]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import 'mocha' | |
4 | import { omit } from 'lodash' | |
5 | import { User, UserRole, VideoCreateResult } from '../../../../shared' | |
6 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | |
7 | import { | |
8 | blockUser, | |
9 | buildAbsoluteFixturePath, | |
10 | cleanupTests, | |
11 | createUser, | |
12 | deleteMe, | |
13 | flushAndRunServer, | |
14 | getMyUserInformation, | |
15 | getMyUserVideoRating, | |
16 | getUserScopedTokens, | |
17 | getUsersList, | |
18 | immutableAssign, | |
19 | killallServers, | |
20 | makeGetRequest, | |
21 | makePostBodyRequest, | |
22 | makePutBodyRequest, | |
23 | makeUploadRequest, | |
24 | registerUser, | |
25 | removeUser, | |
26 | renewUserScopedTokens, | |
27 | reRunServer, | |
28 | ServerInfo, | |
29 | setAccessTokensToServers, | |
30 | unblockUser, | |
31 | uploadVideo, | |
32 | userLogin | |
33 | } from '../../../../shared/extra-utils' | |
34 | import { MockSmtpServer } from '../../../../shared/extra-utils/mock-servers/mock-email' | |
35 | import { | |
36 | checkBadCountPagination, | |
37 | checkBadSortPagination, | |
38 | checkBadStartPagination | |
39 | } from '../../../../shared/extra-utils/requests/check-api-params' | |
40 | import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' | |
41 | ||
42 | describe('Test users API validators', function () { | |
43 | const path = '/api/v1/users/' | |
44 | let userId: number | |
45 | let rootId: number | |
46 | let moderatorId: number | |
47 | let video: VideoCreateResult | |
48 | let server: ServerInfo | |
49 | let serverWithRegistrationDisabled: ServerInfo | |
50 | let userAccessToken = '' | |
51 | let moderatorAccessToken = '' | |
52 | let emailPort: number | |
53 | let overrideConfig: Object | |
54 | ||
55 | // --------------------------------------------------------------- | |
56 | ||
57 | before(async function () { | |
58 | this.timeout(30000) | |
59 | ||
60 | const emails: object[] = [] | |
61 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | |
62 | ||
63 | overrideConfig = { signup: { limit: 8 } } | |
64 | ||
65 | { | |
66 | const res = await Promise.all([ | |
67 | flushAndRunServer(1, overrideConfig), | |
68 | flushAndRunServer(2) | |
69 | ]) | |
70 | ||
71 | server = res[0] | |
72 | serverWithRegistrationDisabled = res[1] | |
73 | ||
74 | await setAccessTokensToServers([ server ]) | |
75 | } | |
76 | ||
77 | { | |
78 | const user = { | |
79 | username: 'user1', | |
80 | password: 'my super password' | |
81 | } | |
82 | ||
83 | const videoQuota = 42000000 | |
84 | await createUser({ | |
85 | url: server.url, | |
86 | accessToken: server.accessToken, | |
87 | username: user.username, | |
88 | password: user.password, | |
89 | videoQuota: videoQuota | |
90 | }) | |
91 | userAccessToken = await userLogin(server, user) | |
92 | } | |
93 | ||
94 | { | |
95 | const moderator = { | |
96 | username: 'moderator1', | |
97 | password: 'super password' | |
98 | } | |
99 | ||
100 | await createUser({ | |
101 | url: server.url, | |
102 | accessToken: server.accessToken, | |
103 | username: moderator.username, | |
104 | password: moderator.password, | |
105 | role: UserRole.MODERATOR | |
106 | }) | |
107 | ||
108 | moderatorAccessToken = await userLogin(server, moderator) | |
109 | } | |
110 | ||
111 | { | |
112 | const moderator = { | |
113 | username: 'moderator2', | |
114 | password: 'super password' | |
115 | } | |
116 | ||
117 | await createUser({ | |
118 | url: server.url, | |
119 | accessToken: server.accessToken, | |
120 | username: moderator.username, | |
121 | password: moderator.password, | |
122 | role: UserRole.MODERATOR | |
123 | }) | |
124 | } | |
125 | ||
126 | { | |
127 | const res = await uploadVideo(server.url, server.accessToken, {}) | |
128 | video = res.body.video | |
129 | } | |
130 | ||
131 | { | |
132 | const res = await getUsersList(server.url, server.accessToken) | |
133 | const users: User[] = res.body.data | |
134 | ||
135 | userId = users.find(u => u.username === 'user1').id | |
136 | rootId = users.find(u => u.username === 'root').id | |
137 | moderatorId = users.find(u => u.username === 'moderator2').id | |
138 | } | |
139 | }) | |
140 | ||
141 | describe('When listing users', function () { | |
142 | it('Should fail with a bad start pagination', async function () { | |
143 | await checkBadStartPagination(server.url, path, server.accessToken) | |
144 | }) | |
145 | ||
146 | it('Should fail with a bad count pagination', async function () { | |
147 | await checkBadCountPagination(server.url, path, server.accessToken) | |
148 | }) | |
149 | ||
150 | it('Should fail with an incorrect sort', async function () { | |
151 | await checkBadSortPagination(server.url, path, server.accessToken) | |
152 | }) | |
153 | ||
154 | it('Should fail with a non authenticated user', async function () { | |
155 | await makeGetRequest({ | |
156 | url: server.url, | |
157 | path, | |
158 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
159 | }) | |
160 | }) | |
161 | ||
162 | it('Should fail with a non admin user', async function () { | |
163 | await makeGetRequest({ | |
164 | url: server.url, | |
165 | path, | |
166 | token: userAccessToken, | |
167 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
168 | }) | |
169 | }) | |
170 | }) | |
171 | ||
172 | describe('When adding a new user', function () { | |
173 | const baseCorrectParams = { | |
174 | username: 'user2', | |
175 | email: 'test@example.com', | |
176 | password: 'my super password', | |
177 | videoQuota: -1, | |
178 | videoQuotaDaily: -1, | |
179 | role: UserRole.USER, | |
180 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | |
181 | } | |
182 | ||
183 | it('Should fail with a too small username', async function () { | |
184 | const fields = immutableAssign(baseCorrectParams, { username: '' }) | |
185 | ||
186 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
187 | }) | |
188 | ||
189 | it('Should fail with a too long username', async function () { | |
190 | const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) | |
191 | ||
192 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
193 | }) | |
194 | ||
195 | it('Should fail with a not lowercase username', async function () { | |
196 | const fields = immutableAssign(baseCorrectParams, { username: 'Toto' }) | |
197 | ||
198 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
199 | }) | |
200 | ||
201 | it('Should fail with an incorrect username', async function () { | |
202 | const fields = immutableAssign(baseCorrectParams, { username: 'my username' }) | |
203 | ||
204 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
205 | }) | |
206 | ||
207 | it('Should fail with a missing email', async function () { | |
208 | const fields = omit(baseCorrectParams, 'email') | |
209 | ||
210 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
211 | }) | |
212 | ||
213 | it('Should fail with an invalid email', async function () { | |
214 | const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' }) | |
215 | ||
216 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
217 | }) | |
218 | ||
219 | it('Should fail with a too small password', async function () { | |
220 | const fields = immutableAssign(baseCorrectParams, { password: 'bla' }) | |
221 | ||
222 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
223 | }) | |
224 | ||
225 | it('Should fail with a too long password', async function () { | |
226 | const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) }) | |
227 | ||
228 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
229 | }) | |
230 | ||
231 | it('Should fail with empty password and no smtp configured', async function () { | |
232 | const fields = immutableAssign(baseCorrectParams, { password: '' }) | |
233 | ||
234 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
235 | }) | |
236 | ||
237 | it('Should succeed with no password on a server with smtp enabled', async function () { | |
238 | this.timeout(20000) | |
239 | ||
240 | killallServers([ server ]) | |
241 | ||
242 | const config = immutableAssign(overrideConfig, { | |
243 | smtp: { | |
244 | hostname: 'localhost', | |
245 | port: emailPort | |
246 | } | |
247 | }) | |
248 | await reRunServer(server, config) | |
249 | ||
250 | const fields = immutableAssign(baseCorrectParams, { | |
251 | password: '', | |
252 | username: 'create_password', | |
253 | email: 'create_password@example.com' | |
254 | }) | |
255 | ||
256 | await makePostBodyRequest({ | |
257 | url: server.url, | |
258 | path: path, | |
259 | token: server.accessToken, | |
260 | fields, | |
261 | statusCodeExpected: HttpStatusCode.OK_200 | |
262 | }) | |
263 | }) | |
264 | ||
265 | it('Should fail with invalid admin flags', async function () { | |
266 | const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' }) | |
267 | ||
268 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
269 | }) | |
270 | ||
271 | it('Should fail with an non authenticated user', async function () { | |
272 | await makePostBodyRequest({ | |
273 | url: server.url, | |
274 | path, | |
275 | token: 'super token', | |
276 | fields: baseCorrectParams, | |
277 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
278 | }) | |
279 | }) | |
280 | ||
281 | it('Should fail if we add a user with the same username', async function () { | |
282 | const fields = immutableAssign(baseCorrectParams, { username: 'user1' }) | |
283 | ||
284 | await makePostBodyRequest({ | |
285 | url: server.url, | |
286 | path, | |
287 | token: server.accessToken, | |
288 | fields, | |
289 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
290 | }) | |
291 | }) | |
292 | ||
293 | it('Should fail if we add a user with the same email', async function () { | |
294 | const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' }) | |
295 | ||
296 | await makePostBodyRequest({ | |
297 | url: server.url, | |
298 | path, | |
299 | token: server.accessToken, | |
300 | fields, | |
301 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
302 | }) | |
303 | }) | |
304 | ||
305 | it('Should fail without a videoQuota', async function () { | |
306 | const fields = omit(baseCorrectParams, 'videoQuota') | |
307 | ||
308 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
309 | }) | |
310 | ||
311 | it('Should fail without a videoQuotaDaily', async function () { | |
312 | const fields = omit(baseCorrectParams, 'videoQuotaDaily') | |
313 | ||
314 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
315 | }) | |
316 | ||
317 | it('Should fail with an invalid videoQuota', async function () { | |
318 | const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 }) | |
319 | ||
320 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
321 | }) | |
322 | ||
323 | it('Should fail with an invalid videoQuotaDaily', async function () { | |
324 | const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 }) | |
325 | ||
326 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
327 | }) | |
328 | ||
329 | it('Should fail without a user role', async function () { | |
330 | const fields = omit(baseCorrectParams, 'role') | |
331 | ||
332 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
333 | }) | |
334 | ||
335 | it('Should fail with an invalid user role', async function () { | |
336 | const fields = immutableAssign(baseCorrectParams, { role: 88989 }) | |
337 | ||
338 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
339 | }) | |
340 | ||
341 | it('Should fail with a "peertube" username', async function () { | |
342 | const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) | |
343 | ||
344 | await makePostBodyRequest({ | |
345 | url: server.url, | |
346 | path, | |
347 | token: server.accessToken, | |
348 | fields, | |
349 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
350 | }) | |
351 | }) | |
352 | ||
353 | it('Should fail to create a moderator or an admin with a moderator', async function () { | |
354 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | |
355 | const fields = immutableAssign(baseCorrectParams, { role }) | |
356 | ||
357 | await makePostBodyRequest({ | |
358 | url: server.url, | |
359 | path, | |
360 | token: moderatorAccessToken, | |
361 | fields, | |
362 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
363 | }) | |
364 | } | |
365 | }) | |
366 | ||
367 | it('Should succeed to create a user with a moderator', async function () { | |
368 | const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }) | |
369 | ||
370 | await makePostBodyRequest({ | |
371 | url: server.url, | |
372 | path, | |
373 | token: moderatorAccessToken, | |
374 | fields, | |
375 | statusCodeExpected: HttpStatusCode.OK_200 | |
376 | }) | |
377 | }) | |
378 | ||
379 | it('Should succeed with the correct params', async function () { | |
380 | await makePostBodyRequest({ | |
381 | url: server.url, | |
382 | path, | |
383 | token: server.accessToken, | |
384 | fields: baseCorrectParams, | |
385 | statusCodeExpected: HttpStatusCode.OK_200 | |
386 | }) | |
387 | }) | |
388 | ||
389 | it('Should fail with a non admin user', async function () { | |
390 | const user = { | |
391 | username: 'user1', | |
392 | password: 'my super password' | |
393 | } | |
394 | userAccessToken = await userLogin(server, user) | |
395 | ||
396 | const fields = { | |
397 | username: 'user3', | |
398 | email: 'test@example.com', | |
399 | password: 'my super password', | |
400 | videoQuota: 42000000 | |
401 | } | |
402 | await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) | |
403 | }) | |
404 | }) | |
405 | ||
406 | describe('When updating my account', function () { | |
407 | it('Should fail with an invalid email attribute', async function () { | |
408 | const fields = { | |
409 | email: 'blabla' | |
410 | } | |
411 | ||
412 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields }) | |
413 | }) | |
414 | ||
415 | it('Should fail with a too small password', async function () { | |
416 | const fields = { | |
417 | currentPassword: 'my super password', | |
418 | password: 'bla' | |
419 | } | |
420 | ||
421 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
422 | }) | |
423 | ||
424 | it('Should fail with a too long password', async function () { | |
425 | const fields = { | |
426 | currentPassword: 'my super password', | |
427 | password: 'super'.repeat(61) | |
428 | } | |
429 | ||
430 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
431 | }) | |
432 | ||
433 | it('Should fail without the current password', async function () { | |
434 | const fields = { | |
435 | currentPassword: 'my super password', | |
436 | password: 'super'.repeat(61) | |
437 | } | |
438 | ||
439 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
440 | }) | |
441 | ||
442 | it('Should fail with an invalid current password', async function () { | |
443 | const fields = { | |
444 | currentPassword: 'my super password fail', | |
445 | password: 'super'.repeat(61) | |
446 | } | |
447 | ||
448 | await makePutBodyRequest({ | |
449 | url: server.url, | |
450 | path: path + 'me', | |
451 | token: userAccessToken, | |
452 | fields, | |
453 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
454 | }) | |
455 | }) | |
456 | ||
457 | it('Should fail with an invalid NSFW policy attribute', async function () { | |
458 | const fields = { | |
459 | nsfwPolicy: 'hello' | |
460 | } | |
461 | ||
462 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
463 | }) | |
464 | ||
465 | it('Should fail with an invalid autoPlayVideo attribute', async function () { | |
466 | const fields = { | |
467 | autoPlayVideo: -1 | |
468 | } | |
469 | ||
470 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
471 | }) | |
472 | ||
473 | it('Should fail with an invalid autoPlayNextVideo attribute', async function () { | |
474 | const fields = { | |
475 | autoPlayNextVideo: -1 | |
476 | } | |
477 | ||
478 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
479 | }) | |
480 | ||
481 | it('Should fail with an invalid videosHistoryEnabled attribute', async function () { | |
482 | const fields = { | |
483 | videosHistoryEnabled: -1 | |
484 | } | |
485 | ||
486 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
487 | }) | |
488 | ||
489 | it('Should fail with an non authenticated user', async function () { | |
490 | const fields = { | |
491 | currentPassword: 'my super password', | |
492 | password: 'my super password' | |
493 | } | |
494 | ||
495 | await makePutBodyRequest({ | |
496 | url: server.url, | |
497 | path: path + 'me', | |
498 | token: 'super token', | |
499 | fields, | |
500 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
501 | }) | |
502 | }) | |
503 | ||
504 | it('Should fail with a too long description', async function () { | |
505 | const fields = { | |
506 | description: 'super'.repeat(201) | |
507 | } | |
508 | ||
509 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
510 | }) | |
511 | ||
512 | it('Should fail with an invalid videoLanguages attribute', async function () { | |
513 | { | |
514 | const fields = { | |
515 | videoLanguages: 'toto' | |
516 | } | |
517 | ||
518 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
519 | } | |
520 | ||
521 | { | |
522 | const languages = [] | |
523 | for (let i = 0; i < 1000; i++) { | |
524 | languages.push('fr') | |
525 | } | |
526 | ||
527 | const fields = { | |
528 | videoLanguages: languages | |
529 | } | |
530 | ||
531 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
532 | } | |
533 | }) | |
534 | ||
535 | it('Should fail with an invalid theme', async function () { | |
536 | const fields = { theme: 'invalid' } | |
537 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
538 | }) | |
539 | ||
540 | it('Should fail with an unknown theme', async function () { | |
541 | const fields = { theme: 'peertube-theme-unknown' } | |
542 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
543 | }) | |
544 | ||
545 | it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () { | |
546 | const fields = { | |
547 | noInstanceConfigWarningModal: -1 | |
548 | } | |
549 | ||
550 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
551 | }) | |
552 | ||
553 | it('Should fail with an invalid noWelcomeModal attribute', async function () { | |
554 | const fields = { | |
555 | noWelcomeModal: -1 | |
556 | } | |
557 | ||
558 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
559 | }) | |
560 | ||
561 | it('Should succeed to change password with the correct params', async function () { | |
562 | const fields = { | |
563 | currentPassword: 'my super password', | |
564 | password: 'my super password', | |
565 | nsfwPolicy: 'blur', | |
566 | autoPlayVideo: false, | |
567 | email: 'super_email@example.com', | |
568 | theme: 'default', | |
569 | noInstanceConfigWarningModal: true, | |
570 | noWelcomeModal: true | |
571 | } | |
572 | ||
573 | await makePutBodyRequest({ | |
574 | url: server.url, | |
575 | path: path + 'me', | |
576 | token: userAccessToken, | |
577 | fields, | |
578 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
579 | }) | |
580 | }) | |
581 | ||
582 | it('Should succeed without password change with the correct params', async function () { | |
583 | const fields = { | |
584 | nsfwPolicy: 'blur', | |
585 | autoPlayVideo: false | |
586 | } | |
587 | ||
588 | await makePutBodyRequest({ | |
589 | url: server.url, | |
590 | path: path + 'me', | |
591 | token: userAccessToken, | |
592 | fields, | |
593 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
594 | }) | |
595 | }) | |
596 | }) | |
597 | ||
598 | describe('When updating my avatar', function () { | |
599 | it('Should fail without an incorrect input file', async function () { | |
600 | const fields = {} | |
601 | const attaches = { | |
602 | avatarfile: buildAbsoluteFixturePath('video_short.mp4') | |
603 | } | |
604 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | |
605 | }) | |
606 | ||
607 | it('Should fail with a big file', async function () { | |
608 | const fields = {} | |
609 | const attaches = { | |
610 | avatarfile: buildAbsoluteFixturePath('avatar-big.png') | |
611 | } | |
612 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | |
613 | }) | |
614 | ||
615 | it('Should fail with an unauthenticated user', async function () { | |
616 | const fields = {} | |
617 | const attaches = { | |
618 | avatarfile: buildAbsoluteFixturePath('avatar.png') | |
619 | } | |
620 | await makeUploadRequest({ | |
621 | url: server.url, | |
622 | path: path + '/me/avatar/pick', | |
623 | fields, | |
624 | attaches, | |
625 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
626 | }) | |
627 | }) | |
628 | ||
629 | it('Should succeed with the correct params', async function () { | |
630 | const fields = {} | |
631 | const attaches = { | |
632 | avatarfile: buildAbsoluteFixturePath('avatar.png') | |
633 | } | |
634 | await makeUploadRequest({ | |
635 | url: server.url, | |
636 | path: path + '/me/avatar/pick', | |
637 | token: server.accessToken, | |
638 | fields, | |
639 | attaches, | |
640 | statusCodeExpected: HttpStatusCode.OK_200 | |
641 | }) | |
642 | }) | |
643 | }) | |
644 | ||
645 | describe('When managing my scoped tokens', function () { | |
646 | ||
647 | it('Should fail to get my scoped tokens with an non authenticated user', async function () { | |
648 | await getUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401) | |
649 | }) | |
650 | ||
651 | it('Should fail to get my scoped tokens with a bad token', async function () { | |
652 | await getUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401) | |
653 | ||
654 | }) | |
655 | ||
656 | it('Should succeed to get my scoped tokens', async function () { | |
657 | await getUserScopedTokens(server.url, server.accessToken) | |
658 | }) | |
659 | ||
660 | it('Should fail to renew my scoped tokens with an non authenticated user', async function () { | |
661 | await renewUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401) | |
662 | }) | |
663 | ||
664 | it('Should fail to renew my scoped tokens with a bad token', async function () { | |
665 | await renewUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401) | |
666 | }) | |
667 | ||
668 | it('Should succeed to renew my scoped tokens', async function () { | |
669 | await renewUserScopedTokens(server.url, server.accessToken) | |
670 | }) | |
671 | }) | |
672 | ||
673 | describe('When getting a user', function () { | |
674 | ||
675 | it('Should fail with an non authenticated user', async function () { | |
676 | await makeGetRequest({ | |
677 | url: server.url, | |
678 | path: path + userId, | |
679 | token: 'super token', | |
680 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
681 | }) | |
682 | }) | |
683 | ||
684 | it('Should fail with a non admin user', async function () { | |
685 | await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) | |
686 | }) | |
687 | ||
688 | it('Should succeed with the correct params', async function () { | |
689 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 }) | |
690 | }) | |
691 | }) | |
692 | ||
693 | describe('When updating a user', function () { | |
694 | ||
695 | it('Should fail with an invalid email attribute', async function () { | |
696 | const fields = { | |
697 | email: 'blabla' | |
698 | } | |
699 | ||
700 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
701 | }) | |
702 | ||
703 | it('Should fail with an invalid emailVerified attribute', async function () { | |
704 | const fields = { | |
705 | emailVerified: 'yes' | |
706 | } | |
707 | ||
708 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
709 | }) | |
710 | ||
711 | it('Should fail with an invalid videoQuota attribute', async function () { | |
712 | const fields = { | |
713 | videoQuota: -90 | |
714 | } | |
715 | ||
716 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
717 | }) | |
718 | ||
719 | it('Should fail with an invalid user role attribute', async function () { | |
720 | const fields = { | |
721 | role: 54878 | |
722 | } | |
723 | ||
724 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
725 | }) | |
726 | ||
727 | it('Should fail with a too small password', async function () { | |
728 | const fields = { | |
729 | currentPassword: 'my super password', | |
730 | password: 'bla' | |
731 | } | |
732 | ||
733 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
734 | }) | |
735 | ||
736 | it('Should fail with a too long password', async function () { | |
737 | const fields = { | |
738 | currentPassword: 'my super password', | |
739 | password: 'super'.repeat(61) | |
740 | } | |
741 | ||
742 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
743 | }) | |
744 | ||
745 | it('Should fail with an non authenticated user', async function () { | |
746 | const fields = { | |
747 | videoQuota: 42 | |
748 | } | |
749 | ||
750 | await makePutBodyRequest({ | |
751 | url: server.url, | |
752 | path: path + userId, | |
753 | token: 'super token', | |
754 | fields, | |
755 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
756 | }) | |
757 | }) | |
758 | ||
759 | it('Should fail when updating root role', async function () { | |
760 | const fields = { | |
761 | role: UserRole.MODERATOR | |
762 | } | |
763 | ||
764 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | |
765 | }) | |
766 | ||
767 | it('Should fail with invalid admin flags', async function () { | |
768 | const fields = { adminFlags: 'toto' } | |
769 | ||
770 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
771 | }) | |
772 | ||
773 | it('Should fail to update an admin with a moderator', async function () { | |
774 | const fields = { | |
775 | videoQuota: 42 | |
776 | } | |
777 | ||
778 | await makePutBodyRequest({ | |
779 | url: server.url, | |
780 | path: path + moderatorId, | |
781 | token: moderatorAccessToken, | |
782 | fields, | |
783 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
784 | }) | |
785 | }) | |
786 | ||
787 | it('Should succeed to update a user with a moderator', async function () { | |
788 | const fields = { | |
789 | videoQuota: 42 | |
790 | } | |
791 | ||
792 | await makePutBodyRequest({ | |
793 | url: server.url, | |
794 | path: path + userId, | |
795 | token: moderatorAccessToken, | |
796 | fields, | |
797 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
798 | }) | |
799 | }) | |
800 | ||
801 | it('Should succeed with the correct params', async function () { | |
802 | const fields = { | |
803 | email: 'email@example.com', | |
804 | emailVerified: true, | |
805 | videoQuota: 42, | |
806 | role: UserRole.USER | |
807 | } | |
808 | ||
809 | await makePutBodyRequest({ | |
810 | url: server.url, | |
811 | path: path + userId, | |
812 | token: server.accessToken, | |
813 | fields, | |
814 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
815 | }) | |
816 | }) | |
817 | }) | |
818 | ||
819 | describe('When getting my information', function () { | |
820 | it('Should fail with a non authenticated user', async function () { | |
821 | await getMyUserInformation(server.url, 'fake_token', HttpStatusCode.UNAUTHORIZED_401) | |
822 | }) | |
823 | ||
824 | it('Should success with the correct parameters', async function () { | |
825 | await getMyUserInformation(server.url, userAccessToken) | |
826 | }) | |
827 | }) | |
828 | ||
829 | describe('When getting my video rating', function () { | |
830 | it('Should fail with a non authenticated user', async function () { | |
831 | await getMyUserVideoRating(server.url, 'fake_token', video.id, HttpStatusCode.UNAUTHORIZED_401) | |
832 | }) | |
833 | ||
834 | it('Should fail with an incorrect video uuid', async function () { | |
835 | await getMyUserVideoRating(server.url, server.accessToken, 'blabla', HttpStatusCode.BAD_REQUEST_400) | |
836 | }) | |
837 | ||
838 | it('Should fail with an unknown video', async function () { | |
839 | await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', HttpStatusCode.NOT_FOUND_404) | |
840 | }) | |
841 | ||
842 | it('Should succeed with the correct parameters', async function () { | |
843 | await getMyUserVideoRating(server.url, server.accessToken, video.id) | |
844 | await getMyUserVideoRating(server.url, server.accessToken, video.uuid) | |
845 | await getMyUserVideoRating(server.url, server.accessToken, video.shortUUID) | |
846 | }) | |
847 | }) | |
848 | ||
849 | describe('When retrieving my global ratings', function () { | |
850 | const path = '/api/v1/accounts/user1/ratings' | |
851 | ||
852 | it('Should fail with a bad start pagination', async function () { | |
853 | await checkBadStartPagination(server.url, path, userAccessToken) | |
854 | }) | |
855 | ||
856 | it('Should fail with a bad count pagination', async function () { | |
857 | await checkBadCountPagination(server.url, path, userAccessToken) | |
858 | }) | |
859 | ||
860 | it('Should fail with an incorrect sort', async function () { | |
861 | await checkBadSortPagination(server.url, path, userAccessToken) | |
862 | }) | |
863 | ||
864 | it('Should fail with a unauthenticated user', async function () { | |
865 | await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) | |
866 | }) | |
867 | ||
868 | it('Should fail with a another user', async function () { | |
869 | await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) | |
870 | }) | |
871 | ||
872 | it('Should fail with a bad type', async function () { | |
873 | await makeGetRequest({ | |
874 | url: server.url, | |
875 | path, | |
876 | token: userAccessToken, | |
877 | query: { rating: 'toto ' }, | |
878 | statusCodeExpected: HttpStatusCode.BAD_REQUEST_400 | |
879 | }) | |
880 | }) | |
881 | ||
882 | it('Should succeed with the correct params', async function () { | |
883 | await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.OK_200 }) | |
884 | }) | |
885 | }) | |
886 | ||
887 | describe('When blocking/unblocking/removing user', function () { | |
888 | it('Should fail with an incorrect id', async function () { | |
889 | await removeUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
890 | await blockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
891 | await unblockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
892 | }) | |
893 | ||
894 | it('Should fail with the root user', async function () { | |
895 | await removeUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
896 | await blockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
897 | await unblockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
898 | }) | |
899 | ||
900 | it('Should return 404 with a non existing id', async function () { | |
901 | await removeUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) | |
902 | await blockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) | |
903 | await unblockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) | |
904 | }) | |
905 | ||
906 | it('Should fail with a non admin user', async function () { | |
907 | await removeUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) | |
908 | await blockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) | |
909 | await unblockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) | |
910 | }) | |
911 | ||
912 | it('Should fail on a moderator with a moderator', async function () { | |
913 | await removeUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) | |
914 | await blockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) | |
915 | await unblockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) | |
916 | }) | |
917 | ||
918 | it('Should succeed on a user with a moderator', async function () { | |
919 | await blockUser(server.url, userId, moderatorAccessToken) | |
920 | await unblockUser(server.url, userId, moderatorAccessToken) | |
921 | }) | |
922 | }) | |
923 | ||
924 | describe('When deleting our account', function () { | |
925 | it('Should fail with with the root account', async function () { | |
926 | await deleteMe(server.url, server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
927 | }) | |
928 | }) | |
929 | ||
930 | describe('When registering a new user', function () { | |
931 | const registrationPath = path + '/register' | |
932 | const baseCorrectParams = { | |
933 | username: 'user3', | |
934 | displayName: 'super user', | |
935 | email: 'test3@example.com', | |
936 | password: 'my super password' | |
937 | } | |
938 | ||
939 | it('Should fail with a too small username', async function () { | |
940 | const fields = immutableAssign(baseCorrectParams, { username: '' }) | |
941 | ||
942 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
943 | }) | |
944 | ||
945 | it('Should fail with a too long username', async function () { | |
946 | const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) | |
947 | ||
948 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
949 | }) | |
950 | ||
951 | it('Should fail with an incorrect username', async function () { | |
952 | const fields = immutableAssign(baseCorrectParams, { username: 'my username' }) | |
953 | ||
954 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
955 | }) | |
956 | ||
957 | it('Should fail with a missing email', async function () { | |
958 | const fields = omit(baseCorrectParams, 'email') | |
959 | ||
960 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
961 | }) | |
962 | ||
963 | it('Should fail with an invalid email', async function () { | |
964 | const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' }) | |
965 | ||
966 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
967 | }) | |
968 | ||
969 | it('Should fail with a too small password', async function () { | |
970 | const fields = immutableAssign(baseCorrectParams, { password: 'bla' }) | |
971 | ||
972 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
973 | }) | |
974 | ||
975 | it('Should fail with a too long password', async function () { | |
976 | const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) }) | |
977 | ||
978 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
979 | }) | |
980 | ||
981 | it('Should fail if we register a user with the same username', async function () { | |
982 | const fields = immutableAssign(baseCorrectParams, { username: 'root' }) | |
983 | ||
984 | await makePostBodyRequest({ | |
985 | url: server.url, | |
986 | path: registrationPath, | |
987 | token: server.accessToken, | |
988 | fields, | |
989 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
990 | }) | |
991 | }) | |
992 | ||
993 | it('Should fail with a "peertube" username', async function () { | |
994 | const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) | |
995 | ||
996 | await makePostBodyRequest({ | |
997 | url: server.url, | |
998 | path: registrationPath, | |
999 | token: server.accessToken, | |
1000 | fields, | |
1001 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
1002 | }) | |
1003 | }) | |
1004 | ||
1005 | it('Should fail if we register a user with the same email', async function () { | |
1006 | const fields = immutableAssign(baseCorrectParams, { email: 'admin' + server.internalServerNumber + '@example.com' }) | |
1007 | ||
1008 | await makePostBodyRequest({ | |
1009 | url: server.url, | |
1010 | path: registrationPath, | |
1011 | token: server.accessToken, | |
1012 | fields, | |
1013 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
1014 | }) | |
1015 | }) | |
1016 | ||
1017 | it('Should fail with a bad display name', async function () { | |
1018 | const fields = immutableAssign(baseCorrectParams, { displayName: 'a'.repeat(150) }) | |
1019 | ||
1020 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1021 | }) | |
1022 | ||
1023 | it('Should fail with a bad channel name', async function () { | |
1024 | const fields = immutableAssign(baseCorrectParams, { channel: { name: '[]azf', displayName: 'toto' } }) | |
1025 | ||
1026 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1027 | }) | |
1028 | ||
1029 | it('Should fail with a bad channel display name', async function () { | |
1030 | const fields = immutableAssign(baseCorrectParams, { channel: { name: 'toto', displayName: '' } }) | |
1031 | ||
1032 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1033 | }) | |
1034 | ||
1035 | it('Should fail with a channel name that is the same as username', async function () { | |
1036 | const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } } | |
1037 | const fields = immutableAssign(baseCorrectParams, source) | |
1038 | ||
1039 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1040 | }) | |
1041 | ||
1042 | it('Should fail with an existing channel', async function () { | |
1043 | const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' } | |
1044 | await server.channelsCommand.create({ attributes }) | |
1045 | ||
1046 | const fields = immutableAssign(baseCorrectParams, { channel: { name: 'existing_channel', displayName: 'toto' } }) | |
1047 | ||
1048 | await makePostBodyRequest({ | |
1049 | url: server.url, | |
1050 | path: registrationPath, | |
1051 | token: server.accessToken, | |
1052 | fields, | |
1053 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
1054 | }) | |
1055 | }) | |
1056 | ||
1057 | it('Should succeed with the correct params', async function () { | |
1058 | const fields = immutableAssign(baseCorrectParams, { channel: { name: 'super_channel', displayName: 'toto' } }) | |
1059 | ||
1060 | await makePostBodyRequest({ | |
1061 | url: server.url, | |
1062 | path: registrationPath, | |
1063 | token: server.accessToken, | |
1064 | fields: fields, | |
1065 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
1066 | }) | |
1067 | }) | |
1068 | ||
1069 | it('Should fail on a server with registration disabled', async function () { | |
1070 | const fields = { | |
1071 | username: 'user4', | |
1072 | email: 'test4@example.com', | |
1073 | password: 'my super password 4' | |
1074 | } | |
1075 | ||
1076 | await makePostBodyRequest({ | |
1077 | url: serverWithRegistrationDisabled.url, | |
1078 | path: registrationPath, | |
1079 | token: serverWithRegistrationDisabled.accessToken, | |
1080 | fields, | |
1081 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
1082 | }) | |
1083 | }) | |
1084 | }) | |
1085 | ||
1086 | describe('When registering multiple users on a server with users limit', function () { | |
1087 | it('Should fail when after 3 registrations', async function () { | |
1088 | await registerUser(server.url, 'user42', 'super password', HttpStatusCode.FORBIDDEN_403) | |
1089 | }) | |
1090 | }) | |
1091 | ||
1092 | describe('When asking a password reset', function () { | |
1093 | const path = '/api/v1/users/ask-reset-password' | |
1094 | ||
1095 | it('Should fail with a missing email', async function () { | |
1096 | const fields = {} | |
1097 | ||
1098 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1099 | }) | |
1100 | ||
1101 | it('Should fail with an invalid email', async function () { | |
1102 | const fields = { email: 'hello' } | |
1103 | ||
1104 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1105 | }) | |
1106 | ||
1107 | it('Should success with the correct params', async function () { | |
1108 | const fields = { email: 'admin@example.com' } | |
1109 | ||
1110 | await makePostBodyRequest({ | |
1111 | url: server.url, | |
1112 | path, | |
1113 | token: server.accessToken, | |
1114 | fields, | |
1115 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
1116 | }) | |
1117 | }) | |
1118 | }) | |
1119 | ||
1120 | describe('When asking for an account verification email', function () { | |
1121 | const path = '/api/v1/users/ask-send-verify-email' | |
1122 | ||
1123 | it('Should fail with a missing email', async function () { | |
1124 | const fields = {} | |
1125 | ||
1126 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1127 | }) | |
1128 | ||
1129 | it('Should fail with an invalid email', async function () { | |
1130 | const fields = { email: 'hello' } | |
1131 | ||
1132 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1133 | }) | |
1134 | ||
1135 | it('Should succeed with the correct params', async function () { | |
1136 | const fields = { email: 'admin@example.com' } | |
1137 | ||
1138 | await makePostBodyRequest({ | |
1139 | url: server.url, | |
1140 | path, | |
1141 | token: server.accessToken, | |
1142 | fields, | |
1143 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
1144 | }) | |
1145 | }) | |
1146 | }) | |
1147 | ||
1148 | after(async function () { | |
1149 | MockSmtpServer.Instance.kill() | |
1150 | ||
1151 | await cleanupTests([ server, serverWithRegistrationDisabled ]) | |
1152 | }) | |
1153 | }) |