1 /* tslint:disable:no-unused-expression */
3 import { omit } from 'lodash'
5 import { join } from 'path'
6 import { UserRole, VideoImport, VideoImportState } from '../../../../shared'
9 createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
10 makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
11 updateUser, uploadVideo, userLogin
13 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
14 import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../utils/videos/video-imports'
15 import { VideoPrivacy } from '../../../../shared/models/videos'
16 import { waitJobs } from '../../utils/server/jobs'
17 import { expect } from 'chai'
19 describe('Test users API validators', function () {
20 const path = '/api/v1/users/'
24 let server: ServerInfo
25 let serverWithRegistrationDisabled: ServerInfo
26 let userAccessToken = ''
30 password: 'my super password'
33 // ---------------------------------------------------------------
35 before(async function () {
40 server = await runServer(1)
41 serverWithRegistrationDisabled = await runServer(2)
43 await setAccessTokensToServers([ server ])
45 const videoQuota = 42000000
46 await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
47 userAccessToken = await userLogin(server, user)
50 const res = await getMyUserInformation(server.url, server.accessToken)
51 channelId = res.body.videoChannels[ 0 ].id
55 const res = await uploadVideo(server.url, server.accessToken, {})
56 videoId = res.body.video.id
60 describe('When listing users', function () {
61 it('Should fail with a bad start pagination', async function () {
62 await checkBadStartPagination(server.url, path, server.accessToken)
65 it('Should fail with a bad count pagination', async function () {
66 await checkBadCountPagination(server.url, path, server.accessToken)
69 it('Should fail with an incorrect sort', async function () {
70 await checkBadSortPagination(server.url, path, server.accessToken)
73 it('Should fail with a non authenticated user', async function () {
74 await makeGetRequest({
77 statusCodeExpected: 401
81 it('Should fail with a non admin user', async function () {
82 await makeGetRequest({
85 token: userAccessToken,
86 statusCodeExpected: 403
91 describe('When adding a new user', function () {
92 const baseCorrectParams = {
94 email: 'test@example.com',
95 password: 'my super password',
100 it('Should fail with a too small username', async function () {
101 const fields = immutableAssign(baseCorrectParams, { username: 'fi' })
103 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
106 it('Should fail with a too long username', async function () {
107 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
109 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
112 it('Should fail with a not lowercase username', async function () {
113 const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
115 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
118 it('Should fail with an incorrect username', async function () {
119 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
121 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
124 it('Should fail with a missing email', async function () {
125 const fields = omit(baseCorrectParams, 'email')
127 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
130 it('Should fail with an invalid email', async function () {
131 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
133 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
136 it('Should fail with a too small password', async function () {
137 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
139 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
142 it('Should fail with a too long password', async function () {
143 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
145 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
148 it('Should fail with an non authenticated user', async function () {
149 await makePostBodyRequest({
152 token: 'super token',
153 fields: baseCorrectParams,
154 statusCodeExpected: 401
158 it('Should fail if we add a user with the same username', async function () {
159 const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
161 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
164 it('Should fail if we add a user with the same email', async function () {
165 const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
167 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
170 it('Should fail without a videoQuota', async function () {
171 const fields = omit(baseCorrectParams, 'videoQuota')
173 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
176 it('Should fail with an invalid videoQuota', async function () {
177 const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
179 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
182 it('Should fail without a user role', async function () {
183 const fields = omit(baseCorrectParams, 'role')
185 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
188 it('Should fail with an invalid user role', async function () {
189 const fields = immutableAssign(baseCorrectParams, { role: 88989 })
191 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
194 it('Should fail with a "peertube" username', async function () {
195 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
197 await makePostBodyRequest({
200 token: server.accessToken,
202 statusCodeExpected: 409
206 it('Should succeed with the correct params', async function () {
207 await makePostBodyRequest({
210 token: server.accessToken,
211 fields: baseCorrectParams,
212 statusCodeExpected: 200
216 it('Should fail with a non admin user', async function () {
219 password: 'my super password'
221 userAccessToken = await userLogin(server, user)
225 email: 'test@example.com',
226 password: 'my super password',
229 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
233 describe('When updating my account', function () {
234 it('Should fail with an invalid email attribute', async function () {
239 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
242 it('Should fail with a too small password', async function () {
247 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
250 it('Should fail with a too long password', async function () {
252 password: 'super'.repeat(61)
255 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
258 it('Should fail with an invalid NSFW policy attribute', async function () {
263 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
266 it('Should fail with an invalid autoPlayVideo attribute', async function () {
271 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
274 it('Should fail with an non authenticated user', async function () {
276 password: 'my super password'
279 await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
282 it('Should fail with a too long description', async function () {
284 description: 'super'.repeat(60)
287 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
290 it('Should succeed with the correct params', async function () {
292 password: 'my super password',
294 autoPlayVideo: false,
295 email: 'super_email@example.com'
298 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
302 describe('When updating my avatar', function () {
303 it('Should fail without an incorrect input file', async function () {
306 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
308 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
311 it('Should fail with a big file', async function () {
314 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
316 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
319 it('Should fail with an unauthenticated user', async function () {
322 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
324 await makeUploadRequest({
326 path: path + '/me/avatar/pick',
329 statusCodeExpected: 401
333 it('Should succeed with the correct params', async function () {
336 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
338 await makeUploadRequest({
340 path: path + '/me/avatar/pick',
341 token: server.accessToken,
344 statusCodeExpected: 200
349 describe('When getting a user', function () {
350 before(async function () {
351 const res = await getUsersList(server.url, server.accessToken)
353 userId = res.body.data[1].id
356 it('Should fail with an non authenticated user', async function () {
357 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
360 it('Should fail with a non admin user', async function () {
361 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
364 it('Should succeed with the correct params', async function () {
365 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
369 describe('When updating a user', function () {
371 before(async function () {
372 const res = await getUsersList(server.url, server.accessToken)
374 userId = res.body.data[1].id
375 rootId = res.body.data[2].id
378 it('Should fail with an invalid email attribute', async function () {
383 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
386 it('Should fail with an invalid videoQuota attribute', async function () {
391 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
394 it('Should fail with an invalid user role attribute', async function () {
399 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
402 it('Should fail with an non authenticated user', async function () {
407 await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
410 it('Should fail when updating root role', async function () {
412 role: UserRole.MODERATOR
415 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
418 it('Should succeed with the correct params', async function () {
420 email: 'email@example.com',
422 role: UserRole.MODERATOR
425 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
426 userAccessToken = await userLogin(server, user)
430 describe('When getting my information', function () {
431 it('Should fail with a non authenticated user', async function () {
432 await getMyUserInformation(server.url, 'fake_token', 401)
435 it('Should success with the correct parameters', async function () {
436 await getMyUserInformation(server.url, userAccessToken)
440 describe('When getting my video rating', function () {
441 it('Should fail with a non authenticated user', async function () {
442 await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
445 it('Should fail with an incorrect video uuid', async function () {
446 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
449 it('Should fail with an unknown video', async function () {
450 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
453 it('Should succeed with the correct parameters', async function () {
454 await getMyUserVideoRating(server.url, server.accessToken, videoId)
458 describe('When removing an user', function () {
459 it('Should fail with an incorrect id', async function () {
460 await removeUser(server.url, 'blabla', server.accessToken, 400)
463 it('Should fail with the root user', async function () {
464 await removeUser(server.url, rootId, server.accessToken, 400)
467 it('Should return 404 with a non existing id', async function () {
468 await removeUser(server.url, 4545454, server.accessToken, 404)
472 describe('When register a new user', function () {
473 const registrationPath = path + '/register'
474 const baseCorrectParams = {
476 email: 'test3@example.com',
477 password: 'my super password'
480 it('Should fail with a too small username', async function () {
481 const fields = immutableAssign(baseCorrectParams, { username: 'ji' })
483 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
486 it('Should fail with a too long username', async function () {
487 const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
489 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
492 it('Should fail with an incorrect username', async function () {
493 const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
495 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
498 it('Should fail with a missing email', async function () {
499 const fields = omit(baseCorrectParams, 'email')
501 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
504 it('Should fail with an invalid email', async function () {
505 const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
507 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
510 it('Should fail with a too small password', async function () {
511 const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
513 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
516 it('Should fail with a too long password', async function () {
517 const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
519 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
522 it('Should fail if we register a user with the same username', async function () {
523 const fields = immutableAssign(baseCorrectParams, { username: 'root' })
525 await makePostBodyRequest({
527 path: registrationPath,
528 token: server.accessToken,
530 statusCodeExpected: 409
534 it('Should fail with a "peertube" username', async function () {
535 const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
537 await makePostBodyRequest({
539 path: registrationPath,
540 token: server.accessToken,
542 statusCodeExpected: 409
546 it('Should fail if we register a user with the same email', async function () {
547 const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
549 await makePostBodyRequest({
551 path: registrationPath,
552 token: server.accessToken,
554 statusCodeExpected: 409
558 it('Should succeed with the correct params', async function () {
559 await makePostBodyRequest({
561 path: registrationPath,
562 token: server.accessToken,
563 fields: baseCorrectParams,
564 statusCodeExpected: 204
568 it('Should fail on a server with registration disabled', async function () {
571 email: 'test4@example.com',
572 password: 'my super password 4'
575 await makePostBodyRequest({
576 url: serverWithRegistrationDisabled.url,
577 path: registrationPath,
578 token: serverWithRegistrationDisabled.accessToken,
580 statusCodeExpected: 403
585 describe('When registering multiple users on a server with users limit', function () {
586 it('Should fail when after 3 registrations', async function () {
587 await registerUser(server.url, 'user42', 'super password', 403)
591 describe('When having a video quota', function () {
592 it('Should fail with a user having too many video', async function () {
596 accessToken: server.accessToken,
600 await uploadVideo(server.url, server.accessToken, {}, 403)
603 it('Should fail with a registered user having too many video', async function () {
608 password: 'my super password'
610 userAccessToken = await userLogin(server, user)
612 const videoAttributes = { fixture: 'video_short2.webm' }
613 await uploadVideo(server.url, userAccessToken, videoAttributes)
614 await uploadVideo(server.url, userAccessToken, videoAttributes)
615 await uploadVideo(server.url, userAccessToken, videoAttributes)
616 await uploadVideo(server.url, userAccessToken, videoAttributes)
617 await uploadVideo(server.url, userAccessToken, videoAttributes)
618 await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
621 it('Should fail to import with HTTP/Torrent/magnet', async function () {
624 const baseAttributes = {
626 privacy: VideoPrivacy.PUBLIC
628 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() }))
629 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() }))
630 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' }))
632 await waitJobs([ server ])
634 const res = await getMyVideoImports(server.url, server.accessToken)
636 expect(res.body.total).to.equal(3)
637 const videoImports: VideoImport[] = res.body.data
638 expect(videoImports).to.have.lengthOf(3)
640 for (const videoImport of videoImports) {
641 expect(videoImport.state.id).to.equal(VideoImportState.FAILED)
642 expect(videoImport.error).not.to.be.undefined
643 expect(videoImport.error).to.contain('user video quota is exceeded')
648 describe('When asking a password reset', function () {
649 const path = '/api/v1/users/ask-reset-password'
651 it('Should fail with a missing email', async function () {
654 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
657 it('Should fail with an invalid email', async function () {
658 const fields = { email: 'hello' }
660 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
663 it('Should success with the correct params', async function () {
664 const fields = { email: 'admin@example.com' }
666 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
670 after(async function () {
671 killallServers([ server, serverWithRegistrationDisabled ])
673 // Keep the logs if the test failed