]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import 'mocha' | |
4 | import { omit } from 'lodash' | |
5 | import { HttpStatusCode } from '@shared/core-utils' | |
6 | import { | |
7 | buildAbsoluteFixturePath, | |
8 | checkBadCountPagination, | |
9 | checkBadSortPagination, | |
10 | checkBadStartPagination, | |
11 | cleanupTests, | |
12 | createSingleServer, | |
13 | killallServers, | |
14 | makeGetRequest, | |
15 | makePostBodyRequest, | |
16 | makePutBodyRequest, | |
17 | makeUploadRequest, | |
18 | MockSmtpServer, | |
19 | PeerTubeServer, | |
20 | setAccessTokensToServers, | |
21 | UsersCommand | |
22 | } from '@shared/extra-utils' | |
23 | import { UserAdminFlag, UserRole, VideoCreateResult } from '@shared/models' | |
24 | ||
25 | describe('Test users API validators', function () { | |
26 | const path = '/api/v1/users/' | |
27 | let userId: number | |
28 | let rootId: number | |
29 | let moderatorId: number | |
30 | let video: VideoCreateResult | |
31 | let server: PeerTubeServer | |
32 | let serverWithRegistrationDisabled: PeerTubeServer | |
33 | let userToken = '' | |
34 | let moderatorToken = '' | |
35 | let emailPort: number | |
36 | let overrideConfig: Object | |
37 | ||
38 | // --------------------------------------------------------------- | |
39 | ||
40 | before(async function () { | |
41 | this.timeout(30000) | |
42 | ||
43 | const emails: object[] = [] | |
44 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | |
45 | ||
46 | overrideConfig = { signup: { limit: 8 } } | |
47 | ||
48 | { | |
49 | const res = await Promise.all([ | |
50 | createSingleServer(1, overrideConfig), | |
51 | createSingleServer(2) | |
52 | ]) | |
53 | ||
54 | server = res[0] | |
55 | serverWithRegistrationDisabled = res[1] | |
56 | ||
57 | await setAccessTokensToServers([ server ]) | |
58 | } | |
59 | ||
60 | { | |
61 | const user = { username: 'user1' } | |
62 | await server.users.create({ ...user }) | |
63 | userToken = await server.login.getAccessToken(user) | |
64 | } | |
65 | ||
66 | { | |
67 | const moderator = { username: 'moderator1' } | |
68 | await server.users.create({ ...moderator, role: UserRole.MODERATOR }) | |
69 | moderatorToken = await server.login.getAccessToken(moderator) | |
70 | } | |
71 | ||
72 | { | |
73 | const moderator = { username: 'moderator2' } | |
74 | await server.users.create({ ...moderator, role: UserRole.MODERATOR }) | |
75 | } | |
76 | ||
77 | { | |
78 | video = await server.videos.upload() | |
79 | } | |
80 | ||
81 | { | |
82 | const { data } = await server.users.list() | |
83 | userId = data.find(u => u.username === 'user1').id | |
84 | rootId = data.find(u => u.username === 'root').id | |
85 | moderatorId = data.find(u => u.username === 'moderator2').id | |
86 | } | |
87 | }) | |
88 | ||
89 | describe('When listing users', function () { | |
90 | it('Should fail with a bad start pagination', async function () { | |
91 | await checkBadStartPagination(server.url, path, server.accessToken) | |
92 | }) | |
93 | ||
94 | it('Should fail with a bad count pagination', async function () { | |
95 | await checkBadCountPagination(server.url, path, server.accessToken) | |
96 | }) | |
97 | ||
98 | it('Should fail with an incorrect sort', async function () { | |
99 | await checkBadSortPagination(server.url, path, server.accessToken) | |
100 | }) | |
101 | ||
102 | it('Should fail with a non authenticated user', async function () { | |
103 | await makeGetRequest({ | |
104 | url: server.url, | |
105 | path, | |
106 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
107 | }) | |
108 | }) | |
109 | ||
110 | it('Should fail with a non admin user', async function () { | |
111 | await makeGetRequest({ | |
112 | url: server.url, | |
113 | path, | |
114 | token: userToken, | |
115 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
116 | }) | |
117 | }) | |
118 | }) | |
119 | ||
120 | describe('When adding a new user', function () { | |
121 | const baseCorrectParams = { | |
122 | username: 'user2', | |
123 | email: 'test@example.com', | |
124 | password: 'my super password', | |
125 | videoQuota: -1, | |
126 | videoQuotaDaily: -1, | |
127 | role: UserRole.USER, | |
128 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | |
129 | } | |
130 | ||
131 | it('Should fail with a too small username', async function () { | |
132 | const fields = { ...baseCorrectParams, username: '' } | |
133 | ||
134 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
135 | }) | |
136 | ||
137 | it('Should fail with a too long username', async function () { | |
138 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | |
139 | ||
140 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
141 | }) | |
142 | ||
143 | it('Should fail with a not lowercase username', async function () { | |
144 | const fields = { ...baseCorrectParams, username: 'Toto' } | |
145 | ||
146 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
147 | }) | |
148 | ||
149 | it('Should fail with an incorrect username', async function () { | |
150 | const fields = { ...baseCorrectParams, username: 'my username' } | |
151 | ||
152 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
153 | }) | |
154 | ||
155 | it('Should fail with a missing email', async function () { | |
156 | const fields = omit(baseCorrectParams, 'email') | |
157 | ||
158 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
159 | }) | |
160 | ||
161 | it('Should fail with an invalid email', async function () { | |
162 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | |
163 | ||
164 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
165 | }) | |
166 | ||
167 | it('Should fail with a too small password', async function () { | |
168 | const fields = { ...baseCorrectParams, password: 'bla' } | |
169 | ||
170 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
171 | }) | |
172 | ||
173 | it('Should fail with a too long password', async function () { | |
174 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | |
175 | ||
176 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
177 | }) | |
178 | ||
179 | it('Should fail with empty password and no smtp configured', async function () { | |
180 | const fields = { ...baseCorrectParams, password: '' } | |
181 | ||
182 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
183 | }) | |
184 | ||
185 | it('Should succeed with no password on a server with smtp enabled', async function () { | |
186 | this.timeout(20000) | |
187 | ||
188 | await killallServers([ server ]) | |
189 | ||
190 | const config = { | |
191 | ...overrideConfig, | |
192 | ||
193 | smtp: { | |
194 | hostname: 'localhost', | |
195 | port: emailPort | |
196 | } | |
197 | } | |
198 | await server.run(config) | |
199 | ||
200 | const fields = { | |
201 | ...baseCorrectParams, | |
202 | ||
203 | password: '', | |
204 | username: 'create_password', | |
205 | email: 'create_password@example.com' | |
206 | } | |
207 | ||
208 | await makePostBodyRequest({ | |
209 | url: server.url, | |
210 | path: path, | |
211 | token: server.accessToken, | |
212 | fields, | |
213 | statusCodeExpected: HttpStatusCode.OK_200 | |
214 | }) | |
215 | }) | |
216 | ||
217 | it('Should fail with invalid admin flags', async function () { | |
218 | const fields = { ...baseCorrectParams, adminFlags: 'toto' } | |
219 | ||
220 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
221 | }) | |
222 | ||
223 | it('Should fail with an non authenticated user', async function () { | |
224 | await makePostBodyRequest({ | |
225 | url: server.url, | |
226 | path, | |
227 | token: 'super token', | |
228 | fields: baseCorrectParams, | |
229 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
230 | }) | |
231 | }) | |
232 | ||
233 | it('Should fail if we add a user with the same username', async function () { | |
234 | const fields = { ...baseCorrectParams, username: 'user1' } | |
235 | ||
236 | await makePostBodyRequest({ | |
237 | url: server.url, | |
238 | path, | |
239 | token: server.accessToken, | |
240 | fields, | |
241 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
242 | }) | |
243 | }) | |
244 | ||
245 | it('Should fail if we add a user with the same email', async function () { | |
246 | const fields = { ...baseCorrectParams, email: 'user1@example.com' } | |
247 | ||
248 | await makePostBodyRequest({ | |
249 | url: server.url, | |
250 | path, | |
251 | token: server.accessToken, | |
252 | fields, | |
253 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
254 | }) | |
255 | }) | |
256 | ||
257 | it('Should fail without a videoQuota', async function () { | |
258 | const fields = omit(baseCorrectParams, 'videoQuota') | |
259 | ||
260 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
261 | }) | |
262 | ||
263 | it('Should fail without a videoQuotaDaily', async function () { | |
264 | const fields = omit(baseCorrectParams, 'videoQuotaDaily') | |
265 | ||
266 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
267 | }) | |
268 | ||
269 | it('Should fail with an invalid videoQuota', async function () { | |
270 | const fields = { ...baseCorrectParams, videoQuota: -5 } | |
271 | ||
272 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
273 | }) | |
274 | ||
275 | it('Should fail with an invalid videoQuotaDaily', async function () { | |
276 | const fields = { ...baseCorrectParams, videoQuotaDaily: -7 } | |
277 | ||
278 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
279 | }) | |
280 | ||
281 | it('Should fail without a user role', async function () { | |
282 | const fields = omit(baseCorrectParams, 'role') | |
283 | ||
284 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
285 | }) | |
286 | ||
287 | it('Should fail with an invalid user role', async function () { | |
288 | const fields = { ...baseCorrectParams, role: 88989 } | |
289 | ||
290 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
291 | }) | |
292 | ||
293 | it('Should fail with a "peertube" username', async function () { | |
294 | const fields = { ...baseCorrectParams, username: 'peertube' } | |
295 | ||
296 | await makePostBodyRequest({ | |
297 | url: server.url, | |
298 | path, | |
299 | token: server.accessToken, | |
300 | fields, | |
301 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
302 | }) | |
303 | }) | |
304 | ||
305 | it('Should fail to create a moderator or an admin with a moderator', async function () { | |
306 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | |
307 | const fields = { ...baseCorrectParams, role } | |
308 | ||
309 | await makePostBodyRequest({ | |
310 | url: server.url, | |
311 | path, | |
312 | token: moderatorToken, | |
313 | fields, | |
314 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
315 | }) | |
316 | } | |
317 | }) | |
318 | ||
319 | it('Should succeed to create a user with a moderator', async function () { | |
320 | const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER } | |
321 | ||
322 | await makePostBodyRequest({ | |
323 | url: server.url, | |
324 | path, | |
325 | token: moderatorToken, | |
326 | fields, | |
327 | statusCodeExpected: HttpStatusCode.OK_200 | |
328 | }) | |
329 | }) | |
330 | ||
331 | it('Should succeed with the correct params', async function () { | |
332 | await makePostBodyRequest({ | |
333 | url: server.url, | |
334 | path, | |
335 | token: server.accessToken, | |
336 | fields: baseCorrectParams, | |
337 | statusCodeExpected: HttpStatusCode.OK_200 | |
338 | }) | |
339 | }) | |
340 | ||
341 | it('Should fail with a non admin user', async function () { | |
342 | const user = { username: 'user1' } | |
343 | userToken = await server.login.getAccessToken(user) | |
344 | ||
345 | const fields = { | |
346 | username: 'user3', | |
347 | email: 'test@example.com', | |
348 | password: 'my super password', | |
349 | videoQuota: 42000000 | |
350 | } | |
351 | await makePostBodyRequest({ url: server.url, path, token: userToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) | |
352 | }) | |
353 | }) | |
354 | ||
355 | describe('When updating my account', function () { | |
356 | ||
357 | it('Should fail with an invalid email attribute', async function () { | |
358 | const fields = { | |
359 | email: 'blabla' | |
360 | } | |
361 | ||
362 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields }) | |
363 | }) | |
364 | ||
365 | it('Should fail with a too small password', async function () { | |
366 | const fields = { | |
367 | currentPassword: 'password', | |
368 | password: 'bla' | |
369 | } | |
370 | ||
371 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
372 | }) | |
373 | ||
374 | it('Should fail with a too long password', async function () { | |
375 | const fields = { | |
376 | currentPassword: 'password', | |
377 | password: 'super'.repeat(61) | |
378 | } | |
379 | ||
380 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
381 | }) | |
382 | ||
383 | it('Should fail without the current password', async function () { | |
384 | const fields = { | |
385 | currentPassword: 'password', | |
386 | password: 'super'.repeat(61) | |
387 | } | |
388 | ||
389 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
390 | }) | |
391 | ||
392 | it('Should fail with an invalid current password', async function () { | |
393 | const fields = { | |
394 | currentPassword: 'my super password fail', | |
395 | password: 'super'.repeat(61) | |
396 | } | |
397 | ||
398 | await makePutBodyRequest({ | |
399 | url: server.url, | |
400 | path: path + 'me', | |
401 | token: userToken, | |
402 | fields, | |
403 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
404 | }) | |
405 | }) | |
406 | ||
407 | it('Should fail with an invalid NSFW policy attribute', async function () { | |
408 | const fields = { | |
409 | nsfwPolicy: 'hello' | |
410 | } | |
411 | ||
412 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
413 | }) | |
414 | ||
415 | it('Should fail with an invalid autoPlayVideo attribute', async function () { | |
416 | const fields = { | |
417 | autoPlayVideo: -1 | |
418 | } | |
419 | ||
420 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
421 | }) | |
422 | ||
423 | it('Should fail with an invalid autoPlayNextVideo attribute', async function () { | |
424 | const fields = { | |
425 | autoPlayNextVideo: -1 | |
426 | } | |
427 | ||
428 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
429 | }) | |
430 | ||
431 | it('Should fail with an invalid videosHistoryEnabled attribute', async function () { | |
432 | const fields = { | |
433 | videosHistoryEnabled: -1 | |
434 | } | |
435 | ||
436 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
437 | }) | |
438 | ||
439 | it('Should fail with an non authenticated user', async function () { | |
440 | const fields = { | |
441 | currentPassword: 'password', | |
442 | password: 'my super password' | |
443 | } | |
444 | ||
445 | await makePutBodyRequest({ | |
446 | url: server.url, | |
447 | path: path + 'me', | |
448 | token: 'super token', | |
449 | fields, | |
450 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
451 | }) | |
452 | }) | |
453 | ||
454 | it('Should fail with a too long description', async function () { | |
455 | const fields = { | |
456 | description: 'super'.repeat(201) | |
457 | } | |
458 | ||
459 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
460 | }) | |
461 | ||
462 | it('Should fail with an invalid videoLanguages attribute', async function () { | |
463 | { | |
464 | const fields = { | |
465 | videoLanguages: 'toto' | |
466 | } | |
467 | ||
468 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
469 | } | |
470 | ||
471 | { | |
472 | const languages = [] | |
473 | for (let i = 0; i < 1000; i++) { | |
474 | languages.push('fr') | |
475 | } | |
476 | ||
477 | const fields = { | |
478 | videoLanguages: languages | |
479 | } | |
480 | ||
481 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
482 | } | |
483 | }) | |
484 | ||
485 | it('Should fail with an invalid theme', async function () { | |
486 | const fields = { theme: 'invalid' } | |
487 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
488 | }) | |
489 | ||
490 | it('Should fail with an unknown theme', async function () { | |
491 | const fields = { theme: 'peertube-theme-unknown' } | |
492 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
493 | }) | |
494 | ||
495 | it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () { | |
496 | const fields = { | |
497 | noInstanceConfigWarningModal: -1 | |
498 | } | |
499 | ||
500 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
501 | }) | |
502 | ||
503 | it('Should fail with an invalid noWelcomeModal attribute', async function () { | |
504 | const fields = { | |
505 | noWelcomeModal: -1 | |
506 | } | |
507 | ||
508 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
509 | }) | |
510 | ||
511 | it('Should succeed to change password with the correct params', async function () { | |
512 | const fields = { | |
513 | currentPassword: 'password', | |
514 | password: 'my super password', | |
515 | nsfwPolicy: 'blur', | |
516 | autoPlayVideo: false, | |
517 | email: 'super_email@example.com', | |
518 | theme: 'default', | |
519 | noInstanceConfigWarningModal: true, | |
520 | noWelcomeModal: true | |
521 | } | |
522 | ||
523 | await makePutBodyRequest({ | |
524 | url: server.url, | |
525 | path: path + 'me', | |
526 | token: userToken, | |
527 | fields, | |
528 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
529 | }) | |
530 | }) | |
531 | ||
532 | it('Should succeed without password change with the correct params', async function () { | |
533 | const fields = { | |
534 | nsfwPolicy: 'blur', | |
535 | autoPlayVideo: false | |
536 | } | |
537 | ||
538 | await makePutBodyRequest({ | |
539 | url: server.url, | |
540 | path: path + 'me', | |
541 | token: userToken, | |
542 | fields, | |
543 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
544 | }) | |
545 | }) | |
546 | }) | |
547 | ||
548 | describe('When updating my avatar', function () { | |
549 | it('Should fail without an incorrect input file', async function () { | |
550 | const fields = {} | |
551 | const attaches = { | |
552 | avatarfile: buildAbsoluteFixturePath('video_short.mp4') | |
553 | } | |
554 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | |
555 | }) | |
556 | ||
557 | it('Should fail with a big file', async function () { | |
558 | const fields = {} | |
559 | const attaches = { | |
560 | avatarfile: buildAbsoluteFixturePath('avatar-big.png') | |
561 | } | |
562 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | |
563 | }) | |
564 | ||
565 | it('Should fail with an unauthenticated user', async function () { | |
566 | const fields = {} | |
567 | const attaches = { | |
568 | avatarfile: buildAbsoluteFixturePath('avatar.png') | |
569 | } | |
570 | await makeUploadRequest({ | |
571 | url: server.url, | |
572 | path: path + '/me/avatar/pick', | |
573 | fields, | |
574 | attaches, | |
575 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
576 | }) | |
577 | }) | |
578 | ||
579 | it('Should succeed with the correct params', async function () { | |
580 | const fields = {} | |
581 | const attaches = { | |
582 | avatarfile: buildAbsoluteFixturePath('avatar.png') | |
583 | } | |
584 | await makeUploadRequest({ | |
585 | url: server.url, | |
586 | path: path + '/me/avatar/pick', | |
587 | token: server.accessToken, | |
588 | fields, | |
589 | attaches, | |
590 | statusCodeExpected: HttpStatusCode.OK_200 | |
591 | }) | |
592 | }) | |
593 | }) | |
594 | ||
595 | describe('When managing my scoped tokens', function () { | |
596 | ||
597 | it('Should fail to get my scoped tokens with an non authenticated user', async function () { | |
598 | await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
599 | }) | |
600 | ||
601 | it('Should fail to get my scoped tokens with a bad token', async function () { | |
602 | await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
603 | ||
604 | }) | |
605 | ||
606 | it('Should succeed to get my scoped tokens', async function () { | |
607 | await server.users.getMyScopedTokens() | |
608 | }) | |
609 | ||
610 | it('Should fail to renew my scoped tokens with an non authenticated user', async function () { | |
611 | await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
612 | }) | |
613 | ||
614 | it('Should fail to renew my scoped tokens with a bad token', async function () { | |
615 | await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
616 | }) | |
617 | ||
618 | it('Should succeed to renew my scoped tokens', async function () { | |
619 | await server.users.renewMyScopedTokens() | |
620 | }) | |
621 | }) | |
622 | ||
623 | describe('When getting a user', function () { | |
624 | ||
625 | it('Should fail with an non authenticated user', async function () { | |
626 | await makeGetRequest({ | |
627 | url: server.url, | |
628 | path: path + userId, | |
629 | token: 'super token', | |
630 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
631 | }) | |
632 | }) | |
633 | ||
634 | it('Should fail with a non admin user', async function () { | |
635 | await makeGetRequest({ url: server.url, path, token: userToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) | |
636 | }) | |
637 | ||
638 | it('Should succeed with the correct params', async function () { | |
639 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 }) | |
640 | }) | |
641 | }) | |
642 | ||
643 | describe('When updating a user', function () { | |
644 | ||
645 | it('Should fail with an invalid email attribute', async function () { | |
646 | const fields = { | |
647 | email: 'blabla' | |
648 | } | |
649 | ||
650 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
651 | }) | |
652 | ||
653 | it('Should fail with an invalid emailVerified attribute', async function () { | |
654 | const fields = { | |
655 | emailVerified: 'yes' | |
656 | } | |
657 | ||
658 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
659 | }) | |
660 | ||
661 | it('Should fail with an invalid videoQuota attribute', async function () { | |
662 | const fields = { | |
663 | videoQuota: -90 | |
664 | } | |
665 | ||
666 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
667 | }) | |
668 | ||
669 | it('Should fail with an invalid user role attribute', async function () { | |
670 | const fields = { | |
671 | role: 54878 | |
672 | } | |
673 | ||
674 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
675 | }) | |
676 | ||
677 | it('Should fail with a too small password', async function () { | |
678 | const fields = { | |
679 | currentPassword: 'password', | |
680 | password: 'bla' | |
681 | } | |
682 | ||
683 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
684 | }) | |
685 | ||
686 | it('Should fail with a too long password', async function () { | |
687 | const fields = { | |
688 | currentPassword: 'password', | |
689 | password: 'super'.repeat(61) | |
690 | } | |
691 | ||
692 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
693 | }) | |
694 | ||
695 | it('Should fail with an non authenticated user', async function () { | |
696 | const fields = { | |
697 | videoQuota: 42 | |
698 | } | |
699 | ||
700 | await makePutBodyRequest({ | |
701 | url: server.url, | |
702 | path: path + userId, | |
703 | token: 'super token', | |
704 | fields, | |
705 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
706 | }) | |
707 | }) | |
708 | ||
709 | it('Should fail when updating root role', async function () { | |
710 | const fields = { | |
711 | role: UserRole.MODERATOR | |
712 | } | |
713 | ||
714 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | |
715 | }) | |
716 | ||
717 | it('Should fail with invalid admin flags', async function () { | |
718 | const fields = { adminFlags: 'toto' } | |
719 | ||
720 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
721 | }) | |
722 | ||
723 | it('Should fail to update an admin with a moderator', async function () { | |
724 | const fields = { | |
725 | videoQuota: 42 | |
726 | } | |
727 | ||
728 | await makePutBodyRequest({ | |
729 | url: server.url, | |
730 | path: path + moderatorId, | |
731 | token: moderatorToken, | |
732 | fields, | |
733 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
734 | }) | |
735 | }) | |
736 | ||
737 | it('Should succeed to update a user with a moderator', async function () { | |
738 | const fields = { | |
739 | videoQuota: 42 | |
740 | } | |
741 | ||
742 | await makePutBodyRequest({ | |
743 | url: server.url, | |
744 | path: path + userId, | |
745 | token: moderatorToken, | |
746 | fields, | |
747 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
748 | }) | |
749 | }) | |
750 | ||
751 | it('Should succeed with the correct params', async function () { | |
752 | const fields = { | |
753 | email: 'email@example.com', | |
754 | emailVerified: true, | |
755 | videoQuota: 42, | |
756 | role: UserRole.USER | |
757 | } | |
758 | ||
759 | await makePutBodyRequest({ | |
760 | url: server.url, | |
761 | path: path + userId, | |
762 | token: server.accessToken, | |
763 | fields, | |
764 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
765 | }) | |
766 | }) | |
767 | }) | |
768 | ||
769 | describe('When getting my information', function () { | |
770 | it('Should fail with a non authenticated user', async function () { | |
771 | await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
772 | }) | |
773 | ||
774 | it('Should success with the correct parameters', async function () { | |
775 | await server.users.getMyInfo({ token: userToken }) | |
776 | }) | |
777 | }) | |
778 | ||
779 | describe('When getting my video rating', function () { | |
780 | let command: UsersCommand | |
781 | ||
782 | before(function () { | |
783 | command = server.users | |
784 | }) | |
785 | ||
786 | it('Should fail with a non authenticated user', async function () { | |
787 | await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
788 | }) | |
789 | ||
790 | it('Should fail with an incorrect video uuid', async function () { | |
791 | await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
792 | }) | |
793 | ||
794 | it('Should fail with an unknown video', async function () { | |
795 | await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 }) | |
796 | }) | |
797 | ||
798 | it('Should succeed with the correct parameters', async function () { | |
799 | await command.getMyRating({ videoId: video.id }) | |
800 | await command.getMyRating({ videoId: video.uuid }) | |
801 | await command.getMyRating({ videoId: video.shortUUID }) | |
802 | }) | |
803 | }) | |
804 | ||
805 | describe('When retrieving my global ratings', function () { | |
806 | const path = '/api/v1/accounts/user1/ratings' | |
807 | ||
808 | it('Should fail with a bad start pagination', async function () { | |
809 | await checkBadStartPagination(server.url, path, userToken) | |
810 | }) | |
811 | ||
812 | it('Should fail with a bad count pagination', async function () { | |
813 | await checkBadCountPagination(server.url, path, userToken) | |
814 | }) | |
815 | ||
816 | it('Should fail with an incorrect sort', async function () { | |
817 | await checkBadSortPagination(server.url, path, userToken) | |
818 | }) | |
819 | ||
820 | it('Should fail with a unauthenticated user', async function () { | |
821 | await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) | |
822 | }) | |
823 | ||
824 | it('Should fail with a another user', async function () { | |
825 | await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) | |
826 | }) | |
827 | ||
828 | it('Should fail with a bad type', async function () { | |
829 | await makeGetRequest({ | |
830 | url: server.url, | |
831 | path, | |
832 | token: userToken, | |
833 | query: { rating: 'toto ' }, | |
834 | statusCodeExpected: HttpStatusCode.BAD_REQUEST_400 | |
835 | }) | |
836 | }) | |
837 | ||
838 | it('Should succeed with the correct params', async function () { | |
839 | await makeGetRequest({ url: server.url, path, token: userToken, statusCodeExpected: HttpStatusCode.OK_200 }) | |
840 | }) | |
841 | }) | |
842 | ||
843 | describe('When blocking/unblocking/removing user', function () { | |
844 | ||
845 | it('Should fail with an incorrect id', async function () { | |
846 | const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 } | |
847 | ||
848 | await server.users.remove(options) | |
849 | await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
850 | await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
851 | }) | |
852 | ||
853 | it('Should fail with the root user', async function () { | |
854 | const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 } | |
855 | ||
856 | await server.users.remove(options) | |
857 | await server.users.banUser(options) | |
858 | await server.users.unbanUser(options) | |
859 | }) | |
860 | ||
861 | it('Should return 404 with a non existing id', async function () { | |
862 | const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 } | |
863 | ||
864 | await server.users.remove(options) | |
865 | await server.users.banUser(options) | |
866 | await server.users.unbanUser(options) | |
867 | }) | |
868 | ||
869 | it('Should fail with a non admin user', async function () { | |
870 | const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 } | |
871 | ||
872 | await server.users.remove(options) | |
873 | await server.users.banUser(options) | |
874 | await server.users.unbanUser(options) | |
875 | }) | |
876 | ||
877 | it('Should fail on a moderator with a moderator', async function () { | |
878 | const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 } | |
879 | ||
880 | await server.users.remove(options) | |
881 | await server.users.banUser(options) | |
882 | await server.users.unbanUser(options) | |
883 | }) | |
884 | ||
885 | it('Should succeed on a user with a moderator', async function () { | |
886 | const options = { userId, token: moderatorToken } | |
887 | ||
888 | await server.users.banUser(options) | |
889 | await server.users.unbanUser(options) | |
890 | }) | |
891 | }) | |
892 | ||
893 | describe('When deleting our account', function () { | |
894 | it('Should fail with with the root account', async function () { | |
895 | await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
896 | }) | |
897 | }) | |
898 | ||
899 | describe('When registering a new user', function () { | |
900 | const registrationPath = path + '/register' | |
901 | const baseCorrectParams = { | |
902 | username: 'user3', | |
903 | displayName: 'super user', | |
904 | email: 'test3@example.com', | |
905 | password: 'my super password' | |
906 | } | |
907 | ||
908 | it('Should fail with a too small username', async function () { | |
909 | const fields = { ...baseCorrectParams, username: '' } | |
910 | ||
911 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
912 | }) | |
913 | ||
914 | it('Should fail with a too long username', async function () { | |
915 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | |
916 | ||
917 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
918 | }) | |
919 | ||
920 | it('Should fail with an incorrect username', async function () { | |
921 | const fields = { ...baseCorrectParams, username: 'my username' } | |
922 | ||
923 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
924 | }) | |
925 | ||
926 | it('Should fail with a missing email', async function () { | |
927 | const fields = omit(baseCorrectParams, 'email') | |
928 | ||
929 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
930 | }) | |
931 | ||
932 | it('Should fail with an invalid email', async function () { | |
933 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | |
934 | ||
935 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
936 | }) | |
937 | ||
938 | it('Should fail with a too small password', async function () { | |
939 | const fields = { ...baseCorrectParams, password: 'bla' } | |
940 | ||
941 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
942 | }) | |
943 | ||
944 | it('Should fail with a too long password', async function () { | |
945 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | |
946 | ||
947 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
948 | }) | |
949 | ||
950 | it('Should fail if we register a user with the same username', async function () { | |
951 | const fields = { ...baseCorrectParams, username: 'root' } | |
952 | ||
953 | await makePostBodyRequest({ | |
954 | url: server.url, | |
955 | path: registrationPath, | |
956 | token: server.accessToken, | |
957 | fields, | |
958 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
959 | }) | |
960 | }) | |
961 | ||
962 | it('Should fail with a "peertube" username', async function () { | |
963 | const fields = { ...baseCorrectParams, username: 'peertube' } | |
964 | ||
965 | await makePostBodyRequest({ | |
966 | url: server.url, | |
967 | path: registrationPath, | |
968 | token: server.accessToken, | |
969 | fields, | |
970 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
971 | }) | |
972 | }) | |
973 | ||
974 | it('Should fail if we register a user with the same email', async function () { | |
975 | const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' } | |
976 | ||
977 | await makePostBodyRequest({ | |
978 | url: server.url, | |
979 | path: registrationPath, | |
980 | token: server.accessToken, | |
981 | fields, | |
982 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
983 | }) | |
984 | }) | |
985 | ||
986 | it('Should fail with a bad display name', async function () { | |
987 | const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) } | |
988 | ||
989 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
990 | }) | |
991 | ||
992 | it('Should fail with a bad channel name', async function () { | |
993 | const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } } | |
994 | ||
995 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
996 | }) | |
997 | ||
998 | it('Should fail with a bad channel display name', async function () { | |
999 | const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } } | |
1000 | ||
1001 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1002 | }) | |
1003 | ||
1004 | it('Should fail with a channel name that is the same as username', async function () { | |
1005 | const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } } | |
1006 | const fields = { ...baseCorrectParams, ...source } | |
1007 | ||
1008 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1009 | }) | |
1010 | ||
1011 | it('Should fail with an existing channel', async function () { | |
1012 | const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' } | |
1013 | await server.channels.create({ attributes }) | |
1014 | ||
1015 | const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } } | |
1016 | ||
1017 | await makePostBodyRequest({ | |
1018 | url: server.url, | |
1019 | path: registrationPath, | |
1020 | token: server.accessToken, | |
1021 | fields, | |
1022 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
1023 | }) | |
1024 | }) | |
1025 | ||
1026 | it('Should succeed with the correct params', async function () { | |
1027 | const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } } | |
1028 | ||
1029 | await makePostBodyRequest({ | |
1030 | url: server.url, | |
1031 | path: registrationPath, | |
1032 | token: server.accessToken, | |
1033 | fields: fields, | |
1034 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
1035 | }) | |
1036 | }) | |
1037 | ||
1038 | it('Should fail on a server with registration disabled', async function () { | |
1039 | const fields = { | |
1040 | username: 'user4', | |
1041 | email: 'test4@example.com', | |
1042 | password: 'my super password 4' | |
1043 | } | |
1044 | ||
1045 | await makePostBodyRequest({ | |
1046 | url: serverWithRegistrationDisabled.url, | |
1047 | path: registrationPath, | |
1048 | token: serverWithRegistrationDisabled.accessToken, | |
1049 | fields, | |
1050 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
1051 | }) | |
1052 | }) | |
1053 | }) | |
1054 | ||
1055 | describe('When registering multiple users on a server with users limit', function () { | |
1056 | it('Should fail when after 3 registrations', async function () { | |
1057 | await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
1058 | }) | |
1059 | }) | |
1060 | ||
1061 | describe('When asking a password reset', function () { | |
1062 | const path = '/api/v1/users/ask-reset-password' | |
1063 | ||
1064 | it('Should fail with a missing email', async function () { | |
1065 | const fields = {} | |
1066 | ||
1067 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1068 | }) | |
1069 | ||
1070 | it('Should fail with an invalid email', async function () { | |
1071 | const fields = { email: 'hello' } | |
1072 | ||
1073 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1074 | }) | |
1075 | ||
1076 | it('Should success with the correct params', async function () { | |
1077 | const fields = { email: 'admin@example.com' } | |
1078 | ||
1079 | await makePostBodyRequest({ | |
1080 | url: server.url, | |
1081 | path, | |
1082 | token: server.accessToken, | |
1083 | fields, | |
1084 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
1085 | }) | |
1086 | }) | |
1087 | }) | |
1088 | ||
1089 | describe('When asking for an account verification email', function () { | |
1090 | const path = '/api/v1/users/ask-send-verify-email' | |
1091 | ||
1092 | it('Should fail with a missing email', async function () { | |
1093 | const fields = {} | |
1094 | ||
1095 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1096 | }) | |
1097 | ||
1098 | it('Should fail with an invalid email', async function () { | |
1099 | const fields = { email: 'hello' } | |
1100 | ||
1101 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1102 | }) | |
1103 | ||
1104 | it('Should succeed with the correct params', async function () { | |
1105 | const fields = { email: 'admin@example.com' } | |
1106 | ||
1107 | await makePostBodyRequest({ | |
1108 | url: server.url, | |
1109 | path, | |
1110 | token: server.accessToken, | |
1111 | fields, | |
1112 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
1113 | }) | |
1114 | }) | |
1115 | }) | |
1116 | ||
1117 | after(async function () { | |
1118 | MockSmtpServer.Instance.kill() | |
1119 | ||
1120 | await cleanupTests([ server, serverWithRegistrationDisabled ]) | |
1121 | }) | |
1122 | }) |