X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fusers%2Fusers.ts;h=ed670b3c9270f03baa1e330d72e7638019485a63;hb=a54618880c394ad7571f3f3222dc96ec2dd10d9a;hp=502eac0bb42e4560ba6dbb0588b07ac10831e914;hpb=2ad9dcda240ee843c5e4a5b98cc94f7b2aab2c89;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts index 502eac0bb..ed670b3c9 100644 --- a/server/tests/api/users/users.ts +++ b/server/tests/api/users/users.ts @@ -1,44 +1,47 @@ /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ -import * as chai from 'chai' import 'mocha' -import { MyUser, User, UserRole, Video, VideoPlaylistType } from '../../../../shared/index' +import * as chai from 'chai' +import { HttpStatusCode } from '@shared/core-utils' import { + addVideoCommentThread, blockUser, cleanupTests, + closeAllSequelize, createUser, deleteMe, flushAndRunServer, - getAccountRatings, - getBlacklistedVideosList, getMyUserInformation, getMyUserVideoQuotaUsed, getMyUserVideoRating, + getMyVideos, getUserInformation, getUsersList, getUsersListPaginationAndSort, - getVideoChannel, getVideosList, - installPlugin, + killallServers, login, + logout, makePutBodyRequest, rateVideo, + refreshToken, registerUserWithChannel, removeUser, removeVideo, + reRunServer, ServerInfo, + setAccessTokensToServers, + setTokenField, testImage, unblockUser, updateMyAvatar, updateMyUser, updateUser, uploadVideo, - userLogin -} from '../../../../shared/extra-utils' -import { follow } from '../../../../shared/extra-utils/server/follows' -import { setAccessTokensToServers } from '../../../../shared/extra-utils/users/login' -import { getMyVideos } from '../../../../shared/extra-utils/videos/videos' -import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' + userLogin, + waitJobs +} from '@shared/extra-utils' +import { AbuseState, MyUser, OAuth2ErrorCode, User, UserAdminFlag, UserRole, Video, VideoPlaylistType } from '@shared/models' const expect = chai.expect @@ -55,11 +58,18 @@ describe('Test users', function () { before(async function () { this.timeout(30000) - server = await flushAndRunServer(1) + + server = await flushAndRunServer(1, { + rates_limit: { + login: { + max: 30 + } + } + }) await setAccessTokensToServers([ server ]) - await installPlugin({ url: server.url, accessToken: server.accessToken, npmName: 'peertube-theme-background-red' }) + await server.pluginsCommand.install({ npmName: 'peertube-theme-background-red' }) }) describe('OAuth client', function () { @@ -71,16 +81,22 @@ describe('Test users', function () { it('Should not login with an invalid client id', async function () { const client = { id: 'client', secret: server.client.secret } - const res = await login(server.url, client, server.user, 400) + const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT) expect(res.body.error).to.contain('client is invalid') + expect(res.body.type.startsWith('https://')).to.be.true + expect(res.body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT) }) it('Should not login with an invalid client secret', async function () { const client = { id: server.client.id, secret: 'coucou' } - const res = await login(server.url, client, server.user, 400) + const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT) expect(res.body.error).to.contain('client is invalid') + expect(res.body.type.startsWith('https://')).to.be.true + expect(res.body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT) }) }) @@ -88,47 +104,58 @@ describe('Test users', function () { it('Should not login with an invalid username', async function () { const user = { username: 'captain crochet', password: server.user.password } - const res = await login(server.url, server.client, user, 400) + const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT) expect(res.body.error).to.contain('credentials are invalid') + expect(res.body.type.startsWith('https://')).to.be.true + expect(res.body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT) }) it('Should not login with an invalid password', async function () { const user = { username: server.user.username, password: 'mew_three' } - const res = await login(server.url, server.client, user, 400) + const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT) expect(res.body.error).to.contain('credentials are invalid') + expect(res.body.type.startsWith('https://')).to.be.true + expect(res.body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT) }) it('Should not be able to upload a video', async function () { accessToken = 'my_super_token' const videoAttributes = {} - await uploadVideo(server.url, accessToken, videoAttributes, 401) + await uploadVideo(server.url, accessToken, videoAttributes, HttpStatusCode.UNAUTHORIZED_401) }) it('Should not be able to follow', async function () { accessToken = 'my_super_token' - await follow(server.url, [ 'http://example.com' ], accessToken, 401) + + await server.followsCommand.follow({ + targets: [ 'http://example.com' ], + token: accessToken, + expectedStatus: HttpStatusCode.UNAUTHORIZED_401 + }) }) it('Should not be able to unfollow') it('Should be able to login', async function () { - const res = await login(server.url, server.client, server.user, 200) + const res = await login(server.url, server.client, server.user, HttpStatusCode.OK_200) accessToken = res.body.access_token }) it('Should be able to login with an insensitive username', async function () { const user = { username: 'RoOt', password: server.user.password } - await login(server.url, server.client, user, 200) + await login(server.url, server.client, user, HttpStatusCode.OK_200) const user2 = { username: 'rOoT', password: server.user.password } - await login(server.url, server.client, user2, 200) + await login(server.url, server.client, user2, HttpStatusCode.OK_200) const user3 = { username: 'ROOt', password: server.user.password } - await login(server.url, server.client, user3, 200) + await login(server.url, server.client, user3, HttpStatusCode.OK_200) }) }) @@ -164,32 +191,29 @@ describe('Test users', function () { it('Should retrieve ratings list', async function () { await rateVideo(server.url, accessToken, videoId, 'like') - const res = await getAccountRatings(server.url, server.user.username, server.accessToken, null, 200) - const ratings = res.body + const body = await server.accountsCommand.listRatings({ accountName: server.user.username }) - expect(ratings.total).to.equal(1) - expect(ratings.data[0].video.id).to.equal(videoId) - expect(ratings.data[0].rating).to.equal('like') + expect(body.total).to.equal(1) + expect(body.data[0].video.id).to.equal(videoId) + expect(body.data[0].rating).to.equal('like') }) it('Should retrieve ratings list by rating type', async function () { { - const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'like') - const ratings = res.body - expect(ratings.data.length).to.equal(1) + const body = await server.accountsCommand.listRatings({ accountName: server.user.username, rating: 'like' }) + expect(body.data.length).to.equal(1) } { - const res = await getAccountRatings(server.url, server.user.username, server.accessToken, 'dislike') - const ratings = res.body - expect(ratings.data.length).to.equal(0) + const body = await server.accountsCommand.listRatings({ accountName: server.user.username, rating: 'dislike' }) + expect(body.data.length).to.equal(0) } }) }) describe('Remove video', function () { it('Should not be able to remove the video with an incorrect token', async function () { - await removeVideo(server.url, 'bad_token', videoId, 401) + await removeVideo(server.url, 'bad_token', videoId, HttpStatusCode.UNAUTHORIZED_401) }) it('Should not be able to remove the video with the token of another account') @@ -200,13 +224,17 @@ describe('Test users', function () { }) describe('Logout', function () { - it('Should logout (revoke token)') - - it('Should not be able to get the user information') + it('Should logout (revoke token)', async function () { + await logout(server.url, server.accessToken) + }) - it('Should not be able to upload a video') + it('Should not be able to get the user information', async function () { + await getMyUserInformation(server.url, server.accessToken, HttpStatusCode.UNAUTHORIZED_401) + }) - it('Should not be able to remove a video') + it('Should not be able to upload a video', async function () { + await uploadVideo(server.url, server.accessToken, { name: 'video' }, HttpStatusCode.UNAUTHORIZED_401) + }) it('Should not be able to rate a video', async function () { const path = '/api/v1/videos/' @@ -219,18 +247,54 @@ describe('Test users', function () { path: path + videoId, token: 'wrong token', fields: data, - statusCodeExpected: 401 + statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 } await makePutBodyRequest(options) }) - it('Should be able to login again') + it('Should be able to login again', async function () { + const res = await login(server.url, server.client, server.user) + server.accessToken = res.body.access_token + server.refreshToken = res.body.refresh_token + }) + + it('Should be able to get my user information again', async function () { + await getMyUserInformation(server.url, server.accessToken) + }) + + it('Should have an expired access token', async function () { + this.timeout(15000) + + await setTokenField(server.internalServerNumber, server.accessToken, 'accessTokenExpiresAt', new Date().toISOString()) + await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString()) + + killallServers([ server ]) + await reRunServer(server) + + await getMyUserInformation(server.url, server.accessToken, 401) + }) + + it('Should not be able to refresh an access token with an expired refresh token', async function () { + await refreshToken(server, server.refreshToken, 400) + }) + + it('Should refresh the token', async function () { + this.timeout(15000) - it('Should have an expired access token') + const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString() + await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', futureDate) - it('Should refresh the token') + killallServers([ server ]) + await reRunServer(server) + + const res = await refreshToken(server, server.refreshToken) + server.accessToken = res.body.access_token + server.refreshToken = res.body.refresh_token + }) - it('Should be able to upload a video again') + it('Should be able to get my user information again', async function () { + await getMyUserInformation(server.url, server.accessToken) + }) }) describe('Creating a user', function () { @@ -242,7 +306,7 @@ describe('Test users', function () { username: user.username, password: user.password, videoQuota: 2 * 1024 * 1024, - adminFlags: UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST + adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST }) }) @@ -254,7 +318,7 @@ describe('Test users', function () { const res1 = await getMyUserInformation(server.url, accessTokenUser) const userMe: MyUser = res1.body - const res2 = await getUserInformation(server.url, server.accessToken, userMe.id) + const res2 = await getUserInformation(server.url, server.accessToken, userMe.id, true) const userGet: User = res2.body for (const user of [ userMe, userGet ]) { @@ -269,17 +333,27 @@ describe('Test users', function () { } expect(userMe.adminFlags).to.be.undefined - expect(userGet.adminFlags).to.equal(UserAdminFlag.BY_PASS_VIDEO_AUTO_BLACKLIST) + expect(userGet.adminFlags).to.equal(UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST) expect(userMe.specialPlaylists).to.have.lengthOf(1) expect(userMe.specialPlaylists[0].type).to.equal(VideoPlaylistType.WATCH_LATER) + + // Check stats are included with withStats + expect(userGet.videosCount).to.be.a('number') + expect(userGet.videosCount).to.equal(0) + expect(userGet.videoCommentsCount).to.be.a('number') + expect(userGet.videoCommentsCount).to.equal(0) + expect(userGet.abusesCount).to.be.a('number') + expect(userGet.abusesCount).to.equal(0) + expect(userGet.abusesAcceptedCount).to.be.a('number') + expect(userGet.abusesAcceptedCount).to.equal(0) }) }) describe('My videos & quotas', function () { it('Should be able to upload a video with this user', async function () { - this.timeout(5000) + this.timeout(10000) const videoAttributes = { name: 'super user video', @@ -331,6 +405,35 @@ describe('Test users', function () { expect(videos).to.have.lengthOf(0) } }) + + it('Should disable webtorrent, enable HLS, and update my quota', async function () { + this.timeout(60000) + + { + const config = await server.configCommand.getCustomConfig() + config.transcoding.webtorrent.enabled = false + config.transcoding.hls.enabled = true + config.transcoding.enabled = true + await server.configCommand.updateCustomSubConfig({ newConfig: config }) + } + + { + const videoAttributes = { + name: 'super user video 2', + fixture: 'video_short.webm' + } + await uploadVideo(server.url, accessTokenUser, videoAttributes) + + await waitJobs([ server ]) + } + + { + const res = await getMyUserVideoQuotaUsed(server.url, accessTokenUser) + const data = res.body + + expect(data.videoQuotaUsed).to.be.greaterThan(220000) + } + }) }) describe('Users listing', function () { @@ -355,6 +458,9 @@ describe('Test users', function () { expect(rootUser.email).to.equal('admin' + server.internalServerNumber + '@example.com') expect(user.nsfwPolicy).to.equal('display') + expect(rootUser.lastLoginDate).to.exist + expect(user.lastLoginDate).to.exist + userId = user.id }) @@ -468,7 +574,7 @@ describe('Test users', function () { }) user.password = 'new password' - await userLogin(server, user, 200) + await userLogin(server, user, HttpStatusCode.OK_200) }) it('Should be able to change the NSFW display attribute', async function () { @@ -536,8 +642,8 @@ describe('Test users', function () { expect(user.account.description).to.be.null }) - it('Should be able to update my avatar', async function () { - const fixture = 'avatar.png' + it('Should be able to update my avatar with a gif', async function () { + const fixture = 'avatar.gif' await updateMyAvatar({ url: server.url, @@ -548,7 +654,24 @@ describe('Test users', function () { const res = await getMyUserInformation(server.url, accessTokenUser) const user = res.body - await testImage(server.url, 'avatar-resized', user.account.avatar.path, '.png') + await testImage(server.url, 'avatar-resized', user.account.avatar.path, '.gif') + }) + + it('Should be able to update my avatar with a gif, and then a png', async function () { + for (const extension of [ '.png', '.gif' ]) { + const fixture = 'avatar' + extension + + await updateMyAvatar({ + url: server.url, + accessToken: accessTokenUser, + fixture + }) + + const res = await getMyUserInformation(server.url, accessTokenUser) + const user = res.body + + await testImage(server.url, 'avatar-resized', user.account.avatar.path, extension) + } }) it('Should be able to update my display name', async function () { @@ -623,7 +746,6 @@ describe('Test users', function () { }) describe('Updating another user', function () { - it('Should be able to update another user', async function () { await updateUser({ url: server.url, @@ -633,11 +755,12 @@ describe('Test users', function () { emailVerified: true, videoQuota: 42, role: UserRole.MODERATOR, - adminFlags: UserAdminFlag.NONE + adminFlags: UserAdminFlag.NONE, + pluginAuth: 'toto' }) const res = await getUserInformation(server.url, accessToken, userId) - const user = res.body + const user = res.body as User expect(user.username).to.equal('user_1') expect(user.email).to.equal('updated2@example.com') @@ -647,10 +770,19 @@ describe('Test users', function () { expect(user.roleLabel).to.equal('Moderator') expect(user.id).to.be.a('number') expect(user.adminFlags).to.equal(UserAdminFlag.NONE) + expect(user.pluginAuth).to.equal('toto') + }) + + it('Should reset the auth plugin', async function () { + await updateUser({ url: server.url, userId, accessToken, pluginAuth: null }) + + const res = await getUserInformation(server.url, accessToken, userId) + const user = res.body as User + expect(user.pluginAuth).to.be.null }) it('Should have removed the user token', async function () { - await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401) + await getMyUserVideoQuotaUsed(server.url, accessTokenUser, HttpStatusCode.UNAUTHORIZED_401) accessTokenUser = await userLogin(server, user) }) @@ -663,9 +795,9 @@ describe('Test users', function () { password: 'password updated' }) - await getMyUserVideoQuotaUsed(server.url, accessTokenUser, 401) + await getMyUserVideoQuotaUsed(server.url, accessTokenUser, HttpStatusCode.UNAUTHORIZED_401) - await userLogin(server, user, 400) + await userLogin(server, user, HttpStatusCode.BAD_REQUEST_400) user.password = 'password updated' accessTokenUser = await userLogin(server, user) @@ -674,7 +806,7 @@ describe('Test users', function () { describe('Video blacklists', function () { it('Should be able to list video blacklist by a moderator', async function () { - await getBlacklistedVideosList({ url: server.url, token: accessTokenUser }) + await server.blacklistCommand.list({ token: accessTokenUser }) }) }) @@ -684,7 +816,7 @@ describe('Test users', function () { }) it('Should not be able to login with this user', async function () { - await userLogin(server, user, 400) + await userLogin(server, user, HttpStatusCode.BAD_REQUEST_400) }) it('Should not have videos of this user', async function () { @@ -698,6 +830,8 @@ describe('Test users', function () { }) describe('Registering a new user', function () { + let user15AccessToken + it('Should register a new user', async function () { const user = { displayName: 'super user 15', username: 'user_15', password: 'my super password' } const channel = { name: 'my_user_15_channel', displayName: 'my channel rocks' } @@ -711,27 +845,27 @@ describe('Test users', function () { password: 'my super password' } - accessToken = await userLogin(server, user15) + user15AccessToken = await userLogin(server, user15) }) it('Should have the correct display name', async function () { - const res = await getMyUserInformation(server.url, accessToken) + const res = await getMyUserInformation(server.url, user15AccessToken) const user: User = res.body expect(user.account.displayName).to.equal('super user 15') }) it('Should have the correct video quota', async function () { - const res = await getMyUserInformation(server.url, accessToken) + const res = await getMyUserInformation(server.url, user15AccessToken) const user = res.body expect(user.videoQuota).to.equal(5 * 1024 * 1024) }) it('Should have created the channel', async function () { - const res = await getVideoChannel(server.url, 'my_user_15_channel') + const { displayName } = await server.channelsCommand.get({ channelName: 'my_user_15_channel' }) - expect(res.body.displayName).to.equal('my channel rocks') + expect(displayName).to.equal('my channel rocks') }) it('Should remove me', async function () { @@ -740,7 +874,7 @@ describe('Test users', function () { expect(res.body.data.find(u => u.username === 'user_15')).to.not.be.undefined } - await deleteMe(server.url, accessToken) + await deleteMe(server.url, user15AccessToken) { const res = await getUsersList(server.url, server.accessToken) @@ -750,34 +884,137 @@ describe('Test users', function () { }) describe('User blocking', function () { - it('Should block and unblock a user', async function () { - const user16 = { - username: 'user_16', - password: 'my super password' - } + let user16Id + let user16AccessToken + const user16 = { + username: 'user_16', + password: 'my super password' + } + + it('Should block a user', async function () { const resUser = await createUser({ url: server.url, accessToken: server.accessToken, username: user16.username, password: user16.password }) - const user16Id = resUser.body.user.id + user16Id = resUser.body.user.id - accessToken = await userLogin(server, user16) + user16AccessToken = await userLogin(server, user16) - await getMyUserInformation(server.url, accessToken, 200) + await getMyUserInformation(server.url, user16AccessToken, HttpStatusCode.OK_200) await blockUser(server.url, user16Id, server.accessToken) - await getMyUserInformation(server.url, accessToken, 401) - await userLogin(server, user16, 400) + await getMyUserInformation(server.url, user16AccessToken, HttpStatusCode.UNAUTHORIZED_401) + await userLogin(server, user16, HttpStatusCode.BAD_REQUEST_400) + }) + + it('Should search user by banned status', async function () { + { + const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', undefined, true) + const users = res.body.data as User[] + + expect(res.body.total).to.equal(1) + expect(users.length).to.equal(1) + + expect(users[0].username).to.equal(user16.username) + } + + { + const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', undefined, false) + const users = res.body.data as User[] + + expect(res.body.total).to.equal(1) + expect(users.length).to.equal(1) + + expect(users[0].username).to.not.equal(user16.username) + } + }) + it('Should unblock a user', async function () { await unblockUser(server.url, user16Id, server.accessToken) - accessToken = await userLogin(server, user16) - await getMyUserInformation(server.url, accessToken, 200) + user16AccessToken = await userLogin(server, user16) + await getMyUserInformation(server.url, user16AccessToken, HttpStatusCode.OK_200) + }) + }) + + describe('User stats', function () { + let user17Id + let user17AccessToken + + it('Should report correct initial statistics about a user', async function () { + const user17 = { + username: 'user_17', + password: 'my super password' + } + const resUser = await createUser({ + url: server.url, + accessToken: server.accessToken, + username: user17.username, + password: user17.password + }) + + user17Id = resUser.body.user.id + user17AccessToken = await userLogin(server, user17) + + const res = await getUserInformation(server.url, server.accessToken, user17Id, true) + const user: User = res.body + + expect(user.videosCount).to.equal(0) + expect(user.videoCommentsCount).to.equal(0) + expect(user.abusesCount).to.equal(0) + expect(user.abusesCreatedCount).to.equal(0) + expect(user.abusesAcceptedCount).to.equal(0) + }) + + it('Should report correct videos count', async function () { + const videoAttributes = { + name: 'video to test user stats' + } + await uploadVideo(server.url, user17AccessToken, videoAttributes) + const res1 = await getVideosList(server.url) + videoId = res1.body.data.find(video => video.name === videoAttributes.name).id + + const res2 = await getUserInformation(server.url, server.accessToken, user17Id, true) + const user: User = res2.body + + expect(user.videosCount).to.equal(1) + }) + + it('Should report correct video comments for user', async function () { + const text = 'super comment' + await addVideoCommentThread(server.url, user17AccessToken, videoId, text) + + const res = await getUserInformation(server.url, server.accessToken, user17Id, true) + const user: User = res.body + + expect(user.videoCommentsCount).to.equal(1) + }) + + it('Should report correct abuses counts', async function () { + const reason = 'my super bad reason' + await server.abusesCommand.report({ token: user17AccessToken, videoId, reason }) + + const body1 = await server.abusesCommand.getAdminList() + const abuseId = body1.data[0].id + + const res2 = await getUserInformation(server.url, server.accessToken, user17Id, true) + const user2: User = res2.body + + expect(user2.abusesCount).to.equal(1) // number of incriminations + expect(user2.abusesCreatedCount).to.equal(1) // number of reports created + + await server.abusesCommand.update({ abuseId, body: { state: AbuseState.ACCEPTED } }) + + const res3 = await getUserInformation(server.url, server.accessToken, user17Id, true) + const user3: User = res3.body + + expect(user3.abusesAcceptedCount).to.equal(1) // number of reports created accepted }) }) after(async function () { + await closeAllSequelize([ server ]) await cleanupTests([ server ]) }) })