5 files changed, 91 insertions, 36 deletions

diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts
index e4f5c98fe..dd362619d 100644
--- a/server/middlewares/validators/feeds.ts
+++ b/server/middlewares/validators/feeds.ts
@@ -1,21 +1,20 @@
 import * as express from 'express'
 import { param, query } from 'express-validator/check'
-import { doesAccountIdExist, isAccountNameValid, doesAccountNameWithHostExist } from '../../helpers/custom-validators/accounts'
-import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
+import { doesAccountIdExist, doesAccountNameWithHostExist } from '../../helpers/custom-validators/accounts'
+import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
 import { logger } from '../../helpers/logger'
 import { areValidationErrors } from './utils'
 import { isValidRSSFeed } from '../../helpers/custom-validators/feeds'
 import { doesVideoChannelIdExist, doesVideoChannelNameWithHostExist } from '../../helpers/custom-validators/video-channels'
 import { doesVideoExist } from '../../helpers/custom-validators/videos'
-import { isActorPreferredUsernameValid } from '../../helpers/custom-validators/activitypub/actor'
 
 const videoFeedsValidator = [
   param('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'),
   query('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'),
-  query('accountId').optional().custom(isIdOrUUIDValid),
-  query('accountName').optional().custom(isAccountNameValid),
-  query('videoChannelId').optional().custom(isIdOrUUIDValid),
-  query('videoChannelName').optional().custom(isActorPreferredUsernameValid),
+  query('accountId').optional().custom(isIdValid),
+  query('accountName').optional(),
+  query('videoChannelId').optional().custom(isIdValid),
+  query('videoChannelName').optional(),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking feeds parameters', { parameters: req.query })
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 6d8cd7894..ec70fa0fd 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -25,6 +25,9 @@ import { Redis } from '../../lib/redis'
 import { UserModel } from '../../models/account/user'
 import { areValidationErrors } from './utils'
 import { ActorModel } from '../../models/activitypub/actor'
+import { isActorPreferredUsernameValid } from '../../helpers/custom-validators/activitypub/actor'
+import { isVideoChannelNameValid } from '../../helpers/custom-validators/video-channels'
+import { UserRegister } from '../../../shared/models/users/user-register.model'
 
 const usersAddValidator = [
   body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -49,6 +52,16 @@ const usersRegisterValidator = [
   body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
   body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
   body('email').isEmail().withMessage('Should have a valid email'),
+  body('displayName')
+    .optional()
+    .custom(isUserDisplayNameValid).withMessage('Should have a valid display name'),
+
+  body('channel.name')
+    .optional()
+    .custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'),
+  body('channel.displayName')
+    .optional()
+    .custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking usersRegister parameters', { parameters: omit(req.body, 'password') })
@@ -56,6 +69,28 @@ const usersRegisterValidator = [
     if (areValidationErrors(req, res)) return
     if (!await checkUserNameOrEmailDoesNotAlreadyExist(req.body.username, req.body.email, res)) return
 
+    const body: UserRegister = req.body
+    if (body.channel) {
+      if (!body.channel.name || !body.channel.displayName) {
+        return res.status(400)
+          .send({ error: 'Channel is optional but if you specify it, channel.name and channel.displayName are required.' })
+          .end()
+      }
+
+      if (body.channel.name === body.username) {
+        return res.status(400)
+                  .send({ error: 'Channel name cannot be the same than user username.' })
+                  .end()
+      }
+
+      const existing = await ActorModel.loadLocalByName(body.channel.name)
+      if (existing) {
+        return res.status(409)
+                  .send({ error: `Channel with name ${body.channel.name} already exists.` })
+                  .end()
+      }
+    }
+
     return next()
   }
 ]
@@ -142,13 +177,27 @@ const usersUpdateValidator = [
 ]
 
 const usersUpdateMeValidator = [
-  body('displayName').optional().custom(isUserDisplayNameValid).withMessage('Should have a valid display name'),
-  body('description').optional().custom(isUserDescriptionValid).withMessage('Should have a valid description'),
-  body('currentPassword').optional().custom(isUserPasswordValid).withMessage('Should have a valid current password'),
-  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
-  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
-  body('nsfwPolicy').optional().custom(isUserNSFWPolicyValid).withMessage('Should have a valid display Not Safe For Work policy'),
-  body('autoPlayVideo').optional().custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
+  body('displayName')
+    .optional()
+    .custom(isUserDisplayNameValid).withMessage('Should have a valid display name'),
+  body('description')
+    .optional()
+    .custom(isUserDescriptionValid).withMessage('Should have a valid description'),
+  body('currentPassword')
+    .optional()
+    .custom(isUserPasswordValid).withMessage('Should have a valid current password'),
+  body('password')
+    .optional()
+    .custom(isUserPasswordValid).withMessage('Should have a valid password'),
+  body('email')
+    .optional()
+    .isEmail().withMessage('Should have a valid email attribute'),
+  body('nsfwPolicy')
+    .optional()
+    .custom(isUserNSFWPolicyValid).withMessage('Should have a valid display Not Safe For Work policy'),
+  body('autoPlayVideo')
+    .optional()
+    .custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
   body('videosHistoryEnabled')
     .optional()
     .custom(isUserVideosHistoryEnabledValid).withMessage('Should have a valid videos history enabled attribute'),
@@ -156,7 +205,7 @@ const usersUpdateMeValidator = [
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
 
-    if (req.body.password) {
+    if (req.body.password || req.body.email) {
       if (!req.body.currentPassword) {
         return res.status(400)
                   .send({ error: 'currentPassword parameter is missing.' })
@@ -293,8 +342,14 @@ const usersAskSendVerifyEmailValidator = [
 ]
 
 const usersVerifyEmailValidator = [
-  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
-  body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),
+  param('id')
+    .isInt().not().isEmpty().withMessage('Should have a valid id'),
+
+  body('verificationString')
+    .not().isEmpty().withMessage('Should have a valid verification string'),
+  body('isPendingEmail')
+    .optional()
+    .toBoolean(),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking usersVerifyEmail parameters', { parameters: req.params })
diff --git a/server/middlewares/validators/videos/video-channels.ts b/server/middlewares/validators/videos/video-channels.ts
index 4b26f0bc4..f5a59cacb 100644
--- a/server/middlewares/validators/videos/video-channels.ts
+++ b/server/middlewares/validators/videos/video-channels.ts
@@ -14,6 +14,7 @@ import { VideoChannelModel } from '../../../models/video/video-channel'
 import { areValidationErrors } from '../utils'
 import { isActorPreferredUsernameValid } from '../../../helpers/custom-validators/activitypub/actor'
 import { ActorModel } from '../../../models/activitypub/actor'
+import { isBooleanValid } from '../../../helpers/custom-validators/misc'
 
 const videoChannelsAddValidator = [
   body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'),
@@ -40,9 +41,18 @@ const videoChannelsAddValidator = [
 
 const videoChannelsUpdateValidator = [
   param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
-  body('displayName').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
-  body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
-  body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
+  body('displayName')
+    .optional()
+    .custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
+  body('description')
+    .optional()
+    .custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
+  body('support')
+    .optional()
+    .custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
+  body('bulkVideosSupportUpdate')
+    .optional()
+    .custom(isBooleanValid).withMessage('Should have a valid bulkVideosSupportUpdate boolean field'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index f68eeeeb3..9c88dd291 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -24,6 +24,9 @@ import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/
 import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
 
 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
+  body('displayName')
+    .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
+
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
 
@@ -46,6 +49,10 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
   param('playlistId')
     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 
+  body('displayName')
+    .optional()
+    .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
+
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
 
@@ -61,12 +68,6 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
 
     const body: VideoPlaylistUpdate = req.body
 
-    if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) {
-      cleanUpReqFiles(req)
-      return res.status(400)
-                .json({ error: 'Cannot set "private" a video playlist that was not private.' })
-    }
-
     const newPrivacy = body.privacy || videoPlaylist.privacy
     if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
       (
@@ -368,8 +369,6 @@ function getCommonPlaylistEditAttributes () {
       + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
     ),
 
-    body('displayName')
-      .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
     body('description')
       .optional()
       .customSanitizer(toValueOrNull)
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 2b01f108d..b1c05ab2d 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -111,18 +111,10 @@ const videosUpdateValidator = getCommonVideoEditAttributes().concat([
     if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
     if (!await doesVideoExist(req.params.id, res)) return cleanUpReqFiles(req)
 
-    const video = res.locals.video
-
     // Check if the user who did the request is able to update the video
     const user = res.locals.oauth.token.User
     if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req)
 
-    if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
-      cleanUpReqFiles(req)
-      return res.status(409)
-        .json({ error: 'Cannot set "private" a video that was not private.' })
-    }
-
     if (req.body.channelId && !await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
 
     return next()