]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Reorganize imports
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
a1587156 1/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
0e1dc3e7 2
0e1dc3e7 3import 'mocha'
b488ba1e 4import { omit } from 'lodash'
0e1dc3e7 5import {
3d470a53 6 buildAbsoluteFixturePath,
d23dd9fb
C		 7 checkBadCountPagination,
8 checkBadSortPagination,
9 checkBadStartPagination,
7c3b7976 10 cleanupTests,
254d3579 11 createSingleServer,
45f1bd72 12 killallServers,
42e1ec25
C		 13 makeGetRequest,
14 makePostBodyRequest,
15 makePutBodyRequest,
16 makeUploadRequest,
d23dd9fb 17 MockSmtpServer,
254d3579 18 PeerTubeServer,
42e1ec25 19 setAccessTokensToServers,
7926c5f9 20 UsersCommand
d23dd9fb 21} from '@shared/extra-utils'
4c7e60bc 22import { HttpStatusCode, UserAdminFlag, UserRole, VideoCreateResult } from '@shared/models'
0e1dc3e7
C		 23
24describe('Test users API validators', function () {
25 const path = '/api/v1/users/'
26 let userId: number
27 let rootId: number
a95a4cc8 28 let moderatorId: number
d4a8e7a6 29 let video: VideoCreateResult
254d3579
C		 30 let server: PeerTubeServer
31 let serverWithRegistrationDisabled: PeerTubeServer
7926c5f9
C		 32 let userToken = ''
33 let moderatorToken = ''
45f1bd72
JL		 34 let emailPort: number
35 let overrideConfig: Object
0e1dc3e7
C		 36
37 // ---------------------------------------------------------------
38
39 before(async function () {
e212f887 40 this.timeout(30000)
0e1dc3e7 41
45f1bd72
JL		 42 const emails: object[] = []
43 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
44
45 overrideConfig = { signup: { limit: 8 } }
46
a95a4cc8
C		 47 {
48 const res = await Promise.all([
254d3579
C		 49 createSingleServer(1, overrideConfig),
50 createSingleServer(2)
a95a4cc8 51 ])
0e1dc3e7 52
a95a4cc8
C		 53 server = res[0]
54 serverWithRegistrationDisabled = res[1]
0e1dc3e7 55
a95a4cc8
C		 56 await setAccessTokensToServers([ server ])
57 }
58
59 {
7926c5f9 60 const user = { username: 'user1' }
89d241a7
C		 61 await server.users.create({ ...user })
62 userToken = await server.login.getAccessToken(user)
a95a4cc8
C		 63 }
64
65 {
7926c5f9 66 const moderator = { username: 'moderator1' }
89d241a7
C		 67 await server.users.create({ ...moderator, role: UserRole.MODERATOR })
68 moderatorToken = await server.login.getAccessToken(moderator)
a95a4cc8
C		 69 }
70
71 {
7926c5f9 72 const moderator = { username: 'moderator2' }
89d241a7 73 await server.users.create({ ...moderator, role: UserRole.MODERATOR })
a95a4cc8 74 }
26d21b78 75
187501f8 76 {
89d241a7 77 video = await server.videos.upload()
187501f8 78 }
a95a4cc8
C		 79
80 {
89d241a7 81 const { data } = await server.users.list()
7926c5f9
C		 82 userId = data.find(u => u.username === 'user1').id
83 rootId = data.find(u => u.username === 'root').id
84 moderatorId = data.find(u => u.username === 'moderator2').id
a95a4cc8 85 }
0e1dc3e7
C		 86 })
87
88 describe('When listing users', function () {
89 it('Should fail with a bad start pagination', async function () {
26d21b78 90 await checkBadStartPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 91 })
92
93 it('Should fail with a bad count pagination', async function () {
26d21b78 94 await checkBadCountPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 95 })
96
97 it('Should fail with an incorrect sort', async function () {
26d21b78 98 await checkBadSortPagination(server.url, path, server.accessToken)
0e1dc3e7 99 })
86d13ec2
C		 100
101 it('Should fail with a non authenticated user', async function () {
26d21b78
C		 102 await makeGetRequest({
103 url: server.url,
104 path,
c0e8b12e 105 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
26d21b78 106 })
86d13ec2
C		 107 })
108
109 it('Should fail with a non admin user', async function () {
26d21b78
C		 110 await makeGetRequest({
111 url: server.url,
112 path,
7926c5f9 113 token: userToken,
c0e8b12e 114 expectedStatus: HttpStatusCode.FORBIDDEN_403
26d21b78 115 })
86d13ec2 116 })
0e1dc3e7
C		 117 })
118
119 describe('When adding a new user', function () {
26d21b78
C		 120 const baseCorrectParams = {
121 username: 'user2',
122 email: 'test@example.com',
123 password: 'my super password',
124 videoQuota: -1,
bee0abff 125 videoQuotaDaily: -1,
1eddc9a7 126 role: UserRole.USER,
3487330d 127 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
26d21b78
C		 128 }
129
0e1dc3e7 130 it('Should fail with a too small username', async function () {
6c5065a0 131 const fields = { ...baseCorrectParams, username: '' }
0e1dc3e7
C		 132
133 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
134 })
135
136 it('Should fail with a too long username', async function () {
6c5065a0 137 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
0e1dc3e7
C		 138
139 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
140 })
141
563d032e 142 it('Should fail with a not lowercase username', async function () {
6c5065a0 143 const fields = { ...baseCorrectParams, username: 'Toto' }
563d032e
C		 144
145 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
146 })
147
0e1dc3e7 148 it('Should fail with an incorrect username', async function () {
6c5065a0 149 const fields = { ...baseCorrectParams, username: 'my username' }
0e1dc3e7
C		 150
151 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
152 })
153
154 it('Should fail with a missing email', async function () {
26d21b78 155 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 156
157 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
158 })
159
160 it('Should fail with an invalid email', async function () {
6c5065a0 161 const fields = { ...baseCorrectParams, email: 'test_example.com' }
0e1dc3e7
C		 162
163 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
164 })
165
166 it('Should fail with a too small password', async function () {
6c5065a0 167 const fields = { ...baseCorrectParams, password: 'bla' }
0e1dc3e7
C		 168
169 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
170 })
171
172 it('Should fail with a too long password', async function () {
6c5065a0 173 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
0e1dc3e7
C		 174
175 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
176 })
177
45f1bd72 178 it('Should fail with empty password and no smtp configured', async function () {
6c5065a0 179 const fields = { ...baseCorrectParams, password: '' }
45f1bd72
JL		 180
181 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
182 })
183
184 it('Should succeed with no password on a server with smtp enabled', async function () {
f43db2f4 185 this.timeout(20000)
45f1bd72 186
9293139f 187 await killallServers([ server ])
45f1bd72 188
6c5065a0
C		 189 const config = {
190 ...overrideConfig,
191
45f1bd72
JL		 192 smtp: {
193 hostname: 'localhost',
194 port: emailPort
195 }
6c5065a0 196 }
254d3579 197 await server.run(config)
45f1bd72 198
6c5065a0
C		 199 const fields = {
200 ...baseCorrectParams,
201
45f1bd72
JL		 202 password: '',
203 username: 'create_password',
204 email: 'create_password@example.com'
6c5065a0 205 }
45f1bd72
JL		 206
207 await makePostBodyRequest({
208 url: server.url,
209 path: path,
210 token: server.accessToken,
211 fields,
c0e8b12e 212 expectedStatus: HttpStatusCode.OK_200
45f1bd72
JL		 213 })
214 })
215
1eddc9a7 216 it('Should fail with invalid admin flags', async function () {
6c5065a0 217 const fields = { ...baseCorrectParams, adminFlags: 'toto' }
1eddc9a7
C		 218
219 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
220 })
221
0e1dc3e7 222 it('Should fail with an non authenticated user', async function () {
26d21b78
C		 223 await makePostBodyRequest({
224 url: server.url,
225 path,
226 token: 'super token',
227 fields: baseCorrectParams,
c0e8b12e 228 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
26d21b78 229 })
0e1dc3e7
C		 230 })
231
232 it('Should fail if we add a user with the same username', async function () {
6c5065a0 233 const fields = { ...baseCorrectParams, username: 'user1' }
0e1dc3e7 234
2d53be02
RK		 235 await makePostBodyRequest({
236 url: server.url,
237 path,
238 token: server.accessToken,
239 fields,
c0e8b12e 240 expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02 241 })
0e1dc3e7
C		 242 })
243
244 it('Should fail if we add a user with the same email', async function () {
6c5065a0 245 const fields = { ...baseCorrectParams, email: 'user1@example.com' }
0e1dc3e7 246
2d53be02
RK		 247 await makePostBodyRequest({
248 url: server.url,
249 path,
250 token: server.accessToken,
251 fields,
c0e8b12e 252 expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02 253 })
0e1dc3e7
C		 254 })
255
77a5501f 256 it('Should fail without a videoQuota', async function () {
26d21b78 257 const fields = omit(baseCorrectParams, 'videoQuota')
77a5501f
C		 258
259 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
260 })
261
bee0abff
FA		 262 it('Should fail without a videoQuotaDaily', async function () {
263 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
264
265 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
266 })
267
77a5501f 268 it('Should fail with an invalid videoQuota', async function () {
6c5065a0 269 const fields = { ...baseCorrectParams, videoQuota: -5 }
757f0da3
C		 270
271 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
272 })
273
bee0abff 274 it('Should fail with an invalid videoQuotaDaily', async function () {
6c5065a0 275 const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
bee0abff
FA		 276
277 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
278 })
279
757f0da3 280 it('Should fail without a user role', async function () {
26d21b78 281 const fields = omit(baseCorrectParams, 'role')
757f0da3
C		 282
283 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
284 })
285
286 it('Should fail with an invalid user role', async function () {
6c5065a0 287 const fields = { ...baseCorrectParams, role: 88989 }
77a5501f
C		 288
289 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
290 })
291
2ef6a063 292 it('Should fail with a "peertube" username', async function () {
6c5065a0 293 const fields = { ...baseCorrectParams, username: 'peertube' }
2ef6a063
C		 294
295 await makePostBodyRequest({
296 url: server.url,
297 path,
298 token: server.accessToken,
299 fields,
c0e8b12e 300 expectedStatus: HttpStatusCode.CONFLICT_409
2ef6a063
C		 301 })
302 })
303
a95a4cc8
C		 304 it('Should fail to create a moderator or an admin with a moderator', async function () {
305 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
6c5065a0 306 const fields = { ...baseCorrectParams, role }
a95a4cc8
C		 307
308 await makePostBodyRequest({
309 url: server.url,
310 path,
7926c5f9 311 token: moderatorToken,
a95a4cc8 312 fields,
c0e8b12e 313 expectedStatus: HttpStatusCode.FORBIDDEN_403
a95a4cc8
C		 314 })
315 }
316 })
317
318 it('Should succeed to create a user with a moderator', async function () {
6c5065a0 319 const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
a95a4cc8
C		 320
321 await makePostBodyRequest({
322 url: server.url,
323 path,
7926c5f9 324 token: moderatorToken,
a95a4cc8 325 fields,
c0e8b12e 326 expectedStatus: HttpStatusCode.OK_200
a95a4cc8
C		 327 })
328 })
329
0e1dc3e7 330 it('Should succeed with the correct params', async function () {
26d21b78
C		 331 await makePostBodyRequest({
332 url: server.url,
333 path,
334 token: server.accessToken,
335 fields: baseCorrectParams,
c0e8b12e 336 expectedStatus: HttpStatusCode.OK_200
26d21b78 337 })
0e1dc3e7
C		 338 })
339
340 it('Should fail with a non admin user', async function () {
7926c5f9 341 const user = { username: 'user1' }
89d241a7 342 userToken = await server.login.getAccessToken(user)
0e1dc3e7 343
0e1dc3e7
C		 344 const fields = {
345 username: 'user3',
346 email: 'test@example.com',
77a5501f
C		 347 password: 'my super password',
348 videoQuota: 42000000
0e1dc3e7 349 }
c0e8b12e 350 await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7
C		 351 })
352 })
353
77a5501f 354 describe('When updating my account', function () {
7926c5f9 355
77a5501f
C		 356 it('Should fail with an invalid email attribute', async function () {
357 const fields = {
358 email: 'blabla'
359 }
0e1dc3e7 360
77a5501f 361 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 362 })
363
364 it('Should fail with a too small password', async function () {
365 const fields = {
7926c5f9 366 currentPassword: 'password',
0e1dc3e7
C		 367 password: 'bla'
368 }
369
7926c5f9 370 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
0e1dc3e7
C		 371 })
372
373 it('Should fail with a too long password', async function () {
374 const fields = {
7926c5f9 375 currentPassword: 'password',
26d21b78 376 password: 'super'.repeat(61)
0e1dc3e7
C		 377 }
378
7926c5f9 379 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
0e1dc3e7
C		 380 })
381
a890d1e0
C		 382 it('Should fail without the current password', async function () {
383 const fields = {
7926c5f9 384 currentPassword: 'password',
a890d1e0
C		 385 password: 'super'.repeat(61)
386 }
387
7926c5f9 388 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
a890d1e0
C		 389 })
390
391 it('Should fail with an invalid current password', async function () {
392 const fields = {
393 currentPassword: 'my super password fail',
394 password: 'super'.repeat(61)
395 }
396
2d53be02
RK		 397 await makePutBodyRequest({
398 url: server.url,
399 path: path + 'me',
7926c5f9 400 token: userToken,
2d53be02 401 fields,
c0e8b12e 402 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02 403 })
a890d1e0
C		 404 })
405
0883b324 406 it('Should fail with an invalid NSFW policy attribute', async function () {
0e1dc3e7 407 const fields = {
0883b324 408 nsfwPolicy: 'hello'
0e1dc3e7
C		 409 }
410
7926c5f9 411 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
0e1dc3e7
C		 412 })
413
7efe153b
AL		 414 it('Should fail with an invalid autoPlayVideo attribute', async function () {
415 const fields = {
416 autoPlayVideo: -1
417 }
418
7926c5f9 419 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
7efe153b
AL		 420 })
421
6aa54148
L		 422 it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
423 const fields = {
424 autoPlayNextVideo: -1
425 }
426
7926c5f9 427 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
6aa54148
L		 428 })
429
8b9a525a
C		 430 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
431 const fields = {
432 videosHistoryEnabled: -1
433 }
434
7926c5f9 435 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
8b9a525a
C		 436 })
437
0e1dc3e7
C		 438 it('Should fail with an non authenticated user', async function () {
439 const fields = {
7926c5f9 440 currentPassword: 'password',
0e1dc3e7
C		 441 password: 'my super password'
442 }
443
2d53be02
RK		 444 await makePutBodyRequest({
445 url: server.url,
446 path: path + 'me',
447 token: 'super token',
448 fields,
c0e8b12e 449 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02 450 })
0e1dc3e7
C		 451 })
452
2422c46b
C		 453 it('Should fail with a too long description', async function () {
454 const fields = {
d23e6a1c 455 description: 'super'.repeat(201)
2422c46b
C		 456 }
457
7926c5f9 458 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
2422c46b
C		 459 })
460
3caf77d3
C		 461 it('Should fail with an invalid videoLanguages attribute', async function () {
462 {
463 const fields = {
464 videoLanguages: 'toto'
465 }
466
7926c5f9 467 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
3caf77d3
C		 468 }
469
470 {
471 const languages = []
472 for (let i = 0; i < 1000; i++) {
473 languages.push('fr')
474 }
475
476 const fields = {
477 videoLanguages: languages
478 }
479
7926c5f9 480 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
3caf77d3
C		 481 }
482 })
483
9b474844
C		 484 it('Should fail with an invalid theme', async function () {
485 const fields = { theme: 'invalid' }
7926c5f9 486 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
9b474844
C		 487 })
488
489 it('Should fail with an unknown theme', async function () {
490 const fields = { theme: 'peertube-theme-unknown' }
7926c5f9 491 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
9b474844
C		 492 })
493
43d0ea7f
C		 494 it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () {
495 const fields = {
496 noInstanceConfigWarningModal: -1
497 }
498
7926c5f9 499 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
43d0ea7f
C		 500 })
501
502 it('Should fail with an invalid noWelcomeModal attribute', async function () {
503 const fields = {
504 noWelcomeModal: -1
505 }
506
7926c5f9 507 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
43d0ea7f
C		 508 })
509
a890d1e0 510 it('Should succeed to change password with the correct params', async function () {
0e1dc3e7 511 const fields = {
7926c5f9 512 currentPassword: 'password',
0e1dc3e7 513 password: 'my super password',
0883b324 514 nsfwPolicy: 'blur',
7efe153b 515 autoPlayVideo: false,
9b474844 516 email: 'super_email@example.com',
43d0ea7f
C		 517 theme: 'default',
518 noInstanceConfigWarningModal: true,
519 noWelcomeModal: true
0e1dc3e7
C		 520 }
521
2d53be02
RK		 522 await makePutBodyRequest({
523 url: server.url,
524 path: path + 'me',
7926c5f9 525 token: userToken,
2d53be02 526 fields,
c0e8b12e 527 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 528 })
77a5501f 529 })
a890d1e0
C		 530
531 it('Should succeed without password change with the correct params', async function () {
532 const fields = {
533 nsfwPolicy: 'blur',
5efab546 534 autoPlayVideo: false
a890d1e0
C		 535 }
536
2d53be02
RK		 537 await makePutBodyRequest({
538 url: server.url,
539 path: path + 'me',
7926c5f9 540 token: userToken,
2d53be02 541 fields,
c0e8b12e 542 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 543 })
a890d1e0 544 })
77a5501f
C		 545 })
546
c5911fd3
C		 547 describe('When updating my avatar', function () {
548 it('Should fail without an incorrect input file', async function () {
549 const fields = {}
550 const attaches = {
3d470a53 551 avatarfile: buildAbsoluteFixturePath('video_short.mp4')
c5911fd3 552 }
ac81d1a0 553 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
c5911fd3
C		 554 })
555
01de67b9
C		 556 it('Should fail with a big file', async function () {
557 const fields = {}
558 const attaches = {
3d470a53 559 avatarfile: buildAbsoluteFixturePath('avatar-big.png')
01de67b9 560 }
ac81d1a0 561 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
01de67b9
C		 562 })
563
4bbfc6c6
C		 564 it('Should fail with an unauthenticated user', async function () {
565 const fields = {}
566 const attaches = {
3d470a53 567 avatarfile: buildAbsoluteFixturePath('avatar.png')
4bbfc6c6
C		 568 }
569 await makeUploadRequest({
570 url: server.url,
571 path: path + '/me/avatar/pick',
572 fields,
573 attaches,
c0e8b12e 574 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
4bbfc6c6
C		 575 })
576 })
577
c5911fd3
C		 578 it('Should succeed with the correct params', async function () {
579 const fields = {}
580 const attaches = {
3d470a53 581 avatarfile: buildAbsoluteFixturePath('avatar.png')
c5911fd3 582 }
ac81d1a0 583 await makeUploadRequest({
47564bbe
C		 584 url: server.url,
585 path: path + '/me/avatar/pick',
586 token: server.accessToken,
587 fields,
588 attaches,
c0e8b12e 589 expectedStatus: HttpStatusCode.OK_200
47564bbe 590 })
c5911fd3
C		 591 })
592 })
593
18490b07
C		 594 describe('When managing my scoped tokens', function () {
595
596 it('Should fail to get my scoped tokens with an non authenticated user', async function () {
89d241a7 597 await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 598 })
599
600 it('Should fail to get my scoped tokens with a bad token', async function () {
89d241a7 601 await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 602
603 })
604
605 it('Should succeed to get my scoped tokens', async function () {
89d241a7 606 await server.users.getMyScopedTokens()
18490b07
C		 607 })
608
609 it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
89d241a7 610 await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 611 })
612
613 it('Should fail to renew my scoped tokens with a bad token', async function () {
89d241a7 614 await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
18490b07
C		 615 })
616
617 it('Should succeed to renew my scoped tokens', async function () {
89d241a7 618 await server.users.renewMyScopedTokens()
18490b07
C		 619 })
620 })
621
94ff4c23 622 describe('When getting a user', function () {
94ff4c23
C		 623
624 it('Should fail with an non authenticated user', async function () {
2d53be02
RK		 625 await makeGetRequest({
626 url: server.url,
627 path: path + userId,
628 token: 'super token',
c0e8b12e 629 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02 630 })
94ff4c23
C		 631 })
632
633 it('Should fail with a non admin user', async function () {
c0e8b12e 634 await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
94ff4c23
C		 635 })
636
637 it('Should succeed with the correct params', async function () {
c0e8b12e 638 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
94ff4c23
C		 639 })
640 })
641
77a5501f
C		 642 describe('When updating a user', function () {
643
77a5501f
C		 644 it('Should fail with an invalid email attribute', async function () {
645 const fields = {
646 email: 'blabla'
647 }
648
649 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
650 })
651
fc2ec87a
JM		 652 it('Should fail with an invalid emailVerified attribute', async function () {
653 const fields = {
654 emailVerified: 'yes'
655 }
656
657 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
658 })
659
77a5501f
C		 660 it('Should fail with an invalid videoQuota attribute', async function () {
661 const fields = {
662 videoQuota: -90
663 }
664
665 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
666 })
667
757f0da3
C		 668 it('Should fail with an invalid user role attribute', async function () {
669 const fields = {
670 role: 54878
671 }
672
673 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
674 })
675
b426edd4
C		 676 it('Should fail with a too small password', async function () {
677 const fields = {
7926c5f9 678 currentPassword: 'password',
b426edd4
C		 679 password: 'bla'
680 }
681
682 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
683 })
684
685 it('Should fail with a too long password', async function () {
686 const fields = {
7926c5f9 687 currentPassword: 'password',
b426edd4
C		 688 password: 'super'.repeat(61)
689 }
690
691 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
692 })
693
77a5501f
C		 694 it('Should fail with an non authenticated user', async function () {
695 const fields = {
696 videoQuota: 42
697 }
698
2d53be02
RK		 699 await makePutBodyRequest({
700 url: server.url,
701 path: path + userId,
702 token: 'super token',
703 fields,
c0e8b12e 704 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02 705 })
77a5501f
C		 706 })
707
f8b8c36b
C		 708 it('Should fail when updating root role', async function () {
709 const fields = {
710 role: UserRole.MODERATOR
711 }
712
713 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
1eddc9a7
C		 714 })
715
716 it('Should fail with invalid admin flags', async function () {
717 const fields = { adminFlags: 'toto' }
718
a95a4cc8
C		 719 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
720 })
721
722 it('Should fail to update an admin with a moderator', async function () {
723 const fields = {
724 videoQuota: 42
725 }
726
727 await makePutBodyRequest({
728 url: server.url,
729 path: path + moderatorId,
7926c5f9 730 token: moderatorToken,
a95a4cc8 731 fields,
c0e8b12e 732 expectedStatus: HttpStatusCode.FORBIDDEN_403
a95a4cc8
C		 733 })
734 })
735
736 it('Should succeed to update a user with a moderator', async function () {
737 const fields = {
738 videoQuota: 42
739 }
740
741 await makePutBodyRequest({
742 url: server.url,
743 path: path + userId,
7926c5f9 744 token: moderatorToken,
a95a4cc8 745 fields,
c0e8b12e 746 expectedStatus: HttpStatusCode.NO_CONTENT_204
a95a4cc8 747 })
f8b8c36b
C		 748 })
749
77a5501f
C		 750 it('Should succeed with the correct params', async function () {
751 const fields = {
752 email: 'email@example.com',
fc2ec87a 753 emailVerified: true,
757f0da3 754 videoQuota: 42,
2f1548fd 755 role: UserRole.USER
77a5501f
C		 756 }
757
2d53be02
RK		 758 await makePutBodyRequest({
759 url: server.url,
760 path: path + userId,
761 token: server.accessToken,
762 fields,
c0e8b12e 763 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 764 })
0e1dc3e7
C		 765 })
766 })
767
768 describe('When getting my information', function () {
769 it('Should fail with a non authenticated user', async function () {
89d241a7 770 await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
0e1dc3e7
C		 771 })
772
773 it('Should success with the correct parameters', async function () {
89d241a7 774 await server.users.getMyInfo({ token: userToken })
0e1dc3e7
C		 775 })
776 })
777
778 describe('When getting my video rating', function () {
7926c5f9
C		 779 let command: UsersCommand
780
781 before(function () {
89d241a7 782 command = server.users
7926c5f9
C		 783 })
784
0e1dc3e7 785 it('Should fail with a non authenticated user', async function () {
7926c5f9 786 await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
0e1dc3e7
C		 787 })
788
789 it('Should fail with an incorrect video uuid', async function () {
7926c5f9 790 await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
0e1dc3e7
C		 791 })
792
793 it('Should fail with an unknown video', async function () {
7926c5f9 794 await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 })
0e1dc3e7
C		 795 })
796
26d21b78 797 it('Should succeed with the correct parameters', async function () {
7926c5f9
C		 798 await command.getMyRating({ videoId: video.id })
799 await command.getMyRating({ videoId: video.uuid })
800 await command.getMyRating({ videoId: video.shortUUID })
0e1dc3e7
C		 801 })
802 })
803
22834691
C		 804 describe('When retrieving my global ratings', function () {
805 const path = '/api/v1/accounts/user1/ratings'
806
807 it('Should fail with a bad start pagination', async function () {
7926c5f9 808 await checkBadStartPagination(server.url, path, userToken)
22834691
C		 809 })
810
811 it('Should fail with a bad count pagination', async function () {
7926c5f9 812 await checkBadCountPagination(server.url, path, userToken)
22834691
C		 813 })
814
815 it('Should fail with an incorrect sort', async function () {
7926c5f9 816 await checkBadSortPagination(server.url, path, userToken)
22834691
C		 817 })
818
819 it('Should fail with a unauthenticated user', async function () {
c0e8b12e 820 await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
22834691
C		 821 })
822
823 it('Should fail with a another user', async function () {
c0e8b12e 824 await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
22834691
C		 825 })
826
827 it('Should fail with a bad type', async function () {
2d53be02
RK		 828 await makeGetRequest({
829 url: server.url,
830 path,
7926c5f9 831 token: userToken,
2d53be02 832 query: { rating: 'toto ' },
c0e8b12e 833 expectedStatus: HttpStatusCode.BAD_REQUEST_400
2d53be02 834 })
22834691
C		 835 })
836
837 it('Should succeed with the correct params', async function () {
c0e8b12e 838 await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 })
22834691
C		 839 })
840 })
841
e6921918 842 describe('When blocking/unblocking/removing user', function () {
7926c5f9 843
0e1dc3e7 844 it('Should fail with an incorrect id', async function () {
7926c5f9
C		 845 const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
846
89d241a7
C		 847 await server.users.remove(options)
848 await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
849 await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
0e1dc3e7
C		 850 })
851
852 it('Should fail with the root user', async function () {
7926c5f9
C		 853 const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
854
89d241a7
C		 855 await server.users.remove(options)
856 await server.users.banUser(options)
857 await server.users.unbanUser(options)
0e1dc3e7
C		 858 })
859
860 it('Should return 404 with a non existing id', async function () {
7926c5f9
C		 861 const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 }
862
89d241a7
C		 863 await server.users.remove(options)
864 await server.users.banUser(options)
865 await server.users.unbanUser(options)
e6921918
C		 866 })
867
868 it('Should fail with a non admin user', async function () {
7926c5f9
C		 869 const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
870
89d241a7
C		 871 await server.users.remove(options)
872 await server.users.banUser(options)
873 await server.users.unbanUser(options)
0e1dc3e7 874 })
a95a4cc8
C		 875
876 it('Should fail on a moderator with a moderator', async function () {
7926c5f9
C		 877 const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
878
89d241a7
C		 879 await server.users.remove(options)
880 await server.users.banUser(options)
881 await server.users.unbanUser(options)
a95a4cc8
C		 882 })
883
884 it('Should succeed on a user with a moderator', async function () {
7926c5f9
C		 885 const options = { userId, token: moderatorToken }
886
89d241a7
C		 887 await server.users.banUser(options)
888 await server.users.unbanUser(options)
a95a4cc8 889 })
0e1dc3e7
C		 890 })
891
92b9d60c
C		 892 describe('When deleting our account', function () {
893 it('Should fail with with the root account', async function () {
89d241a7 894 await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
92b9d60c
C		 895 })
896 })
897
e590b4a5 898 describe('When registering a new user', function () {
0e1dc3e7 899 const registrationPath = path + '/register'
26d21b78
C		 900 const baseCorrectParams = {
901 username: 'user3',
1f20622f 902 displayName: 'super user',
26d21b78
C		 903 email: 'test3@example.com',
904 password: 'my super password'
905 }
0e1dc3e7
C		 906
907 it('Should fail with a too small username', async function () {
6c5065a0 908 const fields = { ...baseCorrectParams, username: '' }
0e1dc3e7
C		 909
910 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
911 })
912
913 it('Should fail with a too long username', async function () {
6c5065a0 914 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
0e1dc3e7
C		 915
916 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
917 })
918
919 it('Should fail with an incorrect username', async function () {
6c5065a0 920 const fields = { ...baseCorrectParams, username: 'my username' }
0e1dc3e7
C		 921
922 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
923 })
924
925 it('Should fail with a missing email', async function () {
26d21b78 926 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 927
928 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
929 })
930
931 it('Should fail with an invalid email', async function () {
6c5065a0 932 const fields = { ...baseCorrectParams, email: 'test_example.com' }
0e1dc3e7
C		 933
934 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
935 })
936
937 it('Should fail with a too small password', async function () {
6c5065a0 938 const fields = { ...baseCorrectParams, password: 'bla' }
0e1dc3e7
C		 939
940 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
941 })
942
943 it('Should fail with a too long password', async function () {
6c5065a0 944 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
0e1dc3e7
C		 945
946 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
947 })
948
949 it('Should fail if we register a user with the same username', async function () {
6c5065a0 950 const fields = { ...baseCorrectParams, username: 'root' }
0e1dc3e7 951
26d21b78
C		 952 await makePostBodyRequest({
953 url: server.url,
954 path: registrationPath,
955 token: server.accessToken,
956 fields,
c0e8b12e 957 expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78 958 })
0e1dc3e7
C		 959 })
960
2ef6a063 961 it('Should fail with a "peertube" username', async function () {
6c5065a0 962 const fields = { ...baseCorrectParams, username: 'peertube' }
2ef6a063
C		 963
964 await makePostBodyRequest({
965 url: server.url,
966 path: registrationPath,
967 token: server.accessToken,
968 fields,
c0e8b12e 969 expectedStatus: HttpStatusCode.CONFLICT_409
2ef6a063
C		 970 })
971 })
972
0e1dc3e7 973 it('Should fail if we register a user with the same email', async function () {
6c5065a0 974 const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
0e1dc3e7 975
26d21b78
C		 976 await makePostBodyRequest({
977 url: server.url,
978 path: registrationPath,
979 token: server.accessToken,
980 fields,
c0e8b12e 981 expectedStatus: HttpStatusCode.CONFLICT_409
26d21b78 982 })
0e1dc3e7
C		 983 })
984
1f20622f 985 it('Should fail with a bad display name', async function () {
6c5065a0 986 const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
1f20622f
C		 987
988 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
989 })
990
e590b4a5 991 it('Should fail with a bad channel name', async function () {
6c5065a0 992 const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
e590b4a5
C		 993
994 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
995 })
996
997 it('Should fail with a bad channel display name', async function () {
6c5065a0 998 const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
e590b4a5
C		 999
1000 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1001 })
1002
32d7f2b7 1003 it('Should fail with a channel name that is the same as username', async function () {
1d5342ab 1004 const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
6c5065a0 1005 const fields = { ...baseCorrectParams, ...source }
1d5342ab
C		 1006
1007 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1008 })
1009
e590b4a5 1010 it('Should fail with an existing channel', async function () {
a5461888 1011 const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
89d241a7 1012 await server.channels.create({ attributes })
e590b4a5 1013
6c5065a0 1014 const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
e590b4a5 1015
2d53be02
RK		 1016 await makePostBodyRequest({
1017 url: server.url,
1018 path: registrationPath,
1019 token: server.accessToken,
1020 fields,
c0e8b12e 1021 expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02 1022 })
e590b4a5
C		 1023 })
1024
0e1dc3e7 1025 it('Should succeed with the correct params', async function () {
6c5065a0 1026 const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
e590b4a5 1027
26d21b78
C		 1028 await makePostBodyRequest({
1029 url: server.url,
1030 path: registrationPath,
1031 token: server.accessToken,
e590b4a5 1032 fields: fields,
c0e8b12e 1033 expectedStatus: HttpStatusCode.NO_CONTENT_204
26d21b78 1034 })
0e1dc3e7
C		 1035 })
1036
1037 it('Should fail on a server with registration disabled', async function () {
1038 const fields = {
1039 username: 'user4',
1040 email: 'test4@example.com',
1041 password: 'my super password 4'
1042 }
1043
1044 await makePostBodyRequest({
1045 url: serverWithRegistrationDisabled.url,
1046 path: registrationPath,
1047 token: serverWithRegistrationDisabled.accessToken,
1048 fields,
c0e8b12e 1049 expectedStatus: HttpStatusCode.FORBIDDEN_403
0e1dc3e7
C		 1050 })
1051 })
1052 })
1053
1054 describe('When registering multiple users on a server with users limit', function () {
1055 it('Should fail when after 3 registrations', async function () {
89d241a7 1056 await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
0e1dc3e7
C		 1057 })
1058 })
1059
f076daa7
C		 1060 describe('When asking a password reset', function () {
1061 const path = '/api/v1/users/ask-reset-password'
1062
1063 it('Should fail with a missing email', async function () {
1064 const fields = {}
1065
1066 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1067 })
1068
1069 it('Should fail with an invalid email', async function () {
1070 const fields = { email: 'hello' }
1071
1072 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1073 })
1074
1075 it('Should success with the correct params', async function () {
1076 const fields = { email: 'admin@example.com' }
1077
2d53be02
RK		 1078 await makePostBodyRequest({
1079 url: server.url,
1080 path,
1081 token: server.accessToken,
1082 fields,
c0e8b12e 1083 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 1084 })
f076daa7
C		 1085 })
1086 })
1087
d9eaee39
JM		 1088 describe('When asking for an account verification email', function () {
1089 const path = '/api/v1/users/ask-send-verify-email'
1090
1091 it('Should fail with a missing email', async function () {
1092 const fields = {}
1093
1094 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1095 })
1096
1097 it('Should fail with an invalid email', async function () {
1098 const fields = { email: 'hello' }
1099
1100 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1101 })
1102
1103 it('Should succeed with the correct params', async function () {
1104 const fields = { email: 'admin@example.com' }
1105
2d53be02
RK		 1106 await makePostBodyRequest({
1107 url: server.url,
1108 path,
1109 token: server.accessToken,
1110 fields,
c0e8b12e 1111 expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02 1112 })
d9eaee39
JM		 1113 })
1114 })
1115
7c3b7976 1116 after(async function () {
45f1bd72
JL		 1117 MockSmtpServer.Instance.kill()
1118
7c3b7976 1119 await cleanupTests([ server, serverWithRegistrationDisabled ])
0e1dc3e7
C		 1120 })
1121})
ActivityPub-federated video streaming platform using P2P directly in your web browser