[github/Chocobozzz/PeerTube.git] / server / tests / api / users / users-verification.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import * as chai from 'chai'
import 'mocha'
import {
  cleanupTests,
  flushAndRunServer,
  getMyUserInformation,
  getUserInformation,
  login,
  registerUser,
  ServerInfo,
  updateCustomSubConfig,
  updateMyUser,
  userLogin,
  verifyEmail
} from '../../../../shared/extra-utils'
import { setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
import { MockSmtpServer } from '../../../../shared/extra-utils/miscs/email'
import { waitJobs } from '../../../../shared/extra-utils/server/jobs'
import { User } from '../../../../shared/models/users'
import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'

const expect = chai.expect

describe('Test users account verification', function () {
  let server: ServerInfo
  let userId: number
  let userAccessToken: string
  let verificationString: string
  let expectedEmailsLength = 0
  const user1 = {
    username: 'user_1',
    password: 'super password'
  }
  const user2 = {
    username: 'user_2',
    password: 'super password'
  }
  const emails: object[] = []

  before(async function () {
    this.timeout(30000)

    const port = await MockSmtpServer.Instance.collectEmails(emails)

    const overrideConfig = {
      smtp: {
        hostname: 'localhost',
        port
      }
    }
    server = await flushAndRunServer(1, overrideConfig)

    await setAccessTokensToServers([ server ])
  })

  it('Should register user and send verification email if verification required', async function () {
    this.timeout(30000)

    await updateCustomSubConfig(server.url, server.accessToken, {
      signup: {
        enabled: true,
        requiresEmailVerification: true,
        limit: 10
      }
    })

    await registerUser(server.url, user1.username, user1.password)

    await waitJobs(server)
    expectedEmailsLength++
    expect(emails).to.have.lengthOf(expectedEmailsLength)

    const email = emails[expectedEmailsLength - 1]

    const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
    expect(verificationStringMatches).not.to.be.null

    verificationString = verificationStringMatches[1]
    expect(verificationString).to.have.length.above(2)

    const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
    expect(userIdMatches).not.to.be.null

    userId = parseInt(userIdMatches[1], 10)

    const resUserInfo = await getUserInformation(server.url, server.accessToken, userId)
    expect(resUserInfo.body.emailVerified).to.be.false
  })

  it('Should not allow login for user with unverified email', async function () {
    const resLogin = await login(server.url, server.client, user1, HttpStatusCode.BAD_REQUEST_400)
    expect(resLogin.body.detail).to.contain('User email is not verified.')
  })

  it('Should verify the user via email and allow login', async function () {
    await verifyEmail(server.url, userId, verificationString)

    const res = await login(server.url, server.client, user1)
    userAccessToken = res.body.access_token

    const resUserVerified = await getUserInformation(server.url, server.accessToken, userId)
    expect(resUserVerified.body.emailVerified).to.be.true
  })

  it('Should be able to change the user email', async function () {
    this.timeout(10000)

    let updateVerificationString: string

    {
      await updateMyUser({
        url: server.url,
        accessToken: userAccessToken,
        email: 'updated@example.com',
        currentPassword: user1.password
      })

      await waitJobs(server)
      expectedEmailsLength++
      expect(emails).to.have.lengthOf(expectedEmailsLength)

      const email = emails[expectedEmailsLength - 1]

      const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
      updateVerificationString = verificationStringMatches[1]
    }

    {
      const res = await getMyUserInformation(server.url, userAccessToken)
      const me: User = res.body

      expect(me.email).to.equal('user_1@example.com')
      expect(me.pendingEmail).to.equal('updated@example.com')
    }

    {
      await verifyEmail(server.url, userId, updateVerificationString, true)

      const res = await getMyUserInformation(server.url, userAccessToken)
      const me: User = res.body

      expect(me.email).to.equal('updated@example.com')
      expect(me.pendingEmail).to.be.null
    }
  })

  it('Should register user not requiring email verification if setting not enabled', async function () {
    this.timeout(5000)
    await updateCustomSubConfig(server.url, server.accessToken, {
      signup: {
        enabled: true,
        requiresEmailVerification: false,
        limit: 10
      }
    })

    await registerUser(server.url, user2.username, user2.password)

    await waitJobs(server)
    expect(emails).to.have.lengthOf(expectedEmailsLength)

    const accessToken = await userLogin(server, user2)

    const resMyUserInfo = await getMyUserInformation(server.url, accessToken)
    expect(resMyUserInfo.body.emailVerified).to.be.null
  })

  it('Should allow login for user with unverified email when setting later enabled', async function () {
    await updateCustomSubConfig(server.url, server.accessToken, {
      signup: {
        enabled: true,
        requiresEmailVerification: true,
        limit: 10
      }
    })

    await userLogin(server, user2)
  })

  after(async function () {
    MockSmtpServer.Instance.kill()

    await cleanupTests([ server ])
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
d9eaee39 JM	2
	3	import * as chai from 'chai'
	4	import 'mocha'
	5	import {
d1ab89de C	6	cleanupTests,
	7	flushAndRunServer,
	8	getMyUserInformation,
	9	getUserInformation,
	10	login,
	11	registerUser,
	12	ServerInfo,
	13	updateCustomSubConfig,
	14	updateMyUser,
	15	userLogin,
	16	verifyEmail
94565d52 C	17	} from '../../../../shared/extra-utils'
	18	import { setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
	19	import { MockSmtpServer } from '../../../../shared/extra-utils/miscs/email'
	20	import { waitJobs } from '../../../../shared/extra-utils/server/jobs'
d1ab89de	21	import { User } from '../../../../shared/models/users'
76148b27	22	import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
d9eaee39 JM	23
	24	const expect = chai.expect
	25
	26	describe('Test users account verification', function () {
	27	let server: ServerInfo
	28	let userId: number
d1ab89de	29	let userAccessToken: string
d9eaee39 JM	30	let verificationString: string
	31	let expectedEmailsLength = 0
	32	const user1 = {
	33	username: 'user_1',
	34	password: 'super password'
	35	}
	36	const user2 = {
	37	username: 'user_2',
	38	password: 'super password'
	39	}
	40	const emails: object[] = []
	41
	42	before(async function () {
	43	this.timeout(30000)
	44
7243f84d	45	const port = await MockSmtpServer.Instance.collectEmails(emails)
d9eaee39	46
d9eaee39 JM	47	const overrideConfig = {
d9eaee39 JM	48	smtp: {
7243f84d C	49	hostname: 'localhost',
7243f84d C	50	port
d9eaee39 JM	51	}
d9eaee39 JM	52	}
210feb6c	53	server = await flushAndRunServer(1, overrideConfig)
d9eaee39 JM	54
	55	await setAccessTokensToServers([ server ])
	56	})
	57
	58	it('Should register user and send verification email if verification required', async function () {
59fd824c C	59	this.timeout(30000)
59fd824c C	60
d9eaee39 JM	61	await updateCustomSubConfig(server.url, server.accessToken, {
	62	signup: {
	63	enabled: true,
	64	requiresEmailVerification: true,
	65	limit: 10
	66	}
	67	})
	68
	69	await registerUser(server.url, user1.username, user1.password)
	70
	71	await waitJobs(server)
	72	expectedEmailsLength++
	73	expect(emails).to.have.lengthOf(expectedEmailsLength)
	74
	75	const email = emails[expectedEmailsLength - 1]
	76
	77	const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
	78	expect(verificationStringMatches).not.to.be.null
	79
	80	verificationString = verificationStringMatches[1]
	81	expect(verificationString).to.have.length.above(2)
	82
	83	const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
	84	expect(userIdMatches).not.to.be.null
	85
	86	userId = parseInt(userIdMatches[1], 10)
	87
	88	const resUserInfo = await getUserInformation(server.url, server.accessToken, userId)
	89	expect(resUserInfo.body.emailVerified).to.be.false
	90	})
	91
	92	it('Should not allow login for user with unverified email', async function () {
76148b27 RK	93	const resLogin = await login(server.url, server.client, user1, HttpStatusCode.BAD_REQUEST_400)
76148b27 RK	94	expect(resLogin.body.detail).to.contain('User email is not verified.')
d9eaee39 JM	95	})
	96
	97	it('Should verify the user via email and allow login', async function () {
	98	await verifyEmail(server.url, userId, verificationString)
d1ab89de C	99
	100	const res = await login(server.url, server.client, user1)
	101	userAccessToken = res.body.access_token
	102
d9eaee39 JM	103	const resUserVerified = await getUserInformation(server.url, server.accessToken, userId)
	104	expect(resUserVerified.body.emailVerified).to.be.true
	105	})
	106
d1ab89de	107	it('Should be able to change the user email', async function () {
2dbc170d C	108	this.timeout(10000)
2dbc170d C	109
d1ab89de C	110	let updateVerificationString: string
	111
	112	{
	113	await updateMyUser({
	114	url: server.url,
	115	accessToken: userAccessToken,
5efab546 C	116	email: 'updated@example.com',
5efab546 C	117	currentPassword: user1.password
d1ab89de C	118	})
	119
	120	await waitJobs(server)
	121	expectedEmailsLength++
	122	expect(emails).to.have.lengthOf(expectedEmailsLength)
	123
	124	const email = emails[expectedEmailsLength - 1]
	125
	126	const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
	127	updateVerificationString = verificationStringMatches[1]
	128	}
	129
	130	{
	131	const res = await getMyUserInformation(server.url, userAccessToken)
	132	const me: User = res.body
	133
	134	expect(me.email).to.equal('user_1@example.com')
	135	expect(me.pendingEmail).to.equal('updated@example.com')
	136	}
	137
	138	{
	139	await verifyEmail(server.url, userId, updateVerificationString, true)
	140
	141	const res = await getMyUserInformation(server.url, userAccessToken)
	142	const me: User = res.body
	143
	144	expect(me.email).to.equal('updated@example.com')
	145	expect(me.pendingEmail).to.be.null
	146	}
	147	})
	148
d9eaee39 JM	149	it('Should register user not requiring email verification if setting not enabled', async function () {
	150	this.timeout(5000)
	151	await updateCustomSubConfig(server.url, server.accessToken, {
	152	signup: {
	153	enabled: true,
	154	requiresEmailVerification: false,
	155	limit: 10
	156	}
	157	})
	158
	159	await registerUser(server.url, user2.username, user2.password)
	160
	161	await waitJobs(server)
	162	expect(emails).to.have.lengthOf(expectedEmailsLength)
	163
	164	const accessToken = await userLogin(server, user2)
	165
	166	const resMyUserInfo = await getMyUserInformation(server.url, accessToken)
	167	expect(resMyUserInfo.body.emailVerified).to.be.null
	168	})
	169
	170	it('Should allow login for user with unverified email when setting later enabled', async function () {
	171	await updateCustomSubConfig(server.url, server.accessToken, {
	172	signup: {
	173	enabled: true,
	174	requiresEmailVerification: true,
	175	limit: 10
	176	}
	177	})
	178
	179	await userLogin(server, user2)
	180	})
	181
7c3b7976	182	after(async function () {
89ada4e2	183	MockSmtpServer.Instance.kill()
7c3b7976 C	184
7c3b7976 C	185	await cleanupTests([ server ])
d9eaee39 JM	186	})
d9eaee39 JM	187	})