aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api/check-params/users-admin.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/tests/api/check-params/users-admin.ts')
-rw-r--r--server/tests/api/check-params/users-admin.ts477
1 files changed, 477 insertions, 0 deletions
diff --git a/server/tests/api/check-params/users-admin.ts b/server/tests/api/check-params/users-admin.ts
new file mode 100644
index 000000000..f71414a6b
--- /dev/null
+++ b/server/tests/api/check-params/users-admin.ts
@@ -0,0 +1,477 @@
1/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2
3import 'mocha'
4import { omit } from 'lodash'
5import {
6 checkBadCountPagination,
7 checkBadSortPagination,
8 checkBadStartPagination,
9 cleanupTests,
10 createSingleServer,
11 killallServers,
12 makeGetRequest,
13 makePostBodyRequest,
14 makePutBodyRequest,
15 MockSmtpServer,
16 PeerTubeServer,
17 setAccessTokensToServers
18} from '@shared/extra-utils'
19import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models'
20
21describe('Test users admin API validators', function () {
22 const path = '/api/v1/users/'
23 let userId: number
24 let rootId: number
25 let moderatorId: number
26 let server: PeerTubeServer
27 let userToken = ''
28 let moderatorToken = ''
29 let emailPort: number
30
31 // ---------------------------------------------------------------
32
33 before(async function () {
34 this.timeout(30000)
35
36 const emails: object[] = []
37 emailPort = await MockSmtpServer.Instance.collectEmails(emails)
38
39 {
40 server = await createSingleServer(1)
41
42 await setAccessTokensToServers([ server ])
43 }
44
45 {
46 const result = await server.users.generate('user1')
47 userToken = result.token
48 userId = result.userId
49 }
50
51 {
52 const result = await server.users.generate('moderator1', UserRole.MODERATOR)
53 moderatorToken = result.token
54 }
55
56 {
57 const result = await server.users.generate('moderator2', UserRole.MODERATOR)
58 moderatorId = result.userId
59 }
60 })
61
62 describe('When listing users', function () {
63 it('Should fail with a bad start pagination', async function () {
64 await checkBadStartPagination(server.url, path, server.accessToken)
65 })
66
67 it('Should fail with a bad count pagination', async function () {
68 await checkBadCountPagination(server.url, path, server.accessToken)
69 })
70
71 it('Should fail with an incorrect sort', async function () {
72 await checkBadSortPagination(server.url, path, server.accessToken)
73 })
74
75 it('Should fail with a non authenticated user', async function () {
76 await makeGetRequest({
77 url: server.url,
78 path,
79 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
80 })
81 })
82
83 it('Should fail with a non admin user', async function () {
84 await makeGetRequest({
85 url: server.url,
86 path,
87 token: userToken,
88 expectedStatus: HttpStatusCode.FORBIDDEN_403
89 })
90 })
91 })
92
93 describe('When adding a new user', function () {
94 const baseCorrectParams = {
95 username: 'user2',
96 email: 'test@example.com',
97 password: 'my super password',
98 videoQuota: -1,
99 videoQuotaDaily: -1,
100 role: UserRole.USER,
101 adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
102 }
103
104 it('Should fail with a too small username', async function () {
105 const fields = { ...baseCorrectParams, username: '' }
106
107 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
108 })
109
110 it('Should fail with a too long username', async function () {
111 const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
112
113 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
114 })
115
116 it('Should fail with a not lowercase username', async function () {
117 const fields = { ...baseCorrectParams, username: 'Toto' }
118
119 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
120 })
121
122 it('Should fail with an incorrect username', async function () {
123 const fields = { ...baseCorrectParams, username: 'my username' }
124
125 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
126 })
127
128 it('Should fail with a missing email', async function () {
129 const fields = omit(baseCorrectParams, 'email')
130
131 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
132 })
133
134 it('Should fail with an invalid email', async function () {
135 const fields = { ...baseCorrectParams, email: 'test_example.com' }
136
137 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
138 })
139
140 it('Should fail with a too small password', async function () {
141 const fields = { ...baseCorrectParams, password: 'bla' }
142
143 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
144 })
145
146 it('Should fail with a too long password', async function () {
147 const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
148
149 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
150 })
151
152 it('Should fail with empty password and no smtp configured', async function () {
153 const fields = { ...baseCorrectParams, password: '' }
154
155 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
156 })
157
158 it('Should succeed with no password on a server with smtp enabled', async function () {
159 this.timeout(20000)
160
161 await killallServers([ server ])
162
163 const config = {
164 smtp: {
165 hostname: 'localhost',
166 port: emailPort
167 }
168 }
169 await server.run(config)
170
171 const fields = {
172 ...baseCorrectParams,
173
174 password: '',
175 username: 'create_password',
176 email: 'create_password@example.com'
177 }
178
179 await makePostBodyRequest({
180 url: server.url,
181 path: path,
182 token: server.accessToken,
183 fields,
184 expectedStatus: HttpStatusCode.OK_200
185 })
186 })
187
188 it('Should fail with invalid admin flags', async function () {
189 const fields = { ...baseCorrectParams, adminFlags: 'toto' }
190
191 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
192 })
193
194 it('Should fail with an non authenticated user', async function () {
195 await makePostBodyRequest({
196 url: server.url,
197 path,
198 token: 'super token',
199 fields: baseCorrectParams,
200 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
201 })
202 })
203
204 it('Should fail if we add a user with the same username', async function () {
205 const fields = { ...baseCorrectParams, username: 'user1' }
206
207 await makePostBodyRequest({
208 url: server.url,
209 path,
210 token: server.accessToken,
211 fields,
212 expectedStatus: HttpStatusCode.CONFLICT_409
213 })
214 })
215
216 it('Should fail if we add a user with the same email', async function () {
217 const fields = { ...baseCorrectParams, email: 'user1@example.com' }
218
219 await makePostBodyRequest({
220 url: server.url,
221 path,
222 token: server.accessToken,
223 fields,
224 expectedStatus: HttpStatusCode.CONFLICT_409
225 })
226 })
227
228 it('Should fail without a videoQuota', async function () {
229 const fields = omit(baseCorrectParams, 'videoQuota')
230
231 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
232 })
233
234 it('Should fail without a videoQuotaDaily', async function () {
235 const fields = omit(baseCorrectParams, 'videoQuotaDaily')
236
237 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
238 })
239
240 it('Should fail with an invalid videoQuota', async function () {
241 const fields = { ...baseCorrectParams, videoQuota: -5 }
242
243 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
244 })
245
246 it('Should fail with an invalid videoQuotaDaily', async function () {
247 const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
248
249 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
250 })
251
252 it('Should fail without a user role', async function () {
253 const fields = omit(baseCorrectParams, 'role')
254
255 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
256 })
257
258 it('Should fail with an invalid user role', async function () {
259 const fields = { ...baseCorrectParams, role: 88989 }
260
261 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
262 })
263
264 it('Should fail with a "peertube" username', async function () {
265 const fields = { ...baseCorrectParams, username: 'peertube' }
266
267 await makePostBodyRequest({
268 url: server.url,
269 path,
270 token: server.accessToken,
271 fields,
272 expectedStatus: HttpStatusCode.CONFLICT_409
273 })
274 })
275
276 it('Should fail to create a moderator or an admin with a moderator', async function () {
277 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
278 const fields = { ...baseCorrectParams, role }
279
280 await makePostBodyRequest({
281 url: server.url,
282 path,
283 token: moderatorToken,
284 fields,
285 expectedStatus: HttpStatusCode.FORBIDDEN_403
286 })
287 }
288 })
289
290 it('Should succeed to create a user with a moderator', async function () {
291 const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
292
293 await makePostBodyRequest({
294 url: server.url,
295 path,
296 token: moderatorToken,
297 fields,
298 expectedStatus: HttpStatusCode.OK_200
299 })
300 })
301
302 it('Should succeed with the correct params', async function () {
303 await makePostBodyRequest({
304 url: server.url,
305 path,
306 token: server.accessToken,
307 fields: baseCorrectParams,
308 expectedStatus: HttpStatusCode.OK_200
309 })
310 })
311
312 it('Should fail with a non admin user', async function () {
313 const user = { username: 'user1' }
314 userToken = await server.login.getAccessToken(user)
315
316 const fields = {
317 username: 'user3',
318 email: 'test@example.com',
319 password: 'my super password',
320 videoQuota: 42000000
321 }
322 await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
323 })
324 })
325
326 describe('When getting a user', function () {
327
328 it('Should fail with an non authenticated user', async function () {
329 await makeGetRequest({
330 url: server.url,
331 path: path + userId,
332 token: 'super token',
333 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
334 })
335 })
336
337 it('Should fail with a non admin user', async function () {
338 await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
339 })
340
341 it('Should succeed with the correct params', async function () {
342 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
343 })
344 })
345
346 describe('When updating a user', function () {
347
348 it('Should fail with an invalid email attribute', async function () {
349 const fields = {
350 email: 'blabla'
351 }
352
353 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
354 })
355
356 it('Should fail with an invalid emailVerified attribute', async function () {
357 const fields = {
358 emailVerified: 'yes'
359 }
360
361 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
362 })
363
364 it('Should fail with an invalid videoQuota attribute', async function () {
365 const fields = {
366 videoQuota: -90
367 }
368
369 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
370 })
371
372 it('Should fail with an invalid user role attribute', async function () {
373 const fields = {
374 role: 54878
375 }
376
377 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
378 })
379
380 it('Should fail with a too small password', async function () {
381 const fields = {
382 currentPassword: 'password',
383 password: 'bla'
384 }
385
386 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
387 })
388
389 it('Should fail with a too long password', async function () {
390 const fields = {
391 currentPassword: 'password',
392 password: 'super'.repeat(61)
393 }
394
395 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
396 })
397
398 it('Should fail with an non authenticated user', async function () {
399 const fields = {
400 videoQuota: 42
401 }
402
403 await makePutBodyRequest({
404 url: server.url,
405 path: path + userId,
406 token: 'super token',
407 fields,
408 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
409 })
410 })
411
412 it('Should fail when updating root role', async function () {
413 const fields = {
414 role: UserRole.MODERATOR
415 }
416
417 await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
418 })
419
420 it('Should fail with invalid admin flags', async function () {
421 const fields = { adminFlags: 'toto' }
422
423 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
424 })
425
426 it('Should fail to update an admin with a moderator', async function () {
427 const fields = {
428 videoQuota: 42
429 }
430
431 await makePutBodyRequest({
432 url: server.url,
433 path: path + moderatorId,
434 token: moderatorToken,
435 fields,
436 expectedStatus: HttpStatusCode.FORBIDDEN_403
437 })
438 })
439
440 it('Should succeed to update a user with a moderator', async function () {
441 const fields = {
442 videoQuota: 42
443 }
444
445 await makePutBodyRequest({
446 url: server.url,
447 path: path + userId,
448 token: moderatorToken,
449 fields,
450 expectedStatus: HttpStatusCode.NO_CONTENT_204
451 })
452 })
453
454 it('Should succeed with the correct params', async function () {
455 const fields = {
456 email: 'email@example.com',
457 emailVerified: true,
458 videoQuota: 42,
459 role: UserRole.USER
460 }
461
462 await makePutBodyRequest({
463 url: server.url,
464 path: path + userId,
465 token: server.accessToken,
466 fields,
467 expectedStatus: HttpStatusCode.NO_CONTENT_204
468 })
469 })
470 })
471
472 after(async function () {
473 MockSmtpServer.Instance.kill()
474
475 await cleanupTests([ server ])
476 })
477})