aboutsummaryrefslogblamecommitdiffhomepage
path: root/server/tests/api/check-params/users.ts
blob: 84254945c339e068e2f4d8244daa1d735d556215 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
                                                                                              
 
              
                             
                                                     
                                                         
                                                                                                                                         


                                                   

                                                    



                                                                    
                       
 



                                                      
 

                                           
 
                                              
 
                                                                 

    
                                                       
                                               

                               
                                


                                   

                                                                   
                                                           




                                                                                                               
                                                                           




                                                                                                               
                                                                      




                                                                                                               
                                                     




                                                                                                               
                                                                        




                                                                                                               
                                                              




                                                                                                               
                                                                           




                                                                                                               
                                                               
 




                                  
                                                   
        

      
                                                                    
                                                                   





                                  
                                                   


        
                                                                                   
                                                                                                            
 




                                  
                                                   
        

      
                                                                 
                                                                           



                                                                                                               
                                                                 
                                                                                              




                                                                                                               
                                                                                         



                                                                                                               
                                                                                          
                                                                                                             
                                                        



                                                                                                               
                                                                  
                                                                                                             
                                                  
 
                                                                                                         
 




                                  
                                                   
        

      
                                                                    
                                                                                                      
 



                                  
                       
                                                     
        













                                                                                
                                                    




                                                                                        
 
                                                                    
                                                                                                       
      
 

    

















                                                                                             




                                  
                                                     
        


      

















                                                                                             




                                  
                                                     
        


      
                           

                                  
                                                                  

    
/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import { omit } from 'lodash'
import { MockSmtpServer } from '@server/tests/shared'
import { HttpStatusCode, UserRole } from '@shared/models'
import { cleanupTests, createSingleServer, makePostBodyRequest, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'

describe('Test users API validators', function () {
  const path = '/api/v1/users/'
  let server: PeerTubeServer
  let serverWithRegistrationDisabled: PeerTubeServer

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(30000)

    const res = await Promise.all([
      createSingleServer(1, { signup: { limit: 3 } }),
      createSingleServer(2)
    ])

    server = res[0]
    serverWithRegistrationDisabled = res[1]

    await setAccessTokensToServers([ server ])

    await server.users.generate('moderator2', UserRole.MODERATOR)
  })

  describe('When registering a new user', function () {
    const registrationPath = path + '/register'
    const baseCorrectParams = {
      username: 'user3',
      displayName: 'super user',
      email: 'test3@example.com',
      password: 'my super password'
    }

    it('Should fail with a too small username', async function () {
      const fields = { ...baseCorrectParams, username: '' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long username', async function () {
      const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect username', async function () {
      const fields = { ...baseCorrectParams, username: 'my username' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a missing email', async function () {
      const fields = omit(baseCorrectParams, 'email')

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { ...baseCorrectParams, email: 'test_example.com' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too small password', async function () {
      const fields = { ...baseCorrectParams, password: 'bla' }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a too long password', async function () {
      const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail if we register a user with the same username', async function () {
      const fields = { ...baseCorrectParams, username: 'root' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail with a "peertube" username', async function () {
      const fields = { ...baseCorrectParams, username: 'peertube' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail if we register a user with the same email', async function () {
      const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should fail with a bad display name', async function () {
      const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a bad channel name', async function () {
      const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a bad channel display name', async function () {
      const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with a channel name that is the same as username', async function () {
      const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
      const fields = { ...baseCorrectParams, ...source }

      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
    })

    it('Should fail with an existing channel', async function () {
      const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
      await server.channels.create({ attributes })

      const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should succeed with the correct params', async function () {
      const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }

      await makePostBodyRequest({
        url: server.url,
        path: registrationPath,
        token: server.accessToken,
        fields: fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })

    it('Should fail on a server with registration disabled', async function () {
      const fields = {
        username: 'user4',
        email: 'test4@example.com',
        password: 'my super password 4'
      }

      await makePostBodyRequest({
        url: serverWithRegistrationDisabled.url,
        path: registrationPath,
        token: serverWithRegistrationDisabled.accessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })
  })

  describe('When registering multiple users on a server with users limit', function () {

    it('Should fail when after 3 registrations', async function () {
      await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

  })

  describe('When asking a password reset', function () {
    const path = '/api/v1/users/ask-reset-password'

    it('Should fail with a missing email', async function () {
      const fields = {}

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { email: 'hello' }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should success with the correct params', async function () {
      const fields = { email: 'admin@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When asking for an account verification email', function () {
    const path = '/api/v1/users/ask-send-verify-email'

    it('Should fail with a missing email', async function () {
      const fields = {}

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should fail with an invalid email', async function () {
      const fields = { email: 'hello' }

      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })

    it('Should succeed with the correct params', async function () {
      const fields = { email: 'admin@example.com' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  after(async function () {
    MockSmtpServer.Instance.kill()

    await cleanupTests([ server, serverWithRegistrationDisabled ])
  })
})