server/tests/api/users/users-email-verification.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import { expect } from 'chai'
   4 import { MockSmtpServer } from '@server/tests/shared'
   5 import { HttpStatusCode } from '@shared/models'
   6 import {
   7   cleanupTests,
   8   ConfigCommand,
   9   createSingleServer,
  10   PeerTubeServer,
  11   setAccessTokensToServers,
  12   waitJobs
  13 } from '@shared/server-commands'
  14
  15 describe('Test users email verification', function () {
  16   let server: PeerTubeServer
  17   let userId: number
  18   let userAccessToken: string
  19   let verificationString: string
  20   let expectedEmailsLength = 0
  21   const user1 = {
  22     username: 'user_1',
  23     password: 'super password'
  24   }
  25   const user2 = {
  26     username: 'user_2',
  27     password: 'super password'
  28   }
  29   const emails: object[] = []
  30
  31   before(async function () {
  32     this.timeout(30000)
  33
  34     const port = await MockSmtpServer.Instance.collectEmails(emails)
  35     server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(port))
  36
  37     await setAccessTokensToServers([ server ])
  38   })
  39
  40   it('Should register user and send verification email if verification required', async function () {
  41     this.timeout(30000)
  42
  43     await server.config.updateExistingSubConfig({
  44       newConfig: {
  45         signup: {
  46           enabled: true,
  47           requiresApproval: false,
  48           requiresEmailVerification: true,
  49           limit: 10
  50         }
  51       }
  52     })
  53
  54     await server.registrations.register(user1)
  55
  56     await waitJobs(server)
  57     expectedEmailsLength++
  58     expect(emails).to.have.lengthOf(expectedEmailsLength)
  59
  60     const email = emails[expectedEmailsLength - 1]
  61
  62     const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
  63     expect(verificationStringMatches).not.to.be.null
  64
  65     verificationString = verificationStringMatches[1]
  66     expect(verificationString).to.have.length.above(2)
  67
  68     const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
  69     expect(userIdMatches).not.to.be.null
  70
  71     userId = parseInt(userIdMatches[1], 10)
  72
  73     const body = await server.users.get({ userId })
  74     expect(body.emailVerified).to.be.false
  75   })
  76
  77   it('Should not allow login for user with unverified email', async function () {
  78     const { detail } = await server.login.login({ user: user1, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  79     expect(detail).to.contain('User email is not verified.')
  80   })
  81
  82   it('Should verify the user via email and allow login', async function () {
  83     await server.users.verifyEmail({ userId, verificationString })
  84
  85     const body = await server.login.login({ user: user1 })
  86     userAccessToken = body.access_token
  87
  88     const user = await server.users.get({ userId })
  89     expect(user.emailVerified).to.be.true
  90   })
  91
  92   it('Should be able to change the user email', async function () {
  93     this.timeout(10000)
  94
  95     let updateVerificationString: string
  96
  97     {
  98       await server.users.updateMe({
  99         token: userAccessToken,
 100         email: 'updated@example.com',
 101         currentPassword: user1.password
 102       })
 103
 104       await waitJobs(server)
 105       expectedEmailsLength++
 106       expect(emails).to.have.lengthOf(expectedEmailsLength)
 107
 108       const email = emails[expectedEmailsLength - 1]
 109
 110       const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
 111       updateVerificationString = verificationStringMatches[1]
 112     }
 113
 114     {
 115       const me = await server.users.getMyInfo({ token: userAccessToken })
 116       expect(me.email).to.equal('user_1@example.com')
 117       expect(me.pendingEmail).to.equal('updated@example.com')
 118     }
 119
 120     {
 121       await server.users.verifyEmail({ userId, verificationString: updateVerificationString, isPendingEmail: true })
 122
 123       const me = await server.users.getMyInfo({ token: userAccessToken })
 124       expect(me.email).to.equal('updated@example.com')
 125       expect(me.pendingEmail).to.be.null
 126     }
 127   })
 128
 129   it('Should register user not requiring email verification if setting not enabled', async function () {
 130     this.timeout(5000)
 131     await server.config.updateExistingSubConfig({
 132       newConfig: {
 133         signup: {
 134           requiresEmailVerification: false
 135         }
 136       }
 137     })
 138
 139     await server.registrations.register(user2)
 140
 141     await waitJobs(server)
 142     expect(emails).to.have.lengthOf(expectedEmailsLength)
 143
 144     const accessToken = await server.login.getAccessToken(user2)
 145
 146     const user = await server.users.getMyInfo({ token: accessToken })
 147     expect(user.emailVerified).to.be.null
 148   })
 149
 150   it('Should allow login for user with unverified email when setting later enabled', async function () {
 151     await server.config.updateCustomSubConfig({
 152       newConfig: {
 153         signup: {
 154           requiresEmailVerification: true
 155         }
 156       }
 157     })
 158
 159     await server.login.getAccessToken(user2)
 160   })
 161
 162   after(async function () {
 163     MockSmtpServer.Instance.kill()
 164
 165     await cleanupTests([ server ])
 166   })
 167 })