: UserRole.USER
0e1dc3e7
C		 237 }
238
239 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
240 })
241
77a5501f
C		 242 it('Should fail without a videoQuota', async function () {
243 const fields = {
244 username: 'my_username',
245 email: 'user1@example.com',
757f0da3
C		 246 password: 'my super password',
247 role: UserRole.USER
77a5501f
C		 248 }
249
250 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
251 })
252
253 it('Should fail with an invalid videoQuota', async function () {
254 const fields = {
255 username: 'my_username',
256 email: 'user1@example.com',
257 password: 'my super password',
757f0da3
C		 258 videoQuota: -5,
259 role: UserRole.USER
260 }
261
262 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
263 })
264
265 it('Should fail without a user role', async function () {
266 const fields = {
267 username: 'my_username',
268 email: 'user1@example.com',
269 password: 'my super password',
270 videoQuota: 0
271 }
272
273 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
274 })
275
276 it('Should fail with an invalid user role', async function () {
277 const fields = {
278 username: 'my_username',
279 email: 'user1@example.com',
280 password: 'my super password',
281 videoQuota: 0,
282 role: 88989
77a5501f
C		 283 }
284
285 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
286 })
287
0e1dc3e7
C		 288 it('Should succeed with the correct params', async function () {
289 const fields = {
290 username: 'user2',
291 email: 'test@example.com',
77a5501f 292 password: 'my super password',
757f0da3
C		 293 videoQuota: -1,
294 role: UserRole.USER
0e1dc3e7
C		 295 }
296
297 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
298 })
299
300 it('Should fail with a non admin user', async function () {
301 server.user = {
302 username: 'user1',
303 email: 'test@example.com',
304 password: 'my super password'
305 }
306
307 userAccessToken = await loginAndGetAccessToken(server)
308 const fields = {
309 username: 'user3',
310 email: 'test@example.com',
77a5501f
C		 311 password: 'my super password',
312 videoQuota: 42000000
0e1dc3e7
C		 313 }
314 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
315 })
316 })
317
77a5501f
C		 318 describe('When updating my account', function () {
319 it('Should fail with an invalid email attribute', async function () {
320 const fields = {
321 email: 'blabla'
322 }
0e1dc3e7 323
77a5501f 324 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 325 })
326
327 it('Should fail with a too small password', async function () {
328 const fields = {
329 password: 'bla'
330 }
331
77a5501f 332 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 333 })
334
335 it('Should fail with a too long password', async function () {
336 const fields = {
337 password: 'my super long password which is very very very very very very very very very very very very very very' +
338 'very very very very very very very very very very very very very very very veryv very very very very' +
339 'very very very very very very very very very very very very very very very very very very very very long'
340 }
341
77a5501f 342 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 343 })
344
345 it('Should fail with an invalid display NSFW attribute', async function () {
346 const fields = {
347 displayNSFW: -1
348 }
349
77a5501f 350 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 351 })
352
353 it('Should fail with an non authenticated user', async function () {
354 const fields = {
355 password: 'my super password'
356 }
357
77a5501f 358 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
0e1dc3e7
C		 359 })
360
361 it('Should succeed with the correct params', async function () {
362 const fields = {
363 password: 'my super password',
77a5501f
C		 364 displayNSFW: true,
365 email: 'super_email@example.com'
0e1dc3e7
C		 366 }
367
77a5501f
C		 368 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
369 })
370 })
371
372 describe('When updating a user', function () {
373
374 before(async function () {
86d13ec2 375 const res = await getUsersList(server.url, server.accessToken)
77a5501f
C		 376
377 userId = res.body.data[1].id
378 rootId = res.body.data[2].id
379 })
380
381 it('Should fail with an invalid email attribute', async function () {
382 const fields = {
383 email: 'blabla'
384 }
385
386 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
387 })
388
389 it('Should fail with an invalid videoQuota attribute', async function () {
390 const fields = {
391 videoQuota: -90
392 }
393
394 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
395 })
396
757f0da3
C		 397 it('Should fail with an invalid user role attribute', async function () {
398 const fields = {
399 role: 54878
400 }
401
402 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
403 })
404
77a5501f
C		 405 it('Should fail with an non authenticated user', async function () {
406 const fields = {
407 videoQuota: 42
408 }
409
410 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
411 })
412
413 it('Should succeed with the correct params', async function () {
414 const fields = {
415 email: 'email@example.com',
757f0da3
C		 416 videoQuota: 42,
417 role: UserRole.MODERATOR
77a5501f
C		 418 }
419
420 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
0e1dc3e7
C		 421 })
422 })
423
424 describe('When getting my information', function () {
425 it('Should fail with a non authenticated user', async function () {
426 await request(server.url)
427 .get(path + 'me')
428 .set('Authorization', 'Bearer fake_token')
429 .set('Accept', 'application/json')
430 .expect(401)
431 })
432
433 it('Should success with the correct parameters', async function () {
434 await request(server.url)
435 .get(path + 'me')
436 .set('Authorization', 'Bearer ' + userAccessToken)
437 .set('Accept', 'application/json')
438 .expect(200)
439 })
440 })
441
442 describe('When getting my video rating', function () {
443 it('Should fail with a non authenticated user', async function () {
444 await request(server.url)
445 .get(path + 'me/videos/' + videoId + '/rating')
446 .set('Authorization', 'Bearer fake_token')
447 .set('Accept', 'application/json')
448 .expect(401)
449 })
450
451 it('Should fail with an incorrect video uuid', async function () {
452 await request(server.url)
453 .get(path + 'me/videos/blabla/rating')
454 .set('Authorization', 'Bearer ' + userAccessToken)
455 .set('Accept', 'application/json')
456 .expect(400)
457 })
458
459 it('Should fail with an unknown video', async function () {
460 await request(server.url)
461 .get(path + 'me/videos/4da6fde3-88f7-4d16-b119-108df5630b06/rating')
462 .set('Authorization', 'Bearer ' + userAccessToken)
463 .set('Accept', 'application/json')
464 .expect(404)
465 })
466
467 it('Should success with the correct parameters', async function () {
468 await request(server.url)
469 .get(path + 'me/videos/' + videoId + '/rating')
470 .set('Authorization', 'Bearer ' + userAccessToken)
471 .set('Accept', 'application/json')
472 .expect(200)
473 })
474 })
475
476 describe('When removing an user', function () {
477 it('Should fail with an incorrect id', async function () {
478 await request(server.url)
479 .delete(path + 'bla-bla')
480 .set('Authorization', 'Bearer ' + server.accessToken)
481 .expect(400)
482 })
483
484 it('Should fail with the root user', async function () {
485 await request(server.url)
486 .delete(path + rootId)
487 .set('Authorization', 'Bearer ' + server.accessToken)
488 .expect(400)
489 })
490
491 it('Should return 404 with a non existing id', async function () {
492 await request(server.url)
493 .delete(path + '45')
494 .set('Authorization', 'Bearer ' + server.accessToken)
495 .expect(404)
496 })
497 })
498
499 describe('When removing an user', function () {
500 it('Should fail with an incorrect id', async function () {
501 await request(server.url)
502 .delete(path + 'bla-bla')
503 .set('Authorization', 'Bearer ' + server.accessToken)
504 .expect(400)
505 })
506
507 it('Should fail with the root user', async function () {
508 await request(server.url)
509 .delete(path + rootId)
510 .set('Authorization', 'Bearer ' + server.accessToken)
511 .expect(400)
512 })
513
514 it('Should return 404 with a non existing id', async function () {
515 await request(server.url)
516 .delete(path + '45')
517 .set('Authorization', 'Bearer ' + server.accessToken)
518 .expect(404)
519 })
520 })
521
522 describe('When register a new user', function () {
523 const registrationPath = path + '/register'
524
525 it('Should fail with a too small username', async function () {
526 const fields = {
527 username: 'ji',
528 email: 'test@example.com',
529 password: 'my_super_password'
530 }
531
532 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
533 })
534
535 it('Should fail with a too long username', async function () {
536 const fields = {
537 username: 'my_super_username_which_is_very_long',
538 email: 'test@example.com',
539 password: 'my_super_password'
540 }
541
542 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
543 })
544
545 it('Should fail with an incorrect username', async function () {
546 const fields = {
547 username: 'my username',
548 email: 'test@example.com',
549 password: 'my_super_password'
550 }
551
552 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
553 })
554
555 it('Should fail with a missing email', async function () {
556 const fields = {
557 username: 'ji',
558 password: 'my_super_password'
559 }
560
561 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
562 })
563
564 it('Should fail with an invalid email', async function () {
565 const fields = {
566 username: 'my_super_username_which_is_very_long',
567 email: 'test_example.com',
568 password: 'my_super_password'
569 }
570
571 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
572 })
573
574 it('Should fail with a too small password', async function () {
575 const fields = {
576 username: 'my_username',
577 email: 'test@example.com',
578 password: 'bla'
579 }
580
581 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
582 })
583
584 it('Should fail with a too long password', async function () {
585 const fields = {
586 username: 'my_username',
587 email: 'test@example.com',
588 password: 'my super long password which is very very very very very very very very very very very very very very' +
589 'very very very very very very very very very very very very very very very veryv very very very very' +
590 'very very very very very very very very very very very very very very very very very very very very long'
591 }
592
593 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
594 })
595
596 it('Should fail if we register a user with the same username', async function () {
597 const fields = {
598 username: 'root',
599 email: 'test@example.com',
600 password: 'my super password'
601 }
602
603 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
604 })
605
606 it('Should fail if we register a user with the same email', async function () {
607 const fields = {
608 username: 'my_username',
609 email: 'admin1@example.com',
610 password: 'my super password'
611 }
612
613 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
614 })
615
616 it('Should succeed with the correct params', async function () {
617 const fields = {
618 username: 'user3',
619 email: 'test3@example.com',
620 password: 'my super password'
621 }
622
623 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 204 })
624 })
625
626 it('Should fail on a server with registration disabled', async function () {
627 const fields = {
628 username: 'user4',
629 email: 'test4@example.com',
630 password: 'my super password 4'
631 }
632
633 await makePostBodyRequest({
634 url: serverWithRegistrationDisabled.url,
635 path: registrationPath,
636 token: serverWithRegistrationDisabled.accessToken,
637 fields,
638 statusCodeExpected: 403
639 })
640 })
641 })
642
643 describe('When registering multiple users on a server with users limit', function () {
644 it('Should fail when after 3 registrations', async function () {
645 await registerUser(server.url, 'user42', 'super password', 403)
646 })
647 })
648
77a5501f
C		 649 describe('When having a video quota', function () {
650 it('Should fail with a user having too many video', async function () {
651 const fields = {
652 videoQuota: 42
653 }
654
655 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields, statusCodeExpected: 204 })
656
657 const videoAttributes = {}
658 await uploadVideo(server.url, server.accessToken, videoAttributes, 403)
659 })
660
661 it('Should fail with a registered user having too many video', async function () {
662 this.timeout(10000)
663
664 server.user = {
665 username: 'user3',
666 email: 'test3@example.com',
667 password: 'my super password'
668 }
669 userAccessToken = await loginAndGetAccessToken(server)
670
671 const videoAttributes = { fixture: 'video_short2.webm' }
672 await uploadVideo(server.url, userAccessToken, videoAttributes)
673 await uploadVideo(server.url, userAccessToken, videoAttributes)
674 await uploadVideo(server.url, userAccessToken, videoAttributes)
675 await uploadVideo(server.url, userAccessToken, videoAttributes)
676 await uploadVideo(server.url, userAccessToken, videoAttributes)
677 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
678 })
679 })
680
0e1dc3e7
C		 681 after(async function () {
682 killallServers([ server, serverWithRegistrationDisabled ])
683
684 // Keep the logs if the test failed
685 if (this['ok']) {
686 await flushTests()
687 }
688 })
689})
ActivityPub-federated video streaming platform using P2P directly in your web browser