1 files changed, 477 insertions, 0 deletions
diff --git a/server/tests/api/check-params/users-admin.ts b/server/tests/api/check-params/users-admin.ts
new file mode 100644
index 000000000..f71414a6b
--- /dev/null
+++ b/server/tests/api/check-params/users-admin.ts
@@ -0,0 +1,477 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import 'mocha'
+import { omit } from 'lodash'
+import {
+  checkBadCountPagination,
+  checkBadSortPagination,
+  checkBadStartPagination,
+  cleanupTests,
+  createSingleServer,
+  killallServers,
+  makeGetRequest,
+  makePostBodyRequest,
+  makePutBodyRequest,
+  MockSmtpServer,
+  PeerTubeServer,
+  setAccessTokensToServers
+} from '@shared/extra-utils'
+import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models'
+describe('Test users admin API validators', function () {
+  const path = '/api/v1/users/'
+  let userId: number
+  let rootId: number
+  let moderatorId: number
+  let server: PeerTubeServer
+  let userToken = ''
+  let moderatorToken = ''
+  let emailPort: number
+  // ---------------------------------------------------------------
+  before(async function () {
+    this.timeout(30000)
+    const emails: object[] = []
+    emailPort = await MockSmtpServer.Instance.collectEmails(emails)
+    {
+      server = await createSingleServer(1)
+      await setAccessTokensToServers([ server ])
+    }
+    {
+      const result = await server.users.generate('user1')
+      userToken = result.token
+      userId = result.userId
+    }
+    {
+      const result = await server.users.generate('moderator1', UserRole.MODERATOR)
+      moderatorToken = result.token
+    }
+    {
+      const result = await server.users.generate('moderator2', UserRole.MODERATOR)
+      moderatorId = result.userId
+    }
+  })
+  describe('When listing users', function () {
+    it('Should fail with a bad start pagination', async function () {
+      await checkBadStartPagination(server.url, path, server.accessToken)
+    })
+    it('Should fail with a bad count pagination', async function () {
+      await checkBadCountPagination(server.url, path, server.accessToken)
+    })
+    it('Should fail with an incorrect sort', async function () {
+      await checkBadSortPagination(server.url, path, server.accessToken)
+    })
+    it('Should fail with a non authenticated user', async function () {
+      await makeGetRequest({
+        url: server.url,
+        path,
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail with a non admin user', async function () {
+      await makeGetRequest({
+        url: server.url,
+        path,
+        token: userToken,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
+  })
+  describe('When adding a new user', function () {
+    const baseCorrectParams = {
+      username: 'user2',
+      email: 'test@example.com',
+      password: 'my super password',
+      videoQuota: -1,
+      videoQuotaDaily: -1,
+      role: UserRole.USER,
+      adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
+    }
+    it('Should fail with a too small username', async function () {
+      const fields = { ...baseCorrectParams, username: '' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a too long username', async function () {
+      const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a not lowercase username', async function () {
+      const fields = { ...baseCorrectParams, username: 'Toto' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an incorrect username', async function () {
+      const fields = { ...baseCorrectParams, username: 'my username' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a missing email', async function () {
+      const fields = omit(baseCorrectParams, 'email')
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid email', async function () {
+      const fields = { ...baseCorrectParams, email: 'test_example.com' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a too small password', async function () {
+      const fields = { ...baseCorrectParams, password: 'bla' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a too long password', async function () {
+      const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with empty password and no smtp configured', async function () {
+      const fields = { ...baseCorrectParams, password: '' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should succeed with no password on a server with smtp enabled', async function () {
+      this.timeout(20000)
+      await killallServers([ server ])
+      const config = {
+        smtp: {
+          hostname: 'localhost',
+          port: emailPort
+        }
+      }
+      await server.run(config)
+      const fields = {
+        ...baseCorrectParams,
+        password: '',
+        username: 'create_password',
+        email: 'create_password@example.com'
+      }
+      await makePostBodyRequest({
+        url: server.url,
+        path: path,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.OK_200
+      })
+    })
+    it('Should fail with invalid admin flags', async function () {
+      const fields = { ...baseCorrectParams, adminFlags: 'toto' }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an non authenticated user', async function () {
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: 'super token',
+        fields: baseCorrectParams,
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail if we add a user with the same username', async function () {
+      const fields = { ...baseCorrectParams, username: 'user1' }
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.CONFLICT_409
+      })
+    })
+    it('Should fail if we add a user with the same email', async function () {
+      const fields = { ...baseCorrectParams, email: 'user1@example.com' }
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.CONFLICT_409
+      })
+    })
+    it('Should fail without a videoQuota', async function () {
+      const fields = omit(baseCorrectParams, 'videoQuota')
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail without a videoQuotaDaily', async function () {
+      const fields = omit(baseCorrectParams, 'videoQuotaDaily')
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid videoQuota', async function () {
+      const fields = { ...baseCorrectParams, videoQuota: -5 }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid videoQuotaDaily', async function () {
+      const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail without a user role', async function () {
+      const fields = omit(baseCorrectParams, 'role')
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid user role', async function () {
+      const fields = { ...baseCorrectParams, role: 88989 }
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail with a "peertube" username', async function () {
+      const fields = { ...baseCorrectParams, username: 'peertube' }
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.CONFLICT_409
+      })
+    })
+    it('Should fail to create a moderator or an admin with a moderator', async function () {
+      for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
+        const fields = { ...baseCorrectParams, role }
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          token: moderatorToken,
+          fields,
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      }
+    })
+    it('Should succeed to create a user with a moderator', async function () {
+      const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: moderatorToken,
+        fields,
+        expectedStatus: HttpStatusCode.OK_200
+      })
+    })
+    it('Should succeed with the correct params', async function () {
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        token: server.accessToken,
+        fields: baseCorrectParams,
+        expectedStatus: HttpStatusCode.OK_200
+      })
+    })
+    it('Should fail with a non admin user', async function () {
+      const user = { username: 'user1' }
+      userToken = await server.login.getAccessToken(user)
+      const fields = {
+        username: 'user3',
+        email: 'test@example.com',
+        password: 'my super password',
+        videoQuota: 42000000
+      }
+      await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    })
+  })
+  describe('When getting a user', function () {
+    it('Should fail with an non authenticated user', async function () {
+      await makeGetRequest({
+        url: server.url,
+        path: path + userId,
+        token: 'super token',
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail with a non admin user', async function () {
+      await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    })
+    it('Should succeed with the correct params', async function () {
+      await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
+    })
+  })
+  describe('When updating a user', function () {
+    it('Should fail with an invalid email attribute', async function () {
+      const fields = {
+        email: 'blabla'
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid emailVerified attribute', async function () {
+      const fields = {
+        emailVerified: 'yes'
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid videoQuota attribute', async function () {
+      const fields = {
+        videoQuota: -90
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with an invalid user role attribute', async function () {
+      const fields = {
+        role: 54878
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with a too small password', async function () {
+      const fields = {
+        currentPassword: 'password',
+        password: 'bla'
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with a too long password', async function () {
+      const fields = {
+        currentPassword: 'password',
+        password: 'super'.repeat(61)
+      }
+      await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+    })
+    it('Should fail with an non authenticated user', async function () {
+      const fields = {
+        videoQuota: 42
+      }
+      await makePutBodyRequest({
+        url: server.url,
+        path: path + userId,
+        token: 'super token',
+        fields,
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail when updating root role', async function () {
+      const fields = {
+        role: UserRole.MODERATOR
+      }
+      await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
+    })
+    it('Should fail with invalid admin flags', async function () {
+      const fields = { adminFlags: 'toto' }
+      await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+    it('Should fail to update an admin with a moderator', async function () {
+      const fields = {
+        videoQuota: 42
+      }
+      await makePutBodyRequest({
+        url: server.url,
+        path: path + moderatorId,
+        token: moderatorToken,
+        fields,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
+    it('Should succeed to update a user with a moderator', async function () {
+      const fields = {
+        videoQuota: 42
+      }
+      await makePutBodyRequest({
+        url: server.url,
+        path: path + userId,
+        token: moderatorToken,
+        fields,
+        expectedStatus: HttpStatusCode.NO_CONTENT_204
+      })
+    })
+    it('Should succeed with the correct params', async function () {
+      const fields = {
+        email: 'email@example.com',
+        emailVerified: true,
+        videoQuota: 42,
+        role: UserRole.USER
+      }
+      await makePutBodyRequest({
+        url: server.url,
+        path: path + userId,
+        token: server.accessToken,
+        fields,
+        expectedStatus: HttpStatusCode.NO_CONTENT_204
+      })
+    })
+  })
+  after(async function () {
+    MockSmtpServer.Instance.kill()
+    await cleanupTests([ server ])
+  })
+})

diff --git a/server/tests/api/check-params/users-admin.ts b/server/tests/api/check-params/users-admin.ts new file mode 100644 index 000000000..f71414a6b --- /dev/null +++ b/server/tests/api/check-params/users-admin.ts
@@ -0,0 +1,477 @@
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import 'mocha'
	4	import { omit } from 'lodash'
	5	import {
	6	checkBadCountPagination,
	7	checkBadSortPagination,
	8	checkBadStartPagination,
	9	cleanupTests,
	10	createSingleServer,
	11	killallServers,
	12	makeGetRequest,
	13	makePostBodyRequest,
	14	makePutBodyRequest,
	15	MockSmtpServer,
	16	PeerTubeServer,
	17	setAccessTokensToServers
	18	} from '@shared/extra-utils'
	19	import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models'
	20
	21	describe('Test users admin API validators', function () {
	22	const path = '/api/v1/users/'
	23	let userId: number
	24	let rootId: number
	25	let moderatorId: number
	26	let server: PeerTubeServer
	27	let userToken = ''
	28	let moderatorToken = ''
	29	let emailPort: number
	30
	31	// ---------------------------------------------------------------
	32
	33	before(async function () {
	34	this.timeout(30000)
	35
	36	const emails: object[] = []
	37	emailPort = await MockSmtpServer.Instance.collectEmails(emails)
	38
	39	{
	40	server = await createSingleServer(1)
	41
	42	await setAccessTokensToServers([ server ])
	43	}
	44
	45	{
	46	const result = await server.users.generate('user1')
	47	userToken = result.token
	48	userId = result.userId
	49	}
	50
	51	{
	52	const result = await server.users.generate('moderator1', UserRole.MODERATOR)
	53	moderatorToken = result.token
	54	}
	55
	56	{
	57	const result = await server.users.generate('moderator2', UserRole.MODERATOR)
	58	moderatorId = result.userId
	59	}
	60	})
	61
	62	describe('When listing users', function () {
	63	it('Should fail with a bad start pagination', async function () {
	64	await checkBadStartPagination(server.url, path, server.accessToken)
	65	})
	66
	67	it('Should fail with a bad count pagination', async function () {
	68	await checkBadCountPagination(server.url, path, server.accessToken)
	69	})
	70
	71	it('Should fail with an incorrect sort', async function () {
	72	await checkBadSortPagination(server.url, path, server.accessToken)
	73	})
	74
	75	it('Should fail with a non authenticated user', async function () {
	76	await makeGetRequest({
	77	url: server.url,
	78	path,
	79	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	80	})
	81	})
	82
	83	it('Should fail with a non admin user', async function () {
	84	await makeGetRequest({
	85	url: server.url,
	86	path,
	87	token: userToken,
	88	expectedStatus: HttpStatusCode.FORBIDDEN_403
	89	})
	90	})
	91	})
	92
	93	describe('When adding a new user', function () {
	94	const baseCorrectParams = {
	95	username: 'user2',
	96	email: 'test@example.com',
	97	password: 'my super password',
	98	videoQuota: -1,
	99	videoQuotaDaily: -1,
	100	role: UserRole.USER,
	101	adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST
	102	}
	103
	104	it('Should fail with a too small username', async function () {
	105	const fields = { ...baseCorrectParams, username: '' }
	106
	107	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	108	})
	109
	110	it('Should fail with a too long username', async function () {
	111	const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
	112
	113	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	114	})
	115
	116	it('Should fail with a not lowercase username', async function () {
	117	const fields = { ...baseCorrectParams, username: 'Toto' }
	118
	119	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	120	})
	121
	122	it('Should fail with an incorrect username', async function () {
	123	const fields = { ...baseCorrectParams, username: 'my username' }
	124
	125	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	126	})
	127
	128	it('Should fail with a missing email', async function () {
	129	const fields = omit(baseCorrectParams, 'email')
	130
	131	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	132	})
	133
	134	it('Should fail with an invalid email', async function () {
	135	const fields = { ...baseCorrectParams, email: 'test_example.com' }
	136
	137	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	138	})
	139
	140	it('Should fail with a too small password', async function () {
	141	const fields = { ...baseCorrectParams, password: 'bla' }
	142
	143	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	144	})
	145
	146	it('Should fail with a too long password', async function () {
	147	const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
	148
	149	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	150	})
	151
	152	it('Should fail with empty password and no smtp configured', async function () {
	153	const fields = { ...baseCorrectParams, password: '' }
	154
	155	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	156	})
	157
	158	it('Should succeed with no password on a server with smtp enabled', async function () {
	159	this.timeout(20000)
	160
	161	await killallServers([ server ])
	162
	163	const config = {
	164	smtp: {
	165	hostname: 'localhost',
	166	port: emailPort
	167	}
	168	}
	169	await server.run(config)
	170
	171	const fields = {
	172	...baseCorrectParams,
	173
	174	password: '',
	175	username: 'create_password',
	176	email: 'create_password@example.com'
	177	}
	178
	179	await makePostBodyRequest({
	180	url: server.url,
	181	path: path,
	182	token: server.accessToken,
	183	fields,
	184	expectedStatus: HttpStatusCode.OK_200
	185	})
	186	})
	187
	188	it('Should fail with invalid admin flags', async function () {
	189	const fields = { ...baseCorrectParams, adminFlags: 'toto' }
	190
	191	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	192	})
	193
	194	it('Should fail with an non authenticated user', async function () {
	195	await makePostBodyRequest({
	196	url: server.url,
	197	path,
	198	token: 'super token',
	199	fields: baseCorrectParams,
	200	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	201	})
	202	})
	203
	204	it('Should fail if we add a user with the same username', async function () {
	205	const fields = { ...baseCorrectParams, username: 'user1' }
	206
	207	await makePostBodyRequest({
	208	url: server.url,
	209	path,
	210	token: server.accessToken,
	211	fields,
	212	expectedStatus: HttpStatusCode.CONFLICT_409
	213	})
	214	})
	215
	216	it('Should fail if we add a user with the same email', async function () {
	217	const fields = { ...baseCorrectParams, email: 'user1@example.com' }
	218
	219	await makePostBodyRequest({
	220	url: server.url,
	221	path,
	222	token: server.accessToken,
	223	fields,
	224	expectedStatus: HttpStatusCode.CONFLICT_409
	225	})
	226	})
	227
	228	it('Should fail without a videoQuota', async function () {
	229	const fields = omit(baseCorrectParams, 'videoQuota')
	230
	231	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	232	})
	233
	234	it('Should fail without a videoQuotaDaily', async function () {
	235	const fields = omit(baseCorrectParams, 'videoQuotaDaily')
	236
	237	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	238	})
	239
	240	it('Should fail with an invalid videoQuota', async function () {
	241	const fields = { ...baseCorrectParams, videoQuota: -5 }
	242
	243	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	244	})
	245
	246	it('Should fail with an invalid videoQuotaDaily', async function () {
	247	const fields = { ...baseCorrectParams, videoQuotaDaily: -7 }
	248
	249	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	250	})
	251
	252	it('Should fail without a user role', async function () {
	253	const fields = omit(baseCorrectParams, 'role')
	254
	255	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	256	})
	257
	258	it('Should fail with an invalid user role', async function () {
	259	const fields = { ...baseCorrectParams, role: 88989 }
	260
	261	await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	262	})
	263
	264	it('Should fail with a "peertube" username', async function () {
	265	const fields = { ...baseCorrectParams, username: 'peertube' }
	266
	267	await makePostBodyRequest({
	268	url: server.url,
	269	path,
	270	token: server.accessToken,
	271	fields,
	272	expectedStatus: HttpStatusCode.CONFLICT_409
	273	})
	274	})
	275
	276	it('Should fail to create a moderator or an admin with a moderator', async function () {
	277	for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
	278	const fields = { ...baseCorrectParams, role }
	279
	280	await makePostBodyRequest({
	281	url: server.url,
	282	path,
	283	token: moderatorToken,
	284	fields,
	285	expectedStatus: HttpStatusCode.FORBIDDEN_403
	286	})
	287	}
	288	})
	289
	290	it('Should succeed to create a user with a moderator', async function () {
	291	const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }
	292
	293	await makePostBodyRequest({
	294	url: server.url,
	295	path,
	296	token: moderatorToken,
	297	fields,
	298	expectedStatus: HttpStatusCode.OK_200
	299	})
	300	})
	301
	302	it('Should succeed with the correct params', async function () {
	303	await makePostBodyRequest({
	304	url: server.url,
	305	path,
	306	token: server.accessToken,
	307	fields: baseCorrectParams,
	308	expectedStatus: HttpStatusCode.OK_200
	309	})
	310	})
	311
	312	it('Should fail with a non admin user', async function () {
	313	const user = { username: 'user1' }
	314	userToken = await server.login.getAccessToken(user)
	315
	316	const fields = {
	317	username: 'user3',
	318	email: 'test@example.com',
	319	password: 'my super password',
	320	videoQuota: 42000000
	321	}
	322	await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
	323	})
	324	})
	325
	326	describe('When getting a user', function () {
	327
	328	it('Should fail with an non authenticated user', async function () {
	329	await makeGetRequest({
	330	url: server.url,
	331	path: path + userId,
	332	token: 'super token',
	333	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	334	})
	335	})
	336
	337	it('Should fail with a non admin user', async function () {
	338	await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
	339	})
	340
	341	it('Should succeed with the correct params', async function () {
	342	await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
	343	})
	344	})
	345
	346	describe('When updating a user', function () {
	347
	348	it('Should fail with an invalid email attribute', async function () {
	349	const fields = {
	350	email: 'blabla'
	351	}
	352
	353	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	354	})
	355
	356	it('Should fail with an invalid emailVerified attribute', async function () {
	357	const fields = {
	358	emailVerified: 'yes'
	359	}
	360
	361	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	362	})
	363
	364	it('Should fail with an invalid videoQuota attribute', async function () {
	365	const fields = {
	366	videoQuota: -90
	367	}
	368
	369	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	370	})
	371
	372	it('Should fail with an invalid user role attribute', async function () {
	373	const fields = {
	374	role: 54878
	375	}
	376
	377	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	378	})
	379
	380	it('Should fail with a too small password', async function () {
	381	const fields = {
	382	currentPassword: 'password',
	383	password: 'bla'
	384	}
	385
	386	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	387	})
	388
	389	it('Should fail with a too long password', async function () {
	390	const fields = {
	391	currentPassword: 'password',
	392	password: 'super'.repeat(61)
	393	}
	394
	395	await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
	396	})
	397
	398	it('Should fail with an non authenticated user', async function () {
	399	const fields = {
	400	videoQuota: 42
	401	}
	402
	403	await makePutBodyRequest({
	404	url: server.url,
	405	path: path + userId,
	406	token: 'super token',
	407	fields,
	408	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	409	})
	410	})
	411
	412	it('Should fail when updating root role', async function () {
	413	const fields = {
	414	role: UserRole.MODERATOR
	415	}
	416
	417	await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields })
	418	})
	419
	420	it('Should fail with invalid admin flags', async function () {
	421	const fields = { adminFlags: 'toto' }
	422
	423	await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
	424	})
	425
	426	it('Should fail to update an admin with a moderator', async function () {
	427	const fields = {
	428	videoQuota: 42
	429	}
	430
	431	await makePutBodyRequest({
	432	url: server.url,
	433	path: path + moderatorId,
	434	token: moderatorToken,
	435	fields,
	436	expectedStatus: HttpStatusCode.FORBIDDEN_403
	437	})
	438	})
	439
	440	it('Should succeed to update a user with a moderator', async function () {
	441	const fields = {
	442	videoQuota: 42
	443	}
	444
	445	await makePutBodyRequest({
	446	url: server.url,
	447	path: path + userId,
	448	token: moderatorToken,
	449	fields,
	450	expectedStatus: HttpStatusCode.NO_CONTENT_204
	451	})
	452	})
	453
	454	it('Should succeed with the correct params', async function () {
	455	const fields = {
	456	email: 'email@example.com',
	457	emailVerified: true,
	458	videoQuota: 42,
	459	role: UserRole.USER
	460	}
	461
	462	await makePutBodyRequest({
	463	url: server.url,
	464	path: path + userId,
	465	token: server.accessToken,
	466	fields,
	467	expectedStatus: HttpStatusCode.NO_CONTENT_204
	468	})
	469	})
	470	})
	471
	472	after(async function () {
	473	MockSmtpServer.Instance.kill()
	474
	475	await cleanupTests([ server ])
	476	})
	477	})