]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import 'mocha' | |
4 | import { omit } from 'lodash' | |
5 | import { | |
6 | buildAbsoluteFixturePath, | |
7 | checkBadCountPagination, | |
8 | checkBadSortPagination, | |
9 | checkBadStartPagination, | |
10 | cleanupTests, | |
11 | createSingleServer, | |
12 | killallServers, | |
13 | makeGetRequest, | |
14 | makePostBodyRequest, | |
15 | makePutBodyRequest, | |
16 | makeUploadRequest, | |
17 | MockSmtpServer, | |
18 | PeerTubeServer, | |
19 | setAccessTokensToServers, | |
20 | UsersCommand | |
21 | } from '@shared/extra-utils' | |
22 | import { HttpStatusCode, UserAdminFlag, UserRole, VideoCreateResult } from '@shared/models' | |
23 | ||
24 | describe('Test users API validators', function () { | |
25 | const path = '/api/v1/users/' | |
26 | let userId: number | |
27 | let rootId: number | |
28 | let moderatorId: number | |
29 | let video: VideoCreateResult | |
30 | let server: PeerTubeServer | |
31 | let serverWithRegistrationDisabled: PeerTubeServer | |
32 | let userToken = '' | |
33 | let moderatorToken = '' | |
34 | let emailPort: number | |
35 | let overrideConfig: Object | |
36 | ||
37 | // --------------------------------------------------------------- | |
38 | ||
39 | before(async function () { | |
40 | this.timeout(30000) | |
41 | ||
42 | const emails: object[] = [] | |
43 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | |
44 | ||
45 | overrideConfig = { signup: { limit: 8 } } | |
46 | ||
47 | { | |
48 | const res = await Promise.all([ | |
49 | createSingleServer(1, overrideConfig), | |
50 | createSingleServer(2) | |
51 | ]) | |
52 | ||
53 | server = res[0] | |
54 | serverWithRegistrationDisabled = res[1] | |
55 | ||
56 | await setAccessTokensToServers([ server ]) | |
57 | } | |
58 | ||
59 | { | |
60 | const user = { username: 'user1' } | |
61 | await server.users.create({ ...user }) | |
62 | userToken = await server.login.getAccessToken(user) | |
63 | } | |
64 | ||
65 | { | |
66 | const moderator = { username: 'moderator1' } | |
67 | await server.users.create({ ...moderator, role: UserRole.MODERATOR }) | |
68 | moderatorToken = await server.login.getAccessToken(moderator) | |
69 | } | |
70 | ||
71 | { | |
72 | const moderator = { username: 'moderator2' } | |
73 | await server.users.create({ ...moderator, role: UserRole.MODERATOR }) | |
74 | } | |
75 | ||
76 | { | |
77 | video = await server.videos.upload() | |
78 | } | |
79 | ||
80 | { | |
81 | const { data } = await server.users.list() | |
82 | userId = data.find(u => u.username === 'user1').id | |
83 | rootId = data.find(u => u.username === 'root').id | |
84 | moderatorId = data.find(u => u.username === 'moderator2').id | |
85 | } | |
86 | }) | |
87 | ||
88 | describe('When listing users', function () { | |
89 | it('Should fail with a bad start pagination', async function () { | |
90 | await checkBadStartPagination(server.url, path, server.accessToken) | |
91 | }) | |
92 | ||
93 | it('Should fail with a bad count pagination', async function () { | |
94 | await checkBadCountPagination(server.url, path, server.accessToken) | |
95 | }) | |
96 | ||
97 | it('Should fail with an incorrect sort', async function () { | |
98 | await checkBadSortPagination(server.url, path, server.accessToken) | |
99 | }) | |
100 | ||
101 | it('Should fail with a non authenticated user', async function () { | |
102 | await makeGetRequest({ | |
103 | url: server.url, | |
104 | path, | |
105 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
106 | }) | |
107 | }) | |
108 | ||
109 | it('Should fail with a non admin user', async function () { | |
110 | await makeGetRequest({ | |
111 | url: server.url, | |
112 | path, | |
113 | token: userToken, | |
114 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
115 | }) | |
116 | }) | |
117 | }) | |
118 | ||
119 | describe('When adding a new user', function () { | |
120 | const baseCorrectParams = { | |
121 | username: 'user2', | |
122 | email: 'test@example.com', | |
123 | password: 'my super password', | |
124 | videoQuota: -1, | |
125 | videoQuotaDaily: -1, | |
126 | role: UserRole.USER, | |
127 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | |
128 | } | |
129 | ||
130 | it('Should fail with a too small username', async function () { | |
131 | const fields = { ...baseCorrectParams, username: '' } | |
132 | ||
133 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
134 | }) | |
135 | ||
136 | it('Should fail with a too long username', async function () { | |
137 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | |
138 | ||
139 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
140 | }) | |
141 | ||
142 | it('Should fail with a not lowercase username', async function () { | |
143 | const fields = { ...baseCorrectParams, username: 'Toto' } | |
144 | ||
145 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
146 | }) | |
147 | ||
148 | it('Should fail with an incorrect username', async function () { | |
149 | const fields = { ...baseCorrectParams, username: 'my username' } | |
150 | ||
151 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
152 | }) | |
153 | ||
154 | it('Should fail with a missing email', async function () { | |
155 | const fields = omit(baseCorrectParams, 'email') | |
156 | ||
157 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
158 | }) | |
159 | ||
160 | it('Should fail with an invalid email', async function () { | |
161 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | |
162 | ||
163 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
164 | }) | |
165 | ||
166 | it('Should fail with a too small password', async function () { | |
167 | const fields = { ...baseCorrectParams, password: 'bla' } | |
168 | ||
169 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
170 | }) | |
171 | ||
172 | it('Should fail with a too long password', async function () { | |
173 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | |
174 | ||
175 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
176 | }) | |
177 | ||
178 | it('Should fail with empty password and no smtp configured', async function () { | |
179 | const fields = { ...baseCorrectParams, password: '' } | |
180 | ||
181 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
182 | }) | |
183 | ||
184 | it('Should succeed with no password on a server with smtp enabled', async function () { | |
185 | this.timeout(20000) | |
186 | ||
187 | await killallServers([ server ]) | |
188 | ||
189 | const config = { | |
190 | ...overrideConfig, | |
191 | ||
192 | smtp: { | |
193 | hostname: 'localhost', | |
194 | port: emailPort | |
195 | } | |
196 | } | |
197 | await server.run(config) | |
198 | ||
199 | const fields = { | |
200 | ...baseCorrectParams, | |
201 | ||
202 | password: '', | |
203 | username: 'create_password', | |
204 | email: 'create_password@example.com' | |
205 | } | |
206 | ||
207 | await makePostBodyRequest({ | |
208 | url: server.url, | |
209 | path: path, | |
210 | token: server.accessToken, | |
211 | fields, | |
212 | expectedStatus: HttpStatusCode.OK_200 | |
213 | }) | |
214 | }) | |
215 | ||
216 | it('Should fail with invalid admin flags', async function () { | |
217 | const fields = { ...baseCorrectParams, adminFlags: 'toto' } | |
218 | ||
219 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
220 | }) | |
221 | ||
222 | it('Should fail with an non authenticated user', async function () { | |
223 | await makePostBodyRequest({ | |
224 | url: server.url, | |
225 | path, | |
226 | token: 'super token', | |
227 | fields: baseCorrectParams, | |
228 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
229 | }) | |
230 | }) | |
231 | ||
232 | it('Should fail if we add a user with the same username', async function () { | |
233 | const fields = { ...baseCorrectParams, username: 'user1' } | |
234 | ||
235 | await makePostBodyRequest({ | |
236 | url: server.url, | |
237 | path, | |
238 | token: server.accessToken, | |
239 | fields, | |
240 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
241 | }) | |
242 | }) | |
243 | ||
244 | it('Should fail if we add a user with the same email', async function () { | |
245 | const fields = { ...baseCorrectParams, email: 'user1@example.com' } | |
246 | ||
247 | await makePostBodyRequest({ | |
248 | url: server.url, | |
249 | path, | |
250 | token: server.accessToken, | |
251 | fields, | |
252 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
253 | }) | |
254 | }) | |
255 | ||
256 | it('Should fail without a videoQuota', async function () { | |
257 | const fields = omit(baseCorrectParams, 'videoQuota') | |
258 | ||
259 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
260 | }) | |
261 | ||
262 | it('Should fail without a videoQuotaDaily', async function () { | |
263 | const fields = omit(baseCorrectParams, 'videoQuotaDaily') | |
264 | ||
265 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
266 | }) | |
267 | ||
268 | it('Should fail with an invalid videoQuota', async function () { | |
269 | const fields = { ...baseCorrectParams, videoQuota: -5 } | |
270 | ||
271 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
272 | }) | |
273 | ||
274 | it('Should fail with an invalid videoQuotaDaily', async function () { | |
275 | const fields = { ...baseCorrectParams, videoQuotaDaily: -7 } | |
276 | ||
277 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
278 | }) | |
279 | ||
280 | it('Should fail without a user role', async function () { | |
281 | const fields = omit(baseCorrectParams, 'role') | |
282 | ||
283 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
284 | }) | |
285 | ||
286 | it('Should fail with an invalid user role', async function () { | |
287 | const fields = { ...baseCorrectParams, role: 88989 } | |
288 | ||
289 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
290 | }) | |
291 | ||
292 | it('Should fail with a "peertube" username', async function () { | |
293 | const fields = { ...baseCorrectParams, username: 'peertube' } | |
294 | ||
295 | await makePostBodyRequest({ | |
296 | url: server.url, | |
297 | path, | |
298 | token: server.accessToken, | |
299 | fields, | |
300 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
301 | }) | |
302 | }) | |
303 | ||
304 | it('Should fail to create a moderator or an admin with a moderator', async function () { | |
305 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | |
306 | const fields = { ...baseCorrectParams, role } | |
307 | ||
308 | await makePostBodyRequest({ | |
309 | url: server.url, | |
310 | path, | |
311 | token: moderatorToken, | |
312 | fields, | |
313 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
314 | }) | |
315 | } | |
316 | }) | |
317 | ||
318 | it('Should succeed to create a user with a moderator', async function () { | |
319 | const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER } | |
320 | ||
321 | await makePostBodyRequest({ | |
322 | url: server.url, | |
323 | path, | |
324 | token: moderatorToken, | |
325 | fields, | |
326 | expectedStatus: HttpStatusCode.OK_200 | |
327 | }) | |
328 | }) | |
329 | ||
330 | it('Should succeed with the correct params', async function () { | |
331 | await makePostBodyRequest({ | |
332 | url: server.url, | |
333 | path, | |
334 | token: server.accessToken, | |
335 | fields: baseCorrectParams, | |
336 | expectedStatus: HttpStatusCode.OK_200 | |
337 | }) | |
338 | }) | |
339 | ||
340 | it('Should fail with a non admin user', async function () { | |
341 | const user = { username: 'user1' } | |
342 | userToken = await server.login.getAccessToken(user) | |
343 | ||
344 | const fields = { | |
345 | username: 'user3', | |
346 | email: 'test@example.com', | |
347 | password: 'my super password', | |
348 | videoQuota: 42000000 | |
349 | } | |
350 | await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
351 | }) | |
352 | }) | |
353 | ||
354 | describe('When updating my account', function () { | |
355 | ||
356 | it('Should fail with an invalid email attribute', async function () { | |
357 | const fields = { | |
358 | email: 'blabla' | |
359 | } | |
360 | ||
361 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields }) | |
362 | }) | |
363 | ||
364 | it('Should fail with a too small password', async function () { | |
365 | const fields = { | |
366 | currentPassword: 'password', | |
367 | password: 'bla' | |
368 | } | |
369 | ||
370 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
371 | }) | |
372 | ||
373 | it('Should fail with a too long password', async function () { | |
374 | const fields = { | |
375 | currentPassword: 'password', | |
376 | password: 'super'.repeat(61) | |
377 | } | |
378 | ||
379 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
380 | }) | |
381 | ||
382 | it('Should fail without the current password', async function () { | |
383 | const fields = { | |
384 | currentPassword: 'password', | |
385 | password: 'super'.repeat(61) | |
386 | } | |
387 | ||
388 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
389 | }) | |
390 | ||
391 | it('Should fail with an invalid current password', async function () { | |
392 | const fields = { | |
393 | currentPassword: 'my super password fail', | |
394 | password: 'super'.repeat(61) | |
395 | } | |
396 | ||
397 | await makePutBodyRequest({ | |
398 | url: server.url, | |
399 | path: path + 'me', | |
400 | token: userToken, | |
401 | fields, | |
402 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
403 | }) | |
404 | }) | |
405 | ||
406 | it('Should fail with an invalid NSFW policy attribute', async function () { | |
407 | const fields = { | |
408 | nsfwPolicy: 'hello' | |
409 | } | |
410 | ||
411 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
412 | }) | |
413 | ||
414 | it('Should fail with an invalid autoPlayVideo attribute', async function () { | |
415 | const fields = { | |
416 | autoPlayVideo: -1 | |
417 | } | |
418 | ||
419 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
420 | }) | |
421 | ||
422 | it('Should fail with an invalid autoPlayNextVideo attribute', async function () { | |
423 | const fields = { | |
424 | autoPlayNextVideo: -1 | |
425 | } | |
426 | ||
427 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
428 | }) | |
429 | ||
430 | it('Should fail with an invalid videosHistoryEnabled attribute', async function () { | |
431 | const fields = { | |
432 | videosHistoryEnabled: -1 | |
433 | } | |
434 | ||
435 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
436 | }) | |
437 | ||
438 | it('Should fail with an non authenticated user', async function () { | |
439 | const fields = { | |
440 | currentPassword: 'password', | |
441 | password: 'my super password' | |
442 | } | |
443 | ||
444 | await makePutBodyRequest({ | |
445 | url: server.url, | |
446 | path: path + 'me', | |
447 | token: 'super token', | |
448 | fields, | |
449 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
450 | }) | |
451 | }) | |
452 | ||
453 | it('Should fail with a too long description', async function () { | |
454 | const fields = { | |
455 | description: 'super'.repeat(201) | |
456 | } | |
457 | ||
458 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
459 | }) | |
460 | ||
461 | it('Should fail with an invalid videoLanguages attribute', async function () { | |
462 | { | |
463 | const fields = { | |
464 | videoLanguages: 'toto' | |
465 | } | |
466 | ||
467 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
468 | } | |
469 | ||
470 | { | |
471 | const languages = [] | |
472 | for (let i = 0; i < 1000; i++) { | |
473 | languages.push('fr') | |
474 | } | |
475 | ||
476 | const fields = { | |
477 | videoLanguages: languages | |
478 | } | |
479 | ||
480 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
481 | } | |
482 | }) | |
483 | ||
484 | it('Should fail with an invalid theme', async function () { | |
485 | const fields = { theme: 'invalid' } | |
486 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
487 | }) | |
488 | ||
489 | it('Should fail with an unknown theme', async function () { | |
490 | const fields = { theme: 'peertube-theme-unknown' } | |
491 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
492 | }) | |
493 | ||
494 | it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () { | |
495 | const fields = { | |
496 | noInstanceConfigWarningModal: -1 | |
497 | } | |
498 | ||
499 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
500 | }) | |
501 | ||
502 | it('Should fail with an invalid noWelcomeModal attribute', async function () { | |
503 | const fields = { | |
504 | noWelcomeModal: -1 | |
505 | } | |
506 | ||
507 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | |
508 | }) | |
509 | ||
510 | it('Should succeed to change password with the correct params', async function () { | |
511 | const fields = { | |
512 | currentPassword: 'password', | |
513 | password: 'my super password', | |
514 | nsfwPolicy: 'blur', | |
515 | autoPlayVideo: false, | |
516 | email: 'super_email@example.com', | |
517 | theme: 'default', | |
518 | noInstanceConfigWarningModal: true, | |
519 | noWelcomeModal: true | |
520 | } | |
521 | ||
522 | await makePutBodyRequest({ | |
523 | url: server.url, | |
524 | path: path + 'me', | |
525 | token: userToken, | |
526 | fields, | |
527 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
528 | }) | |
529 | }) | |
530 | ||
531 | it('Should succeed without password change with the correct params', async function () { | |
532 | const fields = { | |
533 | nsfwPolicy: 'blur', | |
534 | autoPlayVideo: false | |
535 | } | |
536 | ||
537 | await makePutBodyRequest({ | |
538 | url: server.url, | |
539 | path: path + 'me', | |
540 | token: userToken, | |
541 | fields, | |
542 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
543 | }) | |
544 | }) | |
545 | }) | |
546 | ||
547 | describe('When updating my avatar', function () { | |
548 | it('Should fail without an incorrect input file', async function () { | |
549 | const fields = {} | |
550 | const attaches = { | |
551 | avatarfile: buildAbsoluteFixturePath('video_short.mp4') | |
552 | } | |
553 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | |
554 | }) | |
555 | ||
556 | it('Should fail with a big file', async function () { | |
557 | const fields = {} | |
558 | const attaches = { | |
559 | avatarfile: buildAbsoluteFixturePath('avatar-big.png') | |
560 | } | |
561 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | |
562 | }) | |
563 | ||
564 | it('Should fail with an unauthenticated user', async function () { | |
565 | const fields = {} | |
566 | const attaches = { | |
567 | avatarfile: buildAbsoluteFixturePath('avatar.png') | |
568 | } | |
569 | await makeUploadRequest({ | |
570 | url: server.url, | |
571 | path: path + '/me/avatar/pick', | |
572 | fields, | |
573 | attaches, | |
574 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
575 | }) | |
576 | }) | |
577 | ||
578 | it('Should succeed with the correct params', async function () { | |
579 | const fields = {} | |
580 | const attaches = { | |
581 | avatarfile: buildAbsoluteFixturePath('avatar.png') | |
582 | } | |
583 | await makeUploadRequest({ | |
584 | url: server.url, | |
585 | path: path + '/me/avatar/pick', | |
586 | token: server.accessToken, | |
587 | fields, | |
588 | attaches, | |
589 | expectedStatus: HttpStatusCode.OK_200 | |
590 | }) | |
591 | }) | |
592 | }) | |
593 | ||
594 | describe('When managing my scoped tokens', function () { | |
595 | ||
596 | it('Should fail to get my scoped tokens with an non authenticated user', async function () { | |
597 | await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
598 | }) | |
599 | ||
600 | it('Should fail to get my scoped tokens with a bad token', async function () { | |
601 | await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
602 | ||
603 | }) | |
604 | ||
605 | it('Should succeed to get my scoped tokens', async function () { | |
606 | await server.users.getMyScopedTokens() | |
607 | }) | |
608 | ||
609 | it('Should fail to renew my scoped tokens with an non authenticated user', async function () { | |
610 | await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
611 | }) | |
612 | ||
613 | it('Should fail to renew my scoped tokens with a bad token', async function () { | |
614 | await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
615 | }) | |
616 | ||
617 | it('Should succeed to renew my scoped tokens', async function () { | |
618 | await server.users.renewMyScopedTokens() | |
619 | }) | |
620 | }) | |
621 | ||
622 | describe('When getting a user', function () { | |
623 | ||
624 | it('Should fail with an non authenticated user', async function () { | |
625 | await makeGetRequest({ | |
626 | url: server.url, | |
627 | path: path + userId, | |
628 | token: 'super token', | |
629 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
630 | }) | |
631 | }) | |
632 | ||
633 | it('Should fail with a non admin user', async function () { | |
634 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
635 | }) | |
636 | ||
637 | it('Should succeed with the correct params', async function () { | |
638 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | |
639 | }) | |
640 | }) | |
641 | ||
642 | describe('When updating a user', function () { | |
643 | ||
644 | it('Should fail with an invalid email attribute', async function () { | |
645 | const fields = { | |
646 | email: 'blabla' | |
647 | } | |
648 | ||
649 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
650 | }) | |
651 | ||
652 | it('Should fail with an invalid emailVerified attribute', async function () { | |
653 | const fields = { | |
654 | emailVerified: 'yes' | |
655 | } | |
656 | ||
657 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
658 | }) | |
659 | ||
660 | it('Should fail with an invalid videoQuota attribute', async function () { | |
661 | const fields = { | |
662 | videoQuota: -90 | |
663 | } | |
664 | ||
665 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
666 | }) | |
667 | ||
668 | it('Should fail with an invalid user role attribute', async function () { | |
669 | const fields = { | |
670 | role: 54878 | |
671 | } | |
672 | ||
673 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
674 | }) | |
675 | ||
676 | it('Should fail with a too small password', async function () { | |
677 | const fields = { | |
678 | currentPassword: 'password', | |
679 | password: 'bla' | |
680 | } | |
681 | ||
682 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
683 | }) | |
684 | ||
685 | it('Should fail with a too long password', async function () { | |
686 | const fields = { | |
687 | currentPassword: 'password', | |
688 | password: 'super'.repeat(61) | |
689 | } | |
690 | ||
691 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | |
692 | }) | |
693 | ||
694 | it('Should fail with an non authenticated user', async function () { | |
695 | const fields = { | |
696 | videoQuota: 42 | |
697 | } | |
698 | ||
699 | await makePutBodyRequest({ | |
700 | url: server.url, | |
701 | path: path + userId, | |
702 | token: 'super token', | |
703 | fields, | |
704 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
705 | }) | |
706 | }) | |
707 | ||
708 | it('Should fail when updating root role', async function () { | |
709 | const fields = { | |
710 | role: UserRole.MODERATOR | |
711 | } | |
712 | ||
713 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | |
714 | }) | |
715 | ||
716 | it('Should fail with invalid admin flags', async function () { | |
717 | const fields = { adminFlags: 'toto' } | |
718 | ||
719 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
720 | }) | |
721 | ||
722 | it('Should fail to update an admin with a moderator', async function () { | |
723 | const fields = { | |
724 | videoQuota: 42 | |
725 | } | |
726 | ||
727 | await makePutBodyRequest({ | |
728 | url: server.url, | |
729 | path: path + moderatorId, | |
730 | token: moderatorToken, | |
731 | fields, | |
732 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
733 | }) | |
734 | }) | |
735 | ||
736 | it('Should succeed to update a user with a moderator', async function () { | |
737 | const fields = { | |
738 | videoQuota: 42 | |
739 | } | |
740 | ||
741 | await makePutBodyRequest({ | |
742 | url: server.url, | |
743 | path: path + userId, | |
744 | token: moderatorToken, | |
745 | fields, | |
746 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
747 | }) | |
748 | }) | |
749 | ||
750 | it('Should succeed with the correct params', async function () { | |
751 | const fields = { | |
752 | email: 'email@example.com', | |
753 | emailVerified: true, | |
754 | videoQuota: 42, | |
755 | role: UserRole.USER | |
756 | } | |
757 | ||
758 | await makePutBodyRequest({ | |
759 | url: server.url, | |
760 | path: path + userId, | |
761 | token: server.accessToken, | |
762 | fields, | |
763 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
764 | }) | |
765 | }) | |
766 | }) | |
767 | ||
768 | describe('When getting my information', function () { | |
769 | it('Should fail with a non authenticated user', async function () { | |
770 | await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
771 | }) | |
772 | ||
773 | it('Should success with the correct parameters', async function () { | |
774 | await server.users.getMyInfo({ token: userToken }) | |
775 | }) | |
776 | }) | |
777 | ||
778 | describe('When getting my video rating', function () { | |
779 | let command: UsersCommand | |
780 | ||
781 | before(function () { | |
782 | command = server.users | |
783 | }) | |
784 | ||
785 | it('Should fail with a non authenticated user', async function () { | |
786 | await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
787 | }) | |
788 | ||
789 | it('Should fail with an incorrect video uuid', async function () { | |
790 | await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
791 | }) | |
792 | ||
793 | it('Should fail with an unknown video', async function () { | |
794 | await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 }) | |
795 | }) | |
796 | ||
797 | it('Should succeed with the correct parameters', async function () { | |
798 | await command.getMyRating({ videoId: video.id }) | |
799 | await command.getMyRating({ videoId: video.uuid }) | |
800 | await command.getMyRating({ videoId: video.shortUUID }) | |
801 | }) | |
802 | }) | |
803 | ||
804 | describe('When retrieving my global ratings', function () { | |
805 | const path = '/api/v1/accounts/user1/ratings' | |
806 | ||
807 | it('Should fail with a bad start pagination', async function () { | |
808 | await checkBadStartPagination(server.url, path, userToken) | |
809 | }) | |
810 | ||
811 | it('Should fail with a bad count pagination', async function () { | |
812 | await checkBadCountPagination(server.url, path, userToken) | |
813 | }) | |
814 | ||
815 | it('Should fail with an incorrect sort', async function () { | |
816 | await checkBadSortPagination(server.url, path, userToken) | |
817 | }) | |
818 | ||
819 | it('Should fail with a unauthenticated user', async function () { | |
820 | await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
821 | }) | |
822 | ||
823 | it('Should fail with a another user', async function () { | |
824 | await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
825 | }) | |
826 | ||
827 | it('Should fail with a bad type', async function () { | |
828 | await makeGetRequest({ | |
829 | url: server.url, | |
830 | path, | |
831 | token: userToken, | |
832 | query: { rating: 'toto ' }, | |
833 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
834 | }) | |
835 | }) | |
836 | ||
837 | it('Should succeed with the correct params', async function () { | |
838 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 }) | |
839 | }) | |
840 | }) | |
841 | ||
842 | describe('When blocking/unblocking/removing user', function () { | |
843 | ||
844 | it('Should fail with an incorrect id', async function () { | |
845 | const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 } | |
846 | ||
847 | await server.users.remove(options) | |
848 | await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
849 | await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
850 | }) | |
851 | ||
852 | it('Should fail with the root user', async function () { | |
853 | const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 } | |
854 | ||
855 | await server.users.remove(options) | |
856 | await server.users.banUser(options) | |
857 | await server.users.unbanUser(options) | |
858 | }) | |
859 | ||
860 | it('Should return 404 with a non existing id', async function () { | |
861 | const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 } | |
862 | ||
863 | await server.users.remove(options) | |
864 | await server.users.banUser(options) | |
865 | await server.users.unbanUser(options) | |
866 | }) | |
867 | ||
868 | it('Should fail with a non admin user', async function () { | |
869 | const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 } | |
870 | ||
871 | await server.users.remove(options) | |
872 | await server.users.banUser(options) | |
873 | await server.users.unbanUser(options) | |
874 | }) | |
875 | ||
876 | it('Should fail on a moderator with a moderator', async function () { | |
877 | const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 } | |
878 | ||
879 | await server.users.remove(options) | |
880 | await server.users.banUser(options) | |
881 | await server.users.unbanUser(options) | |
882 | }) | |
883 | ||
884 | it('Should succeed on a user with a moderator', async function () { | |
885 | const options = { userId, token: moderatorToken } | |
886 | ||
887 | await server.users.banUser(options) | |
888 | await server.users.unbanUser(options) | |
889 | }) | |
890 | }) | |
891 | ||
892 | describe('When deleting our account', function () { | |
893 | it('Should fail with with the root account', async function () { | |
894 | await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
895 | }) | |
896 | }) | |
897 | ||
898 | describe('When registering a new user', function () { | |
899 | const registrationPath = path + '/register' | |
900 | const baseCorrectParams = { | |
901 | username: 'user3', | |
902 | displayName: 'super user', | |
903 | email: 'test3@example.com', | |
904 | password: 'my super password' | |
905 | } | |
906 | ||
907 | it('Should fail with a too small username', async function () { | |
908 | const fields = { ...baseCorrectParams, username: '' } | |
909 | ||
910 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
911 | }) | |
912 | ||
913 | it('Should fail with a too long username', async function () { | |
914 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | |
915 | ||
916 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
917 | }) | |
918 | ||
919 | it('Should fail with an incorrect username', async function () { | |
920 | const fields = { ...baseCorrectParams, username: 'my username' } | |
921 | ||
922 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
923 | }) | |
924 | ||
925 | it('Should fail with a missing email', async function () { | |
926 | const fields = omit(baseCorrectParams, 'email') | |
927 | ||
928 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
929 | }) | |
930 | ||
931 | it('Should fail with an invalid email', async function () { | |
932 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | |
933 | ||
934 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
935 | }) | |
936 | ||
937 | it('Should fail with a too small password', async function () { | |
938 | const fields = { ...baseCorrectParams, password: 'bla' } | |
939 | ||
940 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
941 | }) | |
942 | ||
943 | it('Should fail with a too long password', async function () { | |
944 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | |
945 | ||
946 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
947 | }) | |
948 | ||
949 | it('Should fail if we register a user with the same username', async function () { | |
950 | const fields = { ...baseCorrectParams, username: 'root' } | |
951 | ||
952 | await makePostBodyRequest({ | |
953 | url: server.url, | |
954 | path: registrationPath, | |
955 | token: server.accessToken, | |
956 | fields, | |
957 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
958 | }) | |
959 | }) | |
960 | ||
961 | it('Should fail with a "peertube" username', async function () { | |
962 | const fields = { ...baseCorrectParams, username: 'peertube' } | |
963 | ||
964 | await makePostBodyRequest({ | |
965 | url: server.url, | |
966 | path: registrationPath, | |
967 | token: server.accessToken, | |
968 | fields, | |
969 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
970 | }) | |
971 | }) | |
972 | ||
973 | it('Should fail if we register a user with the same email', async function () { | |
974 | const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' } | |
975 | ||
976 | await makePostBodyRequest({ | |
977 | url: server.url, | |
978 | path: registrationPath, | |
979 | token: server.accessToken, | |
980 | fields, | |
981 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
982 | }) | |
983 | }) | |
984 | ||
985 | it('Should fail with a bad display name', async function () { | |
986 | const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) } | |
987 | ||
988 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
989 | }) | |
990 | ||
991 | it('Should fail with a bad channel name', async function () { | |
992 | const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } } | |
993 | ||
994 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
995 | }) | |
996 | ||
997 | it('Should fail with a bad channel display name', async function () { | |
998 | const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } } | |
999 | ||
1000 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1001 | }) | |
1002 | ||
1003 | it('Should fail with a channel name that is the same as username', async function () { | |
1004 | const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } } | |
1005 | const fields = { ...baseCorrectParams, ...source } | |
1006 | ||
1007 | await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) | |
1008 | }) | |
1009 | ||
1010 | it('Should fail with an existing channel', async function () { | |
1011 | const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' } | |
1012 | await server.channels.create({ attributes }) | |
1013 | ||
1014 | const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } } | |
1015 | ||
1016 | await makePostBodyRequest({ | |
1017 | url: server.url, | |
1018 | path: registrationPath, | |
1019 | token: server.accessToken, | |
1020 | fields, | |
1021 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
1022 | }) | |
1023 | }) | |
1024 | ||
1025 | it('Should succeed with the correct params', async function () { | |
1026 | const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } } | |
1027 | ||
1028 | await makePostBodyRequest({ | |
1029 | url: server.url, | |
1030 | path: registrationPath, | |
1031 | token: server.accessToken, | |
1032 | fields: fields, | |
1033 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
1034 | }) | |
1035 | }) | |
1036 | ||
1037 | it('Should fail on a server with registration disabled', async function () { | |
1038 | const fields = { | |
1039 | username: 'user4', | |
1040 | email: 'test4@example.com', | |
1041 | password: 'my super password 4' | |
1042 | } | |
1043 | ||
1044 | await makePostBodyRequest({ | |
1045 | url: serverWithRegistrationDisabled.url, | |
1046 | path: registrationPath, | |
1047 | token: serverWithRegistrationDisabled.accessToken, | |
1048 | fields, | |
1049 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
1050 | }) | |
1051 | }) | |
1052 | }) | |
1053 | ||
1054 | describe('When registering multiple users on a server with users limit', function () { | |
1055 | it('Should fail when after 3 registrations', async function () { | |
1056 | await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
1057 | }) | |
1058 | }) | |
1059 | ||
1060 | describe('When asking a password reset', function () { | |
1061 | const path = '/api/v1/users/ask-reset-password' | |
1062 | ||
1063 | it('Should fail with a missing email', async function () { | |
1064 | const fields = {} | |
1065 | ||
1066 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1067 | }) | |
1068 | ||
1069 | it('Should fail with an invalid email', async function () { | |
1070 | const fields = { email: 'hello' } | |
1071 | ||
1072 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1073 | }) | |
1074 | ||
1075 | it('Should success with the correct params', async function () { | |
1076 | const fields = { email: 'admin@example.com' } | |
1077 | ||
1078 | await makePostBodyRequest({ | |
1079 | url: server.url, | |
1080 | path, | |
1081 | token: server.accessToken, | |
1082 | fields, | |
1083 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
1084 | }) | |
1085 | }) | |
1086 | }) | |
1087 | ||
1088 | describe('When asking for an account verification email', function () { | |
1089 | const path = '/api/v1/users/ask-send-verify-email' | |
1090 | ||
1091 | it('Should fail with a missing email', async function () { | |
1092 | const fields = {} | |
1093 | ||
1094 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1095 | }) | |
1096 | ||
1097 | it('Should fail with an invalid email', async function () { | |
1098 | const fields = { email: 'hello' } | |
1099 | ||
1100 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | |
1101 | }) | |
1102 | ||
1103 | it('Should succeed with the correct params', async function () { | |
1104 | const fields = { email: 'admin@example.com' } | |
1105 | ||
1106 | await makePostBodyRequest({ | |
1107 | url: server.url, | |
1108 | path, | |
1109 | token: server.accessToken, | |
1110 | fields, | |
1111 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
1112 | }) | |
1113 | }) | |
1114 | }) | |
1115 | ||
1116 | after(async function () { | |
1117 | MockSmtpServer.Instance.kill() | |
1118 | ||
1119 | await cleanupTests([ server, serverWithRegistrationDisabled ]) | |
1120 | }) | |
1121 | }) |