]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blame - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Move fixtures in tests/
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
CommitLineData
0e1dc3e7
C		 1/* tslint:disable:no-unused-expression */
2
26d21b78 3import { omit } from 'lodash'
0e1dc3e7 4import 'mocha'
47564bbe 5import { join } from 'path'
26d21b78 6import { UserRole } from '../../../../shared'
0e1dc3e7
C		 7
8import {
26d21b78 9 createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
ac81d1a0 10 makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
47564bbe 11 updateUser, uploadVideo, userLogin
0e1dc3e7 12} from '../../utils'
26d21b78 13import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
0e1dc3e7
C		 14
15describe('Test users API validators', function () {
16 const path = '/api/v1/users/'
17 let userId: number
18 let rootId: number
19 let videoId: number
20 let server: ServerInfo
21 let serverWithRegistrationDisabled: ServerInfo
22 let userAccessToken = ''
f8b8c36b
C		 23 const user = {
24 username: 'user1',
25 password: 'my super password'
26 }
0e1dc3e7
C		 27
28 // ---------------------------------------------------------------
29
30 before(async function () {
e212f887 31 this.timeout(30000)
0e1dc3e7
C		 32
33 await flushTests()
34
35 server = await runServer(1)
36 serverWithRegistrationDisabled = await runServer(2)
37
38 await setAccessTokensToServers([ server ])
39
26d21b78
C		 40 const videoQuota = 42000000
41 await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
eec63bbc 42 userAccessToken = await userLogin(server, user)
26d21b78
C		 43
44 const res = await uploadVideo(server.url, server.accessToken, {})
45 videoId = res.body.video.id
0e1dc3e7
C		 46 })
47
48 describe('When listing users', function () {
49 it('Should fail with a bad start pagination', async function () {
26d21b78 50 await checkBadStartPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 51 })
52
53 it('Should fail with a bad count pagination', async function () {
26d21b78 54 await checkBadCountPagination(server.url, path, server.accessToken)
0e1dc3e7
C		 55 })
56
57 it('Should fail with an incorrect sort', async function () {
26d21b78 58 await checkBadSortPagination(server.url, path, server.accessToken)
0e1dc3e7 59 })
86d13ec2
C		 60
61 it('Should fail with a non authenticated user', async function () {
26d21b78
C		 62 await makeGetRequest({
63 url: server.url,
64 path,
65 statusCodeExpected: 401
66 })
86d13ec2
C		 67 })
68
69 it('Should fail with a non admin user', async function () {
26d21b78
C		 70 await makeGetRequest({
71 url: server.url,
72 path,
73 token: userAccessToken,
74 statusCodeExpected: 403
75 })
86d13ec2 76 })
0e1dc3e7
C		 77 })
78
79 describe('When adding a new user', function () {
26d21b78
C		 80 const baseCorrectParams = {
81 username: 'user2',
82 email: 'test@example.com',
83 password: 'my super password',
84 videoQuota: -1,
85 role: UserRole.USER
86 }
87
0e1dc3e7 88 it('Should fail with a too small username', async function () {
26d21b78 89 const fields = immutableAssign(baseCorrectParams, { username: 'fi' })
0e1dc3e7
C		 90
91 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
92 })
93
94 it('Should fail with a too long username', async function () {
26d21b78 95 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
0e1dc3e7
C		 96
97 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
98 })
99
563d032e 100 it('Should fail with a not lowercase username', async function () {
26d21b78 101 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
563d032e
C		 102
103 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
104 })
105
0e1dc3e7 106 it('Should fail with an incorrect username', async function () {
26d21b78 107 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
0e1dc3e7
C		 108
109 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
110 })
111
112 it('Should fail with a missing email', async function () {
26d21b78 113 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 114
115 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
116 })
117
118 it('Should fail with an invalid email', async function () {
26d21b78 119 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
0e1dc3e7
C		 120
121 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
122 })
123
124 it('Should fail with a too small password', async function () {
26d21b78 125 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
0e1dc3e7
C		 126
127 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
128 })
129
130 it('Should fail with a too long password', async function () {
26d21b78 131 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
0e1dc3e7
C		 132
133 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
134 })
135
136 it('Should fail with an non authenticated user', async function () {
26d21b78
C		 137 await makePostBodyRequest({
138 url: server.url,
139 path,
140 token: 'super token',
141 fields: baseCorrectParams,
142 statusCodeExpected: 401
143 })
0e1dc3e7
C		 144 })
145
146 it('Should fail if we add a user with the same username', async function () {
26d21b78 147 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
0e1dc3e7
C		 148
149 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
150 })
151
152 it('Should fail if we add a user with the same email', async function () {
26d21b78 153 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
0e1dc3e7
C		 154
155 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
156 })
157
77a5501f 158 it('Should fail without a videoQuota', async function () {
26d21b78 159 const fields = omit(baseCorrectParams, 'videoQuota')
77a5501f
C		 160
161 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
162 })
163
164 it('Should fail with an invalid videoQuota', async function () {
26d21b78 165 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
757f0da3
C		 166
167 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
168 })
169
170 it('Should fail without a user role', async function () {
26d21b78 171 const fields = omit(baseCorrectParams, 'role')
757f0da3
C		 172
173 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
174 })
175
176 it('Should fail with an invalid user role', async function () {
26d21b78 177 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
77a5501f
C		 178
179 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
180 })
181
0e1dc3e7 182 it('Should succeed with the correct params', async function () {
26d21b78
C		 183 await makePostBodyRequest({
184 url: server.url,
185 path,
186 token: server.accessToken,
187 fields: baseCorrectParams,
f05a1c30 188 statusCodeExpected: 200
26d21b78 189 })
0e1dc3e7
C		 190 })
191
192 it('Should fail with a non admin user', async function () {
26d21b78 193 const user = {
0e1dc3e7 194 username: 'user1',
0e1dc3e7
C		 195 password: 'my super password'
196 }
26d21b78 197 userAccessToken = await userLogin(server, user)
0e1dc3e7 198
0e1dc3e7
C		 199 const fields = {
200 username: 'user3',
201 email: 'test@example.com',
77a5501f
C		 202 password: 'my super password',
203 videoQuota: 42000000
0e1dc3e7
C		 204 }
205 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
206 })
207 })
208
77a5501f
C		 209 describe('When updating my account', function () {
210 it('Should fail with an invalid email attribute', async function () {
211 const fields = {
212 email: 'blabla'
213 }
0e1dc3e7 214
77a5501f 215 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
0e1dc3e7
C		 216 })
217
218 it('Should fail with a too small password', async function () {
219 const fields = {
220 password: 'bla'
221 }
222
77a5501f 223 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 224 })
225
226 it('Should fail with a too long password', async function () {
227 const fields = {
26d21b78 228 password: 'super'.repeat(61)
0e1dc3e7
C		 229 }
230
77a5501f 231 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 232 })
233
0883b324 234 it('Should fail with an invalid NSFW policy attribute', async function () {
0e1dc3e7 235 const fields = {
0883b324 236 nsfwPolicy: 'hello'
0e1dc3e7
C		 237 }
238
77a5501f 239 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
0e1dc3e7
C		 240 })
241
7efe153b
AL		 242 it('Should fail with an invalid autoPlayVideo attribute', async function () {
243 const fields = {
244 autoPlayVideo: -1
245 }
246
247 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
248 })
249
0e1dc3e7
C		 250 it('Should fail with an non authenticated user', async function () {
251 const fields = {
252 password: 'my super password'
253 }
254
77a5501f 255 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
0e1dc3e7
C		 256 })
257
2422c46b
C		 258 it('Should fail with a too long description', async function () {
259 const fields = {
260 description: 'super'.repeat(60)
261 }
262
263 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
264 })
265
0e1dc3e7
C		 266 it('Should succeed with the correct params', async function () {
267 const fields = {
268 password: 'my super password',
0883b324 269 nsfwPolicy: 'blur',
7efe153b 270 autoPlayVideo: false,
77a5501f 271 email: 'super_email@example.com'
0e1dc3e7
C		 272 }
273
77a5501f
C		 274 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
275 })
276 })
277
c5911fd3
C		 278 describe('When updating my avatar', function () {
279 it('Should fail without an incorrect input file', async function () {
280 const fields = {}
281 const attaches = {
99d10301 282 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
c5911fd3 283 }
ac81d1a0 284 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
c5911fd3
C		 285 })
286
01de67b9
C		 287 it('Should fail with a big file', async function () {
288 const fields = {}
289 const attaches = {
99d10301 290 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
01de67b9 291 }
ac81d1a0 292 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
01de67b9
C		 293 })
294
c5911fd3
C		 295 it('Should succeed with the correct params', async function () {
296 const fields = {}
297 const attaches = {
99d10301 298 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
c5911fd3 299 }
ac81d1a0 300 await makeUploadRequest({
47564bbe
C		 301 url: server.url,
302 path: path + '/me/avatar/pick',
303 token: server.accessToken,
304 fields,
305 attaches,
306 statusCodeExpected: 200
307 })
c5911fd3
C		 308 })
309 })
310
94ff4c23
C		 311 describe('When getting a user', function () {
312 before(async function () {
313 const res = await getUsersList(server.url, server.accessToken)
314
315 userId = res.body.data[1].id
316 })
317
318 it('Should fail with an non authenticated user', async function () {
319 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
320 })
321
322 it('Should fail with a non admin user', async function () {
323 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
324 })
325
326 it('Should succeed with the correct params', async function () {
327 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
328 })
329 })
330
77a5501f
C		 331 describe('When updating a user', function () {
332
333 before(async function () {
86d13ec2 334 const res = await getUsersList(server.url, server.accessToken)
77a5501f
C		 335
336 userId = res.body.data[1].id
337 rootId = res.body.data[2].id
338 })
339
340 it('Should fail with an invalid email attribute', async function () {
341 const fields = {
342 email: 'blabla'
343 }
344
345 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
346 })
347
348 it('Should fail with an invalid videoQuota attribute', async function () {
349 const fields = {
350 videoQuota: -90
351 }
352
353 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
354 })
355
757f0da3
C		 356 it('Should fail with an invalid user role attribute', async function () {
357 const fields = {
358 role: 54878
359 }
360
361 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
362 })
363
77a5501f
C		 364 it('Should fail with an non authenticated user', async function () {
365 const fields = {
366 videoQuota: 42
367 }
368
369 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
370 })
371
f8b8c36b
C		 372 it('Should fail when updating root role', async function () {
373 const fields = {
374 role: UserRole.MODERATOR
375 }
376
377 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
378 })
379
77a5501f
C		 380 it('Should succeed with the correct params', async function () {
381 const fields = {
382 email: 'email@example.com',
757f0da3
C		 383 videoQuota: 42,
384 role: UserRole.MODERATOR
77a5501f
C		 385 }
386
387 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
f8b8c36b 388 userAccessToken = await userLogin(server, user)
0e1dc3e7
C		 389 })
390 })
391
392 describe('When getting my information', function () {
393 it('Should fail with a non authenticated user', async function () {
26d21b78 394 await getMyUserInformation(server.url, 'fake_token', 401)
0e1dc3e7
C		 395 })
396
397 it('Should success with the correct parameters', async function () {
26d21b78 398 await getMyUserInformation(server.url, userAccessToken)
0e1dc3e7
C		 399 })
400 })
401
402 describe('When getting my video rating', function () {
403 it('Should fail with a non authenticated user', async function () {
26d21b78 404 await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
0e1dc3e7
C		 405 })
406
407 it('Should fail with an incorrect video uuid', async function () {
26d21b78 408 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
0e1dc3e7
C		 409 })
410
411 it('Should fail with an unknown video', async function () {
26d21b78 412 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
0e1dc3e7
C		 413 })
414
26d21b78
C		 415 it('Should succeed with the correct parameters', async function () {
416 await getMyUserVideoRating(server.url, server.accessToken, videoId)
0e1dc3e7
C		 417 })
418 })
419
420 describe('When removing an user', function () {
421 it('Should fail with an incorrect id', async function () {
26d21b78 422 await removeUser(server.url, 'blabla', server.accessToken, 400)
0e1dc3e7
C		 423 })
424
425 it('Should fail with the root user', async function () {
26d21b78 426 await removeUser(server.url, rootId, server.accessToken, 400)
0e1dc3e7
C		 427 })
428
429 it('Should return 404 with a non existing id', async function () {
26d21b78 430 await removeUser(server.url, 4545454, server.accessToken, 404)
0e1dc3e7
C		 431 })
432 })
433
434 describe('When register a new user', function () {
435 const registrationPath = path + '/register'
26d21b78
C		 436 const baseCorrectParams = {
437 username: 'user3',
438 email: 'test3@example.com',
439 password: 'my super password'
440 }
0e1dc3e7
C		 441
442 it('Should fail with a too small username', async function () {
26d21b78 443 const fields = immutableAssign(baseCorrectParams, { username: 'ji' })
0e1dc3e7
C		 444
445 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
446 })
447
448 it('Should fail with a too long username', async function () {
26d21b78 449 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
0e1dc3e7
C		 450
451 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
452 })
453
454 it('Should fail with an incorrect username', async function () {
26d21b78 455 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
0e1dc3e7
C		 456
457 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
458 })
459
460 it('Should fail with a missing email', async function () {
26d21b78 461 const fields = omit(baseCorrectParams, 'email')
0e1dc3e7
C		 462
463 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
464 })
465
466 it('Should fail with an invalid email', async function () {
26d21b78 467 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
0e1dc3e7
C		 468
469 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
470 })
471
472 it('Should fail with a too small password', async function () {
26d21b78 473 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
0e1dc3e7
C		 474
475 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
476 })
477
478 it('Should fail with a too long password', async function () {
26d21b78 479 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
0e1dc3e7
C		 480
481 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
482 })
483
484 it('Should fail if we register a user with the same username', async function () {
26d21b78 485 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
0e1dc3e7 486
26d21b78
C		 487 await makePostBodyRequest({
488 url: server.url,
489 path: registrationPath,
490 token: server.accessToken,
491 fields,
492 statusCodeExpected: 409
493 })
0e1dc3e7
C		 494 })
495
496 it('Should fail if we register a user with the same email', async function () {
26d21b78 497 const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
0e1dc3e7 498
26d21b78
C		 499 await makePostBodyRequest({
500 url: server.url,
501 path: registrationPath,
502 token: server.accessToken,
503 fields,
504 statusCodeExpected: 409
505 })
0e1dc3e7
C		 506 })
507
508 it('Should succeed with the correct params', async function () {
26d21b78
C		 509 await makePostBodyRequest({
510 url: server.url,
511 path: registrationPath,
512 token: server.accessToken,
513 fields: baseCorrectParams,
514 statusCodeExpected: 204
515 })
0e1dc3e7
C		 516 })
517
518 it('Should fail on a server with registration disabled', async function () {
519 const fields = {
520 username: 'user4',
521 email: 'test4@example.com',
522 password: 'my super password 4'
523 }
524
525 await makePostBodyRequest({
526 url: serverWithRegistrationDisabled.url,
527 path: registrationPath,
528 token: serverWithRegistrationDisabled.accessToken,
529 fields,
530 statusCodeExpected: 403
531 })
532 })
533 })
534
535 describe('When registering multiple users on a server with users limit', function () {
536 it('Should fail when after 3 registrations', async function () {
537 await registerUser(server.url, 'user42', 'super password', 403)
538 })
539 })
540
77a5501f
C		 541 describe('When having a video quota', function () {
542 it('Should fail with a user having too many video', async function () {
26d21b78
C		 543 await updateUser({
544 url: server.url,
545 userId: rootId,
546 accessToken: server.accessToken,
77a5501f 547 videoQuota: 42
26d21b78 548 })
77a5501f 549
26d21b78 550 await uploadVideo(server.url, server.accessToken, {}, 403)
77a5501f
C		 551 })
552
553 it('Should fail with a registered user having too many video', async function () {
ba12e8b3 554 this.timeout(15000)
77a5501f 555
26d21b78 556 const user = {
77a5501f 557 username: 'user3',
77a5501f
C		 558 password: 'my super password'
559 }
26d21b78 560 userAccessToken = await userLogin(server, user)
77a5501f
C		 561
562 const videoAttributes = { fixture: 'video_short2.webm' }
563 await uploadVideo(server.url, userAccessToken, videoAttributes)
564 await uploadVideo(server.url, userAccessToken, videoAttributes)
565 await uploadVideo(server.url, userAccessToken, videoAttributes)
566 await uploadVideo(server.url, userAccessToken, videoAttributes)
567 await uploadVideo(server.url, userAccessToken, videoAttributes)
568 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
569 })
570 })
571
f076daa7
C		 572 describe('When asking a password reset', function () {
573 const path = '/api/v1/users/ask-reset-password'
574
575 it('Should fail with a missing email', async function () {
576 const fields = {}
577
578 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
579 })
580
581 it('Should fail with an invalid email', async function () {
582 const fields = { email: 'hello' }
583
584 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
585 })
586
587 it('Should success with the correct params', async function () {
588 const fields = { email: 'admin@example.com' }
589
590 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
591 })
592 })
593
0e1dc3e7
C		 594 after(async function () {
595 killallServers([ server, serverWithRegistrationDisabled ])
596
597 // Keep the logs if the test failed
598 if (this['ok']) {
599 await flushTests()
600 }
601 })
602})
ActivityPub-federated video streaming platform using P2P directly in your web browser