server/tests/api/users/users-email-verification.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import { expect } from 'chai'
   4 import { MockSmtpServer } from '@server/tests/shared'
   5 import { HttpStatusCode } from '@shared/models'
   6 import {
   7   cleanupTests,
   8   ConfigCommand,
   9   createSingleServer,
  10   PeerTubeServer,
  11   setAccessTokensToServers,
  12   waitJobs
  13 } from '@shared/server-commands'
  14
  15 describe('Test users email verification', function () {
  16   let server: PeerTubeServer
  17   let userId: number
  18   let userAccessToken: string
  19   let verificationString: string
  20   let expectedEmailsLength = 0
  21   const user1 = {
  22     username: 'user_1',
  23     password: 'super password'
  24   }
  25   const user2 = {
  26     username: 'user_2',
  27     password: 'super password'
  28   }
  29   const emails: object[] = []
  30
  31   before(async function () {
  32     this.timeout(30000)
  33
  34     const port = await MockSmtpServer.Instance.collectEmails(emails)
  35     server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(port))
  36
  37     await setAccessTokensToServers([ server ])
  38   })
  39
  40   it('Should register user and send verification email if verification required', async function () {
  41     this.timeout(30000)
  42
  43     await server.config.updateExistingSubConfig({
  44       newConfig: {
  45         signup: {
  46           enabled: true,
  47           requiresApproval: false,
  48           requiresEmailVerification: true,
  49           limit: 10
  50         }
  51       }
  52     })
  53
  54     await server.registrations.register(user1)
  55
  56     await waitJobs(server)
  57     expectedEmailsLength++
  58     expect(emails).to.have.lengthOf(expectedEmailsLength)
  59
  60     const email = emails[expectedEmailsLength - 1]
  61
  62     const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
  63     expect(verificationStringMatches).not.to.be.null
  64
  65     verificationString = verificationStringMatches[1]
  66     expect(verificationString).to.have.length.above(2)
  67
  68     const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
  69     expect(userIdMatches).not.to.be.null
  70
  71     userId = parseInt(userIdMatches[1], 10)
  72
  73     const body = await server.users.get({ userId })
  74     expect(body.emailVerified).to.be.false
  75   })
  76
  77   it('Should not allow login for user with unverified email', async function () {
  78     const { detail } = await server.login.login({ user: user1, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  79     expect(detail).to.contain('User email is not verified.')
  80   })
  81
  82   it('Should verify the user via email and allow login', async function () {
  83     await server.users.verifyEmail({ userId, verificationString })
  84
  85     const body = await server.login.login({ user: user1 })
  86     userAccessToken = body.access_token
  87
  88     const user = await server.users.get({ userId })
  89     expect(user.emailVerified).to.be.true
  90   })
  91
  92   it('Should be able to change the user email', async function () {
  93     let updateVerificationString: string
  94
  95     {
  96       await server.users.updateMe({
  97         token: userAccessToken,
  98         email: 'updated@example.com',
  99         currentPassword: user1.password
 100       })
 101
 102       await waitJobs(server)
 103       expectedEmailsLength++
 104       expect(emails).to.have.lengthOf(expectedEmailsLength)
 105
 106       const email = emails[expectedEmailsLength - 1]
 107
 108       const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
 109       updateVerificationString = verificationStringMatches[1]
 110     }
 111
 112     {
 113       const me = await server.users.getMyInfo({ token: userAccessToken })
 114       expect(me.email).to.equal('user_1@example.com')
 115       expect(me.pendingEmail).to.equal('updated@example.com')
 116     }
 117
 118     {
 119       await server.users.verifyEmail({ userId, verificationString: updateVerificationString, isPendingEmail: true })
 120
 121       const me = await server.users.getMyInfo({ token: userAccessToken })
 122       expect(me.email).to.equal('updated@example.com')
 123       expect(me.pendingEmail).to.be.null
 124     }
 125   })
 126
 127   it('Should register user not requiring email verification if setting not enabled', async function () {
 128     this.timeout(5000)
 129     await server.config.updateExistingSubConfig({
 130       newConfig: {
 131         signup: {
 132           requiresEmailVerification: false
 133         }
 134       }
 135     })
 136
 137     await server.registrations.register(user2)
 138
 139     await waitJobs(server)
 140     expect(emails).to.have.lengthOf(expectedEmailsLength)
 141
 142     const accessToken = await server.login.getAccessToken(user2)
 143
 144     const user = await server.users.getMyInfo({ token: accessToken })
 145     expect(user.emailVerified).to.be.null
 146   })
 147
 148   it('Should allow login for user with unverified email when setting later enabled', async function () {
 149     await server.config.updateCustomSubConfig({
 150       newConfig: {
 151         signup: {
 152           requiresEmailVerification: true
 153         }
 154       }
 155     })
 156
 157     await server.login.getAccessToken(user2)
 158   })
 159
 160   after(async function () {
 161     MockSmtpServer.Instance.kill()
 162
 163     await cleanupTests([ server ])
 164   })
 165 })