X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fusers.ts;h=55094795c459ac94887157fbd8f0487c13474d64;hb=8d5e65349deebd499c0be10fe02d535a77d58ddb;hp=ef78c8262408ac11f07412bf01b68df3d1769cf5;hpb=77a5501f6413aff2f2a626b929dfda486fa9a3e6;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index ef78c8262..55094795c 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -1,243 +1,352 @@ /* tslint:disable:no-unused-expression */ -import * as request from 'supertest' +import { omit } from 'lodash' import 'mocha' +import { join } from 'path' +import { User, UserRole, VideoImport, VideoImportState } from '../../../../shared' import { - ServerInfo, - flushTests, - runServer, - uploadVideo, - getVideosList, - makePutBodyRequest, + addVideoChannel, + blockUser, + cleanupTests, createUser, - loginAndGetAccessToken, + deleteMe, + flushAndRunServer, + getMyUserInformation, + getMyUserVideoRating, getUsersList, + immutableAssign, + makeGetRequest, + makePostBodyRequest, + makePutBodyRequest, + makeUploadRequest, registerUser, + removeUser, + ServerInfo, setAccessTokensToServers, - killallServers, - makePostBodyRequest, - getUserAccessToken -} from '../../utils' + unblockUser, + updateUser, + uploadVideo, + userLogin +} from '../../../../shared/extra-utils' +import { + checkBadCountPagination, + checkBadSortPagination, + checkBadStartPagination +} from '../../../../shared/extra-utils/requests/check-api-params' +import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../../../shared/extra-utils/videos/video-imports' +import { VideoPrivacy } from '../../../../shared/models/videos' +import { waitJobs } from '../../../../shared/extra-utils/server/jobs' +import { expect } from 'chai' +import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' describe('Test users API validators', function () { const path = '/api/v1/users/' let userId: number let rootId: number + let moderatorId: number let videoId: number let server: ServerInfo let serverWithRegistrationDisabled: ServerInfo let userAccessToken = '' + let moderatorAccessToken = '' + let channelId: number // --------------------------------------------------------------- before(async function () { - this.timeout(120000) + this.timeout(30000) + + { + const res = await Promise.all([ + flushAndRunServer(1, { signup: { limit: 7 } }), + flushAndRunServer(2) + ]) + + server = res[0] + serverWithRegistrationDisabled = res[1] + + await setAccessTokensToServers([ server ]) + } + + { + const user = { + username: 'user1', + password: 'my super password' + } - await flushTests() + const videoQuota = 42000000 + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: user.username, + password: user.password, + videoQuota: videoQuota + }) + userAccessToken = await userLogin(server, user) + } + + { + const moderator = { + username: 'moderator1', + password: 'super password' + } - server = await runServer(1) - serverWithRegistrationDisabled = await runServer(2) + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) - await setAccessTokensToServers([ server ]) + moderatorAccessToken = await userLogin(server, moderator) + } - const username = 'user1' - const password = 'my super password' - const videoQuota = 42000000 - await createUser(server.url, server.accessToken, username, password, videoQuota) + { + const moderator = { + username: 'moderator2', + password: 'super password' + } - const videoAttributes = {} - await uploadVideo(server.url, server.accessToken, videoAttributes) + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: moderator.username, + password: moderator.password, + role: UserRole.MODERATOR + }) + } - const res = await getVideosList(server.url) - const videos = res.body.data - videoId = videos[0].id + { + const res = await getMyUserInformation(server.url, server.accessToken) + channelId = res.body.videoChannels[ 0 ].id + } - const user = { - username: 'user1', - password: 'my super password' + { + const res = await uploadVideo(server.url, server.accessToken, {}) + videoId = res.body.video.id + } + + { + const res = await getUsersList(server.url, server.accessToken) + const users: User[] = res.body.data + + userId = users.find(u => u.username === 'user1').id + rootId = users.find(u => u.username === 'root').id + moderatorId = users.find(u => u.username === 'moderator2').id } - userAccessToken = await getUserAccessToken(server, user) }) describe('When listing users', function () { it('Should fail with a bad start pagination', async function () { - await request(server.url) - .get(path) - .query({ start: 'hello' }) - .set('Accept', 'application/json') - .expect(400) + await checkBadStartPagination(server.url, path, server.accessToken) }) it('Should fail with a bad count pagination', async function () { - await request(server.url) - .get(path) - .query({ count: 'hello' }) - .set('Accept', 'application/json') - .expect(400) + await checkBadCountPagination(server.url, path, server.accessToken) }) it('Should fail with an incorrect sort', async function () { - await request(server.url) - .get(path) - .query({ sort: 'hello' }) - .set('Accept', 'application/json') - .expect(400) + await checkBadSortPagination(server.url, path, server.accessToken) + }) + + it('Should fail with a non authenticated user', async function () { + await makeGetRequest({ + url: server.url, + path, + statusCodeExpected: 401 + }) + }) + + it('Should fail with a non admin user', async function () { + await makeGetRequest({ + url: server.url, + path, + token: userAccessToken, + statusCodeExpected: 403 + }) }) }) describe('When adding a new user', function () { + const baseCorrectParams = { + username: 'user2', + email: 'test@example.com', + password: 'my super password', + videoQuota: -1, + videoQuotaDaily: -1, + role: UserRole.USER, + adminFlags: UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST + } + it('Should fail with a too small username', async function () { - const fields = { - username: 'ji', - email: 'test@example.com', - password: 'my_super_password', - videoQuota: 42000000 - } + const fields = immutableAssign(baseCorrectParams, { username: '' }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) it('Should fail with a too long username', async function () { - const fields = { - username: 'my_super_username_which_is_very_long', - email: 'test@example.com', - password: 'my_super_password', - videoQuota: 42000000 - } + const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with a not lowercase username', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'Toto' }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) it('Should fail with an incorrect username', async function () { - const fields = { - username: 'my username', - email: 'test@example.com', - password: 'my_super_password', - videoQuota: 42000000 - } + const fields = immutableAssign(baseCorrectParams, { username: 'my username' }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) it('Should fail with a missing email', async function () { - const fields = { - username: 'ji', - password: 'my_super_password', - videoQuota: 42000000 - } + const fields = omit(baseCorrectParams, 'email') await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) it('Should fail with an invalid email', async function () { - const fields = { - username: 'my_super_username_which_is_very_long', - email: 'test_example.com', - password: 'my_super_password', - videoQuota: 42000000 - } + const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) it('Should fail with a too small password', async function () { - const fields = { - username: 'my_username', - email: 'test@example.com', - password: 'bla', - videoQuota: 42000000 - } + const fields = immutableAssign(baseCorrectParams, { password: 'bla' }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) it('Should fail with a too long password', async function () { - const fields = { - username: 'my_username', - email: 'test@example.com', - password: 'my super long password which is very very very very very very very very very very very very very very' + - 'very very very very very very very very very very very very very very very veryv very very very very' + - 'very very very very very very very very very very very very very very very very very very very very long', - videoQuota: 42000000 - } + const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) - it('Should fail with an non authenticated user', async function () { - const fields = { - username: 'my_username', - email: 'test@example.com', - password: 'my super password', - videoQuota: 42000000 - } + it('Should fail with invalid admin flags', async function () { + const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) - await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 }) + it('Should fail with an non authenticated user', async function () { + await makePostBodyRequest({ + url: server.url, + path, + token: 'super token', + fields: baseCorrectParams, + statusCodeExpected: 401 + }) }) it('Should fail if we add a user with the same username', async function () { - const fields = { - username: 'user1', - email: 'test@example.com', - password: 'my super password', - videoQuota: 42000000 - } + const fields = immutableAssign(baseCorrectParams, { username: 'user1' }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) }) it('Should fail if we add a user with the same email', async function () { - const fields = { - username: 'my_username', - email: 'user1@example.com', - password: 'my super password', - videoQuota: 42000000 - } + const fields = immutableAssign(baseCorrectParams, { email: 'user1@example.com' }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) }) it('Should fail without a videoQuota', async function () { - const fields = { - username: 'my_username', - email: 'user1@example.com', - password: 'my super password' - } + const fields = omit(baseCorrectParams, 'videoQuota') + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail without a videoQuotaDaily', async function () { + const fields = omit(baseCorrectParams, 'videoQuotaDaily') await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) it('Should fail with an invalid videoQuota', async function () { - const fields = { - username: 'my_username', - email: 'user1@example.com', - password: 'my super password', - videoQuota: -5 - } + const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) - it('Should succeed with the correct params', async function () { - const fields = { - username: 'user2', - email: 'test@example.com', - password: 'my super password', - videoQuota: -1 + it('Should fail with an invalid videoQuotaDaily', async function () { + const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail without a user role', async function () { + const fields = omit(baseCorrectParams, 'role') + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with an invalid user role', async function () { + const fields = immutableAssign(baseCorrectParams, { role: 88989 }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with a "peertube" username', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) + + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: 409 + }) + }) + + it('Should fail to create a moderator or an admin with a moderator', async function () { + for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { + const fields = immutableAssign(baseCorrectParams, { role }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: 403 + }) } + }) - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) + it('Should succeed to create a user with a moderator', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }) + + await makePostBodyRequest({ + url: server.url, + path, + token: moderatorAccessToken, + fields, + statusCodeExpected: 200 + }) + }) + + it('Should succeed with the correct params', async function () { + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields: baseCorrectParams, + statusCodeExpected: 200 + }) }) it('Should fail with a non admin user', async function () { - server.user = { + const user = { username: 'user1', - email: 'test@example.com', password: 'my super password' } + userAccessToken = await userLogin(server, user) - userAccessToken = await loginAndGetAccessToken(server) const fields = { username: 'user3', email: 'test@example.com', @@ -259,6 +368,7 @@ describe('Test users API validators', function () { it('Should fail with a too small password', async function () { const fields = { + currentPassword: 'my super password', password: 'bla' } @@ -267,17 +377,50 @@ describe('Test users API validators', function () { it('Should fail with a too long password', async function () { const fields = { - password: 'my super long password which is very very very very very very very very very very very very very very' + - 'very very very very very very very very very very very very very very very veryv very very very very' + - 'very very very very very very very very very very very very very very very very very very very very long' + currentPassword: 'my super password', + password: 'super'.repeat(61) } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) - it('Should fail with an invalid display NSFW attribute', async function () { + it('Should fail without the current password', async function () { const fields = { - displayNSFW: -1 + currentPassword: 'my super password', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid current password', async function () { + const fields = { + currentPassword: 'my super password fail', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 401 }) + }) + + it('Should fail with an invalid NSFW policy attribute', async function () { + const fields = { + nsfwPolicy: 'hello' + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid autoPlayVideo attribute', async function () { + const fields = { + autoPlayVideo: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid videosHistoryEnabled attribute', async function () { + const fields = { + videosHistoryEnabled: -1 } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) @@ -285,31 +428,158 @@ describe('Test users API validators', function () { it('Should fail with an non authenticated user', async function () { const fields = { + currentPassword: 'my super password', password: 'my super password' } await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 }) }) - it('Should succeed with the correct params', async function () { + it('Should fail with a too long description', async function () { + const fields = { + description: 'super'.repeat(201) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid videoLanguages attribute', async function () { + { + const fields = { + videoLanguages: 'toto' + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + + { + const languages = [] + for (let i = 0; i < 1000; i++) { + languages.push('fr') + } + + const fields = { + videoLanguages: languages + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + } + }) + + it('Should fail with an invalid theme', async function () { + const fields = { theme: 'invalid' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an unknown theme', async function () { + const fields = { theme: 'peertube-theme-unknown' } + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noInstanceConfigWarningModal attribute', async function () { + const fields = { + noInstanceConfigWarningModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid noWelcomeModal attribute', async function () { + const fields = { + noWelcomeModal: -1 + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should succeed to change password with the correct params', async function () { const fields = { + currentPassword: 'my super password', password: 'my super password', - displayNSFW: true, - email: 'super_email@example.com' + nsfwPolicy: 'blur', + autoPlayVideo: false, + email: 'super_email@example.com', + theme: 'default', + noInstanceConfigWarningModal: true, + noWelcomeModal: true + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) + }) + + it('Should succeed without password change with the correct params', async function () { + const fields = { + nsfwPolicy: 'blur', + autoPlayVideo: false } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) }) }) - describe('When updating a user', function () { + describe('When updating my avatar', function () { + it('Should fail without an incorrect input file', async function () { + const fields = {} + const attaches = { + 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4') + } + await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) + }) + + it('Should fail with a big file', async function () { + const fields = {} + const attaches = { + 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png') + } + await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) + }) + + it('Should fail with an unauthenticated user', async function () { + const fields = {} + const attaches = { + 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png') + } + await makeUploadRequest({ + url: server.url, + path: path + '/me/avatar/pick', + fields, + attaches, + statusCodeExpected: 401 + }) + }) + + it('Should succeed with the correct params', async function () { + const fields = {} + const attaches = { + 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png') + } + await makeUploadRequest({ + url: server.url, + path: path + '/me/avatar/pick', + token: server.accessToken, + fields, + attaches, + statusCodeExpected: 200 + }) + }) + }) + + describe('When getting a user', function () { + + it('Should fail with an non authenticated user', async function () { + await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) + }) - before(async function () { - const res = await getUsersList(server.url) + it('Should fail with a non admin user', async function () { + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 }) + }) - userId = res.body.data[1].id - rootId = res.body.data[2].id + it('Should succeed with the correct params', async function () { + await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 }) }) + }) + + describe('When updating a user', function () { it('Should fail with an invalid email attribute', async function () { const fields = { @@ -319,6 +589,14 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) }) + it('Should fail with an invalid emailVerified attribute', async function () { + const fields = { + emailVerified: 'yes' + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + it('Should fail with an invalid videoQuota attribute', async function () { const fields = { videoQuota: -90 @@ -327,6 +605,32 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) }) + it('Should fail with an invalid user role attribute', async function () { + const fields = { + role: 54878 + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + + it('Should fail with a too small password', async function () { + const fields = { + currentPassword: 'my super password', + password: 'bla' + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + + it('Should fail with a too long password', async function () { + const fields = { + currentPassword: 'my super password', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) + }) + it('Should fail with an non authenticated user', async function () { const fields = { videoQuota: 42 @@ -335,10 +639,54 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 }) }) + it('Should fail when updating root role', async function () { + const fields = { + role: UserRole.MODERATOR + } + + await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) + }) + + it('Should fail with invalid admin flags', async function () { + const fields = { adminFlags: 'toto' } + + await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail to update an admin with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + moderatorId, + token: moderatorAccessToken, + fields, + statusCodeExpected: 403 + }) + }) + + it('Should succeed to update a user with a moderator', async function () { + const fields = { + videoQuota: 42 + } + + await makePutBodyRequest({ + url: server.url, + path: path + userId, + token: moderatorAccessToken, + fields, + statusCodeExpected: 204 + }) + }) + it('Should succeed with the correct params', async function () { const fields = { email: 'email@example.com', - videoQuota: 42 + emailVerified: true, + videoQuota: 42, + role: UserRole.USER } await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) @@ -347,204 +695,238 @@ describe('Test users API validators', function () { describe('When getting my information', function () { it('Should fail with a non authenticated user', async function () { - await request(server.url) - .get(path + 'me') - .set('Authorization', 'Bearer fake_token') - .set('Accept', 'application/json') - .expect(401) + await getMyUserInformation(server.url, 'fake_token', 401) }) it('Should success with the correct parameters', async function () { - await request(server.url) - .get(path + 'me') - .set('Authorization', 'Bearer ' + userAccessToken) - .set('Accept', 'application/json') - .expect(200) + await getMyUserInformation(server.url, userAccessToken) }) }) describe('When getting my video rating', function () { it('Should fail with a non authenticated user', async function () { - await request(server.url) - .get(path + 'me/videos/' + videoId + '/rating') - .set('Authorization', 'Bearer fake_token') - .set('Accept', 'application/json') - .expect(401) + await getMyUserVideoRating(server.url, 'fake_token', videoId, 401) }) it('Should fail with an incorrect video uuid', async function () { - await request(server.url) - .get(path + 'me/videos/blabla/rating') - .set('Authorization', 'Bearer ' + userAccessToken) - .set('Accept', 'application/json') - .expect(400) + await getMyUserVideoRating(server.url, server.accessToken, 'blabla', 400) }) it('Should fail with an unknown video', async function () { - await request(server.url) - .get(path + 'me/videos/4da6fde3-88f7-4d16-b119-108df5630b06/rating') - .set('Authorization', 'Bearer ' + userAccessToken) - .set('Accept', 'application/json') - .expect(404) + await getMyUserVideoRating(server.url, server.accessToken, '4da6fde3-88f7-4d16-b119-108df5630b06', 404) }) - it('Should success with the correct parameters', async function () { - await request(server.url) - .get(path + 'me/videos/' + videoId + '/rating') - .set('Authorization', 'Bearer ' + userAccessToken) - .set('Accept', 'application/json') - .expect(200) + it('Should succeed with the correct parameters', async function () { + await getMyUserVideoRating(server.url, server.accessToken, videoId) }) }) - describe('When removing an user', function () { - it('Should fail with an incorrect id', async function () { - await request(server.url) - .delete(path + 'bla-bla') - .set('Authorization', 'Bearer ' + server.accessToken) - .expect(400) + describe('When retrieving my global ratings', function () { + const path = '/api/v1/accounts/user1/ratings' + + it('Should fail with a bad start pagination', async function () { + await checkBadStartPagination(server.url, path, userAccessToken) }) - it('Should fail with the root user', async function () { - await request(server.url) - .delete(path + rootId) - .set('Authorization', 'Bearer ' + server.accessToken) - .expect(400) + it('Should fail with a bad count pagination', async function () { + await checkBadCountPagination(server.url, path, userAccessToken) }) - it('Should return 404 with a non existing id', async function () { - await request(server.url) - .delete(path + '45') - .set('Authorization', 'Bearer ' + server.accessToken) - .expect(404) + it('Should fail with an incorrect sort', async function () { + await checkBadSortPagination(server.url, path, userAccessToken) + }) + + it('Should fail with a unauthenticated user', async function () { + await makeGetRequest({ url: server.url, path, statusCodeExpected: 401 }) + }) + + it('Should fail with a another user', async function () { + await makeGetRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: 403 }) + }) + + it('Should fail with a bad type', async function () { + await makeGetRequest({ url: server.url, path, token: userAccessToken, query: { rating: 'toto ' }, statusCodeExpected: 400 }) + }) + + it('Should succeed with the correct params', async function () { + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 200 }) }) }) - describe('When removing an user', function () { + describe('When blocking/unblocking/removing user', function () { it('Should fail with an incorrect id', async function () { - await request(server.url) - .delete(path + 'bla-bla') - .set('Authorization', 'Bearer ' + server.accessToken) - .expect(400) + await removeUser(server.url, 'blabla', server.accessToken, 400) + await blockUser(server.url, 'blabla', server.accessToken, 400) + await unblockUser(server.url, 'blabla', server.accessToken, 400) }) it('Should fail with the root user', async function () { - await request(server.url) - .delete(path + rootId) - .set('Authorization', 'Bearer ' + server.accessToken) - .expect(400) + await removeUser(server.url, rootId, server.accessToken, 400) + await blockUser(server.url, rootId, server.accessToken, 400) + await unblockUser(server.url, rootId, server.accessToken, 400) }) it('Should return 404 with a non existing id', async function () { - await request(server.url) - .delete(path + '45') - .set('Authorization', 'Bearer ' + server.accessToken) - .expect(404) + await removeUser(server.url, 4545454, server.accessToken, 404) + await blockUser(server.url, 4545454, server.accessToken, 404) + await unblockUser(server.url, 4545454, server.accessToken, 404) + }) + + it('Should fail with a non admin user', async function () { + await removeUser(server.url, userId, userAccessToken, 403) + await blockUser(server.url, userId, userAccessToken, 403) + await unblockUser(server.url, userId, userAccessToken, 403) + }) + + it('Should fail on a moderator with a moderator', async function () { + await removeUser(server.url, moderatorId, moderatorAccessToken, 403) + await blockUser(server.url, moderatorId, moderatorAccessToken, 403) + await unblockUser(server.url, moderatorId, moderatorAccessToken, 403) + }) + + it('Should succeed on a user with a moderator', async function () { + await blockUser(server.url, userId, moderatorAccessToken) + await unblockUser(server.url, userId, moderatorAccessToken) }) }) - describe('When register a new user', function () { + describe('When deleting our account', function () { + it('Should fail with with the root account', async function () { + await deleteMe(server.url, server.accessToken, 400) + }) + }) + + describe('When registering a new user', function () { const registrationPath = path + '/register' + const baseCorrectParams = { + username: 'user3', + displayName: 'super user', + email: 'test3@example.com', + password: 'my super password' + } it('Should fail with a too small username', async function () { - const fields = { - username: 'ji', - email: 'test@example.com', - password: 'my_super_password' - } + const fields = immutableAssign(baseCorrectParams, { username: '' }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) it('Should fail with a too long username', async function () { - const fields = { - username: 'my_super_username_which_is_very_long', - email: 'test@example.com', - password: 'my_super_password' - } + const fields = immutableAssign(baseCorrectParams, { username: 'super'.repeat(50) }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) it('Should fail with an incorrect username', async function () { - const fields = { - username: 'my username', - email: 'test@example.com', - password: 'my_super_password' - } + const fields = immutableAssign(baseCorrectParams, { username: 'my username' }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) it('Should fail with a missing email', async function () { - const fields = { - username: 'ji', - password: 'my_super_password' - } + const fields = omit(baseCorrectParams, 'email') await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) it('Should fail with an invalid email', async function () { - const fields = { - username: 'my_super_username_which_is_very_long', - email: 'test_example.com', - password: 'my_super_password' - } + const fields = immutableAssign(baseCorrectParams, { email: 'test_example.com' }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) it('Should fail with a too small password', async function () { - const fields = { - username: 'my_username', - email: 'test@example.com', - password: 'bla' - } + const fields = immutableAssign(baseCorrectParams, { password: 'bla' }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) it('Should fail with a too long password', async function () { - const fields = { - username: 'my_username', - email: 'test@example.com', - password: 'my super long password which is very very very very very very very very very very very very very very' + - 'very very very very very very very very very very very very very very very veryv very very very very' + - 'very very very very very very very very very very very very very very very very very very very very long' - } + const fields = immutableAssign(baseCorrectParams, { password: 'super'.repeat(61) }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) }) it('Should fail if we register a user with the same username', async function () { - const fields = { - username: 'root', - email: 'test@example.com', - password: 'my super password' - } + const fields = immutableAssign(baseCorrectParams, { username: 'root' }) - await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 }) + await makePostBodyRequest({ + url: server.url, + path: registrationPath, + token: server.accessToken, + fields, + statusCodeExpected: 409 + }) + }) + + it('Should fail with a "peertube" username', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) + + await makePostBodyRequest({ + url: server.url, + path: registrationPath, + token: server.accessToken, + fields, + statusCodeExpected: 409 + }) }) it('Should fail if we register a user with the same email', async function () { - const fields = { - username: 'my_username', - email: 'admin1@example.com', - password: 'my super password' - } + const fields = immutableAssign(baseCorrectParams, { email: 'admin' + server.internalServerNumber + '@example.com' }) + + await makePostBodyRequest({ + url: server.url, + path: registrationPath, + token: server.accessToken, + fields, + statusCodeExpected: 409 + }) + }) + + it('Should fail with a bad display name', async function () { + const fields = immutableAssign(baseCorrectParams, { displayName: 'a'.repeat(150) }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with a bad channel name', async function () { + const fields = immutableAssign(baseCorrectParams, { channel: { name: '[]azf', displayName: 'toto' } }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with a bad channel display name', async function () { + const fields = immutableAssign(baseCorrectParams, { channel: { name: 'toto', displayName: '' } }) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with a channel name that is the same than user username', async function () { + const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } } + const fields = immutableAssign(baseCorrectParams, source) + + await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields }) + }) + + it('Should fail with an existing channel', async function () { + const videoChannelAttributesArg = { name: 'existing_channel', displayName: 'hello', description: 'super description' } + await addVideoChannel(server.url, server.accessToken, videoChannelAttributesArg) + + const fields = immutableAssign(baseCorrectParams, { channel: { name: 'existing_channel', displayName: 'toto' } }) await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 409 }) }) it('Should succeed with the correct params', async function () { - const fields = { - username: 'user3', - email: 'test3@example.com', - password: 'my super password' - } + const fields = immutableAssign(baseCorrectParams, { channel: { name: 'super_channel', displayName: 'toto' } }) - await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields, statusCodeExpected: 204 }) + await makePostBodyRequest({ + url: server.url, + path: registrationPath, + token: server.accessToken, + fields: fields, + statusCodeExpected: 204 + }) }) it('Should fail on a server with registration disabled', async function () { @@ -571,26 +953,25 @@ describe('Test users API validators', function () { }) describe('When having a video quota', function () { - it('Should fail with a user having too many video', async function () { - const fields = { + it('Should fail with a user having too many videos', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, videoQuota: 42 - } - - await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields, statusCodeExpected: 204 }) + }) - const videoAttributes = {} - await uploadVideo(server.url, server.accessToken, videoAttributes, 403) + await uploadVideo(server.url, server.accessToken, {}, 403) }) - it('Should fail with a registered user having too many video', async function () { - this.timeout(10000) + it('Should fail with a registered user having too many videos', async function () { + this.timeout(30000) - server.user = { + const user = { username: 'user3', - email: 'test3@example.com', password: 'my super password' } - userAccessToken = await loginAndGetAccessToken(server) + userAccessToken = await userLogin(server, user) const videoAttributes = { fixture: 'video_short2.webm' } await uploadVideo(server.url, userAccessToken, videoAttributes) @@ -600,14 +981,118 @@ describe('Test users API validators', function () { await uploadVideo(server.url, userAccessToken, videoAttributes) await uploadVideo(server.url, userAccessToken, videoAttributes, 403) }) + + it('Should fail to import with HTTP/Torrent/magnet', async function () { + this.timeout(120000) + + const baseAttributes = { + channelId: 1, + privacy: VideoPrivacy.PUBLIC + } + await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() })) + await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() })) + await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' })) + + await waitJobs([ server ]) + + const res = await getMyVideoImports(server.url, server.accessToken) + + expect(res.body.total).to.equal(3) + const videoImports: VideoImport[] = res.body.data + expect(videoImports).to.have.lengthOf(3) + + for (const videoImport of videoImports) { + expect(videoImport.state.id).to.equal(VideoImportState.FAILED) + expect(videoImport.error).not.to.be.undefined + expect(videoImport.error).to.contain('user video quota is exceeded') + } + }) }) - after(async function () { - killallServers([ server, serverWithRegistrationDisabled ]) + describe('When having a daily video quota', function () { + it('Should fail with a user having too many videos', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, + videoQuotaDaily: 42 + }) - // Keep the logs if the test failed - if (this['ok']) { - await flushTests() - } + await uploadVideo(server.url, server.accessToken, {}, 403) + }) + }) + + describe('When having an absolute and daily video quota', function () { + it('Should fail if exceeding total quota', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, + videoQuota: 42, + videoQuotaDaily: 1024 * 1024 * 1024 + }) + + await uploadVideo(server.url, server.accessToken, {}, 403) + }) + + it('Should fail if exceeding daily quota', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, + videoQuota: 1024 * 1024 * 1024, + videoQuotaDaily: 42 + }) + + await uploadVideo(server.url, server.accessToken, {}, 403) + }) + }) + + describe('When asking a password reset', function () { + const path = '/api/v1/users/ask-reset-password' + + it('Should fail with a missing email', async function () { + const fields = {} + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with an invalid email', async function () { + const fields = { email: 'hello' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should success with the correct params', async function () { + const fields = { email: 'admin@example.com' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) + }) + }) + + describe('When asking for an account verification email', function () { + const path = '/api/v1/users/ask-send-verify-email' + + it('Should fail with a missing email', async function () { + const fields = {} + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with an invalid email', async function () { + const fields = { email: 'hello' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should succeed with the correct params', async function () { + const fields = { email: 'admin@example.com' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) + }) + }) + + after(async function () { + await cleanupTests([ server, serverWithRegistrationDisabled ]) }) })