X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fusers.ts;h=4d597f0a3d53a2502af95c98a96256fc427309cc;hb=45f1bd72a08998c60a9dd68ff069cea9de39161c;hp=f4c177621009faac908c690f455bfb6e4a5d4eb0;hpb=ae28cdf327d782e629379eee1999096ca2a5d74b;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index f4c177621..4d597f0a3 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -1,64 +1,152 @@ -/* tslint:disable:no-unused-expression */ +/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ import { omit } from 'lodash' import 'mocha' import { join } from 'path' -import { UserRole, VideoImport, VideoImportState } from '../../../../shared' +import { User, UserRole, VideoImport, VideoImportState } from '../../../../shared' import { - createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest, - makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers, - updateUser, uploadVideo, userLogin, deleteMe, unblockUser, blockUser -} from '../../../../shared/utils' + addVideoChannel, + blockUser, + cleanupTests, + createUser, + deleteMe, + flushAndRunServer, + getMyUserInformation, + getMyUserVideoRating, + getUsersList, + immutableAssign, + killallServers, + makeGetRequest, + makePostBodyRequest, + makePutBodyRequest, + makeUploadRequest, + registerUser, + removeUser, + reRunServer, + ServerInfo, + setAccessTokensToServers, + unblockUser, + updateUser, + uploadVideo, + userLogin +} from '../../../../shared/extra-utils' import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination -} from '../../../../shared/utils/requests/check-api-params' -import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../../../shared/utils/videos/video-imports' +} from '../../../../shared/extra-utils/requests/check-api-params' +import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../../../shared/extra-utils/videos/video-imports' import { VideoPrivacy } from '../../../../shared/models/videos' -import { waitJobs } from '../../../../shared/utils/server/jobs' +import { waitJobs } from '../../../../shared/extra-utils/server/jobs' import { expect } from 'chai' +import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' +import { MockSmtpServer } from '../../../../shared/extra-utils/miscs/email' describe('Test users API validators', function () { const path = '/api/v1/users/' let userId: number let rootId: number + let moderatorId: number let videoId: number let server: ServerInfo let serverWithRegistrationDisabled: ServerInfo let userAccessToken = '' + let moderatorAccessToken = '' + let emailPort: number + let overrideConfig: Object + // eslint-disable-next-line @typescript-eslint/no-unused-vars let channelId: number - const user = { - username: 'user1', - password: 'my super password' - } // --------------------------------------------------------------- before(async function () { this.timeout(30000) - await flushTests() + const emails: object[] = [] + emailPort = await MockSmtpServer.Instance.collectEmails(emails) - server = await runServer(1) - serverWithRegistrationDisabled = await runServer(2) + overrideConfig = { signup: { limit: 8 } } - await setAccessTokensToServers([ server ]) + { + const res = await Promise.all([ + flushAndRunServer(1, overrideConfig), + flushAndRunServer(2) + ]) + + server = res[0] + serverWithRegistrationDisabled = res[1] + + await setAccessTokensToServers([ server ]) + } + + { + const user = { + username: 'user1', + password: 'my super password' + } + + const videoQuota = 42000000 + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: user.username, + password: user.password, + videoQuota: videoQuota + }) + userAccessToken = await userLogin(server, user) + } + + { + const moderator = { + username: 'moderator1', + password: 'super password' + } + + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) + + moderatorAccessToken = await userLogin(server, moderator) + } + + { + const moderator = { + username: 'moderator2', + password: 'super password' + } - const videoQuota = 42000000 - await createUser(server.url, server.accessToken, user.username, user.password, videoQuota) - userAccessToken = await userLogin(server, user) + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) + } { const res = await getMyUserInformation(server.url, server.accessToken) - channelId = res.body.videoChannels[ 0 ].id + channelId = res.body.videoChannels[0].id } { const res = await uploadVideo(server.url, server.accessToken, {}) videoId = res.body.video.id } + + { + const res = await getUsersList(server.url, server.accessToken) + const users: User[] = res.body.data + + userId = users.find(u => u.username === 'user1').id + rootId = users.find(u => u.username === 'root').id + moderatorId = users.find(u => u.username === 'moderator2').id + } }) describe('When listing users', function () { @@ -99,17 +187,18 @@ describe('Test users API validators', function () { password: 'my super password', videoQuota: -1, videoQuotaDaily: -1, - role: UserRole.USER + role: UserRole.USER, + adminFlags: UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST } it('Should fail with a too small username', async function () { - const fields = immutableAssign(baseCorrectParams, { username: 'fi' }) + const fields = immutableAssign(baseCorrectParams, { username: '' }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) it('Should fail with a too long username', async function () { - const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' }) + const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) @@ -150,6 +239,46 @@ describe('Test users API validators', function () { await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail with empty password and no smtp configured', async function () { + const fields = immutableAssign(baseCorrectParams, { password: '' }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should succeed with no password on a server with smtp enabled', async function () { + this.timeout(10000) + + killallServers([ server ]) + + const config = immutableAssign(overrideConfig, { + smtp: { + hostname: 'localhost', + port: emailPort + } + }) + await reRunServer(server, config) + + const fields = immutableAssign(baseCorrectParams, { + password: '', + username: 'create_password', + email: 'create_password@example.com' + }) + + await makePostBodyRequest({ + url: server.url, + path: path, + token: server.accessToken, + fields, + statusCodeExpected: 200 + }) + }) + + it('Should fail with invalid admin flags', async function () { + const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + it('Should fail with an non authenticated user', async function () { await makePostBodyRequest({ url: server.url, @@ -220,6 +349,32 @@ describe('Test users API validators', function () { }) }) + it('Should fail to create a moderator or an admin with a moderator', async function () { + for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { + const fields = immutableAssign(baseCorrectParams, { role }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: 403 + }) + } + }) + + it('Should succeed to create a user with a moderator', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: 200 + }) + }) + it('Should succeed with the correct params', async function () { await makePostBodyRequest({ url: server.url, @@ -308,6 +463,22 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) + it('Should fail with an invalid autoPlayNextVideo attribute', async function () { + const fields = { + autoPlayNextVideo: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid videosHistoryEnabled attribute', async function () { + const fields = { + videosHistoryEnabled: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + it('Should fail with an non authenticated user', async function () { const fields = { currentPassword: 'my super password', @@ -325,13 +496,65 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) + it('Should fail with an invalid videoLanguages attribute', async function () { + { + const fields = { + videoLanguages: 'toto' + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + + { + const languages = [] + for (let i = 0; i < 1000; i++) { + languages.push('fr') + } + + const fields = { + videoLanguages: languages + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + }) + + it('Should fail with an invalid theme', async function () { + const fields = { theme: 'invalid' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an unknown theme', async function () { + const fields = { theme: 'peertube-theme-unknown' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () { + const fields = { + noInstanceConfigWarningModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noWelcomeModal attribute', async function () { + const fields = { + noWelcomeModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + it('Should succeed to change password with the correct params', async function () { const fields = { currentPassword: 'my super password', password: 'my super password', nsfwPolicy: 'blur', autoPlayVideo: false, - email: 'super_email@example.com' + email: 'super_email@example.com', + theme: 'default', + noInstanceConfigWarningModal: true, + noWelcomeModal: true } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) @@ -340,8 +563,7 @@ describe('Test users API validators', function () { it('Should succeed without password change with the correct params', async function () { const fields = { nsfwPolicy: 'blur', - autoPlayVideo: false, - email: 'super_email@example.com' + autoPlayVideo: false } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) @@ -352,7 +574,7 @@ describe('Test users API validators', function () { it('Should fail without an incorrect input file', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4') + avatarfile: join(__dirname, '..', '..', 'fixtures', 'video_short.mp4') } await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) }) @@ -360,7 +582,7 @@ describe('Test users API validators', function () { it('Should fail with a big file', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png') + avatarfile: join(__dirname, '..', '..', 'fixtures', 'avatar-big.png') } await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) }) @@ -368,7 +590,7 @@ describe('Test users API validators', function () { it('Should fail with an unauthenticated user', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png') + avatarfile: join(__dirname, '..', '..', 'fixtures', 'avatar.png') } await makeUploadRequest({ url: server.url, @@ -382,7 +604,7 @@ describe('Test users API validators', function () { it('Should succeed with the correct params', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png') + avatarfile: join(__dirname, '..', '..', 'fixtures', 'avatar.png') } await makeUploadRequest({ url: server.url, @@ -396,11 +618,6 @@ describe('Test users API validators', function () { }) describe('When getting a user', function () { - before(async function () { - const res = await getUsersList(server.url, server.accessToken) - - userId = res.body.data[1].id - }) it('Should fail with an non authenticated user', async function () { await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) @@ -417,16 +634,17 @@ describe('Test users API validators', function () { describe('When updating a user', function () { - before(async function () { - const res = await getUsersList(server.url, server.accessToken) + it('Should fail with an invalid email attribute', async function () { + const fields = { + email: 'blabla' + } - userId = res.body.data[1].id - rootId = res.body.data[2].id + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) }) - it('Should fail with an invalid email attribute', async function () { + it('Should fail with an invalid emailVerified attribute', async function () { const fields = { - email: 'blabla' + emailVerified: 'yes' } await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) @@ -448,6 +666,24 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) }) + it('Should fail with a too small password', async function () { + const fields = { + currentPassword: 'my super password', + password: 'bla' + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + + it('Should fail with a too long password', async function () { + const fields = { + currentPassword: 'my super password', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + it('Should fail with an non authenticated user', async function () { const fields = { videoQuota: 42 @@ -464,15 +700,49 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) }) + it('Should fail with invalid admin flags', async function () { + const fields = { adminFlags: 'toto' } + + await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail to update an admin with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + moderatorId, + token: moderatorAccessToken, + fields, + statusCodeExpected: 403 + }) + }) + + it('Should succeed to update a user with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + userId, + token: moderatorAccessToken, + fields, + statusCodeExpected: 204 + }) + }) + it('Should succeed with the correct params', async function () { const fields = { email: 'email@example.com', + emailVerified: true, videoQuota: 42, - role: UserRole.MODERATOR + role: UserRole.USER } await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) - userAccessToken = await userLogin(server, user) }) }) @@ -504,6 +774,38 @@ describe('Test users API validators', function () { }) }) + describe('When retrieving my global ratings', function () { + const path = '/api/v1/accounts/user1/ratings' + + it('Should fail with a bad start pagination', async function () { + await checkBadStartPagination(server.url, path, userAccessToken) + }) + + it('Should fail with a bad count pagination', async function () { + await checkBadCountPagination(server.url, path, userAccessToken) + }) + + it('Should fail with an incorrect sort', async function () { + await checkBadSortPagination(server.url, path, userAccessToken) + }) + + it('Should fail with a unauthenticated user', async function () { + await makeGetRequest({ url: server.url, path, statusCodeExpected: 401 }) + }) + + it('Should fail with a another user', async function () { + await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: 403 }) + }) + + it('Should fail with a bad type', async function () { + await makeGetRequest({ url: server.url, path, token: userAccessToken, query: { rating: 'toto ' }, statusCodeExpected: 400 }) + }) + + it('Should succeed with the correct params', async function () { + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 200 }) + }) + }) + describe('When blocking/unblocking/removing user', function () { it('Should fail with an incorrect id', async function () { await removeUser(server.url, 'blabla', server.accessToken, 400) @@ -528,6 +830,17 @@ describe('Test users API validators', function () { await blockUser(server.url, userId, userAccessToken, 403) await unblockUser(server.url, userId, userAccessToken, 403) }) + + it('Should fail on a moderator with a moderator', async function () { + await removeUser(server.url, moderatorId, moderatorAccessToken, 403) + await blockUser(server.url, moderatorId, moderatorAccessToken, 403) + await unblockUser(server.url, moderatorId, moderatorAccessToken, 403) + }) + + it('Should succeed on a user with a moderator', async function () { + await blockUser(server.url, userId, moderatorAccessToken) + await unblockUser(server.url, userId, moderatorAccessToken) + }) }) describe('When deleting our account', function () { @@ -536,22 +849,23 @@ describe('Test users API validators', function () { }) }) - describe('When register a new user', function () { + describe('When registering a new user', function () { const registrationPath = path + '/register' const baseCorrectParams = { username: 'user3', + displayName: 'super user', email: 'test3@example.com', password: 'my super password' } it('Should fail with a too small username', async function () { - const fields = immutableAssign(baseCorrectParams, { username: 'ji' }) + const fields = immutableAssign(baseCorrectParams, { username: '' }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) it('Should fail with a too long username', async function () { - const fields = immutableAssign(baseCorrectParams, { username: 'my_super_username_which_is_very_long' }) + const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) @@ -611,7 +925,7 @@ describe('Test users API validators', function () { }) it('Should fail if we register a user with the same email', async function () { - const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' }) + const fields = immutableAssign(baseCorrectParams, { email: 'admin' + server.internalServerNumber + '@example.com' }) await makePostBodyRequest({ url: server.url, @@ -622,12 +936,48 @@ describe('Test users API validators', function () { }) }) + it('Should fail with a bad display name', async function () { + const fields = immutableAssign(baseCorrectParams, { displayName: 'a'.repeat(150) }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with a bad channel name', async function () { + const fields = immutableAssign(baseCorrectParams, { channel: { name: '[]azf', displayName: 'toto' } }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with a bad channel display name', async function () { + const fields = immutableAssign(baseCorrectParams, { channel: { name: 'toto', displayName: '' } }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with a channel name that is the same as username', async function () { + const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } } + const fields = immutableAssign(baseCorrectParams, source) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with an existing channel', async function () { + const videoChannelAttributesArg = { name: 'existing_channel', displayName: 'hello', description: 'super description' } + await addVideoChannel(server.url, server.accessToken, videoChannelAttributesArg) + + const fields = immutableAssign(baseCorrectParams, { channel: { name: 'existing_channel', displayName: 'toto' } }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 }) + }) + it('Should succeed with the correct params', async function () { + const fields = immutableAssign(baseCorrectParams, { channel: { name: 'super_channel', displayName: 'toto' } }) + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, - fields: baseCorrectParams, + fields: fields, statusCodeExpected: 204 }) }) @@ -796,11 +1146,8 @@ describe('Test users API validators', function () { }) after(async function () { - killallServers([ server, serverWithRegistrationDisabled ]) + MockSmtpServer.Instance.kill() - // Keep the logs if the test failed - if (this['ok']) { - await flushTests() - } + await cleanupTests([ server, serverWithRegistrationDisabled ]) }) })