1 /* tslint:disable:no-unused-expression */
3 import { omit } from 'lodash'
5 import { join } from 'path'
6 import { UserRole } from '../../../../shared'
9 createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
10 makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
11 updateUser, uploadVideo, userLogin
13 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
15 describe('Test users API validators', function () {
16 const path = '/api/v1/users/'
20 let server: ServerInfo
21 let serverWithRegistrationDisabled: ServerInfo
22 let userAccessToken = ''
25 password: 'my super password'
28 // ---------------------------------------------------------------
30 before(async function () {
35 server = await runServer(1)
36 serverWithRegistrationDisabled = await runServer(2)
38 await setAccessTokensToServers([ server ])
40 const videoQuota = 42000000
41 await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
42 userAccessToken = await userLogin(server, user)
44 const res = await uploadVideo(server.url, server.accessToken, {})
45 videoId = res.body.video.id
48 describe('When listing users', function () {
49 it('Should fail with a bad start pagination', async function () {
50 await checkBadStartPagination(server.url, path, server.accessToken)
53 it('Should fail with a bad count pagination', async function () {
54 await checkBadCountPagination(server.url, path, server.accessToken)
57 it('Should fail with an incorrect sort', async function () {
58 await checkBadSortPagination(server.url, path, server.accessToken)
61 it('Should fail with a non authenticated user', async function () {
62 await makeGetRequest({
65 statusCodeExpected: 401
69 it('Should fail with a non admin user', async function () {
70 await makeGetRequest({
73 token: userAccessToken,
74 statusCodeExpected: 403
79 describe('When adding a new user', function () {
80 const baseCorrectParams = {
82 email: 'test@example.com',
83 password: 'my super password',
88 it('Should fail with a too small username', async function () {
89 const fields = immutableAssign(baseCorrectParams, { username: 'fi' })
91 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
94 it('Should fail with a too long username', async function () {
95 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
97 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
100 it('Should fail with a not lowercase username', async function () {
101 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
103 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
106 it('Should fail with an incorrect username', async function () {
107 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
109 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
112 it('Should fail with a missing email', async function () {
113 const fields = omit(baseCorrectParams, 'email')
115 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
118 it('Should fail with an invalid email', async function () {
119 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
121 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
124 it('Should fail with a too small password', async function () {
125 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
127 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
130 it('Should fail with a too long password', async function () {
131 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
133 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
136 it('Should fail with an non authenticated user', async function () {
137 await makePostBodyRequest({
140 token: 'super token',
141 fields: baseCorrectParams,
142 statusCodeExpected: 401
146 it('Should fail if we add a user with the same username', async function () {
147 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
149 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
152 it('Should fail if we add a user with the same email', async function () {
153 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
155 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
158 it('Should fail without a videoQuota', async function () {
159 const fields = omit(baseCorrectParams, 'videoQuota')
161 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
164 it('Should fail with an invalid videoQuota', async function () {
165 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
167 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
170 it('Should fail without a user role', async function () {
171 const fields = omit(baseCorrectParams, 'role')
173 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
176 it('Should fail with an invalid user role', async function () {
177 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
179 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
182 it('Should fail with a "peertube" username', async function () {
183 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
185 await makePostBodyRequest({
188 token: server.accessToken,
190 statusCodeExpected: 409
194 it('Should succeed with the correct params', async function () {
195 await makePostBodyRequest({
198 token: server.accessToken,
199 fields: baseCorrectParams,
200 statusCodeExpected: 200
204 it('Should fail with a non admin user', async function () {
207 password: 'my super password'
209 userAccessToken = await userLogin(server, user)
213 email: 'test@example.com',
214 password: 'my super password',
217 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
221 describe('When updating my account', function () {
222 it('Should fail with an invalid email attribute', async function () {
227 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
230 it('Should fail with a too small password', async function () {
235 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
238 it('Should fail with a too long password', async function () {
240 password: 'super'.repeat(61)
243 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
246 it('Should fail with an invalid NSFW policy attribute', async function () {
251 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
254 it('Should fail with an invalid autoPlayVideo attribute', async function () {
259 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
262 it('Should fail with an non authenticated user', async function () {
264 password: 'my super password'
267 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
270 it('Should fail with a too long description', async function () {
272 description: 'super'.repeat(60)
275 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
278 it('Should succeed with the correct params', async function () {
280 password: 'my super password',
282 autoPlayVideo: false,
283 email: 'super_email@example.com'
286 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
290 describe('When updating my avatar', function () {
291 it('Should fail without an incorrect input file', async function () {
294 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
296 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
299 it('Should fail with a big file', async function () {
302 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
304 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
307 it('Should succeed with the correct params', async function () {
310 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
312 await makeUploadRequest({
314 path: path + '/me/avatar/pick',
315 token: server.accessToken,
318 statusCodeExpected: 200
323 describe('When getting a user', function () {
324 before(async function () {
325 const res = await getUsersList(server.url, server.accessToken)
327 userId = res.body.data[1].id
330 it('Should fail with an non authenticated user', async function () {
331 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
334 it('Should fail with a non admin user', async function () {
335 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
338 it('Should succeed with the correct params', async function () {
339 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
343 describe('When updating a user', function () {
345 before(async function () {
346 const res = await getUsersList(server.url, server.accessToken)
348 userId = res.body.data[1].id
349 rootId = res.body.data[2].id
352 it('Should fail with an invalid email attribute', async function () {
357 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
360 it('Should fail with an invalid videoQuota attribute', async function () {
365 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
368 it('Should fail with an invalid user role attribute', async function () {
373 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
376 it('Should fail with an non authenticated user', async function () {
381 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
384 it('Should fail when updating root role', async function () {
386 role: UserRole.MODERATOR
389 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
392 it('Should succeed with the correct params', async function () {
394 email: 'email@example.com',
396 role: UserRole.MODERATOR
399 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
400 userAccessToken = await userLogin(server, user)
404 describe('When getting my information', function () {
405 it('Should fail with a non authenticated user', async function () {
406 await getMyUserInformation(server.url, 'fake_token', 401)
409 it('Should success with the correct parameters', async function () {
410 await getMyUserInformation(server.url, userAccessToken)
414 describe('When getting my video rating', function () {
415 it('Should fail with a non authenticated user', async function () {
416 await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
419 it('Should fail with an incorrect video uuid', async function () {
420 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
423 it('Should fail with an unknown video', async function () {
424 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
427 it('Should succeed with the correct parameters', async function () {
428 await getMyUserVideoRating(server.url, server.accessToken, videoId)
432 describe('When removing an user', function () {
433 it('Should fail with an incorrect id', async function () {
434 await removeUser(server.url, 'blabla', server.accessToken, 400)
437 it('Should fail with the root user', async function () {
438 await removeUser(server.url, rootId, server.accessToken, 400)
441 it('Should return 404 with a non existing id', async function () {
442 await removeUser(server.url, 4545454, server.accessToken, 404)
446 describe('When register a new user', function () {
447 const registrationPath = path + '/register'
448 const baseCorrectParams = {
450 email: 'test3@example.com',
451 password: 'my super password'
454 it('Should fail with a too small username', async function () {
455 const fields = immutableAssign(baseCorrectParams, { username: 'ji' })
457 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
460 it('Should fail with a too long username', async function () {
461 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
463 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
466 it('Should fail with an incorrect username', async function () {
467 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
469 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
472 it('Should fail with a missing email', async function () {
473 const fields = omit(baseCorrectParams, 'email')
475 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
478 it('Should fail with an invalid email', async function () {
479 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
481 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
484 it('Should fail with a too small password', async function () {
485 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
487 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
490 it('Should fail with a too long password', async function () {
491 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
493 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
496 it('Should fail if we register a user with the same username', async function () {
497 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
499 await makePostBodyRequest({
501 path: registrationPath,
502 token: server.accessToken,
504 statusCodeExpected: 409
508 it('Should fail with a "peertube" username', async function () {
509 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
511 await makePostBodyRequest({
513 path: registrationPath,
514 token: server.accessToken,
516 statusCodeExpected: 409
520 it('Should fail if we register a user with the same email', async function () {
521 const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
523 await makePostBodyRequest({
525 path: registrationPath,
526 token: server.accessToken,
528 statusCodeExpected: 409
532 it('Should succeed with the correct params', async function () {
533 await makePostBodyRequest({
535 path: registrationPath,
536 token: server.accessToken,
537 fields: baseCorrectParams,
538 statusCodeExpected: 204
542 it('Should fail on a server with registration disabled', async function () {
545 email: 'test4@example.com',
546 password: 'my super password 4'
549 await makePostBodyRequest({
550 url: serverWithRegistrationDisabled.url,
551 path: registrationPath,
552 token: serverWithRegistrationDisabled.accessToken,
554 statusCodeExpected: 403
559 describe('When registering multiple users on a server with users limit', function () {
560 it('Should fail when after 3 registrations', async function () {
561 await registerUser(server.url, 'user42', 'super password', 403)
565 describe('When having a video quota', function () {
566 it('Should fail with a user having too many video', async function () {
570 accessToken: server.accessToken,
574 await uploadVideo(server.url, server.accessToken, {}, 403)
577 it('Should fail with a registered user having too many video', async function () {
582 password: 'my super password'
584 userAccessToken = await userLogin(server, user)
586 const videoAttributes = { fixture: 'video_short2.webm' }
587 await uploadVideo(server.url, userAccessToken, videoAttributes)
588 await uploadVideo(server.url, userAccessToken, videoAttributes)
589 await uploadVideo(server.url, userAccessToken, videoAttributes)
590 await uploadVideo(server.url, userAccessToken, videoAttributes)
591 await uploadVideo(server.url, userAccessToken, videoAttributes)
592 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
596 describe('When asking a password reset', function () {
597 const path = '/api/v1/users/ask-reset-password'
599 it('Should fail with a missing email', async function () {
602 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
605 it('Should fail with an invalid email', async function () {
606 const fields = { email: 'hello' }
608 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
611 it('Should success with the correct params', async function () {
612 const fields = { email: 'admin@example.com' }
614 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
618 after(async function () {
619 killallServers([ server, serverWithRegistrationDisabled ])
621 // Keep the logs if the test failed