]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add avatar max size limit
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
1 /* tslint:disable:no-unused-expression */
2
3 import { omit } from 'lodash'
4 import 'mocha'
5 import { join } from 'path'
6 import { UserRole } from '../../../../shared'
7
8 import {
9 createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
10 makePostBodyRequest, makePostUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
11 updateUser, uploadVideo, userLogin
12 } from '../../utils'
13 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
14
15 describe('Test users API validators', function () {
16 const path = '/api/v1/users/'
17 let userId: number
18 let rootId: number
19 let videoId: number
20 let server: ServerInfo
21 let serverWithRegistrationDisabled: ServerInfo
22 let userAccessToken = ''
23
24 // ---------------------------------------------------------------
25
26 before(async function () {
27 this.timeout(20000)
28
29 await flushTests()
30
31 server = await runServer(1)
32 serverWithRegistrationDisabled = await runServer(2)
33
34 await setAccessTokensToServers([ server ])
35
36 const user = {
37 username: 'user1',
38 password: 'my super password'
39 }
40 const videoQuota = 42000000
41 await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
42 userAccessToken = await userLogin(server, user)
43
44 const res = await uploadVideo(server.url, server.accessToken, {})
45 videoId = res.body.video.id
46 })
47
48 describe('When listing users', function () {
49 it('Should fail with a bad start pagination', async function () {
50 await checkBadStartPagination(server.url, path, server.accessToken)
51 })
52
53 it('Should fail with a bad count pagination', async function () {
54 await checkBadCountPagination(server.url, path, server.accessToken)
55 })
56
57 it('Should fail with an incorrect sort', async function () {
58 await checkBadSortPagination(server.url, path, server.accessToken)
59 })
60
61 it('Should fail with a non authenticated user', async function () {
62 await makeGetRequest({
63 url: server.url,
64 path,
65 statusCodeExpected: 401
66 })
67 })
68
69 it('Should fail with a non admin user', async function () {
70 await makeGetRequest({
71 url: server.url,
72 path,
73 token: userAccessToken,
74 statusCodeExpected: 403
75 })
76 })
77 })
78
79 describe('When adding a new user', function () {
80 const baseCorrectParams = {
81 username: 'user2',
82 email: 'test@example.com',
83 password: 'my super password',
84 videoQuota: -1,
85 role: UserRole.USER
86 }
87
88 it('Should fail with a too small username', async function () {
89 const fields = immutableAssign(baseCorrectParams, { username: 'fi' })
90
91 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
92 })
93
94 it('Should fail with a too long username', async function () {
95 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
96
97 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
98 })
99
100 it('Should fail with a not lowercase username', async function () {
101 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
102
103 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
104 })
105
106 it('Should fail with an incorrect username', async function () {
107 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
108
109 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
110 })
111
112 it('Should fail with a missing email', async function () {
113 const fields = omit(baseCorrectParams, 'email')
114
115 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
116 })
117
118 it('Should fail with an invalid email', async function () {
119 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
120
121 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
122 })
123
124 it('Should fail with a too small password', async function () {
125 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
126
127 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
128 })
129
130 it('Should fail with a too long password', async function () {
131 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
132
133 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
134 })
135
136 it('Should fail with an non authenticated user', async function () {
137 await makePostBodyRequest({
138 url: server.url,
139 path,
140 token: 'super token',
141 fields: baseCorrectParams,
142 statusCodeExpected: 401
143 })
144 })
145
146 it('Should fail if we add a user with the same username', async function () {
147 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
148
149 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
150 })
151
152 it('Should fail if we add a user with the same email', async function () {
153 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
154
155 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
156 })
157
158 it('Should fail without a videoQuota', async function () {
159 const fields = omit(baseCorrectParams, 'videoQuota')
160
161 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
162 })
163
164 it('Should fail with an invalid videoQuota', async function () {
165 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
166
167 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
168 })
169
170 it('Should fail without a user role', async function () {
171 const fields = omit(baseCorrectParams, 'role')
172
173 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
174 })
175
176 it('Should fail with an invalid user role', async function () {
177 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
178
179 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
180 })
181
182 it('Should succeed with the correct params', async function () {
183 await makePostBodyRequest({
184 url: server.url,
185 path,
186 token: server.accessToken,
187 fields: baseCorrectParams,
188 statusCodeExpected: 204
189 })
190 })
191
192 it('Should fail with a non admin user', async function () {
193 const user = {
194 username: 'user1',
195 password: 'my super password'
196 }
197 userAccessToken = await userLogin(server, user)
198
199 const fields = {
200 username: 'user3',
201 email: 'test@example.com',
202 password: 'my super password',
203 videoQuota: 42000000
204 }
205 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
206 })
207 })
208
209 describe('When updating my account', function () {
210 it('Should fail with an invalid email attribute', async function () {
211 const fields = {
212 email: 'blabla'
213 }
214
215 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
216 })
217
218 it('Should fail with a too small password', async function () {
219 const fields = {
220 password: 'bla'
221 }
222
223 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
224 })
225
226 it('Should fail with a too long password', async function () {
227 const fields = {
228 password: 'super'.repeat(61)
229 }
230
231 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
232 })
233
234 it('Should fail with an invalid display NSFW attribute', async function () {
235 const fields = {
236 displayNSFW: -1
237 }
238
239 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
240 })
241
242 it('Should fail with an invalid autoPlayVideo attribute', async function () {
243 const fields = {
244 autoPlayVideo: -1
245 }
246
247 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
248 })
249
250 it('Should fail with an non authenticated user', async function () {
251 const fields = {
252 password: 'my super password'
253 }
254
255 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
256 })
257
258 it('Should succeed with the correct params', async function () {
259 const fields = {
260 password: 'my super password',
261 displayNSFW: true,
262 autoPlayVideo: false,
263 email: 'super_email@example.com'
264 }
265
266 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
267 })
268 })
269
270 describe('When updating my avatar', function () {
271 it('Should fail without an incorrect input file', async function () {
272 const fields = {}
273 const attaches = {
274 'avatarfile': join(__dirname, '..', 'fixtures', 'video_short.mp4')
275 }
276 await makePostUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
277 })
278
279 it('Should fail with a big file', async function () {
280 const fields = {}
281 const attaches = {
282 'avatarfile': join(__dirname, '..', 'fixtures', 'avatar-big.png')
283 }
284 await makePostUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
285 })
286
287 it('Should succeed with the correct params', async function () {
288 const fields = {}
289 const attaches = {
290 'avatarfile': join(__dirname, '..', 'fixtures', 'avatar.png')
291 }
292 await makePostUploadRequest({
293 url: server.url,
294 path: path + '/me/avatar/pick',
295 token: server.accessToken,
296 fields,
297 attaches,
298 statusCodeExpected: 200
299 })
300 })
301 })
302
303 describe('When updating a user', function () {
304
305 before(async function () {
306 const res = await getUsersList(server.url, server.accessToken)
307
308 userId = res.body.data[1].id
309 rootId = res.body.data[2].id
310 })
311
312 it('Should fail with an invalid email attribute', async function () {
313 const fields = {
314 email: 'blabla'
315 }
316
317 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
318 })
319
320 it('Should fail with an invalid videoQuota attribute', async function () {
321 const fields = {
322 videoQuota: -90
323 }
324
325 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
326 })
327
328 it('Should fail with an invalid user role attribute', async function () {
329 const fields = {
330 role: 54878
331 }
332
333 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
334 })
335
336 it('Should fail with an non authenticated user', async function () {
337 const fields = {
338 videoQuota: 42
339 }
340
341 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
342 })
343
344 it('Should succeed with the correct params', async function () {
345 const fields = {
346 email: 'email@example.com',
347 videoQuota: 42,
348 role: UserRole.MODERATOR
349 }
350
351 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
352 })
353 })
354
355 describe('When getting my information', function () {
356 it('Should fail with a non authenticated user', async function () {
357 await getMyUserInformation(server.url, 'fake_token', 401)
358 })
359
360 it('Should success with the correct parameters', async function () {
361 await getMyUserInformation(server.url, userAccessToken)
362 })
363 })
364
365 describe('When getting my video rating', function () {
366 it('Should fail with a non authenticated user', async function () {
367 await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
368 })
369
370 it('Should fail with an incorrect video uuid', async function () {
371 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
372 })
373
374 it('Should fail with an unknown video', async function () {
375 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
376 })
377
378 it('Should succeed with the correct parameters', async function () {
379 await getMyUserVideoRating(server.url, server.accessToken, videoId)
380 })
381 })
382
383 describe('When removing an user', function () {
384 it('Should fail with an incorrect id', async function () {
385 await removeUser(server.url, 'blabla', server.accessToken, 400)
386 })
387
388 it('Should fail with the root user', async function () {
389 await removeUser(server.url, rootId, server.accessToken, 400)
390 })
391
392 it('Should return 404 with a non existing id', async function () {
393 await removeUser(server.url, 4545454, server.accessToken, 404)
394 })
395 })
396
397 describe('When register a new user', function () {
398 const registrationPath = path + '/register'
399 const baseCorrectParams = {
400 username: 'user3',
401 email: 'test3@example.com',
402 password: 'my super password'
403 }
404
405 it('Should fail with a too small username', async function () {
406 const fields = immutableAssign(baseCorrectParams, { username: 'ji' })
407
408 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
409 })
410
411 it('Should fail with a too long username', async function () {
412 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
413
414 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
415 })
416
417 it('Should fail with an incorrect username', async function () {
418 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
419
420 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
421 })
422
423 it('Should fail with a missing email', async function () {
424 const fields = omit(baseCorrectParams, 'email')
425
426 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
427 })
428
429 it('Should fail with an invalid email', async function () {
430 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
431
432 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
433 })
434
435 it('Should fail with a too small password', async function () {
436 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
437
438 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
439 })
440
441 it('Should fail with a too long password', async function () {
442 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
443
444 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
445 })
446
447 it('Should fail if we register a user with the same username', async function () {
448 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
449
450 await makePostBodyRequest({
451 url: server.url,
452 path: registrationPath,
453 token: server.accessToken,
454 fields,
455 statusCodeExpected: 409
456 })
457 })
458
459 it('Should fail if we register a user with the same email', async function () {
460 const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
461
462 await makePostBodyRequest({
463 url: server.url,
464 path: registrationPath,
465 token: server.accessToken,
466 fields,
467 statusCodeExpected: 409
468 })
469 })
470
471 it('Should succeed with the correct params', async function () {
472 await makePostBodyRequest({
473 url: server.url,
474 path: registrationPath,
475 token: server.accessToken,
476 fields: baseCorrectParams,
477 statusCodeExpected: 204
478 })
479 })
480
481 it('Should fail on a server with registration disabled', async function () {
482 const fields = {
483 username: 'user4',
484 email: 'test4@example.com',
485 password: 'my super password 4'
486 }
487
488 await makePostBodyRequest({
489 url: serverWithRegistrationDisabled.url,
490 path: registrationPath,
491 token: serverWithRegistrationDisabled.accessToken,
492 fields,
493 statusCodeExpected: 403
494 })
495 })
496 })
497
498 describe('When registering multiple users on a server with users limit', function () {
499 it('Should fail when after 3 registrations', async function () {
500 await registerUser(server.url, 'user42', 'super password', 403)
501 })
502 })
503
504 describe('When having a video quota', function () {
505 it('Should fail with a user having too many video', async function () {
506 await updateUser({
507 url: server.url,
508 userId: rootId,
509 accessToken: server.accessToken,
510 videoQuota: 42
511 })
512
513 await uploadVideo(server.url, server.accessToken, {}, 403)
514 })
515
516 it('Should fail with a registered user having too many video', async function () {
517 this.timeout(10000)
518
519 const user = {
520 username: 'user3',
521 password: 'my super password'
522 }
523 userAccessToken = await userLogin(server, user)
524
525 const videoAttributes = { fixture: 'video_short2.webm' }
526 await uploadVideo(server.url, userAccessToken, videoAttributes)
527 await uploadVideo(server.url, userAccessToken, videoAttributes)
528 await uploadVideo(server.url, userAccessToken, videoAttributes)
529 await uploadVideo(server.url, userAccessToken, videoAttributes)
530 await uploadVideo(server.url, userAccessToken, videoAttributes)
531 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
532 })
533 })
534
535 after(async function () {
536 killallServers([ server, serverWithRegistrationDisabled ])
537
538 // Keep the logs if the test failed
539 if (this['ok']) {
540 await flushTests()
541 }
542 })
543 })
ActivityPub-federated video streaming platform using P2P directly in your web browser