[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import { omit } from 'lodash'
import {
  cleanupTests,
  createSingleServer,
  makePostBodyRequest,
  MockSmtpServer,
  PeerTubeServer,
  setAccessTokensToServers
} from '@shared/extra-utils'
import { HttpStatusCode, UserRole } from '@shared/models'

describe('Test users API validators', function () {
  const path = '/api/v1/users/'
  let server: PeerTubeServer
  let serverWithRegistrationDisabled: PeerTubeServer

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(30000)

    const res = await Promise.all([
      createSingleServer(1, { signup: { limit: 3 } }),
      createSingleServer(2)
    ])

    server = res[0]
    serverWithRegistrationDisabled = res[1]

    await setAccessTokensToServers([ server ])

    await server.users.generate('moderator2', UserRole.MODERATOR)
  })

  describe('When registering a new user', function () {
    const registrationPath = path + '/register'
    const baseCorrectParams = {
      username: 'user3',
      displayName: 'super user',
      email: 'test3@example.com',
      password: 'my super password'
    }

    it('Should fail with a too small username', async function () {
      const fields = { ...baseCorrectParams, username: '' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long username', async function () {
      const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect username', async function () {
      const fields = { ...baseCorrectParams, username: 'my username' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a missing email', async function () {
      const fields = omit(baseCorrectParams, 'email')

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { ...baseCorrectParams, email: 'test_example.com' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too small password', async function () {
      const fields = { ...baseCorrectParams, password: 'bla' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long password', async function () {
      const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail if we register a user with the same username', async function () {
      const fields = { ...baseCorrectParams, username: 'root' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail with a "peertube" username', async function () {
      const fields = { ...baseCorrectParams, username: 'peertube' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail if we register a user with the same email', async function () {
      const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail with a bad display name', async function () {
      const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a bad channel name', async function () {
      const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a bad channel display name', async function () {
      const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a channel name that is the same as username', async function () {
      const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
      const fields = { ...baseCorrectParams, ...source }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an existing channel', async function () {
      const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
      await server.channels.create({ attributes })

      const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should succeed with the correct params', async function () {
      const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields: fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })

    it('Should fail on a server with registration disabled', async function () {
      const fields = {
        username: 'user4',
        email: 'test4@example.com',
        password: 'my super password 4'
      }

      await makePostBodyRequest({
        url: serverWithRegistrationDisabled.url,
        path: registrationPath,
        token: serverWithRegistrationDisabled.accessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })
  })

  describe('When registering multiple users on a server with users limit', function () {

    it('Should fail when after 3 registrations', async function () {
      await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

  })

  describe('When asking a password reset', function () {
    const path = '/api/v1/users/ask-reset-password'

    it('Should fail with a missing email', async function () {
      const fields = {}

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { email: 'hello' }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should success with the correct params', async function () {
      const fields = { email: 'admin@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When asking for an account verification email', function () {
    const path = '/api/v1/users/ask-send-verify-email'

    it('Should fail with a missing email', async function () {
      const fields = {}

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { email: 'hello' }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should succeed with the correct params', async function () {
      const fields = { email: 'admin@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  after(async function () {
    MockSmtpServer.Instance.kill()

    await cleanupTests([ server, serverWithRegistrationDisabled ])
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
0e1dc3e7	2
0e1dc3e7	3	import 'mocha'
b488ba1e	4	import { omit } from 'lodash'
0e1dc3e7	5	import {
7c3b7976	6	cleanupTests,
254d3579	7	createSingleServer,
42e1ec25	8	makePostBodyRequest,
d23dd9fb	9	MockSmtpServer,
254d3579	10	PeerTubeServer,
906f46d0	11	setAccessTokensToServers
d23dd9fb	12	} from '@shared/extra-utils'
906f46d0	13	import { HttpStatusCode, UserRole } from '@shared/models'
0e1dc3e7 C	14
	15	describe('Test users API validators', function () {
	16	const path = '/api/v1/users/'
254d3579 C	17	let server: PeerTubeServer
254d3579 C	18	let serverWithRegistrationDisabled: PeerTubeServer
0e1dc3e7 C	19
	20	// ---------------------------------------------------------------
	21
	22	before(async function () {
e212f887	23	this.timeout(30000)
0e1dc3e7	24
906f46d0 C	25	const res = await Promise.all([
	26	createSingleServer(1, { signup: { limit: 3 } }),
	27	createSingleServer(2)
	28	])
45f1bd72	29
906f46d0 C	30	server = res[0]
906f46d0 C	31	serverWithRegistrationDisabled = res[1]
45f1bd72	32
906f46d0	33	await setAccessTokensToServers([ server ])
0e1dc3e7	34
906f46d0	35	await server.users.generate('moderator2', UserRole.MODERATOR)
92b9d60c C	36	})
92b9d60c C	37
e590b4a5	38	describe('When registering a new user', function () {
0e1dc3e7	39	const registrationPath = path + '/register'
26d21b78 C	40	const baseCorrectParams = {
26d21b78 C	41	username: 'user3',
1f20622f	42	displayName: 'super user',
26d21b78 C	43	email: 'test3@example.com',
	44	password: 'my super password'
	45	}
0e1dc3e7 C	46
0e1dc3e7 C	47	it('Should fail with a too small username', async function () {
6c5065a0	48	const fields = { ...baseCorrectParams, username: '' }
0e1dc3e7 C	49
	50	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	51	})
	52
	53	it('Should fail with a too long username', async function () {
6c5065a0	54	const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
0e1dc3e7 C	55
	56	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	57	})
	58
	59	it('Should fail with an incorrect username', async function () {
6c5065a0	60	const fields = { ...baseCorrectParams, username: 'my username' }
0e1dc3e7 C	61
	62	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	63	})
	64
	65	it('Should fail with a missing email', async function () {
26d21b78	66	const fields = omit(baseCorrectParams, 'email')
0e1dc3e7 C	67
	68	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	69	})
	70
	71	it('Should fail with an invalid email', async function () {
6c5065a0	72	const fields = { ...baseCorrectParams, email: 'test_example.com' }
0e1dc3e7 C	73
	74	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	75	})
	76
	77	it('Should fail with a too small password', async function () {
6c5065a0	78	const fields = { ...baseCorrectParams, password: 'bla' }
0e1dc3e7 C	79
	80	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	81	})
	82
	83	it('Should fail with a too long password', async function () {
6c5065a0	84	const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
0e1dc3e7 C	85
	86	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	87	})
	88
	89	it('Should fail if we register a user with the same username', async function () {
6c5065a0	90	const fields = { ...baseCorrectParams, username: 'root' }
0e1dc3e7	91
26d21b78 C	92	await makePostBodyRequest({
	93	url: server.url,
	94	path: registrationPath,
	95	token: server.accessToken,
	96	fields,
c0e8b12e	97	expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78	98	})
0e1dc3e7 C	99	})
0e1dc3e7 C	100
2ef6a063	101	it('Should fail with a "peertube" username', async function () {
6c5065a0	102	const fields = { ...baseCorrectParams, username: 'peertube' }
2ef6a063 C	103
	104	await makePostBodyRequest({
	105	url: server.url,
	106	path: registrationPath,
	107	token: server.accessToken,
	108	fields,
c0e8b12e	109	expectedStatus: HttpStatusCode.CONFLICT_409
2ef6a063 C	110	})
	111	})
	112
0e1dc3e7	113	it('Should fail if we register a user with the same email', async function () {
6c5065a0	114	const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
0e1dc3e7	115
26d21b78 C	116	await makePostBodyRequest({
	117	url: server.url,
	118	path: registrationPath,
	119	token: server.accessToken,
	120	fields,
c0e8b12e	121	expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78	122	})
0e1dc3e7 C	123	})
0e1dc3e7 C	124
1f20622f	125	it('Should fail with a bad display name', async function () {
6c5065a0	126	const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
1f20622f C	127
	128	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	129	})
	130
e590b4a5	131	it('Should fail with a bad channel name', async function () {
6c5065a0	132	const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
e590b4a5 C	133
	134	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	135	})
	136
	137	it('Should fail with a bad channel display name', async function () {
6c5065a0	138	const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
e590b4a5 C	139
	140	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	141	})
	142
32d7f2b7	143	it('Should fail with a channel name that is the same as username', async function () {
1d5342ab	144	const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
6c5065a0	145	const fields = { ...baseCorrectParams, ...source }
1d5342ab C	146
	147	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	148	})
	149
e590b4a5	150	it('Should fail with an existing channel', async function () {
a5461888	151	const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
89d241a7	152	await server.channels.create({ attributes })
e590b4a5	153
6c5065a0	154	const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
e590b4a5	155
2d53be02 RK	156	await makePostBodyRequest({
	157	url: server.url,
	158	path: registrationPath,
	159	token: server.accessToken,
	160	fields,
c0e8b12e	161	expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02	162	})
e590b4a5 C	163	})
e590b4a5 C	164
0e1dc3e7	165	it('Should succeed with the correct params', async function () {
6c5065a0	166	const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
e590b4a5	167
26d21b78 C	168	await makePostBodyRequest({
	169	url: server.url,
	170	path: registrationPath,
	171	token: server.accessToken,
e590b4a5	172	fields: fields,
c0e8b12e	173	expectedStatus: HttpStatusCode.NO_CONTENT_204
26d21b78	174	})
0e1dc3e7 C	175	})
	176
	177	it('Should fail on a server with registration disabled', async function () {
	178	const fields = {
	179	username: 'user4',
	180	email: 'test4@example.com',
	181	password: 'my super password 4'
	182	}
	183
	184	await makePostBodyRequest({
	185	url: serverWithRegistrationDisabled.url,
	186	path: registrationPath,
	187	token: serverWithRegistrationDisabled.accessToken,
	188	fields,
c0e8b12e	189	expectedStatus: HttpStatusCode.FORBIDDEN_403
0e1dc3e7 C	190	})
	191	})
	192	})
	193
	194	describe('When registering multiple users on a server with users limit', function () {
906f46d0	195
0e1dc3e7	196	it('Should fail when after 3 registrations', async function () {
89d241a7	197	await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7	198	})
906f46d0	199
0e1dc3e7 C	200	})
0e1dc3e7 C	201
f076daa7 C	202	describe('When asking a password reset', function () {
	203	const path = '/api/v1/users/ask-reset-password'
	204
	205	it('Should fail with a missing email', async function () {
	206	const fields = {}
	207
	208	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	209	})
	210
	211	it('Should fail with an invalid email', async function () {
	212	const fields = { email: 'hello' }
	213
	214	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	215	})
	216
	217	it('Should success with the correct params', async function () {
	218	const fields = { email: 'admin@example.com' }
	219
2d53be02 RK	220	await makePostBodyRequest({
	221	url: server.url,
	222	path,
	223	token: server.accessToken,
	224	fields,
c0e8b12e	225	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	226	})
f076daa7 C	227	})
	228	})
	229
d9eaee39 JM	230	describe('When asking for an account verification email', function () {
	231	const path = '/api/v1/users/ask-send-verify-email'
	232
	233	it('Should fail with a missing email', async function () {
	234	const fields = {}
	235
	236	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	237	})
	238
	239	it('Should fail with an invalid email', async function () {
	240	const fields = { email: 'hello' }
	241
	242	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	243	})
	244
	245	it('Should succeed with the correct params', async function () {
	246	const fields = { email: 'admin@example.com' }
	247
2d53be02 RK	248	await makePostBodyRequest({
	249	url: server.url,
	250	path,
	251	token: server.accessToken,
	252	fields,
c0e8b12e	253	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	254	})
d9eaee39 JM	255	})
	256	})
	257
7c3b7976	258	after(async function () {
45f1bd72 JL	259	MockSmtpServer.Instance.kill()
45f1bd72 JL	260
7c3b7976	261	await cleanupTests([ server, serverWithRegistrationDisabled ])
0e1dc3e7 C	262	})
0e1dc3e7 C	263	})