[github/Chocobozzz/PeerTube.git] / server / tests / api / users / users-email-verification.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import { expect } from 'chai'
import { MockSmtpServer } from '@server/tests/shared'
import { HttpStatusCode } from '@shared/models'
import {
  cleanupTests,
  ConfigCommand,
  createSingleServer,
  PeerTubeServer,
  setAccessTokensToServers,
  waitJobs
} from '@shared/server-commands'

describe('Test users email verification', function () {
  let server: PeerTubeServer
  let userId: number
  let userAccessToken: string
  let verificationString: string
  let expectedEmailsLength = 0
  const user1 = {
    username: 'user_1',
    password: 'super password'
  }
  const user2 = {
    username: 'user_2',
    password: 'super password'
  }
  const emails: object[] = []

  before(async function () {
    this.timeout(30000)

    const port = await MockSmtpServer.Instance.collectEmails(emails)
    server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(port))

    await setAccessTokensToServers([ server ])
  })

  it('Should register user and send verification email if verification required', async function () {
    this.timeout(30000)

    await server.config.updateExistingSubConfig({
      newConfig: {
        signup: {
          enabled: true,
          requiresApproval: false,
          requiresEmailVerification: true,
          limit: 10
        }
      }
    })

    await server.registrations.register(user1)

    await waitJobs(server)
    expectedEmailsLength++
    expect(emails).to.have.lengthOf(expectedEmailsLength)

    const email = emails[expectedEmailsLength - 1]

    const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
    expect(verificationStringMatches).not.to.be.null

    verificationString = verificationStringMatches[1]
    expect(verificationString).to.have.length.above(2)

    const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
    expect(userIdMatches).not.to.be.null

    userId = parseInt(userIdMatches[1], 10)

    const body = await server.users.get({ userId })
    expect(body.emailVerified).to.be.false
  })

  it('Should not allow login for user with unverified email', async function () {
    const { detail } = await server.login.login({ user: user1, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    expect(detail).to.contain('User email is not verified.')
  })

  it('Should verify the user via email and allow login', async function () {
    await server.users.verifyEmail({ userId, verificationString })

    const body = await server.login.login({ user: user1 })
    userAccessToken = body.access_token

    const user = await server.users.get({ userId })
    expect(user.emailVerified).to.be.true
  })

  it('Should be able to change the user email', async function () {
    this.timeout(10000)

    let updateVerificationString: string

    {
      await server.users.updateMe({
        token: userAccessToken,
        email: 'updated@example.com',
        currentPassword: user1.password
      })

      await waitJobs(server)
      expectedEmailsLength++
      expect(emails).to.have.lengthOf(expectedEmailsLength)

      const email = emails[expectedEmailsLength - 1]

      const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
      updateVerificationString = verificationStringMatches[1]
    }

    {
      const me = await server.users.getMyInfo({ token: userAccessToken })
      expect(me.email).to.equal('user_1@example.com')
      expect(me.pendingEmail).to.equal('updated@example.com')
    }

    {
      await server.users.verifyEmail({ userId, verificationString: updateVerificationString, isPendingEmail: true })

      const me = await server.users.getMyInfo({ token: userAccessToken })
      expect(me.email).to.equal('updated@example.com')
      expect(me.pendingEmail).to.be.null
    }
  })

  it('Should register user not requiring email verification if setting not enabled', async function () {
    this.timeout(5000)
    await server.config.updateExistingSubConfig({
      newConfig: {
        signup: {
          requiresEmailVerification: false
        }
      }
    })

    await server.registrations.register(user2)

    await waitJobs(server)
    expect(emails).to.have.lengthOf(expectedEmailsLength)

    const accessToken = await server.login.getAccessToken(user2)

    const user = await server.users.getMyInfo({ token: accessToken })
    expect(user.emailVerified).to.be.null
  })

  it('Should allow login for user with unverified email when setting later enabled', async function () {
    await server.config.updateCustomSubConfig({
      newConfig: {
        signup: {
          requiresEmailVerification: true
        }
      }
    })

    await server.login.getAccessToken(user2)
  })

  after(async function () {
    MockSmtpServer.Instance.kill()

    await cleanupTests([ server ])
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
d9eaee39	2
86347717	3	import { expect } from 'chai'
c55e3d72	4	import { MockSmtpServer } from '@server/tests/shared'
4c7e60bc	5	import { HttpStatusCode } from '@shared/models'
b379759f C	6	import {
	7	cleanupTests,
	8	ConfigCommand,
	9	createSingleServer,
	10	PeerTubeServer,
	11	setAccessTokensToServers,
	12	waitJobs
	13	} from '@shared/server-commands'
	14
	15	describe('Test users email verification', function () {
254d3579	16	let server: PeerTubeServer
d9eaee39	17	let userId: number
d1ab89de	18	let userAccessToken: string
d9eaee39 JM	19	let verificationString: string
	20	let expectedEmailsLength = 0
	21	const user1 = {
	22	username: 'user_1',
	23	password: 'super password'
	24	}
	25	const user2 = {
	26	username: 'user_2',
	27	password: 'super password'
	28	}
	29	const emails: object[] = []
	30
	31	before(async function () {
	32	this.timeout(30000)
	33
7243f84d	34	const port = await MockSmtpServer.Instance.collectEmails(emails)
b379759f	35	server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(port))
d9eaee39 JM	36
	37	await setAccessTokensToServers([ server ])
	38	})
	39
	40	it('Should register user and send verification email if verification required', async function () {
59fd824c C	41	this.timeout(30000)
59fd824c C	42
b379759f	43	await server.config.updateExistingSubConfig({
65e6e260 C	44	newConfig: {
	45	signup: {
	46	enabled: true,
b379759f	47	requiresApproval: false,
65e6e260 C	48	requiresEmailVerification: true,
	49	limit: 10
	50	}
d9eaee39 JM	51	}
	52	})
	53
b379759f	54	await server.registrations.register(user1)
d9eaee39 JM	55
	56	await waitJobs(server)
	57	expectedEmailsLength++
	58	expect(emails).to.have.lengthOf(expectedEmailsLength)
	59
	60	const email = emails[expectedEmailsLength - 1]
	61
	62	const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
	63	expect(verificationStringMatches).not.to.be.null
	64
	65	verificationString = verificationStringMatches[1]
	66	expect(verificationString).to.have.length.above(2)
	67
	68	const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
	69	expect(userIdMatches).not.to.be.null
	70
	71	userId = parseInt(userIdMatches[1], 10)
	72
89d241a7	73	const body = await server.users.get({ userId })
7926c5f9	74	expect(body.emailVerified).to.be.false
d9eaee39 JM	75	})
	76
	77	it('Should not allow login for user with unverified email', async function () {
89d241a7	78	const { detail } = await server.login.login({ user: user1, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
41d1d075	79	expect(detail).to.contain('User email is not verified.')
d9eaee39 JM	80	})
	81
	82	it('Should verify the user via email and allow login', async function () {
89d241a7	83	await server.users.verifyEmail({ userId, verificationString })
d1ab89de	84
89d241a7	85	const body = await server.login.login({ user: user1 })
41d1d075	86	userAccessToken = body.access_token
d1ab89de	87
89d241a7	88	const user = await server.users.get({ userId })
7926c5f9	89	expect(user.emailVerified).to.be.true
d9eaee39 JM	90	})
d9eaee39 JM	91
d1ab89de	92	it('Should be able to change the user email', async function () {
2dbc170d C	93	this.timeout(10000)
2dbc170d C	94
d1ab89de C	95	let updateVerificationString: string
	96
	97	{
89d241a7	98	await server.users.updateMe({
7926c5f9	99	token: userAccessToken,
5efab546 C	100	email: 'updated@example.com',
5efab546 C	101	currentPassword: user1.password
d1ab89de C	102	})
	103
	104	await waitJobs(server)
	105	expectedEmailsLength++
	106	expect(emails).to.have.lengthOf(expectedEmailsLength)
	107
	108	const email = emails[expectedEmailsLength - 1]
	109
	110	const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
	111	updateVerificationString = verificationStringMatches[1]
	112	}
	113
	114	{
89d241a7	115	const me = await server.users.getMyInfo({ token: userAccessToken })
d1ab89de C	116	expect(me.email).to.equal('user_1@example.com')
	117	expect(me.pendingEmail).to.equal('updated@example.com')
	118	}
	119
	120	{
89d241a7	121	await server.users.verifyEmail({ userId, verificationString: updateVerificationString, isPendingEmail: true })
d1ab89de	122
89d241a7	123	const me = await server.users.getMyInfo({ token: userAccessToken })
d1ab89de C	124	expect(me.email).to.equal('updated@example.com')
	125	expect(me.pendingEmail).to.be.null
	126	}
	127	})
	128
d9eaee39 JM	129	it('Should register user not requiring email verification if setting not enabled', async function () {
d9eaee39 JM	130	this.timeout(5000)
b379759f	131	await server.config.updateExistingSubConfig({
65e6e260 C	132	newConfig: {
65e6e260 C	133	signup: {
b379759f	134	requiresEmailVerification: false
65e6e260	135	}
d9eaee39 JM	136	}
	137	})
	138
b379759f	139	await server.registrations.register(user2)
d9eaee39 JM	140
	141	await waitJobs(server)
	142	expect(emails).to.have.lengthOf(expectedEmailsLength)
	143
89d241a7	144	const accessToken = await server.login.getAccessToken(user2)
d9eaee39	145
89d241a7	146	const user = await server.users.getMyInfo({ token: accessToken })
7926c5f9	147	expect(user.emailVerified).to.be.null
d9eaee39 JM	148	})
	149
	150	it('Should allow login for user with unverified email when setting later enabled', async function () {
89d241a7	151	await server.config.updateCustomSubConfig({
65e6e260 C	152	newConfig: {
65e6e260 C	153	signup: {
b379759f	154	requiresEmailVerification: true
65e6e260	155	}
d9eaee39 JM	156	}
	157	})
	158
89d241a7	159	await server.login.getAccessToken(user2)
d9eaee39 JM	160	})
d9eaee39 JM	161
7c3b7976	162	after(async function () {
89ada4e2	163	MockSmtpServer.Instance.kill()
7c3b7976 C	164
7c3b7976 C	165	await cleanupTests([ server ])
d9eaee39 JM	166	})
d9eaee39 JM	167	})