]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Improve client mobile version
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
0e1dc3e7
C		 1/* tslint:disable:no-unused-expression */
2
3import * as request from 'supertest'
4import 'mocha'
5
6import {
7 ServerInfo,
8 flushTests,
9 runServer,
10 uploadVideo,
11 getVideosList,
12 makePutBodyRequest,
13 createUser,
14 loginAndGetAccessToken,
15 getUsersList,
16 registerUser,
17 setAccessTokensToServers,
18 killallServers,
19 makePostBodyRequest,
20 getUserAccessToken
21} from '../../utils'
757f0da3 22import { UserRole } from '../../../../shared'
0e1dc3e7
C		 23
24describe('Test users API validators', function () {
25 const path = '/api/v1/users/'
26 let userId: number
27 let rootId: number
28 let videoId: number
29 let server: ServerInfo
30 let serverWithRegistrationDisabled: ServerInfo
31 let userAccessToken = ''
32
33 // ---------------------------------------------------------------
34
35 before(async function () {
36 this.timeout(120000)
37
38 await flushTests()
39
40 server = await runServer(1)
41 serverWithRegistrationDisabled = await runServer(2)
42
43 await setAccessTokensToServers([ server ])
44
45 const username = 'user1'
46 const password = 'my super password'
77a5501f
C		 47 const videoQuota = 42000000
48 await createUser(server.url, server.accessToken, username, password, videoQuota)
0e1dc3e7
C		 49
50 const videoAttributes = {}
51 await uploadVideo(server.url, server.accessToken, videoAttributes)
52
53 const res = await getVideosList(server.url)
54 const videos = res.body.data
55 videoId = videos[0].id
56
57 const user = {
58 username: 'user1',
59 password: 'my super password'
60 }
61 userAccessToken = await getUserAccessToken(server, user)
62 })
63
64 describe('When listing users', function () {
65 it('Should fail with a bad start pagination', async function () {
66 await request(server.url)
67 .get(path)
68 .query({ start: 'hello' })
69 .set('Accept', 'application/json')
70 .expect(400)
71 })
72
73 it('Should fail with a bad count pagination', async function () {
74 await request(server.url)
75 .get(path)
76 .query({ count: 'hello' })
77 .set('Accept', 'application/json')
78 .expect(400)
79 })
80
81 it('Should fail with an incorrect sort', async function () {
82 await request(server.url)
83 .get(path)
84 .query({ sort: 'hello' })
85 .set('Accept', 'application/json')
86 .expect(400)
87 })
88 })
89
90 describe('When adding a new user', function () {
91 it('Should fail with a too small username', async function () {
92 const fields = {
93 username: 'ji',
94 email: 'test@example.com',
77a5501f 95 password: 'my_super_password',
757f0da3 96 role: UserRole.USER,
77a5501f 97 videoQuota: 42000000
0e1dc3e7
C		 98 }
99
100 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
101 })
102
103 it('Should fail with a too long username', async function () {
104 const fields = {
105 username: 'my_super_username_which_is_very_long',
106 email: 'test@example.com',
77a5501f 107 password: 'my_super_password',
757f0da3
C		 108 videoQuota: 42000000,
109 role: UserRole.USER
0e1dc3e7
C		 110 }
111
112 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
113 })
114
563d032e
C		 115 it('Should fail with a not lowercase username', async function () {
116 const fields = {
117 username: 'Toto',
118 email: 'test@example.com',
119 password: 'my_super_password',
120 videoQuota: 42000000,
121 role: UserRole.USER
122 }
123
124 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
125 })
126
0e1dc3e7
C		 127 it('Should fail with an incorrect username', async function () {
128 const fields = {
129 username: 'my username',
130 email: 'test@example.com',
77a5501f 131 password: 'my_super_password',
757f0da3
C		 132 videoQuota: 42000000,
133 role: UserRole.USER
0e1dc3e7
C		 134 }
135
136 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
137 })
138
139 it('Should fail with a missing email', async function () {
140 const fields = {
141 username: 'ji',
77a5501f 142 password: 'my_super_password',
757f0da3
C		 143 videoQuota: 42000000,
144 role: UserRole.USER
0e1dc3e7
C		 145 }
146
147 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
148 })
149
150 it('Should fail with an invalid email', async function () {
151 const fields = {
152 username: 'my_super_username_which_is_very_long',
153 email: 'test_example.com',
77a5501f 154 password: 'my_super_password',
757f0da3
C		 155 videoQuota: 42000000,
156 role: UserRole.USER
0e1dc3e7
C		 157 }
158
159 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
160 })
161
162 it('Should fail with a too small password', async function () {
163 const fields = {
164 username: 'my_username',
165 email: 'test@example.com',
77a5501f 166 password: 'bla',
757f0da3
C		 167 videoQuota: 42000000,
168 role: UserRole.USER
0e1dc3e7
C		 169 }
170
171 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
172 })
173
174 it('Should fail with a too long password', async function () {
175 const fields = {
176 username: 'my_username',
177 email: 'test@example.com',
178 password: 'my super long password which is very very very very very very very very very very very very very very' +
179 'very very very very very very very very very very very very very very very veryv very very very very' +
77a5501f 180 'very very very very very very very very very very very very very very very very very very very very long',
757f0da3
C		 181 videoQuota: 42000000,
182 role: UserRole.USER
0e1dc3e7
C		 183 }
184
185 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
186 })
187
188 it('Should fail with an non authenticated user', async function () {
189 const fields = {
190 username: 'my_username',
191 email: 'test@example.com',
77a5501f 192 password: 'my super password',
757f0da3
C		 193 videoQuota: 42000000,
194 role: UserRole.USER
0e1dc3e7
C		 195 }
196
197 await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
198 })
199
200 it('Should fail if we add a user with the same username', async function () {
201 const fields = {
202 username: 'user1',
203 email: 'test@example.com',
77a5501f 204 password: 'my super password',
757f0da3
C		 205 videoQuota: 42000000,
206 role: UserRole.USER
0e1dc3e7
C		 207 }
208
209 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
210 })
211
212 it('Should fail if we add a user with the same email', async function () {
213 const fields = {
214 username: 'my_username',
215 email: 'user1@example.com',
77a5501f 216 password: 'my super password',
757f0da3
C		 217 videoQuota: 42000000,
218 role: UserRole.USER
0e1dc3e7
C		 219 }
220
221 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
222 })
223
77a5501f
C		 224 it('Should fail without a videoQuota', async function () {
225 const fields = {
226 username: 'my_username',
227 email: 'user1@example.com',
757f0da3
C		 228 password: 'my super password',
229 role: UserRole.USER
77a5501f
C		 230 }
231
232 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
233 })
234
235 it('Should fail with an invalid videoQuota', async function () {
236 const fields = {
237 username: 'my_username',
238 email: 'user1@example.com',
239 password: 'my super password',
757f0da3
C		 240 videoQuota: -5,
241 role: UserRole.USER
242 }
243
244 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
245 })
246
247 it('Should fail without a user role', async function () {
248 const fields = {
249 username: 'my_username',
250 email: 'user1@example.com',
251 password: 'my super password',
252 videoQuota: 0
253 }
254
255 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
256 })
257
258 it('Should fail with an invalid user role', async function () {
259 const fields = {
260 username: 'my_username',
261 email: 'user1@example.com',
262 password: 'my super password',
263 videoQuota: 0,
264 role: 88989
77a5501f
C		 265 }
266
267 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
268 })
269
0e1dc3e7
C		 270 it('Should succeed with the correct params', async function () {
271 const fields = {
272 username: 'user2',
273 email: 'test@example.com',
77a5501f 274 password: 'my super password',
757f0da3
C		 275 videoQuota: -1,
276 role: UserRole.USER
0e1dc3e7
C		 277 }
278
279 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
280 })
281
282 it('Should fail with a non admin user', async function () {
283 server.user = {
284 username: 'user1',
285 email: 'test@example.com',
286 password: 'my super password'
287 }
288
289 userAccessToken = await loginAndGetAccessToken(server)
290 const fields = {
291 username: 'user3',
292 email: 'test@example.com',
77a5501f
C		 293 password: 'my super password',
294 videoQuota: 42000000
0e1dc3e7
C		 295 }
296 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
297 })
298 })
299
77a5501f
C		 300 describe('When updating my account', function () {
301 it('Should fail with an invalid email attribute', async function () {
302 const fields = {
303 email: 'blabla'
304 }
0e1dc3e7 305
77a5501f 306 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 307 })
308
309 it('Should fail with a too small password', async function () {
310 const fields = {
311 password: 'bla'
312 }
313
77a5501f 314 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 315 })
316
317 it('Should fail with a too long password', async function () {
318 const fields = {
319 password: 'my super long password which is very very very very very very very very very very very very very very' +
320 'very very very very very very very very very very very very very very very veryv very very very very' +
321 'very very very very very very very very very very very very very very very very very very very very long'
322 }
323
77a5501f 324 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 325 })
326
327 it('Should fail with an invalid display NSFW attribute', async function () {
328 const fields = {
329 displayNSFW: -1
330 }
331
77a5501f 332 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 333 })
334
335 it('Should fail with an non authenticated user', async function () {
336 const fields = {
337 password: 'my super password'
338 }
339
77a5501f 340 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
0e1dc3e7
C		 341 })
342
343 it('Should succeed with the correct params', async function () {
344 const fields = {
345 password: 'my super password',
77a5501f
C		 346 displayNSFW: true,
347 email: 'super_email@example.com'
0e1dc3e7
C		 348 }
349
77a5501f
C		 350 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
351 })
352 })
353
354 describe('When updating a user', function () {
355
356 before(async function () {
357 const res = await getUsersList(server.url)
358
359 userId = res.body.data[1].id
360 rootId = res.body.data[2].id
361 })
362
363 it('Should fail with an invalid email attribute', async function () {
364 const fields = {
365 email: 'blabla'
366 }
367
368 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
369 })
370
371 it('Should fail with an invalid videoQuota attribute', async function () {
372 const fields = {
373 videoQuota: -90
374 }
375
376 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
377 })
378
757f0da3
C		 379 it('Should fail with an invalid user role attribute', async function () {
380 const fields = {
381 role: 54878
382 }
383
384 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
385 })
386
77a5501f
C		 387 it('Should fail with an non authenticated user', async function () {
388 const fields = {
389 videoQuota: 42
390 }
391
392 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
393 })
394
395 it('Should succeed with the correct params', async function () {
396 const fields = {
397 email: 'email@example.com',
757f0da3
C		 398 videoQuota: 42,
399 role: UserRole.MODERATOR
77a5501f
C		 400 }
401
402 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
0e1dc3e7
C		 403 })
404 })
405
406 describe('When getting my information', function () {
407 it('Should fail with a non authenticated user', async function () {
408 await request(server.url)
409 .get(path + 'me')
410 .set('Authorization', 'Bearer fake_token')
411 .set('Accept', 'application/json')
412 .expect(401)
413 })
414
415 it('Should success with the correct parameters', async function () {
416 await request(server.url)
417 .get(path + 'me')
418 .set('Authorization', 'Bearer ' + userAccessToken)
419 .set('Accept', 'application/json')
420 .expect(200)
421 })
422 })
423
424 describe('When getting my video rating', function () {
425 it('Should fail with a non authenticated user', async function () {
426 await request(server.url)
427 .get(path + 'me/videos/' + videoId + '/rating')
428 .set('Authorization', 'Bearer fake_token')
429 .set('Accept', 'application/json')
430 .expect(401)
431 })
432
433 it('Should fail with an incorrect video uuid', async function () {
434 await request(server.url)
435 .get(path + 'me/videos/blabla/rating')
436 .set('Authorization', 'Bearer ' + userAccessToken)
437 .set('Accept', 'application/json')
438 .expect(400)
439 })
440
441 it('Should fail with an unknown video', async function () {
442 await request(server.url)
443 .get(path + 'me/videos/4da6fde3-88f7-4d16-b119-108df5630b06/rating')
444 .set('Authorization', 'Bearer ' + userAccessToken)
445 .set('Accept', 'application/json')
446 .expect(404)
447 })
448
449 it('Should success with the correct parameters', async function () {
450 await request(server.url)
451 .get(path + 'me/videos/' + videoId + '/rating')
452 .set('Authorization', 'Bearer ' + userAccessToken)
453 .set('Accept', 'application/json')
454 .expect(200)
455 })
456 })
457
458 describe('When removing an user', function () {
459 it('Should fail with an incorrect id', async function () {
460 await request(server.url)
461 .delete(path + 'bla-bla')
462 .set('Authorization', 'Bearer ' + server.accessToken)
463 .expect(400)
464 })
465
466 it('Should fail with the root user', async function () {
467 await request(server.url)
468 .delete(path + rootId)
469 .set('Authorization', 'Bearer ' + server.accessToken)
470 .expect(400)
471 })
472
473 it('Should return 404 with a non existing id', async function () {
474 await request(server.url)
475 .delete(path + '45')
476 .set('Authorization', 'Bearer ' + server.accessToken)
477 .expect(404)
478 })
479 })
480
481 describe('When removing an user', function () {
482 it('Should fail with an incorrect id', async function () {
483 await request(server.url)
484 .delete(path + 'bla-bla')
485 .set('Authorization', 'Bearer ' + server.accessToken)
486 .expect(400)
487 })
488
489 it('Should fail with the root user', async function () {
490 await request(server.url)
491 .delete(path + rootId)
492 .set('Authorization', 'Bearer ' + server.accessToken)
493 .expect(400)
494 })
495
496 it('Should return 404 with a non existing id', async function () {
497 await request(server.url)
498 .delete(path + '45')
499 .set('Authorization', 'Bearer ' + server.accessToken)
500 .expect(404)
501 })
502 })
503
504 describe('When register a new user', function () {
505 const registrationPath = path + '/register'
506
507 it('Should fail with a too small username', async function () {
508 const fields = {
509 username: 'ji',
510 email: 'test@example.com',
511 password: 'my_super_password'
512 }
513
514 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
515 })
516
517 it('Should fail with a too long username', async function () {
518 const fields = {
519 username: 'my_super_username_which_is_very_long',
520 email: 'test@example.com',
521 password: 'my_super_password'
522 }
523
524 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
525 })
526
527 it('Should fail with an incorrect username', async function () {
528 const fields = {
529 username: 'my username',
530 email: 'test@example.com',
531 password: 'my_super_password'
532 }
533
534 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
535 })
536
537 it('Should fail with a missing email', async function () {
538 const fields = {
539 username: 'ji',
540 password: 'my_super_password'
541 }
542
543 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
544 })
545
546 it('Should fail with an invalid email', async function () {
547 const fields = {
548 username: 'my_super_username_which_is_very_long',
549 email: 'test_example.com',
550 password: 'my_super_password'
551 }
552
553 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
554 })
555
556 it('Should fail with a too small password', async function () {
557 const fields = {
558 username: 'my_username',
559 email: 'test@example.com',
560 password: 'bla'
561 }
562
563 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
564 })
565
566 it('Should fail with a too long password', async function () {
567 const fields = {
568 username: 'my_username',
569 email: 'test@example.com',
570 password: 'my super long password which is very very very very very very very very very very very very very very' +
571 'very very very very very very very very very very very very very very very veryv very very very very' +
572 'very very very very very very very very very very very very very very very very very very very very long'
573 }
574
575 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
576 })
577
578 it('Should fail if we register a user with the same username', async function () {
579 const fields = {
580 username: 'root',
581 email: 'test@example.com',
582 password: 'my super password'
583 }
584
585 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
586 })
587
588 it('Should fail if we register a user with the same email', async function () {
589 const fields = {
590 username: 'my_username',
591 email: 'admin1@example.com',
592 password: 'my super password'
593 }
594
595 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
596 })
597
598 it('Should succeed with the correct params', async function () {
599 const fields = {
600 username: 'user3',
601 email: 'test3@example.com',
602 password: 'my super password'
603 }
604
605 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 204 })
606 })
607
608 it('Should fail on a server with registration disabled', async function () {
609 const fields = {
610 username: 'user4',
611 email: 'test4@example.com',
612 password: 'my super password 4'
613 }
614
615 await makePostBodyRequest({
616 url: serverWithRegistrationDisabled.url,
617 path: registrationPath,
618 token: serverWithRegistrationDisabled.accessToken,
619 fields,
620 statusCodeExpected: 403
621 })
622 })
623 })
624
625 describe('When registering multiple users on a server with users limit', function () {
626 it('Should fail when after 3 registrations', async function () {
627 await registerUser(server.url, 'user42', 'super password', 403)
628 })
629 })
630
77a5501f
C		 631 describe('When having a video quota', function () {
632 it('Should fail with a user having too many video', async function () {
633 const fields = {
634 videoQuota: 42
635 }
636
637 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields, statusCodeExpected: 204 })
638
639 const videoAttributes = {}
640 await uploadVideo(server.url, server.accessToken, videoAttributes, 403)
641 })
642
643 it('Should fail with a registered user having too many video', async function () {
644 this.timeout(10000)
645
646 server.user = {
647 username: 'user3',
648 email: 'test3@example.com',
649 password: 'my super password'
650 }
651 userAccessToken = await loginAndGetAccessToken(server)
652
653 const videoAttributes = { fixture: 'video_short2.webm' }
654 await uploadVideo(server.url, userAccessToken, videoAttributes)
655 await uploadVideo(server.url, userAccessToken, videoAttributes)
656 await uploadVideo(server.url, userAccessToken, videoAttributes)
657 await uploadVideo(server.url, userAccessToken, videoAttributes)
658 await uploadVideo(server.url, userAccessToken, videoAttributes)
659 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
660 })
661 })
662
0e1dc3e7
C		 663 after(async function () {
664 killallServers([ server, serverWithRegistrationDisabled ])
665
666 // Keep the logs if the test failed
667 if (this['ok']) {
668 await flushTests()
669 }
670 })
671})
ActivityPub-federated video streaming platform using P2P directly in your web browser