X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fusers.ts;h=2b03fde2d05028adcbe92e91e95f1ee213b55d5e;hb=213e30ef90806369529684ac9c247d73b8dc7928;hp=95097817b21dd5134370f353cded7f65f4b005a1;hpb=1d5342abc43df02cf0bd69b1e865c0f179182eef;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 95097817b..2b03fde2d 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -1,10 +1,10 @@ -/* tslint:disable:no-unused-expression */ +/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ -import { omit } from 'lodash' import 'mocha' +import { expect } from 'chai' +import { omit } from 'lodash' import { join } from 'path' -import { UserRole, VideoImport, VideoImportState } from '../../../../shared' - +import { User, UserRole, VideoImport, VideoImportState } from '../../../../shared' import { addVideoChannel, blockUser, @@ -14,14 +14,18 @@ import { flushAndRunServer, getMyUserInformation, getMyUserVideoRating, + getUserScopedTokens, getUsersList, immutableAssign, + killallServers, makeGetRequest, makePostBodyRequest, makePutBodyRequest, makeUploadRequest, registerUser, removeUser, + renewUserScopedTokens, + reRunServer, ServerInfo, setAccessTokensToServers, unblockUser, @@ -29,60 +33,115 @@ import { uploadVideo, userLogin } from '../../../../shared/extra-utils' +import { MockSmtpServer } from '../../../../shared/extra-utils/miscs/email' import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../../../shared/extra-utils/requests/check-api-params' -import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../../../shared/extra-utils/videos/video-imports' -import { VideoPrivacy } from '../../../../shared/models/videos' import { waitJobs } from '../../../../shared/extra-utils/server/jobs' -import { expect } from 'chai' +import { getGoodVideoUrl, getMagnetURI, getMyVideoImports, importVideo } from '../../../../shared/extra-utils/videos/video-imports' import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' +import { VideoPrivacy } from '../../../../shared/models/videos' +import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' describe('Test users API validators', function () { const path = '/api/v1/users/' let userId: number let rootId: number + let moderatorId: number let videoId: number let server: ServerInfo let serverWithRegistrationDisabled: ServerInfo let userAccessToken = '' - let channelId: number - const user = { - username: 'user1', - password: 'my super password' - } + let moderatorAccessToken = '' + let emailPort: number + let overrideConfig: Object // --------------------------------------------------------------- before(async function () { this.timeout(30000) - server = await flushAndRunServer(1) - serverWithRegistrationDisabled = await flushAndRunServer(2) + const emails: object[] = [] + emailPort = await MockSmtpServer.Instance.collectEmails(emails) - await setAccessTokensToServers([ server ]) + overrideConfig = { signup: { limit: 8 } } - const videoQuota = 42000000 - await createUser({ - url: server.url, - accessToken: server.accessToken, - username: user.username, - password: user.password, - videoQuota: videoQuota - }) - userAccessToken = await userLogin(server, user) + { + const res = await Promise.all([ + flushAndRunServer(1, overrideConfig), + flushAndRunServer(2) + ]) + + server = res[0] + serverWithRegistrationDisabled = res[1] + + await setAccessTokensToServers([ server ]) + } { - const res = await getMyUserInformation(server.url, server.accessToken) - channelId = res.body.videoChannels[ 0 ].id + const user = { + username: 'user1', + password: 'my super password' + } + + const videoQuota = 42000000 + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: user.username, + password: user.password, + videoQuota: videoQuota + }) + userAccessToken = await userLogin(server, user) + } + + { + const moderator = { + username: 'moderator1', + password: 'super password' + } + + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) + + moderatorAccessToken = await userLogin(server, moderator) + } + + { + const moderator = { + username: 'moderator2', + password: 'super password' + } + + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) } { const res = await uploadVideo(server.url, server.accessToken, {}) videoId = res.body.video.id } + + { + const res = await getUsersList(server.url, server.accessToken) + const users: User[] = res.body.data + + userId = users.find(u => u.username === 'user1').id + rootId = users.find(u => u.username === 'root').id + moderatorId = users.find(u => u.username === 'moderator2').id + } }) describe('When listing users', function () { @@ -102,7 +161,7 @@ describe('Test users API validators', function () { await makeGetRequest({ url: server.url, path, - statusCodeExpected: 401 + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) }) @@ -111,7 +170,7 @@ describe('Test users API validators', function () { url: server.url, path, token: userAccessToken, - statusCodeExpected: 403 + statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) }) @@ -124,7 +183,7 @@ describe('Test users API validators', function () { videoQuota: -1, videoQuotaDaily: -1, role: UserRole.USER, - adminFlags: UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST + adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST } it('Should fail with a too small username', async function () { @@ -175,6 +234,40 @@ describe('Test users API validators', function () { await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail with empty password and no smtp configured', async function () { + const fields = immutableAssign(baseCorrectParams, { password: '' }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should succeed with no password on a server with smtp enabled', async function () { + this.timeout(20000) + + killallServers([ server ]) + + const config = immutableAssign(overrideConfig, { + smtp: { + hostname: 'localhost', + port: emailPort + } + }) + await reRunServer(server, config) + + const fields = immutableAssign(baseCorrectParams, { + password: '', + username: 'create_password', + email: 'create_password@example.com' + }) + + await makePostBodyRequest({ + url: server.url, + path: path, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.OK_200 + }) + }) + it('Should fail with invalid admin flags', async function () { const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' }) @@ -187,20 +280,32 @@ describe('Test users API validators', function () { path, token: 'super token', fields: baseCorrectParams, - statusCodeExpected: 401 + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) }) it('Should fail if we add a user with the same username', async function () { const fields = immutableAssign(baseCorrectParams, { username: 'user1' }) - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.CONFLICT_409 + }) }) it('Should fail if we add a user with the same email', async function () { const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' }) - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.CONFLICT_409 + }) }) it('Should fail without a videoQuota', async function () { @@ -247,7 +352,33 @@ describe('Test users API validators', function () { path, token: server.accessToken, fields, - statusCodeExpected: 409 + statusCodeExpected: HttpStatusCode.CONFLICT_409 + }) + }) + + it('Should fail to create a moderator or an admin with a moderator', async function () { + for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { + const fields = immutableAssign(baseCorrectParams, { role }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: HttpStatusCode.FORBIDDEN_403 + }) + } + }) + + it('Should succeed to create a user with a moderator', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: HttpStatusCode.OK_200 }) }) @@ -257,7 +388,7 @@ describe('Test users API validators', function () { path, token: server.accessToken, fields: baseCorrectParams, - statusCodeExpected: 200 + statusCodeExpected: HttpStatusCode.OK_200 }) }) @@ -274,7 +405,7 @@ describe('Test users API validators', function () { password: 'my super password', videoQuota: 42000000 } - await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 }) + await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) }) @@ -320,7 +451,13 @@ describe('Test users API validators', function () { password: 'super'.repeat(61) } - await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 401 }) + await makePutBodyRequest({ + url: server.url, + path: path + 'me', + token: userAccessToken, + fields, + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should fail with an invalid NSFW policy attribute', async function () { @@ -339,6 +476,14 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) + it('Should fail with an invalid autoPlayNextVideo attribute', async function () { + const fields = { + autoPlayNextVideo: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + it('Should fail with an invalid videosHistoryEnabled attribute', async function () { const fields = { videosHistoryEnabled: -1 @@ -353,7 +498,13 @@ describe('Test users API validators', function () { password: 'my super password' } - await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 }) + await makePutBodyRequest({ + url: server.url, + path: path + 'me', + token: 'super token', + fields, + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should fail with a too long description', async function () { @@ -364,26 +515,89 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) + it('Should fail with an invalid videoLanguages attribute', async function () { + { + const fields = { + videoLanguages: 'toto' + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + + { + const languages = [] + for (let i = 0; i < 1000; i++) { + languages.push('fr') + } + + const fields = { + videoLanguages: languages + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + }) + + it('Should fail with an invalid theme', async function () { + const fields = { theme: 'invalid' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an unknown theme', async function () { + const fields = { theme: 'peertube-theme-unknown' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () { + const fields = { + noInstanceConfigWarningModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noWelcomeModal attribute', async function () { + const fields = { + noWelcomeModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + it('Should succeed to change password with the correct params', async function () { const fields = { currentPassword: 'my super password', password: 'my super password', nsfwPolicy: 'blur', autoPlayVideo: false, - email: 'super_email@example.com' + email: 'super_email@example.com', + theme: 'default', + noInstanceConfigWarningModal: true, + noWelcomeModal: true } - await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) + await makePutBodyRequest({ + url: server.url, + path: path + 'me', + token: userAccessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) it('Should succeed without password change with the correct params', async function () { const fields = { nsfwPolicy: 'blur', - autoPlayVideo: false, - email: 'super_email@example.com' + autoPlayVideo: false } - await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) + await makePutBodyRequest({ + url: server.url, + path: path + 'me', + token: userAccessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) }) @@ -391,7 +605,7 @@ describe('Test users API validators', function () { it('Should fail without an incorrect input file', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4') + avatarfile: join(__dirname, '..', '..', 'fixtures', 'video_short.mp4') } await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) }) @@ -399,7 +613,7 @@ describe('Test users API validators', function () { it('Should fail with a big file', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png') + avatarfile: join(__dirname, '..', '..', 'fixtures', 'avatar-big.png') } await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) }) @@ -407,21 +621,21 @@ describe('Test users API validators', function () { it('Should fail with an unauthenticated user', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png') + avatarfile: join(__dirname, '..', '..', 'fixtures', 'avatar.png') } await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', fields, attaches, - statusCodeExpected: 401 + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) }) it('Should succeed with the correct params', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png') + avatarfile: join(__dirname, '..', '..', 'fixtures', 'avatar.png') } await makeUploadRequest({ url: server.url, @@ -429,40 +643,61 @@ describe('Test users API validators', function () { token: server.accessToken, fields, attaches, - statusCodeExpected: 200 + statusCodeExpected: HttpStatusCode.OK_200 }) }) }) - describe('When getting a user', function () { - before(async function () { - const res = await getUsersList(server.url, server.accessToken) + describe('When managing my scoped tokens', function () { - userId = res.body.data[1].id + it('Should fail to get my scoped tokens with an non authenticated user', async function () { + await getUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401) }) + it('Should fail to get my scoped tokens with a bad token', async function () { + await getUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401) + + }) + + it('Should succeed to get my scoped tokens', async function () { + await getUserScopedTokens(server.url, server.accessToken) + }) + + it('Should fail to renew my scoped tokens with an non authenticated user', async function () { + await renewUserScopedTokens(server.url, null, HttpStatusCode.UNAUTHORIZED_401) + }) + + it('Should fail to renew my scoped tokens with a bad token', async function () { + await renewUserScopedTokens(server.url, 'bad', HttpStatusCode.UNAUTHORIZED_401) + }) + + it('Should succeed to renew my scoped tokens', async function () { + await renewUserScopedTokens(server.url, server.accessToken) + }) + }) + + describe('When getting a user', function () { + it('Should fail with an non authenticated user', async function () { - await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) + await makeGetRequest({ + url: server.url, + path: path + userId, + token: 'super token', + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should fail with a non admin user', async function () { - await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 }) + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) it('Should succeed with the correct params', async function () { - await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 }) + await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: HttpStatusCode.OK_200 }) }) }) describe('When updating a user', function () { - before(async function () { - const res = await getUsersList(server.url, server.accessToken) - - userId = res.body.data[1].id - rootId = res.body.data[2].id - }) - it('Should fail with an invalid email attribute', async function () { const fields = { email: 'blabla' @@ -518,7 +753,13 @@ describe('Test users API validators', function () { videoQuota: 42 } - await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 }) + await makePutBodyRequest({ + url: server.url, + path: path + userId, + token: 'super token', + fields, + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should fail when updating root role', async function () { @@ -532,7 +773,35 @@ describe('Test users API validators', function () { it('Should fail with invalid admin flags', async function () { const fields = { adminFlags: 'toto' } - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail to update an admin with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + moderatorId, + token: moderatorAccessToken, + fields, + statusCodeExpected: HttpStatusCode.FORBIDDEN_403 + }) + }) + + it('Should succeed to update a user with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + userId, + token: moderatorAccessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) it('Should succeed with the correct params', async function () { @@ -543,13 +812,19 @@ describe('Test users API validators', function () { role: UserRole.USER } - await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) + await makePutBodyRequest({ + url: server.url, + path: path + userId, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) }) describe('When getting my information', function () { it('Should fail with a non authenticated user', async function () { - await getMyUserInformation(server.url, 'fake_token', 401) + await getMyUserInformation(server.url, 'fake_token', HttpStatusCode.UNAUTHORIZED_401) }) it('Should success with the correct parameters', async function () { @@ -559,15 +834,15 @@ describe('Test users API validators', function () { describe('When getting my video rating', function () { it('Should fail with a non authenticated user', async function () { - await getMyUserVideoRating(server.url, 'fake_token', videoId, 401) + await getMyUserVideoRating(server.url, 'fake_token', videoId, HttpStatusCode.UNAUTHORIZED_401) }) it('Should fail with an incorrect video uuid', async function () { - await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400) + await getMyUserVideoRating(server.url, server.accessToken, 'blabla', HttpStatusCode.BAD_REQUEST_400) }) it('Should fail with an unknown video', async function () { - await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404) + await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', HttpStatusCode.NOT_FOUND_404) }) it('Should succeed with the correct parameters', async function () { @@ -591,51 +866,68 @@ describe('Test users API validators', function () { }) it('Should fail with a unauthenticated user', async function () { - await makeGetRequest({ url: server.url, path, statusCodeExpected: 401 }) + await makeGetRequest({ url: server.url, path, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) }) it('Should fail with a another user', async function () { - await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: 403 }) + await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) it('Should fail with a bad type', async function () { - await makeGetRequest({ url: server.url, path, token: userAccessToken, query: { rating: 'toto ' }, statusCodeExpected: 400 }) + await makeGetRequest({ + url: server.url, + path, + token: userAccessToken, + query: { rating: 'toto ' }, + statusCodeExpected: HttpStatusCode.BAD_REQUEST_400 + }) }) it('Should succeed with the correct params', async function () { - await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 200 }) + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.OK_200 }) }) }) describe('When blocking/unblocking/removing user', function () { it('Should fail with an incorrect id', async function () { - await removeUser(server.url, 'blabla', server.accessToken, 400) - await blockUser(server.url, 'blabla', server.accessToken, 400) - await unblockUser(server.url, 'blabla', server.accessToken, 400) + await removeUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) + await blockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) + await unblockUser(server.url, 'blabla', server.accessToken, HttpStatusCode.BAD_REQUEST_400) }) it('Should fail with the root user', async function () { - await removeUser(server.url, rootId, server.accessToken, 400) - await blockUser(server.url, rootId, server.accessToken, 400) - await unblockUser(server.url, rootId, server.accessToken, 400) + await removeUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) + await blockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) + await unblockUser(server.url, rootId, server.accessToken, HttpStatusCode.BAD_REQUEST_400) }) it('Should return 404 with a non existing id', async function () { - await removeUser(server.url, 4545454, server.accessToken, 404) - await blockUser(server.url, 4545454, server.accessToken, 404) - await unblockUser(server.url, 4545454, server.accessToken, 404) + await removeUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) + await blockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) + await unblockUser(server.url, 4545454, server.accessToken, HttpStatusCode.NOT_FOUND_404) }) it('Should fail with a non admin user', async function () { - await removeUser(server.url, userId, userAccessToken, 403) - await blockUser(server.url, userId, userAccessToken, 403) - await unblockUser(server.url, userId, userAccessToken, 403) + await removeUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) + await blockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) + await unblockUser(server.url, userId, userAccessToken, HttpStatusCode.FORBIDDEN_403) + }) + + it('Should fail on a moderator with a moderator', async function () { + await removeUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) + await blockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) + await unblockUser(server.url, moderatorId, moderatorAccessToken, HttpStatusCode.FORBIDDEN_403) + }) + + it('Should succeed on a user with a moderator', async function () { + await blockUser(server.url, userId, moderatorAccessToken) + await unblockUser(server.url, userId, moderatorAccessToken) }) }) describe('When deleting our account', function () { it('Should fail with with the root account', async function () { - await deleteMe(server.url, server.accessToken, 400) + await deleteMe(server.url, server.accessToken, HttpStatusCode.BAD_REQUEST_400) }) }) @@ -643,6 +935,7 @@ describe('Test users API validators', function () { const registrationPath = path + '/register' const baseCorrectParams = { username: 'user3', + displayName: 'super user', email: 'test3@example.com', password: 'my super password' } @@ -697,7 +990,7 @@ describe('Test users API validators', function () { path: registrationPath, token: server.accessToken, fields, - statusCodeExpected: 409 + statusCodeExpected: HttpStatusCode.CONFLICT_409 }) }) @@ -709,7 +1002,7 @@ describe('Test users API validators', function () { path: registrationPath, token: server.accessToken, fields, - statusCodeExpected: 409 + statusCodeExpected: HttpStatusCode.CONFLICT_409 }) }) @@ -721,10 +1014,16 @@ describe('Test users API validators', function () { path: registrationPath, token: server.accessToken, fields, - statusCodeExpected: 409 + statusCodeExpected: HttpStatusCode.CONFLICT_409 }) }) + it('Should fail with a bad display name', async function () { + const fields = immutableAssign(baseCorrectParams, { displayName: 'a'.repeat(150) }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + it('Should fail with a bad channel name', async function () { const fields = immutableAssign(baseCorrectParams, { channel: { name: '[]azf', displayName: 'toto' } }) @@ -737,7 +1036,7 @@ describe('Test users API validators', function () { await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) - it('Should fail with a channel name that is the same than user username', async function () { + it('Should fail with a channel name that is the same as username', async function () { const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } } const fields = immutableAssign(baseCorrectParams, source) @@ -750,7 +1049,13 @@ describe('Test users API validators', function () { const fields = immutableAssign(baseCorrectParams, { channel: { name: 'existing_channel', displayName: 'toto' } }) - await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 }) + await makePostBodyRequest({ + url: server.url, + path: registrationPath, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.CONFLICT_409 + }) }) it('Should succeed with the correct params', async function () { @@ -761,7 +1066,7 @@ describe('Test users API validators', function () { path: registrationPath, token: server.accessToken, fields: fields, - statusCodeExpected: 204 + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 }) }) @@ -777,14 +1082,14 @@ describe('Test users API validators', function () { path: registrationPath, token: serverWithRegistrationDisabled.accessToken, fields, - statusCodeExpected: 403 + statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) }) }) describe('When registering multiple users on a server with users limit', function () { it('Should fail when after 3 registrations', async function () { - await registerUser(server.url, 'user42', 'super password', 403) + await registerUser(server.url, 'user42', 'super password', HttpStatusCode.FORBIDDEN_403) }) }) @@ -797,7 +1102,7 @@ describe('Test users API validators', function () { videoQuota: 42 }) - await uploadVideo(server.url, server.accessToken, {}, 403) + await uploadVideo(server.url, server.accessToken, {}, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) it('Should fail with a registered user having too many videos', async function () { @@ -815,7 +1120,7 @@ describe('Test users API validators', function () { await uploadVideo(server.url, userAccessToken, videoAttributes) await uploadVideo(server.url, userAccessToken, videoAttributes) await uploadVideo(server.url, userAccessToken, videoAttributes) - await uploadVideo(server.url, userAccessToken, videoAttributes, 403) + await uploadVideo(server.url, userAccessToken, videoAttributes, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) it('Should fail to import with HTTP/Torrent/magnet', async function () { @@ -825,9 +1130,9 @@ describe('Test users API validators', function () { channelId: 1, privacy: VideoPrivacy.PUBLIC } - await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() })) + await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getGoodVideoUrl() })) await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() })) - await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' })) + await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' as any })) await waitJobs([ server ]) @@ -846,7 +1151,7 @@ describe('Test users API validators', function () { }) describe('When having a daily video quota', function () { - it('Should fail with a user having too many videos', async function () { + it('Should fail with a user having too many videos daily', async function () { await updateUser({ url: server.url, userId: rootId, @@ -854,7 +1159,7 @@ describe('Test users API validators', function () { videoQuotaDaily: 42 }) - await uploadVideo(server.url, server.accessToken, {}, 403) + await uploadVideo(server.url, server.accessToken, {}, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) }) @@ -868,7 +1173,7 @@ describe('Test users API validators', function () { videoQuotaDaily: 1024 * 1024 * 1024 }) - await uploadVideo(server.url, server.accessToken, {}, 403) + await uploadVideo(server.url, server.accessToken, {}, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) it('Should fail if exceeding daily quota', async function () { @@ -880,7 +1185,7 @@ describe('Test users API validators', function () { videoQuotaDaily: 42 }) - await uploadVideo(server.url, server.accessToken, {}, 403) + await uploadVideo(server.url, server.accessToken, {}, HttpStatusCode.PAYLOAD_TOO_LARGE_413) }) }) @@ -902,7 +1207,13 @@ describe('Test users API validators', function () { it('Should success with the correct params', async function () { const fields = { email: 'admin@example.com' } - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) }) @@ -924,11 +1235,19 @@ describe('Test users API validators', function () { it('Should succeed with the correct params', async function () { const fields = { email: 'admin@example.com' } - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + }) }) }) after(async function () { + MockSmtpServer.Instance.kill() + await cleanupTests([ server, serverWithRegistrationDisabled ]) }) })