[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import { omit } from 'lodash'
import { MockSmtpServer } from '@server/tests/shared'
import { HttpStatusCode, UserRole } from '@shared/models'
import { cleanupTests, createSingleServer, makePostBodyRequest, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'

describe('Test users API validators', function () {
  const path = '/api/v1/users/'
  let server: PeerTubeServer
  let serverWithRegistrationDisabled: PeerTubeServer

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(30000)

    const res = await Promise.all([
      createSingleServer(1, { signup: { limit: 3 } }),
      createSingleServer(2)
    ])

    server = res[0]
    serverWithRegistrationDisabled = res[1]

    await setAccessTokensToServers([ server ])

    await server.users.generate('moderator2', UserRole.MODERATOR)
  })

  describe('When registering a new user', function () {
    const registrationPath = path + '/register'
    const baseCorrectParams = {
      username: 'user3',
      displayName: 'super user',
      email: 'test3@example.com',
      password: 'my super password'
    }

    it('Should fail with a too small username', async function () {
      const fields = { ...baseCorrectParams, username: '' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long username', async function () {
      const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect username', async function () {
      const fields = { ...baseCorrectParams, username: 'my username' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a missing email', async function () {
      const fields = omit(baseCorrectParams, 'email')

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { ...baseCorrectParams, email: 'test_example.com' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too small password', async function () {
      const fields = { ...baseCorrectParams, password: 'bla' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long password', async function () {
      const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail if we register a user with the same username', async function () {
      const fields = { ...baseCorrectParams, username: 'root' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail with a "peertube" username', async function () {
      const fields = { ...baseCorrectParams, username: 'peertube' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail if we register a user with the same email', async function () {
      const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail with a bad display name', async function () {
      const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a bad channel name', async function () {
      const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a bad channel display name', async function () {
      const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a channel name that is the same as username', async function () {
      const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
      const fields = { ...baseCorrectParams, ...source }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an existing channel', async function () {
      const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
      await server.channels.create({ attributes })

      const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should succeed with the correct params', async function () {
      const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })

    it('Should fail on a server with registration disabled', async function () {
      const fields = {
        username: 'user4',
        email: 'test4@example.com',
        password: 'my super password 4'
      }

      await makePostBodyRequest({
        url: serverWithRegistrationDisabled.url,
        path: registrationPath,
        token: serverWithRegistrationDisabled.accessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })
  })

  describe('When registering multiple users on a server with users limit', function () {

    it('Should fail when after 3 registrations', async function () {
      await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

  })

  describe('When asking a password reset', function () {
    const path = '/api/v1/users/ask-reset-password'

    it('Should fail with a missing email', async function () {
      const fields = {}

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { email: 'hello' }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should success with the correct params', async function () {
      const fields = { email: 'admin@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When asking for an account verification email', function () {
    const path = '/api/v1/users/ask-send-verify-email'

    it('Should fail with a missing email', async function () {
      const fields = {}

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { email: 'hello' }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should succeed with the correct params', async function () {
      const fields = { email: 'admin@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  after(async function () {
    MockSmtpServer.Instance.kill()

    await cleanupTests([ server, serverWithRegistrationDisabled ])
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
0e1dc3e7	2
0e1dc3e7	3	import 'mocha'
b488ba1e	4	import { omit } from 'lodash'
c55e3d72	5	import { MockSmtpServer } from '@server/tests/shared'
906f46d0	6	import { HttpStatusCode, UserRole } from '@shared/models'
c55e3d72	7	import { cleanupTests, createSingleServer, makePostBodyRequest, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
0e1dc3e7 C	8
	9	describe('Test users API validators', function () {
	10	const path = '/api/v1/users/'
254d3579 C	11	let server: PeerTubeServer
254d3579 C	12	let serverWithRegistrationDisabled: PeerTubeServer
0e1dc3e7 C	13
	14	// ---------------------------------------------------------------
	15
	16	before(async function () {
e212f887	17	this.timeout(30000)
0e1dc3e7	18
906f46d0 C	19	const res = await Promise.all([
	20	createSingleServer(1, { signup: { limit: 3 } }),
	21	createSingleServer(2)
	22	])
45f1bd72	23
906f46d0 C	24	server = res[0]
906f46d0 C	25	serverWithRegistrationDisabled = res[1]
45f1bd72	26
906f46d0	27	await setAccessTokensToServers([ server ])
0e1dc3e7	28
906f46d0	29	await server.users.generate('moderator2', UserRole.MODERATOR)
92b9d60c C	30	})
92b9d60c C	31
e590b4a5	32	describe('When registering a new user', function () {
0e1dc3e7	33	const registrationPath = path + '/register'
26d21b78 C	34	const baseCorrectParams = {
26d21b78 C	35	username: 'user3',
1f20622f	36	displayName: 'super user',
26d21b78 C	37	email: 'test3@example.com',
	38	password: 'my super password'
	39	}
0e1dc3e7 C	40
0e1dc3e7 C	41	it('Should fail with a too small username', async function () {
6c5065a0	42	const fields = { ...baseCorrectParams, username: '' }
0e1dc3e7 C	43
	44	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	45	})
	46
	47	it('Should fail with a too long username', async function () {
6c5065a0	48	const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
0e1dc3e7 C	49
	50	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	51	})
	52
	53	it('Should fail with an incorrect username', async function () {
6c5065a0	54	const fields = { ...baseCorrectParams, username: 'my username' }
0e1dc3e7 C	55
	56	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	57	})
	58
	59	it('Should fail with a missing email', async function () {
26d21b78	60	const fields = omit(baseCorrectParams, 'email')
0e1dc3e7 C	61
	62	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	63	})
	64
	65	it('Should fail with an invalid email', async function () {
6c5065a0	66	const fields = { ...baseCorrectParams, email: 'test_example.com' }
0e1dc3e7 C	67
	68	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	69	})
	70
	71	it('Should fail with a too small password', async function () {
6c5065a0	72	const fields = { ...baseCorrectParams, password: 'bla' }
0e1dc3e7 C	73
	74	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	75	})
	76
	77	it('Should fail with a too long password', async function () {
6c5065a0	78	const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
0e1dc3e7 C	79
	80	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	81	})
	82
	83	it('Should fail if we register a user with the same username', async function () {
6c5065a0	84	const fields = { ...baseCorrectParams, username: 'root' }
0e1dc3e7	85
26d21b78 C	86	await makePostBodyRequest({
	87	url: server.url,
	88	path: registrationPath,
	89	token: server.accessToken,
	90	fields,
c0e8b12e	91	expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78	92	})
0e1dc3e7 C	93	})
0e1dc3e7 C	94
2ef6a063	95	it('Should fail with a "peertube" username', async function () {
6c5065a0	96	const fields = { ...baseCorrectParams, username: 'peertube' }
2ef6a063 C	97
	98	await makePostBodyRequest({
	99	url: server.url,
	100	path: registrationPath,
	101	token: server.accessToken,
	102	fields,
c0e8b12e	103	expectedStatus: HttpStatusCode.CONFLICT_409
2ef6a063 C	104	})
	105	})
	106
0e1dc3e7	107	it('Should fail if we register a user with the same email', async function () {
6c5065a0	108	const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
0e1dc3e7	109
26d21b78 C	110	await makePostBodyRequest({
	111	url: server.url,
	112	path: registrationPath,
	113	token: server.accessToken,
	114	fields,
c0e8b12e	115	expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78	116	})
0e1dc3e7 C	117	})
0e1dc3e7 C	118
1f20622f	119	it('Should fail with a bad display name', async function () {
6c5065a0	120	const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
1f20622f C	121
	122	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	123	})
	124
e590b4a5	125	it('Should fail with a bad channel name', async function () {
6c5065a0	126	const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
e590b4a5 C	127
	128	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	129	})
	130
	131	it('Should fail with a bad channel display name', async function () {
6c5065a0	132	const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
e590b4a5 C	133
	134	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	135	})
	136
32d7f2b7	137	it('Should fail with a channel name that is the same as username', async function () {
1d5342ab	138	const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
6c5065a0	139	const fields = { ...baseCorrectParams, ...source }
1d5342ab C	140
	141	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	142	})
	143
e590b4a5	144	it('Should fail with an existing channel', async function () {
a5461888	145	const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
89d241a7	146	await server.channels.create({ attributes })
e590b4a5	147
6c5065a0	148	const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
e590b4a5	149
2d53be02 RK	150	await makePostBodyRequest({
	151	url: server.url,
	152	path: registrationPath,
	153	token: server.accessToken,
	154	fields,
c0e8b12e	155	expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02	156	})
e590b4a5 C	157	})
e590b4a5 C	158
0e1dc3e7	159	it('Should succeed with the correct params', async function () {
6c5065a0	160	const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
e590b4a5	161
26d21b78 C	162	await makePostBodyRequest({
	163	url: server.url,
	164	path: registrationPath,
	165	token: server.accessToken,
ba2684ce	166	fields,
c0e8b12e	167	expectedStatus: HttpStatusCode.NO_CONTENT_204
26d21b78	168	})
0e1dc3e7 C	169	})
	170
	171	it('Should fail on a server with registration disabled', async function () {
	172	const fields = {
	173	username: 'user4',
	174	email: 'test4@example.com',
	175	password: 'my super password 4'
	176	}
	177
	178	await makePostBodyRequest({
	179	url: serverWithRegistrationDisabled.url,
	180	path: registrationPath,
	181	token: serverWithRegistrationDisabled.accessToken,
	182	fields,
c0e8b12e	183	expectedStatus: HttpStatusCode.FORBIDDEN_403
0e1dc3e7 C	184	})
	185	})
	186	})
	187
	188	describe('When registering multiple users on a server with users limit', function () {
906f46d0	189
0e1dc3e7	190	it('Should fail when after 3 registrations', async function () {
89d241a7	191	await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7	192	})
906f46d0	193
0e1dc3e7 C	194	})
0e1dc3e7 C	195
f076daa7 C	196	describe('When asking a password reset', function () {
	197	const path = '/api/v1/users/ask-reset-password'
	198
	199	it('Should fail with a missing email', async function () {
	200	const fields = {}
	201
	202	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	203	})
	204
	205	it('Should fail with an invalid email', async function () {
	206	const fields = { email: 'hello' }
	207
	208	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	209	})
	210
	211	it('Should success with the correct params', async function () {
	212	const fields = { email: 'admin@example.com' }
	213
2d53be02 RK	214	await makePostBodyRequest({
	215	url: server.url,
	216	path,
	217	token: server.accessToken,
	218	fields,
c0e8b12e	219	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	220	})
f076daa7 C	221	})
	222	})
	223
d9eaee39 JM	224	describe('When asking for an account verification email', function () {
	225	const path = '/api/v1/users/ask-send-verify-email'
	226
	227	it('Should fail with a missing email', async function () {
	228	const fields = {}
	229
	230	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	231	})
	232
	233	it('Should fail with an invalid email', async function () {
	234	const fields = { email: 'hello' }
	235
	236	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	237	})
	238
	239	it('Should succeed with the correct params', async function () {
	240	const fields = { email: 'admin@example.com' }
	241
2d53be02 RK	242	await makePostBodyRequest({
	243	url: server.url,
	244	path,
	245	token: server.accessToken,
	246	fields,
c0e8b12e	247	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	248	})
d9eaee39 JM	249	})
	250	})
	251
7c3b7976	252	after(async function () {
45f1bd72 JL	253	MockSmtpServer.Instance.kill()
45f1bd72 JL	254
7c3b7976	255	await cleanupTests([ server, serverWithRegistrationDisabled ])
0e1dc3e7 C	256	})
0e1dc3e7 C	257	})