]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Introduce login command
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2
3 import 'mocha'
4 import { omit } from 'lodash'
5 import { User, UserRole, VideoCreateResult } from '../../../../shared'
6 import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
7 import {
8 blockUser,
9 buildAbsoluteFixturePath,
10 cleanupTests,
11 createUser,
12 deleteMe,
13 flushAndRunServer,
14 getMyUserInformation,
15 getMyUserVideoRating,
16 getUserScopedTokens,
17 getUsersList,
18 killallServers,
19 makeGetRequest,
20 makePostBodyRequest,
21 makePutBodyRequest,
22 makeUploadRequest,
23 registerUser,
24 removeUser,
25 renewUserScopedTokens,
26 reRunServer,
27 ServerInfo,
28 setAccessTokensToServers,
29 unblockUser,
30 uploadVideo
31 } from '../../../../shared/extra-utils'
32 import { MockSmtpServer } from '../../../../shared/extra-utils/mock-servers/mock-email'
33 import {
34 checkBadCountPagination,
35 checkBadSortPagination,
36 checkBadStartPagination
37 } from '../../../../shared/extra-utils/requests/check-api-params'
38 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
39
40 describe('Test users API validators', function () {
41 const path = '/api/v1/users/'
42 let userId: number
43 let rootId: number
44 let moderatorId: number
45 let video: VideoCreateResult
46 let server: ServerInfo
47 let serverWithRegistrationDisabled: ServerInfo
48 let userAccessToken = ''
49 let moderatorAccessToken = ''
50 let emailPort: number
51 let overrideConfig: Object
52
53 // ---------------------------------------------------------------
54
55 before(async function () {
56 this.timeout(30000)
57
58 const emails: object[] = []
59 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
60
61 overrideConfig = { signup: { limit: 8 } }
62
63 {
64 const res = await Promise.all([
65 flushAndRunServer(1, overrideConfig),
66 flushAndRunServer(2)
67 ])
68
69 server = res[0]
70 serverWithRegistrationDisabled = res[1]
71
72 await setAccessTokensToServers([ server ])
73 }
74
75 {
76 const user = {
77 username: 'user1',
78 password: 'my super password'
79 }
80
81 const videoQuota = 42000000
82 await createUser({
83 url: server.url,
84 accessToken: server.accessToken,
85 username: user.username,
86 password: user.password,
87 videoQuota: videoQuota
88 })
89 userAccessToken = await server.loginCommand.getAccessToken(user)
90 }
91
92 {
93 const moderator = {
94 username: 'moderator1',
95 password: 'super password'
96 }
97
98 await createUser({
99 url: server.url,
100 accessToken: server.accessToken,
101 username: moderator.username,
102 password: moderator.password,
103 role: UserRole.MODERATOR
104 })
105
106 moderatorAccessToken = await server.loginCommand.getAccessToken(moderator)
107 }
108
109 {
110 const moderator = {
111 username: 'moderator2',
112 password: 'super password'
113 }
114
115 await createUser({
116 url: server.url,
117 accessToken: server.accessToken,
118 username: moderator.username,
119 password: moderator.password,
120 role: UserRole.MODERATOR
121 })
122 }
123
124 {
125 const res = await uploadVideo(server.url, server.accessToken, {})
126 video = res.body.video
127 }
128
129 {
130 const res = await getUsersList(server.url, server.accessToken)
131 const users: User[] = res.body.data
132
133 userId = users.find(u => u.username === 'user1').id
134 rootId = users.find(u => u.username === 'root').id
135 moderatorId = users.find(u => u.username === 'moderator2').id
136 }
137 })
138
139 describe('When listing users', function () {
140 it('Should fail with a bad start pagination', async function () {
141 await checkBadStartPagination(server.url, path, server.accessToken)
142 })
143
144 it('Should fail with a bad count pagination', async function () {
145 await checkBadCountPagination(server.url, path, server.accessToken)
146 })
147
148 it('Should fail with an incorrect sort', async function () {
149 await checkBadSortPagination(server.url, path, server.accessToken)
150 })
151
152 it('Should fail with a non authenticated user', async function () {
153 await makeGetRequest({
154 url: server.url,
155 path,
156 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
157 })
158 })
159
160 it('Should fail with a non admin user', async function () {
161 await makeGetRequest({
162 url: server.url,
163 path,
164 token: userAccessToken,
165 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
166 })
167 })
168 })
169
170 describe('When adding a new user', function () {
171 const baseCorrectParams = {
172 username: 'user2',
173 email: 'test@example.com',
174 password: 'my super password',
175 videoQuota: -1,
176 videoQuotaDaily: -1,
177 role: UserRole.USER,
178 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
179 }
180
181 it('Should fail with a too small username', async function () {
182 const fields = { ...baseCorrectParams, username: '' }
183
184 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
185 })
186
187 it('Should fail with a too long username', async function () {
188 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
189
190 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
191 })
192
193 it('Should fail with a not lowercase username', async function () {
194 const fields = { ...baseCorrectParams, username: 'Toto' }
195
196 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
197 })
198
199 it('Should fail with an incorrect username', async function () {
200 const fields = { ...baseCorrectParams, username: 'my username' }
201
202 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
203 })
204
205 it('Should fail with a missing email', async function () {
206 const fields = omit(baseCorrectParams, 'email')
207
208 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
209 })
210
211 it('Should fail with an invalid email', async function () {
212 const fields = { ...baseCorrectParams, email: 'test_example.com' }
213
214 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
215 })
216
217 it('Should fail with a too small password', async function () {
218 const fields = { ...baseCorrectParams, password: 'bla' }
219
220 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
221 })
222
223 it('Should fail with a too long password', async function () {
224 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
225
226 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
227 })
228
229 it('Should fail with empty password and no smtp configured', async function () {
230 const fields = { ...baseCorrectParams, password: '' }
231
232 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
233 })
234
235 it('Should succeed with no password on a server with smtp enabled', async function () {
236 this.timeout(20000)
237
238 await killallServers([ server ])
239
240 const config = {
241 ...overrideConfig,
242
243 smtp: {
244 hostname: 'localhost',
245 port: emailPort
246 }
247 }
248 await reRunServer(server, config)
249
250 const fields = {
251 ...baseCorrectParams,
252
253 password: '',
254 username: 'create_password',
255 email: 'create_password@example.com'
256 }
257
258 await makePostBodyRequest({
259 url: server.url,
260 path: path,
261 token: server.accessToken,
262 fields,
263 statusCodeExpected: HttpStatusCode.OK_200
264 })
265 })
266
267 it('Should fail with invalid admin flags', async function () {
268 const fields = { ...baseCorrectParams, adminFlags: 'toto' }
269
270 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
271 })
272
273 it('Should fail with an non authenticated user', async function () {
274 await makePostBodyRequest({
275 url: server.url,
276 path,
277 token: 'super token',
278 fields: baseCorrectParams,
279 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
280 })
281 })
282
283 it('Should fail if we add a user with the same username', async function () {
284 const fields = { ...baseCorrectParams, username: 'user1' }
285
286 await makePostBodyRequest({
287 url: server.url,
288 path,
289 token: server.accessToken,
290 fields,
291 statusCodeExpected: HttpStatusCode.CONFLICT_409
292 })
293 })
294
295 it('Should fail if we add a user with the same email', async function () {
296 const fields = { ...baseCorrectParams, email: 'user1@example.com' }
297
298 await makePostBodyRequest({
299 url: server.url,
300 path,
301 token: server.accessToken,
302 fields,
303 statusCodeExpected: HttpStatusCode.CONFLICT_409
304 })
305 })
306
307 it('Should fail without a videoQuota', async function () {
308 const fields = omit(baseCorrectParams, 'videoQuota')
309
310 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
311 })
312
313 it('Should fail without a videoQuotaDaily', async function () {
314 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
315
316 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
317 })
318
319 it('Should fail with an invalid videoQuota', async function () {
320 const fields = { ...baseCorrectParams, videoQuota: -5 }
321
322 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
323 })
324
325 it('Should fail with an invalid videoQuotaDaily', async function () {
326 const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
327
328 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
329 })
330
331 it('Should fail without a user role', async function () {
332 const fields = omit(baseCorrectParams, 'role')
333
334 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
335 })
336
337 it('Should fail with an invalid user role', async function () {
338 const fields = { ...baseCorrectParams, role: 88989 }
339
340 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
341 })
342
343 it('Should fail with a "peertube" username', async function () {
344 const fields = { ...baseCorrectParams, username: 'peertube' }
345
346 await makePostBodyRequest({
347 url: server.url,
348 path,
349 token: server.accessToken,
350 fields,
351 statusCodeExpected: HttpStatusCode.CONFLICT_409
352 })
353 })
354
355 it('Should fail to create a moderator or an admin with a moderator', async function () {
356 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
357 const fields = { ...baseCorrectParams, role }
358
359 await makePostBodyRequest({
360 url: server.url,
361 path,
362 token: moderatorAccessToken,
363 fields,
364 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
365 })
366 }
367 })
368
369 it('Should succeed to create a user with a moderator', async function () {
370 const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
371
372 await makePostBodyRequest({
373 url: server.url,
374 path,
375 token: moderatorAccessToken,
376 fields,
377 statusCodeExpected: HttpStatusCode.OK_200
378 })
379 })
380
381 it('Should succeed with the correct params', async function () {
382 await makePostBodyRequest({
383 url: server.url,
384 path,
385 token: server.accessToken,
386 fields: baseCorrectParams,
387 statusCodeExpected: HttpStatusCode.OK_200
388 })
389 })
390
391 it('Should fail with a non admin user', async function () {
392 const user = {
393 username: 'user1',
394 password: 'my super password'
395 }
396 userAccessToken = await server.loginCommand.getAccessToken(user)
397
398 const fields = {
399 username: 'user3',
400 email: 'test@example.com',
401 password: 'my super password',
402 videoQuota: 42000000
403 }
404 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
405 })
406 })
407
408 describe('When updating my account', function () {
409 it('Should fail with an invalid email attribute', async function () {
410 const fields = {
411 email: 'blabla'
412 }
413
414 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
415 })
416
417 it('Should fail with a too small password', async function () {
418 const fields = {
419 currentPassword: 'my super password',
420 password: 'bla'
421 }
422
423 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
424 })
425
426 it('Should fail with a too long password', async function () {
427 const fields = {
428 currentPassword: 'my super password',
429 password: 'super'.repeat(61)
430 }
431
432 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
433 })
434
435 it('Should fail without the current password', async function () {
436 const fields = {
437 currentPassword: 'my super password',
438 password: 'super'.repeat(61)
439 }
440
441 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
442 })
443
444 it('Should fail with an invalid current password', async function () {
445 const fields = {
446 currentPassword: 'my super password fail',
447 password: 'super'.repeat(61)
448 }
449
450 await makePutBodyRequest({
451 url: server.url,
452 path: path + 'me',
453 token: userAccessToken,
454 fields,
455 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
456 })
457 })
458
459 it('Should fail with an invalid NSFW policy attribute', async function () {
460 const fields = {
461 nsfwPolicy: 'hello'
462 }
463
464 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
465 })
466
467 it('Should fail with an invalid autoPlayVideo attribute', async function () {
468 const fields = {
469 autoPlayVideo: -1
470 }
471
472 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
473 })
474
475 it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
476 const fields = {
477 autoPlayNextVideo: -1
478 }
479
480 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
481 })
482
483 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
484 const fields = {
485 videosHistoryEnabled: -1
486 }
487
488 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
489 })
490
491 it('Should fail with an non authenticated user', async function () {
492 const fields = {
493 currentPassword: 'my super password',
494 password: 'my super password'
495 }
496
497 await makePutBodyRequest({
498 url: server.url,
499 path: path + 'me',
500 token: 'super token',
501 fields,
502 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
503 })
504 })
505
506 it('Should fail with a too long description', async function () {
507 const fields = {
508 description: 'super'.repeat(201)
509 }
510
511 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
512 })
513
514 it('Should fail with an invalid videoLanguages attribute', async function () {
515 {
516 const fields = {
517 videoLanguages: 'toto'
518 }
519
520 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
521 }
522
523 {
524 const languages = []
525 for (let i = 0; i < 1000; i++) {
526 languages.push('fr')
527 }
528
529 const fields = {
530 videoLanguages: languages
531 }
532
533 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
534 }
535 })
536
537 it('Should fail with an invalid theme', async function () {
538 const fields = { theme: 'invalid' }
539 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
540 })
541
542 it('Should fail with an unknown theme', async function () {
543 const fields = { theme: 'peertube-theme-unknown' }
544 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
545 })
546
547 it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () {
548 const fields = {
549 noInstanceConfigWarningModal: -1
550 }
551
552 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
553 })
554
555 it('Should fail with an invalid noWelcomeModal attribute', async function () {
556 const fields = {
557 noWelcomeModal: -1
558 }
559
560 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
561 })
562
563 it('Should succeed to change password with the correct params', async function () {
564 const fields = {
565 currentPassword: 'my super password',
566 password: 'my super password',
567 nsfwPolicy: 'blur',
568 autoPlayVideo: false,
569 email: 'super_email@example.com',
570 theme: 'default',
571 noInstanceConfigWarningModal: true,
572 noWelcomeModal: true
573 }
574
575 await makePutBodyRequest({
576 url: server.url,
577 path: path + 'me',
578 token: userAccessToken,
579 fields,
580 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
581 })
582 })
583
584 it('Should succeed without password change with the correct params', async function () {
585 const fields = {
586 nsfwPolicy: 'blur',
587 autoPlayVideo: false
588 }
589
590 await makePutBodyRequest({
591 url: server.url,
592 path: path + 'me',
593 token: userAccessToken,
594 fields,
595 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
596 })
597 })
598 })
599
600 describe('When updating my avatar', function () {
601 it('Should fail without an incorrect input file', async function () {
602 const fields = {}
603 const attaches = {
604 avatarfile: buildAbsoluteFixturePath('video_short.mp4')
605 }
606 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
607 })
608
609 it('Should fail with a big file', async function () {
610 const fields = {}
611 const attaches = {
612 avatarfile: buildAbsoluteFixturePath('avatar-big.png')
613 }
614 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
615 })
616
617 it('Should fail with an unauthenticated user', async function () {
618 const fields = {}
619 const attaches = {
620 avatarfile: buildAbsoluteFixturePath('avatar.png')
621 }
622 await makeUploadRequest({
623 url: server.url,
624 path: path + '/me/avatar/pick',
625 fields,
626 attaches,
627 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
628 })
629 })
630
631 it('Should succeed with the correct params', async function () {
632 const fields = {}
633 const attaches = {
634 avatarfile: buildAbsoluteFixturePath('avatar.png')
635 }
636 await makeUploadRequest({
637 url: server.url,
638 path: path + '/me/avatar/pick',
639 token: server.accessToken,
640 fields,
641 attaches,
642 statusCodeExpected: HttpStatusCode.OK_200
643 })
644 })
645 })
646
647 describe('When managing my scoped tokens', function () {
648
649 it('Should fail to get my scoped tokens with an non authenticated user', async function () {
650 await getUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401)
651 })
652
653 it('Should fail to get my scoped tokens with a bad token', async function () {
654 await getUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401)
655
656 })
657
658 it('Should succeed to get my scoped tokens', async function () {
659 await getUserScopedTokens(server.url, server.accessToken)
660 })
661
662 it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
663 await renewUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401)
664 })
665
666 it('Should fail to renew my scoped tokens with a bad token', async function () {
667 await renewUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401)
668 })
669
670 it('Should succeed to renew my scoped tokens', async function () {
671 await renewUserScopedTokens(server.url, server.accessToken)
672 })
673 })
674
675 describe('When getting a user', function () {
676
677 it('Should fail with an non authenticated user', async function () {
678 await makeGetRequest({
679 url: server.url,
680 path: path + userId,
681 token: 'super token',
682 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
683 })
684 })
685
686 it('Should fail with a non admin user', async function () {
687 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
688 })
689
690 it('Should succeed with the correct params', async function () {
691 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 })
692 })
693 })
694
695 describe('When updating a user', function () {
696
697 it('Should fail with an invalid email attribute', async function () {
698 const fields = {
699 email: 'blabla'
700 }
701
702 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
703 })
704
705 it('Should fail with an invalid emailVerified attribute', async function () {
706 const fields = {
707 emailVerified: 'yes'
708 }
709
710 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
711 })
712
713 it('Should fail with an invalid videoQuota attribute', async function () {
714 const fields = {
715 videoQuota: -90
716 }
717
718 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
719 })
720
721 it('Should fail with an invalid user role attribute', async function () {
722 const fields = {
723 role: 54878
724 }
725
726 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
727 })
728
729 it('Should fail with a too small password', async function () {
730 const fields = {
731 currentPassword: 'my super password',
732 password: 'bla'
733 }
734
735 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
736 })
737
738 it('Should fail with a too long password', async function () {
739 const fields = {
740 currentPassword: 'my super password',
741 password: 'super'.repeat(61)
742 }
743
744 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
745 })
746
747 it('Should fail with an non authenticated user', async function () {
748 const fields = {
749 videoQuota: 42
750 }
751
752 await makePutBodyRequest({
753 url: server.url,
754 path: path + userId,
755 token: 'super token',
756 fields,
757 statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
758 })
759 })
760
761 it('Should fail when updating root role', async function () {
762 const fields = {
763 role: UserRole.MODERATOR
764 }
765
766 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
767 })
768
769 it('Should fail with invalid admin flags', async function () {
770 const fields = { adminFlags: 'toto' }
771
772 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
773 })
774
775 it('Should fail to update an admin with a moderator', async function () {
776 const fields = {
777 videoQuota: 42
778 }
779
780 await makePutBodyRequest({
781 url: server.url,
782 path: path + moderatorId,
783 token: moderatorAccessToken,
784 fields,
785 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
786 })
787 })
788
789 it('Should succeed to update a user with a moderator', async function () {
790 const fields = {
791 videoQuota: 42
792 }
793
794 await makePutBodyRequest({
795 url: server.url,
796 path: path + userId,
797 token: moderatorAccessToken,
798 fields,
799 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
800 })
801 })
802
803 it('Should succeed with the correct params', async function () {
804 const fields = {
805 email: 'email@example.com',
806 emailVerified: true,
807 videoQuota: 42,
808 role: UserRole.USER
809 }
810
811 await makePutBodyRequest({
812 url: server.url,
813 path: path + userId,
814 token: server.accessToken,
815 fields,
816 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
817 })
818 })
819 })
820
821 describe('When getting my information', function () {
822 it('Should fail with a non authenticated user', async function () {
823 await getMyUserInformation(server.url, 'fake_token', HttpStatusCode.UNAUTHORIZED_401)
824 })
825
826 it('Should success with the correct parameters', async function () {
827 await getMyUserInformation(server.url, userAccessToken)
828 })
829 })
830
831 describe('When getting my video rating', function () {
832 it('Should fail with a non authenticated user', async function () {
833 await getMyUserVideoRating(server.url, 'fake_token', video.id, HttpStatusCode.UNAUTHORIZED_401)
834 })
835
836 it('Should fail with an incorrect video uuid', async function () {
837 await getMyUserVideoRating(server.url, server.accessToken, 'blabla', HttpStatusCode.BAD_REQUEST_400)
838 })
839
840 it('Should fail with an unknown video', async function () {
841 await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', HttpStatusCode.NOT_FOUND_404)
842 })
843
844 it('Should succeed with the correct parameters', async function () {
845 await getMyUserVideoRating(server.url, server.accessToken, video.id)
846 await getMyUserVideoRating(server.url, server.accessToken, video.uuid)
847 await getMyUserVideoRating(server.url, server.accessToken, video.shortUUID)
848 })
849 })
850
851 describe('When retrieving my global ratings', function () {
852 const path = '/api/v1/accounts/user1/ratings'
853
854 it('Should fail with a bad start pagination', async function () {
855 await checkBadStartPagination(server.url, path, userAccessToken)
856 })
857
858 it('Should fail with a bad count pagination', async function () {
859 await checkBadCountPagination(server.url, path, userAccessToken)
860 })
861
862 it('Should fail with an incorrect sort', async function () {
863 await checkBadSortPagination(server.url, path, userAccessToken)
864 })
865
866 it('Should fail with a unauthenticated user', async function () {
867 await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
868 })
869
870 it('Should fail with a another user', async function () {
871 await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 })
872 })
873
874 it('Should fail with a bad type', async function () {
875 await makeGetRequest({
876 url: server.url,
877 path,
878 token: userAccessToken,
879 query: { rating: 'toto ' },
880 statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
881 })
882 })
883
884 it('Should succeed with the correct params', async function () {
885 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.OK_200 })
886 })
887 })
888
889 describe('When blocking/unblocking/removing user', function () {
890 it('Should fail with an incorrect id', async function () {
891 await removeUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
892 await blockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
893 await unblockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400)
894 })
895
896 it('Should fail with the root user', async function () {
897 await removeUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
898 await blockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
899 await unblockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
900 })
901
902 it('Should return 404 with a non existing id', async function () {
903 await removeUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
904 await blockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
905 await unblockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404)
906 })
907
908 it('Should fail with a non admin user', async function () {
909 await removeUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
910 await blockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
911 await unblockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403)
912 })
913
914 it('Should fail on a moderator with a moderator', async function () {
915 await removeUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
916 await blockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
917 await unblockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403)
918 })
919
920 it('Should succeed on a user with a moderator', async function () {
921 await blockUser(server.url, userId, moderatorAccessToken)
922 await unblockUser(server.url, userId, moderatorAccessToken)
923 })
924 })
925
926 describe('When deleting our account', function () {
927 it('Should fail with with the root account', async function () {
928 await deleteMe(server.url, server.accessToken, HttpStatusCode.BAD_REQUEST_400)
929 })
930 })
931
932 describe('When registering a new user', function () {
933 const registrationPath = path + '/register'
934 const baseCorrectParams = {
935 username: 'user3',
936 displayName: 'super user',
937 email: 'test3@example.com',
938 password: 'my super password'
939 }
940
941 it('Should fail with a too small username', async function () {
942 const fields = { ...baseCorrectParams, username: '' }
943
944 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
945 })
946
947 it('Should fail with a too long username', async function () {
948 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
949
950 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
951 })
952
953 it('Should fail with an incorrect username', async function () {
954 const fields = { ...baseCorrectParams, username: 'my username' }
955
956 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
957 })
958
959 it('Should fail with a missing email', async function () {
960 const fields = omit(baseCorrectParams, 'email')
961
962 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
963 })
964
965 it('Should fail with an invalid email', async function () {
966 const fields = { ...baseCorrectParams, email: 'test_example.com' }
967
968 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
969 })
970
971 it('Should fail with a too small password', async function () {
972 const fields = { ...baseCorrectParams, password: 'bla' }
973
974 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
975 })
976
977 it('Should fail with a too long password', async function () {
978 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
979
980 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
981 })
982
983 it('Should fail if we register a user with the same username', async function () {
984 const fields = { ...baseCorrectParams, username: 'root' }
985
986 await makePostBodyRequest({
987 url: server.url,
988 path: registrationPath,
989 token: server.accessToken,
990 fields,
991 statusCodeExpected: HttpStatusCode.CONFLICT_409
992 })
993 })
994
995 it('Should fail with a "peertube" username', async function () {
996 const fields = { ...baseCorrectParams, username: 'peertube' }
997
998 await makePostBodyRequest({
999 url: server.url,
1000 path: registrationPath,
1001 token: server.accessToken,
1002 fields,
1003 statusCodeExpected: HttpStatusCode.CONFLICT_409
1004 })
1005 })
1006
1007 it('Should fail if we register a user with the same email', async function () {
1008 const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
1009
1010 await makePostBodyRequest({
1011 url: server.url,
1012 path: registrationPath,
1013 token: server.accessToken,
1014 fields,
1015 statusCodeExpected: HttpStatusCode.CONFLICT_409
1016 })
1017 })
1018
1019 it('Should fail with a bad display name', async function () {
1020 const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
1021
1022 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1023 })
1024
1025 it('Should fail with a bad channel name', async function () {
1026 const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
1027
1028 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1029 })
1030
1031 it('Should fail with a bad channel display name', async function () {
1032 const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
1033
1034 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1035 })
1036
1037 it('Should fail with a channel name that is the same as username', async function () {
1038 const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
1039 const fields = { ...baseCorrectParams, ...source }
1040
1041 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1042 })
1043
1044 it('Should fail with an existing channel', async function () {
1045 const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
1046 await server.channelsCommand.create({ attributes })
1047
1048 const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
1049
1050 await makePostBodyRequest({
1051 url: server.url,
1052 path: registrationPath,
1053 token: server.accessToken,
1054 fields,
1055 statusCodeExpected: HttpStatusCode.CONFLICT_409
1056 })
1057 })
1058
1059 it('Should succeed with the correct params', async function () {
1060 const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
1061
1062 await makePostBodyRequest({
1063 url: server.url,
1064 path: registrationPath,
1065 token: server.accessToken,
1066 fields: fields,
1067 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1068 })
1069 })
1070
1071 it('Should fail on a server with registration disabled', async function () {
1072 const fields = {
1073 username: 'user4',
1074 email: 'test4@example.com',
1075 password: 'my super password 4'
1076 }
1077
1078 await makePostBodyRequest({
1079 url: serverWithRegistrationDisabled.url,
1080 path: registrationPath,
1081 token: serverWithRegistrationDisabled.accessToken,
1082 fields,
1083 statusCodeExpected: HttpStatusCode.FORBIDDEN_403
1084 })
1085 })
1086 })
1087
1088 describe('When registering multiple users on a server with users limit', function () {
1089 it('Should fail when after 3 registrations', async function () {
1090 await registerUser(server.url, 'user42', 'super password', HttpStatusCode.FORBIDDEN_403)
1091 })
1092 })
1093
1094 describe('When asking a password reset', function () {
1095 const path = '/api/v1/users/ask-reset-password'
1096
1097 it('Should fail with a missing email', async function () {
1098 const fields = {}
1099
1100 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1101 })
1102
1103 it('Should fail with an invalid email', async function () {
1104 const fields = { email: 'hello' }
1105
1106 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1107 })
1108
1109 it('Should success with the correct params', async function () {
1110 const fields = { email: 'admin@example.com' }
1111
1112 await makePostBodyRequest({
1113 url: server.url,
1114 path,
1115 token: server.accessToken,
1116 fields,
1117 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1118 })
1119 })
1120 })
1121
1122 describe('When asking for an account verification email', function () {
1123 const path = '/api/v1/users/ask-send-verify-email'
1124
1125 it('Should fail with a missing email', async function () {
1126 const fields = {}
1127
1128 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1129 })
1130
1131 it('Should fail with an invalid email', async function () {
1132 const fields = { email: 'hello' }
1133
1134 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1135 })
1136
1137 it('Should succeed with the correct params', async function () {
1138 const fields = { email: 'admin@example.com' }
1139
1140 await makePostBodyRequest({
1141 url: server.url,
1142 path,
1143 token: server.accessToken,
1144 fields,
1145 statusCodeExpected: HttpStatusCode.NO_CONTENT_204
1146 })
1147 })
1148 })
1149
1150 after(async function () {
1151 MockSmtpServer.Instance.kill()
1152
1153 await cleanupTests([ server, serverWithRegistrationDisabled ])
1154 })
1155 })
ActivityPub-federated video streaming platform using P2P directly in your web browser