]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Increase timeout
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
a1587156 1/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
0e1dc3e7 2
0e1dc3e7 3import 'mocha'
b488ba1e 4import { omit } from 'lodash'
0e1dc3e7 5import {
3d470a53 6 buildAbsoluteFixturePath,
d23dd9fb
C		 7 checkBadCountPagination,
8 checkBadSortPagination,
9 checkBadStartPagination,
7c3b7976 10 cleanupTests,
254d3579 11 createSingleServer,
45f1bd72 12 killallServers,
42e1ec25
C		 13 makeGetRequest,
14 makePostBodyRequest,
15 makePutBodyRequest,
16 makeUploadRequest,
d23dd9fb 17 MockSmtpServer,
254d3579 18 PeerTubeServer,
42e1ec25 19 setAccessTokensToServers,
7926c5f9 20 UsersCommand
d23dd9fb 21} from '@shared/extra-utils'
4c7e60bc 22import { HttpStatusCode, UserAdminFlag, UserRole, VideoCreateResult } from '@shared/models'
0e1dc3e7
C		 23
24describe('Test users API validators', function () {
25 const path = '/api/v1/users/'
26 let userId: number
27 let rootId: number
a95a4cc8 28 let moderatorId: number
d4a8e7a6 29 let video: VideoCreateResult
254d3579
C		 30 let server: PeerTubeServer
31 let serverWithRegistrationDisabled: PeerTubeServer
7926c5f9
C		 32 let userToken = ''
33 let moderatorToken = ''
45f1bd72
JL		 34 let emailPort: number
35 let overrideConfig: Object
0e1dc3e7
C		 36
37 // ---------------------------------------------------------------
38
39 before(async function () {
e212f887 40 this.timeout(30000)
0e1dc3e7 41
45f1bd72
JL		 42 const emails: object[] = []
43 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
44
45 overrideConfig = { signup: { limit: 8 } }
46
a95a4cc8
C		 47 {
48 const res = await Promise.all([
254d3579
C		 49 createSingleServer(1, overrideConfig),
50 createSingleServer(2)
a95a4cc8 51 ])
0e1dc3e7 52
a95a4cc8
C		 53 server = res[0]
54 serverWithRegistrationDisabled = res[1]
0e1dc3e7 55
a95a4cc8
C		 56 await setAccessTokensToServers([ server ])
57 }
58
59 {
7926c5f9 60 const user = { username: 'user1' }
89d241a7
C		 61 await server.users.create({ ...user })
62 userToken = await server.login.getAccessToken(user)
a95a4cc8
C		 63 }
64
65 {
7926c5f9 66 const moderator = { username: 'moderator1' }
89d241a7
C		 67 await server.users.create({ ...moderator, role: UserRole.MODERATOR })
68 moderatorToken = await server.login.getAccessToken(moderator)
a95a4cc8
C		 69 }
70
71 {
7926c5f9 72 const moderator = { username: 'moderator2' }
89d241a7 73 await server.users.create({ ...moderator, role: UserRole.MODERATOR })
a95a4cc8 74 }
26d21b78 75
187501f8 76 {
89d241a7 77 video = await server.videos.upload()
187501f8 78 }
a95a4cc8
C		 79
80 {
89d241a7 81 const { data } = await server.users.list()
7926c5f9
C		 82 userId = data.find(u => u.username === 'user1').id
83 rootId = data.find(u => u.username === 'root').id
84 moderatorId = data.find(u => u.username === 'moderator2').id
a95a4cc8 85 }
0e1dc3e7
C		 86 })
87
88 describe('When listing users', function () {
89 it('Should fail with a bad start pagination', async function () {
26d21b78 90 await checkBadStartPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 91 })
92
93 it('Should fail with a bad count pagination', async function () {
26d21b78 94 await checkBadCountPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 95 })
96
97 it('Should fail with an incorrect sort', async function () {
26d21b78 98 await checkBadSortPagination(server.url, path, server.accessToken)
0e1dc3e7 99 })
86d13ec2
C		 100
101 it('Should fail with a non authenticated user', async function () {
26d21b78
C		 102 await makeGetRequest({
103 url: server.url,
104 path,
c0e8b12e 105 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
26d21b78 106 })
86d13ec2
C		 107 })
108
109 it('Should fail with a non admin user', async function () {
26d21b78
C		 110 await makeGetRequest({
111 url: server.url,
112 path,
7926c5f9 113 token: userToken,
c0e8b12e 114 expectedStatus: HttpStatusCode.FORBIDDEN_403
26d21b78 115 })
86d13ec2 116 })
0e1dc3e7
C		 117 })
118
119 describe('When adding a new user', function () {
26d21b78
C		 120 const baseCorrectParams = {
121 username: 'user2',
122 email: 'test@example.com',
123 password: 'my super password',
124 videoQuota: -1,
bee0abff 125 videoQuotaDaily: -1,
1eddc9a7 126 role: UserRole.USER,
3487330d 127 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
26d21b78
C		 128 }
129
0e1dc3e7 130 it('Should fail with a too small username', async function () {
6c5065a0 131 const fields = { ...baseCorrectParams, username: '' }
0e1dc3e7
C		 132
133 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
134 })
135
136 it('Should fail with a too long username', async function () {
6c5065a0 137 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
0e1dc3e7
C		 138
139 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
140 })
141
563d032e 142 it('Should fail with a not lowercase username', async function () {
6c5065a0 143 const fields = { ...baseCorrectParams, username: 'Toto' }
563d032e
C		 144
145 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
146 })
147
0e1dc3e7 148 it('Should fail with an incorrect username', async function () {
6c5065a0 149 const fields = { ...baseCorrectParams, username: 'my username' }
0e1dc3e7
C		 150
151 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
152 })
153
154 it('Should fail with a missing email', async function () {
26d21b78 155 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 156
157 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
158 })
159
160 it('Should fail with an invalid email', async function () {
6c5065a0 161 const fields = { ...baseCorrectParams, email: 'test_example.com' }
0e1dc3e7
C		 162
163 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
164 })
165
166 it('Should fail with a too small password', async function () {
6c5065a0 167 const fields = { ...baseCorrectParams, password: 'bla' }
0e1dc3e7
C		 168
169 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
170 })
171
172 it('Should fail with a too long password', async function () {
6c5065a0 173 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
0e1dc3e7
C		 174
175 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
176 })
177
45f1bd72 178 it('Should fail with empty password and no smtp configured', async function () {
6c5065a0 179 const fields = { ...baseCorrectParams, password: '' }
45f1bd72
JL		 180
181 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
182 })
183
184 it('Should succeed with no password on a server with smtp enabled', async function () {
f43db2f4 185 this.timeout(20000)
45f1bd72 186
9293139f 187 await killallServers([ server ])
45f1bd72 188
6c5065a0
C		 189 const config = {
190 ...overrideConfig,
191
45f1bd72
JL		 192 smtp: {
193 hostname: 'localhost',
194 port: emailPort
195 }
6c5065a0 196 }
254d3579 197 await server.run(config)
45f1bd72 198
6c5065a0
C		 199 const fields = {
200 ...baseCorrectParams,
201
45f1bd72
JL		 202 password: '',
203 username: 'create_password',
204 email: 'create_password@example.com'
6c5065a0 205 }
45f1bd72
JL		 206
207 await makePostBodyRequest({
208 url: server.url,
209 path: path,
210 token: server.accessToken,
211 fields,
c0e8b12e 212 expectedStatus: HttpStatusCode.OK_200
45f1bd72
JL		 213 })
214 })
215
1eddc9a7 216 it('Should fail with invalid admin flags', async function () {
6c5065a0 217 const fields = { ...baseCorrectParams, adminFlags: 'toto' }
1eddc9a7
C		 218
219 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
220 })
221
0e1dc3e7 222 it('Should fail with an non authenticated user', async function () {
26d21b78
C		 223 await makePostBodyRequest({
224 url: server.url,
225 path,
226 token: 'super token',
227 fields: baseCorrectParams,
c0e8b12e 228 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
26d21b78 229 })
0e1dc3e7
C		 230 })
231
232 it('Should fail if we add a user with the same username', async function () {
6c5065a0 233 const fields = { ...baseCorrectParams, username: 'user1' }
0e1dc3e7 234
2d53be02
RK		 235 await makePostBodyRequest({
236 url: server.url,
237 path,
238 token: server.accessToken,
239 fields,
c0e8b12e 240 expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02 241 })
0e1dc3e7
C		 242 })
243
244 it('Should fail if we add a user with the same email', async function () {
6c5065a0 245 const fields = { ...baseCorrectParams, email: 'user1@example.com' }
0e1dc3e7 246
2d53be02
RK		 247 await makePostBodyRequest({
248 url: server.url,
249 path,
250 token: server.accessToken,
251 fields,
c0e8b12e 252 expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02 253 })
0e1dc3e7
C		 254 })
255
77a5501f 256 it('Should fail without a videoQuota', async function () {
26d21b78 257 const fields = omit(baseCorrectParams, 'videoQuota')
77a5501f
C		 258
259 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
260 })
261
bee0abff
FA		 262 it('Should fail without a videoQuotaDaily', async function () {
263 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
264
265 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
266 })
267
77a5501f 268 it('Should fail with an invalid videoQuota', async function () {
6c5065a0 269 const fields = { ...baseCorrectParams, videoQuota: -5 }
757f0da3
C		 270
271 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
272 })
273
bee0abff 274 it('Should fail with an invalid videoQuotaDaily', async function () {
6c5065a0 275 const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
bee0abff
FA		 276
277 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
278 })
279
757f0da3 280 it('Should fail without a user role', async function () {
26d21b78 281 const fields = omit(baseCorrectParams, 'role')
757f0da3
C		 282
283 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
284 })
285
286 it('Should fail with an invalid user role', async function () {
6c5065a0 287 const fields = { ...baseCorrectParams, role: 88989 }
77a5501f
C		 288
289 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
290 })
291
2ef6a063 292 it('Should fail with a "peertube" username', async function () {
6c5065a0 293 const fields = { ...baseCorrectParams, username: 'peertube' }
2ef6a063
C		 294
295 await makePostBodyRequest({
296 url: server.url,
297 path,
298 token: server.accessToken,
299 fields,
c0e8b12e 300 expectedStatus: HttpStatusCode.CONFLICT_409
2ef6a063
C		 301 })
302 })
303
a95a4cc8
C		 304 it('Should fail to create a moderator or an admin with a moderator', async function () {
305 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
6c5065a0 306 const fields = { ...baseCorrectParams, role }
a95a4cc8
C		 307
308 await makePostBodyRequest({
309 url: server.url,
310 path,
7926c5f9 311 token: moderatorToken,
a95a4cc8 312 fields,
c0e8b12e 313 expectedStatus: HttpStatusCode.FORBIDDEN_403
a95a4cc8
C		 314 })
315 }
316 })
317
318 it('Should succeed to create a user with a moderator', async function () {
6c5065a0 319 const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
a95a4cc8
C		 320
321 await makePostBodyRequest({
322 url: server.url,
323 path,
7926c5f9 324 token: moderatorToken,
a95a4cc8 325 fields,
c0e8b12e 326 expectedStatus: HttpStatusCode.OK_200
a95a4cc8
C		 327 })
328 })
329
0e1dc3e7 330 it('Should succeed with the correct params', async function () {
26d21b78
C		 331 await makePostBodyRequest({
332 url: server.url,
333 path,
334 token: server.accessToken,
335 fields: baseCorrectParams,
c0e8b12e 336 expectedStatus: HttpStatusCode.OK_200
26d21b78 337 })
0e1dc3e7
C		 338 })
339
340 it('Should fail with a non admin user', async function () {
7926c5f9 341 const user = { username: 'user1' }
89d241a7 342 userToken = await server.login.getAccessToken(user)
0e1dc3e7 343
0e1dc3e7
C		 344 const fields = {
345 username: 'user3',
346 email: 'test@example.com',
77a5501f
C		 347 password: 'my super password',
348 videoQuota: 42000000
0e1dc3e7 349 }
c0e8b12e 350 await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7
C		 351 })
352 })
353
77a5501f 354 describe('When updating my account', function () {
7926c5f9 355
77a5501f
C		 356 it('Should fail with an invalid email attribute', async function () {
357 const fields = {
358 email: 'blabla'
359 }
0e1dc3e7 360
77a5501f 361 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 362 })
363
364 it('Should fail with a too small password', async function () {
365 const fields = {
7926c5f9 366 currentPassword: 'password',
0e1dc3e7
C		 367 password: 'bla'
368 }
369
7926c5f9 370 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
0e1dc3e7
C		 371 })
372
373 it('Should fail with a too long password', async function () {
374 const fields = {
7926c5f9 375 currentPassword: 'password',
26d21b78 376 password: 'super'.repeat(61)
0e1dc3e7
C		 377 }
378
7926c5f9 379 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
0e1dc3e7
C		 380 })
381
a890d1e0
C		 382 it('Should fail without the current password', async function () {
383 const fields = {
7926c5f9 384 currentPassword: 'password',
a890d1e0
C		 385 password: 'super'.repeat(61)
386 }
387
7926c5f9 388 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
a890d1e0
C		 389 })
390
391 it('Should fail with an invalid current password', async function () {
392 const fields = {
393 currentPassword: 'my super password fail',
394 password: 'super'.repeat(61)
395 }
396
2d53be02
RK		 397 await makePutBodyRequest({
398 url: server.url,
399 path: path + 'me',
7926c5f9 400 token: userToken,
2d53be02 401 fields,
c0e8b12e 402 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02 403 })
a890d1e0
C		 404 })
405
0883b324 406 it('Should fail with an invalid NSFW policy attribute', async function () {
0e1dc3e7 407 const fields = {
0883b324 408 nsfwPolicy: 'hello'
0e1dc3e7
C		 409 }
410
7926c5f9 411 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
0e1dc3e7
C		 412 })
413
7efe153b
AL		 414 it('Should fail with an invalid autoPlayVideo attribute', async function () {
415 const fields = {
416 autoPlayVideo: -1
417 }
418
7926c5f9 419 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
7efe153b
AL		 420 })
421
6aa54148
L		 422 it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
423 const fields = {
424 autoPlayNextVideo: -1
425 }
426
7926c5f9 427 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
6aa54148
L		 428 })
429
8b9a525a
C		 430 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
431 const fields = {
432 videosHistoryEnabled: -1
433 }
434
7926c5f9 435 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
8b9a525a
C		 436 })
437
0e1dc3e7
C		 438 it('Should fail with an non authenticated user', async function () {
439 const fields = {
7926c5f9 440 currentPassword: 'password',
0e1dc3e7
C		 441 password: 'my super password'
442 }
443
2d53be02
RK		 444 await makePutBodyRequest({
445 url: server.url,
446 path: path + 'me',
447 token: 'super token',
448 fields,
c0e8b12e 449 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02 450 })
0e1dc3e7
C		 451 })
452
2422c46b
C		 453 it('Should fail with a too long description', async function () {
454 const fields = {
d23e6a1c 455 description: 'super'.repeat(201)
2422c46b
C		 456 }
457
7926c5f9 458 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
2422c46b
C		 459 })
460
3caf77d3
C		 461 it('Should fail with an invalid videoLanguages attribute', async function () {
462 {
463 const fields = {
464 videoLanguages: 'toto'
465 }
466
7926c5f9 467 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
3caf77d3
C		 468 }
469
470 {
471 const languages = []
472 for (let i = 0; i < 1000; i++) {
473 languages.push('fr')
474 }
475
476 const fields = {
477 videoLanguages: languages
478 }
479
7926c5f9 480 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
3caf77d3
C		 481 }
482 })
483
9b474844
C		 484 it('Should fail with an invalid theme', async function () {
485 const fields = { theme: 'invalid' }
7926c5f9 486 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
9b474844
C		 487 })
488
489 it('Should fail with an unknown theme', async function () {
490 const fields = { theme: 'peertube-theme-unknown' }
7926c5f9 491 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
9b474844
C		 492 })
493
8f581725
C		 494 it('Should fail with invalid no modal attributes', async function () {
495 const keys = [
496 'noInstanceConfigWarningModal',
497 'noAccountSetupWarningModal',
498 'noWelcomeModal'
499 ]
500
501 for (const key of keys) {
502 const fields = {
503 [key]: -1
504 }
43d0ea7f 505
8f581725 506 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
43d0ea7f 507 }
43d0ea7f
C		 508 })
509
a890d1e0 510 it('Should succeed to change password with the correct params', async function () {
0e1dc3e7 511 const fields = {
7926c5f9 512 currentPassword: 'password',
0e1dc3e7 513 password: 'my super password',
0883b324 514 nsfwPolicy: 'blur',
7efe153b 515 autoPlayVideo: false,
9b474844 516 email: 'super_email@example.com',
43d0ea7f
C		 517 theme: 'default',
518 noInstanceConfigWarningModal: true,
8f581725
C		 519 noWelcomeModal: true,
520 noAccountSetupWarningModal: true
0e1dc3e7
C		 521 }
522
2d53be02
RK		 523 await makePutBodyRequest({
524 url: server.url,
525 path: path + 'me',
7926c5f9 526 token: userToken,
2d53be02 527 fields,
c0e8b12e 528 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 529 })
77a5501f 530 })
a890d1e0
C		 531
532 it('Should succeed without password change with the correct params', async function () {
533 const fields = {
534 nsfwPolicy: 'blur',
5efab546 535 autoPlayVideo: false
a890d1e0
C		 536 }
537
2d53be02
RK		 538 await makePutBodyRequest({
539 url: server.url,
540 path: path + 'me',
7926c5f9 541 token: userToken,
2d53be02 542 fields,
c0e8b12e 543 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 544 })
a890d1e0 545 })
77a5501f
C		 546 })
547
c5911fd3
C		 548 describe('When updating my avatar', function () {
549 it('Should fail without an incorrect input file', async function () {
550 const fields = {}
551 const attaches = {
3d470a53 552 avatarfile: buildAbsoluteFixturePath('video_short.mp4')
c5911fd3 553 }
ac81d1a0 554 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
c5911fd3
C		 555 })
556
01de67b9
C		 557 it('Should fail with a big file', async function () {
558 const fields = {}
559 const attaches = {
3d470a53 560 avatarfile: buildAbsoluteFixturePath('avatar-big.png')
01de67b9 561 }
ac81d1a0 562 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
01de67b9
C		 563 })
564
4bbfc6c6
C		 565 it('Should fail with an unauthenticated user', async function () {
566 const fields = {}
567 const attaches = {
3d470a53 568 avatarfile: buildAbsoluteFixturePath('avatar.png')
4bbfc6c6
C		 569 }
570 await makeUploadRequest({
571 url: server.url,
572 path: path + '/me/avatar/pick',
573 fields,
574 attaches,
c0e8b12e 575 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
4bbfc6c6
C		 576 })
577 })
578
c5911fd3
C		 579 it('Should succeed with the correct params', async function () {
580 const fields = {}
581 const attaches = {
3d470a53 582 avatarfile: buildAbsoluteFixturePath('avatar.png')
c5911fd3 583 }
ac81d1a0 584 await makeUploadRequest({
47564bbe
C		 585 url: server.url,
586 path: path + '/me/avatar/pick',
587 token: server.accessToken,
588 fields,
589 attaches,
c0e8b12e 590 expectedStatus: HttpStatusCode.OK_200
47564bbe 591 })
c5911fd3
C		 592 })
593 })
594
18490b07
C		 595 describe('When managing my scoped tokens', function () {
596
597 it('Should fail to get my scoped tokens with an non authenticated user', async function () {
89d241a7 598 await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 599 })
600
601 it('Should fail to get my scoped tokens with a bad token', async function () {
89d241a7 602 await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 603
604 })
605
606 it('Should succeed to get my scoped tokens', async function () {
89d241a7 607 await server.users.getMyScopedTokens()
18490b07
C		 608 })
609
610 it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
89d241a7 611 await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 612 })
613
614 it('Should fail to renew my scoped tokens with a bad token', async function () {
89d241a7 615 await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 616 })
617
618 it('Should succeed to renew my scoped tokens', async function () {
89d241a7 619 await server.users.renewMyScopedTokens()
18490b07
C		 620 })
621 })
622
94ff4c23 623 describe('When getting a user', function () {
94ff4c23
C		 624
625 it('Should fail with an non authenticated user', async function () {
2d53be02
RK		 626 await makeGetRequest({
627 url: server.url,
628 path: path + userId,
629 token: 'super token',
c0e8b12e 630 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02 631 })
94ff4c23
C		 632 })
633
634 it('Should fail with a non admin user', async function () {
c0e8b12e 635 await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
94ff4c23
C		 636 })
637
638 it('Should succeed with the correct params', async function () {
c0e8b12e 639 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
94ff4c23
C		 640 })
641 })
642
77a5501f
C		 643 describe('When updating a user', function () {
644
77a5501f
C		 645 it('Should fail with an invalid email attribute', async function () {
646 const fields = {
647 email: 'blabla'
648 }
649
650 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
651 })
652
fc2ec87a
JM		 653 it('Should fail with an invalid emailVerified attribute', async function () {
654 const fields = {
655 emailVerified: 'yes'
656 }
657
658 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
659 })
660
77a5501f
C		 661 it('Should fail with an invalid videoQuota attribute', async function () {
662 const fields = {
663 videoQuota: -90
664 }
665
666 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
667 })
668
757f0da3
C		 669 it('Should fail with an invalid user role attribute', async function () {
670 const fields = {
671 role: 54878
672 }
673
674 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
675 })
676
b426edd4
C		 677 it('Should fail with a too small password', async function () {
678 const fields = {
7926c5f9 679 currentPassword: 'password',
b426edd4
C		 680 password: 'bla'
681 }
682
683 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
684 })
685
686 it('Should fail with a too long password', async function () {
687 const fields = {
7926c5f9 688 currentPassword: 'password',
b426edd4
C		 689 password: 'super'.repeat(61)
690 }
691
692 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
693 })
694
77a5501f
C		 695 it('Should fail with an non authenticated user', async function () {
696 const fields = {
697 videoQuota: 42
698 }
699
2d53be02
RK		 700 await makePutBodyRequest({
701 url: server.url,
702 path: path + userId,
703 token: 'super token',
704 fields,
c0e8b12e 705 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02 706 })
77a5501f
C		 707 })
708
f8b8c36b
C		 709 it('Should fail when updating root role', async function () {
710 const fields = {
711 role: UserRole.MODERATOR
712 }
713
714 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
1eddc9a7
C		 715 })
716
717 it('Should fail with invalid admin flags', async function () {
718 const fields = { adminFlags: 'toto' }
719
a95a4cc8
C		 720 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
721 })
722
723 it('Should fail to update an admin with a moderator', async function () {
724 const fields = {
725 videoQuota: 42
726 }
727
728 await makePutBodyRequest({
729 url: server.url,
730 path: path + moderatorId,
7926c5f9 731 token: moderatorToken,
a95a4cc8 732 fields,
c0e8b12e 733 expectedStatus: HttpStatusCode.FORBIDDEN_403
a95a4cc8
C		 734 })
735 })
736
737 it('Should succeed to update a user with a moderator', async function () {
738 const fields = {
739 videoQuota: 42
740 }
741
742 await makePutBodyRequest({
743 url: server.url,
744 path: path + userId,
7926c5f9 745 token: moderatorToken,
a95a4cc8 746 fields,
c0e8b12e 747 expectedStatus: HttpStatusCode.NO_CONTENT_204
a95a4cc8 748 })
f8b8c36b
C		 749 })
750
77a5501f
C		 751 it('Should succeed with the correct params', async function () {
752 const fields = {
753 email: 'email@example.com',
fc2ec87a 754 emailVerified: true,
757f0da3 755 videoQuota: 42,
2f1548fd 756 role: UserRole.USER
77a5501f
C		 757 }
758
2d53be02
RK		 759 await makePutBodyRequest({
760 url: server.url,
761 path: path + userId,
762 token: server.accessToken,
763 fields,
c0e8b12e 764 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 765 })
0e1dc3e7
C		 766 })
767 })
768
769 describe('When getting my information', function () {
770 it('Should fail with a non authenticated user', async function () {
89d241a7 771 await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
0e1dc3e7
C		 772 })
773
774 it('Should success with the correct parameters', async function () {
89d241a7 775 await server.users.getMyInfo({ token: userToken })
0e1dc3e7
C		 776 })
777 })
778
779 describe('When getting my video rating', function () {
7926c5f9
C		 780 let command: UsersCommand
781
782 before(function () {
89d241a7 783 command = server.users
7926c5f9
C		 784 })
785
0e1dc3e7 786 it('Should fail with a non authenticated user', async function () {
7926c5f9 787 await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
0e1dc3e7
C		 788 })
789
790 it('Should fail with an incorrect video uuid', async function () {
7926c5f9 791 await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
0e1dc3e7
C		 792 })
793
794 it('Should fail with an unknown video', async function () {
7926c5f9 795 await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 })
0e1dc3e7
C		 796 })
797
26d21b78 798 it('Should succeed with the correct parameters', async function () {
7926c5f9
C		 799 await command.getMyRating({ videoId: video.id })
800 await command.getMyRating({ videoId: video.uuid })
801 await command.getMyRating({ videoId: video.shortUUID })
0e1dc3e7
C		 802 })
803 })
804
22834691
C		 805 describe('When retrieving my global ratings', function () {
806 const path = '/api/v1/accounts/user1/ratings'
807
808 it('Should fail with a bad start pagination', async function () {
7926c5f9 809 await checkBadStartPagination(server.url, path, userToken)
22834691
C		 810 })
811
812 it('Should fail with a bad count pagination', async function () {
7926c5f9 813 await checkBadCountPagination(server.url, path, userToken)
22834691
C		 814 })
815
816 it('Should fail with an incorrect sort', async function () {
7926c5f9 817 await checkBadSortPagination(server.url, path, userToken)
22834691
C		 818 })
819
820 it('Should fail with a unauthenticated user', async function () {
c0e8b12e 821 await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
22834691
C		 822 })
823
824 it('Should fail with a another user', async function () {
c0e8b12e 825 await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
22834691
C		 826 })
827
828 it('Should fail with a bad type', async function () {
2d53be02
RK		 829 await makeGetRequest({
830 url: server.url,
831 path,
7926c5f9 832 token: userToken,
2d53be02 833 query: { rating: 'toto ' },
c0e8b12e 834 expectedStatus: HttpStatusCode.BAD_REQUEST_400
2d53be02 835 })
22834691
C		 836 })
837
838 it('Should succeed with the correct params', async function () {
c0e8b12e 839 await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 })
22834691
C		 840 })
841 })
842
e6921918 843 describe('When blocking/unblocking/removing user', function () {
7926c5f9 844
0e1dc3e7 845 it('Should fail with an incorrect id', async function () {
7926c5f9
C		 846 const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
847
89d241a7
C		 848 await server.users.remove(options)
849 await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
850 await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
0e1dc3e7
C		 851 })
852
853 it('Should fail with the root user', async function () {
7926c5f9
C		 854 const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
855
89d241a7
C		 856 await server.users.remove(options)
857 await server.users.banUser(options)
858 await server.users.unbanUser(options)
0e1dc3e7
C		 859 })
860
861 it('Should return 404 with a non existing id', async function () {
7926c5f9
C		 862 const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 }
863
89d241a7
C		 864 await server.users.remove(options)
865 await server.users.banUser(options)
866 await server.users.unbanUser(options)
e6921918
C		 867 })
868
869 it('Should fail with a non admin user', async function () {
7926c5f9
C		 870 const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
871
89d241a7
C		 872 await server.users.remove(options)
873 await server.users.banUser(options)
874 await server.users.unbanUser(options)
0e1dc3e7 875 })
a95a4cc8
C		 876
877 it('Should fail on a moderator with a moderator', async function () {
7926c5f9
C		 878 const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
879
89d241a7
C		 880 await server.users.remove(options)
881 await server.users.banUser(options)
882 await server.users.unbanUser(options)
a95a4cc8
C		 883 })
884
885 it('Should succeed on a user with a moderator', async function () {
7926c5f9
C		 886 const options = { userId, token: moderatorToken }
887
89d241a7
C		 888 await server.users.banUser(options)
889 await server.users.unbanUser(options)
a95a4cc8 890 })
0e1dc3e7
C		 891 })
892
92b9d60c
C		 893 describe('When deleting our account', function () {
894 it('Should fail with with the root account', async function () {
89d241a7 895 await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
92b9d60c
C		 896 })
897 })
898
e590b4a5 899 describe('When registering a new user', function () {
0e1dc3e7 900 const registrationPath = path + '/register'
26d21b78
C		 901 const baseCorrectParams = {
902 username: 'user3',
1f20622f 903 displayName: 'super user',
26d21b78
C		 904 email: 'test3@example.com',
905 password: 'my super password'
906 }
0e1dc3e7
C		 907
908 it('Should fail with a too small username', async function () {
6c5065a0 909 const fields = { ...baseCorrectParams, username: '' }
0e1dc3e7
C		 910
911 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
912 })
913
914 it('Should fail with a too long username', async function () {
6c5065a0 915 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
0e1dc3e7
C		 916
917 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
918 })
919
920 it('Should fail with an incorrect username', async function () {
6c5065a0 921 const fields = { ...baseCorrectParams, username: 'my username' }
0e1dc3e7
C		 922
923 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
924 })
925
926 it('Should fail with a missing email', async function () {
26d21b78 927 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 928
929 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
930 })
931
932 it('Should fail with an invalid email', async function () {
6c5065a0 933 const fields = { ...baseCorrectParams, email: 'test_example.com' }
0e1dc3e7
C		 934
935 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
936 })
937
938 it('Should fail with a too small password', async function () {
6c5065a0 939 const fields = { ...baseCorrectParams, password: 'bla' }
0e1dc3e7
C		 940
941 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
942 })
943
944 it('Should fail with a too long password', async function () {
6c5065a0 945 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
0e1dc3e7
C		 946
947 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
948 })
949
950 it('Should fail if we register a user with the same username', async function () {
6c5065a0 951 const fields = { ...baseCorrectParams, username: 'root' }
0e1dc3e7 952
26d21b78
C		 953 await makePostBodyRequest({
954 url: server.url,
955 path: registrationPath,
956 token: server.accessToken,
957 fields,
c0e8b12e 958 expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78 959 })
0e1dc3e7
C		 960 })
961
2ef6a063 962 it('Should fail with a "peertube" username', async function () {
6c5065a0 963 const fields = { ...baseCorrectParams, username: 'peertube' }
2ef6a063
C		 964
965 await makePostBodyRequest({
966 url: server.url,
967 path: registrationPath,
968 token: server.accessToken,
969 fields,
c0e8b12e 970 expectedStatus: HttpStatusCode.CONFLICT_409
2ef6a063
C		 971 })
972 })
973
0e1dc3e7 974 it('Should fail if we register a user with the same email', async function () {
6c5065a0 975 const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
0e1dc3e7 976
26d21b78
C		 977 await makePostBodyRequest({
978 url: server.url,
979 path: registrationPath,
980 token: server.accessToken,
981 fields,
c0e8b12e 982 expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78 983 })
0e1dc3e7
C		 984 })
985
1f20622f 986 it('Should fail with a bad display name', async function () {
6c5065a0 987 const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
1f20622f
C		 988
989 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
990 })
991
e590b4a5 992 it('Should fail with a bad channel name', async function () {
6c5065a0 993 const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
e590b4a5
C		 994
995 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
996 })
997
998 it('Should fail with a bad channel display name', async function () {
6c5065a0 999 const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
e590b4a5
C		 1000
1001 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1002 })
1003
32d7f2b7 1004 it('Should fail with a channel name that is the same as username', async function () {
1d5342ab 1005 const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
6c5065a0 1006 const fields = { ...baseCorrectParams, ...source }
1d5342ab
C		 1007
1008 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1009 })
1010
e590b4a5 1011 it('Should fail with an existing channel', async function () {
a5461888 1012 const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
89d241a7 1013 await server.channels.create({ attributes })
e590b4a5 1014
6c5065a0 1015 const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
e590b4a5 1016
2d53be02
RK		 1017 await makePostBodyRequest({
1018 url: server.url,
1019 path: registrationPath,
1020 token: server.accessToken,
1021 fields,
c0e8b12e 1022 expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02 1023 })
e590b4a5
C		 1024 })
1025
0e1dc3e7 1026 it('Should succeed with the correct params', async function () {
6c5065a0 1027 const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
e590b4a5 1028
26d21b78
C		 1029 await makePostBodyRequest({
1030 url: server.url,
1031 path: registrationPath,
1032 token: server.accessToken,
e590b4a5 1033 fields: fields,
c0e8b12e 1034 expectedStatus: HttpStatusCode.NO_CONTENT_204
26d21b78 1035 })
0e1dc3e7
C		 1036 })
1037
1038 it('Should fail on a server with registration disabled', async function () {
1039 const fields = {
1040 username: 'user4',
1041 email: 'test4@example.com',
1042 password: 'my super password 4'
1043 }
1044
1045 await makePostBodyRequest({
1046 url: serverWithRegistrationDisabled.url,
1047 path: registrationPath,
1048 token: serverWithRegistrationDisabled.accessToken,
1049 fields,
c0e8b12e 1050 expectedStatus: HttpStatusCode.FORBIDDEN_403
0e1dc3e7
C		 1051 })
1052 })
1053 })
1054
1055 describe('When registering multiple users on a server with users limit', function () {
1056 it('Should fail when after 3 registrations', async function () {
89d241a7 1057 await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7
C		 1058 })
1059 })
1060
f076daa7
C		 1061 describe('When asking a password reset', function () {
1062 const path = '/api/v1/users/ask-reset-password'
1063
1064 it('Should fail with a missing email', async function () {
1065 const fields = {}
1066
1067 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1068 })
1069
1070 it('Should fail with an invalid email', async function () {
1071 const fields = { email: 'hello' }
1072
1073 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1074 })
1075
1076 it('Should success with the correct params', async function () {
1077 const fields = { email: 'admin@example.com' }
1078
2d53be02
RK		 1079 await makePostBodyRequest({
1080 url: server.url,
1081 path,
1082 token: server.accessToken,
1083 fields,
c0e8b12e 1084 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 1085 })
f076daa7
C		 1086 })
1087 })
1088
d9eaee39
JM		 1089 describe('When asking for an account verification email', function () {
1090 const path = '/api/v1/users/ask-send-verify-email'
1091
1092 it('Should fail with a missing email', async function () {
1093 const fields = {}
1094
1095 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1096 })
1097
1098 it('Should fail with an invalid email', async function () {
1099 const fields = { email: 'hello' }
1100
1101 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1102 })
1103
1104 it('Should succeed with the correct params', async function () {
1105 const fields = { email: 'admin@example.com' }
1106
2d53be02
RK		 1107 await makePostBodyRequest({
1108 url: server.url,
1109 path,
1110 token: server.accessToken,
1111 fields,
c0e8b12e 1112 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 1113 })
d9eaee39
JM		 1114 })
1115 })
1116
7c3b7976 1117 after(async function () {
45f1bd72
JL		 1118 MockSmtpServer.Instance.kill()
1119
7c3b7976 1120 await cleanupTests([ server, serverWithRegistrationDisabled ])
0e1dc3e7
C		 1121 })
1122})
ActivityPub-federated video streaming platform using P2P directly in your web browser