server/tests/api/check-params/users.ts

   1 /* tslint:disable:no-unused-expression */
   2
   3 import { omit } from 'lodash'
   4 import 'mocha'
   5 import { join } from 'path'
   6 import { UserRole, VideoImport, VideoImportState } from '../../../../shared'
   7
   8 import {
   9   createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
  10   makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
  11   updateUser, uploadVideo, userLogin, deleteMe
  12 } from '../../utils'
  13 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
  14 import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../utils/videos/video-imports'
  15 import { VideoPrivacy } from '../../../../shared/models/videos'
  16 import { waitJobs } from '../../utils/server/jobs'
  17 import { expect } from 'chai'
  18
  19 describe('Test users API validators', function () {
  20   const path = '/api/v1/users/'
  21   let userId: number
  22   let rootId: number
  23   let videoId: number
  24   let server: ServerInfo
  25   let serverWithRegistrationDisabled: ServerInfo
  26   let userAccessToken = ''
  27   let channelId: number
  28   const user = {
  29     username: 'user1',
  30     password: 'my super password'
  31   }
  32
  33   // ---------------------------------------------------------------
  34
  35   before(async function () {
  36     this.timeout(30000)
  37
  38     await flushTests()
  39
  40     server = await runServer(1)
  41     serverWithRegistrationDisabled = await runServer(2)
  42
  43     await setAccessTokensToServers([ server ])
  44
  45     const videoQuota = 42000000
  46     await createUser(server.url, server.accessToken, user.username, user.password, videoQuota)
  47     userAccessToken = await userLogin(server, user)
  48
  49     {
  50       const res = await getMyUserInformation(server.url, server.accessToken)
  51       channelId = res.body.videoChannels[ 0 ].id
  52     }
  53
  54     {
  55       const res = await uploadVideo(server.url, server.accessToken, {})
  56       videoId = res.body.video.id
  57     }
  58   })
  59
  60   describe('When listing users', function () {
  61     it('Should fail with a bad start pagination', async function () {
  62       await checkBadStartPagination(server.url, path, server.accessToken)
  63     })
  64
  65     it('Should fail with a bad count pagination', async function () {
  66       await checkBadCountPagination(server.url, path, server.accessToken)
  67     })
  68
  69     it('Should fail with an incorrect sort', async function () {
  70       await checkBadSortPagination(server.url, path, server.accessToken)
  71     })
  72
  73     it('Should fail with a non authenticated user', async function () {
  74       await makeGetRequest({
  75         url: server.url,
  76         path,
  77         statusCodeExpected: 401
  78       })
  79     })
  80
  81     it('Should fail with a non admin user', async function () {
  82       await makeGetRequest({
  83         url: server.url,
  84         path,
  85         token: userAccessToken,
  86         statusCodeExpected: 403
  87       })
  88     })
  89   })
  90
  91   describe('When adding a new user', function () {
  92     const baseCorrectParams = {
  93       username: 'user2',
  94       email: 'test@example.com',
  95       password: 'my super password',
  96       videoQuota: -1,
  97       role: UserRole.USER
  98     }
  99
 100     it('Should fail with a too small username', async function () {
 101       const fields = immutableAssign(baseCorrectParams, { username: 'fi' })
 102
 103       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 104     })
 105
 106     it('Should fail with a too long username', async function () {
 107       const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
 108
 109       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 110     })
 111
 112     it('Should fail with a not lowercase username', async function () {
 113       const fields = immutableAssign(baseCorrectParams, { username: 'Toto' })
 114
 115       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 116     })
 117
 118     it('Should fail with an incorrect username', async function () {
 119       const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
 120
 121       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 122     })
 123
 124     it('Should fail with a missing email', async function () {
 125       const fields = omit(baseCorrectParams, 'email')
 126
 127       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 128     })
 129
 130     it('Should fail with an invalid email', async function () {
 131       const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
 132
 133       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 134     })
 135
 136     it('Should fail with a too small password', async function () {
 137       const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
 138
 139       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 140     })
 141
 142     it('Should fail with a too long password', async function () {
 143       const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
 144
 145       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 146     })
 147
 148     it('Should fail with an non authenticated user', async function () {
 149       await makePostBodyRequest({
 150         url: server.url,
 151         path,
 152         token: 'super token',
 153         fields: baseCorrectParams,
 154         statusCodeExpected: 401
 155       })
 156     })
 157
 158     it('Should fail if we add a user with the same username', async function () {
 159       const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
 160
 161       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
 162     })
 163
 164     it('Should fail if we add a user with the same email', async function () {
 165       const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
 166
 167       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
 168     })
 169
 170     it('Should fail without a videoQuota', async function () {
 171       const fields = omit(baseCorrectParams, 'videoQuota')
 172
 173       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 174     })
 175
 176     it('Should fail with an invalid videoQuota', async function () {
 177       const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
 178
 179       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 180     })
 181
 182     it('Should fail without a user role', async function () {
 183       const fields = omit(baseCorrectParams, 'role')
 184
 185       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 186     })
 187
 188     it('Should fail with an invalid user role', async function () {
 189       const fields = immutableAssign(baseCorrectParams, { role: 88989 })
 190
 191       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 192     })
 193
 194     it('Should fail with a "peertube" username', async function () {
 195       const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
 196
 197       await makePostBodyRequest({
 198         url: server.url,
 199         path,
 200         token: server.accessToken,
 201         fields,
 202         statusCodeExpected: 409
 203       })
 204     })
 205
 206     it('Should succeed with the correct params', async function () {
 207       await makePostBodyRequest({
 208         url: server.url,
 209         path,
 210         token: server.accessToken,
 211         fields: baseCorrectParams,
 212         statusCodeExpected: 200
 213       })
 214     })
 215
 216     it('Should fail with a non admin user', async function () {
 217       const user = {
 218         username: 'user1',
 219         password: 'my super password'
 220       }
 221       userAccessToken = await userLogin(server, user)
 222
 223       const fields = {
 224         username: 'user3',
 225         email: 'test@example.com',
 226         password: 'my super password',
 227         videoQuota: 42000000
 228       }
 229       await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
 230     })
 231   })
 232
 233   describe('When updating my account', function () {
 234     it('Should fail with an invalid email attribute', async function () {
 235       const fields = {
 236         email: 'blabla'
 237       }
 238
 239       await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
 240     })
 241
 242     it('Should fail with a too small password', async function () {
 243       const fields = {
 244         password: 'bla'
 245       }
 246
 247       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
 248     })
 249
 250     it('Should fail with a too long password', async function () {
 251       const fields = {
 252         password: 'super'.repeat(61)
 253       }
 254
 255       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
 256     })
 257
 258     it('Should fail with an invalid NSFW policy attribute', async function () {
 259       const fields = {
 260         nsfwPolicy: 'hello'
 261       }
 262
 263       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
 264     })
 265
 266     it('Should fail with an invalid autoPlayVideo attribute', async function () {
 267       const fields = {
 268         autoPlayVideo: -1
 269       }
 270
 271       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
 272     })
 273
 274     it('Should fail with an non authenticated user', async function () {
 275       const fields = {
 276         password: 'my super password'
 277       }
 278
 279       await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
 280     })
 281
 282     it('Should fail with a too long description', async function () {
 283       const fields = {
 284         description: 'super'.repeat(60)
 285       }
 286
 287       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
 288     })
 289
 290     it('Should succeed with the correct params', async function () {
 291       const fields = {
 292         password: 'my super password',
 293         nsfwPolicy: 'blur',
 294         autoPlayVideo: false,
 295         email: 'super_email@example.com'
 296       }
 297
 298       await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
 299     })
 300   })
 301
 302   describe('When updating my avatar', function () {
 303     it('Should fail without an incorrect input file', async function () {
 304       const fields = {}
 305       const attaches = {
 306         'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
 307       }
 308       await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
 309     })
 310
 311     it('Should fail with a big file', async function () {
 312       const fields = {}
 313       const attaches = {
 314         'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
 315       }
 316       await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
 317     })
 318
 319     it('Should fail with an unauthenticated user', async function () {
 320       const fields = {}
 321       const attaches = {
 322         'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
 323       }
 324       await makeUploadRequest({
 325         url: server.url,
 326         path: path + '/me/avatar/pick',
 327         fields,
 328         attaches,
 329         statusCodeExpected: 401
 330       })
 331     })
 332
 333     it('Should succeed with the correct params', async function () {
 334       const fields = {}
 335       const attaches = {
 336         'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png')
 337       }
 338       await makeUploadRequest({
 339         url: server.url,
 340         path: path + '/me/avatar/pick',
 341         token: server.accessToken,
 342         fields,
 343         attaches,
 344         statusCodeExpected: 200
 345       })
 346     })
 347   })
 348
 349   describe('When getting a user', function () {
 350     before(async function () {
 351       const res = await getUsersList(server.url, server.accessToken)
 352
 353       userId = res.body.data[1].id
 354     })
 355
 356     it('Should fail with an non authenticated user', async function () {
 357       await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
 358     })
 359
 360     it('Should fail with a non admin user', async function () {
 361       await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
 362     })
 363
 364     it('Should succeed with the correct params', async function () {
 365       await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
 366     })
 367   })
 368
 369   describe('When updating a user', function () {
 370
 371     before(async function () {
 372       const res = await getUsersList(server.url, server.accessToken)
 373
 374       userId = res.body.data[1].id
 375       rootId = res.body.data[2].id
 376     })
 377
 378     it('Should fail with an invalid email attribute', async function () {
 379       const fields = {
 380         email: 'blabla'
 381       }
 382
 383       await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
 384     })
 385
 386     it('Should fail with an invalid videoQuota attribute', async function () {
 387       const fields = {
 388         videoQuota: -90
 389       }
 390
 391       await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
 392     })
 393
 394     it('Should fail with an invalid user role attribute', async function () {
 395       const fields = {
 396         role: 54878
 397       }
 398
 399       await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
 400     })
 401
 402     it('Should fail with an non authenticated user', async function () {
 403       const fields = {
 404         videoQuota: 42
 405       }
 406
 407       await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
 408     })
 409
 410     it('Should fail when updating root role', async function () {
 411       const fields = {
 412         role: UserRole.MODERATOR
 413       }
 414
 415       await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
 416     })
 417
 418     it('Should succeed with the correct params', async function () {
 419       const fields = {
 420         email: 'email@example.com',
 421         videoQuota: 42,
 422         role: UserRole.MODERATOR
 423       }
 424
 425       await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
 426       userAccessToken = await userLogin(server, user)
 427     })
 428   })
 429
 430   describe('When getting my information', function () {
 431     it('Should fail with a non authenticated user', async function () {
 432       await getMyUserInformation(server.url, 'fake_token', 401)
 433     })
 434
 435     it('Should success with the correct parameters', async function () {
 436       await getMyUserInformation(server.url, userAccessToken)
 437     })
 438   })
 439
 440   describe('When getting my video rating', function () {
 441     it('Should fail with a non authenticated user', async function () {
 442       await getMyUserVideoRating(server.url, 'fake_token', videoId, 401)
 443     })
 444
 445     it('Should fail with an incorrect video uuid', async function () {
 446       await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400)
 447     })
 448
 449     it('Should fail with an unknown video', async function () {
 450       await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404)
 451     })
 452
 453     it('Should succeed with the correct parameters', async function () {
 454       await getMyUserVideoRating(server.url, server.accessToken, videoId)
 455     })
 456   })
 457
 458   describe('When removing an user', function () {
 459     it('Should fail with an incorrect id', async function () {
 460       await removeUser(server.url, 'blabla', server.accessToken, 400)
 461     })
 462
 463     it('Should fail with the root user', async function () {
 464       await removeUser(server.url, rootId, server.accessToken, 400)
 465     })
 466
 467     it('Should return 404 with a non existing id', async function () {
 468       await removeUser(server.url, 4545454, server.accessToken, 404)
 469     })
 470   })
 471
 472   describe('When deleting our account', function () {
 473     it('Should fail with with the root account', async function () {
 474       await deleteMe(server.url, server.accessToken, 400)
 475     })
 476   })
 477
 478   describe('When register a new user', function () {
 479     const registrationPath = path + '/register'
 480     const baseCorrectParams = {
 481       username: 'user3',
 482       email: 'test3@example.com',
 483       password: 'my super password'
 484     }
 485
 486     it('Should fail with a too small username', async function () {
 487       const fields = immutableAssign(baseCorrectParams, { username: 'ji' })
 488
 489       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 490     })
 491
 492     it('Should fail with a too long username', async function () {
 493       const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' })
 494
 495       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 496     })
 497
 498     it('Should fail with an incorrect username', async function () {
 499       const fields = immutableAssign(baseCorrectParams, { username: 'my username' })
 500
 501       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 502     })
 503
 504     it('Should fail with a missing email', async function () {
 505       const fields = omit(baseCorrectParams, 'email')
 506
 507       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 508     })
 509
 510     it('Should fail with an invalid email', async function () {
 511       const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' })
 512
 513       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 514     })
 515
 516     it('Should fail with a too small password', async function () {
 517       const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
 518
 519       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 520     })
 521
 522     it('Should fail with a too long password', async function () {
 523       const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
 524
 525       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 526     })
 527
 528     it('Should fail if we register a user with the same username', async function () {
 529       const fields = immutableAssign(baseCorrectParams, { username: 'root' })
 530
 531       await makePostBodyRequest({
 532         url: server.url,
 533         path: registrationPath,
 534         token: server.accessToken,
 535         fields,
 536         statusCodeExpected: 409
 537       })
 538     })
 539
 540     it('Should fail with a "peertube" username', async function () {
 541       const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
 542
 543       await makePostBodyRequest({
 544         url: server.url,
 545         path: registrationPath,
 546         token: server.accessToken,
 547         fields,
 548         statusCodeExpected: 409
 549       })
 550     })
 551
 552     it('Should fail if we register a user with the same email', async function () {
 553       const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' })
 554
 555       await makePostBodyRequest({
 556         url: server.url,
 557         path: registrationPath,
 558         token: server.accessToken,
 559         fields,
 560         statusCodeExpected: 409
 561       })
 562     })
 563
 564     it('Should succeed with the correct params', async function () {
 565       await makePostBodyRequest({
 566         url: server.url,
 567         path: registrationPath,
 568         token: server.accessToken,
 569         fields: baseCorrectParams,
 570         statusCodeExpected: 204
 571       })
 572     })
 573
 574     it('Should fail on a server with registration disabled', async function () {
 575       const fields = {
 576         username: 'user4',
 577         email: 'test4@example.com',
 578         password: 'my super password 4'
 579       }
 580
 581       await makePostBodyRequest({
 582         url: serverWithRegistrationDisabled.url,
 583         path: registrationPath,
 584         token: serverWithRegistrationDisabled.accessToken,
 585         fields,
 586         statusCodeExpected: 403
 587       })
 588     })
 589   })
 590
 591   describe('When registering multiple users on a server with users limit', function () {
 592     it('Should fail when after 3 registrations', async function () {
 593       await registerUser(server.url, 'user42', 'super password', 403)
 594     })
 595   })
 596
 597   describe('When having a video quota', function () {
 598     it('Should fail with a user having too many video', async function () {
 599       await updateUser({
 600         url: server.url,
 601         userId: rootId,
 602         accessToken: server.accessToken,
 603         videoQuota: 42
 604       })
 605
 606       await uploadVideo(server.url, server.accessToken, {}, 403)
 607     })
 608
 609     it('Should fail with a registered user having too many video', async function () {
 610       this.timeout(30000)
 611
 612       const user = {
 613         username: 'user3',
 614         password: 'my super password'
 615       }
 616       userAccessToken = await userLogin(server, user)
 617
 618       const videoAttributes = { fixture: 'video_short2.webm' }
 619       await uploadVideo(server.url, userAccessToken, videoAttributes)
 620       await uploadVideo(server.url, userAccessToken, videoAttributes)
 621       await uploadVideo(server.url, userAccessToken, videoAttributes)
 622       await uploadVideo(server.url, userAccessToken, videoAttributes)
 623       await uploadVideo(server.url, userAccessToken, videoAttributes)
 624       await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
 625     })
 626
 627     it('Should fail to import with HTTP/Torrent/magnet', async function () {
 628       this.timeout(120000)
 629
 630       const baseAttributes = {
 631         channelId: 1,
 632         privacy: VideoPrivacy.PUBLIC
 633       }
 634       await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() }))
 635       await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() }))
 636       await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' }))
 637
 638       await waitJobs([ server ])
 639
 640       const res = await getMyVideoImports(server.url, server.accessToken)
 641
 642       expect(res.body.total).to.equal(3)
 643       const videoImports: VideoImport[] = res.body.data
 644       expect(videoImports).to.have.lengthOf(3)
 645
 646       for (const videoImport of videoImports) {
 647         expect(videoImport.state.id).to.equal(VideoImportState.FAILED)
 648         expect(videoImport.error).not.to.be.undefined
 649         expect(videoImport.error).to.contain('user video quota is exceeded')
 650       }
 651     })
 652   })
 653
 654   describe('When asking a password reset', function () {
 655     const path = '/api/v1/users/ask-reset-password'
 656
 657     it('Should fail with a missing email', async function () {
 658       const fields = {}
 659
 660       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 661     })
 662
 663     it('Should fail with an invalid email', async function () {
 664       const fields = { email: 'hello' }
 665
 666       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 667     })
 668
 669     it('Should success with the correct params', async function () {
 670       const fields = { email: 'admin@example.com' }
 671
 672       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
 673     })
 674   })
 675
 676   after(async function () {
 677     killallServers([ server, serverWithRegistrationDisabled ])
 678
 679     // Keep the logs if the test failed
 680     if (this['ok']) {
 681       await flushTests()
 682     }
 683   })
 684 })