+ const fields = immutableAssign(baseCorrectParams, { password: 'bla' })
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail with a too long password', async function () {
+ const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) })
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail with empty password and no smtp configured', async function () {
+ const fields = immutableAssign(baseCorrectParams, { password: '' })
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should succeed with no password on a server with smtp enabled', async function () {
+ this.timeout(10000)
+
+ killallServers([ server ])
+
+ const config = immutableAssign(overrideConfig, {
+ smtp: {
+ hostname: 'localhost',
+ port: emailPort
+ }
+ })
+ await reRunServer(server, config)
+
+ const fields = immutableAssign(baseCorrectParams, {
+ password: '',
+ username: 'create_password',
+ email: 'create_password@example.com'
+ })
+
+ await makePostBodyRequest({
+ url: server.url,
+ path: path,
+ token: server.accessToken,
+ fields,
+ statusCodeExpected: HttpStatusCode.OK_200
+ })
+ })
+
+ it('Should fail with invalid admin flags', async function () {
+ const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' })
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail with an non authenticated user', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: 'super token',
+ fields: baseCorrectParams,
+ statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
+ })
+ })
+
+ it('Should fail if we add a user with the same username', async function () {
+ const fields = immutableAssign(baseCorrectParams, { username: 'user1' })
+
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ fields,
+ statusCodeExpected: HttpStatusCode.CONFLICT_409
+ })
+ })
+
+ it('Should fail if we add a user with the same email', async function () {
+ const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' })
+
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ fields,
+ statusCodeExpected: HttpStatusCode.CONFLICT_409
+ })
+ })
+
+ it('Should fail without a videoQuota', async function () {
+ const fields = omit(baseCorrectParams, 'videoQuota')
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail without a videoQuotaDaily', async function () {
+ const fields = omit(baseCorrectParams, 'videoQuotaDaily')
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail with an invalid videoQuota', async function () {
+ const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 })
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail with an invalid videoQuotaDaily', async function () {
+ const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 })
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail without a user role', async function () {
+ const fields = omit(baseCorrectParams, 'role')
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail with an invalid user role', async function () {
+ const fields = immutableAssign(baseCorrectParams, { role: 88989 })
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail with a "peertube" username', async function () {
+ const fields = immutableAssign(baseCorrectParams, { username: 'peertube' })
+
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ fields,
+ statusCodeExpected: HttpStatusCode.CONFLICT_409
+ })
+ })
+
+ it('Should fail to create a moderator or an admin with a moderator', async function () {
+ for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
+ const fields = immutableAssign(baseCorrectParams, { role })
+
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: moderatorAccessToken,
+ fields,
+ statusCodeExpected: HttpStatusCode.FORBIDDEN_403
+ })
+ }
+ })
+
+ it('Should succeed to create a user with a moderator', async function () {
+ const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER })
+
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: moderatorAccessToken,
+ fields,
+ statusCodeExpected: HttpStatusCode.OK_200
+ })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ fields: baseCorrectParams,
+ statusCodeExpected: HttpStatusCode.OK_200
+ })
+ })
+
+ it('Should fail with a non admin user', async function () {
+ const user = {
+ username: 'user1',
+ password: 'my super password'
+ }
+ userAccessToken = await userLogin(server, user)
+