]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix server run
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
a1587156 1/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
0e1dc3e7 2
0e1dc3e7 3import 'mocha'
b488ba1e 4import { omit } from 'lodash'
d23dd9fb 5import { HttpStatusCode } from '@shared/core-utils'
0e1dc3e7 6import {
3d470a53 7 buildAbsoluteFixturePath,
d23dd9fb
C		 8 checkBadCountPagination,
9 checkBadSortPagination,
10 checkBadStartPagination,
7c3b7976 11 cleanupTests,
254d3579 12 createSingleServer,
45f1bd72 13 killallServers,
42e1ec25
C		 14 makeGetRequest,
15 makePostBodyRequest,
16 makePutBodyRequest,
17 makeUploadRequest,
d23dd9fb 18 MockSmtpServer,
254d3579 19 PeerTubeServer,
42e1ec25 20 setAccessTokensToServers,
7926c5f9 21 UsersCommand
d23dd9fb
C		 22} from '@shared/extra-utils'
23import { UserAdminFlag, UserRole, VideoCreateResult } from '@shared/models'
0e1dc3e7
C		 24
25describe('Test users API validators', function () {
26 const path = '/api/v1/users/'
27 let userId: number
28 let rootId: number
a95a4cc8 29 let moderatorId: number
d4a8e7a6 30 let video: VideoCreateResult
254d3579
C		 31 let server: PeerTubeServer
32 let serverWithRegistrationDisabled: PeerTubeServer
7926c5f9
C		 33 let userToken = ''
34 let moderatorToken = ''
45f1bd72
JL		 35 let emailPort: number
36 let overrideConfig: Object
0e1dc3e7
C		 37
38 // ---------------------------------------------------------------
39
40 before(async function () {
e212f887 41 this.timeout(30000)
0e1dc3e7 42
45f1bd72
JL		 43 const emails: object[] = []
44 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
45
46 overrideConfig = { signup: { limit: 8 } }
47
a95a4cc8
C		 48 {
49 const res = await Promise.all([
254d3579
C		 50 createSingleServer(1, overrideConfig),
51 createSingleServer(2)
a95a4cc8 52 ])
0e1dc3e7 53
a95a4cc8
C		 54 server = res[0]
55 serverWithRegistrationDisabled = res[1]
0e1dc3e7 56
a95a4cc8
C		 57 await setAccessTokensToServers([ server ])
58 }
59
60 {
7926c5f9 61 const user = { username: 'user1' }
89d241a7
C		 62 await server.users.create({ ...user })
63 userToken = await server.login.getAccessToken(user)
a95a4cc8
C		 64 }
65
66 {
7926c5f9 67 const moderator = { username: 'moderator1' }
89d241a7
C		 68 await server.users.create({ ...moderator, role: UserRole.MODERATOR })
69 moderatorToken = await server.login.getAccessToken(moderator)
a95a4cc8
C		 70 }
71
72 {
7926c5f9 73 const moderator = { username: 'moderator2' }
89d241a7 74 await server.users.create({ ...moderator, role: UserRole.MODERATOR })
a95a4cc8 75 }
26d21b78 76
187501f8 77 {
89d241a7 78 video = await server.videos.upload()
187501f8 79 }
a95a4cc8
C		 80
81 {
89d241a7 82 const { data } = await server.users.list()
7926c5f9
C		 83 userId = data.find(u => u.username === 'user1').id
84 rootId = data.find(u => u.username === 'root').id
85 moderatorId = data.find(u => u.username === 'moderator2').id
a95a4cc8 86 }
0e1dc3e7
C		 87 })
88
89 describe('When listing users', function () {
90 it('Should fail with a bad start pagination', async function () {
26d21b78 91 await checkBadStartPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 92 })
93
94 it('Should fail with a bad count pagination', async function () {
26d21b78 95 await checkBadCountPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 96 })
97
98 it('Should fail with an incorrect sort', async function () {
26d21b78 99 await checkBadSortPagination(server.url, path, server.accessToken)
0e1dc3e7 100 })
86d13ec2
C		 101
102 it('Should fail with a non authenticated user', async function () {
26d21b78
C		 103 await makeGetRequest({
104 url: server.url,
105 path,
2d53be02 106 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
26d21b78 107 })
86d13ec2
C		 108 })
109
110 it('Should fail with a non admin user', async function () {
26d21b78
C		 111 await makeGetRequest({
112 url: server.url,
113 path,
7926c5f9 114 token: userToken,
2d53be02 115 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
26d21b78 116 })
86d13ec2 117 })
0e1dc3e7
C		 118 })
119
120 describe('When adding a new user', function () {
26d21b78
C		 121 const baseCorrectParams = {
122 username: 'user2',
123 email: 'test@example.com',
124 password: 'my super password',
125 videoQuota: -1,
bee0abff 126 videoQuotaDaily: -1,
1eddc9a7 127 role: UserRole.USER,
3487330d 128 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
26d21b78
C		 129 }
130
0e1dc3e7 131 it('Should fail with a too small username', async function () {
6c5065a0 132 const fields = { ...baseCorrectParams, username: '' }
0e1dc3e7
C		 133
134 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
135 })
136
137 it('Should fail with a too long username', async function () {
6c5065a0 138 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
0e1dc3e7
C		 139
140 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
141 })
142
563d032e 143 it('Should fail with a not lowercase username', async function () {
6c5065a0 144 const fields = { ...baseCorrectParams, username: 'Toto' }
563d032e
C		 145
146 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
147 })
148
0e1dc3e7 149 it('Should fail with an incorrect username', async function () {
6c5065a0 150 const fields = { ...baseCorrectParams, username: 'my username' }
0e1dc3e7
C		 151
152 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
153 })
154
155 it('Should fail with a missing email', async function () {
26d21b78 156 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 157
158 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
159 })
160
161 it('Should fail with an invalid email', async function () {
6c5065a0 162 const fields = { ...baseCorrectParams, email: 'test_example.com' }
0e1dc3e7
C		 163
164 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
165 })
166
167 it('Should fail with a too small password', async function () {
6c5065a0 168 const fields = { ...baseCorrectParams, password: 'bla' }
0e1dc3e7
C		 169
170 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
171 })
172
173 it('Should fail with a too long password', async function () {
6c5065a0 174 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
0e1dc3e7
C		 175
176 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
177 })
178
45f1bd72 179 it('Should fail with empty password and no smtp configured', async function () {
6c5065a0 180 const fields = { ...baseCorrectParams, password: '' }
45f1bd72
JL		 181
182 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
183 })
184
185 it('Should succeed with no password on a server with smtp enabled', async function () {
f43db2f4 186 this.timeout(20000)
45f1bd72 187
9293139f 188 await killallServers([ server ])
45f1bd72 189
6c5065a0
C		 190 const config = {
191 ...overrideConfig,
192
45f1bd72
JL		 193 smtp: {
194 hostname: 'localhost',
195 port: emailPort
196 }
6c5065a0 197 }
254d3579 198 await server.run(config)
45f1bd72 199
6c5065a0
C		 200 const fields = {
201 ...baseCorrectParams,
202
45f1bd72
JL		 203 password: '',
204 username: 'create_password',
205 email: 'create_password@example.com'
6c5065a0 206 }
45f1bd72
JL		 207
208 await makePostBodyRequest({
209 url: server.url,
210 path: path,
211 token: server.accessToken,
212 fields,
2d53be02 213 statusCodeExpected: HttpStatusCode.OK_200
45f1bd72
JL		 214 })
215 })
216
1eddc9a7 217 it('Should fail with invalid admin flags', async function () {
6c5065a0 218 const fields = { ...baseCorrectParams, adminFlags: 'toto' }
1eddc9a7
C		 219
220 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
221 })
222
0e1dc3e7 223 it('Should fail with an non authenticated user', async function () {
26d21b78
C		 224 await makePostBodyRequest({
225 url: server.url,
226 path,
227 token: 'super token',
228 fields: baseCorrectParams,
2d53be02 229 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
26d21b78 230 })
0e1dc3e7
C		 231 })
232
233 it('Should fail if we add a user with the same username', async function () {
6c5065a0 234 const fields = { ...baseCorrectParams, username: 'user1' }
0e1dc3e7 235
2d53be02
RK		 236 await makePostBodyRequest({
237 url: server.url,
238 path,
239 token: server.accessToken,
240 fields,
241 statusCodeExpected: HttpStatusCode.CONFLICT_409
242 })
0e1dc3e7
C		 243 })
244
245 it('Should fail if we add a user with the same email', async function () {
6c5065a0 246 const fields = { ...baseCorrectParams, email: 'user1@example.com' }
0e1dc3e7 247
2d53be02
RK		 248 await makePostBodyRequest({
249 url: server.url,
250 path,
251 token: server.accessToken,
252 fields,
253 statusCodeExpected: HttpStatusCode.CONFLICT_409
254 })
0e1dc3e7
C		 255 })
256
77a5501f 257 it('Should fail without a videoQuota', async function () {
26d21b78 258 const fields = omit(baseCorrectParams, 'videoQuota')
77a5501f
C		 259
260 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
261 })
262
bee0abff
FA		 263 it('Should fail without a videoQuotaDaily', async function () {
264 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
265
266 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
267 })
268
77a5501f 269 it('Should fail with an invalid videoQuota', async function () {
6c5065a0 270 const fields = { ...baseCorrectParams, videoQuota: -5 }
757f0da3
C		 271
272 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
273 })
274
bee0abff 275 it('Should fail with an invalid videoQuotaDaily', async function () {
6c5065a0 276 const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
bee0abff
FA		 277
278 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
279 })
280
757f0da3 281 it('Should fail without a user role', async function () {
26d21b78 282 const fields = omit(baseCorrectParams, 'role')
757f0da3
C		 283
284 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
285 })
286
287 it('Should fail with an invalid user role', async function () {
6c5065a0 288 const fields = { ...baseCorrectParams, role: 88989 }
77a5501f
C		 289
290 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
291 })
292
2ef6a063 293 it('Should fail with a "peertube" username', async function () {
6c5065a0 294 const fields = { ...baseCorrectParams, username: 'peertube' }
2ef6a063
C		 295
296 await makePostBodyRequest({
297 url: server.url,
298 path,
299 token: server.accessToken,
300 fields,
2d53be02 301 statusCodeExpected: HttpStatusCode.CONFLICT_409
2ef6a063
C		 302 })
303 })
304
a95a4cc8
C		 305 it('Should fail to create a moderator or an admin with a moderator', async function () {
306 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
6c5065a0 307 const fields = { ...baseCorrectParams, role }
a95a4cc8
C		 308
309 await makePostBodyRequest({
310 url: server.url,
311 path,
7926c5f9 312 token: moderatorToken,
a95a4cc8 313 fields,
2d53be02 314 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
a95a4cc8
C		 315 })
316 }
317 })
318
319 it('Should succeed to create a user with a moderator', async function () {
6c5065a0 320 const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
a95a4cc8
C		 321
322 await makePostBodyRequest({
323 url: server.url,
324 path,
7926c5f9 325 token: moderatorToken,
a95a4cc8 326 fields,
2d53be02 327 statusCodeExpected: HttpStatusCode.OK_200
a95a4cc8
C		 328 })
329 })
330
0e1dc3e7 331 it('Should succeed with the correct params', async function () {
26d21b78
C		 332 await makePostBodyRequest({
333 url: server.url,
334 path,
335 token: server.accessToken,
336 fields: baseCorrectParams,
2d53be02 337 statusCodeExpected: HttpStatusCode.OK_200
26d21b78 338 })
0e1dc3e7
C		 339 })
340
341 it('Should fail with a non admin user', async function () {
7926c5f9 342 const user = { username: 'user1' }
89d241a7 343 userToken = await server.login.getAccessToken(user)
0e1dc3e7 344
0e1dc3e7
C		 345 const fields = {
346 username: 'user3',
347 email: 'test@example.com',
77a5501f
C		 348 password: 'my super password',
349 videoQuota: 42000000
0e1dc3e7 350 }
7926c5f9 351 await makePostBodyRequest({ url: server.url, path, token: userToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7
C		 352 })
353 })
354
77a5501f 355 describe('When updating my account', function () {
7926c5f9 356
77a5501f
C		 357 it('Should fail with an invalid email attribute', async function () {
358 const fields = {
359 email: 'blabla'
360 }
0e1dc3e7 361
77a5501f 362 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 363 })
364
365 it('Should fail with a too small password', async function () {
366 const fields = {
7926c5f9 367 currentPassword: 'password',
0e1dc3e7
C		 368 password: 'bla'
369 }
370
7926c5f9 371 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
0e1dc3e7
C		 372 })
373
374 it('Should fail with a too long password', async function () {
375 const fields = {
7926c5f9 376 currentPassword: 'password',
26d21b78 377 password: 'super'.repeat(61)
0e1dc3e7
C		 378 }
379
7926c5f9 380 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
0e1dc3e7
C		 381 })
382
a890d1e0
C		 383 it('Should fail without the current password', async function () {
384 const fields = {
7926c5f9 385 currentPassword: 'password',
a890d1e0
C		 386 password: 'super'.repeat(61)
387 }
388
7926c5f9 389 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
a890d1e0
C		 390 })
391
392 it('Should fail with an invalid current password', async function () {
393 const fields = {
394 currentPassword: 'my super password fail',
395 password: 'super'.repeat(61)
396 }
397
2d53be02
RK		 398 await makePutBodyRequest({
399 url: server.url,
400 path: path + 'me',
7926c5f9 401 token: userToken,
2d53be02
RK		 402 fields,
403 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
404 })
a890d1e0
C		 405 })
406
0883b324 407 it('Should fail with an invalid NSFW policy attribute', async function () {
0e1dc3e7 408 const fields = {
0883b324 409 nsfwPolicy: 'hello'
0e1dc3e7
C		 410 }
411
7926c5f9 412 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
0e1dc3e7
C		 413 })
414
7efe153b
AL		 415 it('Should fail with an invalid autoPlayVideo attribute', async function () {
416 const fields = {
417 autoPlayVideo: -1
418 }
419
7926c5f9 420 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
7efe153b
AL		 421 })
422
6aa54148
L		 423 it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
424 const fields = {
425 autoPlayNextVideo: -1
426 }
427
7926c5f9 428 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
6aa54148
L		 429 })
430
8b9a525a
C		 431 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
432 const fields = {
433 videosHistoryEnabled: -1
434 }
435
7926c5f9 436 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
8b9a525a
C		 437 })
438
0e1dc3e7
C		 439 it('Should fail with an non authenticated user', async function () {
440 const fields = {
7926c5f9 441 currentPassword: 'password',
0e1dc3e7
C		 442 password: 'my super password'
443 }
444
2d53be02
RK		 445 await makePutBodyRequest({
446 url: server.url,
447 path: path + 'me',
448 token: 'super token',
449 fields,
450 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
451 })
0e1dc3e7
C		 452 })
453
2422c46b
C		 454 it('Should fail with a too long description', async function () {
455 const fields = {
d23e6a1c 456 description: 'super'.repeat(201)
2422c46b
C		 457 }
458
7926c5f9 459 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
2422c46b
C		 460 })
461
3caf77d3
C		 462 it('Should fail with an invalid videoLanguages attribute', async function () {
463 {
464 const fields = {
465 videoLanguages: 'toto'
466 }
467
7926c5f9 468 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
3caf77d3
C		 469 }
470
471 {
472 const languages = []
473 for (let i = 0; i < 1000; i++) {
474 languages.push('fr')
475 }
476
477 const fields = {
478 videoLanguages: languages
479 }
480
7926c5f9 481 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
3caf77d3
C		 482 }
483 })
484
9b474844
C		 485 it('Should fail with an invalid theme', async function () {
486 const fields = { theme: 'invalid' }
7926c5f9 487 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
9b474844
C		 488 })
489
490 it('Should fail with an unknown theme', async function () {
491 const fields = { theme: 'peertube-theme-unknown' }
7926c5f9 492 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
9b474844
C		 493 })
494
43d0ea7f
C		 495 it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () {
496 const fields = {
497 noInstanceConfigWarningModal: -1
498 }
499
7926c5f9 500 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
43d0ea7f
C		 501 })
502
503 it('Should fail with an invalid noWelcomeModal attribute', async function () {
504 const fields = {
505 noWelcomeModal: -1
506 }
507
7926c5f9 508 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
43d0ea7f
C		 509 })
510
a890d1e0 511 it('Should succeed to change password with the correct params', async function () {
0e1dc3e7 512 const fields = {
7926c5f9 513 currentPassword: 'password',
0e1dc3e7 514 password: 'my super password',
0883b324 515 nsfwPolicy: 'blur',
7efe153b 516 autoPlayVideo: false,
9b474844 517 email: 'super_email@example.com',
43d0ea7f
C		 518 theme: 'default',
519 noInstanceConfigWarningModal: true,
520 noWelcomeModal: true
0e1dc3e7
C		 521 }
522
2d53be02
RK		 523 await makePutBodyRequest({
524 url: server.url,
525 path: path + 'me',
7926c5f9 526 token: userToken,
2d53be02
RK		 527 fields,
528 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
529 })
77a5501f 530 })
a890d1e0
C		 531
532 it('Should succeed without password change with the correct params', async function () {
533 const fields = {
534 nsfwPolicy: 'blur',
5efab546 535 autoPlayVideo: false
a890d1e0
C		 536 }
537
2d53be02
RK		 538 await makePutBodyRequest({
539 url: server.url,
540 path: path + 'me',
7926c5f9 541 token: userToken,
2d53be02
RK		 542 fields,
543 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
544 })
a890d1e0 545 })
77a5501f
C		 546 })
547
c5911fd3
C		 548 describe('When updating my avatar', function () {
549 it('Should fail without an incorrect input file', async function () {
550 const fields = {}
551 const attaches = {
3d470a53 552 avatarfile: buildAbsoluteFixturePath('video_short.mp4')
c5911fd3 553 }
ac81d1a0 554 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
c5911fd3
C		 555 })
556
01de67b9
C		 557 it('Should fail with a big file', async function () {
558 const fields = {}
559 const attaches = {
3d470a53 560 avatarfile: buildAbsoluteFixturePath('avatar-big.png')
01de67b9 561 }
ac81d1a0 562 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
01de67b9
C		 563 })
564
4bbfc6c6
C		 565 it('Should fail with an unauthenticated user', async function () {
566 const fields = {}
567 const attaches = {
3d470a53 568 avatarfile: buildAbsoluteFixturePath('avatar.png')
4bbfc6c6
C		 569 }
570 await makeUploadRequest({
571 url: server.url,
572 path: path + '/me/avatar/pick',
573 fields,
574 attaches,
2d53be02 575 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
4bbfc6c6
C		 576 })
577 })
578
c5911fd3
C		 579 it('Should succeed with the correct params', async function () {
580 const fields = {}
581 const attaches = {
3d470a53 582 avatarfile: buildAbsoluteFixturePath('avatar.png')
c5911fd3 583 }
ac81d1a0 584 await makeUploadRequest({
47564bbe
C		 585 url: server.url,
586 path: path + '/me/avatar/pick',
587 token: server.accessToken,
588 fields,
589 attaches,
2d53be02 590 statusCodeExpected: HttpStatusCode.OK_200
47564bbe 591 })
c5911fd3
C		 592 })
593 })
594
18490b07
C		 595 describe('When managing my scoped tokens', function () {
596
597 it('Should fail to get my scoped tokens with an non authenticated user', async function () {
89d241a7 598 await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 599 })
600
601 it('Should fail to get my scoped tokens with a bad token', async function () {
89d241a7 602 await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 603
604 })
605
606 it('Should succeed to get my scoped tokens', async function () {
89d241a7 607 await server.users.getMyScopedTokens()
18490b07
C		 608 })
609
610 it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
89d241a7 611 await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 612 })
613
614 it('Should fail to renew my scoped tokens with a bad token', async function () {
89d241a7 615 await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 616 })
617
618 it('Should succeed to renew my scoped tokens', async function () {
89d241a7 619 await server.users.renewMyScopedTokens()
18490b07
C		 620 })
621 })
622
94ff4c23 623 describe('When getting a user', function () {
94ff4c23
C		 624
625 it('Should fail with an non authenticated user', async function () {
2d53be02
RK		 626 await makeGetRequest({
627 url: server.url,
628 path: path + userId,
629 token: 'super token',
630 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
631 })
94ff4c23
C		 632 })
633
634 it('Should fail with a non admin user', async function () {
7926c5f9 635 await makeGetRequest({ url: server.url, path, token: userToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
94ff4c23
C		 636 })
637
638 it('Should succeed with the correct params', async function () {
2d53be02 639 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 })
94ff4c23
C		 640 })
641 })
642
77a5501f
C		 643 describe('When updating a user', function () {
644
77a5501f
C		 645 it('Should fail with an invalid email attribute', async function () {
646 const fields = {
647 email: 'blabla'
648 }
649
650 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
651 })
652
fc2ec87a
JM		 653 it('Should fail with an invalid emailVerified attribute', async function () {
654 const fields = {
655 emailVerified: 'yes'
656 }
657
658 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
659 })
660
77a5501f
C		 661 it('Should fail with an invalid videoQuota attribute', async function () {
662 const fields = {
663 videoQuota: -90
664 }
665
666 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
667 })
668
757f0da3
C		 669 it('Should fail with an invalid user role attribute', async function () {
670 const fields = {
671 role: 54878
672 }
673
674 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
675 })
676
b426edd4
C		 677 it('Should fail with a too small password', async function () {
678 const fields = {
7926c5f9 679 currentPassword: 'password',
b426edd4
C		 680 password: 'bla'
681 }
682
683 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
684 })
685
686 it('Should fail with a too long password', async function () {
687 const fields = {
7926c5f9 688 currentPassword: 'password',
b426edd4
C		 689 password: 'super'.repeat(61)
690 }
691
692 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
693 })
694
77a5501f
C		 695 it('Should fail with an non authenticated user', async function () {
696 const fields = {
697 videoQuota: 42
698 }
699
2d53be02
RK		 700 await makePutBodyRequest({
701 url: server.url,
702 path: path + userId,
703 token: 'super token',
704 fields,
705 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
706 })
77a5501f
C		 707 })
708
f8b8c36b
C		 709 it('Should fail when updating root role', async function () {
710 const fields = {
711 role: UserRole.MODERATOR
712 }
713
714 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
1eddc9a7
C		 715 })
716
717 it('Should fail with invalid admin flags', async function () {
718 const fields = { adminFlags: 'toto' }
719
a95a4cc8
C		 720 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
721 })
722
723 it('Should fail to update an admin with a moderator', async function () {
724 const fields = {
725 videoQuota: 42
726 }
727
728 await makePutBodyRequest({
729 url: server.url,
730 path: path + moderatorId,
7926c5f9 731 token: moderatorToken,
a95a4cc8 732 fields,
2d53be02 733 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
a95a4cc8
C		 734 })
735 })
736
737 it('Should succeed to update a user with a moderator', async function () {
738 const fields = {
739 videoQuota: 42
740 }
741
742 await makePutBodyRequest({
743 url: server.url,
744 path: path + userId,
7926c5f9 745 token: moderatorToken,
a95a4cc8 746 fields,
2d53be02 747 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
a95a4cc8 748 })
f8b8c36b
C		 749 })
750
77a5501f
C		 751 it('Should succeed with the correct params', async function () {
752 const fields = {
753 email: 'email@example.com',
fc2ec87a 754 emailVerified: true,
757f0da3 755 videoQuota: 42,
2f1548fd 756 role: UserRole.USER
77a5501f
C		 757 }
758
2d53be02
RK		 759 await makePutBodyRequest({
760 url: server.url,
761 path: path + userId,
762 token: server.accessToken,
763 fields,
764 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
765 })
0e1dc3e7
C		 766 })
767 })
768
769 describe('When getting my information', function () {
770 it('Should fail with a non authenticated user', async function () {
89d241a7 771 await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
0e1dc3e7
C		 772 })
773
774 it('Should success with the correct parameters', async function () {
89d241a7 775 await server.users.getMyInfo({ token: userToken })
0e1dc3e7
C		 776 })
777 })
778
779 describe('When getting my video rating', function () {
7926c5f9
C		 780 let command: UsersCommand
781
782 before(function () {
89d241a7 783 command = server.users
7926c5f9
C		 784 })
785
0e1dc3e7 786 it('Should fail with a non authenticated user', async function () {
7926c5f9 787 await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
0e1dc3e7
C		 788 })
789
790 it('Should fail with an incorrect video uuid', async function () {
7926c5f9 791 await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
0e1dc3e7
C		 792 })
793
794 it('Should fail with an unknown video', async function () {
7926c5f9 795 await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 })
0e1dc3e7
C		 796 })
797
26d21b78 798 it('Should succeed with the correct parameters', async function () {
7926c5f9
C		 799 await command.getMyRating({ videoId: video.id })
800 await command.getMyRating({ videoId: video.uuid })
801 await command.getMyRating({ videoId: video.shortUUID })
0e1dc3e7
C		 802 })
803 })
804
22834691
C		 805 describe('When retrieving my global ratings', function () {
806 const path = '/api/v1/accounts/user1/ratings'
807
808 it('Should fail with a bad start pagination', async function () {
7926c5f9 809 await checkBadStartPagination(server.url, path, userToken)
22834691
C		 810 })
811
812 it('Should fail with a bad count pagination', async function () {
7926c5f9 813 await checkBadCountPagination(server.url, path, userToken)
22834691
C		 814 })
815
816 it('Should fail with an incorrect sort', async function () {
7926c5f9 817 await checkBadSortPagination(server.url, path, userToken)
22834691
C		 818 })
819
820 it('Should fail with a unauthenticated user', async function () {
2d53be02 821 await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
22834691
C		 822 })
823
824 it('Should fail with a another user', async function () {
2d53be02 825 await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
22834691
C		 826 })
827
828 it('Should fail with a bad type', async function () {
2d53be02
RK		 829 await makeGetRequest({
830 url: server.url,
831 path,
7926c5f9 832 token: userToken,
2d53be02
RK		 833 query: { rating: 'toto ' },
834 statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
835 })
22834691
C		 836 })
837
838 it('Should succeed with the correct params', async function () {
7926c5f9 839 await makeGetRequest({ url: server.url, path, token: userToken, statusCodeExpected: HttpStatusCode.OK_200 })
22834691
C		 840 })
841 })
842
e6921918 843 describe('When blocking/unblocking/removing user', function () {
7926c5f9 844
0e1dc3e7 845 it('Should fail with an incorrect id', async function () {
7926c5f9
C		 846 const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
847
89d241a7
C		 848 await server.users.remove(options)
849 await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
850 await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
0e1dc3e7
C		 851 })
852
853 it('Should fail with the root user', async function () {
7926c5f9
C		 854 const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
855
89d241a7
C		 856 await server.users.remove(options)
857 await server.users.banUser(options)
858 await server.users.unbanUser(options)
0e1dc3e7
C		 859 })
860
861 it('Should return 404 with a non existing id', async function () {
7926c5f9
C		 862 const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 }
863
89d241a7
C		 864 await server.users.remove(options)
865 await server.users.banUser(options)
866 await server.users.unbanUser(options)
e6921918
C		 867 })
868
869 it('Should fail with a non admin user', async function () {
7926c5f9
C		 870 const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
871
89d241a7
C		 872 await server.users.remove(options)
873 await server.users.banUser(options)
874 await server.users.unbanUser(options)
0e1dc3e7 875 })
a95a4cc8
C		 876
877 it('Should fail on a moderator with a moderator', async function () {
7926c5f9
C		 878 const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
879
89d241a7
C		 880 await server.users.remove(options)
881 await server.users.banUser(options)
882 await server.users.unbanUser(options)
a95a4cc8
C		 883 })
884
885 it('Should succeed on a user with a moderator', async function () {
7926c5f9
C		 886 const options = { userId, token: moderatorToken }
887
89d241a7
C		 888 await server.users.banUser(options)
889 await server.users.unbanUser(options)
a95a4cc8 890 })
0e1dc3e7
C		 891 })
892
92b9d60c
C		 893 describe('When deleting our account', function () {
894 it('Should fail with with the root account', async function () {
89d241a7 895 await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
92b9d60c
C		 896 })
897 })
898
e590b4a5 899 describe('When registering a new user', function () {
0e1dc3e7 900 const registrationPath = path + '/register'
26d21b78
C		 901 const baseCorrectParams = {
902 username: 'user3',
1f20622f 903 displayName: 'super user',
26d21b78
C		 904 email: 'test3@example.com',
905 password: 'my super password'
906 }
0e1dc3e7
C		 907
908 it('Should fail with a too small username', async function () {
6c5065a0 909 const fields = { ...baseCorrectParams, username: '' }
0e1dc3e7
C		 910
911 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
912 })
913
914 it('Should fail with a too long username', async function () {
6c5065a0 915 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
0e1dc3e7
C		 916
917 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
918 })
919
920 it('Should fail with an incorrect username', async function () {
6c5065a0 921 const fields = { ...baseCorrectParams, username: 'my username' }
0e1dc3e7
C		 922
923 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
924 })
925
926 it('Should fail with a missing email', async function () {
26d21b78 927 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 928
929 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
930 })
931
932 it('Should fail with an invalid email', async function () {
6c5065a0 933 const fields = { ...baseCorrectParams, email: 'test_example.com' }
0e1dc3e7
C		 934
935 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
936 })
937
938 it('Should fail with a too small password', async function () {
6c5065a0 939 const fields = { ...baseCorrectParams, password: 'bla' }
0e1dc3e7
C		 940
941 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
942 })
943
944 it('Should fail with a too long password', async function () {
6c5065a0 945 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
0e1dc3e7
C		 946
947 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
948 })
949
950 it('Should fail if we register a user with the same username', async function () {
6c5065a0 951 const fields = { ...baseCorrectParams, username: 'root' }
0e1dc3e7 952
26d21b78
C		 953 await makePostBodyRequest({
954 url: server.url,
955 path: registrationPath,
956 token: server.accessToken,
957 fields,
2d53be02 958 statusCodeExpected: HttpStatusCode.CONFLICT_409
26d21b78 959 })
0e1dc3e7
C		 960 })
961
2ef6a063 962 it('Should fail with a "peertube" username', async function () {
6c5065a0 963 const fields = { ...baseCorrectParams, username: 'peertube' }
2ef6a063
C		 964
965 await makePostBodyRequest({
966 url: server.url,
967 path: registrationPath,
968 token: server.accessToken,
969 fields,
2d53be02 970 statusCodeExpected: HttpStatusCode.CONFLICT_409
2ef6a063
C		 971 })
972 })
973
0e1dc3e7 974 it('Should fail if we register a user with the same email', async function () {
6c5065a0 975 const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
0e1dc3e7 976
26d21b78
C		 977 await makePostBodyRequest({
978 url: server.url,
979 path: registrationPath,
980 token: server.accessToken,
981 fields,
2d53be02 982 statusCodeExpected: HttpStatusCode.CONFLICT_409
26d21b78 983 })
0e1dc3e7
C		 984 })
985
1f20622f 986 it('Should fail with a bad display name', async function () {
6c5065a0 987 const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
1f20622f
C		 988
989 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
990 })
991
e590b4a5 992 it('Should fail with a bad channel name', async function () {
6c5065a0 993 const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
e590b4a5
C		 994
995 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
996 })
997
998 it('Should fail with a bad channel display name', async function () {
6c5065a0 999 const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
e590b4a5
C		 1000
1001 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1002 })
1003
32d7f2b7 1004 it('Should fail with a channel name that is the same as username', async function () {
1d5342ab 1005 const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
6c5065a0 1006 const fields = { ...baseCorrectParams, ...source }
1d5342ab
C		 1007
1008 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1009 })
1010
e590b4a5 1011 it('Should fail with an existing channel', async function () {
a5461888 1012 const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
89d241a7 1013 await server.channels.create({ attributes })
e590b4a5 1014
6c5065a0 1015 const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
e590b4a5 1016
2d53be02
RK		 1017 await makePostBodyRequest({
1018 url: server.url,
1019 path: registrationPath,
1020 token: server.accessToken,
1021 fields,
1022 statusCodeExpected: HttpStatusCode.CONFLICT_409
1023 })
e590b4a5
C		 1024 })
1025
0e1dc3e7 1026 it('Should succeed with the correct params', async function () {
6c5065a0 1027 const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
e590b4a5 1028
26d21b78
C		 1029 await makePostBodyRequest({
1030 url: server.url,
1031 path: registrationPath,
1032 token: server.accessToken,
e590b4a5 1033 fields: fields,
2d53be02 1034 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
26d21b78 1035 })
0e1dc3e7
C		 1036 })
1037
1038 it('Should fail on a server with registration disabled', async function () {
1039 const fields = {
1040 username: 'user4',
1041 email: 'test4@example.com',
1042 password: 'my super password 4'
1043 }
1044
1045 await makePostBodyRequest({
1046 url: serverWithRegistrationDisabled.url,
1047 path: registrationPath,
1048 token: serverWithRegistrationDisabled.accessToken,
1049 fields,
2d53be02 1050 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
0e1dc3e7
C		 1051 })
1052 })
1053 })
1054
1055 describe('When registering multiple users on a server with users limit', function () {
1056 it('Should fail when after 3 registrations', async function () {
89d241a7 1057 await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7
C		 1058 })
1059 })
1060
f076daa7
C		 1061 describe('When asking a password reset', function () {
1062 const path = '/api/v1/users/ask-reset-password'
1063
1064 it('Should fail with a missing email', async function () {
1065 const fields = {}
1066
1067 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1068 })
1069
1070 it('Should fail with an invalid email', async function () {
1071 const fields = { email: 'hello' }
1072
1073 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1074 })
1075
1076 it('Should success with the correct params', async function () {
1077 const fields = { email: 'admin@example.com' }
1078
2d53be02
RK		 1079 await makePostBodyRequest({
1080 url: server.url,
1081 path,
1082 token: server.accessToken,
1083 fields,
1084 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1085 })
f076daa7
C		 1086 })
1087 })
1088
d9eaee39
JM		 1089 describe('When asking for an account verification email', function () {
1090 const path = '/api/v1/users/ask-send-verify-email'
1091
1092 it('Should fail with a missing email', async function () {
1093 const fields = {}
1094
1095 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1096 })
1097
1098 it('Should fail with an invalid email', async function () {
1099 const fields = { email: 'hello' }
1100
1101 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1102 })
1103
1104 it('Should succeed with the correct params', async function () {
1105 const fields = { email: 'admin@example.com' }
1106
2d53be02
RK		 1107 await makePostBodyRequest({
1108 url: server.url,
1109 path,
1110 token: server.accessToken,
1111 fields,
1112 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1113 })
d9eaee39
JM		 1114 })
1115 })
1116
7c3b7976 1117 after(async function () {
45f1bd72
JL		 1118 MockSmtpServer.Instance.kill()
1119
7c3b7976 1120 await cleanupTests([ server, serverWithRegistrationDisabled ])
0e1dc3e7
C		 1121 })
1122})
ActivityPub-federated video streaming platform using P2P directly in your web browser