server/tests/api/users/users-verification.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import { HttpStatusCode } from '@shared/models'
   6 import { cleanupTests, createSingleServer, MockSmtpServer, PeerTubeServer, setAccessTokensToServers, waitJobs } from '@shared/extra-utils'
   7
   8 const expect = chai.expect
   9
  10 describe('Test users account verification', function () {
  11   let server: PeerTubeServer
  12   let userId: number
  13   let userAccessToken: string
  14   let verificationString: string
  15   let expectedEmailsLength = 0
  16   const user1 = {
  17     username: 'user_1',
  18     password: 'super password'
  19   }
  20   const user2 = {
  21     username: 'user_2',
  22     password: 'super password'
  23   }
  24   const emails: object[] = []
  25
  26   before(async function () {
  27     this.timeout(30000)
  28
  29     const port = await MockSmtpServer.Instance.collectEmails(emails)
  30
  31     const overrideConfig = {
  32       smtp: {
  33         hostname: 'localhost',
  34         port
  35       }
  36     }
  37     server = await createSingleServer(1, overrideConfig)
  38
  39     await setAccessTokensToServers([ server ])
  40   })
  41
  42   it('Should register user and send verification email if verification required', async function () {
  43     this.timeout(30000)
  44
  45     await server.config.updateCustomSubConfig({
  46       newConfig: {
  47         signup: {
  48           enabled: true,
  49           requiresEmailVerification: true,
  50           limit: 10
  51         }
  52       }
  53     })
  54
  55     await server.users.register(user1)
  56
  57     await waitJobs(server)
  58     expectedEmailsLength++
  59     expect(emails).to.have.lengthOf(expectedEmailsLength)
  60
  61     const email = emails[expectedEmailsLength - 1]
  62
  63     const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
  64     expect(verificationStringMatches).not.to.be.null
  65
  66     verificationString = verificationStringMatches[1]
  67     expect(verificationString).to.have.length.above(2)
  68
  69     const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
  70     expect(userIdMatches).not.to.be.null
  71
  72     userId = parseInt(userIdMatches[1], 10)
  73
  74     const body = await server.users.get({ userId })
  75     expect(body.emailVerified).to.be.false
  76   })
  77
  78   it('Should not allow login for user with unverified email', async function () {
  79     const { detail } = await server.login.login({ user: user1, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  80     expect(detail).to.contain('User email is not verified.')
  81   })
  82
  83   it('Should verify the user via email and allow login', async function () {
  84     await server.users.verifyEmail({ userId, verificationString })
  85
  86     const body = await server.login.login({ user: user1 })
  87     userAccessToken = body.access_token
  88
  89     const user = await server.users.get({ userId })
  90     expect(user.emailVerified).to.be.true
  91   })
  92
  93   it('Should be able to change the user email', async function () {
  94     this.timeout(10000)
  95
  96     let updateVerificationString: string
  97
  98     {
  99       await server.users.updateMe({
 100         token: userAccessToken,
 101         email: 'updated@example.com',
 102         currentPassword: user1.password
 103       })
 104
 105       await waitJobs(server)
 106       expectedEmailsLength++
 107       expect(emails).to.have.lengthOf(expectedEmailsLength)
 108
 109       const email = emails[expectedEmailsLength - 1]
 110
 111       const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
 112       updateVerificationString = verificationStringMatches[1]
 113     }
 114
 115     {
 116       const me = await server.users.getMyInfo({ token: userAccessToken })
 117       expect(me.email).to.equal('user_1@example.com')
 118       expect(me.pendingEmail).to.equal('updated@example.com')
 119     }
 120
 121     {
 122       await server.users.verifyEmail({ userId, verificationString: updateVerificationString, isPendingEmail: true })
 123
 124       const me = await server.users.getMyInfo({ token: userAccessToken })
 125       expect(me.email).to.equal('updated@example.com')
 126       expect(me.pendingEmail).to.be.null
 127     }
 128   })
 129
 130   it('Should register user not requiring email verification if setting not enabled', async function () {
 131     this.timeout(5000)
 132     await server.config.updateCustomSubConfig({
 133       newConfig: {
 134         signup: {
 135           enabled: true,
 136           requiresEmailVerification: false,
 137           limit: 10
 138         }
 139       }
 140     })
 141
 142     await server.users.register(user2)
 143
 144     await waitJobs(server)
 145     expect(emails).to.have.lengthOf(expectedEmailsLength)
 146
 147     const accessToken = await server.login.getAccessToken(user2)
 148
 149     const user = await server.users.getMyInfo({ token: accessToken })
 150     expect(user.emailVerified).to.be.null
 151   })
 152
 153   it('Should allow login for user with unverified email when setting later enabled', async function () {
 154     await server.config.updateCustomSubConfig({
 155       newConfig: {
 156         signup: {
 157           enabled: true,
 158           requiresEmailVerification: true,
 159           limit: 10
 160         }
 161       }
 162     })
 163
 164     await server.login.getAccessToken(user2)
 165   })
 166
 167   after(async function () {
 168     MockSmtpServer.Instance.kill()
 169
 170     await cleanupTests([ server ])
 171   })
 172 })