server/tests/api/check-params/users.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2 import { MockSmtpServer } from '@server/tests/shared'
   3 import { omit } from '@shared/core-utils'
   4 import { HttpStatusCode, UserRole } from '@shared/models'
   5 import { cleanupTests, createSingleServer, makePostBodyRequest, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
   6
   7 describe('Test users API validators', function () {
   8   const path = '/api/v1/users/'
   9   let server: PeerTubeServer
  10   let serverWithRegistrationDisabled: PeerTubeServer
  11
  12   // ---------------------------------------------------------------
  13
  14   before(async function () {
  15     this.timeout(30000)
  16
  17     const res = await Promise.all([
  18       createSingleServer(1, { signup: { limit: 3 } }),
  19       createSingleServer(2)
  20     ])
  21
  22     server = res[0]
  23     serverWithRegistrationDisabled = res[1]
  24
  25     await setAccessTokensToServers([ server ])
  26
  27     await server.users.generate('moderator2', UserRole.MODERATOR)
  28   })
  29
  30   describe('When registering a new user', function () {
  31     const registrationPath = path + '/register'
  32     const baseCorrectParams = {
  33       username: 'user3',
  34       displayName: 'super user',
  35       email: 'test3@example.com',
  36       password: 'my super password'
  37     }
  38
  39     it('Should fail with a too small username', async function () {
  40       const fields = { ...baseCorrectParams, username: '' }
  41
  42       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  43     })
  44
  45     it('Should fail with a too long username', async function () {
  46       const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
  47
  48       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  49     })
  50
  51     it('Should fail with an incorrect username', async function () {
  52       const fields = { ...baseCorrectParams, username: 'my username' }
  53
  54       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  55     })
  56
  57     it('Should fail with a missing email', async function () {
  58       const fields = omit(baseCorrectParams, [ 'email' ])
  59
  60       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  61     })
  62
  63     it('Should fail with an invalid email', async function () {
  64       const fields = { ...baseCorrectParams, email: 'test_example.com' }
  65
  66       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  67     })
  68
  69     it('Should fail with a too small password', async function () {
  70       const fields = { ...baseCorrectParams, password: 'bla' }
  71
  72       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  73     })
  74
  75     it('Should fail with a too long password', async function () {
  76       const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
  77
  78       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
  79     })
  80
  81     it('Should fail if we register a user with the same username', async function () {
  82       const fields = { ...baseCorrectParams, username: 'root' }
  83
  84       await makePostBodyRequest({
  85         url: server.url,
  86         path: registrationPath,
  87         token: server.accessToken,
  88         fields,
  89         expectedStatus: HttpStatusCode.CONFLICT_409
  90       })
  91     })
  92
  93     it('Should fail with a "peertube" username', async function () {
  94       const fields = { ...baseCorrectParams, username: 'peertube' }
  95
  96       await makePostBodyRequest({
  97         url: server.url,
  98         path: registrationPath,
  99         token: server.accessToken,
 100         fields,
 101         expectedStatus: HttpStatusCode.CONFLICT_409
 102       })
 103     })
 104
 105     it('Should fail if we register a user with the same email', async function () {
 106       const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
 107
 108       await makePostBodyRequest({
 109         url: server.url,
 110         path: registrationPath,
 111         token: server.accessToken,
 112         fields,
 113         expectedStatus: HttpStatusCode.CONFLICT_409
 114       })
 115     })
 116
 117     it('Should fail with a bad display name', async function () {
 118       const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
 119
 120       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 121     })
 122
 123     it('Should fail with a bad channel name', async function () {
 124       const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
 125
 126       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 127     })
 128
 129     it('Should fail with a bad channel display name', async function () {
 130       const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
 131
 132       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 133     })
 134
 135     it('Should fail with a channel name that is the same as username', async function () {
 136       const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
 137       const fields = { ...baseCorrectParams, ...source }
 138
 139       await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
 140     })
 141
 142     it('Should fail with an existing channel', async function () {
 143       const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
 144       await server.channels.create({ attributes })
 145
 146       const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
 147
 148       await makePostBodyRequest({
 149         url: server.url,
 150         path: registrationPath,
 151         token: server.accessToken,
 152         fields,
 153         expectedStatus: HttpStatusCode.CONFLICT_409
 154       })
 155     })
 156
 157     it('Should succeed with the correct params', async function () {
 158       const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
 159
 160       await makePostBodyRequest({
 161         url: server.url,
 162         path: registrationPath,
 163         token: server.accessToken,
 164         fields,
 165         expectedStatus: HttpStatusCode.NO_CONTENT_204
 166       })
 167     })
 168
 169     it('Should fail on a server with registration disabled', async function () {
 170       const fields = {
 171         username: 'user4',
 172         email: 'test4@example.com',
 173         password: 'my super password 4'
 174       }
 175
 176       await makePostBodyRequest({
 177         url: serverWithRegistrationDisabled.url,
 178         path: registrationPath,
 179         token: serverWithRegistrationDisabled.accessToken,
 180         fields,
 181         expectedStatus: HttpStatusCode.FORBIDDEN_403
 182       })
 183     })
 184   })
 185
 186   describe('When registering multiple users on a server with users limit', function () {
 187
 188     it('Should fail when after 3 registrations', async function () {
 189       await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 190     })
 191
 192   })
 193
 194   describe('When asking a password reset', function () {
 195     const path = '/api/v1/users/ask-reset-password'
 196
 197     it('Should fail with a missing email', async function () {
 198       const fields = {}
 199
 200       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 201     })
 202
 203     it('Should fail with an invalid email', async function () {
 204       const fields = { email: 'hello' }
 205
 206       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 207     })
 208
 209     it('Should success with the correct params', async function () {
 210       const fields = { email: 'admin@example.com' }
 211
 212       await makePostBodyRequest({
 213         url: server.url,
 214         path,
 215         token: server.accessToken,
 216         fields,
 217         expectedStatus: HttpStatusCode.NO_CONTENT_204
 218       })
 219     })
 220   })
 221
 222   describe('When asking for an account verification email', function () {
 223     const path = '/api/v1/users/ask-send-verify-email'
 224
 225     it('Should fail with a missing email', async function () {
 226       const fields = {}
 227
 228       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 229     })
 230
 231     it('Should fail with an invalid email', async function () {
 232       const fields = { email: 'hello' }
 233
 234       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
 235     })
 236
 237     it('Should succeed with the correct params', async function () {
 238       const fields = { email: 'admin@example.com' }
 239
 240       await makePostBodyRequest({
 241         url: server.url,
 242         path,
 243         token: server.accessToken,
 244         fields,
 245         expectedStatus: HttpStatusCode.NO_CONTENT_204
 246       })
 247     })
 248   })
 249
 250   after(async function () {
 251     MockSmtpServer.Instance.kill()
 252
 253     await cleanupTests([ server, serverWithRegistrationDisabled ])
 254   })
 255 })