Creating a user with an empty password will send an email to let him set his password (#2479)

* Creating a user with an empty password will send an email to let him set his password * Consideration of Chocobozzz's comments * Tips for optional password * API documentation * Fix circular imports * Tests
author: John Livingston <38844060+JohnXLivingston@users.noreply.github.com> 2020-02-17 10:16:52 +0100
committer: GitHub <noreply@github.com> 2020-02-17 10:16:52 +0100
commit: 45f1bd72a08998c60a9dd68ff069cea9de39161c (patch)
tree: 79e484bd7fd38fe97c84fdb00a164534f43941e9 /server/tests/api
parent: c5621bd23bce038671cd81149a0aa5e238558b67 (diff)
download: PeerTube-45f1bd72a08998c60a9dd68ff069cea9de39161c.tar.gz
PeerTube-45f1bd72a08998c60a9dd68ff069cea9de39161c.tar.zst
PeerTube-45f1bd72a08998c60a9dd68ff069cea9de39161c.zip
2 files changed, 111 insertions, 13 deletions
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index f448bb2a6..4d597f0a3 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -16,12 +16,14 @@ import {
  getMyUserVideoRating,
  getUsersList,
  immutableAssign,
+  killallServers,
  makeGetRequest,
  makePostBodyRequest,
  makePutBodyRequest,
  makeUploadRequest,
  registerUser,
  removeUser,
+  reRunServer,
  ServerInfo,
  setAccessTokensToServers,
  unblockUser,
@@ -39,6 +41,7 @@ import { VideoPrivacy } from '../../../../shared/models/videos'
 import { waitJobs } from '../../../../shared/extra-utils/server/jobs'
 import { expect } from 'chai'
 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
+import { MockSmtpServer } from '../../../../shared/extra-utils/miscs/email'
 describe('Test users API validators', function () {
  const path = '/api/v1/users/'
@@ -50,6 +53,8 @@ describe('Test users API validators', function () {
  let serverWithRegistrationDisabled: ServerInfo
  let userAccessToken = ''
  let moderatorAccessToken = ''
+  let emailPort: number
+  let overrideConfig: Object
  // eslint-disable-next-line @typescript-eslint/no-unused-vars
  let channelId: number
@@ -58,9 +63,14 @@ describe('Test users API validators', function () {
  before(async function () {
    this.timeout(30000)
+    const emails: object[] = []
+    emailPort = await MockSmtpServer.Instance.collectEmails(emails)
+    overrideConfig = { signup: { limit: 8 } }
    {
      const res = await Promise.all([
-        flushAndRunServer(1, { signup: { limit: 7 } }),
+        flushAndRunServer(1, overrideConfig),
        flushAndRunServer(2)
      ])
@@ -229,6 +239,40 @@ describe('Test users API validators', function () {
      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
    })
+    it('Should fail with empty password and no smtp configured', async function () {
+      const fields = immutableAssign(baseCorrectParams, { password: '' })
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should succeed with no password on a server with smtp enabled', async function () {
+      this.timeout(10000)
+      killallServers([ server ])
+      const config = immutableAssign(overrideConfig, {
+        smtp: {
+          hostname: 'localhost',
+          port: emailPort
+        }
+      })
+      await reRunServer(server, config)
+      const fields = immutableAssign(baseCorrectParams, {
+        password: '',
+        username: 'create_password',
+        email: 'create_password@example.com'
+      })
+      await makePostBodyRequest({
+        url: server.url,
+        path: path,
+        token: server.accessToken,
+        fields,
+        statusCodeExpected: 200
+      })
+    })
    it('Should fail with invalid admin flags', async function () {
      const fields = immutableAssign(baseCorrectParams, { adminFlags: 'toto' })
@@ -1102,6 +1146,8 @@ describe('Test users API validators', function () {
  })
  after(async function () {
+    MockSmtpServer.Instance.kill()
    await cleanupTests([ server, serverWithRegistrationDisabled ])
  })
 })
diff --git a/server/tests/api/server/email.ts b/server/tests/api/server/email.ts
index f18859e5d..95b64a459 100644
--- a/server/tests/api/server/email.ts
+++ b/server/tests/api/server/email.ts
@@ -28,10 +28,12 @@ const expect = chai.expect
 describe('Test emails', function () {
  let server: ServerInfo
  let userId: number
+  let userId2: number
  let userAccessToken: string
  let videoUUID: string
  let videoUserUUID: string
  let verificationString: string
+  let verificationString2: string
  const emails: object[] = []
  const user = {
    username: 'user_1',
@@ -122,6 +124,56 @@ describe('Test emails', function () {
    })
  })
+  describe('When creating a user without password', function () {
+    it('Should send a create password email', async function () {
+      this.timeout(10000)
+      await createUser({
+        url: server.url,
+        accessToken: server.accessToken,
+        username: 'create_password',
+        password: ''
+      })
+      await waitJobs(server)
+      expect(emails).to.have.lengthOf(2)
+      const email = emails[1]
+      expect(email['from'][0]['name']).equal('localhost:' + server.port)
+      expect(email['from'][0]['address']).equal('test-admin@localhost')
+      expect(email['to'][0]['address']).equal('create_password@example.com')
+      expect(email['subject']).contains('account')
+      expect(email['subject']).contains('password')
+      const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
+      expect(verificationStringMatches).not.to.be.null
+      verificationString2 = verificationStringMatches[1]
+      expect(verificationString2).to.have.length.above(2)
+      const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
+      expect(userIdMatches).not.to.be.null
+      userId2 = parseInt(userIdMatches[1], 10)
+    })
+    it('Should not reset the password with an invalid verification string', async function () {
+      await resetPassword(server.url, userId2, verificationString2 + 'c', 'newly_created_password', 403)
+    })
+    it('Should reset the password', async function () {
+      await resetPassword(server.url, userId2, verificationString2, 'newly_created_password')
+    })
+    it('Should login with this new password', async function () {
+      await userLogin(server, {
+        username: 'create_password',
+        password: 'newly_created_password'
+      })
+    })
+  })
  describe('When creating a video abuse', function () {
    it('Should send the notification email', async function () {
      this.timeout(10000)
@@ -130,9 +182,9 @@ describe('Test emails', function () {
      await reportVideoAbuse(server.url, server.accessToken, videoUUID, reason)
      await waitJobs(server)
-      expect(emails).to.have.lengthOf(2)
+      expect(emails).to.have.lengthOf(3)
-      const email = emails[1]
+      const email = emails[2]
      expect(email['from'][0]['name']).equal('localhost:' + server.port)
      expect(email['from'][0]['address']).equal('test-admin@localhost')
@@ -151,9 +203,9 @@ describe('Test emails', function () {
      await blockUser(server.url, userId, server.accessToken, 204, reason)
      await waitJobs(server)
-      expect(emails).to.have.lengthOf(3)
+      expect(emails).to.have.lengthOf(4)
-      const email = emails[2]
+      const email = emails[3]
      expect(email['from'][0]['name']).equal('localhost:' + server.port)
      expect(email['from'][0]['address']).equal('test-admin@localhost')
@@ -169,9 +221,9 @@ describe('Test emails', function () {
      await unblockUser(server.url, userId, server.accessToken, 204)
      await waitJobs(server)
-      expect(emails).to.have.lengthOf(4)
+      expect(emails).to.have.lengthOf(5)
-      const email = emails[3]
+      const email = emails[4]
      expect(email['from'][0]['name']).equal('localhost:' + server.port)
      expect(email['from'][0]['address']).equal('test-admin@localhost')
@@ -189,9 +241,9 @@ describe('Test emails', function () {
      await addVideoToBlacklist(server.url, server.accessToken, videoUserUUID, reason)
      await waitJobs(server)
-      expect(emails).to.have.lengthOf(5)
+      expect(emails).to.have.lengthOf(6)
-      const email = emails[4]
+      const email = emails[5]
      expect(email['from'][0]['name']).equal('localhost:' + server.port)
      expect(email['from'][0]['address']).equal('test-admin@localhost')
@@ -207,9 +259,9 @@ describe('Test emails', function () {
      await removeVideoFromBlacklist(server.url, server.accessToken, videoUserUUID)
      await waitJobs(server)
-      expect(emails).to.have.lengthOf(6)
+      expect(emails).to.have.lengthOf(7)
-      const email = emails[5]
+      const email = emails[6]
      expect(email['from'][0]['name']).equal('localhost:' + server.port)
      expect(email['from'][0]['address']).equal('test-admin@localhost')
@@ -227,9 +279,9 @@ describe('Test emails', function () {
      await askSendVerifyEmail(server.url, 'user_1@example.com')
      await waitJobs(server)
-      expect(emails).to.have.lengthOf(7)
+      expect(emails).to.have.lengthOf(8)
-      const email = emails[6]
+      const email = emails[7]
      expect(email['from'][0]['name']).equal('localhost:' + server.port)
      expect(email['from'][0]['address']).equal('test-admin@localhost')
author	John Livingston <38844060+JohnXLivingston@users.noreply.github.com>	2020-02-17 10:16:52 +0100
committer	GitHub <noreply@github.com>	2020-02-17 10:16:52 +0100
commit	45f1bd72a08998c60a9dd68ff069cea9de39161c (patch)
tree	79e484bd7fd38fe97c84fdb00a164534f43941e9 /server/tests/api
parent	c5621bd23bce038671cd81149a0aa5e238558b67 (diff)
download	PeerTube-45f1bd72a08998c60a9dd68ff069cea9de39161c.tar.gz PeerTube-45f1bd72a08998c60a9dd68ff069cea9de39161c.tar.zst PeerTube-45f1bd72a08998c60a9dd68ff069cea9de39161c.zip