]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix CLI tools
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
a1587156 1/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
0e1dc3e7 2
0e1dc3e7 3import 'mocha'
b488ba1e 4import { omit } from 'lodash'
d4a8e7a6 5import { User, UserRole, VideoCreateResult } from '../../../../shared'
f6d6e7f8 6import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
0e1dc3e7 7import {
42e1ec25 8 blockUser,
3d470a53 9 buildAbsoluteFixturePath,
7c3b7976 10 cleanupTests,
42e1ec25
C		 11 createUser,
12 deleteMe,
13 flushAndRunServer,
14 getMyUserInformation,
15 getMyUserVideoRating,
18490b07 16 getUserScopedTokens,
42e1ec25
C		 17 getUsersList,
18 immutableAssign,
45f1bd72 19 killallServers,
42e1ec25
C		 20 makeGetRequest,
21 makePostBodyRequest,
22 makePutBodyRequest,
23 makeUploadRequest,
24 registerUser,
25 removeUser,
18490b07 26 renewUserScopedTokens,
45f1bd72 27 reRunServer,
42e1ec25
C		 28 ServerInfo,
29 setAccessTokensToServers,
30 unblockUser,
42e1ec25
C		 31 uploadVideo,
32 userLogin
94565d52 33} from '../../../../shared/extra-utils'
8ef9457f 34import { MockSmtpServer } from '../../../../shared/extra-utils/mock-servers/mock-email'
9639bd17 35import {
36 checkBadCountPagination,
37 checkBadSortPagination,
38 checkBadStartPagination
94565d52 39} from '../../../../shared/extra-utils/requests/check-api-params'
1eddc9a7 40import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
0e1dc3e7
C		 41
42describe('Test users API validators', function () {
43 const path = '/api/v1/users/'
44 let userId: number
45 let rootId: number
a95a4cc8 46 let moderatorId: number
d4a8e7a6 47 let video: VideoCreateResult
0e1dc3e7
C		 48 let server: ServerInfo
49 let serverWithRegistrationDisabled: ServerInfo
50 let userAccessToken = ''
a95a4cc8 51 let moderatorAccessToken = ''
45f1bd72
JL		 52 let emailPort: number
53 let overrideConfig: Object
0e1dc3e7
C		 54
55 // ---------------------------------------------------------------
56
57 before(async function () {
e212f887 58 this.timeout(30000)
0e1dc3e7 59
45f1bd72
JL		 60 const emails: object[] = []
61 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
62
63 overrideConfig = { signup: { limit: 8 } }
64
a95a4cc8
C		 65 {
66 const res = await Promise.all([
45f1bd72 67 flushAndRunServer(1, overrideConfig),
a95a4cc8
C		 68 flushAndRunServer(2)
69 ])
0e1dc3e7 70
a95a4cc8
C		 71 server = res[0]
72 serverWithRegistrationDisabled = res[1]
0e1dc3e7 73
a95a4cc8
C		 74 await setAccessTokensToServers([ server ])
75 }
76
77 {
78 const user = {
79 username: 'user1',
80 password: 'my super password'
81 }
82
83 const videoQuota = 42000000
84 await createUser({
85 url: server.url,
86 accessToken: server.accessToken,
87 username: user.username,
88 password: user.password,
89 videoQuota: videoQuota
90 })
91 userAccessToken = await userLogin(server, user)
92 }
93
94 {
95 const moderator = {
96 username: 'moderator1',
97 password: 'super password'
98 }
99
100 await createUser({
101 url: server.url,
102 accessToken: server.accessToken,
103 username: moderator.username,
104 password: moderator.password,
105 role: UserRole.MODERATOR
106 })
107
108 moderatorAccessToken = await userLogin(server, moderator)
109 }
110
111 {
112 const moderator = {
113 username: 'moderator2',
114 password: 'super password'
115 }
116
117 await createUser({
118 url: server.url,
119 accessToken: server.accessToken,
120 username: moderator.username,
121 password: moderator.password,
122 role: UserRole.MODERATOR
123 })
124 }
26d21b78 125
187501f8
C		 126 {
127 const res = await uploadVideo(server.url, server.accessToken, {})
d4a8e7a6 128 video = res.body.video
187501f8 129 }
a95a4cc8
C		 130
131 {
132 const res = await getUsersList(server.url, server.accessToken)
133 const users: User[] = res.body.data
134
135 userId = users.find(u => u.username === 'user1').id
136 rootId = users.find(u => u.username === 'root').id
137 moderatorId = users.find(u => u.username === 'moderator2').id
138 }
0e1dc3e7
C		 139 })
140
141 describe('When listing users', function () {
142 it('Should fail with a bad start pagination', async function () {
26d21b78 143 await checkBadStartPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 144 })
145
146 it('Should fail with a bad count pagination', async function () {
26d21b78 147 await checkBadCountPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 148 })
149
150 it('Should fail with an incorrect sort', async function () {
26d21b78 151 await checkBadSortPagination(server.url, path, server.accessToken)
0e1dc3e7 152 })
86d13ec2
C		 153
154 it('Should fail with a non authenticated user', async function () {
26d21b78
C		 155 await makeGetRequest({
156 url: server.url,
157 path,
2d53be02 158 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
26d21b78 159 })
86d13ec2
C		 160 })
161
162 it('Should fail with a non admin user', async function () {
26d21b78
C		 163 await makeGetRequest({
164 url: server.url,
165 path,
166 token: userAccessToken,
2d53be02 167 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
26d21b78 168 })
86d13ec2 169 })
0e1dc3e7
C		 170 })
171
172 describe('When adding a new user', function () {
26d21b78
C		 173 const baseCorrectParams = {
174 username: 'user2',
175 email: 'test@example.com',
176 password: 'my super password',
177 videoQuota: -1,
bee0abff 178 videoQuotaDaily: -1,
1eddc9a7 179 role: UserRole.USER,
3487330d 180 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
26d21b78
C		 181 }
182
0e1dc3e7 183 it('Should fail with a too small username', async function () {
d0ce42c1 184 const fields = immutableAssign(baseCorrectParams, { username: '' })
0e1dc3e7
C		 185
186 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
187 })
188
189 it('Should fail with a too long username', async function () {
9f7a1953 190 const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) })
0e1dc3e7
C		 191
192 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
193 })
194
563d032e 195 it('Should fail with a not lowercase username', async function () {
26d21b78 196 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
563d032e
C		 197
198 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
199 })
200
0e1dc3e7 201 it('Should fail with an incorrect username', async function () {
26d21b78 202 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
0e1dc3e7
C		 203
204 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
205 })
206
207 it('Should fail with a missing email', async function () {
26d21b78 208 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 209
210 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
211 })
212
213 it('Should fail with an invalid email', async function () {
26d21b78 214 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
0e1dc3e7
C		 215
216 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
217 })
218
219 it('Should fail with a too small password', async function () {
26d21b78 220 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
0e1dc3e7
C		 221
222 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
223 })
224
225 it('Should fail with a too long password', async function () {
26d21b78 226 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
0e1dc3e7
C		 227
228 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
229 })
230
45f1bd72
JL		 231 it('Should fail with empty password and no smtp configured', async function () {
232 const fields = immutableAssign(baseCorrectParams, { password: '' })
233
234 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
235 })
236
237 it('Should succeed with no password on a server with smtp enabled', async function () {
f43db2f4 238 this.timeout(20000)
45f1bd72
JL		 239
240 killallServers([ server ])
241
242 const config = immutableAssign(overrideConfig, {
243 smtp: {
244 hostname: 'localhost',
245 port: emailPort
246 }
247 })
248 await reRunServer(server, config)
249
250 const fields = immutableAssign(baseCorrectParams, {
251 password: '',
252 username: 'create_password',
253 email: 'create_password@example.com'
254 })
255
256 await makePostBodyRequest({
257 url: server.url,
258 path: path,
259 token: server.accessToken,
260 fields,
2d53be02 261 statusCodeExpected: HttpStatusCode.OK_200
45f1bd72
JL		 262 })
263 })
264
1eddc9a7
C		 265 it('Should fail with invalid admin flags', async function () {
266 const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' })
267
268 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
269 })
270
0e1dc3e7 271 it('Should fail with an non authenticated user', async function () {
26d21b78
C		 272 await makePostBodyRequest({
273 url: server.url,
274 path,
275 token: 'super token',
276 fields: baseCorrectParams,
2d53be02 277 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
26d21b78 278 })
0e1dc3e7
C		 279 })
280
281 it('Should fail if we add a user with the same username', async function () {
26d21b78 282 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
0e1dc3e7 283
2d53be02
RK		 284 await makePostBodyRequest({
285 url: server.url,
286 path,
287 token: server.accessToken,
288 fields,
289 statusCodeExpected: HttpStatusCode.CONFLICT_409
290 })
0e1dc3e7
C		 291 })
292
293 it('Should fail if we add a user with the same email', async function () {
26d21b78 294 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
0e1dc3e7 295
2d53be02
RK		 296 await makePostBodyRequest({
297 url: server.url,
298 path,
299 token: server.accessToken,
300 fields,
301 statusCodeExpected: HttpStatusCode.CONFLICT_409
302 })
0e1dc3e7
C		 303 })
304
77a5501f 305 it('Should fail without a videoQuota', async function () {
26d21b78 306 const fields = omit(baseCorrectParams, 'videoQuota')
77a5501f
C		 307
308 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
309 })
310
bee0abff
FA		 311 it('Should fail without a videoQuotaDaily', async function () {
312 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
313
314 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
315 })
316
77a5501f 317 it('Should fail with an invalid videoQuota', async function () {
26d21b78 318 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
757f0da3
C		 319
320 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
321 })
322
bee0abff
FA		 323 it('Should fail with an invalid videoQuotaDaily', async function () {
324 const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 })
325
326 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
327 })
328
757f0da3 329 it('Should fail without a user role', async function () {
26d21b78 330 const fields = omit(baseCorrectParams, 'role')
757f0da3
C		 331
332 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
333 })
334
335 it('Should fail with an invalid user role', async function () {
26d21b78 336 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
77a5501f
C		 337
338 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
339 })
340
2ef6a063
C		 341 it('Should fail with a "peertube" username', async function () {
342 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
343
344 await makePostBodyRequest({
345 url: server.url,
346 path,
347 token: server.accessToken,
348 fields,
2d53be02 349 statusCodeExpected: HttpStatusCode.CONFLICT_409
2ef6a063
C		 350 })
351 })
352
a95a4cc8
C		 353 it('Should fail to create a moderator or an admin with a moderator', async function () {
354 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
355 const fields = immutableAssign(baseCorrectParams, { role })
356
357 await makePostBodyRequest({
358 url: server.url,
359 path,
360 token: moderatorAccessToken,
361 fields,
2d53be02 362 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
a95a4cc8
C		 363 })
364 }
365 })
366
367 it('Should succeed to create a user with a moderator', async function () {
368 const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER })
369
370 await makePostBodyRequest({
371 url: server.url,
372 path,
373 token: moderatorAccessToken,
374 fields,
2d53be02 375 statusCodeExpected: HttpStatusCode.OK_200
a95a4cc8
C		 376 })
377 })
378
0e1dc3e7 379 it('Should succeed with the correct params', async function () {
26d21b78
C		 380 await makePostBodyRequest({
381 url: server.url,
382 path,
383 token: server.accessToken,
384 fields: baseCorrectParams,
2d53be02 385 statusCodeExpected: HttpStatusCode.OK_200
26d21b78 386 })
0e1dc3e7
C		 387 })
388
389 it('Should fail with a non admin user', async function () {
26d21b78 390 const user = {
0e1dc3e7 391 username: 'user1',
0e1dc3e7
C		 392 password: 'my super password'
393 }
26d21b78 394 userAccessToken = await userLogin(server, user)
0e1dc3e7 395
0e1dc3e7
C		 396 const fields = {
397 username: 'user3',
398 email: 'test@example.com',
77a5501f
C		 399 password: 'my super password',
400 videoQuota: 42000000
0e1dc3e7 401 }
2d53be02 402 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7
C		 403 })
404 })
405
77a5501f
C		 406 describe('When updating my account', function () {
407 it('Should fail with an invalid email attribute', async function () {
408 const fields = {
409 email: 'blabla'
410 }
0e1dc3e7 411
77a5501f 412 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 413 })
414
415 it('Should fail with a too small password', async function () {
416 const fields = {
a890d1e0 417 currentPassword: 'my super password',
0e1dc3e7
C		 418 password: 'bla'
419 }
420
77a5501f 421 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 422 })
423
424 it('Should fail with a too long password', async function () {
425 const fields = {
a890d1e0 426 currentPassword: 'my super password',
26d21b78 427 password: 'super'.repeat(61)
0e1dc3e7
C		 428 }
429
77a5501f 430 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 431 })
432
a890d1e0
C		 433 it('Should fail without the current password', async function () {
434 const fields = {
435 currentPassword: 'my super password',
436 password: 'super'.repeat(61)
437 }
438
439 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
440 })
441
442 it('Should fail with an invalid current password', async function () {
443 const fields = {
444 currentPassword: 'my super password fail',
445 password: 'super'.repeat(61)
446 }
447
2d53be02
RK		 448 await makePutBodyRequest({
449 url: server.url,
450 path: path + 'me',
451 token: userAccessToken,
452 fields,
453 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
454 })
a890d1e0
C		 455 })
456
0883b324 457 it('Should fail with an invalid NSFW policy attribute', async function () {
0e1dc3e7 458 const fields = {
0883b324 459 nsfwPolicy: 'hello'
0e1dc3e7
C		 460 }
461
77a5501f 462 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 463 })
464
7efe153b
AL		 465 it('Should fail with an invalid autoPlayVideo attribute', async function () {
466 const fields = {
467 autoPlayVideo: -1
468 }
469
470 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
471 })
472
6aa54148
L		 473 it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
474 const fields = {
475 autoPlayNextVideo: -1
476 }
477
478 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
479 })
480
8b9a525a
C		 481 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
482 const fields = {
483 videosHistoryEnabled: -1
484 }
485
486 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
487 })
488
0e1dc3e7
C		 489 it('Should fail with an non authenticated user', async function () {
490 const fields = {
a890d1e0 491 currentPassword: 'my super password',
0e1dc3e7
C		 492 password: 'my super password'
493 }
494
2d53be02
RK		 495 await makePutBodyRequest({
496 url: server.url,
497 path: path + 'me',
498 token: 'super token',
499 fields,
500 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
501 })
0e1dc3e7
C		 502 })
503
2422c46b
C		 504 it('Should fail with a too long description', async function () {
505 const fields = {
d23e6a1c 506 description: 'super'.repeat(201)
2422c46b
C		 507 }
508
509 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
510 })
511
3caf77d3
C		 512 it('Should fail with an invalid videoLanguages attribute', async function () {
513 {
514 const fields = {
515 videoLanguages: 'toto'
516 }
517
518 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
519 }
520
521 {
522 const languages = []
523 for (let i = 0; i < 1000; i++) {
524 languages.push('fr')
525 }
526
527 const fields = {
528 videoLanguages: languages
529 }
530
531 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
532 }
533 })
534
9b474844
C		 535 it('Should fail with an invalid theme', async function () {
536 const fields = { theme: 'invalid' }
537 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
538 })
539
540 it('Should fail with an unknown theme', async function () {
541 const fields = { theme: 'peertube-theme-unknown' }
542 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
543 })
544
43d0ea7f
C		 545 it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () {
546 const fields = {
547 noInstanceConfigWarningModal: -1
548 }
549
550 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
551 })
552
553 it('Should fail with an invalid noWelcomeModal attribute', async function () {
554 const fields = {
555 noWelcomeModal: -1
556 }
557
558 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
559 })
560
a890d1e0 561 it('Should succeed to change password with the correct params', async function () {
0e1dc3e7 562 const fields = {
a890d1e0 563 currentPassword: 'my super password',
0e1dc3e7 564 password: 'my super password',
0883b324 565 nsfwPolicy: 'blur',
7efe153b 566 autoPlayVideo: false,
9b474844 567 email: 'super_email@example.com',
43d0ea7f
C		 568 theme: 'default',
569 noInstanceConfigWarningModal: true,
570 noWelcomeModal: true
0e1dc3e7
C		 571 }
572
2d53be02
RK		 573 await makePutBodyRequest({
574 url: server.url,
575 path: path + 'me',
576 token: userAccessToken,
577 fields,
578 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
579 })
77a5501f 580 })
a890d1e0
C		 581
582 it('Should succeed without password change with the correct params', async function () {
583 const fields = {
584 nsfwPolicy: 'blur',
5efab546 585 autoPlayVideo: false
a890d1e0
C		 586 }
587
2d53be02
RK		 588 await makePutBodyRequest({
589 url: server.url,
590 path: path + 'me',
591 token: userAccessToken,
592 fields,
593 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
594 })
a890d1e0 595 })
77a5501f
C		 596 })
597
c5911fd3
C		 598 describe('When updating my avatar', function () {
599 it('Should fail without an incorrect input file', async function () {
600 const fields = {}
601 const attaches = {
3d470a53 602 avatarfile: buildAbsoluteFixturePath('video_short.mp4')
c5911fd3 603 }
ac81d1a0 604 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
c5911fd3
C		 605 })
606
01de67b9
C		 607 it('Should fail with a big file', async function () {
608 const fields = {}
609 const attaches = {
3d470a53 610 avatarfile: buildAbsoluteFixturePath('avatar-big.png')
01de67b9 611 }
ac81d1a0 612 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
01de67b9
C		 613 })
614
4bbfc6c6
C		 615 it('Should fail with an unauthenticated user', async function () {
616 const fields = {}
617 const attaches = {
3d470a53 618 avatarfile: buildAbsoluteFixturePath('avatar.png')
4bbfc6c6
C		 619 }
620 await makeUploadRequest({
621 url: server.url,
622 path: path + '/me/avatar/pick',
623 fields,
624 attaches,
2d53be02 625 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
4bbfc6c6
C		 626 })
627 })
628
c5911fd3
C		 629 it('Should succeed with the correct params', async function () {
630 const fields = {}
631 const attaches = {
3d470a53 632 avatarfile: buildAbsoluteFixturePath('avatar.png')
c5911fd3 633 }
ac81d1a0 634 await makeUploadRequest({
47564bbe
C		 635 url: server.url,
636 path: path + '/me/avatar/pick',
637 token: server.accessToken,
638 fields,
639 attaches,
2d53be02 640 statusCodeExpected: HttpStatusCode.OK_200
47564bbe 641 })
c5911fd3
C		 642 })
643 })
644
18490b07
C		 645 describe('When managing my scoped tokens', function () {
646
647 it('Should fail to get my scoped tokens with an non authenticated user', async function () {
2d53be02 648 await getUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401)
18490b07
C		 649 })
650
651 it('Should fail to get my scoped tokens with a bad token', async function () {
2d53be02 652 await getUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401)
18490b07
C		 653
654 })
655
656 it('Should succeed to get my scoped tokens', async function () {
657 await getUserScopedTokens(server.url, server.accessToken)
658 })
659
660 it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
2d53be02 661 await renewUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401)
18490b07
C		 662 })
663
664 it('Should fail to renew my scoped tokens with a bad token', async function () {
2d53be02 665 await renewUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401)
18490b07
C		 666 })
667
668 it('Should succeed to renew my scoped tokens', async function () {
669 await renewUserScopedTokens(server.url, server.accessToken)
670 })
671 })
672
94ff4c23 673 describe('When getting a user', function () {
94ff4c23
C		 674
675 it('Should fail with an non authenticated user', async function () {
2d53be02
RK		 676 await makeGetRequest({
677 url: server.url,
678 path: path + userId,
679 token: 'super token',
680 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
681 })
94ff4c23
C		 682 })
683
684 it('Should fail with a non admin user', async function () {
2d53be02 685 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
94ff4c23
C		 686 })
687
688 it('Should succeed with the correct params', async function () {
2d53be02 689 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 })
94ff4c23
C		 690 })
691 })
692
77a5501f
C		 693 describe('When updating a user', function () {
694
77a5501f
C		 695 it('Should fail with an invalid email attribute', async function () {
696 const fields = {
697 email: 'blabla'
698 }
699
700 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
701 })
702
fc2ec87a
JM		 703 it('Should fail with an invalid emailVerified attribute', async function () {
704 const fields = {
705 emailVerified: 'yes'
706 }
707
708 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
709 })
710
77a5501f
C		 711 it('Should fail with an invalid videoQuota attribute', async function () {
712 const fields = {
713 videoQuota: -90
714 }
715
716 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
717 })
718
757f0da3
C		 719 it('Should fail with an invalid user role attribute', async function () {
720 const fields = {
721 role: 54878
722 }
723
724 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
725 })
726
b426edd4
C		 727 it('Should fail with a too small password', async function () {
728 const fields = {
729 currentPassword: 'my super password',
730 password: 'bla'
731 }
732
733 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
734 })
735
736 it('Should fail with a too long password', async function () {
737 const fields = {
738 currentPassword: 'my super password',
739 password: 'super'.repeat(61)
740 }
741
742 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
743 })
744
77a5501f
C		 745 it('Should fail with an non authenticated user', async function () {
746 const fields = {
747 videoQuota: 42
748 }
749
2d53be02
RK		 750 await makePutBodyRequest({
751 url: server.url,
752 path: path + userId,
753 token: 'super token',
754 fields,
755 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
756 })
77a5501f
C		 757 })
758
f8b8c36b
C		 759 it('Should fail when updating root role', async function () {
760 const fields = {
761 role: UserRole.MODERATOR
762 }
763
764 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
1eddc9a7
C		 765 })
766
767 it('Should fail with invalid admin flags', async function () {
768 const fields = { adminFlags: 'toto' }
769
a95a4cc8
C		 770 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
771 })
772
773 it('Should fail to update an admin with a moderator', async function () {
774 const fields = {
775 videoQuota: 42
776 }
777
778 await makePutBodyRequest({
779 url: server.url,
780 path: path + moderatorId,
781 token: moderatorAccessToken,
782 fields,
2d53be02 783 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
a95a4cc8
C		 784 })
785 })
786
787 it('Should succeed to update a user with a moderator', async function () {
788 const fields = {
789 videoQuota: 42
790 }
791
792 await makePutBodyRequest({
793 url: server.url,
794 path: path + userId,
795 token: moderatorAccessToken,
796 fields,
2d53be02 797 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
a95a4cc8 798 })
f8b8c36b
C		 799 })
800
77a5501f
C		 801 it('Should succeed with the correct params', async function () {
802 const fields = {
803 email: 'email@example.com',
fc2ec87a 804 emailVerified: true,
757f0da3 805 videoQuota: 42,
2f1548fd 806 role: UserRole.USER
77a5501f
C		 807 }
808
2d53be02
RK		 809 await makePutBodyRequest({
810 url: server.url,
811 path: path + userId,
812 token: server.accessToken,
813 fields,
814 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
815 })
0e1dc3e7
C		 816 })
817 })
818
819 describe('When getting my information', function () {
820 it('Should fail with a non authenticated user', async function () {
2d53be02 821 await getMyUserInformation(server.url, 'fake_token', HttpStatusCode.UNAUTHORIZED_401)
0e1dc3e7
C		 822 })
823
824 it('Should success with the correct parameters', async function () {
26d21b78 825 await getMyUserInformation(server.url, userAccessToken)
0e1dc3e7
C		 826 })
827 })
828
829 describe('When getting my video rating', function () {
830 it('Should fail with a non authenticated user', async function () {
d4a8e7a6 831 await getMyUserVideoRating(server.url, 'fake_token', video.id, HttpStatusCode.UNAUTHORIZED_401)
0e1dc3e7
C		 832 })
833
834 it('Should fail with an incorrect video uuid', async function () {
2d53be02 835 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', HttpStatusCode.BAD_REQUEST_400)
0e1dc3e7
C		 836 })
837
838 it('Should fail with an unknown video', async function () {
2d53be02 839 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', HttpStatusCode.NOT_FOUND_404)
0e1dc3e7
C		 840 })
841
26d21b78 842 it('Should succeed with the correct parameters', async function () {
d4a8e7a6
C		 843 await getMyUserVideoRating(server.url, server.accessToken, video.id)
844 await getMyUserVideoRating(server.url, server.accessToken, video.uuid)
845 await getMyUserVideoRating(server.url, server.accessToken, video.shortUUID)
0e1dc3e7
C		 846 })
847 })
848
22834691
C		 849 describe('When retrieving my global ratings', function () {
850 const path = '/api/v1/accounts/user1/ratings'
851
852 it('Should fail with a bad start pagination', async function () {
853 await checkBadStartPagination(server.url, path, userAccessToken)
854 })
855
856 it('Should fail with a bad count pagination', async function () {
857 await checkBadCountPagination(server.url, path, userAccessToken)
858 })
859
860 it('Should fail with an incorrect sort', async function () {
861 await checkBadSortPagination(server.url, path, userAccessToken)
862 })
863
864 it('Should fail with a unauthenticated user', async function () {
2d53be02 865 await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
22834691
C		 866 })
867
868 it('Should fail with a another user', async function () {
2d53be02 869 await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
22834691
C		 870 })
871
872 it('Should fail with a bad type', async function () {
2d53be02
RK		 873 await makeGetRequest({
874 url: server.url,
875 path,
876 token: userAccessToken,
877 query: { rating: 'toto ' },
878 statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
879 })
22834691
C		 880 })
881
882 it('Should succeed with the correct params', async function () {
2d53be02 883 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.OK_200 })
22834691
C		 884 })
885 })
886
e6921918 887 describe('When blocking/unblocking/removing user', function () {
0e1dc3e7 888 it('Should fail with an incorrect id', async function () {
2d53be02
RK		 889 await removeUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
890 await blockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
891 await unblockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
0e1dc3e7
C		 892 })
893
894 it('Should fail with the root user', async function () {
2d53be02
RK		 895 await removeUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
896 await blockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
897 await unblockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
0e1dc3e7
C		 898 })
899
900 it('Should return 404 with a non existing id', async function () {
2d53be02
RK		 901 await removeUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
902 await blockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
903 await unblockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
e6921918
C		 904 })
905
906 it('Should fail with a non admin user', async function () {
2d53be02
RK		 907 await removeUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
908 await blockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
909 await unblockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
0e1dc3e7 910 })
a95a4cc8
C		 911
912 it('Should fail on a moderator with a moderator', async function () {
2d53be02
RK		 913 await removeUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
914 await blockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
915 await unblockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
a95a4cc8
C		 916 })
917
918 it('Should succeed on a user with a moderator', async function () {
919 await blockUser(server.url, userId, moderatorAccessToken)
920 await unblockUser(server.url, userId, moderatorAccessToken)
921 })
0e1dc3e7
C		 922 })
923
92b9d60c
C		 924 describe('When deleting our account', function () {
925 it('Should fail with with the root account', async function () {
2d53be02 926 await deleteMe(server.url, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
92b9d60c
C		 927 })
928 })
929
e590b4a5 930 describe('When registering a new user', function () {
0e1dc3e7 931 const registrationPath = path + '/register'
26d21b78
C		 932 const baseCorrectParams = {
933 username: 'user3',
1f20622f 934 displayName: 'super user',
26d21b78
C		 935 email: 'test3@example.com',
936 password: 'my super password'
937 }
0e1dc3e7
C		 938
939 it('Should fail with a too small username', async function () {
d0ce42c1 940 const fields = immutableAssign(baseCorrectParams, { username: '' })
0e1dc3e7
C		 941
942 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
943 })
944
945 it('Should fail with a too long username', async function () {
9f7a1953 946 const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) })
0e1dc3e7
C		 947
948 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
949 })
950
951 it('Should fail with an incorrect username', async function () {
26d21b78 952 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
0e1dc3e7
C		 953
954 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
955 })
956
957 it('Should fail with a missing email', async function () {
26d21b78 958 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 959
960 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
961 })
962
963 it('Should fail with an invalid email', async function () {
26d21b78 964 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
0e1dc3e7
C		 965
966 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
967 })
968
969 it('Should fail with a too small password', async function () {
26d21b78 970 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
0e1dc3e7
C		 971
972 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
973 })
974
975 it('Should fail with a too long password', async function () {
26d21b78 976 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
0e1dc3e7
C		 977
978 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
979 })
980
981 it('Should fail if we register a user with the same username', async function () {
26d21b78 982 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
0e1dc3e7 983
26d21b78
C		 984 await makePostBodyRequest({
985 url: server.url,
986 path: registrationPath,
987 token: server.accessToken,
988 fields,
2d53be02 989 statusCodeExpected: HttpStatusCode.CONFLICT_409
26d21b78 990 })
0e1dc3e7
C		 991 })
992
2ef6a063
C		 993 it('Should fail with a "peertube" username', async function () {
994 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
995
996 await makePostBodyRequest({
997 url: server.url,
998 path: registrationPath,
999 token: server.accessToken,
1000 fields,
2d53be02 1001 statusCodeExpected: HttpStatusCode.CONFLICT_409
2ef6a063
C		 1002 })
1003 })
1004
0e1dc3e7 1005 it('Should fail if we register a user with the same email', async function () {
7c3b7976 1006 const fields = immutableAssign(baseCorrectParams, { email: 'admin' + server.internalServerNumber + '@example.com' })
0e1dc3e7 1007
26d21b78
C		 1008 await makePostBodyRequest({
1009 url: server.url,
1010 path: registrationPath,
1011 token: server.accessToken,
1012 fields,
2d53be02 1013 statusCodeExpected: HttpStatusCode.CONFLICT_409
26d21b78 1014 })
0e1dc3e7
C		 1015 })
1016
1f20622f
C		 1017 it('Should fail with a bad display name', async function () {
1018 const fields = immutableAssign(baseCorrectParams, { displayName: 'a'.repeat(150) })
1019
1020 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1021 })
1022
e590b4a5
C		 1023 it('Should fail with a bad channel name', async function () {
1024 const fields = immutableAssign(baseCorrectParams, { channel: { name: '[]azf', displayName: 'toto' } })
1025
1026 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1027 })
1028
1029 it('Should fail with a bad channel display name', async function () {
1030 const fields = immutableAssign(baseCorrectParams, { channel: { name: 'toto', displayName: '' } })
1031
1032 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1033 })
1034
32d7f2b7 1035 it('Should fail with a channel name that is the same as username', async function () {
1d5342ab
C		 1036 const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
1037 const fields = immutableAssign(baseCorrectParams, source)
1038
1039 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1040 })
1041
e590b4a5 1042 it('Should fail with an existing channel', async function () {
a5461888
C		 1043 const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
1044 await server.channelsCommand.create({ attributes })
e590b4a5
C		 1045
1046 const fields = immutableAssign(baseCorrectParams, { channel: { name: 'existing_channel', displayName: 'toto' } })
1047
2d53be02
RK		 1048 await makePostBodyRequest({
1049 url: server.url,
1050 path: registrationPath,
1051 token: server.accessToken,
1052 fields,
1053 statusCodeExpected: HttpStatusCode.CONFLICT_409
1054 })
e590b4a5
C		 1055 })
1056
0e1dc3e7 1057 it('Should succeed with the correct params', async function () {
e590b4a5
C		 1058 const fields = immutableAssign(baseCorrectParams, { channel: { name: 'super_channel', displayName: 'toto' } })
1059
26d21b78
C		 1060 await makePostBodyRequest({
1061 url: server.url,
1062 path: registrationPath,
1063 token: server.accessToken,
e590b4a5 1064 fields: fields,
2d53be02 1065 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
26d21b78 1066 })
0e1dc3e7
C		 1067 })
1068
1069 it('Should fail on a server with registration disabled', async function () {
1070 const fields = {
1071 username: 'user4',
1072 email: 'test4@example.com',
1073 password: 'my super password 4'
1074 }
1075
1076 await makePostBodyRequest({
1077 url: serverWithRegistrationDisabled.url,
1078 path: registrationPath,
1079 token: serverWithRegistrationDisabled.accessToken,
1080 fields,
2d53be02 1081 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
0e1dc3e7
C		 1082 })
1083 })
1084 })
1085
1086 describe('When registering multiple users on a server with users limit', function () {
1087 it('Should fail when after 3 registrations', async function () {
2d53be02 1088 await registerUser(server.url, 'user42', 'super password', HttpStatusCode.FORBIDDEN_403)
0e1dc3e7
C		 1089 })
1090 })
1091
f076daa7
C		 1092 describe('When asking a password reset', function () {
1093 const path = '/api/v1/users/ask-reset-password'
1094
1095 it('Should fail with a missing email', async function () {
1096 const fields = {}
1097
1098 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1099 })
1100
1101 it('Should fail with an invalid email', async function () {
1102 const fields = { email: 'hello' }
1103
1104 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1105 })
1106
1107 it('Should success with the correct params', async function () {
1108 const fields = { email: 'admin@example.com' }
1109
2d53be02
RK		 1110 await makePostBodyRequest({
1111 url: server.url,
1112 path,
1113 token: server.accessToken,
1114 fields,
1115 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1116 })
f076daa7
C		 1117 })
1118 })
1119
d9eaee39
JM		 1120 describe('When asking for an account verification email', function () {
1121 const path = '/api/v1/users/ask-send-verify-email'
1122
1123 it('Should fail with a missing email', async function () {
1124 const fields = {}
1125
1126 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1127 })
1128
1129 it('Should fail with an invalid email', async function () {
1130 const fields = { email: 'hello' }
1131
1132 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1133 })
1134
1135 it('Should succeed with the correct params', async function () {
1136 const fields = { email: 'admin@example.com' }
1137
2d53be02
RK		 1138 await makePostBodyRequest({
1139 url: server.url,
1140 path,
1141 token: server.accessToken,
1142 fields,
1143 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1144 })
d9eaee39
JM		 1145 })
1146 })
1147
7c3b7976 1148 after(async function () {
45f1bd72
JL		 1149 MockSmtpServer.Instance.kill()
1150
7c3b7976 1151 await cleanupTests([ server, serverWithRegistrationDisabled ])
0e1dc3e7
C		 1152 })
1153})
ActivityPub-federated video streaming platform using P2P directly in your web browser