]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Do not create a user with the same username than another actor name
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
0e1dc3e7
C		 1/* tslint:disable:no-unused-expression */
2
26d21b78 3import { omit } from 'lodash'
0e1dc3e7 4import 'mocha'
47564bbe 5import { join } from 'path'
26d21b78 6import { UserRole } from '../../../../shared'
0e1dc3e7
C		 7
8import {
26d21b78 9 createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
ac81d1a0 10 makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
47564bbe 11 updateUser, uploadVideo, userLogin
0e1dc3e7 12} from '../../utils'
26d21b78 13import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
0e1dc3e7
C		 14
15describe('Test users API validators', function () {
16 const path = '/api/v1/users/'
17 let userId: number
18 let rootId: number
19 let videoId: number
20 let server: ServerInfo
21 let serverWithRegistrationDisabled: ServerInfo
22 let userAccessToken = ''
f8b8c36b
C		 23 const user = {
24 username: 'user1',
25 password: 'my super password'
26 }
0e1dc3e7
C		 27
28 // ---------------------------------------------------------------
29
30 before(async function () {
e212f887 31 this.timeout(30000)
0e1dc3e7
C		 32
33 await flushTests()
34
35 server = await runServer(1)
36 serverWithRegistrationDisabled = await runServer(2)
37
38 await setAccessTokensToServers([ server ])
39
26d21b78
C		 40 const videoQuota = 42000000
41 await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
eec63bbc 42 userAccessToken = await userLogin(server, user)
26d21b78
C		 43
44 const res = await uploadVideo(server.url, server.accessToken, {})
45 videoId = res.body.video.id
0e1dc3e7
C		 46 })
47
48 describe('When listing users', function () {
49 it('Should fail with a bad start pagination', async function () {
26d21b78 50 await checkBadStartPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 51 })
52
53 it('Should fail with a bad count pagination', async function () {
26d21b78 54 await checkBadCountPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 55 })
56
57 it('Should fail with an incorrect sort', async function () {
26d21b78 58 await checkBadSortPagination(server.url, path, server.accessToken)
0e1dc3e7 59 })
86d13ec2
C		 60
61 it('Should fail with a non authenticated user', async function () {
26d21b78
C		 62 await makeGetRequest({
63 url: server.url,
64 path,
65 statusCodeExpected: 401
66 })
86d13ec2
C		 67 })
68
69 it('Should fail with a non admin user', async function () {
26d21b78
C		 70 await makeGetRequest({
71 url: server.url,
72 path,
73 token: userAccessToken,
74 statusCodeExpected: 403
75 })
86d13ec2 76 })
0e1dc3e7
C		 77 })
78
79 describe('When adding a new user', function () {
26d21b78
C		 80 const baseCorrectParams = {
81 username: 'user2',
82 email: 'test@example.com',
83 password: 'my super password',
84 videoQuota: -1,
85 role: UserRole.USER
86 }
87
0e1dc3e7 88 it('Should fail with a too small username', async function () {
26d21b78 89 const fields = immutableAssign(baseCorrectParams, { username: 'fi' })
0e1dc3e7
C		 90
91 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
92 })
93
94 it('Should fail with a too long username', async function () {
26d21b78 95 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
0e1dc3e7
C		 96
97 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
98 })
99
563d032e 100 it('Should fail with a not lowercase username', async function () {
26d21b78 101 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
563d032e
C		 102
103 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
104 })
105
0e1dc3e7 106 it('Should fail with an incorrect username', async function () {
26d21b78 107 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
0e1dc3e7
C		 108
109 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
110 })
111
112 it('Should fail with a missing email', async function () {
26d21b78 113 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 114
115 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
116 })
117
118 it('Should fail with an invalid email', async function () {
26d21b78 119 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
0e1dc3e7
C		 120
121 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
122 })
123
124 it('Should fail with a too small password', async function () {
26d21b78 125 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
0e1dc3e7
C		 126
127 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
128 })
129
130 it('Should fail with a too long password', async function () {
26d21b78 131 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
0e1dc3e7
C		 132
133 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
134 })
135
136 it('Should fail with an non authenticated user', async function () {
26d21b78
C		 137 await makePostBodyRequest({
138 url: server.url,
139 path,
140 token: 'super token',
141 fields: baseCorrectParams,
142 statusCodeExpected: 401
143 })
0e1dc3e7
C		 144 })
145
146 it('Should fail if we add a user with the same username', async function () {
26d21b78 147 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
0e1dc3e7
C		 148
149 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
150 })
151
152 it('Should fail if we add a user with the same email', async function () {
26d21b78 153 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
0e1dc3e7
C		 154
155 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
156 })
157
77a5501f 158 it('Should fail without a videoQuota', async function () {
26d21b78 159 const fields = omit(baseCorrectParams, 'videoQuota')
77a5501f
C		 160
161 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
162 })
163
164 it('Should fail with an invalid videoQuota', async function () {
26d21b78 165 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
757f0da3
C		 166
167 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
168 })
169
170 it('Should fail without a user role', async function () {
26d21b78 171 const fields = omit(baseCorrectParams, 'role')
757f0da3
C		 172
173 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
174 })
175
176 it('Should fail with an invalid user role', async function () {
26d21b78 177 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
77a5501f
C		 178
179 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
180 })
181
2ef6a063
C		 182 it('Should fail with a "peertube" username', async function () {
183 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
184
185 await makePostBodyRequest({
186 url: server.url,
187 path,
188 token: server.accessToken,
189 fields,
190 statusCodeExpected: 409
191 })
192 })
193
0e1dc3e7 194 it('Should succeed with the correct params', async function () {
26d21b78
C		 195 await makePostBodyRequest({
196 url: server.url,
197 path,
198 token: server.accessToken,
199 fields: baseCorrectParams,
f05a1c30 200 statusCodeExpected: 200
26d21b78 201 })
0e1dc3e7
C		 202 })
203
204 it('Should fail with a non admin user', async function () {
26d21b78 205 const user = {
0e1dc3e7 206 username: 'user1',
0e1dc3e7
C		 207 password: 'my super password'
208 }
26d21b78 209 userAccessToken = await userLogin(server, user)
0e1dc3e7 210
0e1dc3e7
C		 211 const fields = {
212 username: 'user3',
213 email: 'test@example.com',
77a5501f
C		 214 password: 'my super password',
215 videoQuota: 42000000
0e1dc3e7
C		 216 }
217 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
218 })
219 })
220
77a5501f
C		 221 describe('When updating my account', function () {
222 it('Should fail with an invalid email attribute', async function () {
223 const fields = {
224 email: 'blabla'
225 }
0e1dc3e7 226
77a5501f 227 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 228 })
229
230 it('Should fail with a too small password', async function () {
231 const fields = {
232 password: 'bla'
233 }
234
77a5501f 235 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 236 })
237
238 it('Should fail with a too long password', async function () {
239 const fields = {
26d21b78 240 password: 'super'.repeat(61)
0e1dc3e7
C		 241 }
242
77a5501f 243 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 244 })
245
0883b324 246 it('Should fail with an invalid NSFW policy attribute', async function () {
0e1dc3e7 247 const fields = {
0883b324 248 nsfwPolicy: 'hello'
0e1dc3e7
C		 249 }
250
77a5501f 251 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 252 })
253
7efe153b
AL		 254 it('Should fail with an invalid autoPlayVideo attribute', async function () {
255 const fields = {
256 autoPlayVideo: -1
257 }
258
259 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
260 })
261
0e1dc3e7
C		 262 it('Should fail with an non authenticated user', async function () {
263 const fields = {
264 password: 'my super password'
265 }
266
77a5501f 267 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
0e1dc3e7
C		 268 })
269
2422c46b
C		 270 it('Should fail with a too long description', async function () {
271 const fields = {
272 description: 'super'.repeat(60)
273 }
274
275 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
276 })
277
0e1dc3e7
C		 278 it('Should succeed with the correct params', async function () {
279 const fields = {
280 password: 'my super password',
0883b324 281 nsfwPolicy: 'blur',
7efe153b 282 autoPlayVideo: false,
77a5501f 283 email: 'super_email@example.com'
0e1dc3e7
C		 284 }
285
77a5501f
C		 286 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
287 })
288 })
289
c5911fd3
C		 290 describe('When updating my avatar', function () {
291 it('Should fail without an incorrect input file', async function () {
292 const fields = {}
293 const attaches = {
99d10301 294 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
c5911fd3 295 }
ac81d1a0 296 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
c5911fd3
C		 297 })
298
01de67b9
C		 299 it('Should fail with a big file', async function () {
300 const fields = {}
301 const attaches = {
99d10301 302 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
01de67b9 303 }
ac81d1a0 304 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
01de67b9
C		 305 })
306
c5911fd3
C		 307 it('Should succeed with the correct params', async function () {
308 const fields = {}
309 const attaches = {
99d10301 310 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
c5911fd3 311 }
ac81d1a0 312 await makeUploadRequest({
47564bbe
C		 313 url: server.url,
314 path: path + '/me/avatar/pick',
315 token: server.accessToken,
316 fields,
317 attaches,
318 statusCodeExpected: 200
319 })
c5911fd3
C		 320 })
321 })
322
94ff4c23
C		 323 describe('When getting a user', function () {
324 before(async function () {
325 const res = await getUsersList(server.url, server.accessToken)
326
327 userId = res.body.data[1].id
328 })
329
330 it('Should fail with an non authenticated user', async function () {
331 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
332 })
333
334 it('Should fail with a non admin user', async function () {
335 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
336 })
337
338 it('Should succeed with the correct params', async function () {
339 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
340 })
341 })
342
77a5501f
C		 343 describe('When updating a user', function () {
344
345 before(async function () {
86d13ec2 346 const res = await getUsersList(server.url, server.accessToken)
77a5501f
C		 347
348 userId = res.body.data[1].id
349 rootId = res.body.data[2].id
350 })
351
352 it('Should fail with an invalid email attribute', async function () {
353 const fields = {
354 email: 'blabla'
355 }
356
357 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
358 })
359
360 it('Should fail with an invalid videoQuota attribute', async function () {
361 const fields = {
362 videoQuota: -90
363 }
364
365 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
366 })
367
757f0da3
C		 368 it('Should fail with an invalid user role attribute', async function () {
369 const fields = {
370 role: 54878
371 }
372
373 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
374 })
375
77a5501f
C		 376 it('Should fail with an non authenticated user', async function () {
377 const fields = {
378 videoQuota: 42
379 }
380
381 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
382 })
383
f8b8c36b
C		 384 it('Should fail when updating root role', async function () {
385 const fields = {
386 role: UserRole.MODERATOR
387 }
388
389 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
390 })
391
77a5501f
C		 392 it('Should succeed with the correct params', async function () {
393 const fields = {
394 email: 'email@example.com',
757f0da3
C		 395 videoQuota: 42,
396 role: UserRole.MODERATOR
77a5501f
C		 397 }
398
399 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
f8b8c36b 400 userAccessToken = await userLogin(server, user)
0e1dc3e7
C		 401 })
402 })
403
404 describe('When getting my information', function () {
405 it('Should fail with a non authenticated user', async function () {
26d21b78 406 await getMyUserInformation(server.url, 'fake_token', 401)
0e1dc3e7
C		 407 })
408
409 it('Should success with the correct parameters', async function () {
26d21b78 410 await getMyUserInformation(server.url, userAccessToken)
0e1dc3e7
C		 411 })
412 })
413
414 describe('When getting my video rating', function () {
415 it('Should fail with a non authenticated user', async function () {
26d21b78 416 await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
0e1dc3e7
C		 417 })
418
419 it('Should fail with an incorrect video uuid', async function () {
26d21b78 420 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
0e1dc3e7
C		 421 })
422
423 it('Should fail with an unknown video', async function () {
26d21b78 424 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
0e1dc3e7
C		 425 })
426
26d21b78
C		 427 it('Should succeed with the correct parameters', async function () {
428 await getMyUserVideoRating(server.url, server.accessToken, videoId)
0e1dc3e7
C		 429 })
430 })
431
432 describe('When removing an user', function () {
433 it('Should fail with an incorrect id', async function () {
26d21b78 434 await removeUser(server.url, 'blabla', server.accessToken, 400)
0e1dc3e7
C		 435 })
436
437 it('Should fail with the root user', async function () {
26d21b78 438 await removeUser(server.url, rootId, server.accessToken, 400)
0e1dc3e7
C		 439 })
440
441 it('Should return 404 with a non existing id', async function () {
26d21b78 442 await removeUser(server.url, 4545454, server.accessToken, 404)
0e1dc3e7
C		 443 })
444 })
445
446 describe('When register a new user', function () {
447 const registrationPath = path + '/register'
26d21b78
C		 448 const baseCorrectParams = {
449 username: 'user3',
450 email: 'test3@example.com',
451 password: 'my super password'
452 }
0e1dc3e7
C		 453
454 it('Should fail with a too small username', async function () {
26d21b78 455 const fields = immutableAssign(baseCorrectParams, { username: 'ji' })
0e1dc3e7
C		 456
457 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
458 })
459
460 it('Should fail with a too long username', async function () {
26d21b78 461 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
0e1dc3e7
C		 462
463 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
464 })
465
466 it('Should fail with an incorrect username', async function () {
26d21b78 467 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
0e1dc3e7
C		 468
469 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
470 })
471
472 it('Should fail with a missing email', async function () {
26d21b78 473 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 474
475 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
476 })
477
478 it('Should fail with an invalid email', async function () {
26d21b78 479 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
0e1dc3e7
C		 480
481 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
482 })
483
484 it('Should fail with a too small password', async function () {
26d21b78 485 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
0e1dc3e7
C		 486
487 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
488 })
489
490 it('Should fail with a too long password', async function () {
26d21b78 491 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
0e1dc3e7
C		 492
493 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
494 })
495
496 it('Should fail if we register a user with the same username', async function () {
26d21b78 497 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
0e1dc3e7 498
26d21b78
C		 499 await makePostBodyRequest({
500 url: server.url,
501 path: registrationPath,
502 token: server.accessToken,
503 fields,
504 statusCodeExpected: 409
505 })
0e1dc3e7
C		 506 })
507
2ef6a063
C		 508 it('Should fail with a "peertube" username', async function () {
509 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
510
511 await makePostBodyRequest({
512 url: server.url,
513 path: registrationPath,
514 token: server.accessToken,
515 fields,
516 statusCodeExpected: 409
517 })
518 })
519
0e1dc3e7 520 it('Should fail if we register a user with the same email', async function () {
26d21b78 521 const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
0e1dc3e7 522
26d21b78
C		 523 await makePostBodyRequest({
524 url: server.url,
525 path: registrationPath,
526 token: server.accessToken,
527 fields,
528 statusCodeExpected: 409
529 })
0e1dc3e7
C		 530 })
531
532 it('Should succeed with the correct params', async function () {
26d21b78
C		 533 await makePostBodyRequest({
534 url: server.url,
535 path: registrationPath,
536 token: server.accessToken,
537 fields: baseCorrectParams,
538 statusCodeExpected: 204
539 })
0e1dc3e7
C		 540 })
541
542 it('Should fail on a server with registration disabled', async function () {
543 const fields = {
544 username: 'user4',
545 email: 'test4@example.com',
546 password: 'my super password 4'
547 }
548
549 await makePostBodyRequest({
550 url: serverWithRegistrationDisabled.url,
551 path: registrationPath,
552 token: serverWithRegistrationDisabled.accessToken,
553 fields,
554 statusCodeExpected: 403
555 })
556 })
557 })
558
559 describe('When registering multiple users on a server with users limit', function () {
560 it('Should fail when after 3 registrations', async function () {
561 await registerUser(server.url, 'user42', 'super password', 403)
562 })
563 })
564
77a5501f
C		 565 describe('When having a video quota', function () {
566 it('Should fail with a user having too many video', async function () {
26d21b78
C		 567 await updateUser({
568 url: server.url,
569 userId: rootId,
570 accessToken: server.accessToken,
77a5501f 571 videoQuota: 42
26d21b78 572 })
77a5501f 573
26d21b78 574 await uploadVideo(server.url, server.accessToken, {}, 403)
77a5501f
C		 575 })
576
577 it('Should fail with a registered user having too many video', async function () {
ba12e8b3 578 this.timeout(15000)
77a5501f 579
26d21b78 580 const user = {
77a5501f 581 username: 'user3',
77a5501f
C		 582 password: 'my super password'
583 }
26d21b78 584 userAccessToken = await userLogin(server, user)
77a5501f
C		 585
586 const videoAttributes = { fixture: 'video_short2.webm' }
587 await uploadVideo(server.url, userAccessToken, videoAttributes)
588 await uploadVideo(server.url, userAccessToken, videoAttributes)
589 await uploadVideo(server.url, userAccessToken, videoAttributes)
590 await uploadVideo(server.url, userAccessToken, videoAttributes)
591 await uploadVideo(server.url, userAccessToken, videoAttributes)
592 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
593 })
594 })
595
f076daa7
C		 596 describe('When asking a password reset', function () {
597 const path = '/api/v1/users/ask-reset-password'
598
599 it('Should fail with a missing email', async function () {
600 const fields = {}
601
602 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
603 })
604
605 it('Should fail with an invalid email', async function () {
606 const fields = { email: 'hello' }
607
608 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
609 })
610
611 it('Should success with the correct params', async function () {
612 const fields = { email: 'admin@example.com' }
613
614 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
615 })
616 })
617
0e1dc3e7
C		 618 after(async function () {
619 killallServers([ server, serverWithRegistrationDisabled ])
620
621 // Keep the logs if the test failed
622 if (this['ok']) {
623 await flushTests()
624 }
625 })
626})
ActivityPub-federated video streaming platform using P2P directly in your web browser