1 /* tslint:disable:no-unused-expression */
3 import { omit } from 'lodash'
5 import { join } from 'path'
6 import { UserRole, VideoImport, VideoImportState } from '../../../../shared'
9 createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
10 makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
11 updateUser, uploadVideo, userLogin, deleteMe, unblockUser, blockUser
12 } from '../../../../shared/utils'
14 checkBadCountPagination,
15 checkBadSortPagination,
16 checkBadStartPagination
17 } from '../../../../shared/utils/requests/check-api-params'
18 import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../../../shared/utils/videos/video-imports'
19 import { VideoPrivacy } from '../../../../shared/models/videos'
20 import { waitJobs } from '../../../../shared/utils/server/jobs'
21 import { expect } from 'chai'
23 describe('Test users API validators', function () {
24 const path = '/api/v1/users/'
28 let server: ServerInfo
29 let serverWithRegistrationDisabled: ServerInfo
30 let userAccessToken = ''
34 password: 'my super password'
37 // ---------------------------------------------------------------
39 before(async function () {
44 server = await runServer(1)
45 serverWithRegistrationDisabled = await runServer(2)
47 await setAccessTokensToServers([ server ])
49 const videoQuota = 42000000
50 await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
51 userAccessToken = await userLogin(server, user)
54 const res = await getMyUserInformation(server.url, server.accessToken)
55 channelId = res.body.videoChannels[ 0 ].id
59 const res = await uploadVideo(server.url, server.accessToken, {})
60 videoId = res.body.video.id
64 describe('When listing users', function () {
65 it('Should fail with a bad start pagination', async function () {
66 await checkBadStartPagination(server.url, path, server.accessToken)
69 it('Should fail with a bad count pagination', async function () {
70 await checkBadCountPagination(server.url, path, server.accessToken)
73 it('Should fail with an incorrect sort', async function () {
74 await checkBadSortPagination(server.url, path, server.accessToken)
77 it('Should fail with a non authenticated user', async function () {
78 await makeGetRequest({
81 statusCodeExpected: 401
85 it('Should fail with a non admin user', async function () {
86 await makeGetRequest({
89 token: userAccessToken,
90 statusCodeExpected: 403
95 describe('When adding a new user', function () {
96 const baseCorrectParams = {
98 email: 'test@example.com',
99 password: 'my super password',
105 it('Should fail with a too small username', async function () {
106 const fields = immutableAssign(baseCorrectParams, { username: '' })
108 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
111 it('Should fail with a too long username', async function () {
112 const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) })
114 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
117 it('Should fail with a not lowercase username', async function () {
118 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
120 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
123 it('Should fail with an incorrect username', async function () {
124 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
126 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
129 it('Should fail with a missing email', async function () {
130 const fields = omit(baseCorrectParams, 'email')
132 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
135 it('Should fail with an invalid email', async function () {
136 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
138 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
141 it('Should fail with a too small password', async function () {
142 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
144 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
147 it('Should fail with a too long password', async function () {
148 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
150 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
153 it('Should fail with an non authenticated user', async function () {
154 await makePostBodyRequest({
157 token: 'super token',
158 fields: baseCorrectParams,
159 statusCodeExpected: 401
163 it('Should fail if we add a user with the same username', async function () {
164 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
166 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
169 it('Should fail if we add a user with the same email', async function () {
170 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
172 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
175 it('Should fail without a videoQuota', async function () {
176 const fields = omit(baseCorrectParams, 'videoQuota')
178 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
181 it('Should fail without a videoQuotaDaily', async function () {
182 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
184 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
187 it('Should fail with an invalid videoQuota', async function () {
188 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
190 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
193 it('Should fail with an invalid videoQuotaDaily', async function () {
194 const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 })
196 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
199 it('Should fail without a user role', async function () {
200 const fields = omit(baseCorrectParams, 'role')
202 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
205 it('Should fail with an invalid user role', async function () {
206 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
208 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
211 it('Should fail with a "peertube" username', async function () {
212 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
214 await makePostBodyRequest({
217 token: server.accessToken,
219 statusCodeExpected: 409
223 it('Should succeed with the correct params', async function () {
224 await makePostBodyRequest({
227 token: server.accessToken,
228 fields: baseCorrectParams,
229 statusCodeExpected: 200
233 it('Should fail with a non admin user', async function () {
236 password: 'my super password'
238 userAccessToken = await userLogin(server, user)
242 email: 'test@example.com',
243 password: 'my super password',
246 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
250 describe('When updating my account', function () {
251 it('Should fail with an invalid email attribute', async function () {
256 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
259 it('Should fail with a too small password', async function () {
261 currentPassword: 'my super password',
265 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
268 it('Should fail with a too long password', async function () {
270 currentPassword: 'my super password',
271 password: 'super'.repeat(61)
274 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
277 it('Should fail without the current password', async function () {
279 currentPassword: 'my super password',
280 password: 'super'.repeat(61)
283 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
286 it('Should fail with an invalid current password', async function () {
288 currentPassword: 'my super password fail',
289 password: 'super'.repeat(61)
292 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 401 })
295 it('Should fail with an invalid NSFW policy attribute', async function () {
300 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
303 it('Should fail with an invalid autoPlayVideo attribute', async function () {
308 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
311 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
313 videosHistoryEnabled: -1
316 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
319 it('Should fail with an non authenticated user', async function () {
321 currentPassword: 'my super password',
322 password: 'my super password'
325 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
328 it('Should fail with a too long description', async function () {
330 description: 'super'.repeat(201)
333 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
336 it('Should succeed to change password with the correct params', async function () {
338 currentPassword: 'my super password',
339 password: 'my super password',
341 autoPlayVideo: false,
342 email: 'super_email@example.com'
345 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
348 it('Should succeed without password change with the correct params', async function () {
351 autoPlayVideo: false,
352 email: 'super_email@example.com'
355 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
359 describe('When updating my avatar', function () {
360 it('Should fail without an incorrect input file', async function () {
363 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
365 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
368 it('Should fail with a big file', async function () {
371 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
373 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
376 it('Should fail with an unauthenticated user', async function () {
379 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
381 await makeUploadRequest({
383 path: path + '/me/avatar/pick',
386 statusCodeExpected: 401
390 it('Should succeed with the correct params', async function () {
393 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
395 await makeUploadRequest({
397 path: path + '/me/avatar/pick',
398 token: server.accessToken,
401 statusCodeExpected: 200
406 describe('When getting a user', function () {
407 before(async function () {
408 const res = await getUsersList(server.url, server.accessToken)
410 userId = res.body.data[1].id
413 it('Should fail with an non authenticated user', async function () {
414 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
417 it('Should fail with a non admin user', async function () {
418 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
421 it('Should succeed with the correct params', async function () {
422 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
426 describe('When updating a user', function () {
428 before(async function () {
429 const res = await getUsersList(server.url, server.accessToken)
431 userId = res.body.data[1].id
432 rootId = res.body.data[2].id
435 it('Should fail with an invalid email attribute', async function () {
440 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
443 it('Should fail with an invalid emailVerified attribute', async function () {
448 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
451 it('Should fail with an invalid videoQuota attribute', async function () {
456 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
459 it('Should fail with an invalid user role attribute', async function () {
464 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
467 it('Should fail with an non authenticated user', async function () {
472 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
475 it('Should fail when updating root role', async function () {
477 role: UserRole.MODERATOR
480 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
483 it('Should succeed with the correct params', async function () {
485 email: 'email@example.com',
491 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
495 describe('When getting my information', function () {
496 it('Should fail with a non authenticated user', async function () {
497 await getMyUserInformation(server.url, 'fake_token', 401)
500 it('Should success with the correct parameters', async function () {
501 await getMyUserInformation(server.url, userAccessToken)
505 describe('When getting my video rating', function () {
506 it('Should fail with a non authenticated user', async function () {
507 await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
510 it('Should fail with an incorrect video uuid', async function () {
511 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
514 it('Should fail with an unknown video', async function () {
515 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
518 it('Should succeed with the correct parameters', async function () {
519 await getMyUserVideoRating(server.url, server.accessToken, videoId)
523 describe('When blocking/unblocking/removing user', function () {
524 it('Should fail with an incorrect id', async function () {
525 await removeUser(server.url, 'blabla', server.accessToken, 400)
526 await blockUser(server.url, 'blabla', server.accessToken, 400)
527 await unblockUser(server.url, 'blabla', server.accessToken, 400)
530 it('Should fail with the root user', async function () {
531 await removeUser(server.url, rootId, server.accessToken, 400)
532 await blockUser(server.url, rootId, server.accessToken, 400)
533 await unblockUser(server.url, rootId, server.accessToken, 400)
536 it('Should return 404 with a non existing id', async function () {
537 await removeUser(server.url, 4545454, server.accessToken, 404)
538 await blockUser(server.url, 4545454, server.accessToken, 404)
539 await unblockUser(server.url, 4545454, server.accessToken, 404)
542 it('Should fail with a non admin user', async function () {
543 await removeUser(server.url, userId, userAccessToken, 403)
544 await blockUser(server.url, userId, userAccessToken, 403)
545 await unblockUser(server.url, userId, userAccessToken, 403)
549 describe('When deleting our account', function () {
550 it('Should fail with with the root account', async function () {
551 await deleteMe(server.url, server.accessToken, 400)
555 describe('When register a new user', function () {
556 const registrationPath = path + '/register'
557 const baseCorrectParams = {
559 email: 'test3@example.com',
560 password: 'my super password'
563 it('Should fail with a too small username', async function () {
564 const fields = immutableAssign(baseCorrectParams, { username: '' })
566 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
569 it('Should fail with a too long username', async function () {
570 const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) })
572 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
575 it('Should fail with an incorrect username', async function () {
576 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
578 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
581 it('Should fail with a missing email', async function () {
582 const fields = omit(baseCorrectParams, 'email')
584 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
587 it('Should fail with an invalid email', async function () {
588 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
590 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
593 it('Should fail with a too small password', async function () {
594 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
596 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
599 it('Should fail with a too long password', async function () {
600 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
602 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
605 it('Should fail if we register a user with the same username', async function () {
606 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
608 await makePostBodyRequest({
610 path: registrationPath,
611 token: server.accessToken,
613 statusCodeExpected: 409
617 it('Should fail with a "peertube" username', async function () {
618 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
620 await makePostBodyRequest({
622 path: registrationPath,
623 token: server.accessToken,
625 statusCodeExpected: 409
629 it('Should fail if we register a user with the same email', async function () {
630 const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
632 await makePostBodyRequest({
634 path: registrationPath,
635 token: server.accessToken,
637 statusCodeExpected: 409
641 it('Should succeed with the correct params', async function () {
642 await makePostBodyRequest({
644 path: registrationPath,
645 token: server.accessToken,
646 fields: baseCorrectParams,
647 statusCodeExpected: 204
651 it('Should fail on a server with registration disabled', async function () {
654 email: 'test4@example.com',
655 password: 'my super password 4'
658 await makePostBodyRequest({
659 url: serverWithRegistrationDisabled.url,
660 path: registrationPath,
661 token: serverWithRegistrationDisabled.accessToken,
663 statusCodeExpected: 403
668 describe('When registering multiple users on a server with users limit', function () {
669 it('Should fail when after 3 registrations', async function () {
670 await registerUser(server.url, 'user42', 'super password', 403)
674 describe('When having a video quota', function () {
675 it('Should fail with a user having too many videos', async function () {
679 accessToken: server.accessToken,
683 await uploadVideo(server.url, server.accessToken, {}, 403)
686 it('Should fail with a registered user having too many videos', async function () {
691 password: 'my super password'
693 userAccessToken = await userLogin(server, user)
695 const videoAttributes = { fixture: 'video_short2.webm' }
696 await uploadVideo(server.url, userAccessToken, videoAttributes)
697 await uploadVideo(server.url, userAccessToken, videoAttributes)
698 await uploadVideo(server.url, userAccessToken, videoAttributes)
699 await uploadVideo(server.url, userAccessToken, videoAttributes)
700 await uploadVideo(server.url, userAccessToken, videoAttributes)
701 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
704 it('Should fail to import with HTTP/Torrent/magnet', async function () {
707 const baseAttributes = {
709 privacy: VideoPrivacy.PUBLIC
711 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() }))
712 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() }))
713 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' }))
715 await waitJobs([ server ])
717 const res = await getMyVideoImports(server.url, server.accessToken)
719 expect(res.body.total).to.equal(3)
720 const videoImports: VideoImport[] = res.body.data
721 expect(videoImports).to.have.lengthOf(3)
723 for (const videoImport of videoImports) {
724 expect(videoImport.state.id).to.equal(VideoImportState.FAILED)
725 expect(videoImport.error).not.to.be.undefined
726 expect(videoImport.error).to.contain('user video quota is exceeded')
731 describe('When having a daily video quota', function () {
732 it('Should fail with a user having too many videos', async function () {
736 accessToken: server.accessToken,
740 await uploadVideo(server.url, server.accessToken, {}, 403)
744 describe('When having an absolute and daily video quota', function () {
745 it('Should fail if exceeding total quota', async function () {
749 accessToken: server.accessToken,
751 videoQuotaDaily: 1024 * 1024 * 1024
754 await uploadVideo(server.url, server.accessToken, {}, 403)
757 it('Should fail if exceeding daily quota', async function () {
761 accessToken: server.accessToken,
762 videoQuota: 1024 * 1024 * 1024,
766 await uploadVideo(server.url, server.accessToken, {}, 403)
770 describe('When asking a password reset', function () {
771 const path = '/api/v1/users/ask-reset-password'
773 it('Should fail with a missing email', async function () {
776 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
779 it('Should fail with an invalid email', async function () {
780 const fields = { email: 'hello' }
782 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
785 it('Should success with the correct params', async function () {
786 const fields = { email: 'admin@example.com' }
788 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
792 describe('When asking for an account verification email', function () {
793 const path = '/api/v1/users/ask-send-verify-email'
795 it('Should fail with a missing email', async function () {
798 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
801 it('Should fail with an invalid email', async function () {
802 const fields = { email: 'hello' }
804 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
807 it('Should succeed with the correct params', async function () {
808 const fields = { email: 'admin@example.com' }
810 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
814 after(async function () {
815 killallServers([ server, serverWithRegistrationDisabled ])
817 // Keep the logs if the test failed