X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fusers%2Fusers.ts;h=92927ea97f6e167c1f5546374d2d0cf25850778b;hb=c3d29f694bf8c910f917be655626d0f80871124f;hp=cad954fcbdb7086e4ad372190f49624865756523;hpb=3487330d308166afb542cbacae0475693c0b059e;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts index cad954fcb..92927ea97 100644 --- a/server/tests/api/users/users.ts +++ b/server/tests/api/users/users.ts @@ -1,12 +1,13 @@ /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ -import * as chai from 'chai' import 'mocha' -import { MyUser, User, UserRole, Video, VideoAbuseState, VideoAbuseUpdate, VideoPlaylistType } from '../../../../shared/index' +import * as chai from 'chai' +import { HttpStatusCode } from '@shared/core-utils' import { addVideoCommentThread, blockUser, cleanupTests, + closeAllSequelize, createUser, deleteMe, flushAndRunServer, @@ -16,37 +17,37 @@ import { getMyUserInformation, getMyUserVideoQuotaUsed, getMyUserVideoRating, + getMyVideos, getUserInformation, getUsersList, getUsersListPaginationAndSort, - getVideoAbusesList, getVideoChannel, getVideosList, installPlugin, + killallServers, login, + logout, makePutBodyRequest, rateVideo, + refreshToken, registerUserWithChannel, removeUser, removeVideo, - reportVideoAbuse, + reRunServer, ServerInfo, + setAccessTokensToServers, + setTokenField, testImage, unblockUser, updateCustomSubConfig, updateMyAvatar, updateMyUser, updateUser, - updateVideoAbuse, uploadVideo, userLogin, waitJobs -} from '../../../../shared/extra-utils' -import { follow } from '../../../../shared/extra-utils/server/follows' -import { logout, serverLogin, setAccessTokensToServers } from '../../../../shared/extra-utils/users/login' -import { getMyVideos } from '../../../../shared/extra-utils/videos/videos' -import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' -import { CustomConfig } from '@shared/models/server' +} from '@shared/extra-utils' +import { AbuseState, CustomConfig, MyUser, OAuth2ErrorCode, User, UserAdminFlag, UserRole, Video, VideoPlaylistType } from '@shared/models' const expect = chai.expect @@ -86,16 +87,22 @@ describe('Test users', function () { it('Should not login with an invalid client id', async function () { const client = { id: 'client', secret: server.client.secret } - const res = await login(server.url, client, server.user, 400) + const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT) expect(res.body.error).to.contain('client is invalid') + expect(res.body.type.startsWith('https://')).to.be.true + expect(res.body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT) }) it('Should not login with an invalid client secret', async function () { const client = { id: server.client.id, secret: 'coucou' } - const res = await login(server.url, client, server.user, 400) + const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT) expect(res.body.error).to.contain('client is invalid') + expect(res.body.type.startsWith('https://')).to.be.true + expect(res.body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT) }) }) @@ -103,47 +110,58 @@ describe('Test users', function () { it('Should not login with an invalid username', async function () { const user = { username: 'captain crochet', password: server.user.password } - const res = await login(server.url, server.client, user, 400) + const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT) expect(res.body.error).to.contain('credentials are invalid') + expect(res.body.type.startsWith('https://')).to.be.true + expect(res.body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT) }) it('Should not login with an invalid password', async function () { const user = { username: server.user.username, password: 'mew_three' } - const res = await login(server.url, server.client, user, 400) + const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT) expect(res.body.error).to.contain('credentials are invalid') + expect(res.body.type.startsWith('https://')).to.be.true + expect(res.body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT) }) it('Should not be able to upload a video', async function () { accessToken = 'my_super_token' const videoAttributes = {} - await uploadVideo(server.url, accessToken, videoAttributes, 401) + await uploadVideo(server.url, accessToken, videoAttributes, HttpStatusCode.UNAUTHORIZED_401) }) it('Should not be able to follow', async function () { accessToken = 'my_super_token' - await follow(server.url, [ 'http://example.com' ], accessToken, 401) + + await server.followsCommand.follow({ + targets: [ 'http://example.com' ], + token: accessToken, + expectedStatus: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should not be able to unfollow') it('Should be able to login', async function () { - const res = await login(server.url, server.client, server.user, 200) + const res = await login(server.url, server.client, server.user, HttpStatusCode.OK_200) accessToken = res.body.access_token }) it('Should be able to login with an insensitive username', async function () { const user = { username: 'RoOt', password: server.user.password } - await login(server.url, server.client, user, 200) + await login(server.url, server.client, user, HttpStatusCode.OK_200) const user2 = { username: 'rOoT', password: server.user.password } - await login(server.url, server.client, user2, 200) + await login(server.url, server.client, user2, HttpStatusCode.OK_200) const user3 = { username: 'ROOt', password: server.user.password } - await login(server.url, server.client, user3, 200) + await login(server.url, server.client, user3, HttpStatusCode.OK_200) }) }) @@ -179,7 +197,7 @@ describe('Test users', function () { it('Should retrieve ratings list', async function () { await rateVideo(server.url, accessToken, videoId, 'like') - const res = await getAccountRatings(server.url, server.user.username, server.accessToken, null, 200) + const res = await getAccountRatings(server.url, server.user.username, server.accessToken, null, HttpStatusCode.OK_200) const ratings = res.body expect(ratings.total).to.equal(1) @@ -204,7 +222,7 @@ describe('Test users', function () { describe('Remove video', function () { it('Should not be able to remove the video with an incorrect token', async function () { - await removeVideo(server.url, 'bad_token', videoId, 401) + await removeVideo(server.url, 'bad_token', videoId, HttpStatusCode.UNAUTHORIZED_401) }) it('Should not be able to remove the video with the token of another account') @@ -220,11 +238,11 @@ describe('Test users', function () { }) it('Should not be able to get the user information', async function () { - await getMyUserInformation(server.url, server.accessToken, 401) + await getMyUserInformation(server.url, server.accessToken, HttpStatusCode.UNAUTHORIZED_401) }) it('Should not be able to upload a video', async function () { - await uploadVideo(server.url, server.accessToken, { name: 'video' }, 401) + await uploadVideo(server.url, server.accessToken, { name: 'video' }, HttpStatusCode.UNAUTHORIZED_401) }) it('Should not be able to rate a video', async function () { @@ -238,18 +256,50 @@ describe('Test users', function () { path: path + videoId, token: 'wrong token', fields: data, - statusCodeExpected: 401 + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 } await makePutBodyRequest(options) }) it('Should be able to login again', async function () { - server.accessToken = await serverLogin(server) + const res = await login(server.url, server.client, server.user) + server.accessToken = res.body.access_token + server.refreshToken = res.body.refresh_token + }) + + it('Should be able to get my user information again', async function () { + await getMyUserInformation(server.url, server.accessToken) + }) + + it('Should have an expired access token', async function () { + this.timeout(15000) + + await setTokenField(server.internalServerNumber, server.accessToken, 'accessTokenExpiresAt', new Date().toISOString()) + await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString()) + + killallServers([ server ]) + await reRunServer(server) + + await getMyUserInformation(server.url, server.accessToken, 401) + }) + + it('Should not be able to refresh an access token with an expired refresh token', async function () { + await refreshToken(server, server.refreshToken, 400) }) - it('Should have an expired access token') + it('Should refresh the token', async function () { + this.timeout(15000) + + const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString() + await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', futureDate) - it('Should refresh the token') + killallServers([ server ]) + await reRunServer(server) + + const res = await refreshToken(server, server.refreshToken) + server.accessToken = res.body.access_token + server.refreshToken = res.body.refresh_token + }) it('Should be able to get my user information again', async function () { await getMyUserInformation(server.url, server.accessToken) @@ -302,10 +352,10 @@ describe('Test users', function () { expect(userGet.videosCount).to.equal(0) expect(userGet.videoCommentsCount).to.be.a('number') expect(userGet.videoCommentsCount).to.equal(0) - expect(userGet.videoAbusesCount).to.be.a('number') - expect(userGet.videoAbusesCount).to.equal(0) - expect(userGet.videoAbusesAcceptedCount).to.be.a('number') - expect(userGet.videoAbusesAcceptedCount).to.equal(0) + expect(userGet.abusesCount).to.be.a('number') + expect(userGet.abusesCount).to.equal(0) + expect(userGet.abusesAcceptedCount).to.be.a('number') + expect(userGet.abusesAcceptedCount).to.equal(0) }) }) @@ -534,7 +584,7 @@ describe('Test users', function () { }) user.password = 'new password' - await userLogin(server, user, 200) + await userLogin(server, user, HttpStatusCode.OK_200) }) it('Should be able to change the NSFW display attribute', async function () { @@ -602,8 +652,8 @@ describe('Test users', function () { expect(user.account.description).to.be.null }) - it('Should be able to update my avatar', async function () { - const fixture = 'avatar.png' + it('Should be able to update my avatar with a gif', async function () { + const fixture = 'avatar.gif' await updateMyAvatar({ url: server.url, @@ -614,7 +664,24 @@ describe('Test users', function () { const res = await getMyUserInformation(server.url, accessTokenUser) const user = res.body - await testImage(server.url, 'avatar-resized', user.account.avatar.path, '.png') + await testImage(server.url, 'avatar-resized', user.account.avatar.path, '.gif') + }) + + it('Should be able to update my avatar with a gif, and then a png', async function () { + for (const extension of [ '.png', '.gif' ]) { + const fixture = 'avatar' + extension + + await updateMyAvatar({ + url: server.url, + accessToken: accessTokenUser, + fixture + }) + + const res = await getMyUserInformation(server.url, accessTokenUser) + const user = res.body + + await testImage(server.url, 'avatar-resized', user.account.avatar.path, extension) + } }) it('Should be able to update my display name', async function () { @@ -698,11 +765,12 @@ describe('Test users', function () { emailVerified: true, videoQuota: 42, role: UserRole.MODERATOR, - adminFlags: UserAdminFlag.NONE + adminFlags: UserAdminFlag.NONE, + pluginAuth: 'toto' }) const res = await getUserInformation(server.url, accessToken, userId) - const user = res.body + const user = res.body as User expect(user.username).to.equal('user_1') expect(user.email).to.equal('updated2@example.com') @@ -712,10 +780,19 @@ describe('Test users', function () { expect(user.roleLabel).to.equal('Moderator') expect(user.id).to.be.a('number') expect(user.adminFlags).to.equal(UserAdminFlag.NONE) + expect(user.pluginAuth).to.equal('toto') + }) + + it('Should reset the auth plugin', async function () { + await updateUser({ url: server.url, userId, accessToken, pluginAuth: null }) + + const res = await getUserInformation(server.url, accessToken, userId) + const user = res.body as User + expect(user.pluginAuth).to.be.null }) it('Should have removed the user token', async function () { - await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401) + await getMyUserVideoQuotaUsed(server.url, accessTokenUser, HttpStatusCode.UNAUTHORIZED_401) accessTokenUser = await userLogin(server, user) }) @@ -728,9 +805,9 @@ describe('Test users', function () { password: 'password updated' }) - await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401) + await getMyUserVideoQuotaUsed(server.url, accessTokenUser, HttpStatusCode.UNAUTHORIZED_401) - await userLogin(server, user, 400) + await userLogin(server, user, HttpStatusCode.BAD_REQUEST_400) user.password = 'password updated' accessTokenUser = await userLogin(server, user) @@ -749,7 +826,7 @@ describe('Test users', function () { }) it('Should not be able to login with this user', async function () { - await userLogin(server, user, 400) + await userLogin(server, user, HttpStatusCode.BAD_REQUEST_400) }) it('Should not have videos of this user', async function () { @@ -819,12 +896,12 @@ describe('Test users', function () { describe('User blocking', function () { let user16Id let user16AccessToken + const user16 = { + username: 'user_16', + password: 'my super password' + } - it('Should block and unblock a user', async function () { - const user16 = { - username: 'user_16', - password: 'my super password' - } + it('Should block a user', async function () { const resUser = await createUser({ url: server.url, accessToken: server.accessToken, @@ -835,15 +912,39 @@ describe('Test users', function () { user16AccessToken = await userLogin(server, user16) - await getMyUserInformation(server.url, user16AccessToken, 200) + await getMyUserInformation(server.url, user16AccessToken, HttpStatusCode.OK_200) await blockUser(server.url, user16Id, server.accessToken) - await getMyUserInformation(server.url, user16AccessToken, 401) - await userLogin(server, user16, 400) + await getMyUserInformation(server.url, user16AccessToken, HttpStatusCode.UNAUTHORIZED_401) + await userLogin(server, user16, HttpStatusCode.BAD_REQUEST_400) + }) + + it('Should search user by banned status', async function () { + { + const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', undefined, true) + const users = res.body.data as User[] + + expect(res.body.total).to.equal(1) + expect(users.length).to.equal(1) + + expect(users[0].username).to.equal(user16.username) + } + + { + const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', undefined, false) + const users = res.body.data as User[] + + expect(res.body.total).to.equal(1) + expect(users.length).to.equal(1) + + expect(users[0].username).to.not.equal(user16.username) + } + }) + it('Should unblock a user', async function () { await unblockUser(server.url, user16Id, server.accessToken) user16AccessToken = await userLogin(server, user16) - await getMyUserInformation(server.url, user16AccessToken, 200) + await getMyUserInformation(server.url, user16AccessToken, HttpStatusCode.OK_200) }) }) @@ -871,9 +972,9 @@ describe('Test users', function () { expect(user.videosCount).to.equal(0) expect(user.videoCommentsCount).to.equal(0) - expect(user.videoAbusesCount).to.equal(0) - expect(user.videoAbusesCreatedCount).to.equal(0) - expect(user.videoAbusesAcceptedCount).to.equal(0) + expect(user.abusesCount).to.equal(0) + expect(user.abusesCreatedCount).to.equal(0) + expect(user.abusesAcceptedCount).to.equal(0) }) it('Should report correct videos count', async function () { @@ -900,30 +1001,30 @@ describe('Test users', function () { expect(user.videoCommentsCount).to.equal(1) }) - it('Should report correct video abuses counts', async function () { + it('Should report correct abuses counts', async function () { const reason = 'my super bad reason' - await reportVideoAbuse(server.url, user17AccessToken, videoId, reason) + await server.abusesCommand.report({ token: user17AccessToken, videoId, reason }) - const res1 = await getVideoAbusesList({ url: server.url, token: server.accessToken }) - const abuseId = res1.body.data[0].id + const body1 = await server.abusesCommand.getAdminList() + const abuseId = body1.data[0].id const res2 = await getUserInformation(server.url, server.accessToken, user17Id, true) const user2: User = res2.body - expect(user2.videoAbusesCount).to.equal(1) // number of incriminations - expect(user2.videoAbusesCreatedCount).to.equal(1) // number of reports created + expect(user2.abusesCount).to.equal(1) // number of incriminations + expect(user2.abusesCreatedCount).to.equal(1) // number of reports created - const body: VideoAbuseUpdate = { state: VideoAbuseState.ACCEPTED } - await updateVideoAbuse(server.url, server.accessToken, videoId, abuseId, body) + await server.abusesCommand.update({ abuseId, body: { state: AbuseState.ACCEPTED } }) const res3 = await getUserInformation(server.url, server.accessToken, user17Id, true) const user3: User = res3.body - expect(user3.videoAbusesAcceptedCount).to.equal(1) // number of reports created accepted + expect(user3.abusesAcceptedCount).to.equal(1) // number of reports created accepted }) }) after(async function () { + await closeAllSequelize([ server ]) await cleanupTests([ server ]) }) })