]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:


fda7e9640ce11411d8ea86794490f07eff036311
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2
3 import 'mocha'
4 import { omit } from 'lodash'
5 import { User, UserRole, VideoCreateResult } from '../../../../shared'
6 import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
7 import {
8 blockUser,
9 buildAbsoluteFixturePath,
10 cleanupTests,
11 createUser,
12 deleteMe,
13 flushAndRunServer,
14 getMyUserInformation,
15 getMyUserVideoRating,
16 getUserScopedTokens,
17 getUsersList,
18 killallServers,
19 makeGetRequest,
20 makePostBodyRequest,
21 makePutBodyRequest,
22 makeUploadRequest,
23 registerUser,
24 removeUser,
25 renewUserScopedTokens,
26 reRunServer,
27 ServerInfo,
28 setAccessTokensToServers,
29 unblockUser,
30 uploadVideo,
31 userLogin
32 } from '../../../../shared/extra-utils'
33 import { MockSmtpServer } from '../../../../shared/extra-utils/mock-servers/mock-email'
34 import {
35 checkBadCountPagination,
36 checkBadSortPagination,
37 checkBadStartPagination
38 } from '../../../../shared/extra-utils/requests/check-api-params'
39 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
40
41 describe('Test users API validators', function () {
42 const path = '/api/v1/users/'
43 let userId: number
44 let rootId: number
45 let moderatorId: number
46 let video: VideoCreateResult
47 let server: ServerInfo
48 let serverWithRegistrationDisabled: ServerInfo
49 let userAccessToken = ''
50 let moderatorAccessToken = ''
51 let emailPort: number
52 let overrideConfig: Object
53
54 // ---------------------------------------------------------------
55
56 before(async function () {
57 this.timeout(30000)
58
59 const emails: object[] = []
60 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
61
62 overrideConfig = { signup: { limit: 8 } }
63
64 {
65 const res = await Promise.all([
66 flushAndRunServer(1, overrideConfig),
67 flushAndRunServer(2)
68 ])
69
70 server = res[0]
71 serverWithRegistrationDisabled = res[1]
72
73 await setAccessTokensToServers([ server ])
74 }
75
76 {
77 const user = {
78 username: 'user1',
79 password: 'my super password'
80 }
81
82 const videoQuota = 42000000
83 await createUser({
84 url: server.url,
85 accessToken: server.accessToken,
86 username: user.username,
87 password: user.password,
88 videoQuota: videoQuota
89 })
90 userAccessToken = await userLogin(server, user)
91 }
92
93 {
94 const moderator = {
95 username: 'moderator1',
96 password: 'super password'
97 }
98
99 await createUser({
100 url: server.url,
101 accessToken: server.accessToken,
102 username: moderator.username,
103 password: moderator.password,
104 role: UserRole.MODERATOR
105 })
106
107 moderatorAccessToken = await userLogin(server, moderator)
108 }
109
110 {
111 const moderator = {
112 username: 'moderator2',
113 password: 'super password'
114 }
115
116 await createUser({
117 url: server.url,
118 accessToken: server.accessToken,
119 username: moderator.username,
120 password: moderator.password,
121 role: UserRole.MODERATOR
122 })
123 }
124
125 {
126 const res = await uploadVideo(server.url, server.accessToken, {})
127 video = res.body.video
128 }
129
130 {
131 const res = await getUsersList(server.url, server.accessToken)
132 const users: User[] = res.body.data
133
134 userId = users.find(u => u.username === 'user1').id
135 rootId = users.find(u => u.username === 'root').id
136 moderatorId = users.find(u => u.username === 'moderator2').id
137 }
138 })
139
140 describe('When listing users', function () {
141 it('Should fail with a bad start pagination', async function () {
142 await checkBadStartPagination(server.url, path, server.accessToken)
143 })
144
145 it('Should fail with a bad count pagination', async function () {
146 await checkBadCountPagination(server.url, path, server.accessToken)
147 })
148
149 it('Should fail with an incorrect sort', async function () {
150 await checkBadSortPagination(server.url, path, server.accessToken)
151 })
152
153 it('Should fail with a non authenticated user', async function () {
154 await makeGetRequest({
155 url: server.url,
156 path,
157 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
158 })
159 })
160
161 it('Should fail with a non admin user', async function () {
162 await makeGetRequest({
163 url: server.url,
164 path,
165 token: userAccessToken,
166 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
167 })
168 })
169 })
170
171 describe('When adding a new user', function () {
172 const baseCorrectParams = {
173 username: 'user2',
174 email: 'test@example.com',
175 password: 'my super password',
176 videoQuota: -1,
177 videoQuotaDaily: -1,
178 role: UserRole.USER,
179 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
180 }
181
182 it('Should fail with a too small username', async function () {
183 const fields = { ...baseCorrectParams, username: '' }
184
185 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
186 })
187
188 it('Should fail with a too long username', async function () {
189 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
190
191 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
192 })
193
194 it('Should fail with a not lowercase username', async function () {
195 const fields = { ...baseCorrectParams, username: 'Toto' }
196
197 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
198 })
199
200 it('Should fail with an incorrect username', async function () {
201 const fields = { ...baseCorrectParams, username: 'my username' }
202
203 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
204 })
205
206 it('Should fail with a missing email', async function () {
207 const fields = omit(baseCorrectParams, 'email')
208
209 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
210 })
211
212 it('Should fail with an invalid email', async function () {
213 const fields = { ...baseCorrectParams, email: 'test_example.com' }
214
215 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
216 })
217
218 it('Should fail with a too small password', async function () {
219 const fields = { ...baseCorrectParams, password: 'bla' }
220
221 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
222 })
223
224 it('Should fail with a too long password', async function () {
225 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
226
227 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
228 })
229
230 it('Should fail with empty password and no smtp configured', async function () {
231 const fields = { ...baseCorrectParams, password: '' }
232
233 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
234 })
235
236 it('Should succeed with no password on a server with smtp enabled', async function () {
237 this.timeout(20000)
238
239 await killallServers([ server ])
240
241 const config = {
242 ...overrideConfig,
243
244 smtp: {
245 hostname: 'localhost',
246 port: emailPort
247 }
248 }
249 await reRunServer(server, config)
250
251 const fields = {
252 ...baseCorrectParams,
253
254 password: '',
255 username: 'create_password',
256 email: 'create_password@example.com'
257 }
258
259 await makePostBodyRequest({
260 url: server.url,
261 path: path,
262 token: server.accessToken,
263 fields,
264 statusCodeExpected: HttpStatusCode.OK_200
265 })
266 })
267
268 it('Should fail with invalid admin flags', async function () {
269 const fields = { ...baseCorrectParams, adminFlags: 'toto' }
270
271 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
272 })
273
274 it('Should fail with an non authenticated user', async function () {
275 await makePostBodyRequest({
276 url: server.url,
277 path,
278 token: 'super token',
279 fields: baseCorrectParams,
280 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
281 })
282 })
283
284 it('Should fail if we add a user with the same username', async function () {
285 const fields = { ...baseCorrectParams, username: 'user1' }
286
287 await makePostBodyRequest({
288 url: server.url,
289 path,
290 token: server.accessToken,
291 fields,
292 statusCodeExpected: HttpStatusCode.CONFLICT_409
293 })
294 })
295
296 it('Should fail if we add a user with the same email', async function () {
297 const fields = { ...baseCorrectParams, email: 'user1@example.com' }
298
299 await makePostBodyRequest({
300 url: server.url,
301 path,
302 token: server.accessToken,
303 fields,
304 statusCodeExpected: HttpStatusCode.CONFLICT_409
305 })
306 })
307
308 it('Should fail without a videoQuota', async function () {
309 const fields = omit(baseCorrectParams, 'videoQuota')
310
311 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
312 })
313
314 it('Should fail without a videoQuotaDaily', async function () {
315 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
316
317 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
318 })
319
320 it('Should fail with an invalid videoQuota', async function () {
321 const fields = { ...baseCorrectParams, videoQuota: -5 }
322
323 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
324 })
325
326 it('Should fail with an invalid videoQuotaDaily', async function () {
327 const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
328
329 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
330 })
331
332 it('Should fail without a user role', async function () {
333 const fields = omit(baseCorrectParams, 'role')
334
335 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
336 })
337
338 it('Should fail with an invalid user role', async function () {
339 const fields = { ...baseCorrectParams, role: 88989 }
340
341 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
342 })
343
344 it('Should fail with a "peertube" username', async function () {
345 const fields = { ...baseCorrectParams, username: 'peertube' }
346
347 await makePostBodyRequest({
348 url: server.url,
349 path,
350 token: server.accessToken,
351 fields,
352 statusCodeExpected: HttpStatusCode.CONFLICT_409
353 })
354 })
355
356 it('Should fail to create a moderator or an admin with a moderator', async function () {
357 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
358 const fields = { ...baseCorrectParams, role }
359
360 await makePostBodyRequest({
361 url: server.url,
362 path,
363 token: moderatorAccessToken,
364 fields,
365 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
366 })
367 }
368 })
369
370 it('Should succeed to create a user with a moderator', async function () {
371 const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
372
373 await makePostBodyRequest({
374 url: server.url,
375 path,
376 token: moderatorAccessToken,
377 fields,
378 statusCodeExpected: HttpStatusCode.OK_200
379 })
380 })
381
382 it('Should succeed with the correct params', async function () {
383 await makePostBodyRequest({
384 url: server.url,
385 path,
386 token: server.accessToken,
387 fields: baseCorrectParams,
388 statusCodeExpected: HttpStatusCode.OK_200
389 })
390 })
391
392 it('Should fail with a non admin user', async function () {
393 const user = {
394 username: 'user1',
395 password: 'my super password'
396 }
397 userAccessToken = await userLogin(server, user)
398
399 const fields = {
400 username: 'user3',
401 email: 'test@example.com',
402 password: 'my super password',
403 videoQuota: 42000000
404 }
405 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
406 })
407 })
408
409 describe('When updating my account', function () {
410 it('Should fail with an invalid email attribute', async function () {
411 const fields = {
412 email: 'blabla'
413 }
414
415 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
416 })
417
418 it('Should fail with a too small password', async function () {
419 const fields = {
420 currentPassword: 'my super password',
421 password: 'bla'
422 }
423
424 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
425 })
426
427 it('Should fail with a too long password', async function () {
428 const fields = {
429 currentPassword: 'my super password',
430 password: 'super'.repeat(61)
431 }
432
433 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
434 })
435
436 it('Should fail without the current password', async function () {
437 const fields = {
438 currentPassword: 'my super password',
439 password: 'super'.repeat(61)
440 }
441
442 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
443 })
444
445 it('Should fail with an invalid current password', async function () {
446 const fields = {
447 currentPassword: 'my super password fail',
448 password: 'super'.repeat(61)
449 }
450
451 await makePutBodyRequest({
452 url: server.url,
453 path: path + 'me',
454 token: userAccessToken,
455 fields,
456 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
457 })
458 })
459
460 it('Should fail with an invalid NSFW policy attribute', async function () {
461 const fields = {
462 nsfwPolicy: 'hello'
463 }
464
465 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
466 })
467
468 it('Should fail with an invalid autoPlayVideo attribute', async function () {
469 const fields = {
470 autoPlayVideo: -1
471 }
472
473 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
474 })
475
476 it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
477 const fields = {
478 autoPlayNextVideo: -1
479 }
480
481 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
482 })
483
484 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
485 const fields = {
486 videosHistoryEnabled: -1
487 }
488
489 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
490 })
491
492 it('Should fail with an non authenticated user', async function () {
493 const fields = {
494 currentPassword: 'my super password',
495 password: 'my super password'
496 }
497
498 await makePutBodyRequest({
499 url: server.url,
500 path: path + 'me',
501 token: 'super token',
502 fields,
503 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
504 })
505 })
506
507 it('Should fail with a too long description', async function () {
508 const fields = {
509 description: 'super'.repeat(201)
510 }
511
512 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
513 })
514
515 it('Should fail with an invalid videoLanguages attribute', async function () {
516 {
517 const fields = {
518 videoLanguages: 'toto'
519 }
520
521 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
522 }
523
524 {
525 const languages = []
526 for (let i = 0; i < 1000; i++) {
527 languages.push('fr')
528 }
529
530 const fields = {
531 videoLanguages: languages
532 }
533
534 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
535 }
536 })
537
538 it('Should fail with an invalid theme', async function () {
539 const fields = { theme: 'invalid' }
540 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
541 })
542
543 it('Should fail with an unknown theme', async function () {
544 const fields = { theme: 'peertube-theme-unknown' }
545 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
546 })
547
548 it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () {
549 const fields = {
550 noInstanceConfigWarningModal: -1
551 }
552
553 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
554 })
555
556 it('Should fail with an invalid noWelcomeModal attribute', async function () {
557 const fields = {
558 noWelcomeModal: -1
559 }
560
561 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
562 })
563
564 it('Should succeed to change password with the correct params', async function () {
565 const fields = {
566 currentPassword: 'my super password',
567 password: 'my super password',
568 nsfwPolicy: 'blur',
569 autoPlayVideo: false,
570 email: 'super_email@example.com',
571 theme: 'default',
572 noInstanceConfigWarningModal: true,
573 noWelcomeModal: true
574 }
575
576 await makePutBodyRequest({
577 url: server.url,
578 path: path + 'me',
579 token: userAccessToken,
580 fields,
581 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
582 })
583 })
584
585 it('Should succeed without password change with the correct params', async function () {
586 const fields = {
587 nsfwPolicy: 'blur',
588 autoPlayVideo: false
589 }
590
591 await makePutBodyRequest({
592 url: server.url,
593 path: path + 'me',
594 token: userAccessToken,
595 fields,
596 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
597 })
598 })
599 })
600
601 describe('When updating my avatar', function () {
602 it('Should fail without an incorrect input file', async function () {
603 const fields = {}
604 const attaches = {
605 avatarfile: buildAbsoluteFixturePath('video_short.mp4')
606 }
607 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
608 })
609
610 it('Should fail with a big file', async function () {
611 const fields = {}
612 const attaches = {
613 avatarfile: buildAbsoluteFixturePath('avatar-big.png')
614 }
615 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
616 })
617
618 it('Should fail with an unauthenticated user', async function () {
619 const fields = {}
620 const attaches = {
621 avatarfile: buildAbsoluteFixturePath('avatar.png')
622 }
623 await makeUploadRequest({
624 url: server.url,
625 path: path + '/me/avatar/pick',
626 fields,
627 attaches,
628 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
629 })
630 })
631
632 it('Should succeed with the correct params', async function () {
633 const fields = {}
634 const attaches = {
635 avatarfile: buildAbsoluteFixturePath('avatar.png')
636 }
637 await makeUploadRequest({
638 url: server.url,
639 path: path + '/me/avatar/pick',
640 token: server.accessToken,
641 fields,
642 attaches,
643 statusCodeExpected: HttpStatusCode.OK_200
644 })
645 })
646 })
647
648 describe('When managing my scoped tokens', function () {
649
650 it('Should fail to get my scoped tokens with an non authenticated user', async function () {
651 await getUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401)
652 })
653
654 it('Should fail to get my scoped tokens with a bad token', async function () {
655 await getUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401)
656
657 })
658
659 it('Should succeed to get my scoped tokens', async function () {
660 await getUserScopedTokens(server.url, server.accessToken)
661 })
662
663 it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
664 await renewUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401)
665 })
666
667 it('Should fail to renew my scoped tokens with a bad token', async function () {
668 await renewUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401)
669 })
670
671 it('Should succeed to renew my scoped tokens', async function () {
672 await renewUserScopedTokens(server.url, server.accessToken)
673 })
674 })
675
676 describe('When getting a user', function () {
677
678 it('Should fail with an non authenticated user', async function () {
679 await makeGetRequest({
680 url: server.url,
681 path: path + userId,
682 token: 'super token',
683 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
684 })
685 })
686
687 it('Should fail with a non admin user', async function () {
688 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
689 })
690
691 it('Should succeed with the correct params', async function () {
692 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 })
693 })
694 })
695
696 describe('When updating a user', function () {
697
698 it('Should fail with an invalid email attribute', async function () {
699 const fields = {
700 email: 'blabla'
701 }
702
703 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
704 })
705
706 it('Should fail with an invalid emailVerified attribute', async function () {
707 const fields = {
708 emailVerified: 'yes'
709 }
710
711 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
712 })
713
714 it('Should fail with an invalid videoQuota attribute', async function () {
715 const fields = {
716 videoQuota: -90
717 }
718
719 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
720 })
721
722 it('Should fail with an invalid user role attribute', async function () {
723 const fields = {
724 role: 54878
725 }
726
727 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
728 })
729
730 it('Should fail with a too small password', async function () {
731 const fields = {
732 currentPassword: 'my super password',
733 password: 'bla'
734 }
735
736 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
737 })
738
739 it('Should fail with a too long password', async function () {
740 const fields = {
741 currentPassword: 'my super password',
742 password: 'super'.repeat(61)
743 }
744
745 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
746 })
747
748 it('Should fail with an non authenticated user', async function () {
749 const fields = {
750 videoQuota: 42
751 }
752
753 await makePutBodyRequest({
754 url: server.url,
755 path: path + userId,
756 token: 'super token',
757 fields,
758 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
759 })
760 })
761
762 it('Should fail when updating root role', async function () {
763 const fields = {
764 role: UserRole.MODERATOR
765 }
766
767 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
768 })
769
770 it('Should fail with invalid admin flags', async function () {
771 const fields = { adminFlags: 'toto' }
772
773 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
774 })
775
776 it('Should fail to update an admin with a moderator', async function () {
777 const fields = {
778 videoQuota: 42
779 }
780
781 await makePutBodyRequest({
782 url: server.url,
783 path: path + moderatorId,
784 token: moderatorAccessToken,
785 fields,
786 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
787 })
788 })
789
790 it('Should succeed to update a user with a moderator', async function () {
791 const fields = {
792 videoQuota: 42
793 }
794
795 await makePutBodyRequest({
796 url: server.url,
797 path: path + userId,
798 token: moderatorAccessToken,
799 fields,
800 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
801 })
802 })
803
804 it('Should succeed with the correct params', async function () {
805 const fields = {
806 email: 'email@example.com',
807 emailVerified: true,
808 videoQuota: 42,
809 role: UserRole.USER
810 }
811
812 await makePutBodyRequest({
813 url: server.url,
814 path: path + userId,
815 token: server.accessToken,
816 fields,
817 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
818 })
819 })
820 })
821
822 describe('When getting my information', function () {
823 it('Should fail with a non authenticated user', async function () {
824 await getMyUserInformation(server.url, 'fake_token', HttpStatusCode.UNAUTHORIZED_401)
825 })
826
827 it('Should success with the correct parameters', async function () {
828 await getMyUserInformation(server.url, userAccessToken)
829 })
830 })
831
832 describe('When getting my video rating', function () {
833 it('Should fail with a non authenticated user', async function () {
834 await getMyUserVideoRating(server.url, 'fake_token', video.id, HttpStatusCode.UNAUTHORIZED_401)
835 })
836
837 it('Should fail with an incorrect video uuid', async function () {
838 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', HttpStatusCode.BAD_REQUEST_400)
839 })
840
841 it('Should fail with an unknown video', async function () {
842 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', HttpStatusCode.NOT_FOUND_404)
843 })
844
845 it('Should succeed with the correct parameters', async function () {
846 await getMyUserVideoRating(server.url, server.accessToken, video.id)
847 await getMyUserVideoRating(server.url, server.accessToken, video.uuid)
848 await getMyUserVideoRating(server.url, server.accessToken, video.shortUUID)
849 })
850 })
851
852 describe('When retrieving my global ratings', function () {
853 const path = '/api/v1/accounts/user1/ratings'
854
855 it('Should fail with a bad start pagination', async function () {
856 await checkBadStartPagination(server.url, path, userAccessToken)
857 })
858
859 it('Should fail with a bad count pagination', async function () {
860 await checkBadCountPagination(server.url, path, userAccessToken)
861 })
862
863 it('Should fail with an incorrect sort', async function () {
864 await checkBadSortPagination(server.url, path, userAccessToken)
865 })
866
867 it('Should fail with a unauthenticated user', async function () {
868 await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
869 })
870
871 it('Should fail with a another user', async function () {
872 await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
873 })
874
875 it('Should fail with a bad type', async function () {
876 await makeGetRequest({
877 url: server.url,
878 path,
879 token: userAccessToken,
880 query: { rating: 'toto ' },
881 statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
882 })
883 })
884
885 it('Should succeed with the correct params', async function () {
886 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.OK_200 })
887 })
888 })
889
890 describe('When blocking/unblocking/removing user', function () {
891 it('Should fail with an incorrect id', async function () {
892 await removeUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
893 await blockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
894 await unblockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
895 })
896
897 it('Should fail with the root user', async function () {
898 await removeUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
899 await blockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
900 await unblockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
901 })
902
903 it('Should return 404 with a non existing id', async function () {
904 await removeUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
905 await blockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
906 await unblockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
907 })
908
909 it('Should fail with a non admin user', async function () {
910 await removeUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
911 await blockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
912 await unblockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
913 })
914
915 it('Should fail on a moderator with a moderator', async function () {
916 await removeUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
917 await blockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
918 await unblockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
919 })
920
921 it('Should succeed on a user with a moderator', async function () {
922 await blockUser(server.url, userId, moderatorAccessToken)
923 await unblockUser(server.url, userId, moderatorAccessToken)
924 })
925 })
926
927 describe('When deleting our account', function () {
928 it('Should fail with with the root account', async function () {
929 await deleteMe(server.url, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
930 })
931 })
932
933 describe('When registering a new user', function () {
934 const registrationPath = path + '/register'
935 const baseCorrectParams = {
936 username: 'user3',
937 displayName: 'super user',
938 email: 'test3@example.com',
939 password: 'my super password'
940 }
941
942 it('Should fail with a too small username', async function () {
943 const fields = { ...baseCorrectParams, username: '' }
944
945 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
946 })
947
948 it('Should fail with a too long username', async function () {
949 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
950
951 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
952 })
953
954 it('Should fail with an incorrect username', async function () {
955 const fields = { ...baseCorrectParams, username: 'my username' }
956
957 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
958 })
959
960 it('Should fail with a missing email', async function () {
961 const fields = omit(baseCorrectParams, 'email')
962
963 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
964 })
965
966 it('Should fail with an invalid email', async function () {
967 const fields = { ...baseCorrectParams, email: 'test_example.com' }
968
969 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
970 })
971
972 it('Should fail with a too small password', async function () {
973 const fields = { ...baseCorrectParams, password: 'bla' }
974
975 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
976 })
977
978 it('Should fail with a too long password', async function () {
979 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
980
981 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
982 })
983
984 it('Should fail if we register a user with the same username', async function () {
985 const fields = { ...baseCorrectParams, username: 'root' }
986
987 await makePostBodyRequest({
988 url: server.url,
989 path: registrationPath,
990 token: server.accessToken,
991 fields,
992 statusCodeExpected: HttpStatusCode.CONFLICT_409
993 })
994 })
995
996 it('Should fail with a "peertube" username', async function () {
997 const fields = { ...baseCorrectParams, username: 'peertube' }
998
999 await makePostBodyRequest({
1000 url: server.url,
1001 path: registrationPath,
1002 token: server.accessToken,
1003 fields,
1004 statusCodeExpected: HttpStatusCode.CONFLICT_409
1005 })
1006 })
1007
1008 it('Should fail if we register a user with the same email', async function () {
1009 const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
1010
1011 await makePostBodyRequest({
1012 url: server.url,
1013 path: registrationPath,
1014 token: server.accessToken,
1015 fields,
1016 statusCodeExpected: HttpStatusCode.CONFLICT_409
1017 })
1018 })
1019
1020 it('Should fail with a bad display name', async function () {
1021 const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
1022
1023 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1024 })
1025
1026 it('Should fail with a bad channel name', async function () {
1027 const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
1028
1029 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1030 })
1031
1032 it('Should fail with a bad channel display name', async function () {
1033 const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
1034
1035 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1036 })
1037
1038 it('Should fail with a channel name that is the same as username', async function () {
1039 const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
1040 const fields = { ...baseCorrectParams, ...source }
1041
1042 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1043 })
1044
1045 it('Should fail with an existing channel', async function () {
1046 const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
1047 await server.channelsCommand.create({ attributes })
1048
1049 const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
1050
1051 await makePostBodyRequest({
1052 url: server.url,
1053 path: registrationPath,
1054 token: server.accessToken,
1055 fields,
1056 statusCodeExpected: HttpStatusCode.CONFLICT_409
1057 })
1058 })
1059
1060 it('Should succeed with the correct params', async function () {
1061 const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
1062
1063 await makePostBodyRequest({
1064 url: server.url,
1065 path: registrationPath,
1066 token: server.accessToken,
1067 fields: fields,
1068 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1069 })
1070 })
1071
1072 it('Should fail on a server with registration disabled', async function () {
1073 const fields = {
1074 username: 'user4',
1075 email: 'test4@example.com',
1076 password: 'my super password 4'
1077 }
1078
1079 await makePostBodyRequest({
1080 url: serverWithRegistrationDisabled.url,
1081 path: registrationPath,
1082 token: serverWithRegistrationDisabled.accessToken,
1083 fields,
1084 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
1085 })
1086 })
1087 })
1088
1089 describe('When registering multiple users on a server with users limit', function () {
1090 it('Should fail when after 3 registrations', async function () {
1091 await registerUser(server.url, 'user42', 'super password', HttpStatusCode.FORBIDDEN_403)
1092 })
1093 })
1094
1095 describe('When asking a password reset', function () {
1096 const path = '/api/v1/users/ask-reset-password'
1097
1098 it('Should fail with a missing email', async function () {
1099 const fields = {}
1100
1101 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1102 })
1103
1104 it('Should fail with an invalid email', async function () {
1105 const fields = { email: 'hello' }
1106
1107 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1108 })
1109
1110 it('Should success with the correct params', async function () {
1111 const fields = { email: 'admin@example.com' }
1112
1113 await makePostBodyRequest({
1114 url: server.url,
1115 path,
1116 token: server.accessToken,
1117 fields,
1118 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1119 })
1120 })
1121 })
1122
1123 describe('When asking for an account verification email', function () {
1124 const path = '/api/v1/users/ask-send-verify-email'
1125
1126 it('Should fail with a missing email', async function () {
1127 const fields = {}
1128
1129 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1130 })
1131
1132 it('Should fail with an invalid email', async function () {
1133 const fields = { email: 'hello' }
1134
1135 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1136 })
1137
1138 it('Should succeed with the correct params', async function () {
1139 const fields = { email: 'admin@example.com' }
1140
1141 await makePostBodyRequest({
1142 url: server.url,
1143 path,
1144 token: server.accessToken,
1145 fields,
1146 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1147 })
1148 })
1149 })
1150
1151 after(async function () {
1152 MockSmtpServer.Instance.kill()
1153
1154 await cleanupTests([ server, serverWithRegistrationDisabled ])
1155 })
1156 })
ActivityPub-federated video streaming platform using P2P directly in your web browser