1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
4 import * as chai from 'chai'
5 import { testImage } from '@server/tests/shared'
6 import { AbuseState, HttpStatusCode, OAuth2ErrorCode, UserAdminFlag, UserRole, VideoPlaylistType } from '@shared/models'
13 setAccessTokensToServers
14 } from '@shared/server-commands'
16 const expect = chai.expect
18 describe('Test users', function () {
19 let server: PeerTubeServer
26 password: 'super password'
29 before(async function () {
32 server = await createSingleServer(1, {
40 await setAccessTokensToServers([ server ])
42 await server.plugins.install({ npmName: 'peertube-theme-background-red' })
45 describe('OAuth client', function () {
46 it('Should create a new client')
48 it('Should return the first client')
50 it('Should remove the last client')
52 it('Should not login with an invalid client id', async function () {
53 const client = { id: 'client', secret: server.store.client.secret }
54 const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
56 expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
57 expect(body.error).to.contain('client is invalid')
58 expect(body.type.startsWith('https://')).to.be.true
59 expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
62 it('Should not login with an invalid client secret', async function () {
63 const client = { id: server.store.client.id, secret: 'coucou' }
64 const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
66 expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
67 expect(body.error).to.contain('client is invalid')
68 expect(body.type.startsWith('https://')).to.be.true
69 expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
73 describe('Login', function () {
75 it('Should not login with an invalid username', async function () {
76 const user = { username: 'captain crochet', password: server.store.user.password }
77 const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
79 expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
80 expect(body.error).to.contain('credentials are invalid')
81 expect(body.type.startsWith('https://')).to.be.true
82 expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
85 it('Should not login with an invalid password', async function () {
86 const user = { username: server.store.user.username, password: 'mew_three' }
87 const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
89 expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
90 expect(body.error).to.contain('credentials are invalid')
91 expect(body.type.startsWith('https://')).to.be.true
92 expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
95 it('Should not be able to upload a video', async function () {
96 token = 'my_super_token'
98 await server.videos.upload({ token, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
101 it('Should not be able to follow', async function () {
102 token = 'my_super_token'
104 await server.follows.follow({
105 hosts: [ 'http://example.com' ],
107 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
111 it('Should not be able to unfollow')
113 it('Should be able to login', async function () {
114 const body = await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
116 token = body.access_token
119 it('Should be able to login with an insensitive username', async function () {
120 const user = { username: 'RoOt', password: server.store.user.password }
121 await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
123 const user2 = { username: 'rOoT', password: server.store.user.password }
124 await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
126 const user3 = { username: 'ROOt', password: server.store.user.password }
127 await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
131 describe('Logout', function () {
132 it('Should logout (revoke token)', async function () {
133 await server.login.logout({ token: server.accessToken })
136 it('Should not be able to get the user information', async function () {
137 await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
140 it('Should not be able to upload a video', async function () {
141 await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
144 it('Should not be able to rate a video', async function () {
145 const path = '/api/v1/videos/'
152 path: path + videoId,
153 token: 'wrong token',
155 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
157 await makePutBodyRequest(options)
160 it('Should be able to login again', async function () {
161 const body = await server.login.login()
162 server.accessToken = body.access_token
163 server.refreshToken = body.refresh_token
166 it('Should be able to get my user information again', async function () {
167 await server.users.getMyInfo()
170 it('Should have an expired access token', async function () {
173 await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
174 await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
176 await killallServers([ server ])
179 await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
182 it('Should not be able to refresh an access token with an expired refresh token', async function () {
183 await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
186 it('Should refresh the token', async function () {
189 const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
190 await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
192 await killallServers([ server ])
195 const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
196 server.accessToken = res.body.access_token
197 server.refreshToken = res.body.refresh_token
200 it('Should be able to get my user information again', async function () {
201 await server.users.getMyInfo()
205 describe('Creating a user', function () {
207 it('Should be able to create a new user', async function () {
208 await server.users.create({ ...user, videoQuota: 2 * 1024 * 1024, adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST })
211 it('Should be able to login with this user', async function () {
212 userToken = await server.login.getAccessToken(user)
215 it('Should be able to get user information', async function () {
216 const userMe = await server.users.getMyInfo({ token: userToken })
218 const userGet = await server.users.get({ userId: userMe.id, withStats: true })
220 for (const user of [ userMe, userGet ]) {
221 expect(user.username).to.equal('user_1')
222 expect(user.email).to.equal('user_1@example.com')
223 expect(user.nsfwPolicy).to.equal('display')
224 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
225 expect(user.roleLabel).to.equal('User')
226 expect(user.id).to.be.a('number')
227 expect(user.account.displayName).to.equal('user_1')
228 expect(user.account.description).to.be.null
231 expect(userMe.adminFlags).to.equal(UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST)
232 expect(userGet.adminFlags).to.equal(UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST)
234 expect(userMe.specialPlaylists).to.have.lengthOf(1)
235 expect(userMe.specialPlaylists[0].type).to.equal(VideoPlaylistType.WATCH_LATER)
237 // Check stats are included with withStats
238 expect(userGet.videosCount).to.be.a('number')
239 expect(userGet.videosCount).to.equal(0)
240 expect(userGet.videoCommentsCount).to.be.a('number')
241 expect(userGet.videoCommentsCount).to.equal(0)
242 expect(userGet.abusesCount).to.be.a('number')
243 expect(userGet.abusesCount).to.equal(0)
244 expect(userGet.abusesAcceptedCount).to.be.a('number')
245 expect(userGet.abusesAcceptedCount).to.equal(0)
249 describe('Users listing', function () {
251 it('Should list all the users', async function () {
252 const { data, total } = await server.users.list()
254 expect(total).to.equal(2)
255 expect(data).to.be.an('array')
256 expect(data.length).to.equal(2)
259 expect(user.username).to.equal('user_1')
260 expect(user.email).to.equal('user_1@example.com')
261 expect(user.nsfwPolicy).to.equal('display')
263 const rootUser = data[1]
264 expect(rootUser.username).to.equal('root')
265 expect(rootUser.email).to.equal('admin' + server.internalServerNumber + '@example.com')
266 expect(user.nsfwPolicy).to.equal('display')
268 expect(rootUser.lastLoginDate).to.exist
269 expect(user.lastLoginDate).to.exist
274 it('Should list only the first user by username asc', async function () {
275 const { total, data } = await server.users.list({ start: 0, count: 1, sort: 'username' })
277 expect(total).to.equal(2)
278 expect(data.length).to.equal(1)
281 expect(user.username).to.equal('root')
282 expect(user.email).to.equal('admin' + server.internalServerNumber + '@example.com')
283 expect(user.roleLabel).to.equal('Administrator')
284 expect(user.nsfwPolicy).to.equal('display')
287 it('Should list only the first user by username desc', async function () {
288 const { total, data } = await server.users.list({ start: 0, count: 1, sort: '-username' })
290 expect(total).to.equal(2)
291 expect(data.length).to.equal(1)
294 expect(user.username).to.equal('user_1')
295 expect(user.email).to.equal('user_1@example.com')
296 expect(user.nsfwPolicy).to.equal('display')
299 it('Should list only the second user by createdAt desc', async function () {
300 const { data, total } = await server.users.list({ start: 0, count: 1, sort: '-createdAt' })
301 expect(total).to.equal(2)
303 expect(data.length).to.equal(1)
306 expect(user.username).to.equal('user_1')
307 expect(user.email).to.equal('user_1@example.com')
308 expect(user.nsfwPolicy).to.equal('display')
311 it('Should list all the users by createdAt asc', async function () {
312 const { data, total } = await server.users.list({ start: 0, count: 2, sort: 'createdAt' })
314 expect(total).to.equal(2)
315 expect(data.length).to.equal(2)
317 expect(data[0].username).to.equal('root')
318 expect(data[0].email).to.equal('admin' + server.internalServerNumber + '@example.com')
319 expect(data[0].nsfwPolicy).to.equal('display')
321 expect(data[1].username).to.equal('user_1')
322 expect(data[1].email).to.equal('user_1@example.com')
323 expect(data[1].nsfwPolicy).to.equal('display')
326 it('Should search user by username', async function () {
327 const { data, total } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', search: 'oot' })
328 expect(total).to.equal(1)
329 expect(data.length).to.equal(1)
330 expect(data[0].username).to.equal('root')
333 it('Should search user by email', async function () {
335 const { total, data } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', search: 'r_1@exam' })
336 expect(total).to.equal(1)
337 expect(data.length).to.equal(1)
338 expect(data[0].username).to.equal('user_1')
339 expect(data[0].email).to.equal('user_1@example.com')
343 const { total, data } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', search: 'example' })
344 expect(total).to.equal(2)
345 expect(data.length).to.equal(2)
346 expect(data[0].username).to.equal('root')
347 expect(data[1].username).to.equal('user_1')
352 describe('Update my account', function () {
354 it('Should update my password', async function () {
355 await server.users.updateMe({
357 currentPassword: 'super password',
358 password: 'new password'
360 user.password = 'new password'
362 await server.login.login({ user })
365 it('Should be able to change the NSFW display attribute', async function () {
366 await server.users.updateMe({
368 nsfwPolicy: 'do_not_list'
371 const user = await server.users.getMyInfo({ token: userToken })
372 expect(user.username).to.equal('user_1')
373 expect(user.email).to.equal('user_1@example.com')
374 expect(user.nsfwPolicy).to.equal('do_not_list')
375 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
376 expect(user.id).to.be.a('number')
377 expect(user.account.displayName).to.equal('user_1')
378 expect(user.account.description).to.be.null
381 it('Should be able to change the autoPlayVideo attribute', async function () {
382 await server.users.updateMe({
387 const user = await server.users.getMyInfo({ token: userToken })
388 expect(user.autoPlayVideo).to.be.false
391 it('Should be able to change the autoPlayNextVideo attribute', async function () {
392 await server.users.updateMe({
394 autoPlayNextVideo: true
397 const user = await server.users.getMyInfo({ token: userToken })
398 expect(user.autoPlayNextVideo).to.be.true
401 it('Should be able to change the p2p attribute', async function () {
403 await server.users.updateMe({
405 webTorrentEnabled: false
408 const user = await server.users.getMyInfo({ token: userToken })
409 expect(user.p2pEnabled).to.be.false
413 await server.users.updateMe({
418 const user = await server.users.getMyInfo({ token: userToken })
419 expect(user.p2pEnabled).to.be.true
423 it('Should be able to change the email attribute', async function () {
424 await server.users.updateMe({
426 currentPassword: 'new password',
427 email: 'updated@example.com'
430 const user = await server.users.getMyInfo({ token: userToken })
431 expect(user.username).to.equal('user_1')
432 expect(user.email).to.equal('updated@example.com')
433 expect(user.nsfwPolicy).to.equal('do_not_list')
434 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
435 expect(user.id).to.be.a('number')
436 expect(user.account.displayName).to.equal('user_1')
437 expect(user.account.description).to.be.null
440 it('Should be able to update my avatar with a gif', async function () {
441 const fixture = 'avatar.gif'
443 await server.users.updateMyAvatar({ token: userToken, fixture })
445 const user = await server.users.getMyInfo({ token: userToken })
446 for (const avatar of user.account.avatars) {
447 await testImage(server.url, `avatar-resized-${avatar.width}x${avatar.width}`, avatar.path, '.gif')
451 it('Should be able to update my avatar with a gif, and then a png', async function () {
452 for (const extension of [ '.png', '.gif' ]) {
453 const fixture = 'avatar' + extension
455 await server.users.updateMyAvatar({ token: userToken, fixture })
457 const user = await server.users.getMyInfo({ token: userToken })
458 for (const avatar of user.account.avatars) {
459 await testImage(server.url, `avatar-resized-${avatar.width}x${avatar.width}`, avatar.path, extension)
464 it('Should be able to update my display name', async function () {
465 await server.users.updateMe({ token: userToken, displayName: 'new display name' })
467 const user = await server.users.getMyInfo({ token: userToken })
468 expect(user.username).to.equal('user_1')
469 expect(user.email).to.equal('updated@example.com')
470 expect(user.nsfwPolicy).to.equal('do_not_list')
471 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
472 expect(user.id).to.be.a('number')
473 expect(user.account.displayName).to.equal('new display name')
474 expect(user.account.description).to.be.null
477 it('Should be able to update my description', async function () {
478 await server.users.updateMe({ token: userToken, description: 'my super description updated' })
480 const user = await server.users.getMyInfo({ token: userToken })
481 expect(user.username).to.equal('user_1')
482 expect(user.email).to.equal('updated@example.com')
483 expect(user.nsfwPolicy).to.equal('do_not_list')
484 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
485 expect(user.id).to.be.a('number')
486 expect(user.account.displayName).to.equal('new display name')
487 expect(user.account.description).to.equal('my super description updated')
488 expect(user.noWelcomeModal).to.be.false
489 expect(user.noInstanceConfigWarningModal).to.be.false
490 expect(user.noAccountSetupWarningModal).to.be.false
493 it('Should be able to update my theme', async function () {
494 for (const theme of [ 'background-red', 'default', 'instance-default' ]) {
495 await server.users.updateMe({ token: userToken, theme })
497 const user = await server.users.getMyInfo({ token: userToken })
498 expect(user.theme).to.equal(theme)
502 it('Should be able to update my modal preferences', async function () {
503 await server.users.updateMe({
505 noInstanceConfigWarningModal: true,
506 noWelcomeModal: true,
507 noAccountSetupWarningModal: true
510 const user = await server.users.getMyInfo({ token: userToken })
511 expect(user.noWelcomeModal).to.be.true
512 expect(user.noInstanceConfigWarningModal).to.be.true
513 expect(user.noAccountSetupWarningModal).to.be.true
517 describe('Updating another user', function () {
518 it('Should be able to update another user', async function () {
519 await server.users.update({
522 email: 'updated2@example.com',
525 role: UserRole.MODERATOR,
526 adminFlags: UserAdminFlag.NONE,
530 const user = await server.users.get({ token, userId })
532 expect(user.username).to.equal('user_1')
533 expect(user.email).to.equal('updated2@example.com')
534 expect(user.emailVerified).to.be.true
535 expect(user.nsfwPolicy).to.equal('do_not_list')
536 expect(user.videoQuota).to.equal(42)
537 expect(user.roleLabel).to.equal('Moderator')
538 expect(user.id).to.be.a('number')
539 expect(user.adminFlags).to.equal(UserAdminFlag.NONE)
540 expect(user.pluginAuth).to.equal('toto')
543 it('Should reset the auth plugin', async function () {
544 await server.users.update({ userId, token, pluginAuth: null })
546 const user = await server.users.get({ token, userId })
547 expect(user.pluginAuth).to.be.null
550 it('Should have removed the user token', async function () {
551 await server.users.getMyQuotaUsed({ token: userToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
553 userToken = await server.login.getAccessToken(user)
556 it('Should be able to update another user password', async function () {
557 await server.users.update({ userId, token, password: 'password updated' })
559 await server.users.getMyQuotaUsed({ token: userToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
561 await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
563 user.password = 'password updated'
564 userToken = await server.login.getAccessToken(user)
568 describe('Video blacklists', function () {
570 it('Should be able to list my video blacklist', async function () {
571 await server.blacklist.list({ token: userToken })
575 describe('Remove a user', function () {
577 before(async function () {
578 await server.users.update({
581 videoQuota: 2 * 1024 * 1024
584 await server.videos.quickUpload({ name: 'user video', token: userToken, fixture: 'video_short.webm' })
585 await server.videos.quickUpload({ name: 'root video' })
587 const { total } = await server.videos.list()
588 expect(total).to.equal(2)
591 it('Should be able to remove this user', async function () {
592 await server.users.remove({ userId, token })
595 it('Should not be able to login with this user', async function () {
596 await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
599 it('Should not have videos of this user', async function () {
600 const { data, total } = await server.videos.list()
601 expect(total).to.equal(1)
603 const video = data[0]
604 expect(video.account.name).to.equal('root')
608 describe('Registering a new user', function () {
609 let user15AccessToken: string
611 it('Should register a new user', async function () {
612 const user = { displayName: 'super user 15', username: 'user_15', password: 'my super password' }
613 const channel = { name: 'my_user_15_channel', displayName: 'my channel rocks' }
615 await server.users.register({ ...user, channel })
618 it('Should be able to login with this registered user', async function () {
621 password: 'my super password'
624 user15AccessToken = await server.login.getAccessToken(user15)
627 it('Should have the correct display name', async function () {
628 const user = await server.users.getMyInfo({ token: user15AccessToken })
629 expect(user.account.displayName).to.equal('super user 15')
632 it('Should have the correct video quota', async function () {
633 const user = await server.users.getMyInfo({ token: user15AccessToken })
634 expect(user.videoQuota).to.equal(5 * 1024 * 1024)
637 it('Should have created the channel', async function () {
638 const { displayName } = await server.channels.get({ channelName: 'my_user_15_channel' })
640 expect(displayName).to.equal('my channel rocks')
643 it('Should remove me', async function () {
645 const { data } = await server.users.list()
646 expect(data.find(u => u.username === 'user_15')).to.not.be.undefined
649 await server.users.deleteMe({ token: user15AccessToken })
652 const { data } = await server.users.list()
653 expect(data.find(u => u.username === 'user_15')).to.be.undefined
658 describe('User blocking', function () {
660 let user16AccessToken
663 password: 'my super password'
666 it('Should block a user', async function () {
667 const user = await server.users.create({ ...user16 })
670 user16AccessToken = await server.login.getAccessToken(user16)
672 await server.users.getMyInfo({ token: user16AccessToken, expectedStatus: HttpStatusCode.OK_200 })
673 await server.users.banUser({ userId: user16Id })
675 await server.users.getMyInfo({ token: user16AccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
676 await server.login.login({ user: user16, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
679 it('Should search user by banned status', async function () {
681 const { data, total } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', blocked: true })
682 expect(total).to.equal(1)
683 expect(data.length).to.equal(1)
685 expect(data[0].username).to.equal(user16.username)
689 const { data, total } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', blocked: false })
690 expect(total).to.equal(1)
691 expect(data.length).to.equal(1)
693 expect(data[0].username).to.not.equal(user16.username)
697 it('Should unblock a user', async function () {
698 await server.users.unbanUser({ userId: user16Id })
699 user16AccessToken = await server.login.getAccessToken(user16)
700 await server.users.getMyInfo({ token: user16AccessToken, expectedStatus: HttpStatusCode.OK_200 })
704 describe('User stats', function () {
706 let user17AccessToken: string
708 it('Should report correct initial statistics about a user', async function () {
711 password: 'my super password'
713 const created = await server.users.create({ ...user17 })
715 user17Id = created.id
716 user17AccessToken = await server.login.getAccessToken(user17)
718 const user = await server.users.get({ userId: user17Id, withStats: true })
719 expect(user.videosCount).to.equal(0)
720 expect(user.videoCommentsCount).to.equal(0)
721 expect(user.abusesCount).to.equal(0)
722 expect(user.abusesCreatedCount).to.equal(0)
723 expect(user.abusesAcceptedCount).to.equal(0)
726 it('Should report correct videos count', async function () {
727 const attributes = { name: 'video to test user stats' }
728 await server.videos.upload({ token: user17AccessToken, attributes })
730 const { data } = await server.videos.list()
731 videoId = data.find(video => video.name === attributes.name).id
733 const user = await server.users.get({ userId: user17Id, withStats: true })
734 expect(user.videosCount).to.equal(1)
737 it('Should report correct video comments for user', async function () {
738 const text = 'super comment'
739 await server.comments.createThread({ token: user17AccessToken, videoId, text })
741 const user = await server.users.get({ userId: user17Id, withStats: true })
742 expect(user.videoCommentsCount).to.equal(1)
745 it('Should report correct abuses counts', async function () {
746 const reason = 'my super bad reason'
747 await server.abuses.report({ token: user17AccessToken, videoId, reason })
749 const body1 = await server.abuses.getAdminList()
750 const abuseId = body1.data[0].id
752 const user2 = await server.users.get({ userId: user17Id, withStats: true })
753 expect(user2.abusesCount).to.equal(1) // number of incriminations
754 expect(user2.abusesCreatedCount).to.equal(1) // number of reports created
756 await server.abuses.update({ abuseId, body: { state: AbuseState.ACCEPTED } })
758 const user3 = await server.users.get({ userId: user17Id, withStats: true })
759 expect(user3.abusesAcceptedCount).to.equal(1) // number of reports created accepted
763 after(async function () {
764 await cleanupTests([ server ])