[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
import { MockSmtpServer } from '@server/tests/shared'
import { omit } from '@shared/core-utils'
import { HttpStatusCode, UserRole } from '@shared/models'
import { cleanupTests, createSingleServer, makePostBodyRequest, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'

describe('Test users API validators', function () {
  const path = '/api/v1/users/'
  let server: PeerTubeServer
  let serverWithRegistrationDisabled: PeerTubeServer

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(30000)

    const res = await Promise.all([
      createSingleServer(1, { signup: { limit: 3 } }),
      createSingleServer(2)
    ])

    server = res[0]
    serverWithRegistrationDisabled = res[1]

    await setAccessTokensToServers([ server ])

    await server.users.generate('moderator2', UserRole.MODERATOR)
  })

  describe('When registering a new user', function () {
    const registrationPath = path + '/register'
    const baseCorrectParams = {
      username: 'user3',
      displayName: 'super user',
      email: 'test3@example.com',
      password: 'my super password'
    }

    it('Should fail with a too small username', async function () {
      const fields = { ...baseCorrectParams, username: '' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long username', async function () {
      const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect username', async function () {
      const fields = { ...baseCorrectParams, username: 'my username' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a missing email', async function () {
      const fields = omit(baseCorrectParams, [ 'email' ])

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { ...baseCorrectParams, email: 'test_example.com' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too small password', async function () {
      const fields = { ...baseCorrectParams, password: 'bla' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long password', async function () {
      const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail if we register a user with the same username', async function () {
      const fields = { ...baseCorrectParams, username: 'root' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail with a "peertube" username', async function () {
      const fields = { ...baseCorrectParams, username: 'peertube' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail if we register a user with the same email', async function () {
      const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail with a bad display name', async function () {
      const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a bad channel name', async function () {
      const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a bad channel display name', async function () {
      const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a channel name that is the same as username', async function () {
      const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
      const fields = { ...baseCorrectParams, ...source }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an existing channel', async function () {
      const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
      await server.channels.create({ attributes })

      const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should succeed with the correct params', async function () {
      const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })

    it('Should fail on a server with registration disabled', async function () {
      const fields = {
        username: 'user4',
        email: 'test4@example.com',
        password: 'my super password 4'
      }

      await makePostBodyRequest({
        url: serverWithRegistrationDisabled.url,
        path: registrationPath,
        token: serverWithRegistrationDisabled.accessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })
  })

  describe('When registering multiple users on a server with users limit', function () {

    it('Should fail when after 3 registrations', async function () {
      await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

  })

  describe('When asking a password reset', function () {
    const path = '/api/v1/users/ask-reset-password'

    it('Should fail with a missing email', async function () {
      const fields = {}

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { email: 'hello' }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should success with the correct params', async function () {
      const fields = { email: 'admin@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When asking for an account verification email', function () {
    const path = '/api/v1/users/ask-send-verify-email'

    it('Should fail with a missing email', async function () {
      const fields = {}

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { email: 'hello' }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should succeed with the correct params', async function () {
      const fields = { email: 'admin@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  after(async function () {
    MockSmtpServer.Instance.kill()

    await cleanupTests([ server, serverWithRegistrationDisabled ])
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
c55e3d72	2	import { MockSmtpServer } from '@server/tests/shared'
bbd5aa7e	3	import { omit } from '@shared/core-utils'
906f46d0	4	import { HttpStatusCode, UserRole } from '@shared/models'
c55e3d72	5	import { cleanupTests, createSingleServer, makePostBodyRequest, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
0e1dc3e7 C	6
	7	describe('Test users API validators', function () {
	8	const path = '/api/v1/users/'
254d3579 C	9	let server: PeerTubeServer
254d3579 C	10	let serverWithRegistrationDisabled: PeerTubeServer
0e1dc3e7 C	11
	12	// ---------------------------------------------------------------
	13
	14	before(async function () {
e212f887	15	this.timeout(30000)
0e1dc3e7	16
906f46d0 C	17	const res = await Promise.all([
	18	createSingleServer(1, { signup: { limit: 3 } }),
	19	createSingleServer(2)
	20	])
45f1bd72	21
906f46d0 C	22	server = res[0]
906f46d0 C	23	serverWithRegistrationDisabled = res[1]
45f1bd72	24
906f46d0	25	await setAccessTokensToServers([ server ])
0e1dc3e7	26
906f46d0	27	await server.users.generate('moderator2', UserRole.MODERATOR)
92b9d60c C	28	})
92b9d60c C	29
e590b4a5	30	describe('When registering a new user', function () {
0e1dc3e7	31	const registrationPath = path + '/register'
26d21b78 C	32	const baseCorrectParams = {
26d21b78 C	33	username: 'user3',
1f20622f	34	displayName: 'super user',
26d21b78 C	35	email: 'test3@example.com',
	36	password: 'my super password'
	37	}
0e1dc3e7 C	38
0e1dc3e7 C	39	it('Should fail with a too small username', async function () {
6c5065a0	40	const fields = { ...baseCorrectParams, username: '' }
0e1dc3e7 C	41
	42	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	43	})
	44
	45	it('Should fail with a too long username', async function () {
6c5065a0	46	const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
0e1dc3e7 C	47
	48	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	49	})
	50
	51	it('Should fail with an incorrect username', async function () {
6c5065a0	52	const fields = { ...baseCorrectParams, username: 'my username' }
0e1dc3e7 C	53
	54	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	55	})
	56
	57	it('Should fail with a missing email', async function () {
bbd5aa7e	58	const fields = omit(baseCorrectParams, [ 'email' ])
0e1dc3e7 C	59
	60	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	61	})
	62
	63	it('Should fail with an invalid email', async function () {
6c5065a0	64	const fields = { ...baseCorrectParams, email: 'test_example.com' }
0e1dc3e7 C	65
	66	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	67	})
	68
	69	it('Should fail with a too small password', async function () {
6c5065a0	70	const fields = { ...baseCorrectParams, password: 'bla' }
0e1dc3e7 C	71
	72	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	73	})
	74
	75	it('Should fail with a too long password', async function () {
6c5065a0	76	const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
0e1dc3e7 C	77
	78	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	79	})
	80
	81	it('Should fail if we register a user with the same username', async function () {
6c5065a0	82	const fields = { ...baseCorrectParams, username: 'root' }
0e1dc3e7	83
26d21b78 C	84	await makePostBodyRequest({
	85	url: server.url,
	86	path: registrationPath,
	87	token: server.accessToken,
	88	fields,
c0e8b12e	89	expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78	90	})
0e1dc3e7 C	91	})
0e1dc3e7 C	92
2ef6a063	93	it('Should fail with a "peertube" username', async function () {
6c5065a0	94	const fields = { ...baseCorrectParams, username: 'peertube' }
2ef6a063 C	95
	96	await makePostBodyRequest({
	97	url: server.url,
	98	path: registrationPath,
	99	token: server.accessToken,
	100	fields,
c0e8b12e	101	expectedStatus: HttpStatusCode.CONFLICT_409
2ef6a063 C	102	})
	103	})
	104
0e1dc3e7	105	it('Should fail if we register a user with the same email', async function () {
6c5065a0	106	const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
0e1dc3e7	107
26d21b78 C	108	await makePostBodyRequest({
	109	url: server.url,
	110	path: registrationPath,
	111	token: server.accessToken,
	112	fields,
c0e8b12e	113	expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78	114	})
0e1dc3e7 C	115	})
0e1dc3e7 C	116
1f20622f	117	it('Should fail with a bad display name', async function () {
6c5065a0	118	const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
1f20622f C	119
	120	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	121	})
	122
e590b4a5	123	it('Should fail with a bad channel name', async function () {
6c5065a0	124	const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
e590b4a5 C	125
	126	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	127	})
	128
	129	it('Should fail with a bad channel display name', async function () {
6c5065a0	130	const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
e590b4a5 C	131
	132	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	133	})
	134
32d7f2b7	135	it('Should fail with a channel name that is the same as username', async function () {
1d5342ab	136	const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
6c5065a0	137	const fields = { ...baseCorrectParams, ...source }
1d5342ab C	138
	139	await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
	140	})
	141
e590b4a5	142	it('Should fail with an existing channel', async function () {
a5461888	143	const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
89d241a7	144	await server.channels.create({ attributes })
e590b4a5	145
6c5065a0	146	const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
e590b4a5	147
2d53be02 RK	148	await makePostBodyRequest({
	149	url: server.url,
	150	path: registrationPath,
	151	token: server.accessToken,
	152	fields,
c0e8b12e	153	expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02	154	})
e590b4a5 C	155	})
e590b4a5 C	156
0e1dc3e7	157	it('Should succeed with the correct params', async function () {
6c5065a0	158	const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
e590b4a5	159
26d21b78 C	160	await makePostBodyRequest({
	161	url: server.url,
	162	path: registrationPath,
	163	token: server.accessToken,
ba2684ce	164	fields,
c0e8b12e	165	expectedStatus: HttpStatusCode.NO_CONTENT_204
26d21b78	166	})
0e1dc3e7 C	167	})
	168
	169	it('Should fail on a server with registration disabled', async function () {
	170	const fields = {
	171	username: 'user4',
	172	email: 'test4@example.com',
	173	password: 'my super password 4'
	174	}
	175
	176	await makePostBodyRequest({
	177	url: serverWithRegistrationDisabled.url,
	178	path: registrationPath,
	179	token: serverWithRegistrationDisabled.accessToken,
	180	fields,
c0e8b12e	181	expectedStatus: HttpStatusCode.FORBIDDEN_403
0e1dc3e7 C	182	})
	183	})
	184	})
	185
	186	describe('When registering multiple users on a server with users limit', function () {
906f46d0	187
0e1dc3e7	188	it('Should fail when after 3 registrations', async function () {
89d241a7	189	await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7	190	})
906f46d0	191
0e1dc3e7 C	192	})
0e1dc3e7 C	193
f076daa7 C	194	describe('When asking a password reset', function () {
	195	const path = '/api/v1/users/ask-reset-password'
	196
	197	it('Should fail with a missing email', async function () {
	198	const fields = {}
	199
	200	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	201	})
	202
	203	it('Should fail with an invalid email', async function () {
	204	const fields = { email: 'hello' }
	205
	206	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	207	})
	208
	209	it('Should success with the correct params', async function () {
	210	const fields = { email: 'admin@example.com' }
	211
2d53be02 RK	212	await makePostBodyRequest({
	213	url: server.url,
	214	path,
	215	token: server.accessToken,
	216	fields,
c0e8b12e	217	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	218	})
f076daa7 C	219	})
	220	})
	221
d9eaee39 JM	222	describe('When asking for an account verification email', function () {
	223	const path = '/api/v1/users/ask-send-verify-email'
	224
	225	it('Should fail with a missing email', async function () {
	226	const fields = {}
	227
	228	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	229	})
	230
	231	it('Should fail with an invalid email', async function () {
	232	const fields = { email: 'hello' }
	233
	234	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	235	})
	236
	237	it('Should succeed with the correct params', async function () {
	238	const fields = { email: 'admin@example.com' }
	239
2d53be02 RK	240	await makePostBodyRequest({
	241	url: server.url,
	242	path,
	243	token: server.accessToken,
	244	fields,
c0e8b12e	245	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	246	})
d9eaee39 JM	247	})
	248	})
	249
7c3b7976	250	after(async function () {
45f1bd72 JL	251	MockSmtpServer.Instance.kill()
45f1bd72 JL	252
7c3b7976	253	await cleanupTests([ server, serverWithRegistrationDisabled ])
0e1dc3e7 C	254	})
0e1dc3e7 C	255	})