X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fusers.ts;h=55094795c459ac94887157fbd8f0487c13474d64;hb=8d5e65349deebd499c0be10fe02d535a77d58ddb;hp=3268f8c9011b7c2e944f5dc69d0bc831f1c3d5c5;hpb=1f20622f2b087eaf8738d60fae00a44b9c558ca3;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 3268f8c90..55094795c 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -3,7 +3,7 @@ import { omit } from 'lodash' import 'mocha' import { join } from 'path' -import { UserRole, VideoImport, VideoImportState } from '../../../../shared' +import { User, UserRole, VideoImport, VideoImportState } from '../../../../shared' import { addVideoChannel, @@ -44,35 +44,79 @@ describe('Test users API validators', function () { const path = '/api/v1/users/' let userId: number let rootId: number + let moderatorId: number let videoId: number let server: ServerInfo let serverWithRegistrationDisabled: ServerInfo let userAccessToken = '' + let moderatorAccessToken = '' let channelId: number - const user = { - username: 'user1', - password: 'my super password' - } // --------------------------------------------------------------- before(async function () { this.timeout(30000) - server = await flushAndRunServer(1) - serverWithRegistrationDisabled = await flushAndRunServer(2) + { + const res = await Promise.all([ + flushAndRunServer(1, { signup: { limit: 7 } }), + flushAndRunServer(2) + ]) - await setAccessTokensToServers([ server ]) + server = res[0] + serverWithRegistrationDisabled = res[1] - const videoQuota = 42000000 - await createUser({ - url: server.url, - accessToken: server.accessToken, - username: user.username, - password: user.password, - videoQuota: videoQuota - }) - userAccessToken = await userLogin(server, user) + await setAccessTokensToServers([ server ]) + } + + { + const user = { + username: 'user1', + password: 'my super password' + } + + const videoQuota = 42000000 + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: user.username, + password: user.password, + videoQuota: videoQuota + }) + userAccessToken = await userLogin(server, user) + } + + { + const moderator = { + username: 'moderator1', + password: 'super password' + } + + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) + + moderatorAccessToken = await userLogin(server, moderator) + } + + { + const moderator = { + username: 'moderator2', + password: 'super password' + } + + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) + } { const res = await getMyUserInformation(server.url, server.accessToken) @@ -83,6 +127,15 @@ describe('Test users API validators', function () { const res = await uploadVideo(server.url, server.accessToken, {}) videoId = res.body.video.id } + + { + const res = await getUsersList(server.url, server.accessToken) + const users: User[] = res.body.data + + userId = users.find(u => u.username === 'user1').id + rootId = users.find(u => u.username === 'root').id + moderatorId = users.find(u => u.username === 'moderator2').id + } }) describe('When listing users', function () { @@ -251,6 +304,32 @@ describe('Test users API validators', function () { }) }) + it('Should fail to create a moderator or an admin with a moderator', async function () { + for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { + const fields = immutableAssign(baseCorrectParams, { role }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: 403 + }) + } + }) + + it('Should succeed to create a user with a moderator', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: 200 + }) + }) + it('Should succeed with the correct params', async function () { await makePostBodyRequest({ url: server.url, @@ -364,13 +443,65 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) + it('Should fail with an invalid videoLanguages attribute', async function () { + { + const fields = { + videoLanguages: 'toto' + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + + { + const languages = [] + for (let i = 0; i < 1000; i++) { + languages.push('fr') + } + + const fields = { + videoLanguages: languages + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + }) + + it('Should fail with an invalid theme', async function () { + const fields = { theme: 'invalid' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an unknown theme', async function () { + const fields = { theme: 'peertube-theme-unknown' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () { + const fields = { + noInstanceConfigWarningModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noWelcomeModal attribute', async function () { + const fields = { + noWelcomeModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + it('Should succeed to change password with the correct params', async function () { const fields = { currentPassword: 'my super password', password: 'my super password', nsfwPolicy: 'blur', autoPlayVideo: false, - email: 'super_email@example.com' + email: 'super_email@example.com', + theme: 'default', + noInstanceConfigWarningModal: true, + noWelcomeModal: true } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) @@ -379,8 +510,7 @@ describe('Test users API validators', function () { it('Should succeed without password change with the correct params', async function () { const fields = { nsfwPolicy: 'blur', - autoPlayVideo: false, - email: 'super_email@example.com' + autoPlayVideo: false } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) @@ -435,11 +565,6 @@ describe('Test users API validators', function () { }) describe('When getting a user', function () { - before(async function () { - const res = await getUsersList(server.url, server.accessToken) - - userId = res.body.data[1].id - }) it('Should fail with an non authenticated user', async function () { await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) @@ -456,13 +581,6 @@ describe('Test users API validators', function () { describe('When updating a user', function () { - before(async function () { - const res = await getUsersList(server.url, server.accessToken) - - userId = res.body.data[1].id - rootId = res.body.data[2].id - }) - it('Should fail with an invalid email attribute', async function () { const fields = { email: 'blabla' @@ -532,7 +650,35 @@ describe('Test users API validators', function () { it('Should fail with invalid admin flags', async function () { const fields = { adminFlags: 'toto' } - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail to update an admin with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + moderatorId, + token: moderatorAccessToken, + fields, + statusCodeExpected: 403 + }) + }) + + it('Should succeed to update a user with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + userId, + token: moderatorAccessToken, + fields, + statusCodeExpected: 204 + }) }) it('Should succeed with the correct params', async function () { @@ -631,6 +777,17 @@ describe('Test users API validators', function () { await blockUser(server.url, userId, userAccessToken, 403) await unblockUser(server.url, userId, userAccessToken, 403) }) + + it('Should fail on a moderator with a moderator', async function () { + await removeUser(server.url, moderatorId, moderatorAccessToken, 403) + await blockUser(server.url, moderatorId, moderatorAccessToken, 403) + await unblockUser(server.url, moderatorId, moderatorAccessToken, 403) + }) + + it('Should succeed on a user with a moderator', async function () { + await blockUser(server.url, userId, moderatorAccessToken) + await unblockUser(server.url, userId, moderatorAccessToken) + }) }) describe('When deleting our account', function () {