diff options
author | Chocobozzz <me@florianbigard.com> | 2021-10-19 15:02:43 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2021-10-20 09:25:44 +0200 |
commit | 906f46d0849fac3e2b30b7bdd57759e189d6a35d (patch) | |
tree | 3fbe0023c046ade74995010ae21f6e2eece1ddf5 /server/tests/api/check-params/users-admin.ts | |
parent | 4beda9e12adc7b1f3b178cecd6863ebf3cf431f1 (diff) | |
download | PeerTube-906f46d0849fac3e2b30b7bdd57759e189d6a35d.tar.gz PeerTube-906f46d0849fac3e2b30b7bdd57759e189d6a35d.tar.zst PeerTube-906f46d0849fac3e2b30b7bdd57759e189d6a35d.zip |
Split check user params tests
Diffstat (limited to 'server/tests/api/check-params/users-admin.ts')
-rw-r--r-- | server/tests/api/check-params/users-admin.ts | 477 |
1 files changed, 477 insertions, 0 deletions
diff --git a/server/tests/api/check-params/users-admin.ts b/server/tests/api/check-params/users-admin.ts new file mode 100644 index 000000000..f71414a6b --- /dev/null +++ b/server/tests/api/check-params/users-admin.ts | |||
@@ -0,0 +1,477 @@ | |||
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | ||
2 | |||
3 | import 'mocha' | ||
4 | import { omit } from 'lodash' | ||
5 | import { | ||
6 | checkBadCountPagination, | ||
7 | checkBadSortPagination, | ||
8 | checkBadStartPagination, | ||
9 | cleanupTests, | ||
10 | createSingleServer, | ||
11 | killallServers, | ||
12 | makeGetRequest, | ||
13 | makePostBodyRequest, | ||
14 | makePutBodyRequest, | ||
15 | MockSmtpServer, | ||
16 | PeerTubeServer, | ||
17 | setAccessTokensToServers | ||
18 | } from '@shared/extra-utils' | ||
19 | import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models' | ||
20 | |||
21 | describe('Test users admin API validators', function () { | ||
22 | const path = '/api/v1/users/' | ||
23 | let userId: number | ||
24 | let rootId: number | ||
25 | let moderatorId: number | ||
26 | let server: PeerTubeServer | ||
27 | let userToken = '' | ||
28 | let moderatorToken = '' | ||
29 | let emailPort: number | ||
30 | |||
31 | // --------------------------------------------------------------- | ||
32 | |||
33 | before(async function () { | ||
34 | this.timeout(30000) | ||
35 | |||
36 | const emails: object[] = [] | ||
37 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | ||
38 | |||
39 | { | ||
40 | server = await createSingleServer(1) | ||
41 | |||
42 | await setAccessTokensToServers([ server ]) | ||
43 | } | ||
44 | |||
45 | { | ||
46 | const result = await server.users.generate('user1') | ||
47 | userToken = result.token | ||
48 | userId = result.userId | ||
49 | } | ||
50 | |||
51 | { | ||
52 | const result = await server.users.generate('moderator1', UserRole.MODERATOR) | ||
53 | moderatorToken = result.token | ||
54 | } | ||
55 | |||
56 | { | ||
57 | const result = await server.users.generate('moderator2', UserRole.MODERATOR) | ||
58 | moderatorId = result.userId | ||
59 | } | ||
60 | }) | ||
61 | |||
62 | describe('When listing users', function () { | ||
63 | it('Should fail with a bad start pagination', async function () { | ||
64 | await checkBadStartPagination(server.url, path, server.accessToken) | ||
65 | }) | ||
66 | |||
67 | it('Should fail with a bad count pagination', async function () { | ||
68 | await checkBadCountPagination(server.url, path, server.accessToken) | ||
69 | }) | ||
70 | |||
71 | it('Should fail with an incorrect sort', async function () { | ||
72 | await checkBadSortPagination(server.url, path, server.accessToken) | ||
73 | }) | ||
74 | |||
75 | it('Should fail with a non authenticated user', async function () { | ||
76 | await makeGetRequest({ | ||
77 | url: server.url, | ||
78 | path, | ||
79 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
80 | }) | ||
81 | }) | ||
82 | |||
83 | it('Should fail with a non admin user', async function () { | ||
84 | await makeGetRequest({ | ||
85 | url: server.url, | ||
86 | path, | ||
87 | token: userToken, | ||
88 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
89 | }) | ||
90 | }) | ||
91 | }) | ||
92 | |||
93 | describe('When adding a new user', function () { | ||
94 | const baseCorrectParams = { | ||
95 | username: 'user2', | ||
96 | email: 'test@example.com', | ||
97 | password: 'my super password', | ||
98 | videoQuota: -1, | ||
99 | videoQuotaDaily: -1, | ||
100 | role: UserRole.USER, | ||
101 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | ||
102 | } | ||
103 | |||
104 | it('Should fail with a too small username', async function () { | ||
105 | const fields = { ...baseCorrectParams, username: '' } | ||
106 | |||
107 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
108 | }) | ||
109 | |||
110 | it('Should fail with a too long username', async function () { | ||
111 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | ||
112 | |||
113 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
114 | }) | ||
115 | |||
116 | it('Should fail with a not lowercase username', async function () { | ||
117 | const fields = { ...baseCorrectParams, username: 'Toto' } | ||
118 | |||
119 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
120 | }) | ||
121 | |||
122 | it('Should fail with an incorrect username', async function () { | ||
123 | const fields = { ...baseCorrectParams, username: 'my username' } | ||
124 | |||
125 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
126 | }) | ||
127 | |||
128 | it('Should fail with a missing email', async function () { | ||
129 | const fields = omit(baseCorrectParams, 'email') | ||
130 | |||
131 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
132 | }) | ||
133 | |||
134 | it('Should fail with an invalid email', async function () { | ||
135 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | ||
136 | |||
137 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
138 | }) | ||
139 | |||
140 | it('Should fail with a too small password', async function () { | ||
141 | const fields = { ...baseCorrectParams, password: 'bla' } | ||
142 | |||
143 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
144 | }) | ||
145 | |||
146 | it('Should fail with a too long password', async function () { | ||
147 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | ||
148 | |||
149 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
150 | }) | ||
151 | |||
152 | it('Should fail with empty password and no smtp configured', async function () { | ||
153 | const fields = { ...baseCorrectParams, password: '' } | ||
154 | |||
155 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
156 | }) | ||
157 | |||
158 | it('Should succeed with no password on a server with smtp enabled', async function () { | ||
159 | this.timeout(20000) | ||
160 | |||
161 | await killallServers([ server ]) | ||
162 | |||
163 | const config = { | ||
164 | smtp: { | ||
165 | hostname: 'localhost', | ||
166 | port: emailPort | ||
167 | } | ||
168 | } | ||
169 | await server.run(config) | ||
170 | |||
171 | const fields = { | ||
172 | ...baseCorrectParams, | ||
173 | |||
174 | password: '', | ||
175 | username: 'create_password', | ||
176 | email: 'create_password@example.com' | ||
177 | } | ||
178 | |||
179 | await makePostBodyRequest({ | ||
180 | url: server.url, | ||
181 | path: path, | ||
182 | token: server.accessToken, | ||
183 | fields, | ||
184 | expectedStatus: HttpStatusCode.OK_200 | ||
185 | }) | ||
186 | }) | ||
187 | |||
188 | it('Should fail with invalid admin flags', async function () { | ||
189 | const fields = { ...baseCorrectParams, adminFlags: 'toto' } | ||
190 | |||
191 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
192 | }) | ||
193 | |||
194 | it('Should fail with an non authenticated user', async function () { | ||
195 | await makePostBodyRequest({ | ||
196 | url: server.url, | ||
197 | path, | ||
198 | token: 'super token', | ||
199 | fields: baseCorrectParams, | ||
200 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
201 | }) | ||
202 | }) | ||
203 | |||
204 | it('Should fail if we add a user with the same username', async function () { | ||
205 | const fields = { ...baseCorrectParams, username: 'user1' } | ||
206 | |||
207 | await makePostBodyRequest({ | ||
208 | url: server.url, | ||
209 | path, | ||
210 | token: server.accessToken, | ||
211 | fields, | ||
212 | expectedStatus: HttpStatusCode.CONFLICT_409 | ||
213 | }) | ||
214 | }) | ||
215 | |||
216 | it('Should fail if we add a user with the same email', async function () { | ||
217 | const fields = { ...baseCorrectParams, email: 'user1@example.com' } | ||
218 | |||
219 | await makePostBodyRequest({ | ||
220 | url: server.url, | ||
221 | path, | ||
222 | token: server.accessToken, | ||
223 | fields, | ||
224 | expectedStatus: HttpStatusCode.CONFLICT_409 | ||
225 | }) | ||
226 | }) | ||
227 | |||
228 | it('Should fail without a videoQuota', async function () { | ||
229 | const fields = omit(baseCorrectParams, 'videoQuota') | ||
230 | |||
231 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
232 | }) | ||
233 | |||
234 | it('Should fail without a videoQuotaDaily', async function () { | ||
235 | const fields = omit(baseCorrectParams, 'videoQuotaDaily') | ||
236 | |||
237 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
238 | }) | ||
239 | |||
240 | it('Should fail with an invalid videoQuota', async function () { | ||
241 | const fields = { ...baseCorrectParams, videoQuota: -5 } | ||
242 | |||
243 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
244 | }) | ||
245 | |||
246 | it('Should fail with an invalid videoQuotaDaily', async function () { | ||
247 | const fields = { ...baseCorrectParams, videoQuotaDaily: -7 } | ||
248 | |||
249 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
250 | }) | ||
251 | |||
252 | it('Should fail without a user role', async function () { | ||
253 | const fields = omit(baseCorrectParams, 'role') | ||
254 | |||
255 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
256 | }) | ||
257 | |||
258 | it('Should fail with an invalid user role', async function () { | ||
259 | const fields = { ...baseCorrectParams, role: 88989 } | ||
260 | |||
261 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
262 | }) | ||
263 | |||
264 | it('Should fail with a "peertube" username', async function () { | ||
265 | const fields = { ...baseCorrectParams, username: 'peertube' } | ||
266 | |||
267 | await makePostBodyRequest({ | ||
268 | url: server.url, | ||
269 | path, | ||
270 | token: server.accessToken, | ||
271 | fields, | ||
272 | expectedStatus: HttpStatusCode.CONFLICT_409 | ||
273 | }) | ||
274 | }) | ||
275 | |||
276 | it('Should fail to create a moderator or an admin with a moderator', async function () { | ||
277 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | ||
278 | const fields = { ...baseCorrectParams, role } | ||
279 | |||
280 | await makePostBodyRequest({ | ||
281 | url: server.url, | ||
282 | path, | ||
283 | token: moderatorToken, | ||
284 | fields, | ||
285 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
286 | }) | ||
287 | } | ||
288 | }) | ||
289 | |||
290 | it('Should succeed to create a user with a moderator', async function () { | ||
291 | const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER } | ||
292 | |||
293 | await makePostBodyRequest({ | ||
294 | url: server.url, | ||
295 | path, | ||
296 | token: moderatorToken, | ||
297 | fields, | ||
298 | expectedStatus: HttpStatusCode.OK_200 | ||
299 | }) | ||
300 | }) | ||
301 | |||
302 | it('Should succeed with the correct params', async function () { | ||
303 | await makePostBodyRequest({ | ||
304 | url: server.url, | ||
305 | path, | ||
306 | token: server.accessToken, | ||
307 | fields: baseCorrectParams, | ||
308 | expectedStatus: HttpStatusCode.OK_200 | ||
309 | }) | ||
310 | }) | ||
311 | |||
312 | it('Should fail with a non admin user', async function () { | ||
313 | const user = { username: 'user1' } | ||
314 | userToken = await server.login.getAccessToken(user) | ||
315 | |||
316 | const fields = { | ||
317 | username: 'user3', | ||
318 | email: 'test@example.com', | ||
319 | password: 'my super password', | ||
320 | videoQuota: 42000000 | ||
321 | } | ||
322 | await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | ||
323 | }) | ||
324 | }) | ||
325 | |||
326 | describe('When getting a user', function () { | ||
327 | |||
328 | it('Should fail with an non authenticated user', async function () { | ||
329 | await makeGetRequest({ | ||
330 | url: server.url, | ||
331 | path: path + userId, | ||
332 | token: 'super token', | ||
333 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
334 | }) | ||
335 | }) | ||
336 | |||
337 | it('Should fail with a non admin user', async function () { | ||
338 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | ||
339 | }) | ||
340 | |||
341 | it('Should succeed with the correct params', async function () { | ||
342 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | ||
343 | }) | ||
344 | }) | ||
345 | |||
346 | describe('When updating a user', function () { | ||
347 | |||
348 | it('Should fail with an invalid email attribute', async function () { | ||
349 | const fields = { | ||
350 | email: 'blabla' | ||
351 | } | ||
352 | |||
353 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
354 | }) | ||
355 | |||
356 | it('Should fail with an invalid emailVerified attribute', async function () { | ||
357 | const fields = { | ||
358 | emailVerified: 'yes' | ||
359 | } | ||
360 | |||
361 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
362 | }) | ||
363 | |||
364 | it('Should fail with an invalid videoQuota attribute', async function () { | ||
365 | const fields = { | ||
366 | videoQuota: -90 | ||
367 | } | ||
368 | |||
369 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
370 | }) | ||
371 | |||
372 | it('Should fail with an invalid user role attribute', async function () { | ||
373 | const fields = { | ||
374 | role: 54878 | ||
375 | } | ||
376 | |||
377 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
378 | }) | ||
379 | |||
380 | it('Should fail with a too small password', async function () { | ||
381 | const fields = { | ||
382 | currentPassword: 'password', | ||
383 | password: 'bla' | ||
384 | } | ||
385 | |||
386 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
387 | }) | ||
388 | |||
389 | it('Should fail with a too long password', async function () { | ||
390 | const fields = { | ||
391 | currentPassword: 'password', | ||
392 | password: 'super'.repeat(61) | ||
393 | } | ||
394 | |||
395 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
396 | }) | ||
397 | |||
398 | it('Should fail with an non authenticated user', async function () { | ||
399 | const fields = { | ||
400 | videoQuota: 42 | ||
401 | } | ||
402 | |||
403 | await makePutBodyRequest({ | ||
404 | url: server.url, | ||
405 | path: path + userId, | ||
406 | token: 'super token', | ||
407 | fields, | ||
408 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
409 | }) | ||
410 | }) | ||
411 | |||
412 | it('Should fail when updating root role', async function () { | ||
413 | const fields = { | ||
414 | role: UserRole.MODERATOR | ||
415 | } | ||
416 | |||
417 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | ||
418 | }) | ||
419 | |||
420 | it('Should fail with invalid admin flags', async function () { | ||
421 | const fields = { adminFlags: 'toto' } | ||
422 | |||
423 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
424 | }) | ||
425 | |||
426 | it('Should fail to update an admin with a moderator', async function () { | ||
427 | const fields = { | ||
428 | videoQuota: 42 | ||
429 | } | ||
430 | |||
431 | await makePutBodyRequest({ | ||
432 | url: server.url, | ||
433 | path: path + moderatorId, | ||
434 | token: moderatorToken, | ||
435 | fields, | ||
436 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
437 | }) | ||
438 | }) | ||
439 | |||
440 | it('Should succeed to update a user with a moderator', async function () { | ||
441 | const fields = { | ||
442 | videoQuota: 42 | ||
443 | } | ||
444 | |||
445 | await makePutBodyRequest({ | ||
446 | url: server.url, | ||
447 | path: path + userId, | ||
448 | token: moderatorToken, | ||
449 | fields, | ||
450 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | ||
451 | }) | ||
452 | }) | ||
453 | |||
454 | it('Should succeed with the correct params', async function () { | ||
455 | const fields = { | ||
456 | email: 'email@example.com', | ||
457 | emailVerified: true, | ||
458 | videoQuota: 42, | ||
459 | role: UserRole.USER | ||
460 | } | ||
461 | |||
462 | await makePutBodyRequest({ | ||
463 | url: server.url, | ||
464 | path: path + userId, | ||
465 | token: server.accessToken, | ||
466 | fields, | ||
467 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | ||
468 | }) | ||
469 | }) | ||
470 | }) | ||
471 | |||
472 | after(async function () { | ||
473 | MockSmtpServer.Instance.kill() | ||
474 | |||
475 | await cleanupTests([ server ]) | ||
476 | }) | ||
477 | }) | ||