1 /* tslint:disable:no-unused-expression */
3 import { omit } from 'lodash'
5 import { join } from 'path'
6 import { UserRole, VideoImport, VideoImportState } from '../../../../shared'
9 createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
10 makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
11 updateUser, uploadVideo, userLogin, deleteMe, unblockUser, blockUser
13 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
14 import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../utils/videos/video-imports'
15 import { VideoPrivacy } from '../../../../shared/models/videos'
16 import { waitJobs } from '../../utils/server/jobs'
17 import { expect } from 'chai'
19 describe('Test users API validators', function () {
20 const path = '/api/v1/users/'
24 let server: ServerInfo
25 let serverWithRegistrationDisabled: ServerInfo
26 let userAccessToken = ''
30 password: 'my super password'
33 // ---------------------------------------------------------------
35 before(async function () {
40 server = await runServer(1)
41 serverWithRegistrationDisabled = await runServer(2)
43 await setAccessTokensToServers([ server ])
45 const videoQuota = 42000000
46 await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
47 userAccessToken = await userLogin(server, user)
50 const res = await getMyUserInformation(server.url, server.accessToken)
51 channelId = res.body.videoChannels[ 0 ].id
55 const res = await uploadVideo(server.url, server.accessToken, {})
56 videoId = res.body.video.id
60 describe('When listing users', function () {
61 it('Should fail with a bad start pagination', async function () {
62 await checkBadStartPagination(server.url, path, server.accessToken)
65 it('Should fail with a bad count pagination', async function () {
66 await checkBadCountPagination(server.url, path, server.accessToken)
69 it('Should fail with an incorrect sort', async function () {
70 await checkBadSortPagination(server.url, path, server.accessToken)
73 it('Should fail with a non authenticated user', async function () {
74 await makeGetRequest({
77 statusCodeExpected: 401
81 it('Should fail with a non admin user', async function () {
82 await makeGetRequest({
85 token: userAccessToken,
86 statusCodeExpected: 403
91 describe('When adding a new user', function () {
92 const baseCorrectParams = {
94 email: 'test@example.com',
95 password: 'my super password',
100 it('Should fail with a too small username', async function () {
101 const fields = immutableAssign(baseCorrectParams, { username: 'fi' })
103 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
106 it('Should fail with a too long username', async function () {
107 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
109 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
112 it('Should fail with a not lowercase username', async function () {
113 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
115 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
118 it('Should fail with an incorrect username', async function () {
119 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
121 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
124 it('Should fail with a missing email', async function () {
125 const fields = omit(baseCorrectParams, 'email')
127 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
130 it('Should fail with an invalid email', async function () {
131 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
133 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
136 it('Should fail with a too small password', async function () {
137 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
139 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
142 it('Should fail with a too long password', async function () {
143 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
145 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
148 it('Should fail with an non authenticated user', async function () {
149 await makePostBodyRequest({
152 token: 'super token',
153 fields: baseCorrectParams,
154 statusCodeExpected: 401
158 it('Should fail if we add a user with the same username', async function () {
159 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
161 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
164 it('Should fail if we add a user with the same email', async function () {
165 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
167 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
170 it('Should fail without a videoQuota', async function () {
171 const fields = omit(baseCorrectParams, 'videoQuota')
173 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
176 it('Should fail with an invalid videoQuota', async function () {
177 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
179 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
182 it('Should fail without a user role', async function () {
183 const fields = omit(baseCorrectParams, 'role')
185 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
188 it('Should fail with an invalid user role', async function () {
189 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
191 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
194 it('Should fail with a "peertube" username', async function () {
195 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
197 await makePostBodyRequest({
200 token: server.accessToken,
202 statusCodeExpected: 409
206 it('Should succeed with the correct params', async function () {
207 await makePostBodyRequest({
210 token: server.accessToken,
211 fields: baseCorrectParams,
212 statusCodeExpected: 200
216 it('Should fail with a non admin user', async function () {
219 password: 'my super password'
221 userAccessToken = await userLogin(server, user)
225 email: 'test@example.com',
226 password: 'my super password',
229 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
233 describe('When updating my account', function () {
234 it('Should fail with an invalid email attribute', async function () {
239 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
242 it('Should fail with a too small password', async function () {
247 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
250 it('Should fail with a too long password', async function () {
252 password: 'super'.repeat(61)
255 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
258 it('Should fail with an invalid NSFW policy attribute', async function () {
263 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
266 it('Should fail with an invalid autoPlayVideo attribute', async function () {
271 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
274 it('Should fail with an non authenticated user', async function () {
276 password: 'my super password'
279 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
282 it('Should fail with a too long description', async function () {
284 description: 'super'.repeat(60)
287 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
290 it('Should succeed with the correct params', async function () {
292 password: 'my super password',
294 autoPlayVideo: false,
295 email: 'super_email@example.com'
298 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
302 describe('When updating my avatar', function () {
303 it('Should fail without an incorrect input file', async function () {
306 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
308 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
311 it('Should fail with a big file', async function () {
314 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
316 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
319 it('Should fail with an unauthenticated user', async function () {
322 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
324 await makeUploadRequest({
326 path: path + '/me/avatar/pick',
329 statusCodeExpected: 401
333 it('Should succeed with the correct params', async function () {
336 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
338 await makeUploadRequest({
340 path: path + '/me/avatar/pick',
341 token: server.accessToken,
344 statusCodeExpected: 200
349 describe('When getting a user', function () {
350 before(async function () {
351 const res = await getUsersList(server.url, server.accessToken)
353 userId = res.body.data[1].id
356 it('Should fail with an non authenticated user', async function () {
357 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
360 it('Should fail with a non admin user', async function () {
361 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
364 it('Should succeed with the correct params', async function () {
365 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
369 describe('When updating a user', function () {
371 before(async function () {
372 const res = await getUsersList(server.url, server.accessToken)
374 userId = res.body.data[1].id
375 rootId = res.body.data[2].id
378 it('Should fail with an invalid email attribute', async function () {
383 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
386 it('Should fail with an invalid videoQuota attribute', async function () {
391 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
394 it('Should fail with an invalid user role attribute', async function () {
399 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
402 it('Should fail with an non authenticated user', async function () {
407 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
410 it('Should fail when updating root role', async function () {
412 role: UserRole.MODERATOR
415 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
418 it('Should succeed with the correct params', async function () {
420 email: 'email@example.com',
422 role: UserRole.MODERATOR
425 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
426 userAccessToken = await userLogin(server, user)
430 describe('When getting my information', function () {
431 it('Should fail with a non authenticated user', async function () {
432 await getMyUserInformation(server.url, 'fake_token', 401)
435 it('Should success with the correct parameters', async function () {
436 await getMyUserInformation(server.url, userAccessToken)
440 describe('When getting my video rating', function () {
441 it('Should fail with a non authenticated user', async function () {
442 await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
445 it('Should fail with an incorrect video uuid', async function () {
446 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
449 it('Should fail with an unknown video', async function () {
450 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
453 it('Should succeed with the correct parameters', async function () {
454 await getMyUserVideoRating(server.url, server.accessToken, videoId)
458 describe('When blocking/unblocking/removing user', function () {
459 it('Should fail with an incorrect id', async function () {
460 await removeUser(server.url, 'blabla', server.accessToken, 400)
461 await blockUser(server.url, 'blabla', server.accessToken, 400)
462 await unblockUser(server.url, 'blabla', server.accessToken, 400)
465 it('Should fail with the root user', async function () {
466 await removeUser(server.url, rootId, server.accessToken, 400)
467 await blockUser(server.url, rootId, server.accessToken, 400)
468 await unblockUser(server.url, rootId, server.accessToken, 400)
471 it('Should return 404 with a non existing id', async function () {
472 await removeUser(server.url, 4545454, server.accessToken, 404)
473 await blockUser(server.url, 4545454, server.accessToken, 404)
474 await unblockUser(server.url, 4545454, server.accessToken, 404)
477 it('Should fail with a non admin user', async function () {
478 await removeUser(server.url, userId, userAccessToken, 403)
479 await blockUser(server.url, userId, userAccessToken, 403)
480 await unblockUser(server.url, userId, userAccessToken, 403)
484 describe('When deleting our account', function () {
485 it('Should fail with with the root account', async function () {
486 await deleteMe(server.url, server.accessToken, 400)
490 describe('When register a new user', function () {
491 const registrationPath = path + '/register'
492 const baseCorrectParams = {
494 email: 'test3@example.com',
495 password: 'my super password'
498 it('Should fail with a too small username', async function () {
499 const fields = immutableAssign(baseCorrectParams, { username: 'ji' })
501 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
504 it('Should fail with a too long username', async function () {
505 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
507 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
510 it('Should fail with an incorrect username', async function () {
511 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
513 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
516 it('Should fail with a missing email', async function () {
517 const fields = omit(baseCorrectParams, 'email')
519 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
522 it('Should fail with an invalid email', async function () {
523 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
525 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
528 it('Should fail with a too small password', async function () {
529 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
531 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
534 it('Should fail with a too long password', async function () {
535 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
537 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
540 it('Should fail if we register a user with the same username', async function () {
541 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
543 await makePostBodyRequest({
545 path: registrationPath,
546 token: server.accessToken,
548 statusCodeExpected: 409
552 it('Should fail with a "peertube" username', async function () {
553 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
555 await makePostBodyRequest({
557 path: registrationPath,
558 token: server.accessToken,
560 statusCodeExpected: 409
564 it('Should fail if we register a user with the same email', async function () {
565 const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
567 await makePostBodyRequest({
569 path: registrationPath,
570 token: server.accessToken,
572 statusCodeExpected: 409
576 it('Should succeed with the correct params', async function () {
577 await makePostBodyRequest({
579 path: registrationPath,
580 token: server.accessToken,
581 fields: baseCorrectParams,
582 statusCodeExpected: 204
586 it('Should fail on a server with registration disabled', async function () {
589 email: 'test4@example.com',
590 password: 'my super password 4'
593 await makePostBodyRequest({
594 url: serverWithRegistrationDisabled.url,
595 path: registrationPath,
596 token: serverWithRegistrationDisabled.accessToken,
598 statusCodeExpected: 403
603 describe('When registering multiple users on a server with users limit', function () {
604 it('Should fail when after 3 registrations', async function () {
605 await registerUser(server.url, 'user42', 'super password', 403)
609 describe('When having a video quota', function () {
610 it('Should fail with a user having too many video', async function () {
614 accessToken: server.accessToken,
618 await uploadVideo(server.url, server.accessToken, {}, 403)
621 it('Should fail with a registered user having too many video', async function () {
626 password: 'my super password'
628 userAccessToken = await userLogin(server, user)
630 const videoAttributes = { fixture: 'video_short2.webm' }
631 await uploadVideo(server.url, userAccessToken, videoAttributes)
632 await uploadVideo(server.url, userAccessToken, videoAttributes)
633 await uploadVideo(server.url, userAccessToken, videoAttributes)
634 await uploadVideo(server.url, userAccessToken, videoAttributes)
635 await uploadVideo(server.url, userAccessToken, videoAttributes)
636 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
639 it('Should fail to import with HTTP/Torrent/magnet', async function () {
642 const baseAttributes = {
644 privacy: VideoPrivacy.PUBLIC
646 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() }))
647 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() }))
648 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' }))
650 await waitJobs([ server ])
652 const res = await getMyVideoImports(server.url, server.accessToken)
654 expect(res.body.total).to.equal(3)
655 const videoImports: VideoImport[] = res.body.data
656 expect(videoImports).to.have.lengthOf(3)
658 for (const videoImport of videoImports) {
659 expect(videoImport.state.id).to.equal(VideoImportState.FAILED)
660 expect(videoImport.error).not.to.be.undefined
661 expect(videoImport.error).to.contain('user video quota is exceeded')
666 describe('When asking a password reset', function () {
667 const path = '/api/v1/users/ask-reset-password'
669 it('Should fail with a missing email', async function () {
672 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
675 it('Should fail with an invalid email', async function () {
676 const fields = { email: 'hello' }
678 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
681 it('Should success with the correct params', async function () {
682 const fields = { email: 'admin@example.com' }
684 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
688 after(async function () {
689 killallServers([ server, serverWithRegistrationDisabled ])
691 // Keep the logs if the test failed