1 files changed, 165 insertions, 0 deletions
diff --git a/packages/tests/src/api/users/users-email-verification.ts b/packages/tests/src/api/users/users-email-verification.ts
new file mode 100644
index 000000000..689e3c4bb
--- /dev/null
+++ b/packages/tests/src/api/users/users-email-verification.ts
@@ -0,0 +1,165 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import { expect } from 'chai'
+import { MockSmtpServer } from '@tests/shared/mock-servers/index.js'
+import { HttpStatusCode } from '@peertube/peertube-models'
+import {
+  cleanupTests,
+  ConfigCommand,
+  createSingleServer,
+  PeerTubeServer,
+  setAccessTokensToServers,
+  waitJobs
+} from '@peertube/peertube-server-commands'
+describe('Test users email verification', function () {
+  let server: PeerTubeServer
+  let userId: number
+  let userAccessToken: string
+  let verificationString: string
+  let expectedEmailsLength = 0
+  const user1 = {
+    username: 'user_1',
+    password: 'super password'
+  }
+  const user2 = {
+    username: 'user_2',
+    password: 'super password'
+  }
+  const emails: object[] = []
+  before(async function () {
+    this.timeout(30000)
+    const port = await MockSmtpServer.Instance.collectEmails(emails)
+    server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(port))
+    await setAccessTokensToServers([ server ])
+  })
+  it('Should register user and send verification email if verification required', async function () {
+    this.timeout(30000)
+    await server.config.updateExistingSubConfig({
+      newConfig: {
+        signup: {
+          enabled: true,
+          requiresApproval: false,
+          requiresEmailVerification: true,
+          limit: 10
+        }
+      }
+    })
+    await server.registrations.register(user1)
+    await waitJobs(server)
+    expectedEmailsLength++
+    expect(emails).to.have.lengthOf(expectedEmailsLength)
+    const email = emails[expectedEmailsLength - 1]
+    const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
+    expect(verificationStringMatches).not.to.be.null
+    verificationString = verificationStringMatches[1]
+    expect(verificationString).to.have.length.above(2)
+    const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
+    expect(userIdMatches).not.to.be.null
+    userId = parseInt(userIdMatches[1], 10)
+    const body = await server.users.get({ userId })
+    expect(body.emailVerified).to.be.false
+  })
+  it('Should not allow login for user with unverified email', async function () {
+    const { detail } = await server.login.login({ user: user1, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    expect(detail).to.contain('User email is not verified.')
+  })
+  it('Should verify the user via email and allow login', async function () {
+    await server.users.verifyEmail({ userId, verificationString })
+    const body = await server.login.login({ user: user1 })
+    userAccessToken = body.access_token
+    const user = await server.users.get({ userId })
+    expect(user.emailVerified).to.be.true
+  })
+  it('Should be able to change the user email', async function () {
+    let updateVerificationString: string
+    {
+      await server.users.updateMe({
+        token: userAccessToken,
+        email: 'updated@example.com',
+        currentPassword: user1.password
+      })
+      await waitJobs(server)
+      expectedEmailsLength++
+      expect(emails).to.have.lengthOf(expectedEmailsLength)
+      const email = emails[expectedEmailsLength - 1]
+      const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
+      updateVerificationString = verificationStringMatches[1]
+    }
+    {
+      const me = await server.users.getMyInfo({ token: userAccessToken })
+      expect(me.email).to.equal('user_1@example.com')
+      expect(me.pendingEmail).to.equal('updated@example.com')
+    }
+    {
+      await server.users.verifyEmail({ userId, verificationString: updateVerificationString, isPendingEmail: true })
+      const me = await server.users.getMyInfo({ token: userAccessToken })
+      expect(me.email).to.equal('updated@example.com')
+      expect(me.pendingEmail).to.be.null
+    }
+  })
+  it('Should register user not requiring email verification if setting not enabled', async function () {
+    this.timeout(5000)
+    await server.config.updateExistingSubConfig({
+      newConfig: {
+        signup: {
+          requiresEmailVerification: false
+        }
+      }
+    })
+    await server.registrations.register(user2)
+    await waitJobs(server)
+    expect(emails).to.have.lengthOf(expectedEmailsLength)
+    const accessToken = await server.login.getAccessToken(user2)
+    const user = await server.users.getMyInfo({ token: accessToken })
+    expect(user.emailVerified).to.be.null
+  })
+  it('Should allow login for user with unverified email when setting later enabled', async function () {
+    await server.config.updateCustomSubConfig({
+      newConfig: {
+        signup: {
+          requiresEmailVerification: true
+        }
+      }
+    })
+    await server.login.getAccessToken(user2)
+  })
+  after(async function () {
+    MockSmtpServer.Instance.kill()
+    await cleanupTests([ server ])
+  })
+})

diff --git a/packages/tests/src/api/users/users-email-verification.ts b/packages/tests/src/api/users/users-email-verification.ts new file mode 100644 index 000000000..689e3c4bb --- /dev/null +++ b/packages/tests/src/api/users/users-email-verification.ts
@@ -0,0 +1,165 @@
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import { expect } from 'chai'
	4	import { MockSmtpServer } from '@tests/shared/mock-servers/index.js'
	5	import { HttpStatusCode } from '@peertube/peertube-models'
	6	import {
	7	cleanupTests,
	8	ConfigCommand,
	9	createSingleServer,
	10	PeerTubeServer,
	11	setAccessTokensToServers,
	12	waitJobs
	13	} from '@peertube/peertube-server-commands'
	14
	15	describe('Test users email verification', function () {
	16	let server: PeerTubeServer
	17	let userId: number
	18	let userAccessToken: string
	19	let verificationString: string
	20	let expectedEmailsLength = 0
	21	const user1 = {
	22	username: 'user_1',
	23	password: 'super password'
	24	}
	25	const user2 = {
	26	username: 'user_2',
	27	password: 'super password'
	28	}
	29	const emails: object[] = []
	30
	31	before(async function () {
	32	this.timeout(30000)
	33
	34	const port = await MockSmtpServer.Instance.collectEmails(emails)
	35	server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(port))
	36
	37	await setAccessTokensToServers([ server ])
	38	})
	39
	40	it('Should register user and send verification email if verification required', async function () {
	41	this.timeout(30000)
	42
	43	await server.config.updateExistingSubConfig({
	44	newConfig: {
	45	signup: {
	46	enabled: true,
	47	requiresApproval: false,
	48	requiresEmailVerification: true,
	49	limit: 10
	50	}
	51	}
	52	})
	53
	54	await server.registrations.register(user1)
	55
	56	await waitJobs(server)
	57	expectedEmailsLength++
	58	expect(emails).to.have.lengthOf(expectedEmailsLength)
	59
	60	const email = emails[expectedEmailsLength - 1]
	61
	62	const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
	63	expect(verificationStringMatches).not.to.be.null
	64
	65	verificationString = verificationStringMatches[1]
	66	expect(verificationString).to.have.length.above(2)
	67
	68	const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
	69	expect(userIdMatches).not.to.be.null
	70
	71	userId = parseInt(userIdMatches[1], 10)
	72
	73	const body = await server.users.get({ userId })
	74	expect(body.emailVerified).to.be.false
	75	})
	76
	77	it('Should not allow login for user with unverified email', async function () {
	78	const { detail } = await server.login.login({ user: user1, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	79	expect(detail).to.contain('User email is not verified.')
	80	})
	81
	82	it('Should verify the user via email and allow login', async function () {
	83	await server.users.verifyEmail({ userId, verificationString })
	84
	85	const body = await server.login.login({ user: user1 })
	86	userAccessToken = body.access_token
	87
	88	const user = await server.users.get({ userId })
	89	expect(user.emailVerified).to.be.true
	90	})
	91
	92	it('Should be able to change the user email', async function () {
	93	let updateVerificationString: string
	94
	95	{
	96	await server.users.updateMe({
	97	token: userAccessToken,
	98	email: 'updated@example.com',
	99	currentPassword: user1.password
	100	})
	101
	102	await waitJobs(server)
	103	expectedEmailsLength++
	104	expect(emails).to.have.lengthOf(expectedEmailsLength)
	105
	106	const email = emails[expectedEmailsLength - 1]
	107
	108	const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
	109	updateVerificationString = verificationStringMatches[1]
	110	}
	111
	112	{
	113	const me = await server.users.getMyInfo({ token: userAccessToken })
	114	expect(me.email).to.equal('user_1@example.com')
	115	expect(me.pendingEmail).to.equal('updated@example.com')
	116	}
	117
	118	{
	119	await server.users.verifyEmail({ userId, verificationString: updateVerificationString, isPendingEmail: true })
	120
	121	const me = await server.users.getMyInfo({ token: userAccessToken })
	122	expect(me.email).to.equal('updated@example.com')
	123	expect(me.pendingEmail).to.be.null
	124	}
	125	})
	126
	127	it('Should register user not requiring email verification if setting not enabled', async function () {
	128	this.timeout(5000)
	129	await server.config.updateExistingSubConfig({
	130	newConfig: {
	131	signup: {
	132	requiresEmailVerification: false
	133	}
	134	}
	135	})
	136
	137	await server.registrations.register(user2)
	138
	139	await waitJobs(server)
	140	expect(emails).to.have.lengthOf(expectedEmailsLength)
	141
	142	const accessToken = await server.login.getAccessToken(user2)
	143
	144	const user = await server.users.getMyInfo({ token: accessToken })
	145	expect(user.emailVerified).to.be.null
	146	})
	147
	148	it('Should allow login for user with unverified email when setting later enabled', async function () {
	149	await server.config.updateCustomSubConfig({
	150	newConfig: {
	151	signup: {
	152	requiresEmailVerification: true
	153	}
	154	}
	155	})
	156
	157	await server.login.getAccessToken(user2)
	158	})
	159
	160	after(async function () {
	161	MockSmtpServer.Instance.kill()
	162
	163	await cleanupTests([ server ])
	164	})
	165	})