server/tests/api/check-params/users.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { omit } from 'lodash'
   5 import {
   6   cleanupTests,
   7   createSingleServer,
   8   makePostBodyRequest,
   9   MockSmtpServer,
  10   PeerTubeServer,
  11   setAccessTokensToServers
  12 } from '@shared/server-commands'
  13 import { HttpStatusCode, UserRole } from '@shared/models'
  14
  15 describe('Test users API validators', function () {
  16   const path = '/api/v1/users/'
  17   let server: PeerTubeServer
  18   let serverWithRegistrationDisabled: PeerTubeServer
  19
  20   // ---------------------------------------------------------------
  21
  22   before(async function () {
  23     this.timeout(30000)
  24
  25     const res = await Promise.all([
  26       createSingleServer(1, { signup: { limit: 3 } }),
  27       createSingleServer(2)
  28     ])
  29
  30     server = res[0]
  31     serverWithRegistrationDisabled = res[1]
  32
  33     await setAccessTokensToServers([ server ])
  34
  35     await server.users.generate('moderator2', UserRole.MODERATOR)
  36   })
  37
  38   describe('When registering a new user', function () {
  39     const registrationPath = path + '/register'
  40     const baseCorrectParams = {
  41       username: 'user3',
  42       displayName: 'super user',
  43       email: 'test3@example.com',
  44       password: 'my super password'
  45     }
  46
  47     it('Should fail with a too small username', async function () {
  48       const fields = { ...baseCorrectParams, username: '' }
  49
  50       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  51     })
  52
  53     it('Should fail with a too long username', async function () {
  54       const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
  55
  56       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  57     })
  58
  59     it('Should fail with an incorrect username', async function () {
  60       const fields = { ...baseCorrectParams, username: 'my username' }
  61
  62       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  63     })
  64
  65     it('Should fail with a missing email', async function () {
  66       const fields = omit(baseCorrectParams, 'email')
  67
  68       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  69     })
  70
  71     it('Should fail with an invalid email', async function () {
  72       const fields = { ...baseCorrectParams, email: 'test_example.com' }
  73
  74       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  75     })
  76
  77     it('Should fail with a too small password', async function () {
  78       const fields = { ...baseCorrectParams, password: 'bla' }
  79
  80       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  81     })
  82
  83     it('Should fail with a too long password', async function () {
  84       const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
  85
  86       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  87     })
  88
  89     it('Should fail if we register a user with the same username', async function () {
  90       const fields = { ...baseCorrectParams, username: 'root' }
  91
  92       await makePostBodyRequest({
  93         url: server.url,
  94         path: registrationPath,
  95         token: server.accessToken,
  96         fields,
  97         expectedStatus: HttpStatusCode.CONFLICT_409
  98       })
  99     })
 100
 101     it('Should fail with a "peertube" username', async function () {
 102       const fields = { ...baseCorrectParams, username: 'peertube' }
 103
 104       await makePostBodyRequest({
 105         url: server.url,
 106         path: registrationPath,
 107         token: server.accessToken,
 108         fields,
 109         expectedStatus: HttpStatusCode.CONFLICT_409
 110       })
 111     })
 112
 113     it('Should fail if we register a user with the same email', async function () {
 114       const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
 115
 116       await makePostBodyRequest({
 117         url: server.url,
 118         path: registrationPath,
 119         token: server.accessToken,
 120         fields,
 121         expectedStatus: HttpStatusCode.CONFLICT_409
 122       })
 123     })
 124
 125     it('Should fail with a bad display name', async function () {
 126       const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
 127
 128       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 129     })
 130
 131     it('Should fail with a bad channel name', async function () {
 132       const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
 133
 134       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 135     })
 136
 137     it('Should fail with a bad channel display name', async function () {
 138       const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
 139
 140       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 141     })
 142
 143     it('Should fail with a channel name that is the same as username', async function () {
 144       const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
 145       const fields = { ...baseCorrectParams, ...source }
 146
 147       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 148     })
 149
 150     it('Should fail with an existing channel', async function () {
 151       const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
 152       await server.channels.create({ attributes })
 153
 154       const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
 155
 156       await makePostBodyRequest({
 157         url: server.url,
 158         path: registrationPath,
 159         token: server.accessToken,
 160         fields,
 161         expectedStatus: HttpStatusCode.CONFLICT_409
 162       })
 163     })
 164
 165     it('Should succeed with the correct params', async function () {
 166       const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
 167
 168       await makePostBodyRequest({
 169         url: server.url,
 170         path: registrationPath,
 171         token: server.accessToken,
 172         fields: fields,
 173         expectedStatus: HttpStatusCode.NO_CONTENT_204
 174       })
 175     })
 176
 177     it('Should fail on a server with registration disabled', async function () {
 178       const fields = {
 179         username: 'user4',
 180         email: 'test4@example.com',
 181         password: 'my super password 4'
 182       }
 183
 184       await makePostBodyRequest({
 185         url: serverWithRegistrationDisabled.url,
 186         path: registrationPath,
 187         token: serverWithRegistrationDisabled.accessToken,
 188         fields,
 189         expectedStatus: HttpStatusCode.FORBIDDEN_403
 190       })
 191     })
 192   })
 193
 194   describe('When registering multiple users on a server with users limit', function () {
 195
 196     it('Should fail when after 3 registrations', async function () {
 197       await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 198     })
 199
 200   })
 201
 202   describe('When asking a password reset', function () {
 203     const path = '/api/v1/users/ask-reset-password'
 204
 205     it('Should fail with a missing email', async function () {
 206       const fields = {}
 207
 208       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 209     })
 210
 211     it('Should fail with an invalid email', async function () {
 212       const fields = { email: 'hello' }
 213
 214       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 215     })
 216
 217     it('Should success with the correct params', async function () {
 218       const fields = { email: 'admin@example.com' }
 219
 220       await makePostBodyRequest({
 221         url: server.url,
 222         path,
 223         token: server.accessToken,
 224         fields,
 225         expectedStatus: HttpStatusCode.NO_CONTENT_204
 226       })
 227     })
 228   })
 229
 230   describe('When asking for an account verification email', function () {
 231     const path = '/api/v1/users/ask-send-verify-email'
 232
 233     it('Should fail with a missing email', async function () {
 234       const fields = {}
 235
 236       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 237     })
 238
 239     it('Should fail with an invalid email', async function () {
 240       const fields = { email: 'hello' }
 241
 242       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 243     })
 244
 245     it('Should succeed with the correct params', async function () {
 246       const fields = { email: 'admin@example.com' }
 247
 248       await makePostBodyRequest({
 249         url: server.url,
 250         path,
 251         token: server.accessToken,
 252         fields,
 253         expectedStatus: HttpStatusCode.NO_CONTENT_204
 254       })
 255     })
 256   })
 257
 258   after(async function () {
 259     MockSmtpServer.Instance.kill()
 260
 261     await cleanupTests([ server, serverWithRegistrationDisabled ])
 262   })
 263 })