1 files changed, 457 insertions, 0 deletions
diff --git a/packages/tests/src/api/check-params/users-admin.ts b/packages/tests/src/api/check-params/users-admin.ts
new file mode 100644
index 000000000..1ad222ddc
--- /dev/null
+++ b/packages/tests/src/api/check-params/users-admin.ts
@@ -0,0 +1,457 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@tests/shared/checks.js'
+import { MockSmtpServer } from '@tests/shared/mock-servers/index.js'
+import { omit } from '@peertube/peertube-core-utils'
+import { HttpStatusCode, UserAdminFlag, UserRole } from '@peertube/peertube-models'
+import {
+  cleanupTests,
+  ConfigCommand,
+  createSingleServer,
+  killallServers,
+  makeGetRequest,
+  makePostBodyRequest,
+  makePutBodyRequest,
+  PeerTubeServer,
+  setAccessTokensToServers
+} from '@peertube/peertube-server-commands'
+describe('Test users admin API validators', function () {
+  const path = '/api/v1/users/'
+  let userId: number
+  let rootId: number
+  let moderatorId: number
+  let server: PeerTubeServer
+  let userToken = ''
+  let moderatorToken = ''
+  let emailPort: number
+  // ---------------------------------------------------------------
+  before(async function () {
+    this.timeout(30000)
+    const emails: object[] = []
+    emailPort = await MockSmtpServer.Instance.collectEmails(emails)
+    {
+      server = await createSingleServer(1)
+      await setAccessTokensToServers([ server ])
+    }
+    {
+      const result = await server.users.generate('user1')
+      userToken = result.token
+      userId = result.userId
+    }
+    {
+      const result = await server.users.generate('moderator1', UserRole.MODERATOR)
+      moderatorToken = result.token
+    }
+    {
+      const result = await server.users.generate('moderator2', UserRole.MODERATOR)
+      moderatorId = result.userId
+    }
+  })
+  describe('When listing users', function () {
+    it('Should fail with a bad start pagination', async function () {
+      await checkBadStartPagination(server.url, path, server.accessToken)
+    })
+    it('Should fail with a bad count pagination', async function () {
+      await checkBadCountPagination(server.url, path, server.accessToken)
+    })
+    it('Should fail with an incorrect sort', async function () {
+      await checkBadSortPagination(server.url, path, server.accessToken)
+    })
+    it('Should fail with a non authenticated user', async function () {
+      await makeGetRequest({
+        url: server.url,
+        path,
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail with a non admin user', async function () {
+      await makeGetRequest({
+        url: server.url,
+        path,
+        token: userToken,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
+  })
+  describe('When adding a new user', function () {
+    const baseCorrectParams = {
+      username: 'user2',
+      email: 'test@example.com',
+      password: 'my super password',
+      videoQuota: -1,
+      videoQuotaDaily: -1,
+      role: UserRole.USER,
+      adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
+    }
+    it('Should fail with a too small username', async function () {
+      const fields = { ...baseCorrectParams, username: '' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a too long username', async function () {
+      const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a not lowercase username', async function () {
+      const fields = { ...baseCorrectParams, username: 'Toto' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an incorrect username', async function () {
+      const fields = { ...baseCorrectParams, username: 'my username' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a missing email', async function () {
+      const fields = omit(baseCorrectParams, [ 'email' ])
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid email', async function () {
+      const fields = { ...baseCorrectParams, email: 'test_example.com' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a too small password', async function () {
+      const fields = { ...baseCorrectParams, password: 'bla' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a too long password', async function () {
+      const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with empty password and no smtp configured', async function () {
+      const fields = { ...baseCorrectParams, password: '' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should succeed with no password on a server with smtp enabled', async function () {
+      this.timeout(20000)
+      await killallServers([ server ])
+      await server.run(ConfigCommand.getEmailOverrideConfig(emailPort))
+      const fields = {
+        ...baseCorrectParams,
+        password: '',
+        username: 'create_password',
+        email: 'create_password@example.com'
+      }
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.OK_200
+      })
+    })
+    it('Should fail with invalid admin flags', async function () {
+      const fields = { ...baseCorrectParams, adminFlags: 'toto' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an non authenticated user', async function () {
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: 'super token',
+        fields: baseCorrectParams,
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail if we add a user with the same username', async function () {
+      const fields = { ...baseCorrectParams, username: 'user1' }
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.CONFLICT_409
+      })
+    })
+    it('Should fail if we add a user with the same email', async function () {
+      const fields = { ...baseCorrectParams, email: 'user1@example.com' }
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.CONFLICT_409
+      })
+    })
+    it('Should fail with an invalid videoQuota', async function () {
+      const fields = { ...baseCorrectParams, videoQuota: -5 }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid videoQuotaDaily', async function () {
+      const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail without a user role', async function () {
+      const fields = omit(baseCorrectParams, [ 'role' ])
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid user role', async function () {
+      const fields = { ...baseCorrectParams, role: 88989 }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a "peertube" username', async function () {
+      const fields = { ...baseCorrectParams, username: 'peertube' }
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.CONFLICT_409
+      })
+    })
+    it('Should fail to create a moderator or an admin with a moderator', async function () {
+      for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
+        const fields = { ...baseCorrectParams, role }
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          token: moderatorToken,
+          fields,
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      }
+    })
+    it('Should succeed to create a user with a moderator', async function () {
+      const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: moderatorToken,
+        fields,
+        expectedStatus: HttpStatusCode.OK_200
+      })
+    })
+    it('Should succeed with the correct params', async function () {
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields: baseCorrectParams,
+        expectedStatus: HttpStatusCode.OK_200
+      })
+    })
+    it('Should fail with a non admin user', async function () {
+      const user = { username: 'user1' }
+      userToken = await server.login.getAccessToken(user)
+      const fields = {
+        username: 'user3',
+        email: 'test@example.com',
+        password: 'my super password',
+        videoQuota: 42000000
+      }
+      await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    })
+  })
+  describe('When getting a user', function () {
+    it('Should fail with an non authenticated user', async function () {
+      await makeGetRequest({
+        url: server.url,
+        path: path + userId,
+        token: 'super token',
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail with a non admin user', async function () {
+      await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    })
+    it('Should succeed with the correct params', async function () {
+      await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
+    })
+  })
+  describe('When updating a user', function () {
+    it('Should fail with an invalid email attribute', async function () {
+      const fields = {
+        email: 'blabla'
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid emailVerified attribute', async function () {
+      const fields = {
+        emailVerified: 'yes'
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid videoQuota attribute', async function () {
+      const fields = {
+        videoQuota: -90
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid user role attribute', async function () {
+      const fields = {
+        role: 54878
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with a too small password', async function () {
+      const fields = {
+        currentPassword: 'password',
+        password: 'bla'
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with a too long password', async function () {
+      const fields = {
+        currentPassword: 'password',
+        password: 'super'.repeat(61)
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with an non authenticated user', async function () {
+      const fields = {
+        videoQuota: 42
+      }
+      await makePutBodyRequest({
+        url: server.url,
+        path: path + userId,
+        token: 'super token',
+        fields,
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail when updating root role', async function () {
+      const fields = {
+        role: UserRole.MODERATOR
+      }
+      await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
+    })
+    it('Should fail with invalid admin flags', async function () {
+      const fields = { adminFlags: 'toto' }
+      await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail to update an admin with a moderator', async function () {
+      const fields = {
+        videoQuota: 42
+      }
+      await makePutBodyRequest({
+        url: server.url,
+        path: path + moderatorId,
+        token: moderatorToken,
+        fields,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
+    it('Should succeed to update a user with a moderator', async function () {
+      const fields = {
+        videoQuota: 42
+      }
+      await makePutBodyRequest({
+        url: server.url,
+        path: path + userId,
+        token: moderatorToken,
+        fields,
+        expectedStatus: HttpStatusCode.NO_CONTENT_204
+      })
+    })
+    it('Should succeed with the correct params', async function () {
+      const fields = {
+        email: 'email@example.com',
+        emailVerified: true,
+        videoQuota: 42,
+        role: UserRole.USER
+      }
+      await makePutBodyRequest({
+        url: server.url,
+        path: path + userId,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.NO_CONTENT_204
+      })
+    })
+  })
+  after(async function () {
+    MockSmtpServer.Instance.kill()
+    await cleanupTests([ server ])
+  })
+})

diff --git a/packages/tests/src/api/check-params/users-admin.ts b/packages/tests/src/api/check-params/users-admin.ts new file mode 100644 index 000000000..1ad222ddc --- /dev/null +++ b/packages/tests/src/api/check-params/users-admin.ts
@@ -0,0 +1,457 @@
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@tests/shared/checks.js'
	4	import { MockSmtpServer } from '@tests/shared/mock-servers/index.js'
	5	import { omit } from '@peertube/peertube-core-utils'
	6	import { HttpStatusCode, UserAdminFlag, UserRole } from '@peertube/peertube-models'
	7	import {
	8	cleanupTests,
	9	ConfigCommand,
	10	createSingleServer,
	11	killallServers,
	12	makeGetRequest,
	13	makePostBodyRequest,
	14	makePutBodyRequest,
	15	PeerTubeServer,
	16	setAccessTokensToServers
	17	} from '@peertube/peertube-server-commands'
	18
	19	describe('Test users admin API validators', function () {
	20	const path = '/api/v1/users/'
	21	let userId: number
	22	let rootId: number
	23	let moderatorId: number
	24	let server: PeerTubeServer
	25	let userToken = ''
	26	let moderatorToken = ''
	27	let emailPort: number
	28
	29	// ---------------------------------------------------------------
	30
	31	before(async function () {
	32	this.timeout(30000)
	33
	34	const emails: object[] = []
	35	emailPort = await MockSmtpServer.Instance.collectEmails(emails)
	36
	37	{
	38	server = await createSingleServer(1)
	39
	40	await setAccessTokensToServers([ server ])
	41	}
	42
	43	{
	44	const result = await server.users.generate('user1')
	45	userToken = result.token
	46	userId = result.userId
	47	}
	48
	49	{
	50	const result = await server.users.generate('moderator1', UserRole.MODERATOR)
	51	moderatorToken = result.token
	52	}
	53
	54	{
	55	const result = await server.users.generate('moderator2', UserRole.MODERATOR)
	56	moderatorId = result.userId
	57	}
	58	})
	59
	60	describe('When listing users', function () {
	61	it('Should fail with a bad start pagination', async function () {
	62	await checkBadStartPagination(server.url, path, server.accessToken)
	63	})
	64
	65	it('Should fail with a bad count pagination', async function () {
	66	await checkBadCountPagination(server.url, path, server.accessToken)
	67	})
	68
	69	it('Should fail with an incorrect sort', async function () {
	70	await checkBadSortPagination(server.url, path, server.accessToken)
	71	})
	72
	73	it('Should fail with a non authenticated user', async function () {
	74	await makeGetRequest({
	75	url: server.url,
	76	path,
	77	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	78	})
	79	})
	80
	81	it('Should fail with a non admin user', async function () {
	82	await makeGetRequest({
	83	url: server.url,
	84	path,
	85	token: userToken,
	86	expectedStatus: HttpStatusCode.FORBIDDEN_403
	87	})
	88	})
	89	})
	90
	91	describe('When adding a new user', function () {
	92	const baseCorrectParams = {
	93	username: 'user2',
	94	email: 'test@example.com',
	95	password: 'my super password',
	96	videoQuota: -1,
	97	videoQuotaDaily: -1,
	98	role: UserRole.USER,
	99	adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
	100	}
	101
	102	it('Should fail with a too small username', async function () {
	103	const fields = { ...baseCorrectParams, username: '' }
	104
	105	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	106	})
	107
	108	it('Should fail with a too long username', async function () {
	109	const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
	110
	111	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	112	})
	113
	114	it('Should fail with a not lowercase username', async function () {
	115	const fields = { ...baseCorrectParams, username: 'Toto' }
	116
	117	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	118	})
	119
	120	it('Should fail with an incorrect username', async function () {
	121	const fields = { ...baseCorrectParams, username: 'my username' }
	122
	123	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	124	})
	125
	126	it('Should fail with a missing email', async function () {
	127	const fields = omit(baseCorrectParams, [ 'email' ])
	128
	129	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	130	})
	131
	132	it('Should fail with an invalid email', async function () {
	133	const fields = { ...baseCorrectParams, email: 'test_example.com' }
	134
	135	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	136	})
	137
	138	it('Should fail with a too small password', async function () {
	139	const fields = { ...baseCorrectParams, password: 'bla' }
	140
	141	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	142	})
	143
	144	it('Should fail with a too long password', async function () {
	145	const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
	146
	147	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	148	})
	149
	150	it('Should fail with empty password and no smtp configured', async function () {
	151	const fields = { ...baseCorrectParams, password: '' }
	152
	153	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	154	})
	155
	156	it('Should succeed with no password on a server with smtp enabled', async function () {
	157	this.timeout(20000)
	158
	159	await killallServers([ server ])
	160
	161	await server.run(ConfigCommand.getEmailOverrideConfig(emailPort))
	162
	163	const fields = {
	164	...baseCorrectParams,
	165
	166	password: '',
	167	username: 'create_password',
	168	email: 'create_password@example.com'
	169	}
	170
	171	await makePostBodyRequest({
	172	url: server.url,
	173	path,
	174	token: server.accessToken,
	175	fields,
	176	expectedStatus: HttpStatusCode.OK_200
	177	})
	178	})
	179
	180	it('Should fail with invalid admin flags', async function () {
	181	const fields = { ...baseCorrectParams, adminFlags: 'toto' }
	182
	183	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	184	})
	185
	186	it('Should fail with an non authenticated user', async function () {
	187	await makePostBodyRequest({
	188	url: server.url,
	189	path,
	190	token: 'super token',
	191	fields: baseCorrectParams,
	192	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	193	})
	194	})
	195
	196	it('Should fail if we add a user with the same username', async function () {
	197	const fields = { ...baseCorrectParams, username: 'user1' }
	198
	199	await makePostBodyRequest({
	200	url: server.url,
	201	path,
	202	token: server.accessToken,
	203	fields,
	204	expectedStatus: HttpStatusCode.CONFLICT_409
	205	})
	206	})
	207
	208	it('Should fail if we add a user with the same email', async function () {
	209	const fields = { ...baseCorrectParams, email: 'user1@example.com' }
	210
	211	await makePostBodyRequest({
	212	url: server.url,
	213	path,
	214	token: server.accessToken,
	215	fields,
	216	expectedStatus: HttpStatusCode.CONFLICT_409
	217	})
	218	})
	219
	220	it('Should fail with an invalid videoQuota', async function () {
	221	const fields = { ...baseCorrectParams, videoQuota: -5 }
	222
	223	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	224	})
	225
	226	it('Should fail with an invalid videoQuotaDaily', async function () {
	227	const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
	228
	229	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	230	})
	231
	232	it('Should fail without a user role', async function () {
	233	const fields = omit(baseCorrectParams, [ 'role' ])
	234
	235	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	236	})
	237
	238	it('Should fail with an invalid user role', async function () {
	239	const fields = { ...baseCorrectParams, role: 88989 }
	240
	241	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	242	})
	243
	244	it('Should fail with a "peertube" username', async function () {
	245	const fields = { ...baseCorrectParams, username: 'peertube' }
	246
	247	await makePostBodyRequest({
	248	url: server.url,
	249	path,
	250	token: server.accessToken,
	251	fields,
	252	expectedStatus: HttpStatusCode.CONFLICT_409
	253	})
	254	})
	255
	256	it('Should fail to create a moderator or an admin with a moderator', async function () {
	257	for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
	258	const fields = { ...baseCorrectParams, role }
	259
	260	await makePostBodyRequest({
	261	url: server.url,
	262	path,
	263	token: moderatorToken,
	264	fields,
	265	expectedStatus: HttpStatusCode.FORBIDDEN_403
	266	})
	267	}
	268	})
	269
	270	it('Should succeed to create a user with a moderator', async function () {
	271	const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
	272
	273	await makePostBodyRequest({
	274	url: server.url,
	275	path,
	276	token: moderatorToken,
	277	fields,
	278	expectedStatus: HttpStatusCode.OK_200
	279	})
	280	})
	281
	282	it('Should succeed with the correct params', async function () {
	283	await makePostBodyRequest({
	284	url: server.url,
	285	path,
	286	token: server.accessToken,
	287	fields: baseCorrectParams,
	288	expectedStatus: HttpStatusCode.OK_200
	289	})
	290	})
	291
	292	it('Should fail with a non admin user', async function () {
	293	const user = { username: 'user1' }
	294	userToken = await server.login.getAccessToken(user)
	295
	296	const fields = {
	297	username: 'user3',
	298	email: 'test@example.com',
	299	password: 'my super password',
	300	videoQuota: 42000000
	301	}
	302	await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
	303	})
	304	})
	305
	306	describe('When getting a user', function () {
	307
	308	it('Should fail with an non authenticated user', async function () {
	309	await makeGetRequest({
	310	url: server.url,
	311	path: path + userId,
	312	token: 'super token',
	313	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	314	})
	315	})
	316
	317	it('Should fail with a non admin user', async function () {
	318	await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
	319	})
	320
	321	it('Should succeed with the correct params', async function () {
	322	await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
	323	})
	324	})
	325
	326	describe('When updating a user', function () {
	327
	328	it('Should fail with an invalid email attribute', async function () {
	329	const fields = {
	330	email: 'blabla'
	331	}
	332
	333	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	334	})
	335
	336	it('Should fail with an invalid emailVerified attribute', async function () {
	337	const fields = {
	338	emailVerified: 'yes'
	339	}
	340
	341	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	342	})
	343
	344	it('Should fail with an invalid videoQuota attribute', async function () {
	345	const fields = {
	346	videoQuota: -90
	347	}
	348
	349	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	350	})
	351
	352	it('Should fail with an invalid user role attribute', async function () {
	353	const fields = {
	354	role: 54878
	355	}
	356
	357	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	358	})
	359
	360	it('Should fail with a too small password', async function () {
	361	const fields = {
	362	currentPassword: 'password',
	363	password: 'bla'
	364	}
	365
	366	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	367	})
	368
	369	it('Should fail with a too long password', async function () {
	370	const fields = {
	371	currentPassword: 'password',
	372	password: 'super'.repeat(61)
	373	}
	374
	375	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	376	})
	377
	378	it('Should fail with an non authenticated user', async function () {
	379	const fields = {
	380	videoQuota: 42
	381	}
	382
	383	await makePutBodyRequest({
	384	url: server.url,
	385	path: path + userId,
	386	token: 'super token',
	387	fields,
	388	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	389	})
	390	})
	391
	392	it('Should fail when updating root role', async function () {
	393	const fields = {
	394	role: UserRole.MODERATOR
	395	}
	396
	397	await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
	398	})
	399
	400	it('Should fail with invalid admin flags', async function () {
	401	const fields = { adminFlags: 'toto' }
	402
	403	await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	404	})
	405
	406	it('Should fail to update an admin with a moderator', async function () {
	407	const fields = {
	408	videoQuota: 42
	409	}
	410
	411	await makePutBodyRequest({
	412	url: server.url,
	413	path: path + moderatorId,
	414	token: moderatorToken,
	415	fields,
	416	expectedStatus: HttpStatusCode.FORBIDDEN_403
	417	})
	418	})
	419
	420	it('Should succeed to update a user with a moderator', async function () {
	421	const fields = {
	422	videoQuota: 42
	423	}
	424
	425	await makePutBodyRequest({
	426	url: server.url,
	427	path: path + userId,
	428	token: moderatorToken,
	429	fields,
	430	expectedStatus: HttpStatusCode.NO_CONTENT_204
	431	})
	432	})
	433
	434	it('Should succeed with the correct params', async function () {
	435	const fields = {
	436	email: 'email@example.com',
	437	emailVerified: true,
	438	videoQuota: 42,
	439	role: UserRole.USER
	440	}
	441
	442	await makePutBodyRequest({
	443	url: server.url,
	444	path: path + userId,
	445	token: server.accessToken,
	446	fields,
	447	expectedStatus: HttpStatusCode.NO_CONTENT_204
	448	})
	449	})
	450	})
	451
	452	after(async function () {
	453	MockSmtpServer.Instance.kill()
	454
	455	await cleanupTests([ server ])
	456	})
	457	})