diff options
Diffstat (limited to 'server/tests/api/check-params/users.ts')
-rw-r--r-- | server/tests/api/check-params/users.ts | 911 |
1 files changed, 12 insertions, 899 deletions
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 517e2f423..5f9cbc5eb 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts | |||
@@ -3,925 +3,36 @@ | |||
3 | import 'mocha' | 3 | import 'mocha' |
4 | import { omit } from 'lodash' | 4 | import { omit } from 'lodash' |
5 | import { | 5 | import { |
6 | buildAbsoluteFixturePath, | ||
7 | checkBadCountPagination, | ||
8 | checkBadSortPagination, | ||
9 | checkBadStartPagination, | ||
10 | cleanupTests, | 6 | cleanupTests, |
11 | createSingleServer, | 7 | createSingleServer, |
12 | killallServers, | ||
13 | makeGetRequest, | ||
14 | makePostBodyRequest, | 8 | makePostBodyRequest, |
15 | makePutBodyRequest, | ||
16 | makeUploadRequest, | ||
17 | MockSmtpServer, | 9 | MockSmtpServer, |
18 | PeerTubeServer, | 10 | PeerTubeServer, |
19 | setAccessTokensToServers, | 11 | setAccessTokensToServers |
20 | UsersCommand | ||
21 | } from '@shared/extra-utils' | 12 | } from '@shared/extra-utils' |
22 | import { HttpStatusCode, UserAdminFlag, UserRole, VideoCreateResult } from '@shared/models' | 13 | import { HttpStatusCode, UserRole } from '@shared/models' |
23 | 14 | ||
24 | describe('Test users API validators', function () { | 15 | describe('Test users API validators', function () { |
25 | const path = '/api/v1/users/' | 16 | const path = '/api/v1/users/' |
26 | let userId: number | ||
27 | let rootId: number | ||
28 | let moderatorId: number | ||
29 | let video: VideoCreateResult | ||
30 | let server: PeerTubeServer | 17 | let server: PeerTubeServer |
31 | let serverWithRegistrationDisabled: PeerTubeServer | 18 | let serverWithRegistrationDisabled: PeerTubeServer |
32 | let userToken = '' | ||
33 | let moderatorToken = '' | ||
34 | let emailPort: number | ||
35 | let overrideConfig: Object | ||
36 | 19 | ||
37 | // --------------------------------------------------------------- | 20 | // --------------------------------------------------------------- |
38 | 21 | ||
39 | before(async function () { | 22 | before(async function () { |
40 | this.timeout(30000) | 23 | this.timeout(30000) |
41 | 24 | ||
42 | const emails: object[] = [] | 25 | const res = await Promise.all([ |
43 | emailPort = await MockSmtpServer.Instance.collectEmails(emails) | 26 | createSingleServer(1, { signup: { limit: 3 } }), |
27 | createSingleServer(2) | ||
28 | ]) | ||
44 | 29 | ||
45 | overrideConfig = { signup: { limit: 8 } } | 30 | server = res[0] |
31 | serverWithRegistrationDisabled = res[1] | ||
46 | 32 | ||
47 | { | 33 | await setAccessTokensToServers([ server ]) |
48 | const res = await Promise.all([ | ||
49 | createSingleServer(1, overrideConfig), | ||
50 | createSingleServer(2) | ||
51 | ]) | ||
52 | 34 | ||
53 | server = res[0] | 35 | await server.users.generate('moderator2', UserRole.MODERATOR) |
54 | serverWithRegistrationDisabled = res[1] | ||
55 | |||
56 | await setAccessTokensToServers([ server ]) | ||
57 | } | ||
58 | |||
59 | { | ||
60 | const user = { username: 'user1' } | ||
61 | await server.users.create({ ...user }) | ||
62 | userToken = await server.login.getAccessToken(user) | ||
63 | } | ||
64 | |||
65 | { | ||
66 | const moderator = { username: 'moderator1' } | ||
67 | await server.users.create({ ...moderator, role: UserRole.MODERATOR }) | ||
68 | moderatorToken = await server.login.getAccessToken(moderator) | ||
69 | } | ||
70 | |||
71 | { | ||
72 | const moderator = { username: 'moderator2' } | ||
73 | await server.users.create({ ...moderator, role: UserRole.MODERATOR }) | ||
74 | } | ||
75 | |||
76 | { | ||
77 | video = await server.videos.upload() | ||
78 | } | ||
79 | |||
80 | { | ||
81 | const { data } = await server.users.list() | ||
82 | userId = data.find(u => u.username === 'user1').id | ||
83 | rootId = data.find(u => u.username === 'root').id | ||
84 | moderatorId = data.find(u => u.username === 'moderator2').id | ||
85 | } | ||
86 | }) | ||
87 | |||
88 | describe('When listing users', function () { | ||
89 | it('Should fail with a bad start pagination', async function () { | ||
90 | await checkBadStartPagination(server.url, path, server.accessToken) | ||
91 | }) | ||
92 | |||
93 | it('Should fail with a bad count pagination', async function () { | ||
94 | await checkBadCountPagination(server.url, path, server.accessToken) | ||
95 | }) | ||
96 | |||
97 | it('Should fail with an incorrect sort', async function () { | ||
98 | await checkBadSortPagination(server.url, path, server.accessToken) | ||
99 | }) | ||
100 | |||
101 | it('Should fail with a non authenticated user', async function () { | ||
102 | await makeGetRequest({ | ||
103 | url: server.url, | ||
104 | path, | ||
105 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
106 | }) | ||
107 | }) | ||
108 | |||
109 | it('Should fail with a non admin user', async function () { | ||
110 | await makeGetRequest({ | ||
111 | url: server.url, | ||
112 | path, | ||
113 | token: userToken, | ||
114 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
115 | }) | ||
116 | }) | ||
117 | }) | ||
118 | |||
119 | describe('When adding a new user', function () { | ||
120 | const baseCorrectParams = { | ||
121 | username: 'user2', | ||
122 | email: 'test@example.com', | ||
123 | password: 'my super password', | ||
124 | videoQuota: -1, | ||
125 | videoQuotaDaily: -1, | ||
126 | role: UserRole.USER, | ||
127 | adminFlags: UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST | ||
128 | } | ||
129 | |||
130 | it('Should fail with a too small username', async function () { | ||
131 | const fields = { ...baseCorrectParams, username: '' } | ||
132 | |||
133 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
134 | }) | ||
135 | |||
136 | it('Should fail with a too long username', async function () { | ||
137 | const fields = { ...baseCorrectParams, username: 'super'.repeat(50) } | ||
138 | |||
139 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
140 | }) | ||
141 | |||
142 | it('Should fail with a not lowercase username', async function () { | ||
143 | const fields = { ...baseCorrectParams, username: 'Toto' } | ||
144 | |||
145 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
146 | }) | ||
147 | |||
148 | it('Should fail with an incorrect username', async function () { | ||
149 | const fields = { ...baseCorrectParams, username: 'my username' } | ||
150 | |||
151 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
152 | }) | ||
153 | |||
154 | it('Should fail with a missing email', async function () { | ||
155 | const fields = omit(baseCorrectParams, 'email') | ||
156 | |||
157 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
158 | }) | ||
159 | |||
160 | it('Should fail with an invalid email', async function () { | ||
161 | const fields = { ...baseCorrectParams, email: 'test_example.com' } | ||
162 | |||
163 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
164 | }) | ||
165 | |||
166 | it('Should fail with a too small password', async function () { | ||
167 | const fields = { ...baseCorrectParams, password: 'bla' } | ||
168 | |||
169 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
170 | }) | ||
171 | |||
172 | it('Should fail with a too long password', async function () { | ||
173 | const fields = { ...baseCorrectParams, password: 'super'.repeat(61) } | ||
174 | |||
175 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
176 | }) | ||
177 | |||
178 | it('Should fail with empty password and no smtp configured', async function () { | ||
179 | const fields = { ...baseCorrectParams, password: '' } | ||
180 | |||
181 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
182 | }) | ||
183 | |||
184 | it('Should succeed with no password on a server with smtp enabled', async function () { | ||
185 | this.timeout(20000) | ||
186 | |||
187 | await killallServers([ server ]) | ||
188 | |||
189 | const config = { | ||
190 | ...overrideConfig, | ||
191 | |||
192 | smtp: { | ||
193 | hostname: 'localhost', | ||
194 | port: emailPort | ||
195 | } | ||
196 | } | ||
197 | await server.run(config) | ||
198 | |||
199 | const fields = { | ||
200 | ...baseCorrectParams, | ||
201 | |||
202 | password: '', | ||
203 | username: 'create_password', | ||
204 | email: 'create_password@example.com' | ||
205 | } | ||
206 | |||
207 | await makePostBodyRequest({ | ||
208 | url: server.url, | ||
209 | path: path, | ||
210 | token: server.accessToken, | ||
211 | fields, | ||
212 | expectedStatus: HttpStatusCode.OK_200 | ||
213 | }) | ||
214 | }) | ||
215 | |||
216 | it('Should fail with invalid admin flags', async function () { | ||
217 | const fields = { ...baseCorrectParams, adminFlags: 'toto' } | ||
218 | |||
219 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
220 | }) | ||
221 | |||
222 | it('Should fail with an non authenticated user', async function () { | ||
223 | await makePostBodyRequest({ | ||
224 | url: server.url, | ||
225 | path, | ||
226 | token: 'super token', | ||
227 | fields: baseCorrectParams, | ||
228 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
229 | }) | ||
230 | }) | ||
231 | |||
232 | it('Should fail if we add a user with the same username', async function () { | ||
233 | const fields = { ...baseCorrectParams, username: 'user1' } | ||
234 | |||
235 | await makePostBodyRequest({ | ||
236 | url: server.url, | ||
237 | path, | ||
238 | token: server.accessToken, | ||
239 | fields, | ||
240 | expectedStatus: HttpStatusCode.CONFLICT_409 | ||
241 | }) | ||
242 | }) | ||
243 | |||
244 | it('Should fail if we add a user with the same email', async function () { | ||
245 | const fields = { ...baseCorrectParams, email: 'user1@example.com' } | ||
246 | |||
247 | await makePostBodyRequest({ | ||
248 | url: server.url, | ||
249 | path, | ||
250 | token: server.accessToken, | ||
251 | fields, | ||
252 | expectedStatus: HttpStatusCode.CONFLICT_409 | ||
253 | }) | ||
254 | }) | ||
255 | |||
256 | it('Should fail without a videoQuota', async function () { | ||
257 | const fields = omit(baseCorrectParams, 'videoQuota') | ||
258 | |||
259 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
260 | }) | ||
261 | |||
262 | it('Should fail without a videoQuotaDaily', async function () { | ||
263 | const fields = omit(baseCorrectParams, 'videoQuotaDaily') | ||
264 | |||
265 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
266 | }) | ||
267 | |||
268 | it('Should fail with an invalid videoQuota', async function () { | ||
269 | const fields = { ...baseCorrectParams, videoQuota: -5 } | ||
270 | |||
271 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
272 | }) | ||
273 | |||
274 | it('Should fail with an invalid videoQuotaDaily', async function () { | ||
275 | const fields = { ...baseCorrectParams, videoQuotaDaily: -7 } | ||
276 | |||
277 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
278 | }) | ||
279 | |||
280 | it('Should fail without a user role', async function () { | ||
281 | const fields = omit(baseCorrectParams, 'role') | ||
282 | |||
283 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
284 | }) | ||
285 | |||
286 | it('Should fail with an invalid user role', async function () { | ||
287 | const fields = { ...baseCorrectParams, role: 88989 } | ||
288 | |||
289 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
290 | }) | ||
291 | |||
292 | it('Should fail with a "peertube" username', async function () { | ||
293 | const fields = { ...baseCorrectParams, username: 'peertube' } | ||
294 | |||
295 | await makePostBodyRequest({ | ||
296 | url: server.url, | ||
297 | path, | ||
298 | token: server.accessToken, | ||
299 | fields, | ||
300 | expectedStatus: HttpStatusCode.CONFLICT_409 | ||
301 | }) | ||
302 | }) | ||
303 | |||
304 | it('Should fail to create a moderator or an admin with a moderator', async function () { | ||
305 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | ||
306 | const fields = { ...baseCorrectParams, role } | ||
307 | |||
308 | await makePostBodyRequest({ | ||
309 | url: server.url, | ||
310 | path, | ||
311 | token: moderatorToken, | ||
312 | fields, | ||
313 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
314 | }) | ||
315 | } | ||
316 | }) | ||
317 | |||
318 | it('Should succeed to create a user with a moderator', async function () { | ||
319 | const fields = { ...baseCorrectParams, username: 'a4656', email: 'a4656@example.com', role: UserRole.USER } | ||
320 | |||
321 | await makePostBodyRequest({ | ||
322 | url: server.url, | ||
323 | path, | ||
324 | token: moderatorToken, | ||
325 | fields, | ||
326 | expectedStatus: HttpStatusCode.OK_200 | ||
327 | }) | ||
328 | }) | ||
329 | |||
330 | it('Should succeed with the correct params', async function () { | ||
331 | await makePostBodyRequest({ | ||
332 | url: server.url, | ||
333 | path, | ||
334 | token: server.accessToken, | ||
335 | fields: baseCorrectParams, | ||
336 | expectedStatus: HttpStatusCode.OK_200 | ||
337 | }) | ||
338 | }) | ||
339 | |||
340 | it('Should fail with a non admin user', async function () { | ||
341 | const user = { username: 'user1' } | ||
342 | userToken = await server.login.getAccessToken(user) | ||
343 | |||
344 | const fields = { | ||
345 | username: 'user3', | ||
346 | email: 'test@example.com', | ||
347 | password: 'my super password', | ||
348 | videoQuota: 42000000 | ||
349 | } | ||
350 | await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | ||
351 | }) | ||
352 | }) | ||
353 | |||
354 | describe('When updating my account', function () { | ||
355 | |||
356 | it('Should fail with an invalid email attribute', async function () { | ||
357 | const fields = { | ||
358 | email: 'blabla' | ||
359 | } | ||
360 | |||
361 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields }) | ||
362 | }) | ||
363 | |||
364 | it('Should fail with a too small password', async function () { | ||
365 | const fields = { | ||
366 | currentPassword: 'password', | ||
367 | password: 'bla' | ||
368 | } | ||
369 | |||
370 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
371 | }) | ||
372 | |||
373 | it('Should fail with a too long password', async function () { | ||
374 | const fields = { | ||
375 | currentPassword: 'password', | ||
376 | password: 'super'.repeat(61) | ||
377 | } | ||
378 | |||
379 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
380 | }) | ||
381 | |||
382 | it('Should fail without the current password', async function () { | ||
383 | const fields = { | ||
384 | currentPassword: 'password', | ||
385 | password: 'super'.repeat(61) | ||
386 | } | ||
387 | |||
388 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
389 | }) | ||
390 | |||
391 | it('Should fail with an invalid current password', async function () { | ||
392 | const fields = { | ||
393 | currentPassword: 'my super password fail', | ||
394 | password: 'super'.repeat(61) | ||
395 | } | ||
396 | |||
397 | await makePutBodyRequest({ | ||
398 | url: server.url, | ||
399 | path: path + 'me', | ||
400 | token: userToken, | ||
401 | fields, | ||
402 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
403 | }) | ||
404 | }) | ||
405 | |||
406 | it('Should fail with an invalid NSFW policy attribute', async function () { | ||
407 | const fields = { | ||
408 | nsfwPolicy: 'hello' | ||
409 | } | ||
410 | |||
411 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
412 | }) | ||
413 | |||
414 | it('Should fail with an invalid autoPlayVideo attribute', async function () { | ||
415 | const fields = { | ||
416 | autoPlayVideo: -1 | ||
417 | } | ||
418 | |||
419 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
420 | }) | ||
421 | |||
422 | it('Should fail with an invalid autoPlayNextVideo attribute', async function () { | ||
423 | const fields = { | ||
424 | autoPlayNextVideo: -1 | ||
425 | } | ||
426 | |||
427 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
428 | }) | ||
429 | |||
430 | it('Should fail with an invalid videosHistoryEnabled attribute', async function () { | ||
431 | const fields = { | ||
432 | videosHistoryEnabled: -1 | ||
433 | } | ||
434 | |||
435 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
436 | }) | ||
437 | |||
438 | it('Should fail with an non authenticated user', async function () { | ||
439 | const fields = { | ||
440 | currentPassword: 'password', | ||
441 | password: 'my super password' | ||
442 | } | ||
443 | |||
444 | await makePutBodyRequest({ | ||
445 | url: server.url, | ||
446 | path: path + 'me', | ||
447 | token: 'super token', | ||
448 | fields, | ||
449 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
450 | }) | ||
451 | }) | ||
452 | |||
453 | it('Should fail with a too long description', async function () { | ||
454 | const fields = { | ||
455 | description: 'super'.repeat(201) | ||
456 | } | ||
457 | |||
458 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
459 | }) | ||
460 | |||
461 | it('Should fail with an invalid videoLanguages attribute', async function () { | ||
462 | { | ||
463 | const fields = { | ||
464 | videoLanguages: 'toto' | ||
465 | } | ||
466 | |||
467 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
468 | } | ||
469 | |||
470 | { | ||
471 | const languages = [] | ||
472 | for (let i = 0; i < 1000; i++) { | ||
473 | languages.push('fr') | ||
474 | } | ||
475 | |||
476 | const fields = { | ||
477 | videoLanguages: languages | ||
478 | } | ||
479 | |||
480 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
481 | } | ||
482 | }) | ||
483 | |||
484 | it('Should fail with an invalid theme', async function () { | ||
485 | const fields = { theme: 'invalid' } | ||
486 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
487 | }) | ||
488 | |||
489 | it('Should fail with an unknown theme', async function () { | ||
490 | const fields = { theme: 'peertube-theme-unknown' } | ||
491 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
492 | }) | ||
493 | |||
494 | it('Should fail with invalid no modal attributes', async function () { | ||
495 | const keys = [ | ||
496 | 'noInstanceConfigWarningModal', | ||
497 | 'noAccountSetupWarningModal', | ||
498 | 'noWelcomeModal' | ||
499 | ] | ||
500 | |||
501 | for (const key of keys) { | ||
502 | const fields = { | ||
503 | [key]: -1 | ||
504 | } | ||
505 | |||
506 | await makePutBodyRequest({ url: server.url, path: path + 'me', token: userToken, fields }) | ||
507 | } | ||
508 | }) | ||
509 | |||
510 | it('Should succeed to change password with the correct params', async function () { | ||
511 | const fields = { | ||
512 | currentPassword: 'password', | ||
513 | password: 'my super password', | ||
514 | nsfwPolicy: 'blur', | ||
515 | autoPlayVideo: false, | ||
516 | email: 'super_email@example.com', | ||
517 | theme: 'default', | ||
518 | noInstanceConfigWarningModal: true, | ||
519 | noWelcomeModal: true, | ||
520 | noAccountSetupWarningModal: true | ||
521 | } | ||
522 | |||
523 | await makePutBodyRequest({ | ||
524 | url: server.url, | ||
525 | path: path + 'me', | ||
526 | token: userToken, | ||
527 | fields, | ||
528 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | ||
529 | }) | ||
530 | }) | ||
531 | |||
532 | it('Should succeed without password change with the correct params', async function () { | ||
533 | const fields = { | ||
534 | nsfwPolicy: 'blur', | ||
535 | autoPlayVideo: false | ||
536 | } | ||
537 | |||
538 | await makePutBodyRequest({ | ||
539 | url: server.url, | ||
540 | path: path + 'me', | ||
541 | token: userToken, | ||
542 | fields, | ||
543 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | ||
544 | }) | ||
545 | }) | ||
546 | }) | ||
547 | |||
548 | describe('When updating my avatar', function () { | ||
549 | it('Should fail without an incorrect input file', async function () { | ||
550 | const fields = {} | ||
551 | const attaches = { | ||
552 | avatarfile: buildAbsoluteFixturePath('video_short.mp4') | ||
553 | } | ||
554 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | ||
555 | }) | ||
556 | |||
557 | it('Should fail with a big file', async function () { | ||
558 | const fields = {} | ||
559 | const attaches = { | ||
560 | avatarfile: buildAbsoluteFixturePath('avatar-big.png') | ||
561 | } | ||
562 | await makeUploadRequest({ url: server.url, path: path + '/me/avatar/pick', token: server.accessToken, fields, attaches }) | ||
563 | }) | ||
564 | |||
565 | it('Should fail with an unauthenticated user', async function () { | ||
566 | const fields = {} | ||
567 | const attaches = { | ||
568 | avatarfile: buildAbsoluteFixturePath('avatar.png') | ||
569 | } | ||
570 | await makeUploadRequest({ | ||
571 | url: server.url, | ||
572 | path: path + '/me/avatar/pick', | ||
573 | fields, | ||
574 | attaches, | ||
575 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
576 | }) | ||
577 | }) | ||
578 | |||
579 | it('Should succeed with the correct params', async function () { | ||
580 | const fields = {} | ||
581 | const attaches = { | ||
582 | avatarfile: buildAbsoluteFixturePath('avatar.png') | ||
583 | } | ||
584 | await makeUploadRequest({ | ||
585 | url: server.url, | ||
586 | path: path + '/me/avatar/pick', | ||
587 | token: server.accessToken, | ||
588 | fields, | ||
589 | attaches, | ||
590 | expectedStatus: HttpStatusCode.OK_200 | ||
591 | }) | ||
592 | }) | ||
593 | }) | ||
594 | |||
595 | describe('When managing my scoped tokens', function () { | ||
596 | |||
597 | it('Should fail to get my scoped tokens with an non authenticated user', async function () { | ||
598 | await server.users.getMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | ||
599 | }) | ||
600 | |||
601 | it('Should fail to get my scoped tokens with a bad token', async function () { | ||
602 | await server.users.getMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | ||
603 | |||
604 | }) | ||
605 | |||
606 | it('Should succeed to get my scoped tokens', async function () { | ||
607 | await server.users.getMyScopedTokens() | ||
608 | }) | ||
609 | |||
610 | it('Should fail to renew my scoped tokens with an non authenticated user', async function () { | ||
611 | await server.users.renewMyScopedTokens({ token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | ||
612 | }) | ||
613 | |||
614 | it('Should fail to renew my scoped tokens with a bad token', async function () { | ||
615 | await server.users.renewMyScopedTokens({ token: 'bad', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | ||
616 | }) | ||
617 | |||
618 | it('Should succeed to renew my scoped tokens', async function () { | ||
619 | await server.users.renewMyScopedTokens() | ||
620 | }) | ||
621 | }) | ||
622 | |||
623 | describe('When getting a user', function () { | ||
624 | |||
625 | it('Should fail with an non authenticated user', async function () { | ||
626 | await makeGetRequest({ | ||
627 | url: server.url, | ||
628 | path: path + userId, | ||
629 | token: 'super token', | ||
630 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
631 | }) | ||
632 | }) | ||
633 | |||
634 | it('Should fail with a non admin user', async function () { | ||
635 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | ||
636 | }) | ||
637 | |||
638 | it('Should succeed with the correct params', async function () { | ||
639 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | ||
640 | }) | ||
641 | }) | ||
642 | |||
643 | describe('When updating a user', function () { | ||
644 | |||
645 | it('Should fail with an invalid email attribute', async function () { | ||
646 | const fields = { | ||
647 | email: 'blabla' | ||
648 | } | ||
649 | |||
650 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
651 | }) | ||
652 | |||
653 | it('Should fail with an invalid emailVerified attribute', async function () { | ||
654 | const fields = { | ||
655 | emailVerified: 'yes' | ||
656 | } | ||
657 | |||
658 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
659 | }) | ||
660 | |||
661 | it('Should fail with an invalid videoQuota attribute', async function () { | ||
662 | const fields = { | ||
663 | videoQuota: -90 | ||
664 | } | ||
665 | |||
666 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
667 | }) | ||
668 | |||
669 | it('Should fail with an invalid user role attribute', async function () { | ||
670 | const fields = { | ||
671 | role: 54878 | ||
672 | } | ||
673 | |||
674 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
675 | }) | ||
676 | |||
677 | it('Should fail with a too small password', async function () { | ||
678 | const fields = { | ||
679 | currentPassword: 'password', | ||
680 | password: 'bla' | ||
681 | } | ||
682 | |||
683 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
684 | }) | ||
685 | |||
686 | it('Should fail with a too long password', async function () { | ||
687 | const fields = { | ||
688 | currentPassword: 'password', | ||
689 | password: 'super'.repeat(61) | ||
690 | } | ||
691 | |||
692 | await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) | ||
693 | }) | ||
694 | |||
695 | it('Should fail with an non authenticated user', async function () { | ||
696 | const fields = { | ||
697 | videoQuota: 42 | ||
698 | } | ||
699 | |||
700 | await makePutBodyRequest({ | ||
701 | url: server.url, | ||
702 | path: path + userId, | ||
703 | token: 'super token', | ||
704 | fields, | ||
705 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
706 | }) | ||
707 | }) | ||
708 | |||
709 | it('Should fail when updating root role', async function () { | ||
710 | const fields = { | ||
711 | role: UserRole.MODERATOR | ||
712 | } | ||
713 | |||
714 | await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields }) | ||
715 | }) | ||
716 | |||
717 | it('Should fail with invalid admin flags', async function () { | ||
718 | const fields = { adminFlags: 'toto' } | ||
719 | |||
720 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
721 | }) | ||
722 | |||
723 | it('Should fail to update an admin with a moderator', async function () { | ||
724 | const fields = { | ||
725 | videoQuota: 42 | ||
726 | } | ||
727 | |||
728 | await makePutBodyRequest({ | ||
729 | url: server.url, | ||
730 | path: path + moderatorId, | ||
731 | token: moderatorToken, | ||
732 | fields, | ||
733 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
734 | }) | ||
735 | }) | ||
736 | |||
737 | it('Should succeed to update a user with a moderator', async function () { | ||
738 | const fields = { | ||
739 | videoQuota: 42 | ||
740 | } | ||
741 | |||
742 | await makePutBodyRequest({ | ||
743 | url: server.url, | ||
744 | path: path + userId, | ||
745 | token: moderatorToken, | ||
746 | fields, | ||
747 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | ||
748 | }) | ||
749 | }) | ||
750 | |||
751 | it('Should succeed with the correct params', async function () { | ||
752 | const fields = { | ||
753 | email: 'email@example.com', | ||
754 | emailVerified: true, | ||
755 | videoQuota: 42, | ||
756 | role: UserRole.USER | ||
757 | } | ||
758 | |||
759 | await makePutBodyRequest({ | ||
760 | url: server.url, | ||
761 | path: path + userId, | ||
762 | token: server.accessToken, | ||
763 | fields, | ||
764 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | ||
765 | }) | ||
766 | }) | ||
767 | }) | ||
768 | |||
769 | describe('When getting my information', function () { | ||
770 | it('Should fail with a non authenticated user', async function () { | ||
771 | await server.users.getMyInfo({ token: 'fake_token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | ||
772 | }) | ||
773 | |||
774 | it('Should success with the correct parameters', async function () { | ||
775 | await server.users.getMyInfo({ token: userToken }) | ||
776 | }) | ||
777 | }) | ||
778 | |||
779 | describe('When getting my video rating', function () { | ||
780 | let command: UsersCommand | ||
781 | |||
782 | before(function () { | ||
783 | command = server.users | ||
784 | }) | ||
785 | |||
786 | it('Should fail with a non authenticated user', async function () { | ||
787 | await command.getMyRating({ token: 'fake_token', videoId: video.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | ||
788 | }) | ||
789 | |||
790 | it('Should fail with an incorrect video uuid', async function () { | ||
791 | await command.getMyRating({ videoId: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | ||
792 | }) | ||
793 | |||
794 | it('Should fail with an unknown video', async function () { | ||
795 | await command.getMyRating({ videoId: '4da6fde3-88f7-4d16-b119-108df5630b06', expectedStatus: HttpStatusCode.NOT_FOUND_404 }) | ||
796 | }) | ||
797 | |||
798 | it('Should succeed with the correct parameters', async function () { | ||
799 | await command.getMyRating({ videoId: video.id }) | ||
800 | await command.getMyRating({ videoId: video.uuid }) | ||
801 | await command.getMyRating({ videoId: video.shortUUID }) | ||
802 | }) | ||
803 | }) | ||
804 | |||
805 | describe('When retrieving my global ratings', function () { | ||
806 | const path = '/api/v1/accounts/user1/ratings' | ||
807 | |||
808 | it('Should fail with a bad start pagination', async function () { | ||
809 | await checkBadStartPagination(server.url, path, userToken) | ||
810 | }) | ||
811 | |||
812 | it('Should fail with a bad count pagination', async function () { | ||
813 | await checkBadCountPagination(server.url, path, userToken) | ||
814 | }) | ||
815 | |||
816 | it('Should fail with an incorrect sort', async function () { | ||
817 | await checkBadSortPagination(server.url, path, userToken) | ||
818 | }) | ||
819 | |||
820 | it('Should fail with a unauthenticated user', async function () { | ||
821 | await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | ||
822 | }) | ||
823 | |||
824 | it('Should fail with a another user', async function () { | ||
825 | await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | ||
826 | }) | ||
827 | |||
828 | it('Should fail with a bad type', async function () { | ||
829 | await makeGetRequest({ | ||
830 | url: server.url, | ||
831 | path, | ||
832 | token: userToken, | ||
833 | query: { rating: 'toto ' }, | ||
834 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | ||
835 | }) | ||
836 | }) | ||
837 | |||
838 | it('Should succeed with the correct params', async function () { | ||
839 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 }) | ||
840 | }) | ||
841 | }) | ||
842 | |||
843 | describe('When getting my global followers', function () { | ||
844 | const path = '/api/v1/accounts/user1/followers' | ||
845 | |||
846 | it('Should fail with a bad start pagination', async function () { | ||
847 | await checkBadStartPagination(server.url, path, userToken) | ||
848 | }) | ||
849 | |||
850 | it('Should fail with a bad count pagination', async function () { | ||
851 | await checkBadCountPagination(server.url, path, userToken) | ||
852 | }) | ||
853 | |||
854 | it('Should fail with an incorrect sort', async function () { | ||
855 | await checkBadSortPagination(server.url, path, userToken) | ||
856 | }) | ||
857 | |||
858 | it('Should fail with a unauthenticated user', async function () { | ||
859 | await makeGetRequest({ url: server.url, path, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | ||
860 | }) | ||
861 | |||
862 | it('Should fail with a another user', async function () { | ||
863 | await makeGetRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | ||
864 | }) | ||
865 | |||
866 | it('Should succeed with the correct params', async function () { | ||
867 | await makeGetRequest({ url: server.url, path, token: userToken, expectedStatus: HttpStatusCode.OK_200 }) | ||
868 | }) | ||
869 | }) | ||
870 | |||
871 | describe('When blocking/unblocking/removing user', function () { | ||
872 | |||
873 | it('Should fail with an incorrect id', async function () { | ||
874 | const options = { userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 } | ||
875 | |||
876 | await server.users.remove(options) | ||
877 | await server.users.banUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | ||
878 | await server.users.unbanUser({ userId: 'blabla' as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | ||
879 | }) | ||
880 | |||
881 | it('Should fail with the root user', async function () { | ||
882 | const options = { userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 } | ||
883 | |||
884 | await server.users.remove(options) | ||
885 | await server.users.banUser(options) | ||
886 | await server.users.unbanUser(options) | ||
887 | }) | ||
888 | |||
889 | it('Should return 404 with a non existing id', async function () { | ||
890 | const options = { userId: 4545454, expectedStatus: HttpStatusCode.NOT_FOUND_404 } | ||
891 | |||
892 | await server.users.remove(options) | ||
893 | await server.users.banUser(options) | ||
894 | await server.users.unbanUser(options) | ||
895 | }) | ||
896 | |||
897 | it('Should fail with a non admin user', async function () { | ||
898 | const options = { userId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 } | ||
899 | |||
900 | await server.users.remove(options) | ||
901 | await server.users.banUser(options) | ||
902 | await server.users.unbanUser(options) | ||
903 | }) | ||
904 | |||
905 | it('Should fail on a moderator with a moderator', async function () { | ||
906 | const options = { userId: moderatorId, token: moderatorToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 } | ||
907 | |||
908 | await server.users.remove(options) | ||
909 | await server.users.banUser(options) | ||
910 | await server.users.unbanUser(options) | ||
911 | }) | ||
912 | |||
913 | it('Should succeed on a user with a moderator', async function () { | ||
914 | const options = { userId, token: moderatorToken } | ||
915 | |||
916 | await server.users.banUser(options) | ||
917 | await server.users.unbanUser(options) | ||
918 | }) | ||
919 | }) | ||
920 | |||
921 | describe('When deleting our account', function () { | ||
922 | it('Should fail with with the root account', async function () { | ||
923 | await server.users.deleteMe({ expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | ||
924 | }) | ||
925 | }) | 36 | }) |
926 | 37 | ||
927 | describe('When registering a new user', function () { | 38 | describe('When registering a new user', function () { |
@@ -1081,9 +192,11 @@ describe('Test users API validators', function () { | |||
1081 | }) | 192 | }) |
1082 | 193 | ||
1083 | describe('When registering multiple users on a server with users limit', function () { | 194 | describe('When registering multiple users on a server with users limit', function () { |
195 | |||
1084 | it('Should fail when after 3 registrations', async function () { | 196 | it('Should fail when after 3 registrations', async function () { |
1085 | await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | 197 | await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 }) |
1086 | }) | 198 | }) |
199 | |||
1087 | }) | 200 | }) |
1088 | 201 | ||
1089 | describe('When asking a password reset', function () { | 202 | describe('When asking a password reset', function () { |