server/tests/api/check-params/my-user.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination, MockSmtpServer } from '@server/tests/shared'
   4 import { buildAbsoluteFixturePath } from '@shared/core-utils'
   5 import { HttpStatusCode, UserRole, VideoCreateResult } from '@shared/models'
   6 import {
   7   cleanupTests,
   8   createSingleServer,
   9   makeGetRequest,
  10   makePutBodyRequest,
  11   makeUploadRequest,
  12   PeerTubeServer,
  13   setAccessTokensToServers,
  14   UsersCommand
  15 } from '@shared/server-commands'
  16
  17 describe('Test my user API validators', function () {
  18   const path = '/api/v1/users/'
  19   let userId: number
  20   let rootId: number
  21   let moderatorId: number
  22   let video: VideoCreateResult
  23   let server: PeerTubeServer
  24   let userToken = ''
  25   let moderatorToken = ''
  26
  27   // ---------------------------------------------------------------
  28
  29   before(async function () {
  30     this.timeout(30000)
  31
  32     {
  33       server = await createSingleServer(1)
  34       await setAccessTokensToServers([ server ])
  35     }
  36
  37     {
  38       const result = await server.users.generate('user1')
  39       userToken = result.token
  40       userId = result.userId
  41     }
  42
  43     {
  44       const result = await server.users.generate('moderator1', UserRole.MODERATOR)
  45       moderatorToken = result.token
  46     }
  47
  48     {
  49       const result = await server.users.generate('moderator2', UserRole.MODERATOR)
  50       moderatorId = result.userId
  51     }
  52
  53     {
  54       video = await server.videos.upload()
  55     }
  56   })
  57
  58   describe('When updating my account', function () {
  59
  60     it('Should fail with an invalid email attribute', async function () {
  61       const fields = {
  62         email: 'blabla'
  63       }
  64
  65       await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
  66     })
  67
  68     it('Should fail with a too small password', async function () {
  69       const fields = {
  70         currentPassword: 'password',
  71         password: 'bla'
  72       }
  73
  74       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
  75     })
  76
  77     it('Should fail with a too long password', async function () {
  78       const fields = {
  79         currentPassword: 'password',
  80         password: 'super'.repeat(61)
  81       }
  82
  83       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
  84     })
  85
  86     it('Should fail without the current password', async function () {
  87       const fields = {
  88         currentPassword: 'password',
  89         password: 'super'.repeat(61)
  90       }
  91
  92       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
  93     })
  94
  95     it('Should fail with an invalid current password', async function () {
  96       const fields = {
  97         currentPassword: 'my super password fail',
  98         password: 'super'.repeat(61)
  99       }
 100
 101       await makePutBodyRequest({
 102         url: server.url,
 103         path: path + 'me',
 104         token: userToken,
 105         fields,
 106         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 107       })
 108     })
 109
 110     it('Should fail with an invalid NSFW policy attribute', async function () {
 111       const fields = {
 112         nsfwPolicy: 'hello'
 113       }
 114
 115       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 116     })
 117
 118     it('Should fail with an invalid autoPlayVideo attribute', async function () {
 119       const fields = {
 120         autoPlayVideo: -1
 121       }
 122
 123       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 124     })
 125
 126     it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
 127       const fields = {
 128         autoPlayNextVideo: -1
 129       }
 130
 131       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 132     })
 133
 134     it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
 135       const fields = {
 136         videosHistoryEnabled: -1
 137       }
 138
 139       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 140     })
 141
 142     it('Should fail with an non authenticated user', async function () {
 143       const fields = {
 144         currentPassword: 'password',
 145         password: 'my super password'
 146       }
 147
 148       await makePutBodyRequest({
 149         url: server.url,
 150         path: path + 'me',
 151         token: 'super token',
 152         fields,
 153         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 154       })
 155     })
 156
 157     it('Should fail with a too long description', async function () {
 158       const fields = {
 159         description: 'super'.repeat(201)
 160       }
 161
 162       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 163     })
 164
 165     it('Should fail with an invalid videoLanguages attribute', async function () {
 166       {
 167         const fields = {
 168           videoLanguages: 'toto'
 169         }
 170
 171         await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 172       }
 173
 174       {
 175         const languages = []
 176         for (let i = 0; i < 1000; i++) {
 177           languages.push('fr')
 178         }
 179
 180         const fields = {
 181           videoLanguages: languages
 182         }
 183
 184         await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 185       }
 186     })
 187
 188     it('Should fail with an invalid theme', async function () {
 189       const fields = { theme: 'invalid' }
 190       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 191     })
 192
 193     it('Should fail with an unknown theme', async function () {
 194       const fields = { theme: 'peertube-theme-unknown' }
 195       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 196     })
 197
 198     it('Should fail with invalid no modal attributes', async function () {
 199       const keys = [
 200         'noInstanceConfigWarningModal',
 201         'noAccountSetupWarningModal',
 202         'noWelcomeModal'
 203       ]
 204
 205       for (const key of keys) {
 206         const fields = {
 207           [key]: -1
 208         }
 209
 210         await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 211       }
 212     })
 213
 214     it('Should succeed to change password with the correct params', async function () {
 215       const fields = {
 216         currentPassword: 'password',
 217         password: 'my super password',
 218         nsfwPolicy: 'blur',
 219         autoPlayVideo: false,
 220         email: 'super_email@example.com',
 221         theme: 'default',
 222         noInstanceConfigWarningModal: true,
 223         noWelcomeModal: true,
 224         noAccountSetupWarningModal: true
 225       }
 226
 227       await makePutBodyRequest({
 228         url: server.url,
 229         path: path + 'me',
 230         token: userToken,
 231         fields,
 232         expectedStatus: HttpStatusCode.NO_CONTENT_204
 233       })
 234     })
 235
 236     it('Should succeed without password change with the correct params', async function () {
 237       const fields = {
 238         nsfwPolicy: 'blur',
 239         autoPlayVideo: false
 240       }
 241
 242       await makePutBodyRequest({
 243         url: server.url,
 244         path: path + 'me',
 245         token: userToken,
 246         fields,
 247         expectedStatus: HttpStatusCode.NO_CONTENT_204
 248       })
 249     })
 250   })
 251
 252   describe('When updating my avatar', function () {
 253     it('Should fail without an incorrect input file', async function () {
 254       const fields = {}
 255       const attaches = {
 256         avatarfile: buildAbsoluteFixturePath('video_short.mp4')
 257       }
 258       await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
 259     })
 260
 261     it('Should fail with a big file', async function () {
 262       const fields = {}
 263       const attaches = {
 264         avatarfile: buildAbsoluteFixturePath('avatar-big.png')
 265       }
 266       await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
 267     })
 268
 269     it('Should fail with an unauthenticated user', async function () {
 270       const fields = {}
 271       const attaches = {
 272         avatarfile: buildAbsoluteFixturePath('avatar.png')
 273       }
 274       await makeUploadRequest({
 275         url: server.url,
 276         path: path + '/me/avatar/pick',
 277         fields,
 278         attaches,
 279         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 280       })
 281     })
 282
 283     it('Should succeed with the correct params', async function () {
 284       const fields = {}
 285       const attaches = {
 286         avatarfile: buildAbsoluteFixturePath('avatar.png')
 287       }
 288       await makeUploadRequest({
 289         url: server.url,
 290         path: path + '/me/avatar/pick',
 291         token: server.accessToken,
 292         fields,
 293         attaches,
 294         expectedStatus: HttpStatusCode.OK_200
 295       })
 296     })
 297   })
 298
 299   describe('When managing my scoped tokens', function () {
 300
 301     it('Should fail to get my scoped tokens with an non authenticated user', async function () {
 302       await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 303     })
 304
 305     it('Should fail to get my scoped tokens with a bad token', async function () {
 306       await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 307
 308     })
 309
 310     it('Should succeed to get my scoped tokens', async function () {
 311       await server.users.getMyScopedTokens()
 312     })
 313
 314     it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
 315       await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 316     })
 317
 318     it('Should fail to renew my scoped tokens with a bad token', async function () {
 319       await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 320     })
 321
 322     it('Should succeed to renew my scoped tokens', async function () {
 323       await server.users.renewMyScopedTokens()
 324     })
 325   })
 326
 327   describe('When getting my information', function () {
 328     it('Should fail with a non authenticated user', async function () {
 329       await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 330     })
 331
 332     it('Should success with the correct parameters', async function () {
 333       await server.users.getMyInfo({ token: userToken })
 334     })
 335   })
 336
 337   describe('When getting my video rating', function () {
 338     let command: UsersCommand
 339
 340     before(function () {
 341       command = server.users
 342     })
 343
 344     it('Should fail with a non authenticated user', async function () {
 345       await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 346     })
 347
 348     it('Should fail with an incorrect video uuid', async function () {
 349       await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 350     })
 351
 352     it('Should fail with an unknown video', async function () {
 353       await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 354     })
 355
 356     it('Should succeed with the correct parameters', async function () {
 357       await command.getMyRating({ videoId: video.id })
 358       await command.getMyRating({ videoId: video.uuid })
 359       await command.getMyRating({ videoId: video.shortUUID })
 360     })
 361   })
 362
 363   describe('When retrieving my global ratings', function () {
 364     const path = '/api/v1/accounts/user1/ratings'
 365
 366     it('Should fail with a bad start pagination', async function () {
 367       await checkBadStartPagination(server.url, path, userToken)
 368     })
 369
 370     it('Should fail with a bad count pagination', async function () {
 371       await checkBadCountPagination(server.url, path, userToken)
 372     })
 373
 374     it('Should fail with an incorrect sort', async function () {
 375       await checkBadSortPagination(server.url, path, userToken)
 376     })
 377
 378     it('Should fail with a unauthenticated user', async function () {
 379       await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 380     })
 381
 382     it('Should fail with a another user', async function () {
 383       await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 384     })
 385
 386     it('Should fail with a bad type', async function () {
 387       await makeGetRequest({
 388         url: server.url,
 389         path,
 390         token: userToken,
 391         query: { rating: 'toto ' },
 392         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 393       })
 394     })
 395
 396     it('Should succeed with the correct params', async function () {
 397       await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 })
 398     })
 399   })
 400
 401   describe('When getting my global followers', function () {
 402     const path = '/api/v1/accounts/user1/followers'
 403
 404     it('Should fail with a bad start pagination', async function () {
 405       await checkBadStartPagination(server.url, path, userToken)
 406     })
 407
 408     it('Should fail with a bad count pagination', async function () {
 409       await checkBadCountPagination(server.url, path, userToken)
 410     })
 411
 412     it('Should fail with an incorrect sort', async function () {
 413       await checkBadSortPagination(server.url, path, userToken)
 414     })
 415
 416     it('Should fail with a unauthenticated user', async function () {
 417       await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 418     })
 419
 420     it('Should fail with a another user', async function () {
 421       await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 422     })
 423
 424     it('Should succeed with the correct params', async function () {
 425       await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 })
 426     })
 427   })
 428
 429   describe('When blocking/unblocking/removing user', function () {
 430
 431     it('Should fail with an incorrect id', async function () {
 432       const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
 433
 434       await server.users.remove(options)
 435       await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 436       await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 437     })
 438
 439     it('Should fail with the root user', async function () {
 440       const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
 441
 442       await server.users.remove(options)
 443       await server.users.banUser(options)
 444       await server.users.unbanUser(options)
 445     })
 446
 447     it('Should return 404 with a non existing id', async function () {
 448       const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 }
 449
 450       await server.users.remove(options)
 451       await server.users.banUser(options)
 452       await server.users.unbanUser(options)
 453     })
 454
 455     it('Should fail with a non admin user', async function () {
 456       const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
 457
 458       await server.users.remove(options)
 459       await server.users.banUser(options)
 460       await server.users.unbanUser(options)
 461     })
 462
 463     it('Should fail on a moderator with a moderator', async function () {
 464       const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
 465
 466       await server.users.remove(options)
 467       await server.users.banUser(options)
 468       await server.users.unbanUser(options)
 469     })
 470
 471     it('Should succeed on a user with a moderator', async function () {
 472       const options = { userId, token: moderatorToken }
 473
 474       await server.users.banUser(options)
 475       await server.users.unbanUser(options)
 476     })
 477   })
 478
 479   describe('When deleting our account', function () {
 480
 481     it('Should fail with with the root account', async function () {
 482       await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 483     })
 484   })
 485
 486   after(async function () {
 487     MockSmtpServer.Instance.kill()
 488
 489     await cleanupTests([ server ])
 490   })
 491 })