]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/tests/api/check-params/users.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'next' into develop
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / users.ts
1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2
3 import 'mocha'
4 import { omit } from 'lodash'
5 import {
6 buildAbsoluteFixturePath,
7 checkBadCountPagination,
8 checkBadSortPagination,
9 checkBadStartPagination,
10 cleanupTests,
11 createSingleServer,
12 killallServers,
13 makeGetRequest,
14 makePostBodyRequest,
15 makePutBodyRequest,
16 makeUploadRequest,
17 MockSmtpServer,
18 PeerTubeServer,
19 setAccessTokensToServers,
20 UsersCommand
21 } from '@shared/extra-utils'
22 import { HttpStatusCode, UserAdminFlag, UserRole, VideoCreateResult } from '@shared/models'
23
24 describe('Test users API validators', function () {
25 const path = '/api/v1/users/'
26 let userId: number
27 let rootId: number
28 let moderatorId: number
29 let video: VideoCreateResult
30 let server: PeerTubeServer
31 let serverWithRegistrationDisabled: PeerTubeServer
32 let userToken = ''
33 let moderatorToken = ''
34 let emailPort: number
35 let overrideConfig: Object
36
37 // ---------------------------------------------------------------
38
39 before(async function () {
40 this.timeout(30000)
41
42 const emails: object[] = []
43 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
44
45 overrideConfig = { signup: { limit: 8 } }
46
47 {
48 const res = await Promise.all([
49 createSingleServer(1, overrideConfig),
50 createSingleServer(2)
51 ])
52
53 server = res[0]
54 serverWithRegistrationDisabled = res[1]
55
56 await setAccessTokensToServers([ server ])
57 }
58
59 {
60 const user = { username: 'user1' }
61 await server.users.create({ ...user })
62 userToken = await server.login.getAccessToken(user)
63 }
64
65 {
66 const moderator = { username: 'moderator1' }
67 await server.users.create({ ...moderator, role: UserRole.MODERATOR })
68 moderatorToken = await server.login.getAccessToken(moderator)
69 }
70
71 {
72 const moderator = { username: 'moderator2' }
73 await server.users.create({ ...moderator, role: UserRole.MODERATOR })
74 }
75
76 {
77 video = await server.videos.upload()
78 }
79
80 {
81 const { data } = await server.users.list()
82 userId = data.find(u => u.username === 'user1').id
83 rootId = data.find(u => u.username === 'root').id
84 moderatorId = data.find(u => u.username === 'moderator2').id
85 }
86 })
87
88 describe('When listing users', function () {
89 it('Should fail with a bad start pagination', async function () {
90 await checkBadStartPagination(server.url, path, server.accessToken)
91 })
92
93 it('Should fail with a bad count pagination', async function () {
94 await checkBadCountPagination(server.url, path, server.accessToken)
95 })
96
97 it('Should fail with an incorrect sort', async function () {
98 await checkBadSortPagination(server.url, path, server.accessToken)
99 })
100
101 it('Should fail with a non authenticated user', async function () {
102 await makeGetRequest({
103 url: server.url,
104 path,
105 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
106 })
107 })
108
109 it('Should fail with a non admin user', async function () {
110 await makeGetRequest({
111 url: server.url,
112 path,
113 token: userToken,
114 expectedStatus: HttpStatusCode.FORBIDDEN_403
115 })
116 })
117 })
118
119 describe('When adding a new user', function () {
120 const baseCorrectParams = {
121 username: 'user2',
122 email: 'test@example.com',
123 password: 'my super password',
124 videoQuota: -1,
125 videoQuotaDaily: -1,
126 role: UserRole.USER,
127 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
128 }
129
130 it('Should fail with a too small username', async function () {
131 const fields = { ...baseCorrectParams, username: '' }
132
133 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
134 })
135
136 it('Should fail with a too long username', async function () {
137 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
138
139 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
140 })
141
142 it('Should fail with a not lowercase username', async function () {
143 const fields = { ...baseCorrectParams, username: 'Toto' }
144
145 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
146 })
147
148 it('Should fail with an incorrect username', async function () {
149 const fields = { ...baseCorrectParams, username: 'my username' }
150
151 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
152 })
153
154 it('Should fail with a missing email', async function () {
155 const fields = omit(baseCorrectParams, 'email')
156
157 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
158 })
159
160 it('Should fail with an invalid email', async function () {
161 const fields = { ...baseCorrectParams, email: 'test_example.com' }
162
163 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
164 })
165
166 it('Should fail with a too small password', async function () {
167 const fields = { ...baseCorrectParams, password: 'bla' }
168
169 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
170 })
171
172 it('Should fail with a too long password', async function () {
173 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
174
175 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
176 })
177
178 it('Should fail with empty password and no smtp configured', async function () {
179 const fields = { ...baseCorrectParams, password: '' }
180
181 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
182 })
183
184 it('Should succeed with no password on a server with smtp enabled', async function () {
185 this.timeout(20000)
186
187 await killallServers([ server ])
188
189 const config = {
190 ...overrideConfig,
191
192 smtp: {
193 hostname: 'localhost',
194 port: emailPort
195 }
196 }
197 await server.run(config)
198
199 const fields = {
200 ...baseCorrectParams,
201
202 password: '',
203 username: 'create_password',
204 email: 'create_password@example.com'
205 }
206
207 await makePostBodyRequest({
208 url: server.url,
209 path: path,
210 token: server.accessToken,
211 fields,
212 expectedStatus: HttpStatusCode.OK_200
213 })
214 })
215
216 it('Should fail with invalid admin flags', async function () {
217 const fields = { ...baseCorrectParams, adminFlags: 'toto' }
218
219 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
220 })
221
222 it('Should fail with an non authenticated user', async function () {
223 await makePostBodyRequest({
224 url: server.url,
225 path,
226 token: 'super token',
227 fields: baseCorrectParams,
228 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
229 })
230 })
231
232 it('Should fail if we add a user with the same username', async function () {
233 const fields = { ...baseCorrectParams, username: 'user1' }
234
235 await makePostBodyRequest({
236 url: server.url,
237 path,
238 token: server.accessToken,
239 fields,
240 expectedStatus: HttpStatusCode.CONFLICT_409
241 })
242 })
243
244 it('Should fail if we add a user with the same email', async function () {
245 const fields = { ...baseCorrectParams, email: 'user1@example.com' }
246
247 await makePostBodyRequest({
248 url: server.url,
249 path,
250 token: server.accessToken,
251 fields,
252 expectedStatus: HttpStatusCode.CONFLICT_409
253 })
254 })
255
256 it('Should fail without a videoQuota', async function () {
257 const fields = omit(baseCorrectParams, 'videoQuota')
258
259 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
260 })
261
262 it('Should fail without a videoQuotaDaily', async function () {
263 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
264
265 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
266 })
267
268 it('Should fail with an invalid videoQuota', async function () {
269 const fields = { ...baseCorrectParams, videoQuota: -5 }
270
271 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
272 })
273
274 it('Should fail with an invalid videoQuotaDaily', async function () {
275 const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
276
277 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
278 })
279
280 it('Should fail without a user role', async function () {
281 const fields = omit(baseCorrectParams, 'role')
282
283 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
284 })
285
286 it('Should fail with an invalid user role', async function () {
287 const fields = { ...baseCorrectParams, role: 88989 }
288
289 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
290 })
291
292 it('Should fail with a "peertube" username', async function () {
293 const fields = { ...baseCorrectParams, username: 'peertube' }
294
295 await makePostBodyRequest({
296 url: server.url,
297 path,
298 token: server.accessToken,
299 fields,
300 expectedStatus: HttpStatusCode.CONFLICT_409
301 })
302 })
303
304 it('Should fail to create a moderator or an admin with a moderator', async function () {
305 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
306 const fields = { ...baseCorrectParams, role }
307
308 await makePostBodyRequest({
309 url: server.url,
310 path,
311 token: moderatorToken,
312 fields,
313 expectedStatus: HttpStatusCode.FORBIDDEN_403
314 })
315 }
316 })
317
318 it('Should succeed to create a user with a moderator', async function () {
319 const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
320
321 await makePostBodyRequest({
322 url: server.url,
323 path,
324 token: moderatorToken,
325 fields,
326 expectedStatus: HttpStatusCode.OK_200
327 })
328 })
329
330 it('Should succeed with the correct params', async function () {
331 await makePostBodyRequest({
332 url: server.url,
333 path,
334 token: server.accessToken,
335 fields: baseCorrectParams,
336 expectedStatus: HttpStatusCode.OK_200
337 })
338 })
339
340 it('Should fail with a non admin user', async function () {
341 const user = { username: 'user1' }
342 userToken = await server.login.getAccessToken(user)
343
344 const fields = {
345 username: 'user3',
346 email: 'test@example.com',
347 password: 'my super password',
348 videoQuota: 42000000
349 }
350 await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
351 })
352 })
353
354 describe('When updating my account', function () {
355
356 it('Should fail with an invalid email attribute', async function () {
357 const fields = {
358 email: 'blabla'
359 }
360
361 await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
362 })
363
364 it('Should fail with a too small password', async function () {
365 const fields = {
366 currentPassword: 'password',
367 password: 'bla'
368 }
369
370 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
371 })
372
373 it('Should fail with a too long password', async function () {
374 const fields = {
375 currentPassword: 'password',
376 password: 'super'.repeat(61)
377 }
378
379 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
380 })
381
382 it('Should fail without the current password', async function () {
383 const fields = {
384 currentPassword: 'password',
385 password: 'super'.repeat(61)
386 }
387
388 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
389 })
390
391 it('Should fail with an invalid current password', async function () {
392 const fields = {
393 currentPassword: 'my super password fail',
394 password: 'super'.repeat(61)
395 }
396
397 await makePutBodyRequest({
398 url: server.url,
399 path: path + 'me',
400 token: userToken,
401 fields,
402 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
403 })
404 })
405
406 it('Should fail with an invalid NSFW policy attribute', async function () {
407 const fields = {
408 nsfwPolicy: 'hello'
409 }
410
411 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
412 })
413
414 it('Should fail with an invalid autoPlayVideo attribute', async function () {
415 const fields = {
416 autoPlayVideo: -1
417 }
418
419 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
420 })
421
422 it('Should fail with an invalid autoPlayNextVideo attribute', async function () {
423 const fields = {
424 autoPlayNextVideo: -1
425 }
426
427 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
428 })
429
430 it('Should fail with an invalid videosHistoryEnabled attribute', async function () {
431 const fields = {
432 videosHistoryEnabled: -1
433 }
434
435 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
436 })
437
438 it('Should fail with an non authenticated user', async function () {
439 const fields = {
440 currentPassword: 'password',
441 password: 'my super password'
442 }
443
444 await makePutBodyRequest({
445 url: server.url,
446 path: path + 'me',
447 token: 'super token',
448 fields,
449 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
450 })
451 })
452
453 it('Should fail with a too long description', async function () {
454 const fields = {
455 description: 'super'.repeat(201)
456 }
457
458 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
459 })
460
461 it('Should fail with an invalid videoLanguages attribute', async function () {
462 {
463 const fields = {
464 videoLanguages: 'toto'
465 }
466
467 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
468 }
469
470 {
471 const languages = []
472 for (let i = 0; i < 1000; i++) {
473 languages.push('fr')
474 }
475
476 const fields = {
477 videoLanguages: languages
478 }
479
480 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
481 }
482 })
483
484 it('Should fail with an invalid theme', async function () {
485 const fields = { theme: 'invalid' }
486 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
487 })
488
489 it('Should fail with an unknown theme', async function () {
490 const fields = { theme: 'peertube-theme-unknown' }
491 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
492 })
493
494 it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () {
495 const fields = {
496 noInstanceConfigWarningModal: -1
497 }
498
499 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
500 })
501
502 it('Should fail with an invalid noWelcomeModal attribute', async function () {
503 const fields = {
504 noWelcomeModal: -1
505 }
506
507 await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields })
508 })
509
510 it('Should succeed to change password with the correct params', async function () {
511 const fields = {
512 currentPassword: 'password',
513 password: 'my super password',
514 nsfwPolicy: 'blur',
515 autoPlayVideo: false,
516 email: 'super_email@example.com',
517 theme: 'default',
518 noInstanceConfigWarningModal: true,
519 noWelcomeModal: true
520 }
521
522 await makePutBodyRequest({
523 url: server.url,
524 path: path + 'me',
525 token: userToken,
526 fields,
527 expectedStatus: HttpStatusCode.NO_CONTENT_204
528 })
529 })
530
531 it('Should succeed without password change with the correct params', async function () {
532 const fields = {
533 nsfwPolicy: 'blur',
534 autoPlayVideo: false
535 }
536
537 await makePutBodyRequest({
538 url: server.url,
539 path: path + 'me',
540 token: userToken,
541 fields,
542 expectedStatus: HttpStatusCode.NO_CONTENT_204
543 })
544 })
545 })
546
547 describe('When updating my avatar', function () {
548 it('Should fail without an incorrect input file', async function () {
549 const fields = {}
550 const attaches = {
551 avatarfile: buildAbsoluteFixturePath('video_short.mp4')
552 }
553 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
554 })
555
556 it('Should fail with a big file', async function () {
557 const fields = {}
558 const attaches = {
559 avatarfile: buildAbsoluteFixturePath('avatar-big.png')
560 }
561 await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches })
562 })
563
564 it('Should fail with an unauthenticated user', async function () {
565 const fields = {}
566 const attaches = {
567 avatarfile: buildAbsoluteFixturePath('avatar.png')
568 }
569 await makeUploadRequest({
570 url: server.url,
571 path: path + '/me/avatar/pick',
572 fields,
573 attaches,
574 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
575 })
576 })
577
578 it('Should succeed with the correct params', async function () {
579 const fields = {}
580 const attaches = {
581 avatarfile: buildAbsoluteFixturePath('avatar.png')
582 }
583 await makeUploadRequest({
584 url: server.url,
585 path: path + '/me/avatar/pick',
586 token: server.accessToken,
587 fields,
588 attaches,
589 expectedStatus: HttpStatusCode.OK_200
590 })
591 })
592 })
593
594 describe('When managing my scoped tokens', function () {
595
596 it('Should fail to get my scoped tokens with an non authenticated user', async function () {
597 await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
598 })
599
600 it('Should fail to get my scoped tokens with a bad token', async function () {
601 await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
602
603 })
604
605 it('Should succeed to get my scoped tokens', async function () {
606 await server.users.getMyScopedTokens()
607 })
608
609 it('Should fail to renew my scoped tokens with an non authenticated user', async function () {
610 await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
611 })
612
613 it('Should fail to renew my scoped tokens with a bad token', async function () {
614 await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
615 })
616
617 it('Should succeed to renew my scoped tokens', async function () {
618 await server.users.renewMyScopedTokens()
619 })
620 })
621
622 describe('When getting a user', function () {
623
624 it('Should fail with an non authenticated user', async function () {
625 await makeGetRequest({
626 url: server.url,
627 path: path + userId,
628 token: 'super token',
629 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
630 })
631 })
632
633 it('Should fail with a non admin user', async function () {
634 await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
635 })
636
637 it('Should succeed with the correct params', async function () {
638 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
639 })
640 })
641
642 describe('When updating a user', function () {
643
644 it('Should fail with an invalid email attribute', async function () {
645 const fields = {
646 email: 'blabla'
647 }
648
649 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
650 })
651
652 it('Should fail with an invalid emailVerified attribute', async function () {
653 const fields = {
654 emailVerified: 'yes'
655 }
656
657 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
658 })
659
660 it('Should fail with an invalid videoQuota attribute', async function () {
661 const fields = {
662 videoQuota: -90
663 }
664
665 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
666 })
667
668 it('Should fail with an invalid user role attribute', async function () {
669 const fields = {
670 role: 54878
671 }
672
673 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
674 })
675
676 it('Should fail with a too small password', async function () {
677 const fields = {
678 currentPassword: 'password',
679 password: 'bla'
680 }
681
682 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
683 })
684
685 it('Should fail with a too long password', async function () {
686 const fields = {
687 currentPassword: 'password',
688 password: 'super'.repeat(61)
689 }
690
691 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
692 })
693
694 it('Should fail with an non authenticated user', async function () {
695 const fields = {
696 videoQuota: 42
697 }
698
699 await makePutBodyRequest({
700 url: server.url,
701 path: path + userId,
702 token: 'super token',
703 fields,
704 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
705 })
706 })
707
708 it('Should fail when updating root role', async function () {
709 const fields = {
710 role: UserRole.MODERATOR
711 }
712
713 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
714 })
715
716 it('Should fail with invalid admin flags', async function () {
717 const fields = { adminFlags: 'toto' }
718
719 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
720 })
721
722 it('Should fail to update an admin with a moderator', async function () {
723 const fields = {
724 videoQuota: 42
725 }
726
727 await makePutBodyRequest({
728 url: server.url,
729 path: path + moderatorId,
730 token: moderatorToken,
731 fields,
732 expectedStatus: HttpStatusCode.FORBIDDEN_403
733 })
734 })
735
736 it('Should succeed to update a user with a moderator', async function () {
737 const fields = {
738 videoQuota: 42
739 }
740
741 await makePutBodyRequest({
742 url: server.url,
743 path: path + userId,
744 token: moderatorToken,
745 fields,
746 expectedStatus: HttpStatusCode.NO_CONTENT_204
747 })
748 })
749
750 it('Should succeed with the correct params', async function () {
751 const fields = {
752 email: 'email@example.com',
753 emailVerified: true,
754 videoQuota: 42,
755 role: UserRole.USER
756 }
757
758 await makePutBodyRequest({
759 url: server.url,
760 path: path + userId,
761 token: server.accessToken,
762 fields,
763 expectedStatus: HttpStatusCode.NO_CONTENT_204
764 })
765 })
766 })
767
768 describe('When getting my information', function () {
769 it('Should fail with a non authenticated user', async function () {
770 await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
771 })
772
773 it('Should success with the correct parameters', async function () {
774 await server.users.getMyInfo({ token: userToken })
775 })
776 })
777
778 describe('When getting my video rating', function () {
779 let command: UsersCommand
780
781 before(function () {
782 command = server.users
783 })
784
785 it('Should fail with a non authenticated user', async function () {
786 await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
787 })
788
789 it('Should fail with an incorrect video uuid', async function () {
790 await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
791 })
792
793 it('Should fail with an unknown video', async function () {
794 await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 })
795 })
796
797 it('Should succeed with the correct parameters', async function () {
798 await command.getMyRating({ videoId: video.id })
799 await command.getMyRating({ videoId: video.uuid })
800 await command.getMyRating({ videoId: video.shortUUID })
801 })
802 })
803
804 describe('When retrieving my global ratings', function () {
805 const path = '/api/v1/accounts/user1/ratings'
806
807 it('Should fail with a bad start pagination', async function () {
808 await checkBadStartPagination(server.url, path, userToken)
809 })
810
811 it('Should fail with a bad count pagination', async function () {
812 await checkBadCountPagination(server.url, path, userToken)
813 })
814
815 it('Should fail with an incorrect sort', async function () {
816 await checkBadSortPagination(server.url, path, userToken)
817 })
818
819 it('Should fail with a unauthenticated user', async function () {
820 await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
821 })
822
823 it('Should fail with a another user', async function () {
824 await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
825 })
826
827 it('Should fail with a bad type', async function () {
828 await makeGetRequest({
829 url: server.url,
830 path,
831 token: userToken,
832 query: { rating: 'toto ' },
833 expectedStatus: HttpStatusCode.BAD_REQUEST_400
834 })
835 })
836
837 it('Should succeed with the correct params', async function () {
838 await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 })
839 })
840 })
841
842 describe('When blocking/unblocking/removing user', function () {
843
844 it('Should fail with an incorrect id', async function () {
845 const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
846
847 await server.users.remove(options)
848 await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
849 await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
850 })
851
852 it('Should fail with the root user', async function () {
853 const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
854
855 await server.users.remove(options)
856 await server.users.banUser(options)
857 await server.users.unbanUser(options)
858 })
859
860 it('Should return 404 with a non existing id', async function () {
861 const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 }
862
863 await server.users.remove(options)
864 await server.users.banUser(options)
865 await server.users.unbanUser(options)
866 })
867
868 it('Should fail with a non admin user', async function () {
869 const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
870
871 await server.users.remove(options)
872 await server.users.banUser(options)
873 await server.users.unbanUser(options)
874 })
875
876 it('Should fail on a moderator with a moderator', async function () {
877 const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
878
879 await server.users.remove(options)
880 await server.users.banUser(options)
881 await server.users.unbanUser(options)
882 })
883
884 it('Should succeed on a user with a moderator', async function () {
885 const options = { userId, token: moderatorToken }
886
887 await server.users.banUser(options)
888 await server.users.unbanUser(options)
889 })
890 })
891
892 describe('When deleting our account', function () {
893 it('Should fail with with the root account', async function () {
894 await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
895 })
896 })
897
898 describe('When registering a new user', function () {
899 const registrationPath = path + '/register'
900 const baseCorrectParams = {
901 username: 'user3',
902 displayName: 'super user',
903 email: 'test3@example.com',
904 password: 'my super password'
905 }
906
907 it('Should fail with a too small username', async function () {
908 const fields = { ...baseCorrectParams, username: '' }
909
910 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
911 })
912
913 it('Should fail with a too long username', async function () {
914 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
915
916 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
917 })
918
919 it('Should fail with an incorrect username', async function () {
920 const fields = { ...baseCorrectParams, username: 'my username' }
921
922 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
923 })
924
925 it('Should fail with a missing email', async function () {
926 const fields = omit(baseCorrectParams, 'email')
927
928 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
929 })
930
931 it('Should fail with an invalid email', async function () {
932 const fields = { ...baseCorrectParams, email: 'test_example.com' }
933
934 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
935 })
936
937 it('Should fail with a too small password', async function () {
938 const fields = { ...baseCorrectParams, password: 'bla' }
939
940 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
941 })
942
943 it('Should fail with a too long password', async function () {
944 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
945
946 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
947 })
948
949 it('Should fail if we register a user with the same username', async function () {
950 const fields = { ...baseCorrectParams, username: 'root' }
951
952 await makePostBodyRequest({
953 url: server.url,
954 path: registrationPath,
955 token: server.accessToken,
956 fields,
957 expectedStatus: HttpStatusCode.CONFLICT_409
958 })
959 })
960
961 it('Should fail with a "peertube" username', async function () {
962 const fields = { ...baseCorrectParams, username: 'peertube' }
963
964 await makePostBodyRequest({
965 url: server.url,
966 path: registrationPath,
967 token: server.accessToken,
968 fields,
969 expectedStatus: HttpStatusCode.CONFLICT_409
970 })
971 })
972
973 it('Should fail if we register a user with the same email', async function () {
974 const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
975
976 await makePostBodyRequest({
977 url: server.url,
978 path: registrationPath,
979 token: server.accessToken,
980 fields,
981 expectedStatus: HttpStatusCode.CONFLICT_409
982 })
983 })
984
985 it('Should fail with a bad display name', async function () {
986 const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
987
988 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
989 })
990
991 it('Should fail with a bad channel name', async function () {
992 const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
993
994 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
995 })
996
997 it('Should fail with a bad channel display name', async function () {
998 const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
999
1000 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1001 })
1002
1003 it('Should fail with a channel name that is the same as username', async function () {
1004 const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
1005 const fields = { ...baseCorrectParams, ...source }
1006
1007 await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
1008 })
1009
1010 it('Should fail with an existing channel', async function () {
1011 const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
1012 await server.channels.create({ attributes })
1013
1014 const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
1015
1016 await makePostBodyRequest({
1017 url: server.url,
1018 path: registrationPath,
1019 token: server.accessToken,
1020 fields,
1021 expectedStatus: HttpStatusCode.CONFLICT_409
1022 })
1023 })
1024
1025 it('Should succeed with the correct params', async function () {
1026 const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
1027
1028 await makePostBodyRequest({
1029 url: server.url,
1030 path: registrationPath,
1031 token: server.accessToken,
1032 fields: fields,
1033 expectedStatus: HttpStatusCode.NO_CONTENT_204
1034 })
1035 })
1036
1037 it('Should fail on a server with registration disabled', async function () {
1038 const fields = {
1039 username: 'user4',
1040 email: 'test4@example.com',
1041 password: 'my super password 4'
1042 }
1043
1044 await makePostBodyRequest({
1045 url: serverWithRegistrationDisabled.url,
1046 path: registrationPath,
1047 token: serverWithRegistrationDisabled.accessToken,
1048 fields,
1049 expectedStatus: HttpStatusCode.FORBIDDEN_403
1050 })
1051 })
1052 })
1053
1054 describe('When registering multiple users on a server with users limit', function () {
1055 it('Should fail when after 3 registrations', async function () {
1056 await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
1057 })
1058 })
1059
1060 describe('When asking a password reset', function () {
1061 const path = '/api/v1/users/ask-reset-password'
1062
1063 it('Should fail with a missing email', async function () {
1064 const fields = {}
1065
1066 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1067 })
1068
1069 it('Should fail with an invalid email', async function () {
1070 const fields = { email: 'hello' }
1071
1072 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1073 })
1074
1075 it('Should success with the correct params', async function () {
1076 const fields = { email: 'admin@example.com' }
1077
1078 await makePostBodyRequest({
1079 url: server.url,
1080 path,
1081 token: server.accessToken,
1082 fields,
1083 expectedStatus: HttpStatusCode.NO_CONTENT_204
1084 })
1085 })
1086 })
1087
1088 describe('When asking for an account verification email', function () {
1089 const path = '/api/v1/users/ask-send-verify-email'
1090
1091 it('Should fail with a missing email', async function () {
1092 const fields = {}
1093
1094 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1095 })
1096
1097 it('Should fail with an invalid email', async function () {
1098 const fields = { email: 'hello' }
1099
1100 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
1101 })
1102
1103 it('Should succeed with the correct params', async function () {
1104 const fields = { email: 'admin@example.com' }
1105
1106 await makePostBodyRequest({
1107 url: server.url,
1108 path,
1109 token: server.accessToken,
1110 fields,
1111 expectedStatus: HttpStatusCode.NO_CONTENT_204
1112 })
1113 })
1114 })
1115
1116 after(async function () {
1117 MockSmtpServer.Instance.kill()
1118
1119 await cleanupTests([ server, serverWithRegistrationDisabled ])
1120 })
1121 })
ActivityPub-federated video streaming platform using P2P directly in your web browser