1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
4 import { omit } from 'lodash'
6 checkBadCountPagination,
7 checkBadSortPagination,
8 checkBadStartPagination,
17 setAccessTokensToServers
18 } from '@shared/extra-utils'
19 import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models'
21 describe('Test users admin API validators', function () {
22 const path = '/api/v1/users/'
25 let moderatorId: number
26 let server: PeerTubeServer
28 let moderatorToken = ''
31 // ---------------------------------------------------------------
33 before(async function () {
36 const emails: object[] = []
37 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
40 server = await createSingleServer(1)
42 await setAccessTokensToServers([ server ])
46 const result = await server.users.generate('user1')
47 userToken = result.token
48 userId = result.userId
52 const result = await server.users.generate('moderator1', UserRole.MODERATOR)
53 moderatorToken = result.token
57 const result = await server.users.generate('moderator2', UserRole.MODERATOR)
58 moderatorId = result.userId
62 describe('When listing users', function () {
63 it('Should fail with a bad start pagination', async function () {
64 await checkBadStartPagination(server.url, path, server.accessToken)
67 it('Should fail with a bad count pagination', async function () {
68 await checkBadCountPagination(server.url, path, server.accessToken)
71 it('Should fail with an incorrect sort', async function () {
72 await checkBadSortPagination(server.url, path, server.accessToken)
75 it('Should fail with a non authenticated user', async function () {
76 await makeGetRequest({
79 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
83 it('Should fail with a non admin user', async function () {
84 await makeGetRequest({
88 expectedStatus: HttpStatusCode.FORBIDDEN_403
93 describe('When adding a new user', function () {
94 const baseCorrectParams = {
96 email: 'test@example.com',
97 password: 'my super password',
101 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
104 it('Should fail with a too small username', async function () {
105 const fields = { ...baseCorrectParams, username: '' }
107 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
110 it('Should fail with a too long username', async function () {
111 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
113 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
116 it('Should fail with a not lowercase username', async function () {
117 const fields = { ...baseCorrectParams, username: 'Toto' }
119 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
122 it('Should fail with an incorrect username', async function () {
123 const fields = { ...baseCorrectParams, username: 'my username' }
125 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
128 it('Should fail with a missing email', async function () {
129 const fields = omit(baseCorrectParams, 'email')
131 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
134 it('Should fail with an invalid email', async function () {
135 const fields = { ...baseCorrectParams, email: 'test_example.com' }
137 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
140 it('Should fail with a too small password', async function () {
141 const fields = { ...baseCorrectParams, password: 'bla' }
143 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
146 it('Should fail with a too long password', async function () {
147 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
149 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
152 it('Should fail with empty password and no smtp configured', async function () {
153 const fields = { ...baseCorrectParams, password: '' }
155 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
158 it('Should succeed with no password on a server with smtp enabled', async function () {
161 await killallServers([ server ])
165 hostname: 'localhost',
169 await server.run(config)
172 ...baseCorrectParams,
175 username: 'create_password',
176 email: 'create_password@example.com'
179 await makePostBodyRequest({
182 token: server.accessToken,
184 expectedStatus: HttpStatusCode.OK_200
188 it('Should fail with invalid admin flags', async function () {
189 const fields = { ...baseCorrectParams, adminFlags: 'toto' }
191 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
194 it('Should fail with an non authenticated user', async function () {
195 await makePostBodyRequest({
198 token: 'super token',
199 fields: baseCorrectParams,
200 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
204 it('Should fail if we add a user with the same username', async function () {
205 const fields = { ...baseCorrectParams, username: 'user1' }
207 await makePostBodyRequest({
210 token: server.accessToken,
212 expectedStatus: HttpStatusCode.CONFLICT_409
216 it('Should fail if we add a user with the same email', async function () {
217 const fields = { ...baseCorrectParams, email: 'user1@example.com' }
219 await makePostBodyRequest({
222 token: server.accessToken,
224 expectedStatus: HttpStatusCode.CONFLICT_409
228 it('Should fail without a videoQuota', async function () {
229 const fields = omit(baseCorrectParams, 'videoQuota')
231 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
234 it('Should fail without a videoQuotaDaily', async function () {
235 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
237 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
240 it('Should fail with an invalid videoQuota', async function () {
241 const fields = { ...baseCorrectParams, videoQuota: -5 }
243 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
246 it('Should fail with an invalid videoQuotaDaily', async function () {
247 const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
249 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
252 it('Should fail without a user role', async function () {
253 const fields = omit(baseCorrectParams, 'role')
255 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
258 it('Should fail with an invalid user role', async function () {
259 const fields = { ...baseCorrectParams, role: 88989 }
261 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
264 it('Should fail with a "peertube" username', async function () {
265 const fields = { ...baseCorrectParams, username: 'peertube' }
267 await makePostBodyRequest({
270 token: server.accessToken,
272 expectedStatus: HttpStatusCode.CONFLICT_409
276 it('Should fail to create a moderator or an admin with a moderator', async function () {
277 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
278 const fields = { ...baseCorrectParams, role }
280 await makePostBodyRequest({
283 token: moderatorToken,
285 expectedStatus: HttpStatusCode.FORBIDDEN_403
290 it('Should succeed to create a user with a moderator', async function () {
291 const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
293 await makePostBodyRequest({
296 token: moderatorToken,
298 expectedStatus: HttpStatusCode.OK_200
302 it('Should succeed with the correct params', async function () {
303 await makePostBodyRequest({
306 token: server.accessToken,
307 fields: baseCorrectParams,
308 expectedStatus: HttpStatusCode.OK_200
312 it('Should fail with a non admin user', async function () {
313 const user = { username: 'user1' }
314 userToken = await server.login.getAccessToken(user)
318 email: 'test@example.com',
319 password: 'my super password',
322 await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
326 describe('When getting a user', function () {
328 it('Should fail with an non authenticated user', async function () {
329 await makeGetRequest({
332 token: 'super token',
333 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
337 it('Should fail with a non admin user', async function () {
338 await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
341 it('Should succeed with the correct params', async function () {
342 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
346 describe('When updating a user', function () {
348 it('Should fail with an invalid email attribute', async function () {
353 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
356 it('Should fail with an invalid emailVerified attribute', async function () {
361 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
364 it('Should fail with an invalid videoQuota attribute', async function () {
369 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
372 it('Should fail with an invalid user role attribute', async function () {
377 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
380 it('Should fail with a too small password', async function () {
382 currentPassword: 'password',
386 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
389 it('Should fail with a too long password', async function () {
391 currentPassword: 'password',
392 password: 'super'.repeat(61)
395 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
398 it('Should fail with an non authenticated user', async function () {
403 await makePutBodyRequest({
406 token: 'super token',
408 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
412 it('Should fail when updating root role', async function () {
414 role: UserRole.MODERATOR
417 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
420 it('Should fail with invalid admin flags', async function () {
421 const fields = { adminFlags: 'toto' }
423 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
426 it('Should fail to update an admin with a moderator', async function () {
431 await makePutBodyRequest({
433 path: path + moderatorId,
434 token: moderatorToken,
436 expectedStatus: HttpStatusCode.FORBIDDEN_403
440 it('Should succeed to update a user with a moderator', async function () {
445 await makePutBodyRequest({
448 token: moderatorToken,
450 expectedStatus: HttpStatusCode.NO_CONTENT_204
454 it('Should succeed with the correct params', async function () {
456 email: 'email@example.com',
462 await makePutBodyRequest({
465 token: server.accessToken,
467 expectedStatus: HttpStatusCode.NO_CONTENT_204
472 after(async function () {
473 MockSmtpServer.Instance.kill()
475 await cleanupTests([ server ])