]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import 'mocha' | |
4 | import { omit } from 'lodash' | |
5 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination, MockSmtpServer } from '@server/tests/shared' | |
6 | import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models' | |
7 | import { | |
8 | cleanupTests, | |
9 | createSingleServer, | |
10 | killallServers, | |
11 | makeGetRequest, | |
12 | makePostBodyRequest, | |
13 | makePutBodyRequest, | |
14 | PeerTubeServer, | |
15 | setAccessTokensToServers | |
16 | } from '@shared/server-commands' | |
17 | ||
18 | describe('Test users admin API validators', function () { | |
19 | const path = '/api/v1/users/' | |
20 | let userId: number | |
21 | let rootId: number | |
22 | let moderatorId: number | |
23 | let server: PeerTubeServer | |
24 | let userToken = '' | |
25 | let moderatorToken = '' | |
26 | let emailPort: number | |
27 | ||
28 | // --------------------------------------------------------------- | |
29 | ||
30 | before(async function () { | |
31 | this.timeout(30000) | |
32 | ||
33 | const emails: object[] = [] | |
34 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | |
35 | ||
36 | { | |
37 | server = await createSingleServer(1) | |
38 | ||
39 | await setAccessTokensToServers([ server ]) | |
40 | } | |
41 | ||
42 | { | |
43 | const result = await server.users.generate('user1') | |
44 | userToken = result.token | |
45 | userId = result.userId | |
46 | } | |
47 | ||
48 | { | |
49 | const result = await server.users.generate('moderator1', UserRole.MODERATOR) | |
50 | moderatorToken = result.token | |
51 | } | |
52 | ||
53 | { | |
54 | const result = await server.users.generate('moderator2', UserRole.MODERATOR) | |
55 | moderatorId = result.userId | |
56 | } | |
57 | }) | |
58 | ||
59 | describe('When listing users', function () { | |
60 | it('Should fail with a bad start pagination', async function () { | |
61 | await checkBadStartPagination(server.url, path, server.accessToken) | |
62 | }) | |
63 | ||
64 | it('Should fail with a bad count pagination', async function () { | |
65 | await checkBadCountPagination(server.url, path, server.accessToken) | |
66 | }) | |
67 | ||
68 | it('Should fail with an incorrect sort', async function () { | |
69 | await checkBadSortPagination(server.url, path, server.accessToken) | |
70 | }) | |
71 | ||
72 | it('Should fail with a non authenticated user', async function () { | |
73 | await makeGetRequest({ | |
74 | url: server.url, | |
75 | path, | |
76 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
77 | }) | |
78 | }) | |
79 | ||
80 | it('Should fail with a non admin user', async function () { | |
81 | await makeGetRequest({ | |
82 | url: server.url, | |
83 | path, | |
84 | token: userToken, | |
85 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
86 | }) | |
87 | }) | |
88 | }) | |
89 | ||
90 | describe('When adding a new user', function () { | |
91 | const baseCorrectParams = { | |
92 | username: 'user2', | |
93 | email: 'test@example.com', | |
94 | password: 'my super password', | |
95 | videoQuota: -1, | |
96 | videoQuotaDaily: -1, | |
97 | role: UserRole.USER, | |
98 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | |
99 | } | |
100 | ||
101 | it('Should fail with a too small username', async function () { | |
102 | const fields = { ...baseCorrectParams, username: '' } | |
103 | ||
104 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
105 | }) | |
106 | ||
107 | it('Should fail with a too long username', async function () { | |
108 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | |
109 | ||
110 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
111 | }) | |
112 | ||
113 | it('Should fail with a not lowercase username', async function () { | |
114 | const fields = { ...baseCorrectParams, username: 'Toto' } | |
115 | ||
116 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
117 | }) | |
118 | ||
119 | it('Should fail with an incorrect username', async function () { | |
120 | const fields = { ...baseCorrectParams, username: 'my username' } | |
121 | ||
122 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
123 | }) | |
124 | ||
125 | it('Should fail with a missing email', async function () { | |
126 | const fields = omit(baseCorrectParams, 'email') | |
127 | ||
128 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
129 | }) | |
130 | ||
131 | it('Should fail with an invalid email', async function () { | |
132 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | |
133 | ||
134 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
135 | }) | |
136 | ||
137 | it('Should fail with a too small password', async function () { | |
138 | const fields = { ...baseCorrectParams, password: 'bla' } | |
139 | ||
140 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
141 | }) | |
142 | ||
143 | it('Should fail with a too long password', async function () { | |
144 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | |
145 | ||
146 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
147 | }) | |
148 | ||
149 | it('Should fail with empty password and no smtp configured', async function () { | |
150 | const fields = { ...baseCorrectParams, password: '' } | |
151 | ||
152 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
153 | }) | |
154 | ||
155 | it('Should succeed with no password on a server with smtp enabled', async function () { | |
156 | this.timeout(20000) | |
157 | ||
158 | await killallServers([ server ]) | |
159 | ||
160 | const config = { | |
161 | smtp: { | |
162 | hostname: 'localhost', | |
163 | port: emailPort | |
164 | } | |
165 | } | |
166 | await server.run(config) | |
167 | ||
168 | const fields = { | |
169 | ...baseCorrectParams, | |
170 | ||
171 | password: '', | |
172 | username: 'create_password', | |
173 | email: 'create_password@example.com' | |
174 | } | |
175 | ||
176 | await makePostBodyRequest({ | |
177 | url: server.url, | |
178 | path: path, | |
179 | token: server.accessToken, | |
180 | fields, | |
181 | expectedStatus: HttpStatusCode.OK_200 | |
182 | }) | |
183 | }) | |
184 | ||
185 | it('Should fail with invalid admin flags', async function () { | |
186 | const fields = { ...baseCorrectParams, adminFlags: 'toto' } | |
187 | ||
188 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
189 | }) | |
190 | ||
191 | it('Should fail with an non authenticated user', async function () { | |
192 | await makePostBodyRequest({ | |
193 | url: server.url, | |
194 | path, | |
195 | token: 'super token', | |
196 | fields: baseCorrectParams, | |
197 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
198 | }) | |
199 | }) | |
200 | ||
201 | it('Should fail if we add a user with the same username', async function () { | |
202 | const fields = { ...baseCorrectParams, username: 'user1' } | |
203 | ||
204 | await makePostBodyRequest({ | |
205 | url: server.url, | |
206 | path, | |
207 | token: server.accessToken, | |
208 | fields, | |
209 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
210 | }) | |
211 | }) | |
212 | ||
213 | it('Should fail if we add a user with the same email', async function () { | |
214 | const fields = { ...baseCorrectParams, email: 'user1@example.com' } | |
215 | ||
216 | await makePostBodyRequest({ | |
217 | url: server.url, | |
218 | path, | |
219 | token: server.accessToken, | |
220 | fields, | |
221 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
222 | }) | |
223 | }) | |
224 | ||
225 | it('Should fail without a videoQuota', async function () { | |
226 | const fields = omit(baseCorrectParams, 'videoQuota') | |
227 | ||
228 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
229 | }) | |
230 | ||
231 | it('Should fail without a videoQuotaDaily', async function () { | |
232 | const fields = omit(baseCorrectParams, 'videoQuotaDaily') | |
233 | ||
234 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
235 | }) | |
236 | ||
237 | it('Should fail with an invalid videoQuota', async function () { | |
238 | const fields = { ...baseCorrectParams, videoQuota: -5 } | |
239 | ||
240 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
241 | }) | |
242 | ||
243 | it('Should fail with an invalid videoQuotaDaily', async function () { | |
244 | const fields = { ...baseCorrectParams, videoQuotaDaily: -7 } | |
245 | ||
246 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
247 | }) | |
248 | ||
249 | it('Should fail without a user role', async function () { | |
250 | const fields = omit(baseCorrectParams, 'role') | |
251 | ||
252 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
253 | }) | |
254 | ||
255 | it('Should fail with an invalid user role', async function () { | |
256 | const fields = { ...baseCorrectParams, role: 88989 } | |
257 | ||
258 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
259 | }) | |
260 | ||
261 | it('Should fail with a "peertube" username', async function () { | |
262 | const fields = { ...baseCorrectParams, username: 'peertube' } | |
263 | ||
264 | await makePostBodyRequest({ | |
265 | url: server.url, | |
266 | path, | |
267 | token: server.accessToken, | |
268 | fields, | |
269 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
270 | }) | |
271 | }) | |
272 | ||
273 | it('Should fail to create a moderator or an admin with a moderator', async function () { | |
274 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | |
275 | const fields = { ...baseCorrectParams, role } | |
276 | ||
277 | await makePostBodyRequest({ | |
278 | url: server.url, | |
279 | path, | |
280 | token: moderatorToken, | |
281 | fields, | |
282 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
283 | }) | |
284 | } | |
285 | }) | |
286 | ||
287 | it('Should succeed to create a user with a moderator', async function () { | |
288 | const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER } | |
289 | ||
290 | await makePostBodyRequest({ | |
291 | url: server.url, | |
292 | path, | |
293 | token: moderatorToken, | |
294 | fields, | |
295 | expectedStatus: HttpStatusCode.OK_200 | |
296 | }) | |
297 | }) | |
298 | ||
299 | it('Should succeed with the correct params', async function () { | |
300 | await makePostBodyRequest({ | |
301 | url: server.url, | |
302 | path, | |
303 | token: server.accessToken, | |
304 | fields: baseCorrectParams, | |
305 | expectedStatus: HttpStatusCode.OK_200 | |
306 | }) | |
307 | }) | |
308 | ||
309 | it('Should fail with a non admin user', async function () { | |
310 | const user = { username: 'user1' } | |
311 | userToken = await server.login.getAccessToken(user) | |
312 | ||
313 | const fields = { | |
314 | username: 'user3', | |
315 | email: 'test@example.com', | |
316 | password: 'my super password', | |
317 | videoQuota: 42000000 | |
318 | } | |
319 | await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
320 | }) | |
321 | }) | |
322 | ||
323 | describe('When getting a user', function () { | |
324 | ||
325 | it('Should fail with an non authenticated user', async function () { | |
326 | await makeGetRequest({ | |
327 | url: server.url, | |
328 | path: path + userId, | |
329 | token: 'super token', | |
330 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
331 | }) | |
332 | }) | |
333 | ||
334 | it('Should fail with a non admin user', async function () { | |
335 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
336 | }) | |
337 | ||
338 | it('Should succeed with the correct params', async function () { | |
339 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | |
340 | }) | |
341 | }) | |
342 | ||
343 | describe('When updating a user', function () { | |
344 | ||
345 | it('Should fail with an invalid email attribute', async function () { | |
346 | const fields = { | |
347 | email: 'blabla' | |
348 | } | |
349 | ||
350 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
351 | }) | |
352 | ||
353 | it('Should fail with an invalid emailVerified attribute', async function () { | |
354 | const fields = { | |
355 | emailVerified: 'yes' | |
356 | } | |
357 | ||
358 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
359 | }) | |
360 | ||
361 | it('Should fail with an invalid videoQuota attribute', async function () { | |
362 | const fields = { | |
363 | videoQuota: -90 | |
364 | } | |
365 | ||
366 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
367 | }) | |
368 | ||
369 | it('Should fail with an invalid user role attribute', async function () { | |
370 | const fields = { | |
371 | role: 54878 | |
372 | } | |
373 | ||
374 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
375 | }) | |
376 | ||
377 | it('Should fail with a too small password', async function () { | |
378 | const fields = { | |
379 | currentPassword: 'password', | |
380 | password: 'bla' | |
381 | } | |
382 | ||
383 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
384 | }) | |
385 | ||
386 | it('Should fail with a too long password', async function () { | |
387 | const fields = { | |
388 | currentPassword: 'password', | |
389 | password: 'super'.repeat(61) | |
390 | } | |
391 | ||
392 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
393 | }) | |
394 | ||
395 | it('Should fail with an non authenticated user', async function () { | |
396 | const fields = { | |
397 | videoQuota: 42 | |
398 | } | |
399 | ||
400 | await makePutBodyRequest({ | |
401 | url: server.url, | |
402 | path: path + userId, | |
403 | token: 'super token', | |
404 | fields, | |
405 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
406 | }) | |
407 | }) | |
408 | ||
409 | it('Should fail when updating root role', async function () { | |
410 | const fields = { | |
411 | role: UserRole.MODERATOR | |
412 | } | |
413 | ||
414 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | |
415 | }) | |
416 | ||
417 | it('Should fail with invalid admin flags', async function () { | |
418 | const fields = { adminFlags: 'toto' } | |
419 | ||
420 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
421 | }) | |
422 | ||
423 | it('Should fail to update an admin with a moderator', async function () { | |
424 | const fields = { | |
425 | videoQuota: 42 | |
426 | } | |
427 | ||
428 | await makePutBodyRequest({ | |
429 | url: server.url, | |
430 | path: path + moderatorId, | |
431 | token: moderatorToken, | |
432 | fields, | |
433 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
434 | }) | |
435 | }) | |
436 | ||
437 | it('Should succeed to update a user with a moderator', async function () { | |
438 | const fields = { | |
439 | videoQuota: 42 | |
440 | } | |
441 | ||
442 | await makePutBodyRequest({ | |
443 | url: server.url, | |
444 | path: path + userId, | |
445 | token: moderatorToken, | |
446 | fields, | |
447 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
448 | }) | |
449 | }) | |
450 | ||
451 | it('Should succeed with the correct params', async function () { | |
452 | const fields = { | |
453 | email: 'email@example.com', | |
454 | emailVerified: true, | |
455 | videoQuota: 42, | |
456 | role: UserRole.USER | |
457 | } | |
458 | ||
459 | await makePutBodyRequest({ | |
460 | url: server.url, | |
461 | path: path + userId, | |
462 | token: server.accessToken, | |
463 | fields, | |
464 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
465 | }) | |
466 | }) | |
467 | }) | |
468 | ||
469 | after(async function () { | |
470 | MockSmtpServer.Instance.kill() | |
471 | ||
472 | await cleanupTests([ server ]) | |
473 | }) | |
474 | }) |