]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix CLI tools
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2
3 import 'mocha'
4 import { omit } from 'lodash'
5 import { User, UserRole, VideoCreateResult } from '../../../../shared'
6 import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
7 import {
8 blockUser,
9 buildAbsoluteFixturePath,
10 cleanupTests,
11 createUser,
12 deleteMe,
13 flushAndRunServer,
14 getMyUserInformation,
15 getMyUserVideoRating,
16 getUserScopedTokens,
17 getUsersList,
18 immutableAssign,
19 killallServers,
20 makeGetRequest,
21 makePostBodyRequest,
22 makePutBodyRequest,
23 makeUploadRequest,
24 registerUser,
25 removeUser,
26 renewUserScopedTokens,
27 reRunServer,
28 ServerInfo,
29 setAccessTokensToServers,
30 unblockUser,
31 uploadVideo,
32 userLogin
33 } from '../../../../shared/extra-utils'
34 import { MockSmtpServer } from '../../../../shared/extra-utils/mock-servers/mock-email'
35 import {
36 checkBadCountPagination,
37 checkBadSortPagination,
38 checkBadStartPagination
39 } from '../../../../shared/extra-utils/requests/check-api-params'
40 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
41
42 describe('Test users API validators', function () {
43 const path = '/api/v1/users/'
44 let userId: number
45 let rootId: number
46 let moderatorId: number
47 let video: VideoCreateResult
48 let server: ServerInfo
49 let serverWithRegistrationDisabled: ServerInfo
50 let userAccessToken = ''
51 let moderatorAccessToken = ''
52 let emailPort: number
53 let overrideConfig: Object
54
55 // ---------------------------------------------------------------
56
57 before(async function () {
58 this.timeout(30000)
59
60 const emails: object[] = []
61 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
62
63 overrideConfig = { signup: { limit: 8 } }
64
65 {
66 const res = await Promise.all([
67 flushAndRunServer(1, overrideConfig),
68 flushAndRunServer(2)
69 ])
70
71 server = res[0]
72 serverWithRegistrationDisabled = res[1]
73
74 await setAccessTokensToServers([ server ])
75 }
76
77 {
78 const user = {
79 username: 'user1',
80 password: 'my super password'
81 }
82
83 const videoQuota = 42000000
84 await createUser({
85 url: server.url,
86 accessToken: server.accessToken,
87 username: user.username,
88 password: user.password,
89 videoQuota: videoQuota
90 })
91 userAccessToken = await userLogin(server, user)
92 }
93
94 {
95 const moderator = {
96 username: 'moderator1',
97 password: 'super password'
98 }
99
100 await createUser({
101 url: server.url,
102 accessToken: server.accessToken,
103 username: moderator.username,
104 password: moderator.password,
105 role: UserRole.MODERATOR
106 })
107
108 moderatorAccessToken = await userLogin(server, moderator)
109 }
110
111 {
112 const moderator = {
113 username: 'moderator2',
114 password: 'super password'
115 }
116
117 await createUser({
118 url: server.url,
119 accessToken: server.accessToken,
120 username: moderator.username,
121 password: moderator.password,
122 role: UserRole.MODERATOR
123 })
124 }
125
126 {
127 const res = await uploadVideo(server.url, server.accessToken, {})
128 video = res.body.video
129 }
130
131 {
132 const res = await getUsersList(server.url, server.accessToken)
133 const users: User[] = res.body.data
134
135 userId = users.find(u => u.username === 'user1').id
136 rootId = users.find(u => u.username === 'root').id
137 moderatorId = users.find(u => u.username === 'moderator2').id
138 }
139 })
140
141 describe('When listing users', function () {
142 it('Should fail with a bad start pagination', async function () {
143 await checkBadStartPagination(server.url, path, server.accessToken)
144 })
145
146 it('Should fail with a bad count pagination', async function () {
147 await checkBadCountPagination(server.url, path, server.accessToken)
148 })
149
150 it('Should fail with an incorrect sort', async function () {
151 await checkBadSortPagination(server.url, path, server.accessToken)
152 })
153
154 it('Should fail with a non authenticated user', async function () {
155 await makeGetRequest({
156 url: server.url,
157 path,
158 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
159 })
160 })
161
162 it('Should fail with a non admin user', async function () {
163 await makeGetRequest({
164 url: server.url,
165 path,
166 token: userAccessToken,
167 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
168 })
169 })
170 })
171
172 describe('When adding a new user', function () {
173 const baseCorrectParams = {
174 username: 'user2',
175 email: 'test@example.com',
176 password: 'my super password',
177 videoQuota: -1,
178 videoQuotaDaily: -1,
179 role: UserRole.USER,
180 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
181 }
182
183 it('Should fail with a too small username', async function () {
184 const fields = immutableAssign(baseCorrectParams, { username: '' })
185
186 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
187 })
188
189 it('Should fail with a too long username', async function () {
190 const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) })
191
192 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
193 })
194
195 it('Should fail with a not lowercase username', async function () {
196 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
197
198 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
199 })
200
201 it('Should fail with an incorrect username', async function () {
202 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
203
204 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
205 })
206
207 it('Should fail with a missing email', async function () {
208 const fields = omit(baseCorrectParams, 'email')
209
210 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
211 })
212
213 it('Should fail with an invalid email', async function () {
214 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
215
216 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
217 })
218
219 it('Should fail with a too small password', async function () {
220 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
221
222 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
223 })
224
225 it('Should fail with a too long password', async function () {
226 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
227
228 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
229 })
230
231 it('Should fail with empty password and no smtp configured', async function () {
232 const fields = immutableAssign(baseCorrectParams, { password: '' })
233
234 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
235 })
236
237 it('Should succeed with no password on a server with smtp enabled', async function () {
238 this.timeout(20000)
239
240 killallServers([ server ])
241
242 const config = immutableAssign(overrideConfig, {
243 smtp: {
244 hostname: 'localhost',
245 port: emailPort
246 }
247 })
248 await reRunServer(server, config)
249
250 const fields = immutableAssign(baseCorrectParams, {
251 password: '',
252 username: 'create_password',
253 email: 'create_password@example.com'
254 })
255
256 await makePostBodyRequest({
257 url: server.url,
258 path: path,
259 token: server.accessToken,
260 fields,
261 statusCodeExpected: HttpStatusCode.OK_200
262 })
263 })
264
265 it('Should fail with invalid admin flags', async function () {
266 const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' })
267
268 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
269 })
270
271 it('Should fail with an non authenticated user', async function () {
272 await makePostBodyRequest({
273 url: server.url,
274 path,
275 token: 'super token',
276 fields: baseCorrectParams,
277 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
278 })
279 })
280
281 it('Should fail if we add a user with the same username', async function () {
282 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
283
284 await makePostBodyRequest({
285 url: server.url,
286 path,
287 token: server.accessToken,
288 fields,
289 statusCodeExpected: HttpStatusCode.CONFLICT_409
290 })
291 })
292
293 it('Should fail if we add a user with the same email', async function () {
294 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
295
296 await makePostBodyRequest({
297 url: server.url,
298 path,
299 token: server.accessToken,
300 fields,
301 statusCodeExpected: HttpStatusCode.CONFLICT_409
302 })
303 })
304
305 it('Should fail without a videoQuota', async function () {
306 const fields = omit(baseCorrectParams, 'videoQuota')
307
308 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
309 })
310
311 it('Should fail without a videoQuotaDaily', async function () {
312 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
313
314 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
315 })
316
317 it('Should fail with an invalid videoQuota', async function () {
318 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
319
320 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
321 })
322
323 it('Should fail with an invalid videoQuotaDaily', async function () {
324 const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 })
325
326 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
327 })
328
329 it('Should fail without a user role', async function () {
330 const fields = omit(baseCorrectParams, 'role')
331
332 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
333 })
334
335 it('Should fail with an invalid user role', async function () {
336 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
337
338 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
339 })
340
341 it('Should fail with a "peertube" username', async function () {
342 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
343
344 await makePostBodyRequest({
345 url: server.url,
346 path,
347 token: server.accessToken,
348 fields,
349 statusCodeExpected: HttpStatusCode.CONFLICT_409
350 })
351 })
352
353 it('Should fail to create a moderator or an admin with a moderator', async function () {
354 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
355 const fields = immutableAssign(baseCorrectParams, { role })
356
357 await makePostBodyRequest({
358 url: server.url,
359 path,
360 token: moderatorAccessToken,
361 fields,
362 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
363 })
364 }
365 })
366
367 it('Should succeed to create a user with a moderator', async function () {
368 const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER })
369
370 await makePostBodyRequest({
371 url: server.url,
372 path,
373 token: moderatorAccessToken,
374 fields,
375 statusCodeExpected: HttpStatusCode.OK_200
376 })
377 })
378
379 it('Should succeed with the correct params', async function () {
380 await makePostBodyRequest({
381 url: server.url,
382 path,
383 token: server.accessToken,
384 fields: baseCorrectParams,
385 statusCodeExpected: HttpStatusCode.OK_200
386 })
387 })
388
389 it('Should fail with a non admin user', async function () {
390 const user = {
391 username: 'user1',
392 password: 'my super password'
393 }
394 userAccessToken = await userLogin(server, user)
395
396 const fields = {
397 username: 'user3',
398 email: 'test@example.com',
399 password: 'my super password',
400 videoQuota: 42000000
401 }
402 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
403 })
404 })
405
406 describe('When updating my account', function () {
407 it('Should fail with an invalid email attribute', async function () {
408 const fields = {
409 email: 'blabla'
410 }
411
412 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
413 })
414
415 it('Should fail with a too small password', async function () {
416 const fields = {
417 currentPassword: 'my super password',
418 password: 'bla'
419 }
420
421 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
422 })
423
424 it('Should fail with a too long password', async function () {
425 const fields = {
426 currentPassword: 'my super password',
427 password: 'super'.repeat(61)
428 }
429
430 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
431 })
432
433 it('Should fail without the current password', async function () {
434 const fields = {
435 currentPassword: 'my super password',
436 password: 'super'.repeat(61)
437 }
438
439 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
440 })
441
442 it('Should fail with an invalid current password', async function () {
443 const fields = {
444 currentPassword: 'my super password fail',
445 password: 'super'.repeat(61)
446 }
447
448 await makePutBodyRequest({
449 url: server.url,
450 path: path + 'me',
451 token: userAccessToken,
452 fields,
453 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
454 })
455 })
456
457 it('Should fail with an invalid NSFW policy attribute', async function () {
458 const fields = {
459 nsfwPolicy: 'hello'
460 }
461
462 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
463 })
464
465 it('Should fail with an invalid autoPlayVideo attribute', async function () {
466 const fields = {
467 autoPlayVideo: -1
468 }
469
470 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
471 })
472
473 it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
474 const fields = {
475 autoPlayNextVideo: -1
476 }
477
478 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
479 })
480
481 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
482 const fields = {
483 videosHistoryEnabled: -1
484 }
485
486 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
487 })
488
489 it('Should fail with an non authenticated user', async function () {
490 const fields = {
491 currentPassword: 'my super password',
492 password: 'my super password'
493 }
494
495 await makePutBodyRequest({
496 url: server.url,
497 path: path + 'me',
498 token: 'super token',
499 fields,
500 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
501 })
502 })
503
504 it('Should fail with a too long description', async function () {
505 const fields = {
506 description: 'super'.repeat(201)
507 }
508
509 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
510 })
511
512 it('Should fail with an invalid videoLanguages attribute', async function () {
513 {
514 const fields = {
515 videoLanguages: 'toto'
516 }
517
518 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
519 }
520
521 {
522 const languages = []
523 for (let i = 0; i < 1000; i++) {
524 languages.push('fr')
525 }
526
527 const fields = {
528 videoLanguages: languages
529 }
530
531 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
532 }
533 })
534
535 it('Should fail with an invalid theme', async function () {
536 const fields = { theme: 'invalid' }
537 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
538 })
539
540 it('Should fail with an unknown theme', async function () {
541 const fields = { theme: 'peertube-theme-unknown' }
542 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
543 })
544
545 it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () {
546 const fields = {
547 noInstanceConfigWarningModal: -1
548 }
549
550 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
551 })
552
553 it('Should fail with an invalid noWelcomeModal attribute', async function () {
554 const fields = {
555 noWelcomeModal: -1
556 }
557
558 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
559 })
560
561 it('Should succeed to change password with the correct params', async function () {
562 const fields = {
563 currentPassword: 'my super password',
564 password: 'my super password',
565 nsfwPolicy: 'blur',
566 autoPlayVideo: false,
567 email: 'super_email@example.com',
568 theme: 'default',
569 noInstanceConfigWarningModal: true,
570 noWelcomeModal: true
571 }
572
573 await makePutBodyRequest({
574 url: server.url,
575 path: path + 'me',
576 token: userAccessToken,
577 fields,
578 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
579 })
580 })
581
582 it('Should succeed without password change with the correct params', async function () {
583 const fields = {
584 nsfwPolicy: 'blur',
585 autoPlayVideo: false
586 }
587
588 await makePutBodyRequest({
589 url: server.url,
590 path: path + 'me',
591 token: userAccessToken,
592 fields,
593 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
594 })
595 })
596 })
597
598 describe('When updating my avatar', function () {
599 it('Should fail without an incorrect input file', async function () {
600 const fields = {}
601 const attaches = {
602 avatarfile: buildAbsoluteFixturePath('video_short.mp4')
603 }
604 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
605 })
606
607 it('Should fail with a big file', async function () {
608 const fields = {}
609 const attaches = {
610 avatarfile: buildAbsoluteFixturePath('avatar-big.png')
611 }
612 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
613 })
614
615 it('Should fail with an unauthenticated user', async function () {
616 const fields = {}
617 const attaches = {
618 avatarfile: buildAbsoluteFixturePath('avatar.png')
619 }
620 await makeUploadRequest({
621 url: server.url,
622 path: path + '/me/avatar/pick',
623 fields,
624 attaches,
625 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
626 })
627 })
628
629 it('Should succeed with the correct params', async function () {
630 const fields = {}
631 const attaches = {
632 avatarfile: buildAbsoluteFixturePath('avatar.png')
633 }
634 await makeUploadRequest({
635 url: server.url,
636 path: path + '/me/avatar/pick',
637 token: server.accessToken,
638 fields,
639 attaches,
640 statusCodeExpected: HttpStatusCode.OK_200
641 })
642 })
643 })
644
645 describe('When managing my scoped tokens', function () {
646
647 it('Should fail to get my scoped tokens with an non authenticated user', async function () {
648 await getUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401)
649 })
650
651 it('Should fail to get my scoped tokens with a bad token', async function () {
652 await getUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401)
653
654 })
655
656 it('Should succeed to get my scoped tokens', async function () {
657 await getUserScopedTokens(server.url, server.accessToken)
658 })
659
660 it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
661 await renewUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401)
662 })
663
664 it('Should fail to renew my scoped tokens with a bad token', async function () {
665 await renewUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401)
666 })
667
668 it('Should succeed to renew my scoped tokens', async function () {
669 await renewUserScopedTokens(server.url, server.accessToken)
670 })
671 })
672
673 describe('When getting a user', function () {
674
675 it('Should fail with an non authenticated user', async function () {
676 await makeGetRequest({
677 url: server.url,
678 path: path + userId,
679 token: 'super token',
680 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
681 })
682 })
683
684 it('Should fail with a non admin user', async function () {
685 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
686 })
687
688 it('Should succeed with the correct params', async function () {
689 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 })
690 })
691 })
692
693 describe('When updating a user', function () {
694
695 it('Should fail with an invalid email attribute', async function () {
696 const fields = {
697 email: 'blabla'
698 }
699
700 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
701 })
702
703 it('Should fail with an invalid emailVerified attribute', async function () {
704 const fields = {
705 emailVerified: 'yes'
706 }
707
708 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
709 })
710
711 it('Should fail with an invalid videoQuota attribute', async function () {
712 const fields = {
713 videoQuota: -90
714 }
715
716 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
717 })
718
719 it('Should fail with an invalid user role attribute', async function () {
720 const fields = {
721 role: 54878
722 }
723
724 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
725 })
726
727 it('Should fail with a too small password', async function () {
728 const fields = {
729 currentPassword: 'my super password',
730 password: 'bla'
731 }
732
733 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
734 })
735
736 it('Should fail with a too long password', async function () {
737 const fields = {
738 currentPassword: 'my super password',
739 password: 'super'.repeat(61)
740 }
741
742 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
743 })
744
745 it('Should fail with an non authenticated user', async function () {
746 const fields = {
747 videoQuota: 42
748 }
749
750 await makePutBodyRequest({
751 url: server.url,
752 path: path + userId,
753 token: 'super token',
754 fields,
755 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
756 })
757 })
758
759 it('Should fail when updating root role', async function () {
760 const fields = {
761 role: UserRole.MODERATOR
762 }
763
764 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
765 })
766
767 it('Should fail with invalid admin flags', async function () {
768 const fields = { adminFlags: 'toto' }
769
770 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
771 })
772
773 it('Should fail to update an admin with a moderator', async function () {
774 const fields = {
775 videoQuota: 42
776 }
777
778 await makePutBodyRequest({
779 url: server.url,
780 path: path + moderatorId,
781 token: moderatorAccessToken,
782 fields,
783 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
784 })
785 })
786
787 it('Should succeed to update a user with a moderator', async function () {
788 const fields = {
789 videoQuota: 42
790 }
791
792 await makePutBodyRequest({
793 url: server.url,
794 path: path + userId,
795 token: moderatorAccessToken,
796 fields,
797 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
798 })
799 })
800
801 it('Should succeed with the correct params', async function () {
802 const fields = {
803 email: 'email@example.com',
804 emailVerified: true,
805 videoQuota: 42,
806 role: UserRole.USER
807 }
808
809 await makePutBodyRequest({
810 url: server.url,
811 path: path + userId,
812 token: server.accessToken,
813 fields,
814 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
815 })
816 })
817 })
818
819 describe('When getting my information', function () {
820 it('Should fail with a non authenticated user', async function () {
821 await getMyUserInformation(server.url, 'fake_token', HttpStatusCode.UNAUTHORIZED_401)
822 })
823
824 it('Should success with the correct parameters', async function () {
825 await getMyUserInformation(server.url, userAccessToken)
826 })
827 })
828
829 describe('When getting my video rating', function () {
830 it('Should fail with a non authenticated user', async function () {
831 await getMyUserVideoRating(server.url, 'fake_token', video.id, HttpStatusCode.UNAUTHORIZED_401)
832 })
833
834 it('Should fail with an incorrect video uuid', async function () {
835 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', HttpStatusCode.BAD_REQUEST_400)
836 })
837
838 it('Should fail with an unknown video', async function () {
839 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', HttpStatusCode.NOT_FOUND_404)
840 })
841
842 it('Should succeed with the correct parameters', async function () {
843 await getMyUserVideoRating(server.url, server.accessToken, video.id)
844 await getMyUserVideoRating(server.url, server.accessToken, video.uuid)
845 await getMyUserVideoRating(server.url, server.accessToken, video.shortUUID)
846 })
847 })
848
849 describe('When retrieving my global ratings', function () {
850 const path = '/api/v1/accounts/user1/ratings'
851
852 it('Should fail with a bad start pagination', async function () {
853 await checkBadStartPagination(server.url, path, userAccessToken)
854 })
855
856 it('Should fail with a bad count pagination', async function () {
857 await checkBadCountPagination(server.url, path, userAccessToken)
858 })
859
860 it('Should fail with an incorrect sort', async function () {
861 await checkBadSortPagination(server.url, path, userAccessToken)
862 })
863
864 it('Should fail with a unauthenticated user', async function () {
865 await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
866 })
867
868 it('Should fail with a another user', async function () {
869 await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
870 })
871
872 it('Should fail with a bad type', async function () {
873 await makeGetRequest({
874 url: server.url,
875 path,
876 token: userAccessToken,
877 query: { rating: 'toto ' },
878 statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
879 })
880 })
881
882 it('Should succeed with the correct params', async function () {
883 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.OK_200 })
884 })
885 })
886
887 describe('When blocking/unblocking/removing user', function () {
888 it('Should fail with an incorrect id', async function () {
889 await removeUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
890 await blockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
891 await unblockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
892 })
893
894 it('Should fail with the root user', async function () {
895 await removeUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
896 await blockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
897 await unblockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
898 })
899
900 it('Should return 404 with a non existing id', async function () {
901 await removeUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
902 await blockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
903 await unblockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
904 })
905
906 it('Should fail with a non admin user', async function () {
907 await removeUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
908 await blockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
909 await unblockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
910 })
911
912 it('Should fail on a moderator with a moderator', async function () {
913 await removeUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
914 await blockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
915 await unblockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
916 })
917
918 it('Should succeed on a user with a moderator', async function () {
919 await blockUser(server.url, userId, moderatorAccessToken)
920 await unblockUser(server.url, userId, moderatorAccessToken)
921 })
922 })
923
924 describe('When deleting our account', function () {
925 it('Should fail with with the root account', async function () {
926 await deleteMe(server.url, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
927 })
928 })
929
930 describe('When registering a new user', function () {
931 const registrationPath = path + '/register'
932 const baseCorrectParams = {
933 username: 'user3',
934 displayName: 'super user',
935 email: 'test3@example.com',
936 password: 'my super password'
937 }
938
939 it('Should fail with a too small username', async function () {
940 const fields = immutableAssign(baseCorrectParams, { username: '' })
941
942 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
943 })
944
945 it('Should fail with a too long username', async function () {
946 const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) })
947
948 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
949 })
950
951 it('Should fail with an incorrect username', async function () {
952 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
953
954 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
955 })
956
957 it('Should fail with a missing email', async function () {
958 const fields = omit(baseCorrectParams, 'email')
959
960 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
961 })
962
963 it('Should fail with an invalid email', async function () {
964 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
965
966 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
967 })
968
969 it('Should fail with a too small password', async function () {
970 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
971
972 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
973 })
974
975 it('Should fail with a too long password', async function () {
976 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
977
978 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
979 })
980
981 it('Should fail if we register a user with the same username', async function () {
982 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
983
984 await makePostBodyRequest({
985 url: server.url,
986 path: registrationPath,
987 token: server.accessToken,
988 fields,
989 statusCodeExpected: HttpStatusCode.CONFLICT_409
990 })
991 })
992
993 it('Should fail with a "peertube" username', async function () {
994 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
995
996 await makePostBodyRequest({
997 url: server.url,
998 path: registrationPath,
999 token: server.accessToken,
1000 fields,
1001 statusCodeExpected: HttpStatusCode.CONFLICT_409
1002 })
1003 })
1004
1005 it('Should fail if we register a user with the same email', async function () {
1006 const fields = immutableAssign(baseCorrectParams, { email: 'admin' + server.internalServerNumber + '@example.com' })
1007
1008 await makePostBodyRequest({
1009 url: server.url,
1010 path: registrationPath,
1011 token: server.accessToken,
1012 fields,
1013 statusCodeExpected: HttpStatusCode.CONFLICT_409
1014 })
1015 })
1016
1017 it('Should fail with a bad display name', async function () {
1018 const fields = immutableAssign(baseCorrectParams, { displayName: 'a'.repeat(150) })
1019
1020 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1021 })
1022
1023 it('Should fail with a bad channel name', async function () {
1024 const fields = immutableAssign(baseCorrectParams, { channel: { name: '[]azf', displayName: 'toto' } })
1025
1026 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1027 })
1028
1029 it('Should fail with a bad channel display name', async function () {
1030 const fields = immutableAssign(baseCorrectParams, { channel: { name: 'toto', displayName: '' } })
1031
1032 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1033 })
1034
1035 it('Should fail with a channel name that is the same as username', async function () {
1036 const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
1037 const fields = immutableAssign(baseCorrectParams, source)
1038
1039 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1040 })
1041
1042 it('Should fail with an existing channel', async function () {
1043 const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
1044 await server.channelsCommand.create({ attributes })
1045
1046 const fields = immutableAssign(baseCorrectParams, { channel: { name: 'existing_channel', displayName: 'toto' } })
1047
1048 await makePostBodyRequest({
1049 url: server.url,
1050 path: registrationPath,
1051 token: server.accessToken,
1052 fields,
1053 statusCodeExpected: HttpStatusCode.CONFLICT_409
1054 })
1055 })
1056
1057 it('Should succeed with the correct params', async function () {
1058 const fields = immutableAssign(baseCorrectParams, { channel: { name: 'super_channel', displayName: 'toto' } })
1059
1060 await makePostBodyRequest({
1061 url: server.url,
1062 path: registrationPath,
1063 token: server.accessToken,
1064 fields: fields,
1065 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1066 })
1067 })
1068
1069 it('Should fail on a server with registration disabled', async function () {
1070 const fields = {
1071 username: 'user4',
1072 email: 'test4@example.com',
1073 password: 'my super password 4'
1074 }
1075
1076 await makePostBodyRequest({
1077 url: serverWithRegistrationDisabled.url,
1078 path: registrationPath,
1079 token: serverWithRegistrationDisabled.accessToken,
1080 fields,
1081 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
1082 })
1083 })
1084 })
1085
1086 describe('When registering multiple users on a server with users limit', function () {
1087 it('Should fail when after 3 registrations', async function () {
1088 await registerUser(server.url, 'user42', 'super password', HttpStatusCode.FORBIDDEN_403)
1089 })
1090 })
1091
1092 describe('When asking a password reset', function () {
1093 const path = '/api/v1/users/ask-reset-password'
1094
1095 it('Should fail with a missing email', async function () {
1096 const fields = {}
1097
1098 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1099 })
1100
1101 it('Should fail with an invalid email', async function () {
1102 const fields = { email: 'hello' }
1103
1104 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1105 })
1106
1107 it('Should success with the correct params', async function () {
1108 const fields = { email: 'admin@example.com' }
1109
1110 await makePostBodyRequest({
1111 url: server.url,
1112 path,
1113 token: server.accessToken,
1114 fields,
1115 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1116 })
1117 })
1118 })
1119
1120 describe('When asking for an account verification email', function () {
1121 const path = '/api/v1/users/ask-send-verify-email'
1122
1123 it('Should fail with a missing email', async function () {
1124 const fields = {}
1125
1126 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1127 })
1128
1129 it('Should fail with an invalid email', async function () {
1130 const fields = { email: 'hello' }
1131
1132 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1133 })
1134
1135 it('Should succeed with the correct params', async function () {
1136 const fields = { email: 'admin@example.com' }
1137
1138 await makePostBodyRequest({
1139 url: server.url,
1140 path,
1141 token: server.accessToken,
1142 fields,
1143 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1144 })
1145 })
1146 })
1147
1148 after(async function () {
1149 MockSmtpServer.Instance.kill()
1150
1151 await cleanupTests([ server, serverWithRegistrationDisabled ])
1152 })
1153 })
ActivityPub-federated video streaming platform using P2P directly in your web browser