server/tests/api/check-params/my-user.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import {
   5   buildAbsoluteFixturePath,
   6   checkBadCountPagination,
   7   checkBadSortPagination,
   8   checkBadStartPagination,
   9   cleanupTests,
  10   createSingleServer,
  11   makeGetRequest,
  12   makePutBodyRequest,
  13   makeUploadRequest,
  14   MockSmtpServer,
  15   PeerTubeServer,
  16   setAccessTokensToServers,
  17   UsersCommand
  18 } from '@shared/extra-utils'
  19 import { HttpStatusCode, UserRole, VideoCreateResult } from '@shared/models'
  20
  21 describe('Test my user API validators', function () {
  22   const path = '/api/v1/users/'
  23   let userId: number
  24   let rootId: number
  25   let moderatorId: number
  26   let video: VideoCreateResult
  27   let server: PeerTubeServer
  28   let userToken = ''
  29   let moderatorToken = ''
  30
  31   // ---------------------------------------------------------------
  32
  33   before(async function () {
  34     this.timeout(30000)
  35
  36     {
  37       server = await createSingleServer(1)
  38       await setAccessTokensToServers([ server ])
  39     }
  40
  41     {
  42       const result = await server.users.generate('user1')
  43       userToken = result.token
  44       userId = result.userId
  45     }
  46
  47     {
  48       const result = await server.users.generate('moderator1', UserRole.MODERATOR)
  49       moderatorToken = result.token
  50     }
  51
  52     {
  53       const result = await server.users.generate('moderator2', UserRole.MODERATOR)
  54       moderatorId = result.userId
  55     }
  56
  57     {
  58       video = await server.videos.upload()
  59     }
  60   })
  61
  62   describe('When updating my account', function () {
  63
  64     it('Should fail with an invalid email attribute', async function () {
  65       const fields = {
  66         email: 'blabla'
  67       }
  68
  69       await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
  70     })
  71
  72     it('Should fail with a too small password', async function () {
  73       const fields = {
  74         currentPassword: 'password',
  75         password: 'bla'
  76       }
  77
  78       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
  79     })
  80
  81     it('Should fail with a too long password', async function () {
  82       const fields = {
  83         currentPassword: 'password',
  84         password: 'super'.repeat(61)
  85       }
  86
  87       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
  88     })
  89
  90     it('Should fail without the current password', async function () {
  91       const fields = {
  92         currentPassword: 'password',
  93         password: 'super'.repeat(61)
  94       }
  95
  96       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
  97     })
  98
  99     it('Should fail with an invalid current password', async function () {
 100       const fields = {
 101         currentPassword: 'my super password fail',
 102         password: 'super'.repeat(61)
 103       }
 104
 105       await makePutBodyRequest({
 106         url: server.url,
 107         path: path + 'me',
 108         token: userToken,
 109         fields,
 110         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 111       })
 112     })
 113
 114     it('Should fail with an invalid NSFW policy attribute', async function () {
 115       const fields = {
 116         nsfwPolicy: 'hello'
 117       }
 118
 119       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 120     })
 121
 122     it('Should fail with an invalid autoPlayVideo attribute', async function () {
 123       const fields = {
 124         autoPlayVideo: -1
 125       }
 126
 127       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 128     })
 129
 130     it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
 131       const fields = {
 132         autoPlayNextVideo: -1
 133       }
 134
 135       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 136     })
 137
 138     it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
 139       const fields = {
 140         videosHistoryEnabled: -1
 141       }
 142
 143       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 144     })
 145
 146     it('Should fail with an non authenticated user', async function () {
 147       const fields = {
 148         currentPassword: 'password',
 149         password: 'my super password'
 150       }
 151
 152       await makePutBodyRequest({
 153         url: server.url,
 154         path: path + 'me',
 155         token: 'super token',
 156         fields,
 157         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 158       })
 159     })
 160
 161     it('Should fail with a too long description', async function () {
 162       const fields = {
 163         description: 'super'.repeat(201)
 164       }
 165
 166       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 167     })
 168
 169     it('Should fail with an invalid videoLanguages attribute', async function () {
 170       {
 171         const fields = {
 172           videoLanguages: 'toto'
 173         }
 174
 175         await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 176       }
 177
 178       {
 179         const languages = []
 180         for (let i = 0; i < 1000; i++) {
 181           languages.push('fr')
 182         }
 183
 184         const fields = {
 185           videoLanguages: languages
 186         }
 187
 188         await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 189       }
 190     })
 191
 192     it('Should fail with an invalid theme', async function () {
 193       const fields = { theme: 'invalid' }
 194       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 195     })
 196
 197     it('Should fail with an unknown theme', async function () {
 198       const fields = { theme: 'peertube-theme-unknown' }
 199       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 200     })
 201
 202     it('Should fail with invalid no modal attributes', async function () {
 203       const keys = [
 204         'noInstanceConfigWarningModal',
 205         'noAccountSetupWarningModal',
 206         'noWelcomeModal'
 207       ]
 208
 209       for (const key of keys) {
 210         const fields = {
 211           [key]: -1
 212         }
 213
 214         await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
 215       }
 216     })
 217
 218     it('Should succeed to change password with the correct params', async function () {
 219       const fields = {
 220         currentPassword: 'password',
 221         password: 'my super password',
 222         nsfwPolicy: 'blur',
 223         autoPlayVideo: false,
 224         email: 'super_email@example.com',
 225         theme: 'default',
 226         noInstanceConfigWarningModal: true,
 227         noWelcomeModal: true,
 228         noAccountSetupWarningModal: true
 229       }
 230
 231       await makePutBodyRequest({
 232         url: server.url,
 233         path: path + 'me',
 234         token: userToken,
 235         fields,
 236         expectedStatus: HttpStatusCode.NO_CONTENT_204
 237       })
 238     })
 239
 240     it('Should succeed without password change with the correct params', async function () {
 241       const fields = {
 242         nsfwPolicy: 'blur',
 243         autoPlayVideo: false
 244       }
 245
 246       await makePutBodyRequest({
 247         url: server.url,
 248         path: path + 'me',
 249         token: userToken,
 250         fields,
 251         expectedStatus: HttpStatusCode.NO_CONTENT_204
 252       })
 253     })
 254   })
 255
 256   describe('When updating my avatar', function () {
 257     it('Should fail without an incorrect input file', async function () {
 258       const fields = {}
 259       const attaches = {
 260         avatarfile: buildAbsoluteFixturePath('video_short.mp4')
 261       }
 262       await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
 263     })
 264
 265     it('Should fail with a big file', async function () {
 266       const fields = {}
 267       const attaches = {
 268         avatarfile: buildAbsoluteFixturePath('avatar-big.png')
 269       }
 270       await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
 271     })
 272
 273     it('Should fail with an unauthenticated user', async function () {
 274       const fields = {}
 275       const attaches = {
 276         avatarfile: buildAbsoluteFixturePath('avatar.png')
 277       }
 278       await makeUploadRequest({
 279         url: server.url,
 280         path: path + '/me/avatar/pick',
 281         fields,
 282         attaches,
 283         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 284       })
 285     })
 286
 287     it('Should succeed with the correct params', async function () {
 288       const fields = {}
 289       const attaches = {
 290         avatarfile: buildAbsoluteFixturePath('avatar.png')
 291       }
 292       await makeUploadRequest({
 293         url: server.url,
 294         path: path + '/me/avatar/pick',
 295         token: server.accessToken,
 296         fields,
 297         attaches,
 298         expectedStatus: HttpStatusCode.OK_200
 299       })
 300     })
 301   })
 302
 303   describe('When managing my scoped tokens', function () {
 304
 305     it('Should fail to get my scoped tokens with an non authenticated user', async function () {
 306       await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 307     })
 308
 309     it('Should fail to get my scoped tokens with a bad token', async function () {
 310       await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 311
 312     })
 313
 314     it('Should succeed to get my scoped tokens', async function () {
 315       await server.users.getMyScopedTokens()
 316     })
 317
 318     it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
 319       await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 320     })
 321
 322     it('Should fail to renew my scoped tokens with a bad token', async function () {
 323       await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 324     })
 325
 326     it('Should succeed to renew my scoped tokens', async function () {
 327       await server.users.renewMyScopedTokens()
 328     })
 329   })
 330
 331   describe('When getting my information', function () {
 332     it('Should fail with a non authenticated user', async function () {
 333       await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 334     })
 335
 336     it('Should success with the correct parameters', async function () {
 337       await server.users.getMyInfo({ token: userToken })
 338     })
 339   })
 340
 341   describe('When getting my video rating', function () {
 342     let command: UsersCommand
 343
 344     before(function () {
 345       command = server.users
 346     })
 347
 348     it('Should fail with a non authenticated user', async function () {
 349       await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 350     })
 351
 352     it('Should fail with an incorrect video uuid', async function () {
 353       await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 354     })
 355
 356     it('Should fail with an unknown video', async function () {
 357       await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 358     })
 359
 360     it('Should succeed with the correct parameters', async function () {
 361       await command.getMyRating({ videoId: video.id })
 362       await command.getMyRating({ videoId: video.uuid })
 363       await command.getMyRating({ videoId: video.shortUUID })
 364     })
 365   })
 366
 367   describe('When retrieving my global ratings', function () {
 368     const path = '/api/v1/accounts/user1/ratings'
 369
 370     it('Should fail with a bad start pagination', async function () {
 371       await checkBadStartPagination(server.url, path, userToken)
 372     })
 373
 374     it('Should fail with a bad count pagination', async function () {
 375       await checkBadCountPagination(server.url, path, userToken)
 376     })
 377
 378     it('Should fail with an incorrect sort', async function () {
 379       await checkBadSortPagination(server.url, path, userToken)
 380     })
 381
 382     it('Should fail with a unauthenticated user', async function () {
 383       await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 384     })
 385
 386     it('Should fail with a another user', async function () {
 387       await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 388     })
 389
 390     it('Should fail with a bad type', async function () {
 391       await makeGetRequest({
 392         url: server.url,
 393         path,
 394         token: userToken,
 395         query: { rating: 'toto ' },
 396         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 397       })
 398     })
 399
 400     it('Should succeed with the correct params', async function () {
 401       await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 })
 402     })
 403   })
 404
 405   describe('When getting my global followers', function () {
 406     const path = '/api/v1/accounts/user1/followers'
 407
 408     it('Should fail with a bad start pagination', async function () {
 409       await checkBadStartPagination(server.url, path, userToken)
 410     })
 411
 412     it('Should fail with a bad count pagination', async function () {
 413       await checkBadCountPagination(server.url, path, userToken)
 414     })
 415
 416     it('Should fail with an incorrect sort', async function () {
 417       await checkBadSortPagination(server.url, path, userToken)
 418     })
 419
 420     it('Should fail with a unauthenticated user', async function () {
 421       await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 422     })
 423
 424     it('Should fail with a another user', async function () {
 425       await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 426     })
 427
 428     it('Should succeed with the correct params', async function () {
 429       await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 })
 430     })
 431   })
 432
 433   describe('When blocking/unblocking/removing user', function () {
 434
 435     it('Should fail with an incorrect id', async function () {
 436       const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
 437
 438       await server.users.remove(options)
 439       await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 440       await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 441     })
 442
 443     it('Should fail with the root user', async function () {
 444       const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
 445
 446       await server.users.remove(options)
 447       await server.users.banUser(options)
 448       await server.users.unbanUser(options)
 449     })
 450
 451     it('Should return 404 with a non existing id', async function () {
 452       const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 }
 453
 454       await server.users.remove(options)
 455       await server.users.banUser(options)
 456       await server.users.unbanUser(options)
 457     })
 458
 459     it('Should fail with a non admin user', async function () {
 460       const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
 461
 462       await server.users.remove(options)
 463       await server.users.banUser(options)
 464       await server.users.unbanUser(options)
 465     })
 466
 467     it('Should fail on a moderator with a moderator', async function () {
 468       const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
 469
 470       await server.users.remove(options)
 471       await server.users.banUser(options)
 472       await server.users.unbanUser(options)
 473     })
 474
 475     it('Should succeed on a user with a moderator', async function () {
 476       const options = { userId, token: moderatorToken }
 477
 478       await server.users.banUser(options)
 479       await server.users.unbanUser(options)
 480     })
 481   })
 482
 483   describe('When deleting our account', function () {
 484
 485     it('Should fail with with the root account', async function () {
 486       await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 487     })
 488   })
 489
 490   after(async function () {
 491     MockSmtpServer.Instance.kill()
 492
 493     await cleanupTests([ server ])
 494   })
 495 })