X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fusers.ts;h=55094795c459ac94887157fbd8f0487c13474d64;hb=8d5e65349deebd499c0be10fe02d535a77d58ddb;hp=b62806554b4077f0305306c5bea41ecf29170be7;hpb=94565d52bb2883e09f16d1363170ac9c0dccb7a1;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index b62806554..55094795c 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -3,12 +3,31 @@ import { omit } from 'lodash' import 'mocha' import { join } from 'path' -import { UserRole, VideoImport, VideoImportState } from '../../../../shared' +import { User, UserRole, VideoImport, VideoImportState } from '../../../../shared' import { - createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest, - makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers, - updateUser, uploadVideo, userLogin, deleteMe, unblockUser, blockUser + addVideoChannel, + blockUser, + cleanupTests, + createUser, + deleteMe, + flushAndRunServer, + getMyUserInformation, + getMyUserVideoRating, + getUsersList, + immutableAssign, + makeGetRequest, + makePostBodyRequest, + makePutBodyRequest, + makeUploadRequest, + registerUser, + removeUser, + ServerInfo, + setAccessTokensToServers, + unblockUser, + updateUser, + uploadVideo, + userLogin } from '../../../../shared/extra-utils' import { checkBadCountPagination, @@ -25,37 +44,79 @@ describe('Test users API validators', function () { const path = '/api/v1/users/' let userId: number let rootId: number + let moderatorId: number let videoId: number let server: ServerInfo let serverWithRegistrationDisabled: ServerInfo let userAccessToken = '' + let moderatorAccessToken = '' let channelId: number - const user = { - username: 'user1', - password: 'my super password' - } // --------------------------------------------------------------- before(async function () { this.timeout(30000) - await flushTests() + { + const res = await Promise.all([ + flushAndRunServer(1, { signup: { limit: 7 } }), + flushAndRunServer(2) + ]) - server = await runServer(1) - serverWithRegistrationDisabled = await runServer(2) + server = res[0] + serverWithRegistrationDisabled = res[1] - await setAccessTokensToServers([ server ]) + await setAccessTokensToServers([ server ]) + } - const videoQuota = 42000000 - await createUser({ - url: server.url, - accessToken: server.accessToken, - username: user.username, - password: user.password, - videoQuota: videoQuota - }) - userAccessToken = await userLogin(server, user) + { + const user = { + username: 'user1', + password: 'my super password' + } + + const videoQuota = 42000000 + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: user.username, + password: user.password, + videoQuota: videoQuota + }) + userAccessToken = await userLogin(server, user) + } + + { + const moderator = { + username: 'moderator1', + password: 'super password' + } + + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) + + moderatorAccessToken = await userLogin(server, moderator) + } + + { + const moderator = { + username: 'moderator2', + password: 'super password' + } + + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) + } { const res = await getMyUserInformation(server.url, server.accessToken) @@ -66,6 +127,15 @@ describe('Test users API validators', function () { const res = await uploadVideo(server.url, server.accessToken, {}) videoId = res.body.video.id } + + { + const res = await getUsersList(server.url, server.accessToken) + const users: User[] = res.body.data + + userId = users.find(u => u.username === 'user1').id + rootId = users.find(u => u.username === 'root').id + moderatorId = users.find(u => u.username === 'moderator2').id + } }) describe('When listing users', function () { @@ -234,6 +304,32 @@ describe('Test users API validators', function () { }) }) + it('Should fail to create a moderator or an admin with a moderator', async function () { + for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { + const fields = immutableAssign(baseCorrectParams, { role }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: 403 + }) + } + }) + + it('Should succeed to create a user with a moderator', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: 200 + }) + }) + it('Should succeed with the correct params', async function () { await makePostBodyRequest({ url: server.url, @@ -347,13 +443,65 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) + it('Should fail with an invalid videoLanguages attribute', async function () { + { + const fields = { + videoLanguages: 'toto' + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + + { + const languages = [] + for (let i = 0; i < 1000; i++) { + languages.push('fr') + } + + const fields = { + videoLanguages: languages + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + }) + + it('Should fail with an invalid theme', async function () { + const fields = { theme: 'invalid' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an unknown theme', async function () { + const fields = { theme: 'peertube-theme-unknown' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () { + const fields = { + noInstanceConfigWarningModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noWelcomeModal attribute', async function () { + const fields = { + noWelcomeModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + it('Should succeed to change password with the correct params', async function () { const fields = { currentPassword: 'my super password', password: 'my super password', nsfwPolicy: 'blur', autoPlayVideo: false, - email: 'super_email@example.com' + email: 'super_email@example.com', + theme: 'default', + noInstanceConfigWarningModal: true, + noWelcomeModal: true } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) @@ -362,8 +510,7 @@ describe('Test users API validators', function () { it('Should succeed without password change with the correct params', async function () { const fields = { nsfwPolicy: 'blur', - autoPlayVideo: false, - email: 'super_email@example.com' + autoPlayVideo: false } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) @@ -418,11 +565,6 @@ describe('Test users API validators', function () { }) describe('When getting a user', function () { - before(async function () { - const res = await getUsersList(server.url, server.accessToken) - - userId = res.body.data[1].id - }) it('Should fail with an non authenticated user', async function () { await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) @@ -439,13 +581,6 @@ describe('Test users API validators', function () { describe('When updating a user', function () { - before(async function () { - const res = await getUsersList(server.url, server.accessToken) - - userId = res.body.data[1].id - rootId = res.body.data[2].id - }) - it('Should fail with an invalid email attribute', async function () { const fields = { email: 'blabla' @@ -515,7 +650,35 @@ describe('Test users API validators', function () { it('Should fail with invalid admin flags', async function () { const fields = { adminFlags: 'toto' } - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail to update an admin with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + moderatorId, + token: moderatorAccessToken, + fields, + statusCodeExpected: 403 + }) + }) + + it('Should succeed to update a user with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + userId, + token: moderatorAccessToken, + fields, + statusCodeExpected: 204 + }) }) it('Should succeed with the correct params', async function () { @@ -614,6 +777,17 @@ describe('Test users API validators', function () { await blockUser(server.url, userId, userAccessToken, 403) await unblockUser(server.url, userId, userAccessToken, 403) }) + + it('Should fail on a moderator with a moderator', async function () { + await removeUser(server.url, moderatorId, moderatorAccessToken, 403) + await blockUser(server.url, moderatorId, moderatorAccessToken, 403) + await unblockUser(server.url, moderatorId, moderatorAccessToken, 403) + }) + + it('Should succeed on a user with a moderator', async function () { + await blockUser(server.url, userId, moderatorAccessToken) + await unblockUser(server.url, userId, moderatorAccessToken) + }) }) describe('When deleting our account', function () { @@ -622,10 +796,11 @@ describe('Test users API validators', function () { }) }) - describe('When register a new user', function () { + describe('When registering a new user', function () { const registrationPath = path + '/register' const baseCorrectParams = { username: 'user3', + displayName: 'super user', email: 'test3@example.com', password: 'my super password' } @@ -697,7 +872,7 @@ describe('Test users API validators', function () { }) it('Should fail if we register a user with the same email', async function () { - const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' }) + const fields = immutableAssign(baseCorrectParams, { email: 'admin' + server.internalServerNumber + '@example.com' }) await makePostBodyRequest({ url: server.url, @@ -708,12 +883,48 @@ describe('Test users API validators', function () { }) }) + it('Should fail with a bad display name', async function () { + const fields = immutableAssign(baseCorrectParams, { displayName: 'a'.repeat(150) }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with a bad channel name', async function () { + const fields = immutableAssign(baseCorrectParams, { channel: { name: '[]azf', displayName: 'toto' } }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with a bad channel display name', async function () { + const fields = immutableAssign(baseCorrectParams, { channel: { name: 'toto', displayName: '' } }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with a channel name that is the same than user username', async function () { + const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } } + const fields = immutableAssign(baseCorrectParams, source) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with an existing channel', async function () { + const videoChannelAttributesArg = { name: 'existing_channel', displayName: 'hello', description: 'super description' } + await addVideoChannel(server.url, server.accessToken, videoChannelAttributesArg) + + const fields = immutableAssign(baseCorrectParams, { channel: { name: 'existing_channel', displayName: 'toto' } }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 }) + }) + it('Should succeed with the correct params', async function () { + const fields = immutableAssign(baseCorrectParams, { channel: { name: 'super_channel', displayName: 'toto' } }) + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, - fields: baseCorrectParams, + fields: fields, statusCodeExpected: 204 }) }) @@ -882,11 +1093,6 @@ describe('Test users API validators', function () { }) after(async function () { - killallServers([ server, serverWithRegistrationDisabled ]) - - // Keep the logs if the test failed - if (this['ok']) { - await flushTests() - } + await cleanupTests([ server, serverWithRegistrationDisabled ]) }) })