]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination, MockSmtpServer } from '@server/tests/shared' | |
4 | import { omit } from '@shared/core-utils' | |
5 | import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models' | |
6 | import { | |
7 | cleanupTests, | |
8 | ConfigCommand, | |
9 | createSingleServer, | |
10 | killallServers, | |
11 | makeGetRequest, | |
12 | makePostBodyRequest, | |
13 | makePutBodyRequest, | |
14 | PeerTubeServer, | |
15 | setAccessTokensToServers | |
16 | } from '@shared/server-commands' | |
17 | ||
18 | describe('Test users admin API validators', function () { | |
19 | const path = '/api/v1/users/' | |
20 | let userId: number | |
21 | let rootId: number | |
22 | let moderatorId: number | |
23 | let server: PeerTubeServer | |
24 | let userToken = '' | |
25 | let moderatorToken = '' | |
26 | let emailPort: number | |
27 | ||
28 | // --------------------------------------------------------------- | |
29 | ||
30 | before(async function () { | |
31 | this.timeout(30000) | |
32 | ||
33 | const emails: object[] = [] | |
34 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | |
35 | ||
36 | { | |
37 | server = await createSingleServer(1) | |
38 | ||
39 | await setAccessTokensToServers([ server ]) | |
40 | } | |
41 | ||
42 | { | |
43 | const result = await server.users.generate('user1') | |
44 | userToken = result.token | |
45 | userId = result.userId | |
46 | } | |
47 | ||
48 | { | |
49 | const result = await server.users.generate('moderator1', UserRole.MODERATOR) | |
50 | moderatorToken = result.token | |
51 | } | |
52 | ||
53 | { | |
54 | const result = await server.users.generate('moderator2', UserRole.MODERATOR) | |
55 | moderatorId = result.userId | |
56 | } | |
57 | }) | |
58 | ||
59 | describe('When listing users', function () { | |
60 | it('Should fail with a bad start pagination', async function () { | |
61 | await checkBadStartPagination(server.url, path, server.accessToken) | |
62 | }) | |
63 | ||
64 | it('Should fail with a bad count pagination', async function () { | |
65 | await checkBadCountPagination(server.url, path, server.accessToken) | |
66 | }) | |
67 | ||
68 | it('Should fail with an incorrect sort', async function () { | |
69 | await checkBadSortPagination(server.url, path, server.accessToken) | |
70 | }) | |
71 | ||
72 | it('Should fail with a non authenticated user', async function () { | |
73 | await makeGetRequest({ | |
74 | url: server.url, | |
75 | path, | |
76 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
77 | }) | |
78 | }) | |
79 | ||
80 | it('Should fail with a non admin user', async function () { | |
81 | await makeGetRequest({ | |
82 | url: server.url, | |
83 | path, | |
84 | token: userToken, | |
85 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
86 | }) | |
87 | }) | |
88 | }) | |
89 | ||
90 | describe('When adding a new user', function () { | |
91 | const baseCorrectParams = { | |
92 | username: 'user2', | |
93 | email: 'test@example.com', | |
94 | password: 'my super password', | |
95 | videoQuota: -1, | |
96 | videoQuotaDaily: -1, | |
97 | role: UserRole.USER, | |
98 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | |
99 | } | |
100 | ||
101 | it('Should fail with a too small username', async function () { | |
102 | const fields = { ...baseCorrectParams, username: '' } | |
103 | ||
104 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
105 | }) | |
106 | ||
107 | it('Should fail with a too long username', async function () { | |
108 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | |
109 | ||
110 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
111 | }) | |
112 | ||
113 | it('Should fail with a not lowercase username', async function () { | |
114 | const fields = { ...baseCorrectParams, username: 'Toto' } | |
115 | ||
116 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
117 | }) | |
118 | ||
119 | it('Should fail with an incorrect username', async function () { | |
120 | const fields = { ...baseCorrectParams, username: 'my username' } | |
121 | ||
122 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
123 | }) | |
124 | ||
125 | it('Should fail with a missing email', async function () { | |
126 | const fields = omit(baseCorrectParams, [ 'email' ]) | |
127 | ||
128 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
129 | }) | |
130 | ||
131 | it('Should fail with an invalid email', async function () { | |
132 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | |
133 | ||
134 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
135 | }) | |
136 | ||
137 | it('Should fail with a too small password', async function () { | |
138 | const fields = { ...baseCorrectParams, password: 'bla' } | |
139 | ||
140 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
141 | }) | |
142 | ||
143 | it('Should fail with a too long password', async function () { | |
144 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | |
145 | ||
146 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
147 | }) | |
148 | ||
149 | it('Should fail with empty password and no smtp configured', async function () { | |
150 | const fields = { ...baseCorrectParams, password: '' } | |
151 | ||
152 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
153 | }) | |
154 | ||
155 | it('Should succeed with no password on a server with smtp enabled', async function () { | |
156 | this.timeout(20000) | |
157 | ||
158 | await killallServers([ server ]) | |
159 | ||
160 | await server.run(ConfigCommand.getEmailOverrideConfig(emailPort)) | |
161 | ||
162 | const fields = { | |
163 | ...baseCorrectParams, | |
164 | ||
165 | password: '', | |
166 | username: 'create_password', | |
167 | email: 'create_password@example.com' | |
168 | } | |
169 | ||
170 | await makePostBodyRequest({ | |
171 | url: server.url, | |
172 | path, | |
173 | token: server.accessToken, | |
174 | fields, | |
175 | expectedStatus: HttpStatusCode.OK_200 | |
176 | }) | |
177 | }) | |
178 | ||
179 | it('Should fail with invalid admin flags', async function () { | |
180 | const fields = { ...baseCorrectParams, adminFlags: 'toto' } | |
181 | ||
182 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
183 | }) | |
184 | ||
185 | it('Should fail with an non authenticated user', async function () { | |
186 | await makePostBodyRequest({ | |
187 | url: server.url, | |
188 | path, | |
189 | token: 'super token', | |
190 | fields: baseCorrectParams, | |
191 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
192 | }) | |
193 | }) | |
194 | ||
195 | it('Should fail if we add a user with the same username', async function () { | |
196 | const fields = { ...baseCorrectParams, username: 'user1' } | |
197 | ||
198 | await makePostBodyRequest({ | |
199 | url: server.url, | |
200 | path, | |
201 | token: server.accessToken, | |
202 | fields, | |
203 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
204 | }) | |
205 | }) | |
206 | ||
207 | it('Should fail if we add a user with the same email', async function () { | |
208 | const fields = { ...baseCorrectParams, email: 'user1@example.com' } | |
209 | ||
210 | await makePostBodyRequest({ | |
211 | url: server.url, | |
212 | path, | |
213 | token: server.accessToken, | |
214 | fields, | |
215 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
216 | }) | |
217 | }) | |
218 | ||
219 | it('Should fail without a videoQuota', async function () { | |
220 | const fields = omit(baseCorrectParams, [ 'videoQuota' ]) | |
221 | ||
222 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
223 | }) | |
224 | ||
225 | it('Should fail without a videoQuotaDaily', async function () { | |
226 | const fields = omit(baseCorrectParams, [ 'videoQuotaDaily' ]) | |
227 | ||
228 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
229 | }) | |
230 | ||
231 | it('Should fail with an invalid videoQuota', async function () { | |
232 | const fields = { ...baseCorrectParams, videoQuota: -5 } | |
233 | ||
234 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
235 | }) | |
236 | ||
237 | it('Should fail with an invalid videoQuotaDaily', async function () { | |
238 | const fields = { ...baseCorrectParams, videoQuotaDaily: -7 } | |
239 | ||
240 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
241 | }) | |
242 | ||
243 | it('Should fail without a user role', async function () { | |
244 | const fields = omit(baseCorrectParams, [ 'role' ]) | |
245 | ||
246 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
247 | }) | |
248 | ||
249 | it('Should fail with an invalid user role', async function () { | |
250 | const fields = { ...baseCorrectParams, role: 88989 } | |
251 | ||
252 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
253 | }) | |
254 | ||
255 | it('Should fail with a "peertube" username', async function () { | |
256 | const fields = { ...baseCorrectParams, username: 'peertube' } | |
257 | ||
258 | await makePostBodyRequest({ | |
259 | url: server.url, | |
260 | path, | |
261 | token: server.accessToken, | |
262 | fields, | |
263 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
264 | }) | |
265 | }) | |
266 | ||
267 | it('Should fail to create a moderator or an admin with a moderator', async function () { | |
268 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | |
269 | const fields = { ...baseCorrectParams, role } | |
270 | ||
271 | await makePostBodyRequest({ | |
272 | url: server.url, | |
273 | path, | |
274 | token: moderatorToken, | |
275 | fields, | |
276 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
277 | }) | |
278 | } | |
279 | }) | |
280 | ||
281 | it('Should succeed to create a user with a moderator', async function () { | |
282 | const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER } | |
283 | ||
284 | await makePostBodyRequest({ | |
285 | url: server.url, | |
286 | path, | |
287 | token: moderatorToken, | |
288 | fields, | |
289 | expectedStatus: HttpStatusCode.OK_200 | |
290 | }) | |
291 | }) | |
292 | ||
293 | it('Should succeed with the correct params', async function () { | |
294 | await makePostBodyRequest({ | |
295 | url: server.url, | |
296 | path, | |
297 | token: server.accessToken, | |
298 | fields: baseCorrectParams, | |
299 | expectedStatus: HttpStatusCode.OK_200 | |
300 | }) | |
301 | }) | |
302 | ||
303 | it('Should fail with a non admin user', async function () { | |
304 | const user = { username: 'user1' } | |
305 | userToken = await server.login.getAccessToken(user) | |
306 | ||
307 | const fields = { | |
308 | username: 'user3', | |
309 | email: 'test@example.com', | |
310 | password: 'my super password', | |
311 | videoQuota: 42000000 | |
312 | } | |
313 | await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
314 | }) | |
315 | }) | |
316 | ||
317 | describe('When getting a user', function () { | |
318 | ||
319 | it('Should fail with an non authenticated user', async function () { | |
320 | await makeGetRequest({ | |
321 | url: server.url, | |
322 | path: path + userId, | |
323 | token: 'super token', | |
324 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
325 | }) | |
326 | }) | |
327 | ||
328 | it('Should fail with a non admin user', async function () { | |
329 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
330 | }) | |
331 | ||
332 | it('Should succeed with the correct params', async function () { | |
333 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | |
334 | }) | |
335 | }) | |
336 | ||
337 | describe('When updating a user', function () { | |
338 | ||
339 | it('Should fail with an invalid email attribute', async function () { | |
340 | const fields = { | |
341 | email: 'blabla' | |
342 | } | |
343 | ||
344 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
345 | }) | |
346 | ||
347 | it('Should fail with an invalid emailVerified attribute', async function () { | |
348 | const fields = { | |
349 | emailVerified: 'yes' | |
350 | } | |
351 | ||
352 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
353 | }) | |
354 | ||
355 | it('Should fail with an invalid videoQuota attribute', async function () { | |
356 | const fields = { | |
357 | videoQuota: -90 | |
358 | } | |
359 | ||
360 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
361 | }) | |
362 | ||
363 | it('Should fail with an invalid user role attribute', async function () { | |
364 | const fields = { | |
365 | role: 54878 | |
366 | } | |
367 | ||
368 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
369 | }) | |
370 | ||
371 | it('Should fail with a too small password', async function () { | |
372 | const fields = { | |
373 | currentPassword: 'password', | |
374 | password: 'bla' | |
375 | } | |
376 | ||
377 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
378 | }) | |
379 | ||
380 | it('Should fail with a too long password', async function () { | |
381 | const fields = { | |
382 | currentPassword: 'password', | |
383 | password: 'super'.repeat(61) | |
384 | } | |
385 | ||
386 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
387 | }) | |
388 | ||
389 | it('Should fail with an non authenticated user', async function () { | |
390 | const fields = { | |
391 | videoQuota: 42 | |
392 | } | |
393 | ||
394 | await makePutBodyRequest({ | |
395 | url: server.url, | |
396 | path: path + userId, | |
397 | token: 'super token', | |
398 | fields, | |
399 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
400 | }) | |
401 | }) | |
402 | ||
403 | it('Should fail when updating root role', async function () { | |
404 | const fields = { | |
405 | role: UserRole.MODERATOR | |
406 | } | |
407 | ||
408 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | |
409 | }) | |
410 | ||
411 | it('Should fail with invalid admin flags', async function () { | |
412 | const fields = { adminFlags: 'toto' } | |
413 | ||
414 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
415 | }) | |
416 | ||
417 | it('Should fail to update an admin with a moderator', async function () { | |
418 | const fields = { | |
419 | videoQuota: 42 | |
420 | } | |
421 | ||
422 | await makePutBodyRequest({ | |
423 | url: server.url, | |
424 | path: path + moderatorId, | |
425 | token: moderatorToken, | |
426 | fields, | |
427 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
428 | }) | |
429 | }) | |
430 | ||
431 | it('Should succeed to update a user with a moderator', async function () { | |
432 | const fields = { | |
433 | videoQuota: 42 | |
434 | } | |
435 | ||
436 | await makePutBodyRequest({ | |
437 | url: server.url, | |
438 | path: path + userId, | |
439 | token: moderatorToken, | |
440 | fields, | |
441 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
442 | }) | |
443 | }) | |
444 | ||
445 | it('Should succeed with the correct params', async function () { | |
446 | const fields = { | |
447 | email: 'email@example.com', | |
448 | emailVerified: true, | |
449 | videoQuota: 42, | |
450 | role: UserRole.USER | |
451 | } | |
452 | ||
453 | await makePutBodyRequest({ | |
454 | url: server.url, | |
455 | path: path + userId, | |
456 | token: server.accessToken, | |
457 | fields, | |
458 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
459 | }) | |
460 | }) | |
461 | }) | |
462 | ||
463 | after(async function () { | |
464 | MockSmtpServer.Instance.kill() | |
465 | ||
466 | await cleanupTests([ server ]) | |
467 | }) | |
468 | }) |