]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Improve check services parameters tests
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
0e1dc3e7
C		 1/* tslint:disable:no-unused-expression */
2
3import * as request from 'supertest'
4import 'mocha'
5
6import {
7 ServerInfo,
8 flushTests,
9 runServer,
10 uploadVideo,
11 getVideosList,
12 makePutBodyRequest,
13 createUser,
eec63bbc 14 serverLogin,
0e1dc3e7
C		 15 getUsersList,
16 registerUser,
17 setAccessTokensToServers,
18 killallServers,
19 makePostBodyRequest,
eec63bbc 20 userLogin
0e1dc3e7 21} from '../../utils'
757f0da3 22import { UserRole } from '../../../../shared'
0e1dc3e7
C		 23
24describe('Test users API validators', function () {
25 const path = '/api/v1/users/'
26 let userId: number
27 let rootId: number
28 let videoId: number
29 let server: ServerInfo
30 let serverWithRegistrationDisabled: ServerInfo
31 let userAccessToken = ''
32
33 // ---------------------------------------------------------------
34
35 before(async function () {
36 this.timeout(120000)
37
38 await flushTests()
39
40 server = await runServer(1)
41 serverWithRegistrationDisabled = await runServer(2)
42
43 await setAccessTokensToServers([ server ])
44
45 const username = 'user1'
46 const password = 'my super password'
77a5501f
C		 47 const videoQuota = 42000000
48 await createUser(server.url, server.accessToken, username, password, videoQuota)
0e1dc3e7
C		 49
50 const videoAttributes = {}
51 await uploadVideo(server.url, server.accessToken, videoAttributes)
52
53 const res = await getVideosList(server.url)
54 const videos = res.body.data
55 videoId = videos[0].id
56
57 const user = {
58 username: 'user1',
59 password: 'my super password'
60 }
eec63bbc 61 userAccessToken = await userLogin(server, user)
0e1dc3e7
C		 62 })
63
64 describe('When listing users', function () {
65 it('Should fail with a bad start pagination', async function () {
66 await request(server.url)
67 .get(path)
68 .query({ start: 'hello' })
69 .set('Accept', 'application/json')
86d13ec2 70 .set('Authorization', 'Bearer ' + server.accessToken)
0e1dc3e7
C		 71 .expect(400)
72 })
73
74 it('Should fail with a bad count pagination', async function () {
75 await request(server.url)
76 .get(path)
77 .query({ count: 'hello' })
78 .set('Accept', 'application/json')
86d13ec2 79 .set('Authorization', 'Bearer ' + server.accessToken)
0e1dc3e7
C		 80 .expect(400)
81 })
82
83 it('Should fail with an incorrect sort', async function () {
84 await request(server.url)
85 .get(path)
86 .query({ sort: 'hello' })
87 .set('Accept', 'application/json')
86d13ec2 88 .set('Authorization', 'Bearer ' + server.accessToken)
0e1dc3e7
C		 89 .expect(400)
90 })
86d13ec2
C		 91
92 it('Should fail with a non authenticated user', async function () {
93 await request(server.url)
94 .get(path)
95 .set('Accept', 'application/json')
96 .expect(401)
97 })
98
99 it('Should fail with a non admin user', async function () {
100 await request(server.url)
101 .get(path)
102 .set('Accept', 'application/json')
103 .set('Authorization', 'Bearer ' + userAccessToken)
104 .expect(403)
105 })
0e1dc3e7
C		 106 })
107
108 describe('When adding a new user', function () {
109 it('Should fail with a too small username', async function () {
110 const fields = {
111 username: 'ji',
112 email: 'test@example.com',
77a5501f 113 password: 'my_super_password',
757f0da3 114 role: UserRole.USER,
77a5501f 115 videoQuota: 42000000
0e1dc3e7
C		 116 }
117
118 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
119 })
120
121 it('Should fail with a too long username', async function () {
122 const fields = {
123 username: 'my_super_username_which_is_very_long',
124 email: 'test@example.com',
77a5501f 125 password: 'my_super_password',
757f0da3
C		 126 videoQuota: 42000000,
127 role: UserRole.USER
0e1dc3e7
C		 128 }
129
130 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
131 })
132
563d032e
C		 133 it('Should fail with a not lowercase username', async function () {
134 const fields = {
135 username: 'Toto',
136 email: 'test@example.com',
137 password: 'my_super_password',
138 videoQuota: 42000000,
139 role: UserRole.USER
140 }
141
142 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
143 })
144
0e1dc3e7
C		 145 it('Should fail with an incorrect username', async function () {
146 const fields = {
147 username: 'my username',
148 email: 'test@example.com',
77a5501f 149 password: 'my_super_password',
757f0da3
C		 150 videoQuota: 42000000,
151 role: UserRole.USER
0e1dc3e7
C		 152 }
153
154 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
155 })
156
157 it('Should fail with a missing email', async function () {
158 const fields = {
159 username: 'ji',
77a5501f 160 password: 'my_super_password',
757f0da3
C		 161 videoQuota: 42000000,
162 role: UserRole.USER
0e1dc3e7
C		 163 }
164
165 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
166 })
167
168 it('Should fail with an invalid email', async function () {
169 const fields = {
170 username: 'my_super_username_which_is_very_long',
171 email: 'test_example.com',
77a5501f 172 password: 'my_super_password',
757f0da3
C		 173 videoQuota: 42000000,
174 role: UserRole.USER
0e1dc3e7
C		 175 }
176
177 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
178 })
179
180 it('Should fail with a too small password', async function () {
181 const fields = {
182 username: 'my_username',
183 email: 'test@example.com',
77a5501f 184 password: 'bla',
757f0da3
C		 185 videoQuota: 42000000,
186 role: UserRole.USER
0e1dc3e7
C		 187 }
188
189 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
190 })
191
192 it('Should fail with a too long password', async function () {
193 const fields = {
194 username: 'my_username',
195 email: 'test@example.com',
196 password: 'my super long password which is very very very very very very very very very very very very very very' +
197 'very very very very very very very very very very very very very very very veryv very very very very' +
77a5501f 198 'very very very very very very very very very very very very very very very very very very very very long',
757f0da3
C		 199 videoQuota: 42000000,
200 role: UserRole.USER
0e1dc3e7
C		 201 }
202
203 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
204 })
205
206 it('Should fail with an non authenticated user', async function () {
207 const fields = {
208 username: 'my_username',
209 email: 'test@example.com',
77a5501f 210 password: 'my super password',
757f0da3
C		 211 videoQuota: 42000000,
212 role: UserRole.USER
0e1dc3e7
C		 213 }
214
215 await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
216 })
217
218 it('Should fail if we add a user with the same username', async function () {
219 const fields = {
220 username: 'user1',
221 email: 'test@example.com',
77a5501f 222 password: 'my super password',
757f0da3
C		 223 videoQuota: 42000000,
224 role: UserRole.USER
0e1dc3e7
C		 225 }
226
227 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
228 })
229
230 it('Should fail if we add a user with the same email', async function () {
231 const fields = {
232 username: 'my_username',
233 email: 'user1@example.com',
77a5501f 234 password: 'my super password',
757f0da3
C		 235 videoQuota: 42000000,
236 role: UserRole.USER
0e1dc3e7
C		 237 }
238
239 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
240 })
241
77a5501f
C		 242 it('Should fail without a videoQuota', async function () {
243 const fields = {
244 username: 'my_username',
245 email: 'user1@example.com',
757f0da3
C		 246 password: 'my super password',
247 role: UserRole.USER
77a5501f
C		 248 }
249
250 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
251 })
252
253 it('Should fail with an invalid videoQuota', async function () {
254 const fields = {
255 username: 'my_username',
256 email: 'user1@example.com',
257 password: 'my super password',
757f0da3
C		 258 videoQuota: -5,
259 role: UserRole.USER
260 }
261
262 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
263 })
264
265 it('Should fail without a user role', async function () {
266 const fields = {
267 username: 'my_username',
268 email: 'user1@example.com',
269 password: 'my super password',
270 videoQuota: 0
271 }
272
273 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
274 })
275
276 it('Should fail with an invalid user role', async function () {
277 const fields = {
278 username: 'my_username',
279 email: 'user1@example.com',
280 password: 'my super password',
281 videoQuota: 0,
282 role: 88989
77a5501f
C		 283 }
284
285 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
286 })
287
0e1dc3e7
C		 288 it('Should succeed with the correct params', async function () {
289 const fields = {
290 username: 'user2',
291 email: 'test@example.com',
77a5501f 292 password: 'my super password',
757f0da3
C		 293 videoQuota: -1,
294 role: UserRole.USER
0e1dc3e7
C		 295 }
296
297 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
298 })
299
300 it('Should fail with a non admin user', async function () {
301 server.user = {
302 username: 'user1',
303 email: 'test@example.com',
304 password: 'my super password'
305 }
306
eec63bbc 307 userAccessToken = await serverLogin(server)
0e1dc3e7
C		 308 const fields = {
309 username: 'user3',
310 email: 'test@example.com',
77a5501f
C		 311 password: 'my super password',
312 videoQuota: 42000000
0e1dc3e7
C		 313 }
314 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
315 })
316 })
317
77a5501f
C		 318 describe('When updating my account', function () {
319 it('Should fail with an invalid email attribute', async function () {
320 const fields = {
321 email: 'blabla'
322 }
0e1dc3e7 323
77a5501f 324 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 325 })
326
327 it('Should fail with a too small password', async function () {
328 const fields = {
329 password: 'bla'
330 }
331
77a5501f 332 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 333 })
334
335 it('Should fail with a too long password', async function () {
336 const fields = {
337 password: 'my super long password which is very very very very very very very very very very very very very very' +
338 'very very very very very very very very very very very very very very very veryv very very very very' +
339 'very very very very very very very very very very very very very very very very very very very very long'
340 }
341
77a5501f 342 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 343 })
344
345 it('Should fail with an invalid display NSFW attribute', async function () {
346 const fields = {
347 displayNSFW: -1
348 }
349
77a5501f 350 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 351 })
352
7efe153b
AL		 353 it('Should fail with an invalid autoPlayVideo attribute', async function () {
354 const fields = {
355 autoPlayVideo: -1
356 }
357
358 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
359 })
360
0e1dc3e7
C		 361 it('Should fail with an non authenticated user', async function () {
362 const fields = {
363 password: 'my super password'
364 }
365
77a5501f 366 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
0e1dc3e7
C		 367 })
368
369 it('Should succeed with the correct params', async function () {
370 const fields = {
371 password: 'my super password',
77a5501f 372 displayNSFW: true,
7efe153b 373 autoPlayVideo: false,
77a5501f 374 email: 'super_email@example.com'
0e1dc3e7
C		 375 }
376
77a5501f
C		 377 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
378 })
379 })
380
381 describe('When updating a user', function () {
382
383 before(async function () {
86d13ec2 384 const res = await getUsersList(server.url, server.accessToken)
77a5501f
C		 385
386 userId = res.body.data[1].id
387 rootId = res.body.data[2].id
388 })
389
390 it('Should fail with an invalid email attribute', async function () {
391 const fields = {
392 email: 'blabla'
393 }
394
395 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
396 })
397
398 it('Should fail with an invalid videoQuota attribute', async function () {
399 const fields = {
400 videoQuota: -90
401 }
402
403 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
404 })
405
757f0da3
C		 406 it('Should fail with an invalid user role attribute', async function () {
407 const fields = {
408 role: 54878
409 }
410
411 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
412 })
413
77a5501f
C		 414 it('Should fail with an non authenticated user', async function () {
415 const fields = {
416 videoQuota: 42
417 }
418
419 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
420 })
421
422 it('Should succeed with the correct params', async function () {
423 const fields = {
424 email: 'email@example.com',
757f0da3
C		 425 videoQuota: 42,
426 role: UserRole.MODERATOR
77a5501f
C		 427 }
428
429 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
0e1dc3e7
C		 430 })
431 })
432
433 describe('When getting my information', function () {
434 it('Should fail with a non authenticated user', async function () {
435 await request(server.url)
436 .get(path + 'me')
437 .set('Authorization', 'Bearer fake_token')
438 .set('Accept', 'application/json')
439 .expect(401)
440 })
441
442 it('Should success with the correct parameters', async function () {
443 await request(server.url)
444 .get(path + 'me')
445 .set('Authorization', 'Bearer ' + userAccessToken)
446 .set('Accept', 'application/json')
447 .expect(200)
448 })
449 })
450
451 describe('When getting my video rating', function () {
452 it('Should fail with a non authenticated user', async function () {
453 await request(server.url)
454 .get(path + 'me/videos/' + videoId + '/rating')
455 .set('Authorization', 'Bearer fake_token')
456 .set('Accept', 'application/json')
457 .expect(401)
458 })
459
460 it('Should fail with an incorrect video uuid', async function () {
461 await request(server.url)
462 .get(path + 'me/videos/blabla/rating')
463 .set('Authorization', 'Bearer ' + userAccessToken)
464 .set('Accept', 'application/json')
465 .expect(400)
466 })
467
468 it('Should fail with an unknown video', async function () {
469 await request(server.url)
470 .get(path + 'me/videos/4da6fde3-88f7-4d16-b119-108df5630b06/rating')
471 .set('Authorization', 'Bearer ' + userAccessToken)
472 .set('Accept', 'application/json')
473 .expect(404)
474 })
475
476 it('Should success with the correct parameters', async function () {
477 await request(server.url)
478 .get(path + 'me/videos/' + videoId + '/rating')
479 .set('Authorization', 'Bearer ' + userAccessToken)
480 .set('Accept', 'application/json')
481 .expect(200)
482 })
483 })
484
485 describe('When removing an user', function () {
486 it('Should fail with an incorrect id', async function () {
487 await request(server.url)
488 .delete(path + 'bla-bla')
489 .set('Authorization', 'Bearer ' + server.accessToken)
490 .expect(400)
491 })
492
493 it('Should fail with the root user', async function () {
494 await request(server.url)
495 .delete(path + rootId)
496 .set('Authorization', 'Bearer ' + server.accessToken)
497 .expect(400)
498 })
499
500 it('Should return 404 with a non existing id', async function () {
501 await request(server.url)
502 .delete(path + '45')
503 .set('Authorization', 'Bearer ' + server.accessToken)
504 .expect(404)
505 })
506 })
507
508 describe('When removing an user', function () {
509 it('Should fail with an incorrect id', async function () {
510 await request(server.url)
511 .delete(path + 'bla-bla')
512 .set('Authorization', 'Bearer ' + server.accessToken)
513 .expect(400)
514 })
515
516 it('Should fail with the root user', async function () {
517 await request(server.url)
518 .delete(path + rootId)
519 .set('Authorization', 'Bearer ' + server.accessToken)
520 .expect(400)
521 })
522
523 it('Should return 404 with a non existing id', async function () {
524 await request(server.url)
525 .delete(path + '45')
526 .set('Authorization', 'Bearer ' + server.accessToken)
527 .expect(404)
528 })
529 })
530
531 describe('When register a new user', function () {
532 const registrationPath = path + '/register'
533
534 it('Should fail with a too small username', async function () {
535 const fields = {
536 username: 'ji',
537 email: 'test@example.com',
538 password: 'my_super_password'
539 }
540
541 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
542 })
543
544 it('Should fail with a too long username', async function () {
545 const fields = {
546 username: 'my_super_username_which_is_very_long',
547 email: 'test@example.com',
548 password: 'my_super_password'
549 }
550
551 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
552 })
553
554 it('Should fail with an incorrect username', async function () {
555 const fields = {
556 username: 'my username',
557 email: 'test@example.com',
558 password: 'my_super_password'
559 }
560
561 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
562 })
563
564 it('Should fail with a missing email', async function () {
565 const fields = {
566 username: 'ji',
567 password: 'my_super_password'
568 }
569
570 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
571 })
572
573 it('Should fail with an invalid email', async function () {
574 const fields = {
575 username: 'my_super_username_which_is_very_long',
576 email: 'test_example.com',
577 password: 'my_super_password'
578 }
579
580 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
581 })
582
583 it('Should fail with a too small password', async function () {
584 const fields = {
585 username: 'my_username',
586 email: 'test@example.com',
587 password: 'bla'
588 }
589
590 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
591 })
592
593 it('Should fail with a too long password', async function () {
594 const fields = {
595 username: 'my_username',
596 email: 'test@example.com',
597 password: 'my super long password which is very very very very very very very very very very very very very very' +
598 'very very very very very very very very very very very very very very very veryv very very very very' +
599 'very very very very very very very very very very very very very very very very very very very very long'
600 }
601
602 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
603 })
604
605 it('Should fail if we register a user with the same username', async function () {
606 const fields = {
607 username: 'root',
608 email: 'test@example.com',
609 password: 'my super password'
610 }
611
612 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
613 })
614
615 it('Should fail if we register a user with the same email', async function () {
616 const fields = {
617 username: 'my_username',
618 email: 'admin1@example.com',
619 password: 'my super password'
620 }
621
622 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
623 })
624
625 it('Should succeed with the correct params', async function () {
626 const fields = {
627 username: 'user3',
628 email: 'test3@example.com',
629 password: 'my super password'
630 }
631
632 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 204 })
633 })
634
635 it('Should fail on a server with registration disabled', async function () {
636 const fields = {
637 username: 'user4',
638 email: 'test4@example.com',
639 password: 'my super password 4'
640 }
641
642 await makePostBodyRequest({
643 url: serverWithRegistrationDisabled.url,
644 path: registrationPath,
645 token: serverWithRegistrationDisabled.accessToken,
646 fields,
647 statusCodeExpected: 403
648 })
649 })
650 })
651
652 describe('When registering multiple users on a server with users limit', function () {
653 it('Should fail when after 3 registrations', async function () {
654 await registerUser(server.url, 'user42', 'super password', 403)
655 })
656 })
657
77a5501f
C		 658 describe('When having a video quota', function () {
659 it('Should fail with a user having too many video', async function () {
660 const fields = {
661 videoQuota: 42
662 }
663
664 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields, statusCodeExpected: 204 })
665
666 const videoAttributes = {}
667 await uploadVideo(server.url, server.accessToken, videoAttributes, 403)
668 })
669
670 it('Should fail with a registered user having too many video', async function () {
671 this.timeout(10000)
672
673 server.user = {
674 username: 'user3',
675 email: 'test3@example.com',
676 password: 'my super password'
677 }
eec63bbc 678 userAccessToken = await serverLogin(server)
77a5501f
C		 679
680 const videoAttributes = { fixture: 'video_short2.webm' }
681 await uploadVideo(server.url, userAccessToken, videoAttributes)
682 await uploadVideo(server.url, userAccessToken, videoAttributes)
683 await uploadVideo(server.url, userAccessToken, videoAttributes)
684 await uploadVideo(server.url, userAccessToken, videoAttributes)
685 await uploadVideo(server.url, userAccessToken, videoAttributes)
686 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
687 })
688 })
689
0e1dc3e7
C		 690 after(async function () {
691 killallServers([ server, serverWithRegistrationDisabled ])
692
693 // Keep the logs if the test failed
694 if (this['ok']) {
695 await flushTests()
696 }
697 })
698})
ActivityPub-federated video streaming platform using P2P directly in your web browser