]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import 'mocha' | |
4 | import { omit } from 'lodash' | |
5 | import { User, UserRole, VideoCreateResult } from '../../../../shared' | |
6 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | |
7 | import { | |
8 | addVideoChannel, | |
9 | blockUser, | |
10 | buildAbsoluteFixturePath, | |
11 | cleanupTests, | |
12 | createUser, | |
13 | deleteMe, | |
14 | flushAndRunServer, | |
15 | getMyUserInformation, | |
16 | getMyUserVideoRating, | |
17 | getUserScopedTokens, | |
18 | getUsersList, | |
19 | immutableAssign, | |
20 | killallServers, | |
21 | makeGetRequest, | |
22 | makePostBodyRequest, | |
23 | makePutBodyRequest, | |
24 | makeUploadRequest, | |
25 | registerUser, | |
26 | removeUser, | |
27 | renewUserScopedTokens, | |
28 | reRunServer, | |
29 | ServerInfo, | |
30 | setAccessTokensToServers, | |
31 | unblockUser, | |
32 | uploadVideo, | |
33 | userLogin | |
34 | } from '../../../../shared/extra-utils' | |
35 | import { MockSmtpServer } from '../../../../shared/extra-utils/mock-servers/mock-email' | |
36 | import { | |
37 | checkBadCountPagination, | |
38 | checkBadSortPagination, | |
39 | checkBadStartPagination | |
40 | } from '../../../../shared/extra-utils/requests/check-api-params' | |
41 | import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' | |
42 | ||
43 | describe('Test users API validators', function () { | |
44 | const path = '/api/v1/users/' | |
45 | let userId: number | |
46 | let rootId: number | |
47 | let moderatorId: number | |
48 | let video: VideoCreateResult | |
49 | let server: ServerInfo | |
50 | let serverWithRegistrationDisabled: ServerInfo | |
51 | let userAccessToken = '' | |
52 | let moderatorAccessToken = '' | |
53 | let emailPort: number | |
54 | let overrideConfig: Object | |
55 | ||
56 | // --------------------------------------------------------------- | |
57 | ||
58 | before(async function () { | |
59 | this.timeout(30000) | |
60 | ||
61 | const emails: object[] = [] | |
62 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | |
63 | ||
64 | overrideConfig = { signup: { limit: 8 } } | |
65 | ||
66 | { | |
67 | const res = await Promise.all([ | |
68 | flushAndRunServer(1, overrideConfig), | |
69 | flushAndRunServer(2) | |
70 | ]) | |
71 | ||
72 | server = res[0] | |
73 | serverWithRegistrationDisabled = res[1] | |
74 | ||
75 | await setAccessTokensToServers([ server ]) | |
76 | } | |
77 | ||
78 | { | |
79 | const user = { | |
80 | username: 'user1', | |
81 | password: 'my super password' | |
82 | } | |
83 | ||
84 | const videoQuota = 42000000 | |
85 | await createUser({ | |
86 | url: server.url, | |
87 | accessToken: server.accessToken, | |
88 | username: user.username, | |
89 | password: user.password, | |
90 | videoQuota: videoQuota | |
91 | }) | |
92 | userAccessToken = await userLogin(server, user) | |
93 | } | |
94 | ||
95 | { | |
96 | const moderator = { | |
97 | username: 'moderator1', | |
98 | password: 'super password' | |
99 | } | |
100 | ||
101 | await createUser({ | |
102 | url: server.url, | |
103 | accessToken: server.accessToken, | |
104 | username: moderator.username, | |
105 | password: moderator.password, | |
106 | role: UserRole.MODERATOR | |
107 | }) | |
108 | ||
109 | moderatorAccessToken = await userLogin(server, moderator) | |
110 | } | |
111 | ||
112 | { | |
113 | const moderator = { | |
114 | username: 'moderator2', | |
115 | password: 'super password' | |
116 | } | |
117 | ||
118 | await createUser({ | |
119 | url: server.url, | |
120 | accessToken: server.accessToken, | |
121 | username: moderator.username, | |
122 | password: moderator.password, | |
123 | role: UserRole.MODERATOR | |
124 | }) | |
125 | } | |
126 | ||
127 | { | |
128 | const res = await uploadVideo(server.url, server.accessToken, {}) | |
129 | video = res.body.video | |
130 | } | |
131 | ||
132 | { | |
133 | const res = await getUsersList(server.url, server.accessToken) | |
134 | const users: User[] = res.body.data | |
135 | ||
136 | userId = users.find(u => u.username === 'user1').id | |
137 | rootId = users.find(u => u.username === 'root').id | |
138 | moderatorId = users.find(u => u.username === 'moderator2').id | |
139 | } | |
140 | }) | |
141 | ||
142 | describe('When listing users', function () { | |
143 | it('Should fail with a bad start pagination', async function () { | |
144 | await checkBadStartPagination(server.url, path, server.accessToken) | |
145 | }) | |
146 | ||
147 | it('Should fail with a bad count pagination', async function () { | |
148 | await checkBadCountPagination(server.url, path, server.accessToken) | |
149 | }) | |
150 | ||
151 | it('Should fail with an incorrect sort', async function () { | |
152 | await checkBadSortPagination(server.url, path, server.accessToken) | |
153 | }) | |
154 | ||
155 | it('Should fail with a non authenticated user', async function () { | |
156 | await makeGetRequest({ | |
157 | url: server.url, | |
158 | path, | |
159 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
160 | }) | |
161 | }) | |
162 | ||
163 | it('Should fail with a non admin user', async function () { | |
164 | await makeGetRequest({ | |
165 | url: server.url, | |
166 | path, | |
167 | token: userAccessToken, | |
168 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
169 | }) | |
170 | }) | |
171 | }) | |
172 | ||
173 | describe('When adding a new user', function () { | |
174 | const baseCorrectParams = { | |
175 | username: 'user2', | |
176 | email: 'test@example.com', | |
177 | password: 'my super password', | |
178 | videoQuota: -1, | |
179 | videoQuotaDaily: -1, | |
180 | role: UserRole.USER, | |
181 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | |
182 | } | |
183 | ||
184 | it('Should fail with a too small username', async function () { | |
185 | const fields = immutableAssign(baseCorrectParams, { username: '' }) | |
186 | ||
187 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
188 | }) | |
189 | ||
190 | it('Should fail with a too long username', async function () { | |
191 | const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) | |
192 | ||
193 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
194 | }) | |
195 | ||
196 | it('Should fail with a not lowercase username', async function () { | |
197 | const fields = immutableAssign(baseCorrectParams, { username: 'Toto' }) | |
198 | ||
199 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
200 | }) | |
201 | ||
202 | it('Should fail with an incorrect username', async function () { | |
203 | const fields = immutableAssign(baseCorrectParams, { username: 'my username' }) | |
204 | ||
205 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
206 | }) | |
207 | ||
208 | it('Should fail with a missing email', async function () { | |
209 | const fields = omit(baseCorrectParams, 'email') | |
210 | ||
211 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
212 | }) | |
213 | ||
214 | it('Should fail with an invalid email', async function () { | |
215 | const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' }) | |
216 | ||
217 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
218 | }) | |
219 | ||
220 | it('Should fail with a too small password', async function () { | |
221 | const fields = immutableAssign(baseCorrectParams, { password: 'bla' }) | |
222 | ||
223 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
224 | }) | |
225 | ||
226 | it('Should fail with a too long password', async function () { | |
227 | const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) }) | |
228 | ||
229 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
230 | }) | |
231 | ||
232 | it('Should fail with empty password and no smtp configured', async function () { | |
233 | const fields = immutableAssign(baseCorrectParams, { password: '' }) | |
234 | ||
235 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
236 | }) | |
237 | ||
238 | it('Should succeed with no password on a server with smtp enabled', async function () { | |
239 | this.timeout(20000) | |
240 | ||
241 | killallServers([ server ]) | |
242 | ||
243 | const config = immutableAssign(overrideConfig, { | |
244 | smtp: { | |
245 | hostname: 'localhost', | |
246 | port: emailPort | |
247 | } | |
248 | }) | |
249 | await reRunServer(server, config) | |
250 | ||
251 | const fields = immutableAssign(baseCorrectParams, { | |
252 | password: '', | |
253 | username: 'create_password', | |
254 | email: 'create_password@example.com' | |
255 | }) | |
256 | ||
257 | await makePostBodyRequest({ | |
258 | url: server.url, | |
259 | path: path, | |
260 | token: server.accessToken, | |
261 | fields, | |
262 | statusCodeExpected: HttpStatusCode.OK_200 | |
263 | }) | |
264 | }) | |
265 | ||
266 | it('Should fail with invalid admin flags', async function () { | |
267 | const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' }) | |
268 | ||
269 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
270 | }) | |
271 | ||
272 | it('Should fail with an non authenticated user', async function () { | |
273 | await makePostBodyRequest({ | |
274 | url: server.url, | |
275 | path, | |
276 | token: 'super token', | |
277 | fields: baseCorrectParams, | |
278 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
279 | }) | |
280 | }) | |
281 | ||
282 | it('Should fail if we add a user with the same username', async function () { | |
283 | const fields = immutableAssign(baseCorrectParams, { username: 'user1' }) | |
284 | ||
285 | await makePostBodyRequest({ | |
286 | url: server.url, | |
287 | path, | |
288 | token: server.accessToken, | |
289 | fields, | |
290 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
291 | }) | |
292 | }) | |
293 | ||
294 | it('Should fail if we add a user with the same email', async function () { | |
295 | const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' }) | |
296 | ||
297 | await makePostBodyRequest({ | |
298 | url: server.url, | |
299 | path, | |
300 | token: server.accessToken, | |
301 | fields, | |
302 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
303 | }) | |
304 | }) | |
305 | ||
306 | it('Should fail without a videoQuota', async function () { | |
307 | const fields = omit(baseCorrectParams, 'videoQuota') | |
308 | ||
309 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
310 | }) | |
311 | ||
312 | it('Should fail without a videoQuotaDaily', async function () { | |
313 | const fields = omit(baseCorrectParams, 'videoQuotaDaily') | |
314 | ||
315 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
316 | }) | |
317 | ||
318 | it('Should fail with an invalid videoQuota', async function () { | |
319 | const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 }) | |
320 | ||
321 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
322 | }) | |
323 | ||
324 | it('Should fail with an invalid videoQuotaDaily', async function () { | |
325 | const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 }) | |
326 | ||
327 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
328 | }) | |
329 | ||
330 | it('Should fail without a user role', async function () { | |
331 | const fields = omit(baseCorrectParams, 'role') | |
332 | ||
333 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
334 | }) | |
335 | ||
336 | it('Should fail with an invalid user role', async function () { | |
337 | const fields = immutableAssign(baseCorrectParams, { role: 88989 }) | |
338 | ||
339 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
340 | }) | |
341 | ||
342 | it('Should fail with a "peertube" username', async function () { | |
343 | const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) | |
344 | ||
345 | await makePostBodyRequest({ | |
346 | url: server.url, | |
347 | path, | |
348 | token: server.accessToken, | |
349 | fields, | |
350 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
351 | }) | |
352 | }) | |
353 | ||
354 | it('Should fail to create a moderator or an admin with a moderator', async function () { | |
355 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | |
356 | const fields = immutableAssign(baseCorrectParams, { role }) | |
357 | ||
358 | await makePostBodyRequest({ | |
359 | url: server.url, | |
360 | path, | |
361 | token: moderatorAccessToken, | |
362 | fields, | |
363 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
364 | }) | |
365 | } | |
366 | }) | |
367 | ||
368 | it('Should succeed to create a user with a moderator', async function () { | |
369 | const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }) | |
370 | ||
371 | await makePostBodyRequest({ | |
372 | url: server.url, | |
373 | path, | |
374 | token: moderatorAccessToken, | |
375 | fields, | |
376 | statusCodeExpected: HttpStatusCode.OK_200 | |
377 | }) | |
378 | }) | |
379 | ||
380 | it('Should succeed with the correct params', async function () { | |
381 | await makePostBodyRequest({ | |
382 | url: server.url, | |
383 | path, | |
384 | token: server.accessToken, | |
385 | fields: baseCorrectParams, | |
386 | statusCodeExpected: HttpStatusCode.OK_200 | |
387 | }) | |
388 | }) | |
389 | ||
390 | it('Should fail with a non admin user', async function () { | |
391 | const user = { | |
392 | username: 'user1', | |
393 | password: 'my super password' | |
394 | } | |
395 | userAccessToken = await userLogin(server, user) | |
396 | ||
397 | const fields = { | |
398 | username: 'user3', | |
399 | email: 'test@example.com', | |
400 | password: 'my super password', | |
401 | videoQuota: 42000000 | |
402 | } | |
403 | await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) | |
404 | }) | |
405 | }) | |
406 | ||
407 | describe('When updating my account', function () { | |
408 | it('Should fail with an invalid email attribute', async function () { | |
409 | const fields = { | |
410 | email: 'blabla' | |
411 | } | |
412 | ||
413 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields }) | |
414 | }) | |
415 | ||
416 | it('Should fail with a too small password', async function () { | |
417 | const fields = { | |
418 | currentPassword: 'my super password', | |
419 | password: 'bla' | |
420 | } | |
421 | ||
422 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
423 | }) | |
424 | ||
425 | it('Should fail with a too long password', async function () { | |
426 | const fields = { | |
427 | currentPassword: 'my super password', | |
428 | password: 'super'.repeat(61) | |
429 | } | |
430 | ||
431 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
432 | }) | |
433 | ||
434 | it('Should fail without the current password', async function () { | |
435 | const fields = { | |
436 | currentPassword: 'my super password', | |
437 | password: 'super'.repeat(61) | |
438 | } | |
439 | ||
440 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
441 | }) | |
442 | ||
443 | it('Should fail with an invalid current password', async function () { | |
444 | const fields = { | |
445 | currentPassword: 'my super password fail', | |
446 | password: 'super'.repeat(61) | |
447 | } | |
448 | ||
449 | await makePutBodyRequest({ | |
450 | url: server.url, | |
451 | path: path + 'me', | |
452 | token: userAccessToken, | |
453 | fields, | |
454 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
455 | }) | |
456 | }) | |
457 | ||
458 | it('Should fail with an invalid NSFW policy attribute', async function () { | |
459 | const fields = { | |
460 | nsfwPolicy: 'hello' | |
461 | } | |
462 | ||
463 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
464 | }) | |
465 | ||
466 | it('Should fail with an invalid autoPlayVideo attribute', async function () { | |
467 | const fields = { | |
468 | autoPlayVideo: -1 | |
469 | } | |
470 | ||
471 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
472 | }) | |
473 | ||
474 | it('Should fail with an invalid autoPlayNextVideo attribute', async function () { | |
475 | const fields = { | |
476 | autoPlayNextVideo: -1 | |
477 | } | |
478 | ||
479 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
480 | }) | |
481 | ||
482 | it('Should fail with an invalid videosHistoryEnabled attribute', async function () { | |
483 | const fields = { | |
484 | videosHistoryEnabled: -1 | |
485 | } | |
486 | ||
487 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
488 | }) | |
489 | ||
490 | it('Should fail with an non authenticated user', async function () { | |
491 | const fields = { | |
492 | currentPassword: 'my super password', | |
493 | password: 'my super password' | |
494 | } | |
495 | ||
496 | await makePutBodyRequest({ | |
497 | url: server.url, | |
498 | path: path + 'me', | |
499 | token: 'super token', | |
500 | fields, | |
501 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
502 | }) | |
503 | }) | |
504 | ||
505 | it('Should fail with a too long description', async function () { | |
506 | const fields = { | |
507 | description: 'super'.repeat(201) | |
508 | } | |
509 | ||
510 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
511 | }) | |
512 | ||
513 | it('Should fail with an invalid videoLanguages attribute', async function () { | |
514 | { | |
515 | const fields = { | |
516 | videoLanguages: 'toto' | |
517 | } | |
518 | ||
519 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
520 | } | |
521 | ||
522 | { | |
523 | const languages = [] | |
524 | for (let i = 0; i < 1000; i++) { | |
525 | languages.push('fr') | |
526 | } | |
527 | ||
528 | const fields = { | |
529 | videoLanguages: languages | |
530 | } | |
531 | ||
532 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
533 | } | |
534 | }) | |
535 | ||
536 | it('Should fail with an invalid theme', async function () { | |
537 | const fields = { theme: 'invalid' } | |
538 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
539 | }) | |
540 | ||
541 | it('Should fail with an unknown theme', async function () { | |
542 | const fields = { theme: 'peertube-theme-unknown' } | |
543 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
544 | }) | |
545 | ||
546 | it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () { | |
547 | const fields = { | |
548 | noInstanceConfigWarningModal: -1 | |
549 | } | |
550 | ||
551 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
552 | }) | |
553 | ||
554 | it('Should fail with an invalid noWelcomeModal attribute', async function () { | |
555 | const fields = { | |
556 | noWelcomeModal: -1 | |
557 | } | |
558 | ||
559 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) | |
560 | }) | |
561 | ||
562 | it('Should succeed to change password with the correct params', async function () { | |
563 | const fields = { | |
564 | currentPassword: 'my super password', | |
565 | password: 'my super password', | |
566 | nsfwPolicy: 'blur', | |
567 | autoPlayVideo: false, | |
568 | email: 'super_email@example.com', | |
569 | theme: 'default', | |
570 | noInstanceConfigWarningModal: true, | |
571 | noWelcomeModal: true | |
572 | } | |
573 | ||
574 | await makePutBodyRequest({ | |
575 | url: server.url, | |
576 | path: path + 'me', | |
577 | token: userAccessToken, | |
578 | fields, | |
579 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
580 | }) | |
581 | }) | |
582 | ||
583 | it('Should succeed without password change with the correct params', async function () { | |
584 | const fields = { | |
585 | nsfwPolicy: 'blur', | |
586 | autoPlayVideo: false | |
587 | } | |
588 | ||
589 | await makePutBodyRequest({ | |
590 | url: server.url, | |
591 | path: path + 'me', | |
592 | token: userAccessToken, | |
593 | fields, | |
594 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
595 | }) | |
596 | }) | |
597 | }) | |
598 | ||
599 | describe('When updating my avatar', function () { | |
600 | it('Should fail without an incorrect input file', async function () { | |
601 | const fields = {} | |
602 | const attaches = { | |
603 | avatarfile: buildAbsoluteFixturePath('video_short.mp4') | |
604 | } | |
605 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | |
606 | }) | |
607 | ||
608 | it('Should fail with a big file', async function () { | |
609 | const fields = {} | |
610 | const attaches = { | |
611 | avatarfile: buildAbsoluteFixturePath('avatar-big.png') | |
612 | } | |
613 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | |
614 | }) | |
615 | ||
616 | it('Should fail with an unauthenticated user', async function () { | |
617 | const fields = {} | |
618 | const attaches = { | |
619 | avatarfile: buildAbsoluteFixturePath('avatar.png') | |
620 | } | |
621 | await makeUploadRequest({ | |
622 | url: server.url, | |
623 | path: path + '/me/avatar/pick', | |
624 | fields, | |
625 | attaches, | |
626 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
627 | }) | |
628 | }) | |
629 | ||
630 | it('Should succeed with the correct params', async function () { | |
631 | const fields = {} | |
632 | const attaches = { | |
633 | avatarfile: buildAbsoluteFixturePath('avatar.png') | |
634 | } | |
635 | await makeUploadRequest({ | |
636 | url: server.url, | |
637 | path: path + '/me/avatar/pick', | |
638 | token: server.accessToken, | |
639 | fields, | |
640 | attaches, | |
641 | statusCodeExpected: HttpStatusCode.OK_200 | |
642 | }) | |
643 | }) | |
644 | }) | |
645 | ||
646 | describe('When managing my scoped tokens', function () { | |
647 | ||
648 | it('Should fail to get my scoped tokens with an non authenticated user', async function () { | |
649 | await getUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401) | |
650 | }) | |
651 | ||
652 | it('Should fail to get my scoped tokens with a bad token', async function () { | |
653 | await getUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401) | |
654 | ||
655 | }) | |
656 | ||
657 | it('Should succeed to get my scoped tokens', async function () { | |
658 | await getUserScopedTokens(server.url, server.accessToken) | |
659 | }) | |
660 | ||
661 | it('Should fail to renew my scoped tokens with an non authenticated user', async function () { | |
662 | await renewUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401) | |
663 | }) | |
664 | ||
665 | it('Should fail to renew my scoped tokens with a bad token', async function () { | |
666 | await renewUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401) | |
667 | }) | |
668 | ||
669 | it('Should succeed to renew my scoped tokens', async function () { | |
670 | await renewUserScopedTokens(server.url, server.accessToken) | |
671 | }) | |
672 | }) | |
673 | ||
674 | describe('When getting a user', function () { | |
675 | ||
676 | it('Should fail with an non authenticated user', async function () { | |
677 | await makeGetRequest({ | |
678 | url: server.url, | |
679 | path: path + userId, | |
680 | token: 'super token', | |
681 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
682 | }) | |
683 | }) | |
684 | ||
685 | it('Should fail with a non admin user', async function () { | |
686 | await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) | |
687 | }) | |
688 | ||
689 | it('Should succeed with the correct params', async function () { | |
690 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 }) | |
691 | }) | |
692 | }) | |
693 | ||
694 | describe('When updating a user', function () { | |
695 | ||
696 | it('Should fail with an invalid email attribute', async function () { | |
697 | const fields = { | |
698 | email: 'blabla' | |
699 | } | |
700 | ||
701 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
702 | }) | |
703 | ||
704 | it('Should fail with an invalid emailVerified attribute', async function () { | |
705 | const fields = { | |
706 | emailVerified: 'yes' | |
707 | } | |
708 | ||
709 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
710 | }) | |
711 | ||
712 | it('Should fail with an invalid videoQuota attribute', async function () { | |
713 | const fields = { | |
714 | videoQuota: -90 | |
715 | } | |
716 | ||
717 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
718 | }) | |
719 | ||
720 | it('Should fail with an invalid user role attribute', async function () { | |
721 | const fields = { | |
722 | role: 54878 | |
723 | } | |
724 | ||
725 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
726 | }) | |
727 | ||
728 | it('Should fail with a too small password', async function () { | |
729 | const fields = { | |
730 | currentPassword: 'my super password', | |
731 | password: 'bla' | |
732 | } | |
733 | ||
734 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
735 | }) | |
736 | ||
737 | it('Should fail with a too long password', async function () { | |
738 | const fields = { | |
739 | currentPassword: 'my super password', | |
740 | password: 'super'.repeat(61) | |
741 | } | |
742 | ||
743 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
744 | }) | |
745 | ||
746 | it('Should fail with an non authenticated user', async function () { | |
747 | const fields = { | |
748 | videoQuota: 42 | |
749 | } | |
750 | ||
751 | await makePutBodyRequest({ | |
752 | url: server.url, | |
753 | path: path + userId, | |
754 | token: 'super token', | |
755 | fields, | |
756 | statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 | |
757 | }) | |
758 | }) | |
759 | ||
760 | it('Should fail when updating root role', async function () { | |
761 | const fields = { | |
762 | role: UserRole.MODERATOR | |
763 | } | |
764 | ||
765 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | |
766 | }) | |
767 | ||
768 | it('Should fail with invalid admin flags', async function () { | |
769 | const fields = { adminFlags: 'toto' } | |
770 | ||
771 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
772 | }) | |
773 | ||
774 | it('Should fail to update an admin with a moderator', async function () { | |
775 | const fields = { | |
776 | videoQuota: 42 | |
777 | } | |
778 | ||
779 | await makePutBodyRequest({ | |
780 | url: server.url, | |
781 | path: path + moderatorId, | |
782 | token: moderatorAccessToken, | |
783 | fields, | |
784 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
785 | }) | |
786 | }) | |
787 | ||
788 | it('Should succeed to update a user with a moderator', async function () { | |
789 | const fields = { | |
790 | videoQuota: 42 | |
791 | } | |
792 | ||
793 | await makePutBodyRequest({ | |
794 | url: server.url, | |
795 | path: path + userId, | |
796 | token: moderatorAccessToken, | |
797 | fields, | |
798 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
799 | }) | |
800 | }) | |
801 | ||
802 | it('Should succeed with the correct params', async function () { | |
803 | const fields = { | |
804 | email: 'email@example.com', | |
805 | emailVerified: true, | |
806 | videoQuota: 42, | |
807 | role: UserRole.USER | |
808 | } | |
809 | ||
810 | await makePutBodyRequest({ | |
811 | url: server.url, | |
812 | path: path + userId, | |
813 | token: server.accessToken, | |
814 | fields, | |
815 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
816 | }) | |
817 | }) | |
818 | }) | |
819 | ||
820 | describe('When getting my information', function () { | |
821 | it('Should fail with a non authenticated user', async function () { | |
822 | await getMyUserInformation(server.url, 'fake_token', HttpStatusCode.UNAUTHORIZED_401) | |
823 | }) | |
824 | ||
825 | it('Should success with the correct parameters', async function () { | |
826 | await getMyUserInformation(server.url, userAccessToken) | |
827 | }) | |
828 | }) | |
829 | ||
830 | describe('When getting my video rating', function () { | |
831 | it('Should fail with a non authenticated user', async function () { | |
832 | await getMyUserVideoRating(server.url, 'fake_token', video.id, HttpStatusCode.UNAUTHORIZED_401) | |
833 | }) | |
834 | ||
835 | it('Should fail with an incorrect video uuid', async function () { | |
836 | await getMyUserVideoRating(server.url, server.accessToken, 'blabla', HttpStatusCode.BAD_REQUEST_400) | |
837 | }) | |
838 | ||
839 | it('Should fail with an unknown video', async function () { | |
840 | await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', HttpStatusCode.NOT_FOUND_404) | |
841 | }) | |
842 | ||
843 | it('Should succeed with the correct parameters', async function () { | |
844 | await getMyUserVideoRating(server.url, server.accessToken, video.id) | |
845 | await getMyUserVideoRating(server.url, server.accessToken, video.uuid) | |
846 | await getMyUserVideoRating(server.url, server.accessToken, video.shortUUID) | |
847 | }) | |
848 | }) | |
849 | ||
850 | describe('When retrieving my global ratings', function () { | |
851 | const path = '/api/v1/accounts/user1/ratings' | |
852 | ||
853 | it('Should fail with a bad start pagination', async function () { | |
854 | await checkBadStartPagination(server.url, path, userAccessToken) | |
855 | }) | |
856 | ||
857 | it('Should fail with a bad count pagination', async function () { | |
858 | await checkBadCountPagination(server.url, path, userAccessToken) | |
859 | }) | |
860 | ||
861 | it('Should fail with an incorrect sort', async function () { | |
862 | await checkBadSortPagination(server.url, path, userAccessToken) | |
863 | }) | |
864 | ||
865 | it('Should fail with a unauthenticated user', async function () { | |
866 | await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) | |
867 | }) | |
868 | ||
869 | it('Should fail with a another user', async function () { | |
870 | await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) | |
871 | }) | |
872 | ||
873 | it('Should fail with a bad type', async function () { | |
874 | await makeGetRequest({ | |
875 | url: server.url, | |
876 | path, | |
877 | token: userAccessToken, | |
878 | query: { rating: 'toto ' }, | |
879 | statusCodeExpected: HttpStatusCode.BAD_REQUEST_400 | |
880 | }) | |
881 | }) | |
882 | ||
883 | it('Should succeed with the correct params', async function () { | |
884 | await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.OK_200 }) | |
885 | }) | |
886 | }) | |
887 | ||
888 | describe('When blocking/unblocking/removing user', function () { | |
889 | it('Should fail with an incorrect id', async function () { | |
890 | await removeUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
891 | await blockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
892 | await unblockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
893 | }) | |
894 | ||
895 | it('Should fail with the root user', async function () { | |
896 | await removeUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
897 | await blockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
898 | await unblockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
899 | }) | |
900 | ||
901 | it('Should return 404 with a non existing id', async function () { | |
902 | await removeUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) | |
903 | await blockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) | |
904 | await unblockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) | |
905 | }) | |
906 | ||
907 | it('Should fail with a non admin user', async function () { | |
908 | await removeUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) | |
909 | await blockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) | |
910 | await unblockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) | |
911 | }) | |
912 | ||
913 | it('Should fail on a moderator with a moderator', async function () { | |
914 | await removeUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) | |
915 | await blockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) | |
916 | await unblockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) | |
917 | }) | |
918 | ||
919 | it('Should succeed on a user with a moderator', async function () { | |
920 | await blockUser(server.url, userId, moderatorAccessToken) | |
921 | await unblockUser(server.url, userId, moderatorAccessToken) | |
922 | }) | |
923 | }) | |
924 | ||
925 | describe('When deleting our account', function () { | |
926 | it('Should fail with with the root account', async function () { | |
927 | await deleteMe(server.url, server.accessToken, HttpStatusCode.BAD_REQUEST_400) | |
928 | }) | |
929 | }) | |
930 | ||
931 | describe('When registering a new user', function () { | |
932 | const registrationPath = path + '/register' | |
933 | const baseCorrectParams = { | |
934 | username: 'user3', | |
935 | displayName: 'super user', | |
936 | email: 'test3@example.com', | |
937 | password: 'my super password' | |
938 | } | |
939 | ||
940 | it('Should fail with a too small username', async function () { | |
941 | const fields = immutableAssign(baseCorrectParams, { username: '' }) | |
942 | ||
943 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
944 | }) | |
945 | ||
946 | it('Should fail with a too long username', async function () { | |
947 | const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) | |
948 | ||
949 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
950 | }) | |
951 | ||
952 | it('Should fail with an incorrect username', async function () { | |
953 | const fields = immutableAssign(baseCorrectParams, { username: 'my username' }) | |
954 | ||
955 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
956 | }) | |
957 | ||
958 | it('Should fail with a missing email', async function () { | |
959 | const fields = omit(baseCorrectParams, 'email') | |
960 | ||
961 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
962 | }) | |
963 | ||
964 | it('Should fail with an invalid email', async function () { | |
965 | const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' }) | |
966 | ||
967 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
968 | }) | |
969 | ||
970 | it('Should fail with a too small password', async function () { | |
971 | const fields = immutableAssign(baseCorrectParams, { password: 'bla' }) | |
972 | ||
973 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
974 | }) | |
975 | ||
976 | it('Should fail with a too long password', async function () { | |
977 | const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) }) | |
978 | ||
979 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
980 | }) | |
981 | ||
982 | it('Should fail if we register a user with the same username', async function () { | |
983 | const fields = immutableAssign(baseCorrectParams, { username: 'root' }) | |
984 | ||
985 | await makePostBodyRequest({ | |
986 | url: server.url, | |
987 | path: registrationPath, | |
988 | token: server.accessToken, | |
989 | fields, | |
990 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
991 | }) | |
992 | }) | |
993 | ||
994 | it('Should fail with a "peertube" username', async function () { | |
995 | const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) | |
996 | ||
997 | await makePostBodyRequest({ | |
998 | url: server.url, | |
999 | path: registrationPath, | |
1000 | token: server.accessToken, | |
1001 | fields, | |
1002 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
1003 | }) | |
1004 | }) | |
1005 | ||
1006 | it('Should fail if we register a user with the same email', async function () { | |
1007 | const fields = immutableAssign(baseCorrectParams, { email: 'admin' + server.internalServerNumber + '@example.com' }) | |
1008 | ||
1009 | await makePostBodyRequest({ | |
1010 | url: server.url, | |
1011 | path: registrationPath, | |
1012 | token: server.accessToken, | |
1013 | fields, | |
1014 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
1015 | }) | |
1016 | }) | |
1017 | ||
1018 | it('Should fail with a bad display name', async function () { | |
1019 | const fields = immutableAssign(baseCorrectParams, { displayName: 'a'.repeat(150) }) | |
1020 | ||
1021 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1022 | }) | |
1023 | ||
1024 | it('Should fail with a bad channel name', async function () { | |
1025 | const fields = immutableAssign(baseCorrectParams, { channel: { name: '[]azf', displayName: 'toto' } }) | |
1026 | ||
1027 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1028 | }) | |
1029 | ||
1030 | it('Should fail with a bad channel display name', async function () { | |
1031 | const fields = immutableAssign(baseCorrectParams, { channel: { name: 'toto', displayName: '' } }) | |
1032 | ||
1033 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1034 | }) | |
1035 | ||
1036 | it('Should fail with a channel name that is the same as username', async function () { | |
1037 | const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } } | |
1038 | const fields = immutableAssign(baseCorrectParams, source) | |
1039 | ||
1040 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1041 | }) | |
1042 | ||
1043 | it('Should fail with an existing channel', async function () { | |
1044 | const videoChannelAttributesArg = { name: 'existing_channel', displayName: 'hello', description: 'super description' } | |
1045 | await addVideoChannel(server.url, server.accessToken, videoChannelAttributesArg) | |
1046 | ||
1047 | const fields = immutableAssign(baseCorrectParams, { channel: { name: 'existing_channel', displayName: 'toto' } }) | |
1048 | ||
1049 | await makePostBodyRequest({ | |
1050 | url: server.url, | |
1051 | path: registrationPath, | |
1052 | token: server.accessToken, | |
1053 | fields, | |
1054 | statusCodeExpected: HttpStatusCode.CONFLICT_409 | |
1055 | }) | |
1056 | }) | |
1057 | ||
1058 | it('Should succeed with the correct params', async function () { | |
1059 | const fields = immutableAssign(baseCorrectParams, { channel: { name: 'super_channel', displayName: 'toto' } }) | |
1060 | ||
1061 | await makePostBodyRequest({ | |
1062 | url: server.url, | |
1063 | path: registrationPath, | |
1064 | token: server.accessToken, | |
1065 | fields: fields, | |
1066 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
1067 | }) | |
1068 | }) | |
1069 | ||
1070 | it('Should fail on a server with registration disabled', async function () { | |
1071 | const fields = { | |
1072 | username: 'user4', | |
1073 | email: 'test4@example.com', | |
1074 | password: 'my super password 4' | |
1075 | } | |
1076 | ||
1077 | await makePostBodyRequest({ | |
1078 | url: serverWithRegistrationDisabled.url, | |
1079 | path: registrationPath, | |
1080 | token: serverWithRegistrationDisabled.accessToken, | |
1081 | fields, | |
1082 | statusCodeExpected: HttpStatusCode.FORBIDDEN_403 | |
1083 | }) | |
1084 | }) | |
1085 | }) | |
1086 | ||
1087 | describe('When registering multiple users on a server with users limit', function () { | |
1088 | it('Should fail when after 3 registrations', async function () { | |
1089 | await registerUser(server.url, 'user42', 'super password', HttpStatusCode.FORBIDDEN_403) | |
1090 | }) | |
1091 | }) | |
1092 | ||
1093 | describe('When asking a password reset', function () { | |
1094 | const path = '/api/v1/users/ask-reset-password' | |
1095 | ||
1096 | it('Should fail with a missing email', async function () { | |
1097 | const fields = {} | |
1098 | ||
1099 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1100 | }) | |
1101 | ||
1102 | it('Should fail with an invalid email', async function () { | |
1103 | const fields = { email: 'hello' } | |
1104 | ||
1105 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1106 | }) | |
1107 | ||
1108 | it('Should success with the correct params', async function () { | |
1109 | const fields = { email: 'admin@example.com' } | |
1110 | ||
1111 | await makePostBodyRequest({ | |
1112 | url: server.url, | |
1113 | path, | |
1114 | token: server.accessToken, | |
1115 | fields, | |
1116 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
1117 | }) | |
1118 | }) | |
1119 | }) | |
1120 | ||
1121 | describe('When asking for an account verification email', function () { | |
1122 | const path = '/api/v1/users/ask-send-verify-email' | |
1123 | ||
1124 | it('Should fail with a missing email', async function () { | |
1125 | const fields = {} | |
1126 | ||
1127 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1128 | }) | |
1129 | ||
1130 | it('Should fail with an invalid email', async function () { | |
1131 | const fields = { email: 'hello' } | |
1132 | ||
1133 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1134 | }) | |
1135 | ||
1136 | it('Should succeed with the correct params', async function () { | |
1137 | const fields = { email: 'admin@example.com' } | |
1138 | ||
1139 | await makePostBodyRequest({ | |
1140 | url: server.url, | |
1141 | path, | |
1142 | token: server.accessToken, | |
1143 | fields, | |
1144 | statusCodeExpected: HttpStatusCode.NO_CONTENT_204 | |
1145 | }) | |
1146 | }) | |
1147 | }) | |
1148 | ||
1149 | after(async function () { | |
1150 | MockSmtpServer.Instance.kill() | |
1151 | ||
1152 | await cleanupTests([ server, serverWithRegistrationDisabled ]) | |
1153 | }) | |
1154 | }) |