1 /* tslint:disable:no-unused-expression */
3 import { omit } from 'lodash'
5 import { join } from 'path'
6 import { UserRole, VideoImport, VideoImportState } from '../../../../shared'
9 createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
10 makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
11 updateUser, uploadVideo, userLogin, deleteMe, unblockUser, blockUser
12 } from '../../../../shared/utils'
14 checkBadCountPagination,
15 checkBadSortPagination,
16 checkBadStartPagination
17 } from '../../../../shared/utils/requests/check-api-params'
18 import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../../../shared/utils/videos/video-imports'
19 import { VideoPrivacy } from '../../../../shared/models/videos'
20 import { waitJobs } from '../../../../shared/utils/server/jobs'
21 import { expect } from 'chai'
23 describe('Test users API validators', function () {
24 const path = '/api/v1/users/'
28 let server: ServerInfo
29 let serverWithRegistrationDisabled: ServerInfo
30 let userAccessToken = ''
34 password: 'my super password'
37 // ---------------------------------------------------------------
39 before(async function () {
44 server = await runServer(1)
45 serverWithRegistrationDisabled = await runServer(2)
47 await setAccessTokensToServers([ server ])
49 const videoQuota = 42000000
50 await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
51 userAccessToken = await userLogin(server, user)
54 const res = await getMyUserInformation(server.url, server.accessToken)
55 channelId = res.body.videoChannels[ 0 ].id
59 const res = await uploadVideo(server.url, server.accessToken, {})
60 videoId = res.body.video.id
64 describe('When listing users', function () {
65 it('Should fail with a bad start pagination', async function () {
66 await checkBadStartPagination(server.url, path, server.accessToken)
69 it('Should fail with a bad count pagination', async function () {
70 await checkBadCountPagination(server.url, path, server.accessToken)
73 it('Should fail with an incorrect sort', async function () {
74 await checkBadSortPagination(server.url, path, server.accessToken)
77 it('Should fail with a non authenticated user', async function () {
78 await makeGetRequest({
81 statusCodeExpected: 401
85 it('Should fail with a non admin user', async function () {
86 await makeGetRequest({
89 token: userAccessToken,
90 statusCodeExpected: 403
95 describe('When adding a new user', function () {
96 const baseCorrectParams = {
98 email: 'test@example.com',
99 password: 'my super password',
105 it('Should fail with a too small username', async function () {
106 const fields = immutableAssign(baseCorrectParams, { username: '' })
108 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
111 it('Should fail with a too long username', async function () {
112 const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) })
114 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
117 it('Should fail with a not lowercase username', async function () {
118 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
120 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
123 it('Should fail with an incorrect username', async function () {
124 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
126 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
129 it('Should fail with a missing email', async function () {
130 const fields = omit(baseCorrectParams, 'email')
132 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
135 it('Should fail with an invalid email', async function () {
136 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
138 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
141 it('Should fail with a too small password', async function () {
142 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
144 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
147 it('Should fail with a too long password', async function () {
148 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
150 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
153 it('Should fail with an non authenticated user', async function () {
154 await makePostBodyRequest({
157 token: 'super token',
158 fields: baseCorrectParams,
159 statusCodeExpected: 401
163 it('Should fail if we add a user with the same username', async function () {
164 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
166 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
169 it('Should fail if we add a user with the same email', async function () {
170 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
172 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
175 it('Should fail without a videoQuota', async function () {
176 const fields = omit(baseCorrectParams, 'videoQuota')
178 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
181 it('Should fail without a videoQuotaDaily', async function () {
182 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
184 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
187 it('Should fail with an invalid videoQuota', async function () {
188 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
190 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
193 it('Should fail with an invalid videoQuotaDaily', async function () {
194 const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 })
196 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
199 it('Should fail without a user role', async function () {
200 const fields = omit(baseCorrectParams, 'role')
202 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
205 it('Should fail with an invalid user role', async function () {
206 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
208 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
211 it('Should fail with a "peertube" username', async function () {
212 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
214 await makePostBodyRequest({
217 token: server.accessToken,
219 statusCodeExpected: 409
223 it('Should succeed with the correct params', async function () {
224 await makePostBodyRequest({
227 token: server.accessToken,
228 fields: baseCorrectParams,
229 statusCodeExpected: 200
233 it('Should fail with a non admin user', async function () {
236 password: 'my super password'
238 userAccessToken = await userLogin(server, user)
242 email: 'test@example.com',
243 password: 'my super password',
246 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
250 describe('When updating my account', function () {
251 it('Should fail with an invalid email attribute', async function () {
256 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
259 it('Should fail with a too small password', async function () {
261 currentPassword: 'my super password',
265 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
268 it('Should fail with a too long password', async function () {
270 currentPassword: 'my super password',
271 password: 'super'.repeat(61)
274 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
277 it('Should fail without the current password', async function () {
279 currentPassword: 'my super password',
280 password: 'super'.repeat(61)
283 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
286 it('Should fail with an invalid current password', async function () {
288 currentPassword: 'my super password fail',
289 password: 'super'.repeat(61)
292 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 401 })
295 it('Should fail with an invalid NSFW policy attribute', async function () {
300 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
303 it('Should fail with an invalid autoPlayVideo attribute', async function () {
308 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
311 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
313 videosHistoryEnabled: -1
316 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
319 it('Should fail with an non authenticated user', async function () {
321 currentPassword: 'my super password',
322 password: 'my super password'
325 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
328 it('Should fail with a too long description', async function () {
330 description: 'super'.repeat(201)
333 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
336 it('Should succeed to change password with the correct params', async function () {
338 currentPassword: 'my super password',
339 password: 'my super password',
341 autoPlayVideo: false,
342 email: 'super_email@example.com'
345 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
348 it('Should succeed without password change with the correct params', async function () {
351 autoPlayVideo: false,
352 email: 'super_email@example.com'
355 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
359 describe('When updating my avatar', function () {
360 it('Should fail without an incorrect input file', async function () {
363 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
365 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
368 it('Should fail with a big file', async function () {
371 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
373 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
376 it('Should fail with an unauthenticated user', async function () {
379 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
381 await makeUploadRequest({
383 path: path + '/me/avatar/pick',
386 statusCodeExpected: 401
390 it('Should succeed with the correct params', async function () {
393 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
395 await makeUploadRequest({
397 path: path + '/me/avatar/pick',
398 token: server.accessToken,
401 statusCodeExpected: 200
406 describe('When getting a user', function () {
407 before(async function () {
408 const res = await getUsersList(server.url, server.accessToken)
410 userId = res.body.data[1].id
413 it('Should fail with an non authenticated user', async function () {
414 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
417 it('Should fail with a non admin user', async function () {
418 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
421 it('Should succeed with the correct params', async function () {
422 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
426 describe('When updating a user', function () {
428 before(async function () {
429 const res = await getUsersList(server.url, server.accessToken)
431 userId = res.body.data[1].id
432 rootId = res.body.data[2].id
435 it('Should fail with an invalid email attribute', async function () {
440 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
443 it('Should fail with an invalid emailVerified attribute', async function () {
448 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
451 it('Should fail with an invalid videoQuota attribute', async function () {
456 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
459 it('Should fail with an invalid user role attribute', async function () {
464 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
467 it('Should fail with a too small password', async function () {
469 currentPassword: 'my super password',
473 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
476 it('Should fail with a too long password', async function () {
478 currentPassword: 'my super password',
479 password: 'super'.repeat(61)
482 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
485 it('Should fail with an non authenticated user', async function () {
490 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
493 it('Should fail when updating root role', async function () {
495 role: UserRole.MODERATOR
498 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
501 it('Should succeed with the correct params', async function () {
503 email: 'email@example.com',
509 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
513 describe('When getting my information', function () {
514 it('Should fail with a non authenticated user', async function () {
515 await getMyUserInformation(server.url, 'fake_token', 401)
518 it('Should success with the correct parameters', async function () {
519 await getMyUserInformation(server.url, userAccessToken)
523 describe('When getting my video rating', function () {
524 it('Should fail with a non authenticated user', async function () {
525 await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
528 it('Should fail with an incorrect video uuid', async function () {
529 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
532 it('Should fail with an unknown video', async function () {
533 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
536 it('Should succeed with the correct parameters', async function () {
537 await getMyUserVideoRating(server.url, server.accessToken, videoId)
541 describe('When blocking/unblocking/removing user', function () {
542 it('Should fail with an incorrect id', async function () {
543 await removeUser(server.url, 'blabla', server.accessToken, 400)
544 await blockUser(server.url, 'blabla', server.accessToken, 400)
545 await unblockUser(server.url, 'blabla', server.accessToken, 400)
548 it('Should fail with the root user', async function () {
549 await removeUser(server.url, rootId, server.accessToken, 400)
550 await blockUser(server.url, rootId, server.accessToken, 400)
551 await unblockUser(server.url, rootId, server.accessToken, 400)
554 it('Should return 404 with a non existing id', async function () {
555 await removeUser(server.url, 4545454, server.accessToken, 404)
556 await blockUser(server.url, 4545454, server.accessToken, 404)
557 await unblockUser(server.url, 4545454, server.accessToken, 404)
560 it('Should fail with a non admin user', async function () {
561 await removeUser(server.url, userId, userAccessToken, 403)
562 await blockUser(server.url, userId, userAccessToken, 403)
563 await unblockUser(server.url, userId, userAccessToken, 403)
567 describe('When deleting our account', function () {
568 it('Should fail with with the root account', async function () {
569 await deleteMe(server.url, server.accessToken, 400)
573 describe('When register a new user', function () {
574 const registrationPath = path + '/register'
575 const baseCorrectParams = {
577 email: 'test3@example.com',
578 password: 'my super password'
581 it('Should fail with a too small username', async function () {
582 const fields = immutableAssign(baseCorrectParams, { username: '' })
584 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
587 it('Should fail with a too long username', async function () {
588 const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) })
590 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
593 it('Should fail with an incorrect username', async function () {
594 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
596 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
599 it('Should fail with a missing email', async function () {
600 const fields = omit(baseCorrectParams, 'email')
602 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
605 it('Should fail with an invalid email', async function () {
606 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
608 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
611 it('Should fail with a too small password', async function () {
612 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
614 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
617 it('Should fail with a too long password', async function () {
618 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
620 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
623 it('Should fail if we register a user with the same username', async function () {
624 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
626 await makePostBodyRequest({
628 path: registrationPath,
629 token: server.accessToken,
631 statusCodeExpected: 409
635 it('Should fail with a "peertube" username', async function () {
636 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
638 await makePostBodyRequest({
640 path: registrationPath,
641 token: server.accessToken,
643 statusCodeExpected: 409
647 it('Should fail if we register a user with the same email', async function () {
648 const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
650 await makePostBodyRequest({
652 path: registrationPath,
653 token: server.accessToken,
655 statusCodeExpected: 409
659 it('Should succeed with the correct params', async function () {
660 await makePostBodyRequest({
662 path: registrationPath,
663 token: server.accessToken,
664 fields: baseCorrectParams,
665 statusCodeExpected: 204
669 it('Should fail on a server with registration disabled', async function () {
672 email: 'test4@example.com',
673 password: 'my super password 4'
676 await makePostBodyRequest({
677 url: serverWithRegistrationDisabled.url,
678 path: registrationPath,
679 token: serverWithRegistrationDisabled.accessToken,
681 statusCodeExpected: 403
686 describe('When registering multiple users on a server with users limit', function () {
687 it('Should fail when after 3 registrations', async function () {
688 await registerUser(server.url, 'user42', 'super password', 403)
692 describe('When having a video quota', function () {
693 it('Should fail with a user having too many videos', async function () {
697 accessToken: server.accessToken,
701 await uploadVideo(server.url, server.accessToken, {}, 403)
704 it('Should fail with a registered user having too many videos', async function () {
709 password: 'my super password'
711 userAccessToken = await userLogin(server, user)
713 const videoAttributes = { fixture: 'video_short2.webm' }
714 await uploadVideo(server.url, userAccessToken, videoAttributes)
715 await uploadVideo(server.url, userAccessToken, videoAttributes)
716 await uploadVideo(server.url, userAccessToken, videoAttributes)
717 await uploadVideo(server.url, userAccessToken, videoAttributes)
718 await uploadVideo(server.url, userAccessToken, videoAttributes)
719 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
722 it('Should fail to import with HTTP/Torrent/magnet', async function () {
725 const baseAttributes = {
727 privacy: VideoPrivacy.PUBLIC
729 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() }))
730 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() }))
731 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' }))
733 await waitJobs([ server ])
735 const res = await getMyVideoImports(server.url, server.accessToken)
737 expect(res.body.total).to.equal(3)
738 const videoImports: VideoImport[] = res.body.data
739 expect(videoImports).to.have.lengthOf(3)
741 for (const videoImport of videoImports) {
742 expect(videoImport.state.id).to.equal(VideoImportState.FAILED)
743 expect(videoImport.error).not.to.be.undefined
744 expect(videoImport.error).to.contain('user video quota is exceeded')
749 describe('When having a daily video quota', function () {
750 it('Should fail with a user having too many videos', async function () {
754 accessToken: server.accessToken,
758 await uploadVideo(server.url, server.accessToken, {}, 403)
762 describe('When having an absolute and daily video quota', function () {
763 it('Should fail if exceeding total quota', async function () {
767 accessToken: server.accessToken,
769 videoQuotaDaily: 1024 * 1024 * 1024
772 await uploadVideo(server.url, server.accessToken, {}, 403)
775 it('Should fail if exceeding daily quota', async function () {
779 accessToken: server.accessToken,
780 videoQuota: 1024 * 1024 * 1024,
784 await uploadVideo(server.url, server.accessToken, {}, 403)
788 describe('When asking a password reset', function () {
789 const path = '/api/v1/users/ask-reset-password'
791 it('Should fail with a missing email', async function () {
794 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
797 it('Should fail with an invalid email', async function () {
798 const fields = { email: 'hello' }
800 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
803 it('Should success with the correct params', async function () {
804 const fields = { email: 'admin@example.com' }
806 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
810 describe('When asking for an account verification email', function () {
811 const path = '/api/v1/users/ask-send-verify-email'
813 it('Should fail with a missing email', async function () {
816 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
819 it('Should fail with an invalid email', async function () {
820 const fields = { email: 'hello' }
822 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
825 it('Should succeed with the correct params', async function () {
826 const fields = { email: 'admin@example.com' }
828 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
832 after(async function () {
833 killallServers([ server, serverWithRegistrationDisabled ])
835 // Keep the logs if the test failed