X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fusers.ts;h=ec46609a4c2f5f0ff0e84373cb8a6dc4463625b3;hb=d23e6a1c97a6ae3ca8d340a8c9adad268a5be57e;hp=d9dea0713e8fd42f21fc9458f7dcc8af9df93f5c;hpb=ac81d1a06d57b9ae86663831e7f5edcef57b0fa4;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index d9dea0713..ec46609a4 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -3,14 +3,18 @@ import { omit } from 'lodash' import 'mocha' import { join } from 'path' -import { UserRole } from '../../../../shared' +import { UserRole, VideoImport, VideoImportState } from '../../../../shared' import { createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest, makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers, - updateUser, uploadVideo, userLogin + updateUser, uploadVideo, userLogin, deleteMe, unblockUser, blockUser } from '../../utils' import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params' +import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../utils/videos/video-imports' +import { VideoPrivacy } from '../../../../shared/models/videos' +import { waitJobs } from '../../utils/server/jobs' +import { expect } from 'chai' describe('Test users API validators', function () { const path = '/api/v1/users/' @@ -20,6 +24,7 @@ describe('Test users API validators', function () { let server: ServerInfo let serverWithRegistrationDisabled: ServerInfo let userAccessToken = '' + let channelId: number const user = { username: 'user1', password: 'my super password' @@ -41,8 +46,15 @@ describe('Test users API validators', function () { await createUser(server.url, server.accessToken, user.username, user.password, videoQuota) userAccessToken = await userLogin(server, user) - const res = await uploadVideo(server.url, server.accessToken, {}) - videoId = res.body.video.id + { + const res = await getMyUserInformation(server.url, server.accessToken) + channelId = res.body.videoChannels[ 0 ].id + } + + { + const res = await uploadVideo(server.url, server.accessToken, {}) + videoId = res.body.video.id + } }) describe('When listing users', function () { @@ -82,6 +94,7 @@ describe('Test users API validators', function () { email: 'test@example.com', password: 'my super password', videoQuota: -1, + videoQuotaDaily: -1, role: UserRole.USER } @@ -161,12 +174,24 @@ describe('Test users API validators', function () { await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail without a videoQuotaDaily', async function () { + const fields = omit(baseCorrectParams, 'videoQuotaDaily') + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + it('Should fail with an invalid videoQuota', async function () { const fields = immutableAssign(baseCorrectParams, { videoQuota: -5 }) await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail with an invalid videoQuotaDaily', async function () { + const fields = immutableAssign(baseCorrectParams, { videoQuotaDaily: -7 }) + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + it('Should fail without a user role', async function () { const fields = omit(baseCorrectParams, 'role') @@ -179,6 +204,18 @@ describe('Test users API validators', function () { await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) + it('Should fail with a "peertube" username', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) + + await makePostBodyRequest({ + url: server.url, + path, + token: server.accessToken, + fields, + statusCodeExpected: 409 + }) + }) + it('Should succeed with the correct params', async function () { await makePostBodyRequest({ url: server.url, @@ -217,6 +254,7 @@ describe('Test users API validators', function () { it('Should fail with a too small password', async function () { const fields = { + currentPassword: 'my super password', password: 'bla' } @@ -225,15 +263,34 @@ describe('Test users API validators', function () { it('Should fail with a too long password', async function () { const fields = { + currentPassword: 'my super password', password: 'super'.repeat(61) } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) - it('Should fail with an invalid display NSFW attribute', async function () { + it('Should fail without the current password', async function () { const fields = { - displayNSFW: -1 + currentPassword: 'my super password', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid current password', async function () { + const fields = { + currentPassword: 'my super password fail', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 401 }) + }) + + it('Should fail with an invalid NSFW policy attribute', async function () { + const fields = { + nsfwPolicy: 'hello' } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) @@ -249,16 +306,36 @@ describe('Test users API validators', function () { it('Should fail with an non authenticated user', async function () { const fields = { + currentPassword: 'my super password', password: 'my super password' } await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 }) }) - it('Should succeed with the correct params', async function () { + it('Should fail with a too long description', async function () { + const fields = { + description: 'super'.repeat(201) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should succeed to change password with the correct params', async function () { const fields = { + currentPassword: 'my super password', password: 'my super password', - displayNSFW: true, + nsfwPolicy: 'blur', + autoPlayVideo: false, + email: 'super_email@example.com' + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) + }) + + it('Should succeed without password change with the correct params', async function () { + const fields = { + nsfwPolicy: 'blur', autoPlayVideo: false, email: 'super_email@example.com' } @@ -271,7 +348,7 @@ describe('Test users API validators', function () { it('Should fail without an incorrect input file', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', 'fixtures', 'video_short.mp4') + 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'video_short.mp4') } await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) }) @@ -279,15 +356,29 @@ describe('Test users API validators', function () { it('Should fail with a big file', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', 'fixtures', 'avatar-big.png') + 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar-big.png') } await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) }) + it('Should fail with an unauthenticated user', async function () { + const fields = {} + const attaches = { + 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png') + } + await makeUploadRequest({ + url: server.url, + path: path + '/me/avatar/pick', + fields, + attaches, + statusCodeExpected: 401 + }) + }) + it('Should succeed with the correct params', async function () { const fields = {} const attaches = { - 'avatarfile': join(__dirname, '..', 'fixtures', 'avatar.png') + 'avatarfile': join(__dirname, '..', '..', 'fixtures', 'avatar.png') } await makeUploadRequest({ url: server.url, @@ -300,6 +391,26 @@ describe('Test users API validators', function () { }) }) + describe('When getting a user', function () { + before(async function () { + const res = await getUsersList(server.url, server.accessToken) + + userId = res.body.data[1].id + }) + + it('Should fail with an non authenticated user', async function () { + await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) + }) + + it('Should fail with a non admin user', async function () { + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 }) + }) + + it('Should succeed with the correct params', async function () { + await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 }) + }) + }) + describe('When updating a user', function () { before(async function () { @@ -389,17 +500,35 @@ describe('Test users API validators', function () { }) }) - describe('When removing an user', function () { + describe('When blocking/unblocking/removing user', function () { it('Should fail with an incorrect id', async function () { await removeUser(server.url, 'blabla', server.accessToken, 400) + await blockUser(server.url, 'blabla', server.accessToken, 400) + await unblockUser(server.url, 'blabla', server.accessToken, 400) }) it('Should fail with the root user', async function () { await removeUser(server.url, rootId, server.accessToken, 400) + await blockUser(server.url, rootId, server.accessToken, 400) + await unblockUser(server.url, rootId, server.accessToken, 400) }) it('Should return 404 with a non existing id', async function () { await removeUser(server.url, 4545454, server.accessToken, 404) + await blockUser(server.url, 4545454, server.accessToken, 404) + await unblockUser(server.url, 4545454, server.accessToken, 404) + }) + + it('Should fail with a non admin user', async function () { + await removeUser(server.url, userId, userAccessToken, 403) + await blockUser(server.url, userId, userAccessToken, 403) + await unblockUser(server.url, userId, userAccessToken, 403) + }) + }) + + describe('When deleting our account', function () { + it('Should fail with with the root account', async function () { + await deleteMe(server.url, server.accessToken, 400) }) }) @@ -465,6 +594,18 @@ describe('Test users API validators', function () { }) }) + it('Should fail with a "peertube" username', async function () { + const fields = immutableAssign(baseCorrectParams, { username: 'peertube' }) + + await makePostBodyRequest({ + url: server.url, + path: registrationPath, + token: server.accessToken, + fields, + statusCodeExpected: 409 + }) + }) + it('Should fail if we register a user with the same email', async function () { const fields = immutableAssign(baseCorrectParams, { email: 'admin1@example.com' }) @@ -511,7 +652,7 @@ describe('Test users API validators', function () { }) describe('When having a video quota', function () { - it('Should fail with a user having too many video', async function () { + it('Should fail with a user having too many videos', async function () { await updateUser({ url: server.url, userId: rootId, @@ -522,8 +663,8 @@ describe('Test users API validators', function () { await uploadVideo(server.url, server.accessToken, {}, 403) }) - it('Should fail with a registered user having too many video', async function () { - this.timeout(15000) + it('Should fail with a registered user having too many videos', async function () { + this.timeout(30000) const user = { username: 'user3', @@ -539,6 +680,71 @@ describe('Test users API validators', function () { await uploadVideo(server.url, userAccessToken, videoAttributes) await uploadVideo(server.url, userAccessToken, videoAttributes, 403) }) + + it('Should fail to import with HTTP/Torrent/magnet', async function () { + this.timeout(120000) + + const baseAttributes = { + channelId: 1, + privacy: VideoPrivacy.PUBLIC + } + await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() })) + await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() })) + await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' })) + + await waitJobs([ server ]) + + const res = await getMyVideoImports(server.url, server.accessToken) + + expect(res.body.total).to.equal(3) + const videoImports: VideoImport[] = res.body.data + expect(videoImports).to.have.lengthOf(3) + + for (const videoImport of videoImports) { + expect(videoImport.state.id).to.equal(VideoImportState.FAILED) + expect(videoImport.error).not.to.be.undefined + expect(videoImport.error).to.contain('user video quota is exceeded') + } + }) + }) + + describe('When having a daily video quota', function () { + it('Should fail with a user having too many videos', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, + videoQuotaDaily: 42 + }) + + await uploadVideo(server.url, server.accessToken, {}, 403) + }) + }) + + describe('When having an absolute and daily video quota', function () { + it('Should fail if exceeding total quota', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, + videoQuota: 42, + videoQuotaDaily: 1024 * 1024 * 1024 + }) + + await uploadVideo(server.url, server.accessToken, {}, 403) + }) + + it('Should fail if exceeding daily quota', async function () { + await updateUser({ + url: server.url, + userId: rootId, + accessToken: server.accessToken, + videoQuota: 1024 * 1024 * 1024, + videoQuotaDaily: 42 + }) + + await uploadVideo(server.url, server.accessToken, {}, 403) + }) }) describe('When asking a password reset', function () { @@ -563,6 +769,28 @@ describe('Test users API validators', function () { }) }) + describe('When asking for an account verification email', function () { + const path = '/api/v1/users/ask-send-verify-email' + + it('Should fail with a missing email', async function () { + const fields = {} + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with an invalid email', async function () { + const fields = { email: 'hello' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should succeed with the correct params', async function () { + const fields = { email: 'admin@example.com' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) + }) + }) + after(async function () { killallServers([ server, serverWithRegistrationDisabled ])