1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
3 import { expect } from 'chai'
4 import { testImage } from '@server/tests/shared'
5 import { AbuseState, HttpStatusCode, OAuth2ErrorCode, UserAdminFlag, UserRole, VideoPlaylistType } from '@shared/models'
12 setAccessTokensToServers
13 } from '@shared/server-commands'
15 describe('Test users', function () {
16 let server: PeerTubeServer
23 password: 'super password'
26 before(async function () {
29 server = await createSingleServer(1, {
37 await setAccessTokensToServers([ server ])
39 await server.plugins.install({ npmName: 'peertube-theme-background-red' })
42 describe('OAuth client', function () {
43 it('Should create a new client')
45 it('Should return the first client')
47 it('Should remove the last client')
49 it('Should not login with an invalid client id', async function () {
50 const client = { id: 'client', secret: server.store.client.secret }
51 const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
53 expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
54 expect(body.error).to.contain('client is invalid')
55 expect(body.type.startsWith('https://')).to.be.true
56 expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
59 it('Should not login with an invalid client secret', async function () {
60 const client = { id: server.store.client.id, secret: 'coucou' }
61 const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
63 expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
64 expect(body.error).to.contain('client is invalid')
65 expect(body.type.startsWith('https://')).to.be.true
66 expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
70 describe('Login', function () {
72 it('Should not login with an invalid username', async function () {
73 const user = { username: 'captain crochet', password: server.store.user.password }
74 const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
76 expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
77 expect(body.error).to.contain('credentials are invalid')
78 expect(body.type.startsWith('https://')).to.be.true
79 expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
82 it('Should not login with an invalid password', async function () {
83 const user = { username: server.store.user.username, password: 'mew_three' }
84 const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
86 expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
87 expect(body.error).to.contain('credentials are invalid')
88 expect(body.type.startsWith('https://')).to.be.true
89 expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
92 it('Should not be able to upload a video', async function () {
93 token = 'my_super_token'
95 await server.videos.upload({ token, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
98 it('Should not be able to follow', async function () {
99 token = 'my_super_token'
101 await server.follows.follow({
102 hosts: [ 'http://example.com' ],
104 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
108 it('Should not be able to unfollow')
110 it('Should be able to login', async function () {
111 const body = await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
113 token = body.access_token
116 it('Should be able to login with an insensitive username', async function () {
117 const user = { username: 'RoOt', password: server.store.user.password }
118 await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
120 const user2 = { username: 'rOoT', password: server.store.user.password }
121 await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
123 const user3 = { username: 'ROOt', password: server.store.user.password }
124 await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
128 describe('Logout', function () {
129 it('Should logout (revoke token)', async function () {
130 await server.login.logout({ token: server.accessToken })
133 it('Should not be able to get the user information', async function () {
134 await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
137 it('Should not be able to upload a video', async function () {
138 await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
141 it('Should not be able to rate a video', async function () {
142 const path = '/api/v1/videos/'
149 path: path + videoId,
150 token: 'wrong token',
152 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
154 await makePutBodyRequest(options)
157 it('Should be able to login again', async function () {
158 const body = await server.login.login()
159 server.accessToken = body.access_token
160 server.refreshToken = body.refresh_token
163 it('Should be able to get my user information again', async function () {
164 await server.users.getMyInfo()
167 it('Should have an expired access token', async function () {
170 await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
171 await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
173 await killallServers([ server ])
176 await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
179 it('Should not be able to refresh an access token with an expired refresh token', async function () {
180 await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
183 it('Should refresh the token', async function () {
186 const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
187 await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
189 await killallServers([ server ])
192 const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
193 server.accessToken = res.body.access_token
194 server.refreshToken = res.body.refresh_token
197 it('Should be able to get my user information again', async function () {
198 await server.users.getMyInfo()
202 describe('Creating a user', function () {
204 it('Should be able to create a new user', async function () {
205 await server.users.create({ ...user, videoQuota: 2 * 1024 * 1024, adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST })
208 it('Should be able to login with this user', async function () {
209 userToken = await server.login.getAccessToken(user)
212 it('Should be able to get user information', async function () {
213 const userMe = await server.users.getMyInfo({ token: userToken })
215 const userGet = await server.users.get({ userId: userMe.id, withStats: true })
217 for (const user of [ userMe, userGet ]) {
218 expect(user.username).to.equal('user_1')
219 expect(user.email).to.equal('user_1@example.com')
220 expect(user.nsfwPolicy).to.equal('display')
221 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
222 expect(user.roleLabel).to.equal('User')
223 expect(user.id).to.be.a('number')
224 expect(user.account.displayName).to.equal('user_1')
225 expect(user.account.description).to.be.null
228 expect(userMe.adminFlags).to.equal(UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST)
229 expect(userGet.adminFlags).to.equal(UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST)
231 expect(userMe.specialPlaylists).to.have.lengthOf(1)
232 expect(userMe.specialPlaylists[0].type).to.equal(VideoPlaylistType.WATCH_LATER)
234 // Check stats are included with withStats
235 expect(userGet.videosCount).to.be.a('number')
236 expect(userGet.videosCount).to.equal(0)
237 expect(userGet.videoCommentsCount).to.be.a('number')
238 expect(userGet.videoCommentsCount).to.equal(0)
239 expect(userGet.abusesCount).to.be.a('number')
240 expect(userGet.abusesCount).to.equal(0)
241 expect(userGet.abusesAcceptedCount).to.be.a('number')
242 expect(userGet.abusesAcceptedCount).to.equal(0)
246 describe('Users listing', function () {
248 it('Should list all the users', async function () {
249 const { data, total } = await server.users.list()
251 expect(total).to.equal(2)
252 expect(data).to.be.an('array')
253 expect(data.length).to.equal(2)
256 expect(user.username).to.equal('user_1')
257 expect(user.email).to.equal('user_1@example.com')
258 expect(user.nsfwPolicy).to.equal('display')
260 const rootUser = data[1]
261 expect(rootUser.username).to.equal('root')
262 expect(rootUser.email).to.equal('admin' + server.internalServerNumber + '@example.com')
263 expect(user.nsfwPolicy).to.equal('display')
265 expect(rootUser.lastLoginDate).to.exist
266 expect(user.lastLoginDate).to.exist
271 it('Should list only the first user by username asc', async function () {
272 const { total, data } = await server.users.list({ start: 0, count: 1, sort: 'username' })
274 expect(total).to.equal(2)
275 expect(data.length).to.equal(1)
278 expect(user.username).to.equal('root')
279 expect(user.email).to.equal('admin' + server.internalServerNumber + '@example.com')
280 expect(user.roleLabel).to.equal('Administrator')
281 expect(user.nsfwPolicy).to.equal('display')
284 it('Should list only the first user by username desc', async function () {
285 const { total, data } = await server.users.list({ start: 0, count: 1, sort: '-username' })
287 expect(total).to.equal(2)
288 expect(data.length).to.equal(1)
291 expect(user.username).to.equal('user_1')
292 expect(user.email).to.equal('user_1@example.com')
293 expect(user.nsfwPolicy).to.equal('display')
296 it('Should list only the second user by createdAt desc', async function () {
297 const { data, total } = await server.users.list({ start: 0, count: 1, sort: '-createdAt' })
298 expect(total).to.equal(2)
300 expect(data.length).to.equal(1)
303 expect(user.username).to.equal('user_1')
304 expect(user.email).to.equal('user_1@example.com')
305 expect(user.nsfwPolicy).to.equal('display')
308 it('Should list all the users by createdAt asc', async function () {
309 const { data, total } = await server.users.list({ start: 0, count: 2, sort: 'createdAt' })
311 expect(total).to.equal(2)
312 expect(data.length).to.equal(2)
314 expect(data[0].username).to.equal('root')
315 expect(data[0].email).to.equal('admin' + server.internalServerNumber + '@example.com')
316 expect(data[0].nsfwPolicy).to.equal('display')
318 expect(data[1].username).to.equal('user_1')
319 expect(data[1].email).to.equal('user_1@example.com')
320 expect(data[1].nsfwPolicy).to.equal('display')
323 it('Should search user by username', async function () {
324 const { data, total } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', search: 'oot' })
325 expect(total).to.equal(1)
326 expect(data.length).to.equal(1)
327 expect(data[0].username).to.equal('root')
330 it('Should search user by email', async function () {
332 const { total, data } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', search: 'r_1@exam' })
333 expect(total).to.equal(1)
334 expect(data.length).to.equal(1)
335 expect(data[0].username).to.equal('user_1')
336 expect(data[0].email).to.equal('user_1@example.com')
340 const { total, data } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', search: 'example' })
341 expect(total).to.equal(2)
342 expect(data.length).to.equal(2)
343 expect(data[0].username).to.equal('root')
344 expect(data[1].username).to.equal('user_1')
349 describe('Update my account', function () {
351 it('Should update my password', async function () {
352 await server.users.updateMe({
354 currentPassword: 'super password',
355 password: 'new password'
357 user.password = 'new password'
359 await server.login.login({ user })
362 it('Should be able to change the NSFW display attribute', async function () {
363 await server.users.updateMe({
365 nsfwPolicy: 'do_not_list'
368 const user = await server.users.getMyInfo({ token: userToken })
369 expect(user.username).to.equal('user_1')
370 expect(user.email).to.equal('user_1@example.com')
371 expect(user.nsfwPolicy).to.equal('do_not_list')
372 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
373 expect(user.id).to.be.a('number')
374 expect(user.account.displayName).to.equal('user_1')
375 expect(user.account.description).to.be.null
378 it('Should be able to change the autoPlayVideo attribute', async function () {
379 await server.users.updateMe({
384 const user = await server.users.getMyInfo({ token: userToken })
385 expect(user.autoPlayVideo).to.be.false
388 it('Should be able to change the autoPlayNextVideo attribute', async function () {
389 await server.users.updateMe({
391 autoPlayNextVideo: true
394 const user = await server.users.getMyInfo({ token: userToken })
395 expect(user.autoPlayNextVideo).to.be.true
398 it('Should be able to change the p2p attribute', async function () {
400 await server.users.updateMe({
402 webTorrentEnabled: false
405 const user = await server.users.getMyInfo({ token: userToken })
406 expect(user.p2pEnabled).to.be.false
410 await server.users.updateMe({
415 const user = await server.users.getMyInfo({ token: userToken })
416 expect(user.p2pEnabled).to.be.true
420 it('Should be able to change the email attribute', async function () {
421 await server.users.updateMe({
423 currentPassword: 'new password',
424 email: 'updated@example.com'
427 const user = await server.users.getMyInfo({ token: userToken })
428 expect(user.username).to.equal('user_1')
429 expect(user.email).to.equal('updated@example.com')
430 expect(user.nsfwPolicy).to.equal('do_not_list')
431 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
432 expect(user.id).to.be.a('number')
433 expect(user.account.displayName).to.equal('user_1')
434 expect(user.account.description).to.be.null
437 it('Should be able to update my avatar with a gif', async function () {
438 const fixture = 'avatar.gif'
440 await server.users.updateMyAvatar({ token: userToken, fixture })
442 const user = await server.users.getMyInfo({ token: userToken })
443 for (const avatar of user.account.avatars) {
444 await testImage(server.url, `avatar-resized-${avatar.width}x${avatar.width}`, avatar.path, '.gif')
448 it('Should be able to update my avatar with a gif, and then a png', async function () {
449 for (const extension of [ '.png', '.gif' ]) {
450 const fixture = 'avatar' + extension
452 await server.users.updateMyAvatar({ token: userToken, fixture })
454 const user = await server.users.getMyInfo({ token: userToken })
455 for (const avatar of user.account.avatars) {
456 await testImage(server.url, `avatar-resized-${avatar.width}x${avatar.width}`, avatar.path, extension)
461 it('Should be able to update my display name', async function () {
462 await server.users.updateMe({ token: userToken, displayName: 'new display name' })
464 const user = await server.users.getMyInfo({ token: userToken })
465 expect(user.username).to.equal('user_1')
466 expect(user.email).to.equal('updated@example.com')
467 expect(user.nsfwPolicy).to.equal('do_not_list')
468 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
469 expect(user.id).to.be.a('number')
470 expect(user.account.displayName).to.equal('new display name')
471 expect(user.account.description).to.be.null
474 it('Should be able to update my description', async function () {
475 await server.users.updateMe({ token: userToken, description: 'my super description updated' })
477 const user = await server.users.getMyInfo({ token: userToken })
478 expect(user.username).to.equal('user_1')
479 expect(user.email).to.equal('updated@example.com')
480 expect(user.nsfwPolicy).to.equal('do_not_list')
481 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
482 expect(user.id).to.be.a('number')
483 expect(user.account.displayName).to.equal('new display name')
484 expect(user.account.description).to.equal('my super description updated')
485 expect(user.noWelcomeModal).to.be.false
486 expect(user.noInstanceConfigWarningModal).to.be.false
487 expect(user.noAccountSetupWarningModal).to.be.false
490 it('Should be able to update my theme', async function () {
491 for (const theme of [ 'background-red', 'default', 'instance-default' ]) {
492 await server.users.updateMe({ token: userToken, theme })
494 const user = await server.users.getMyInfo({ token: userToken })
495 expect(user.theme).to.equal(theme)
499 it('Should be able to update my modal preferences', async function () {
500 await server.users.updateMe({
502 noInstanceConfigWarningModal: true,
503 noWelcomeModal: true,
504 noAccountSetupWarningModal: true
507 const user = await server.users.getMyInfo({ token: userToken })
508 expect(user.noWelcomeModal).to.be.true
509 expect(user.noInstanceConfigWarningModal).to.be.true
510 expect(user.noAccountSetupWarningModal).to.be.true
514 describe('Updating another user', function () {
515 it('Should be able to update another user', async function () {
516 await server.users.update({
519 email: 'updated2@example.com',
522 role: UserRole.MODERATOR,
523 adminFlags: UserAdminFlag.NONE,
527 const user = await server.users.get({ token, userId })
529 expect(user.username).to.equal('user_1')
530 expect(user.email).to.equal('updated2@example.com')
531 expect(user.emailVerified).to.be.true
532 expect(user.nsfwPolicy).to.equal('do_not_list')
533 expect(user.videoQuota).to.equal(42)
534 expect(user.roleLabel).to.equal('Moderator')
535 expect(user.id).to.be.a('number')
536 expect(user.adminFlags).to.equal(UserAdminFlag.NONE)
537 expect(user.pluginAuth).to.equal('toto')
540 it('Should reset the auth plugin', async function () {
541 await server.users.update({ userId, token, pluginAuth: null })
543 const user = await server.users.get({ token, userId })
544 expect(user.pluginAuth).to.be.null
547 it('Should have removed the user token', async function () {
548 await server.users.getMyQuotaUsed({ token: userToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
550 userToken = await server.login.getAccessToken(user)
553 it('Should be able to update another user password', async function () {
554 await server.users.update({ userId, token, password: 'password updated' })
556 await server.users.getMyQuotaUsed({ token: userToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
558 await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
560 user.password = 'password updated'
561 userToken = await server.login.getAccessToken(user)
565 describe('Video blacklists', function () {
567 it('Should be able to list my video blacklist', async function () {
568 await server.blacklist.list({ token: userToken })
572 describe('Remove a user', function () {
574 before(async function () {
575 await server.users.update({
578 videoQuota: 2 * 1024 * 1024
581 await server.videos.quickUpload({ name: 'user video', token: userToken, fixture: 'video_short.webm' })
582 await server.videos.quickUpload({ name: 'root video' })
584 const { total } = await server.videos.list()
585 expect(total).to.equal(2)
588 it('Should be able to remove this user', async function () {
589 await server.users.remove({ userId, token })
592 it('Should not be able to login with this user', async function () {
593 await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
596 it('Should not have videos of this user', async function () {
597 const { data, total } = await server.videos.list()
598 expect(total).to.equal(1)
600 const video = data[0]
601 expect(video.account.name).to.equal('root')
605 describe('Registering a new user', function () {
606 let user15AccessToken: string
608 it('Should register a new user', async function () {
609 const user = { displayName: 'super user 15', username: 'user_15', password: 'my super password' }
610 const channel = { name: 'my_user_15_channel', displayName: 'my channel rocks' }
612 await server.users.register({ ...user, channel })
615 it('Should be able to login with this registered user', async function () {
618 password: 'my super password'
621 user15AccessToken = await server.login.getAccessToken(user15)
624 it('Should have the correct display name', async function () {
625 const user = await server.users.getMyInfo({ token: user15AccessToken })
626 expect(user.account.displayName).to.equal('super user 15')
629 it('Should have the correct video quota', async function () {
630 const user = await server.users.getMyInfo({ token: user15AccessToken })
631 expect(user.videoQuota).to.equal(5 * 1024 * 1024)
634 it('Should have created the channel', async function () {
635 const { displayName } = await server.channels.get({ channelName: 'my_user_15_channel' })
637 expect(displayName).to.equal('my channel rocks')
640 it('Should remove me', async function () {
642 const { data } = await server.users.list()
643 expect(data.find(u => u.username === 'user_15')).to.not.be.undefined
646 await server.users.deleteMe({ token: user15AccessToken })
649 const { data } = await server.users.list()
650 expect(data.find(u => u.username === 'user_15')).to.be.undefined
655 describe('User blocking', function () {
657 let user16AccessToken
660 password: 'my super password'
663 it('Should block a user', async function () {
664 const user = await server.users.create({ ...user16 })
667 user16AccessToken = await server.login.getAccessToken(user16)
669 await server.users.getMyInfo({ token: user16AccessToken, expectedStatus: HttpStatusCode.OK_200 })
670 await server.users.banUser({ userId: user16Id })
672 await server.users.getMyInfo({ token: user16AccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
673 await server.login.login({ user: user16, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
676 it('Should search user by banned status', async function () {
678 const { data, total } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', blocked: true })
679 expect(total).to.equal(1)
680 expect(data.length).to.equal(1)
682 expect(data[0].username).to.equal(user16.username)
686 const { data, total } = await server.users.list({ start: 0, count: 2, sort: 'createdAt', blocked: false })
687 expect(total).to.equal(1)
688 expect(data.length).to.equal(1)
690 expect(data[0].username).to.not.equal(user16.username)
694 it('Should unblock a user', async function () {
695 await server.users.unbanUser({ userId: user16Id })
696 user16AccessToken = await server.login.getAccessToken(user16)
697 await server.users.getMyInfo({ token: user16AccessToken, expectedStatus: HttpStatusCode.OK_200 })
701 describe('User stats', function () {
703 let user17AccessToken: string
705 it('Should report correct initial statistics about a user', async function () {
708 password: 'my super password'
710 const created = await server.users.create({ ...user17 })
712 user17Id = created.id
713 user17AccessToken = await server.login.getAccessToken(user17)
715 const user = await server.users.get({ userId: user17Id, withStats: true })
716 expect(user.videosCount).to.equal(0)
717 expect(user.videoCommentsCount).to.equal(0)
718 expect(user.abusesCount).to.equal(0)
719 expect(user.abusesCreatedCount).to.equal(0)
720 expect(user.abusesAcceptedCount).to.equal(0)
723 it('Should report correct videos count', async function () {
724 const attributes = { name: 'video to test user stats' }
725 await server.videos.upload({ token: user17AccessToken, attributes })
727 const { data } = await server.videos.list()
728 videoId = data.find(video => video.name === attributes.name).id
730 const user = await server.users.get({ userId: user17Id, withStats: true })
731 expect(user.videosCount).to.equal(1)
734 it('Should report correct video comments for user', async function () {
735 const text = 'super comment'
736 await server.comments.createThread({ token: user17AccessToken, videoId, text })
738 const user = await server.users.get({ userId: user17Id, withStats: true })
739 expect(user.videoCommentsCount).to.equal(1)
742 it('Should report correct abuses counts', async function () {
743 const reason = 'my super bad reason'
744 await server.abuses.report({ token: user17AccessToken, videoId, reason })
746 const body1 = await server.abuses.getAdminList()
747 const abuseId = body1.data[0].id
749 const user2 = await server.users.get({ userId: user17Id, withStats: true })
750 expect(user2.abusesCount).to.equal(1) // number of incriminations
751 expect(user2.abusesCreatedCount).to.equal(1) // number of reports created
753 await server.abuses.update({ abuseId, body: { state: AbuseState.ACCEPTED } })
755 const user3 = await server.users.get({ userId: user17Id, withStats: true })
756 expect(user3.abusesAcceptedCount).to.equal(1) // number of reports created accepted
760 after(async function () {
761 await cleanupTests([ server ])