server/tests/api/check-params/users.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { omit } from 'lodash'
   5 import { MockSmtpServer } from '@server/tests/shared'
   6 import { HttpStatusCode, UserRole } from '@shared/models'
   7 import { cleanupTests, createSingleServer, makePostBodyRequest, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
   8
   9 describe('Test users API validators', function () {
  10   const path = '/api/v1/users/'
  11   let server: PeerTubeServer
  12   let serverWithRegistrationDisabled: PeerTubeServer
  13
  14   // ---------------------------------------------------------------
  15
  16   before(async function () {
  17     this.timeout(30000)
  18
  19     const res = await Promise.all([
  20       createSingleServer(1, { signup: { limit: 3 } }),
  21       createSingleServer(2)
  22     ])
  23
  24     server = res[0]
  25     serverWithRegistrationDisabled = res[1]
  26
  27     await setAccessTokensToServers([ server ])
  28
  29     await server.users.generate('moderator2', UserRole.MODERATOR)
  30   })
  31
  32   describe('When registering a new user', function () {
  33     const registrationPath = path + '/register'
  34     const baseCorrectParams = {
  35       username: 'user3',
  36       displayName: 'super user',
  37       email: 'test3@example.com',
  38       password: 'my super password'
  39     }
  40
  41     it('Should fail with a too small username', async function () {
  42       const fields = { ...baseCorrectParams, username: '' }
  43
  44       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  45     })
  46
  47     it('Should fail with a too long username', async function () {
  48       const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
  49
  50       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  51     })
  52
  53     it('Should fail with an incorrect username', async function () {
  54       const fields = { ...baseCorrectParams, username: 'my username' }
  55
  56       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  57     })
  58
  59     it('Should fail with a missing email', async function () {
  60       const fields = omit(baseCorrectParams, 'email')
  61
  62       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  63     })
  64
  65     it('Should fail with an invalid email', async function () {
  66       const fields = { ...baseCorrectParams, email: 'test_example.com' }
  67
  68       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  69     })
  70
  71     it('Should fail with a too small password', async function () {
  72       const fields = { ...baseCorrectParams, password: 'bla' }
  73
  74       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  75     })
  76
  77     it('Should fail with a too long password', async function () {
  78       const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
  79
  80       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  81     })
  82
  83     it('Should fail if we register a user with the same username', async function () {
  84       const fields = { ...baseCorrectParams, username: 'root' }
  85
  86       await makePostBodyRequest({
  87         url: server.url,
  88         path: registrationPath,
  89         token: server.accessToken,
  90         fields,
  91         expectedStatus: HttpStatusCode.CONFLICT_409
  92       })
  93     })
  94
  95     it('Should fail with a "peertube" username', async function () {
  96       const fields = { ...baseCorrectParams, username: 'peertube' }
  97
  98       await makePostBodyRequest({
  99         url: server.url,
 100         path: registrationPath,
 101         token: server.accessToken,
 102         fields,
 103         expectedStatus: HttpStatusCode.CONFLICT_409
 104       })
 105     })
 106
 107     it('Should fail if we register a user with the same email', async function () {
 108       const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
 109
 110       await makePostBodyRequest({
 111         url: server.url,
 112         path: registrationPath,
 113         token: server.accessToken,
 114         fields,
 115         expectedStatus: HttpStatusCode.CONFLICT_409
 116       })
 117     })
 118
 119     it('Should fail with a bad display name', async function () {
 120       const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
 121
 122       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 123     })
 124
 125     it('Should fail with a bad channel name', async function () {
 126       const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
 127
 128       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 129     })
 130
 131     it('Should fail with a bad channel display name', async function () {
 132       const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
 133
 134       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 135     })
 136
 137     it('Should fail with a channel name that is the same as username', async function () {
 138       const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
 139       const fields = { ...baseCorrectParams, ...source }
 140
 141       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 142     })
 143
 144     it('Should fail with an existing channel', async function () {
 145       const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
 146       await server.channels.create({ attributes })
 147
 148       const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
 149
 150       await makePostBodyRequest({
 151         url: server.url,
 152         path: registrationPath,
 153         token: server.accessToken,
 154         fields,
 155         expectedStatus: HttpStatusCode.CONFLICT_409
 156       })
 157     })
 158
 159     it('Should succeed with the correct params', async function () {
 160       const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
 161
 162       await makePostBodyRequest({
 163         url: server.url,
 164         path: registrationPath,
 165         token: server.accessToken,
 166         fields: fields,
 167         expectedStatus: HttpStatusCode.NO_CONTENT_204
 168       })
 169     })
 170
 171     it('Should fail on a server with registration disabled', async function () {
 172       const fields = {
 173         username: 'user4',
 174         email: 'test4@example.com',
 175         password: 'my super password 4'
 176       }
 177
 178       await makePostBodyRequest({
 179         url: serverWithRegistrationDisabled.url,
 180         path: registrationPath,
 181         token: serverWithRegistrationDisabled.accessToken,
 182         fields,
 183         expectedStatus: HttpStatusCode.FORBIDDEN_403
 184       })
 185     })
 186   })
 187
 188   describe('When registering multiple users on a server with users limit', function () {
 189
 190     it('Should fail when after 3 registrations', async function () {
 191       await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 192     })
 193
 194   })
 195
 196   describe('When asking a password reset', function () {
 197     const path = '/api/v1/users/ask-reset-password'
 198
 199     it('Should fail with a missing email', async function () {
 200       const fields = {}
 201
 202       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 203     })
 204
 205     it('Should fail with an invalid email', async function () {
 206       const fields = { email: 'hello' }
 207
 208       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 209     })
 210
 211     it('Should success with the correct params', async function () {
 212       const fields = { email: 'admin@example.com' }
 213
 214       await makePostBodyRequest({
 215         url: server.url,
 216         path,
 217         token: server.accessToken,
 218         fields,
 219         expectedStatus: HttpStatusCode.NO_CONTENT_204
 220       })
 221     })
 222   })
 223
 224   describe('When asking for an account verification email', function () {
 225     const path = '/api/v1/users/ask-send-verify-email'
 226
 227     it('Should fail with a missing email', async function () {
 228       const fields = {}
 229
 230       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 231     })
 232
 233     it('Should fail with an invalid email', async function () {
 234       const fields = { email: 'hello' }
 235
 236       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 237     })
 238
 239     it('Should succeed with the correct params', async function () {
 240       const fields = { email: 'admin@example.com' }
 241
 242       await makePostBodyRequest({
 243         url: server.url,
 244         path,
 245         token: server.accessToken,
 246         fields,
 247         expectedStatus: HttpStatusCode.NO_CONTENT_204
 248       })
 249     })
 250   })
 251
 252   after(async function () {
 253     MockSmtpServer.Instance.kill()
 254
 255     await cleanupTests([ server, serverWithRegistrationDisabled ])
 256   })
 257 })