server/tests/api/check-params/my-user.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination, MockSmtpServer } from '@server/tests/shared'
   5 import { buildAbsoluteFixturePath } from '@shared/core-utils'
   6 import { HttpStatusCode, UserRole, VideoCreateResult } from '@shared/models'
   7 import {
   8   cleanupTests,
   9   createSingleServer,
  10   makeGetRequest,
  11   makePutBodyRequest,
  12   makeUploadRequest,
  13   PeerTubeServer,
  14   setAccessTokensToServers,
  15   UsersCommand
  16 } from '@shared/server-commands'
  17
  18 describe('Test my user API validators', function () {
  19   const path = '/api/v1/users/'
  20   let userId: number
  21   let rootId: number
  22   let moderatorId: number
  23   let video: VideoCreateResult
  24   let server: PeerTubeServer
  25   let userToken = ''
  26   let moderatorToken = ''
  27
  28   // ---------------------------------------------------------------
  29
  30   before(async function () {
  31     this.timeout(30000)
  32
  33     {
  34       server = await createSingleServer(1)
  35       await setAccessTokensToServers([ server ])
  36     }
  37
  38     {
  39       const result = await server.users.generate('user1')
  40       userToken = result.token
  41       userId = result.userId
  42     }
  43
  44     {
  45       const result = await server.users.generate('moderator1', UserRole.MODERATOR)
  46       moderatorToken = result.token
  47     }
  48
  49     {
  50       const result = await server.users.generate('moderator2', UserRole.MODERATOR)
  51       moderatorId = result.userId
  52     }
  53
  54     {
  55       video = await server.videos.upload()
  56     }
  57   })
  58
  59   describe('When updating my account', function () {
  60
  61     it('Should fail with an invalid email attribute', async function () {
  62       const fields = {
  63         email: 'blabla'
  64       }
  65
  66       await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
  67     })
  68
  69     it('Should fail with a too small password', async function () {
  70       const fields = {
  71         currentPassword: 'password',
  72         password: 'bla'
  73       }
  74
  75       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
  76     })
  77
  78     it('Should fail with a too long password', async function () {
  79       const fields = {
  80         currentPassword: 'password',
  81         password: 'super'.repeat(61)
  82       }
  83
  84       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
  85     })
  86
  87     it('Should fail without the current password', async function () {
  88       const fields = {
  89         currentPassword: 'password',
  90         password: 'super'.repeat(61)
  91       }
  92
  93       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
  94     })
  95
  96     it('Should fail with an invalid current password', async function () {
  97       const fields = {
  98         currentPassword: 'my super password fail',
  99         password: 'super'.repeat(61)
 100       }
 101
 102       await makePutBodyRequest({
 103         url: server.url,
 104         path: path + 'me',
 105         token: userToken,
 106         fields,
 107         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 108       })
 109     })
 110
 111     it('Should fail with an invalid NSFW policy attribute', async function () {
 112       const fields = {
 113         nsfwPolicy: 'hello'
 114       }
 115
 116       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 117     })
 118
 119     it('Should fail with an invalid autoPlayVideo attribute', async function () {
 120       const fields = {
 121         autoPlayVideo: -1
 122       }
 123
 124       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 125     })
 126
 127     it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
 128       const fields = {
 129         autoPlayNextVideo: -1
 130       }
 131
 132       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 133     })
 134
 135     it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
 136       const fields = {
 137         videosHistoryEnabled: -1
 138       }
 139
 140       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 141     })
 142
 143     it('Should fail with an non authenticated user', async function () {
 144       const fields = {
 145         currentPassword: 'password',
 146         password: 'my super password'
 147       }
 148
 149       await makePutBodyRequest({
 150         url: server.url,
 151         path: path + 'me',
 152         token: 'super token',
 153         fields,
 154         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 155       })
 156     })
 157
 158     it('Should fail with a too long description', async function () {
 159       const fields = {
 160         description: 'super'.repeat(201)
 161       }
 162
 163       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 164     })
 165
 166     it('Should fail with an invalid videoLanguages attribute', async function () {
 167       {
 168         const fields = {
 169           videoLanguages: 'toto'
 170         }
 171
 172         await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 173       }
 174
 175       {
 176         const languages = []
 177         for (let i = 0; i < 1000; i++) {
 178           languages.push('fr')
 179         }
 180
 181         const fields = {
 182           videoLanguages: languages
 183         }
 184
 185         await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 186       }
 187     })
 188
 189     it('Should fail with an invalid theme', async function () {
 190       const fields = { theme: 'invalid' }
 191       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 192     })
 193
 194     it('Should fail with an unknown theme', async function () {
 195       const fields = { theme: 'peertube-theme-unknown' }
 196       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 197     })
 198
 199     it('Should fail with invalid no modal attributes', async function () {
 200       const keys = [
 201         'noInstanceConfigWarningModal',
 202         'noAccountSetupWarningModal',
 203         'noWelcomeModal'
 204       ]
 205
 206       for (const key of keys) {
 207         const fields = {
 208           [key]: -1
 209         }
 210
 211         await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 212       }
 213     })
 214
 215     it('Should succeed to change password with the correct params', async function () {
 216       const fields = {
 217         currentPassword: 'password',
 218         password: 'my super password',
 219         nsfwPolicy: 'blur',
 220         autoPlayVideo: false,
 221         email: 'super_email@example.com',
 222         theme: 'default',
 223         noInstanceConfigWarningModal: true,
 224         noWelcomeModal: true,
 225         noAccountSetupWarningModal: true
 226       }
 227
 228       await makePutBodyRequest({
 229         url: server.url,
 230         path: path + 'me',
 231         token: userToken,
 232         fields,
 233         expectedStatus: HttpStatusCode.NO_CONTENT_204
 234       })
 235     })
 236
 237     it('Should succeed without password change with the correct params', async function () {
 238       const fields = {
 239         nsfwPolicy: 'blur',
 240         autoPlayVideo: false
 241       }
 242
 243       await makePutBodyRequest({
 244         url: server.url,
 245         path: path + 'me',
 246         token: userToken,
 247         fields,
 248         expectedStatus: HttpStatusCode.NO_CONTENT_204
 249       })
 250     })
 251   })
 252
 253   describe('When updating my avatar', function () {
 254     it('Should fail without an incorrect input file', async function () {
 255       const fields = {}
 256       const attaches = {
 257         avatarfile: buildAbsoluteFixturePath('video_short.mp4')
 258       }
 259       await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
 260     })
 261
 262     it('Should fail with a big file', async function () {
 263       const fields = {}
 264       const attaches = {
 265         avatarfile: buildAbsoluteFixturePath('avatar-big.png')
 266       }
 267       await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
 268     })
 269
 270     it('Should fail with an unauthenticated user', async function () {
 271       const fields = {}
 272       const attaches = {
 273         avatarfile: buildAbsoluteFixturePath('avatar.png')
 274       }
 275       await makeUploadRequest({
 276         url: server.url,
 277         path: path + '/me/avatar/pick',
 278         fields,
 279         attaches,
 280         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 281       })
 282     })
 283
 284     it('Should succeed with the correct params', async function () {
 285       const fields = {}
 286       const attaches = {
 287         avatarfile: buildAbsoluteFixturePath('avatar.png')
 288       }
 289       await makeUploadRequest({
 290         url: server.url,
 291         path: path + '/me/avatar/pick',
 292         token: server.accessToken,
 293         fields,
 294         attaches,
 295         expectedStatus: HttpStatusCode.OK_200
 296       })
 297     })
 298   })
 299
 300   describe('When managing my scoped tokens', function () {
 301
 302     it('Should fail to get my scoped tokens with an non authenticated user', async function () {
 303       await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 304     })
 305
 306     it('Should fail to get my scoped tokens with a bad token', async function () {
 307       await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 308
 309     })
 310
 311     it('Should succeed to get my scoped tokens', async function () {
 312       await server.users.getMyScopedTokens()
 313     })
 314
 315     it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
 316       await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 317     })
 318
 319     it('Should fail to renew my scoped tokens with a bad token', async function () {
 320       await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 321     })
 322
 323     it('Should succeed to renew my scoped tokens', async function () {
 324       await server.users.renewMyScopedTokens()
 325     })
 326   })
 327
 328   describe('When getting my information', function () {
 329     it('Should fail with a non authenticated user', async function () {
 330       await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 331     })
 332
 333     it('Should success with the correct parameters', async function () {
 334       await server.users.getMyInfo({ token: userToken })
 335     })
 336   })
 337
 338   describe('When getting my video rating', function () {
 339     let command: UsersCommand
 340
 341     before(function () {
 342       command = server.users
 343     })
 344
 345     it('Should fail with a non authenticated user', async function () {
 346       await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 347     })
 348
 349     it('Should fail with an incorrect video uuid', async function () {
 350       await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 351     })
 352
 353     it('Should fail with an unknown video', async function () {
 354       await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 355     })
 356
 357     it('Should succeed with the correct parameters', async function () {
 358       await command.getMyRating({ videoId: video.id })
 359       await command.getMyRating({ videoId: video.uuid })
 360       await command.getMyRating({ videoId: video.shortUUID })
 361     })
 362   })
 363
 364   describe('When retrieving my global ratings', function () {
 365     const path = '/api/v1/accounts/user1/ratings'
 366
 367     it('Should fail with a bad start pagination', async function () {
 368       await checkBadStartPagination(server.url, path, userToken)
 369     })
 370
 371     it('Should fail with a bad count pagination', async function () {
 372       await checkBadCountPagination(server.url, path, userToken)
 373     })
 374
 375     it('Should fail with an incorrect sort', async function () {
 376       await checkBadSortPagination(server.url, path, userToken)
 377     })
 378
 379     it('Should fail with a unauthenticated user', async function () {
 380       await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 381     })
 382
 383     it('Should fail with a another user', async function () {
 384       await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 385     })
 386
 387     it('Should fail with a bad type', async function () {
 388       await makeGetRequest({
 389         url: server.url,
 390         path,
 391         token: userToken,
 392         query: { rating: 'toto ' },
 393         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 394       })
 395     })
 396
 397     it('Should succeed with the correct params', async function () {
 398       await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 })
 399     })
 400   })
 401
 402   describe('When getting my global followers', function () {
 403     const path = '/api/v1/accounts/user1/followers'
 404
 405     it('Should fail with a bad start pagination', async function () {
 406       await checkBadStartPagination(server.url, path, userToken)
 407     })
 408
 409     it('Should fail with a bad count pagination', async function () {
 410       await checkBadCountPagination(server.url, path, userToken)
 411     })
 412
 413     it('Should fail with an incorrect sort', async function () {
 414       await checkBadSortPagination(server.url, path, userToken)
 415     })
 416
 417     it('Should fail with a unauthenticated user', async function () {
 418       await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 419     })
 420
 421     it('Should fail with a another user', async function () {
 422       await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 423     })
 424
 425     it('Should succeed with the correct params', async function () {
 426       await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 })
 427     })
 428   })
 429
 430   describe('When blocking/unblocking/removing user', function () {
 431
 432     it('Should fail with an incorrect id', async function () {
 433       const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
 434
 435       await server.users.remove(options)
 436       await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 437       await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 438     })
 439
 440     it('Should fail with the root user', async function () {
 441       const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
 442
 443       await server.users.remove(options)
 444       await server.users.banUser(options)
 445       await server.users.unbanUser(options)
 446     })
 447
 448     it('Should return 404 with a non existing id', async function () {
 449       const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 }
 450
 451       await server.users.remove(options)
 452       await server.users.banUser(options)
 453       await server.users.unbanUser(options)
 454     })
 455
 456     it('Should fail with a non admin user', async function () {
 457       const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
 458
 459       await server.users.remove(options)
 460       await server.users.banUser(options)
 461       await server.users.unbanUser(options)
 462     })
 463
 464     it('Should fail on a moderator with a moderator', async function () {
 465       const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
 466
 467       await server.users.remove(options)
 468       await server.users.banUser(options)
 469       await server.users.unbanUser(options)
 470     })
 471
 472     it('Should succeed on a user with a moderator', async function () {
 473       const options = { userId, token: moderatorToken }
 474
 475       await server.users.banUser(options)
 476       await server.users.unbanUser(options)
 477     })
 478   })
 479
 480   describe('When deleting our account', function () {
 481
 482     it('Should fail with with the root account', async function () {
 483       await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 484     })
 485   })
 486
 487   after(async function () {
 488     MockSmtpServer.Instance.kill()
 489
 490     await cleanupTests([ server ])
 491   })
 492 })