5 files changed, 179 insertions, 2 deletions

diff --git a/config/test-2.yaml b/config/test-2.yaml
index 13e09ff4c..77b2d6095 100644
--- a/config/test-2.yaml
+++ b/config/test-2.yaml
@@ -18,3 +18,6 @@ storage:
 
 admin:
   email: 'admin2@example.com'
+
+signup:
+  enabled: false
diff --git a/server/controllers/api/users.js b/server/controllers/api/users.js
index 6b6c0774f..c7fe7bf85 100644
--- a/server/controllers/api/users.js
+++ b/server/controllers/api/users.js
@@ -44,6 +44,12 @@ router.post('/',
   createUser
 )
 
+router.post('/register',
+  ensureRegistrationEnabled,
+  validatorsUsers.usersAdd,
+  createUser
+)
+
 router.put('/:id',
   oAuth.authenticate,
   validatorsUsers.usersUpdate,
@@ -66,6 +72,16 @@ module.exports = router
 
 // ---------------------------------------------------------------------------
 
+function ensureRegistrationEnabled (req, res, next) {
+  const registrationEnabled = constants.CONFIG.SIGNUP.ENABLED
+
+  if (registrationEnabled === true) {
+    return next()
+  }
+
+  return res.status(400).send('User registration is not enabled.')
+}
+
 function createUser (req, res, next) {
   const user = db.User.build({
     username: req.body.username,
diff --git a/server/tests/api/check-params/users.js b/server/tests/api/check-params/users.js
index 4a176e6c2..0aa9a4524 100644
--- a/server/tests/api/check-params/users.js
+++ b/server/tests/api/check-params/users.js
@@ -17,6 +17,7 @@ describe('Test users API validators', function () {
   let rootId = null
   let videoId = null
   let server = null
+  let serverWithRegistrationDisabled = null
   let userAccessToken = null
 
   // ---------------------------------------------------------------
@@ -29,8 +30,15 @@ describe('Test users API validators', function () {
         serversUtils.flushTests(next)
       },
       function (next) {
-        serversUtils.runServer(1, function (server1) {
-          server = server1
+        serversUtils.runServer(1, function (serverCreated) {
+          server = serverCreated
+
+          next()
+        })
+      },
+      function (next) {
+        serversUtils.runServer(2, function (serverCreated) {
+          serverWithRegistrationDisabled = serverCreated
 
           next()
         })
@@ -394,6 +402,121 @@ describe('Test users API validators', function () {
     })
   })
 
+  describe('When register a new user', function () {
+    const registrationPath = path + '/register'
+
+    it('Should fail with a too small username', function (done) {
+      const data = {
+        username: 'ji',
+        email: 'test@example.com',
+        password: 'mysuperpassword'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
+    })
+
+    it('Should fail with a too long username', function (done) {
+      const data = {
+        username: 'mysuperusernamewhichisverylong',
+        email: 'test@example.com',
+        password: 'mysuperpassword'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
+    })
+
+    it('Should fail with an incorrect username', function (done) {
+      const data = {
+        username: 'my username',
+        email: 'test@example.com',
+        password: 'mysuperpassword'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
+    })
+
+    it('Should fail with a missing email', function (done) {
+      const data = {
+        username: 'ji',
+        password: 'mysuperpassword'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
+    })
+
+    it('Should fail with an invalid email', function (done) {
+      const data = {
+        username: 'mysuperusernamewhichisverylong',
+        email: 'testexample.com',
+        password: 'mysuperpassword'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
+    })
+
+    it('Should fail with a too small password', function (done) {
+      const data = {
+        username: 'myusername',
+        email: 'test@example.com',
+        password: 'bla'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
+    })
+
+    it('Should fail with a too long password', function (done) {
+      const data = {
+        username: 'myusername',
+        email: 'test@example.com',
+        password: 'my super long password which is very very very very very very very very very very very very very very' +
+                  'very very very very very very very very very very very very very very very veryv very very very very' +
+                  'very very very very very very very very very very very very very very very very very very very very long'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done)
+    })
+
+    it('Should fail if we register a user with the same username', function (done) {
+      const data = {
+        username: 'root',
+        email: 'test@example.com',
+        password: 'my super password'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done, 409)
+    })
+
+    it('Should fail if we register a user with the same email', function (done) {
+      const data = {
+        username: 'myusername',
+        email: 'admin1@example.com',
+        password: 'my super password'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done, 409)
+    })
+
+    it('Should succeed with the correct params', function (done) {
+      const data = {
+        username: 'user3',
+        email: 'test3@example.com',
+        password: 'my super password'
+      }
+
+      requestsUtils.makePostBodyRequest(server.url, registrationPath, server.accessToken, data, done, 204)
+    })
+
+    it('Should fail on a server with registration disabled', function (done) {
+      const data = {
+        username: 'user4',
+        email: 'test4@example.com',
+        password: 'my super password 4'
+      }
+
+      requestsUtils.makePostBodyRequest(serverWithRegistrationDisabled.url, registrationPath, serverWithRegistrationDisabled.accessToken, data, done, 400)
+    })
+  })
+
   after(function (done) {
     process.kill(-server.app.pid)
 
diff --git a/server/tests/api/users.js b/server/tests/api/users.js
index a5e8a7edf..10c96baeb 100644
--- a/server/tests/api/users.js
+++ b/server/tests/api/users.js
@@ -383,6 +383,19 @@ describe('Test users', function () {
     })
   })
 
+  it('Should register a new user', function (done) {
+    usersUtils.registerUser(server.url, 'user_15', 'my super password', done)
+  })
+
+  it('Should be able to login with this registered user', function (done) {
+    server.user = {
+      username: 'user_15',
+      password: 'my super password'
+    }
+
+    loginUtils.loginAndGetAccessToken(server, done)
+  })
+
   after(function (done) {
     process.kill(-server.app.pid)
 
diff --git a/server/tests/utils/users.js b/server/tests/utils/users.js
index 8138074d0..310dc0c6b 100644
--- a/server/tests/utils/users.js
+++ b/server/tests/utils/users.js
@@ -4,6 +4,7 @@ const request = require('supertest')
 
 const usersUtils = {
   createUser,
+  registerUser,
   getUserInformation,
   getUserVideoRating,
   getUsersList,
@@ -36,6 +37,27 @@ function createUser (url, accessToken, username, password, specialStatus, end) {
     .end(end)
 }
 
+function registerUser (url, username, password, specialStatus, end) {
+  if (!end) {
+    end = specialStatus
+    specialStatus = 204
+  }
+
+  const path = '/api/v1/users/register'
+  const body = {
+    username,
+    password,
+    email: username + '@example.com'
+  }
+
+  request(url)
+    .post(path)
+    .set('Accept', 'application/json')
+    .send(body)
+    .expect(specialStatus)
+    .end(end)
+}
+
 function getUserInformation (url, accessToken, end) {
   const path = '/api/v1/users/me'