]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add tests to user roles
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
0e1dc3e7
C		 1/* tslint:disable:no-unused-expression */
2
3import * as request from 'supertest'
4import 'mocha'
5
6import {
7 ServerInfo,
8 flushTests,
9 runServer,
10 uploadVideo,
11 getVideosList,
12 makePutBodyRequest,
13 createUser,
14 loginAndGetAccessToken,
15 getUsersList,
16 registerUser,
17 setAccessTokensToServers,
18 killallServers,
19 makePostBodyRequest,
20 getUserAccessToken
21} from '../../utils'
757f0da3 22import { UserRole } from '../../../../shared'
0e1dc3e7
C		 23
24describe('Test users API validators', function () {
25 const path = '/api/v1/users/'
26 let userId: number
27 let rootId: number
28 let videoId: number
29 let server: ServerInfo
30 let serverWithRegistrationDisabled: ServerInfo
31 let userAccessToken = ''
32
33 // ---------------------------------------------------------------
34
35 before(async function () {
36 this.timeout(120000)
37
38 await flushTests()
39
40 server = await runServer(1)
41 serverWithRegistrationDisabled = await runServer(2)
42
43 await setAccessTokensToServers([ server ])
44
45 const username = 'user1'
46 const password = 'my super password'
77a5501f
C		 47 const videoQuota = 42000000
48 await createUser(server.url, server.accessToken, username, password, videoQuota)
0e1dc3e7
C		 49
50 const videoAttributes = {}
51 await uploadVideo(server.url, server.accessToken, videoAttributes)
52
53 const res = await getVideosList(server.url)
54 const videos = res.body.data
55 videoId = videos[0].id
56
57 const user = {
58 username: 'user1',
59 password: 'my super password'
60 }
61 userAccessToken = await getUserAccessToken(server, user)
62 })
63
64 describe('When listing users', function () {
65 it('Should fail with a bad start pagination', async function () {
66 await request(server.url)
67 .get(path)
68 .query({ start: 'hello' })
69 .set('Accept', 'application/json')
70 .expect(400)
71 })
72
73 it('Should fail with a bad count pagination', async function () {
74 await request(server.url)
75 .get(path)
76 .query({ count: 'hello' })
77 .set('Accept', 'application/json')
78 .expect(400)
79 })
80
81 it('Should fail with an incorrect sort', async function () {
82 await request(server.url)
83 .get(path)
84 .query({ sort: 'hello' })
85 .set('Accept', 'application/json')
86 .expect(400)
87 })
88 })
89
90 describe('When adding a new user', function () {
91 it('Should fail with a too small username', async function () {
92 const fields = {
93 username: 'ji',
94 email: 'test@example.com',
77a5501f 95 password: 'my_super_password',
757f0da3 96 role: UserRole.USER,
77a5501f 97 videoQuota: 42000000
0e1dc3e7
C		 98 }
99
100 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
101 })
102
103 it('Should fail with a too long username', async function () {
104 const fields = {
105 username: 'my_super_username_which_is_very_long',
106 email: 'test@example.com',
77a5501f 107 password: 'my_super_password',
757f0da3
C		 108 videoQuota: 42000000,
109 role: UserRole.USER
0e1dc3e7
C		 110 }
111
112 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
113 })
114
115 it('Should fail with an incorrect username', async function () {
116 const fields = {
117 username: 'my username',
118 email: 'test@example.com',
77a5501f 119 password: 'my_super_password',
757f0da3
C		 120 videoQuota: 42000000,
121 role: UserRole.USER
0e1dc3e7
C		 122 }
123
124 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
125 })
126
127 it('Should fail with a missing email', async function () {
128 const fields = {
129 username: 'ji',
77a5501f 130 password: 'my_super_password',
757f0da3
C		 131 videoQuota: 42000000,
132 role: UserRole.USER
0e1dc3e7
C		 133 }
134
135 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
136 })
137
138 it('Should fail with an invalid email', async function () {
139 const fields = {
140 username: 'my_super_username_which_is_very_long',
141 email: 'test_example.com',
77a5501f 142 password: 'my_super_password',
757f0da3
C		 143 videoQuota: 42000000,
144 role: UserRole.USER
0e1dc3e7
C		 145 }
146
147 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
148 })
149
150 it('Should fail with a too small password', async function () {
151 const fields = {
152 username: 'my_username',
153 email: 'test@example.com',
77a5501f 154 password: 'bla',
757f0da3
C		 155 videoQuota: 42000000,
156 role: UserRole.USER
0e1dc3e7
C		 157 }
158
159 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
160 })
161
162 it('Should fail with a too long password', async function () {
163 const fields = {
164 username: 'my_username',
165 email: 'test@example.com',
166 password: 'my super long password which is very very very very very very very very very very very very very very' +
167 'very very very very very very very very very very very very very very very veryv very very very very' +
77a5501f 168 'very very very very very very very very very very very very very very very very very very very very long',
757f0da3
C		 169 videoQuota: 42000000,
170 role: UserRole.USER
0e1dc3e7
C		 171 }
172
173 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
174 })
175
176 it('Should fail with an non authenticated user', async function () {
177 const fields = {
178 username: 'my_username',
179 email: 'test@example.com',
77a5501f 180 password: 'my super password',
757f0da3
C		 181 videoQuota: 42000000,
182 role: UserRole.USER
0e1dc3e7
C		 183 }
184
185 await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
186 })
187
188 it('Should fail if we add a user with the same username', async function () {
189 const fields = {
190 username: 'user1',
191 email: 'test@example.com',
77a5501f 192 password: 'my super password',
757f0da3
C		 193 videoQuota: 42000000,
194 role: UserRole.USER
0e1dc3e7
C		 195 }
196
197 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
198 })
199
200 it('Should fail if we add a user with the same email', async function () {
201 const fields = {
202 username: 'my_username',
203 email: 'user1@example.com',
77a5501f 204 password: 'my super password',
757f0da3
C		 205 videoQuota: 42000000,
206 role: UserRole.USER
0e1dc3e7
C		 207 }
208
209 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
210 })
211
77a5501f
C		 212 it('Should fail without a videoQuota', async function () {
213 const fields = {
214 username: 'my_username',
215 email: 'user1@example.com',
757f0da3
C		 216 password: 'my super password',
217 role: UserRole.USER
77a5501f
C		 218 }
219
220 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
221 })
222
223 it('Should fail with an invalid videoQuota', async function () {
224 const fields = {
225 username: 'my_username',
226 email: 'user1@example.com',
227 password: 'my super password',
757f0da3
C		 228 videoQuota: -5,
229 role: UserRole.USER
230 }
231
232 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
233 })
234
235 it('Should fail without a user role', async function () {
236 const fields = {
237 username: 'my_username',
238 email: 'user1@example.com',
239 password: 'my super password',
240 videoQuota: 0
241 }
242
243 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
244 })
245
246 it('Should fail with an invalid user role', async function () {
247 const fields = {
248 username: 'my_username',
249 email: 'user1@example.com',
250 password: 'my super password',
251 videoQuota: 0,
252 role: 88989
77a5501f
C		 253 }
254
255 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
256 })
257
0e1dc3e7
C		 258 it('Should succeed with the correct params', async function () {
259 const fields = {
260 username: 'user2',
261 email: 'test@example.com',
77a5501f 262 password: 'my super password',
757f0da3
C		 263 videoQuota: -1,
264 role: UserRole.USER
0e1dc3e7
C		 265 }
266
267 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
268 })
269
270 it('Should fail with a non admin user', async function () {
271 server.user = {
272 username: 'user1',
273 email: 'test@example.com',
274 password: 'my super password'
275 }
276
277 userAccessToken = await loginAndGetAccessToken(server)
278 const fields = {
279 username: 'user3',
280 email: 'test@example.com',
77a5501f
C		 281 password: 'my super password',
282 videoQuota: 42000000
0e1dc3e7
C		 283 }
284 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
285 })
286 })
287
77a5501f
C		 288 describe('When updating my account', function () {
289 it('Should fail with an invalid email attribute', async function () {
290 const fields = {
291 email: 'blabla'
292 }
0e1dc3e7 293
77a5501f 294 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 295 })
296
297 it('Should fail with a too small password', async function () {
298 const fields = {
299 password: 'bla'
300 }
301
77a5501f 302 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 303 })
304
305 it('Should fail with a too long password', async function () {
306 const fields = {
307 password: 'my super long password which is very very very very very very very very very very very very very very' +
308 'very very very very very very very very very very very very very very very veryv very very very very' +
309 'very very very very very very very very very very very very very very very very very very very very long'
310 }
311
77a5501f 312 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 313 })
314
315 it('Should fail with an invalid display NSFW attribute', async function () {
316 const fields = {
317 displayNSFW: -1
318 }
319
77a5501f 320 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 321 })
322
323 it('Should fail with an non authenticated user', async function () {
324 const fields = {
325 password: 'my super password'
326 }
327
77a5501f 328 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
0e1dc3e7
C		 329 })
330
331 it('Should succeed with the correct params', async function () {
332 const fields = {
333 password: 'my super password',
77a5501f
C		 334 displayNSFW: true,
335 email: 'super_email@example.com'
0e1dc3e7
C		 336 }
337
77a5501f
C		 338 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
339 })
340 })
341
342 describe('When updating a user', function () {
343
344 before(async function () {
345 const res = await getUsersList(server.url)
346
347 userId = res.body.data[1].id
348 rootId = res.body.data[2].id
349 })
350
351 it('Should fail with an invalid email attribute', async function () {
352 const fields = {
353 email: 'blabla'
354 }
355
356 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
357 })
358
359 it('Should fail with an invalid videoQuota attribute', async function () {
360 const fields = {
361 videoQuota: -90
362 }
363
364 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
365 })
366
757f0da3
C		 367 it('Should fail with an invalid user role attribute', async function () {
368 const fields = {
369 role: 54878
370 }
371
372 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
373 })
374
77a5501f
C		 375 it('Should fail with an non authenticated user', async function () {
376 const fields = {
377 videoQuota: 42
378 }
379
380 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
381 })
382
383 it('Should succeed with the correct params', async function () {
384 const fields = {
385 email: 'email@example.com',
757f0da3
C		 386 videoQuota: 42,
387 role: UserRole.MODERATOR
77a5501f
C		 388 }
389
390 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
0e1dc3e7
C		 391 })
392 })
393
394 describe('When getting my information', function () {
395 it('Should fail with a non authenticated user', async function () {
396 await request(server.url)
397 .get(path + 'me')
398 .set('Authorization', 'Bearer fake_token')
399 .set('Accept', 'application/json')
400 .expect(401)
401 })
402
403 it('Should success with the correct parameters', async function () {
404 await request(server.url)
405 .get(path + 'me')
406 .set('Authorization', 'Bearer ' + userAccessToken)
407 .set('Accept', 'application/json')
408 .expect(200)
409 })
410 })
411
412 describe('When getting my video rating', function () {
413 it('Should fail with a non authenticated user', async function () {
414 await request(server.url)
415 .get(path + 'me/videos/' + videoId + '/rating')
416 .set('Authorization', 'Bearer fake_token')
417 .set('Accept', 'application/json')
418 .expect(401)
419 })
420
421 it('Should fail with an incorrect video uuid', async function () {
422 await request(server.url)
423 .get(path + 'me/videos/blabla/rating')
424 .set('Authorization', 'Bearer ' + userAccessToken)
425 .set('Accept', 'application/json')
426 .expect(400)
427 })
428
429 it('Should fail with an unknown video', async function () {
430 await request(server.url)
431 .get(path + 'me/videos/4da6fde3-88f7-4d16-b119-108df5630b06/rating')
432 .set('Authorization', 'Bearer ' + userAccessToken)
433 .set('Accept', 'application/json')
434 .expect(404)
435 })
436
437 it('Should success with the correct parameters', async function () {
438 await request(server.url)
439 .get(path + 'me/videos/' + videoId + '/rating')
440 .set('Authorization', 'Bearer ' + userAccessToken)
441 .set('Accept', 'application/json')
442 .expect(200)
443 })
444 })
445
446 describe('When removing an user', function () {
447 it('Should fail with an incorrect id', async function () {
448 await request(server.url)
449 .delete(path + 'bla-bla')
450 .set('Authorization', 'Bearer ' + server.accessToken)
451 .expect(400)
452 })
453
454 it('Should fail with the root user', async function () {
455 await request(server.url)
456 .delete(path + rootId)
457 .set('Authorization', 'Bearer ' + server.accessToken)
458 .expect(400)
459 })
460
461 it('Should return 404 with a non existing id', async function () {
462 await request(server.url)
463 .delete(path + '45')
464 .set('Authorization', 'Bearer ' + server.accessToken)
465 .expect(404)
466 })
467 })
468
469 describe('When removing an user', function () {
470 it('Should fail with an incorrect id', async function () {
471 await request(server.url)
472 .delete(path + 'bla-bla')
473 .set('Authorization', 'Bearer ' + server.accessToken)
474 .expect(400)
475 })
476
477 it('Should fail with the root user', async function () {
478 await request(server.url)
479 .delete(path + rootId)
480 .set('Authorization', 'Bearer ' + server.accessToken)
481 .expect(400)
482 })
483
484 it('Should return 404 with a non existing id', async function () {
485 await request(server.url)
486 .delete(path + '45')
487 .set('Authorization', 'Bearer ' + server.accessToken)
488 .expect(404)
489 })
490 })
491
492 describe('When register a new user', function () {
493 const registrationPath = path + '/register'
494
495 it('Should fail with a too small username', async function () {
496 const fields = {
497 username: 'ji',
498 email: 'test@example.com',
499 password: 'my_super_password'
500 }
501
502 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
503 })
504
505 it('Should fail with a too long username', async function () {
506 const fields = {
507 username: 'my_super_username_which_is_very_long',
508 email: 'test@example.com',
509 password: 'my_super_password'
510 }
511
512 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
513 })
514
515 it('Should fail with an incorrect username', async function () {
516 const fields = {
517 username: 'my username',
518 email: 'test@example.com',
519 password: 'my_super_password'
520 }
521
522 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
523 })
524
525 it('Should fail with a missing email', async function () {
526 const fields = {
527 username: 'ji',
528 password: 'my_super_password'
529 }
530
531 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
532 })
533
534 it('Should fail with an invalid email', async function () {
535 const fields = {
536 username: 'my_super_username_which_is_very_long',
537 email: 'test_example.com',
538 password: 'my_super_password'
539 }
540
541 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
542 })
543
544 it('Should fail with a too small password', async function () {
545 const fields = {
546 username: 'my_username',
547 email: 'test@example.com',
548 password: 'bla'
549 }
550
551 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
552 })
553
554 it('Should fail with a too long password', async function () {
555 const fields = {
556 username: 'my_username',
557 email: 'test@example.com',
558 password: 'my super long password which is very very very very very very very very very very very very very very' +
559 'very very very very very very very very very very very very very very very veryv very very very very' +
560 'very very very very very very very very very very very very very very very very very very very very long'
561 }
562
563 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
564 })
565
566 it('Should fail if we register a user with the same username', async function () {
567 const fields = {
568 username: 'root',
569 email: 'test@example.com',
570 password: 'my super password'
571 }
572
573 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
574 })
575
576 it('Should fail if we register a user with the same email', async function () {
577 const fields = {
578 username: 'my_username',
579 email: 'admin1@example.com',
580 password: 'my super password'
581 }
582
583 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 })
584 })
585
586 it('Should succeed with the correct params', async function () {
587 const fields = {
588 username: 'user3',
589 email: 'test3@example.com',
590 password: 'my super password'
591 }
592
593 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 204 })
594 })
595
596 it('Should fail on a server with registration disabled', async function () {
597 const fields = {
598 username: 'user4',
599 email: 'test4@example.com',
600 password: 'my super password 4'
601 }
602
603 await makePostBodyRequest({
604 url: serverWithRegistrationDisabled.url,
605 path: registrationPath,
606 token: serverWithRegistrationDisabled.accessToken,
607 fields,
608 statusCodeExpected: 403
609 })
610 })
611 })
612
613 describe('When registering multiple users on a server with users limit', function () {
614 it('Should fail when after 3 registrations', async function () {
615 await registerUser(server.url, 'user42', 'super password', 403)
616 })
617 })
618
77a5501f
C		 619 describe('When having a video quota', function () {
620 it('Should fail with a user having too many video', async function () {
621 const fields = {
622 videoQuota: 42
623 }
624
625 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields, statusCodeExpected: 204 })
626
627 const videoAttributes = {}
628 await uploadVideo(server.url, server.accessToken, videoAttributes, 403)
629 })
630
631 it('Should fail with a registered user having too many video', async function () {
632 this.timeout(10000)
633
634 server.user = {
635 username: 'user3',
636 email: 'test3@example.com',
637 password: 'my super password'
638 }
639 userAccessToken = await loginAndGetAccessToken(server)
640
641 const videoAttributes = { fixture: 'video_short2.webm' }
642 await uploadVideo(server.url, userAccessToken, videoAttributes)
643 await uploadVideo(server.url, userAccessToken, videoAttributes)
644 await uploadVideo(server.url, userAccessToken, videoAttributes)
645 await uploadVideo(server.url, userAccessToken, videoAttributes)
646 await uploadVideo(server.url, userAccessToken, videoAttributes)
647 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
648 })
649 })
650
0e1dc3e7
C		 651 after(async function () {
652 killallServers([ server, serverWithRegistrationDisabled ])
653
654 // Keep the logs if the test failed
655 if (this['ok']) {
656 await flushTests()
657 }
658 })
659})
ActivityPub-federated video streaming platform using P2P directly in your web browser