X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fusers.ts;h=00d0a7e2be7e7fafd1f843cb59238965809ada89;hb=210feb6cc484a6c5c63c98f770de34e223f944cb;hp=7b25df29f8bc657439dcfb778e77f786a56c6c5b;hpb=3e17515e2996b79e23f569c296051a91af3fcbe4;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 7b25df29f..00d0a7e2b 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -7,14 +7,19 @@ import { UserRole, VideoImport, VideoImportState } from '../../../../shared' import { createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest, - makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers, - updateUser, uploadVideo, userLogin -} from '../../utils' -import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params' -import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../utils/videos/video-imports' + makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, flushAndRunServer, ServerInfo, setAccessTokensToServers, + updateUser, uploadVideo, userLogin, deleteMe, unblockUser, blockUser +} from '../../../../shared/extra-utils' +import { + checkBadCountPagination, + checkBadSortPagination, + checkBadStartPagination +} from '../../../../shared/extra-utils/requests/check-api-params' +import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../../../shared/extra-utils/videos/video-imports' import { VideoPrivacy } from '../../../../shared/models/videos' -import { waitJobs } from '../../utils/server/jobs' +import { waitJobs } from '../../../../shared/extra-utils/server/jobs' import { expect } from 'chai' +import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' describe('Test users API validators', function () { const path = '/api/v1/users/' @@ -35,15 +40,19 @@ describe('Test users API validators', function () { before(async function () { this.timeout(30000) - await flushTests() - - server = await runServer(1) - serverWithRegistrationDisabled = await runServer(2) + server = await flushAndRunServer(1) + serverWithRegistrationDisabled = await flushAndRunServer(2) await setAccessTokensToServers([ server ]) const videoQuota = 42000000 - await createUser(server.url, server.accessToken, user.username, user.password, videoQuota) + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: user.username, + password: user.password, + videoQuota: videoQuota + }) userAccessToken = await userLogin(server, user) { @@ -94,17 +103,19 @@ describe('Test users API validators', function () { email: 'test@example.com', password: 'my super password', videoQuota: -1, - role: UserRole.USER + videoQuotaDaily: -1, + role: UserRole.USER, + adminFlags: UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST } it('Should fail with a too small username', async function () { - const fields = immutableAssign(baseCorrectParams, { username: 'fi' }) + const fields = immutableAssign(baseCorrectParams, { username: '' }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) it('Should fail with a too long username', async function () { - const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' }) + const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) @@ -145,6 +156,12 @@ describe('Test users API validators', function () { await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail with invalid admin flags', async function () { + const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + it('Should fail with an non authenticated user', async function () { await makePostBodyRequest({ url: server.url, @@ -173,12 +190,24 @@ describe('Test users API validators', function () { await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail without a videoQuotaDaily', async function () { + const fields = omit(baseCorrectParams, 'videoQuotaDaily') + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + it('Should fail with an invalid videoQuota', async function () { const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail with an invalid videoQuotaDaily', async function () { + const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + it('Should fail without a user role', async function () { const fields = omit(baseCorrectParams, 'role') @@ -241,6 +270,7 @@ describe('Test users API validators', function () { it('Should fail with a too small password', async function () { const fields = { + currentPassword: 'my super password', password: 'bla' } @@ -249,12 +279,31 @@ describe('Test users API validators', function () { it('Should fail with a too long password', async function () { const fields = { + currentPassword: 'my super password', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail without the current password', async function () { + const fields = { + currentPassword: 'my super password', password: 'super'.repeat(61) } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) + it('Should fail with an invalid current password', async function () { + const fields = { + currentPassword: 'my super password fail', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 401 }) + }) + it('Should fail with an invalid NSFW policy attribute', async function () { const fields = { nsfwPolicy: 'hello' @@ -271,8 +320,17 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) + it('Should fail with an invalid videosHistoryEnabled attribute', async function () { + const fields = { + videosHistoryEnabled: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + it('Should fail with an non authenticated user', async function () { const fields = { + currentPassword: 'my super password', password: 'my super password' } @@ -281,14 +339,15 @@ describe('Test users API validators', function () { it('Should fail with a too long description', async function () { const fields = { - description: 'super'.repeat(60) + description: 'super'.repeat(201) } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) - it('Should succeed with the correct params', async function () { + it('Should succeed to change password with the correct params', async function () { const fields = { + currentPassword: 'my super password', password: 'my super password', nsfwPolicy: 'blur', autoPlayVideo: false, @@ -297,6 +356,16 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) }) + + it('Should succeed without password change with the correct params', async function () { + const fields = { + nsfwPolicy: 'blur', + autoPlayVideo: false, + email: 'super_email@example.com' + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) + }) }) describe('When updating my avatar', function () { @@ -383,6 +452,14 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) }) + it('Should fail with an invalid emailVerified attribute', async function () { + const fields = { + emailVerified: 'yes' + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + it('Should fail with an invalid videoQuota attribute', async function () { const fields = { videoQuota: -90 @@ -399,6 +476,24 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) }) + it('Should fail with a too small password', async function () { + const fields = { + currentPassword: 'my super password', + password: 'bla' + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + + it('Should fail with a too long password', async function () { + const fields = { + currentPassword: 'my super password', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + it('Should fail with an non authenticated user', async function () { const fields = { videoQuota: 42 @@ -415,15 +510,21 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) }) + it('Should fail with invalid admin flags', async function () { + const fields = { adminFlags: 'toto' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + it('Should succeed with the correct params', async function () { const fields = { email: 'email@example.com', + emailVerified: true, videoQuota: 42, - role: UserRole.MODERATOR + role: UserRole.USER } await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) - userAccessToken = await userLogin(server, user) }) }) @@ -455,17 +556,67 @@ describe('Test users API validators', function () { }) }) - describe('When removing an user', function () { + describe('When retrieving my global ratings', function () { + const path = '/api/v1/accounts/user1/ratings' + + it('Should fail with a bad start pagination', async function () { + await checkBadStartPagination(server.url, path, userAccessToken) + }) + + it('Should fail with a bad count pagination', async function () { + await checkBadCountPagination(server.url, path, userAccessToken) + }) + + it('Should fail with an incorrect sort', async function () { + await checkBadSortPagination(server.url, path, userAccessToken) + }) + + it('Should fail with a unauthenticated user', async function () { + await makeGetRequest({ url: server.url, path, statusCodeExpected: 401 }) + }) + + it('Should fail with a another user', async function () { + await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: 403 }) + }) + + it('Should fail with a bad type', async function () { + await makeGetRequest({ url: server.url, path, token: userAccessToken, query: { rating: 'toto ' }, statusCodeExpected: 400 }) + }) + + it('Should succeed with the correct params', async function () { + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 200 }) + }) + }) + + describe('When blocking/unblocking/removing user', function () { it('Should fail with an incorrect id', async function () { await removeUser(server.url, 'blabla', server.accessToken, 400) + await blockUser(server.url, 'blabla', server.accessToken, 400) + await unblockUser(server.url, 'blabla', server.accessToken, 400) }) it('Should fail with the root user', async function () { await removeUser(server.url, rootId, server.accessToken, 400) + await blockUser(server.url, rootId, server.accessToken, 400) + await unblockUser(server.url, rootId, server.accessToken, 400) }) it('Should return 404 with a non existing id', async function () { await removeUser(server.url, 4545454, server.accessToken, 404) + await blockUser(server.url, 4545454, server.accessToken, 404) + await unblockUser(server.url, 4545454, server.accessToken, 404) + }) + + it('Should fail with a non admin user', async function () { + await removeUser(server.url, userId, userAccessToken, 403) + await blockUser(server.url, userId, userAccessToken, 403) + await unblockUser(server.url, userId, userAccessToken, 403) + }) + }) + + describe('When deleting our account', function () { + it('Should fail with with the root account', async function () { + await deleteMe(server.url, server.accessToken, 400) }) }) @@ -478,13 +629,13 @@ describe('Test users API validators', function () { } it('Should fail with a too small username', async function () { - const fields = immutableAssign(baseCorrectParams, { username: 'ji' }) + const fields = immutableAssign(baseCorrectParams, { username: '' }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) it('Should fail with a too long username', async function () { - const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' }) + const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) @@ -589,7 +740,7 @@ describe('Test users API validators', function () { }) describe('When having a video quota', function () { - it('Should fail with a user having too many video', async function () { + it('Should fail with a user having too many videos', async function () { await updateUser({ url: server.url, userId: rootId, @@ -600,7 +751,7 @@ describe('Test users API validators', function () { await uploadVideo(server.url, server.accessToken, {}, 403) }) - it('Should fail with a registered user having too many video', async function () { + it('Should fail with a registered user having too many videos', async function () { this.timeout(30000) const user = { @@ -619,7 +770,7 @@ describe('Test users API validators', function () { }) it('Should fail to import with HTTP/Torrent/magnet', async function () { - this.timeout(30000) + this.timeout(120000) const baseAttributes = { channelId: 1, @@ -645,6 +796,45 @@ describe('Test users API validators', function () { }) }) + describe('When having a daily video quota', function () { + it('Should fail with a user having too many videos', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, + videoQuotaDaily: 42 + }) + + await uploadVideo(server.url, server.accessToken, {}, 403) + }) + }) + + describe('When having an absolute and daily video quota', function () { + it('Should fail if exceeding total quota', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, + videoQuota: 42, + videoQuotaDaily: 1024 * 1024 * 1024 + }) + + await uploadVideo(server.url, server.accessToken, {}, 403) + }) + + it('Should fail if exceeding daily quota', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, + videoQuota: 1024 * 1024 * 1024, + videoQuotaDaily: 42 + }) + + await uploadVideo(server.url, server.accessToken, {}, 403) + }) + }) + describe('When asking a password reset', function () { const path = '/api/v1/users/ask-reset-password' @@ -667,12 +857,29 @@ describe('Test users API validators', function () { }) }) - after(async function () { - killallServers([ server, serverWithRegistrationDisabled ]) + describe('When asking for an account verification email', function () { + const path = '/api/v1/users/ask-send-verify-email' - // Keep the logs if the test failed - if (this['ok']) { - await flushTests() - } + it('Should fail with a missing email', async function () { + const fields = {} + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with an invalid email', async function () { + const fields = { email: 'hello' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should succeed with the correct params', async function () { + const fields = { email: 'admin@example.com' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) + }) + }) + + after(function () { + killallServers([ server, serverWithRegistrationDisabled ]) }) })