29 files changed, 1446 insertions, 611 deletions

diff --git a/server/tests/api/activitypub/cleaner.ts b/server/tests/api/activitypub/cleaner.ts
index eb6779123..1c1495022 100644
--- a/server/tests/api/activitypub/cleaner.ts
+++ b/server/tests/api/activitypub/cleaner.ts
@@ -148,7 +148,7 @@ describe('Test AP cleaner', function () {
   it('Should destroy server 3 internal shares and correctly clean them', async function () {
     this.timeout(20000)
 
-    const preCount = await servers[0].sql.getCount('videoShare')
+    const preCount = await servers[0].sql.getVideoShareCount()
     expect(preCount).to.equal(6)
 
     await servers[2].sql.deleteAll('videoShare')
@@ -156,7 +156,7 @@ describe('Test AP cleaner', function () {
     await waitJobs(servers)
 
     // Still 6 because we don't have remote shares on local videos
-    const postCount = await servers[0].sql.getCount('videoShare')
+    const postCount = await servers[0].sql.getVideoShareCount()
     expect(postCount).to.equal(6)
   })
 
@@ -185,7 +185,7 @@ describe('Test AP cleaner', function () {
     async function check (like: string, ofServerUrl: string, urlSuffix: string, remote: 'true' | 'false') {
       const query = `SELECT "videoId", "accountVideoRate".url FROM "accountVideoRate" ` +
         `INNER JOIN video ON "accountVideoRate"."videoId" = video.id AND remote IS ${remote} WHERE "accountVideoRate"."url" LIKE '${like}'`
-      const res = await servers[0].sql.selectQuery(query)
+      const res = await servers[0].sql.selectQuery<{ url: string }>(query)
 
       for (const rate of res) {
         const matcher = new RegExp(`^${ofServerUrl}/accounts/root/dislikes/\\d+${urlSuffix}$`)
@@ -231,7 +231,7 @@ describe('Test AP cleaner', function () {
       const query = `SELECT "videoId", "videoComment".url, uuid as "videoUUID" FROM "videoComment" ` +
         `INNER JOIN video ON "videoComment"."videoId" = video.id AND remote IS ${remote} WHERE "videoComment"."url" LIKE '${like}'`
 
-      const res = await servers[0].sql.selectQuery(query)
+      const res = await servers[0].sql.selectQuery<{ url: string, videoUUID: string }>(query)
 
       for (const comment of res) {
         const matcher = new RegExp(`${ofServerUrl}/videos/watch/${comment.videoUUID}/comments/\\d+${urlSuffix}`)
diff --git a/server/tests/api/check-params/config.ts b/server/tests/api/check-params/config.ts
index 3415625ca..93a3f3eb9 100644
--- a/server/tests/api/check-params/config.ts
+++ b/server/tests/api/check-params/config.ts
@@ -79,6 +79,7 @@ describe('Test config API validators', function () {
     signup: {
       enabled: false,
       limit: 5,
+      requiresApproval: false,
       requiresEmailVerification: false,
       minimumAge: 16
     },
@@ -313,6 +314,7 @@ describe('Test config API validators', function () {
         signup: {
           enabled: true,
           limit: 5,
+          requiresApproval: true,
           requiresEmailVerification: true
         }
       }
diff --git a/server/tests/api/check-params/contact-form.ts b/server/tests/api/check-params/contact-form.ts
index 7968ef802..f0f8819b9 100644
--- a/server/tests/api/check-params/contact-form.ts
+++ b/server/tests/api/check-params/contact-form.ts
@@ -2,7 +2,14 @@
 
 import { MockSmtpServer } from '@server/tests/shared'
 import { HttpStatusCode } from '@shared/models'
-import { cleanupTests, ContactFormCommand, createSingleServer, killallServers, PeerTubeServer } from '@shared/server-commands'
+import {
+  cleanupTests,
+  ConfigCommand,
+  ContactFormCommand,
+  createSingleServer,
+  killallServers,
+  PeerTubeServer
+} from '@shared/server-commands'
 
 describe('Test contact form API validators', function () {
   let server: PeerTubeServer
@@ -38,7 +45,7 @@ describe('Test contact form API validators', function () {
     await killallServers([ server ])
 
     // Contact form is disabled
-    await server.run({ smtp: { hostname: '127.0.0.1', port: emailPort }, contact_form: { enabled: false } })
+    await server.run({ ...ConfigCommand.getEmailOverrideConfig(emailPort), contact_form: { enabled: false } })
     await command.send({ ...defaultBody, expectedStatus: HttpStatusCode.CONFLICT_409 })
   })
 
@@ -48,7 +55,7 @@ describe('Test contact form API validators', function () {
     await killallServers([ server ])
 
     // Email & contact form enabled
-    await server.run({ smtp: { hostname: '127.0.0.1', port: emailPort } })
+    await server.run(ConfigCommand.getEmailOverrideConfig(emailPort))
 
     await command.send({ ...defaultBody, fromEmail: 'badEmail', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
     await command.send({ ...defaultBody, fromEmail: 'badEmail@', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
diff --git a/server/tests/api/check-params/index.ts b/server/tests/api/check-params/index.ts
index 961093bb5..ddbcb42f8 100644
--- a/server/tests/api/check-params/index.ts
+++ b/server/tests/api/check-params/index.ts
@@ -15,6 +15,7 @@ import './metrics'
 import './my-user'
 import './plugins'
 import './redundancy'
+import './registrations'
 import './search'
 import './services'
 import './transcoding'
@@ -23,7 +24,7 @@ import './upload-quota'
 import './user-notifications'
 import './user-subscriptions'
 import './users-admin'
-import './users'
+import './users-emails'
 import './video-blacklist'
 import './video-captions'
 import './video-channel-syncs'
diff --git a/server/tests/api/check-params/redundancy.ts b/server/tests/api/check-params/redundancy.ts
index 908407b9a..73dfd489d 100644
--- a/server/tests/api/check-params/redundancy.ts
+++ b/server/tests/api/check-params/redundancy.ts
@@ -24,7 +24,7 @@ describe('Test server redundancy API validators', function () {
   // ---------------------------------------------------------------
 
   before(async function () {
-    this.timeout(80000)
+    this.timeout(160000)
 
     servers = await createMultipleServers(2)
 
diff --git a/server/tests/api/check-params/registrations.ts b/server/tests/api/check-params/registrations.ts
new file mode 100644
index 000000000..fe16ebd93
--- /dev/null
+++ b/server/tests/api/check-params/registrations.ts
@@ -0,0 +1,433 @@
+import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
+import { omit } from '@shared/core-utils'
+import { HttpStatusCode, UserRole } from '@shared/models'
+import {
+  cleanupTests,
+  createSingleServer,
+  makePostBodyRequest,
+  PeerTubeServer,
+  setAccessTokensToServers,
+  setDefaultAccountAvatar,
+  setDefaultChannelAvatar
+} from '@shared/server-commands'
+
+describe('Test registrations API validators', function () {
+  let server: PeerTubeServer
+  let userToken: string
+  let moderatorToken: string
+
+  // ---------------------------------------------------------------
+
+  before(async function () {
+    this.timeout(30000)
+
+    server = await createSingleServer(1)
+
+    await setAccessTokensToServers([ server ])
+    await setDefaultAccountAvatar([ server ])
+    await setDefaultChannelAvatar([ server ])
+
+    await server.config.enableSignup(false);
+
+    ({ token: moderatorToken } = await server.users.generate('moderator', UserRole.MODERATOR));
+    ({ token: userToken } = await server.users.generate('user', UserRole.USER))
+  })
+
+  describe('Register', function () {
+    const registrationPath = '/api/v1/users/register'
+    const registrationRequestPath = '/api/v1/users/registrations/request'
+
+    const baseCorrectParams = {
+      username: 'user3',
+      displayName: 'super user',
+      email: 'test3@example.com',
+      password: 'my super password',
+      registrationReason: 'my super registration reason'
+    }
+
+    describe('When registering a new user or requesting user registration', function () {
+
+      async function check (fields: any, expectedStatus = HttpStatusCode.BAD_REQUEST_400) {
+        await server.config.enableSignup(false)
+        await makePostBodyRequest({ url: server.url, path: registrationPath, fields, expectedStatus })
+
+        await server.config.enableSignup(true)
+        await makePostBodyRequest({ url: server.url, path: registrationRequestPath, fields, expectedStatus })
+      }
+
+      it('Should fail with a too small username', async function () {
+        const fields = { ...baseCorrectParams, username: '' }
+
+        await check(fields)
+      })
+
+      it('Should fail with a too long username', async function () {
+        const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
+
+        await check(fields)
+      })
+
+      it('Should fail with an incorrect username', async function () {
+        const fields = { ...baseCorrectParams, username: 'my username' }
+
+        await check(fields)
+      })
+
+      it('Should fail with a missing email', async function () {
+        const fields = omit(baseCorrectParams, [ 'email' ])
+
+        await check(fields)
+      })
+
+      it('Should fail with an invalid email', async function () {
+        const fields = { ...baseCorrectParams, email: 'test_example.com' }
+
+        await check(fields)
+      })
+
+      it('Should fail with a too small password', async function () {
+        const fields = { ...baseCorrectParams, password: 'bla' }
+
+        await check(fields)
+      })
+
+      it('Should fail with a too long password', async function () {
+        const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
+
+        await check(fields)
+      })
+
+      it('Should fail if we register a user with the same username', async function () {
+        const fields = { ...baseCorrectParams, username: 'root' }
+
+        await check(fields, HttpStatusCode.CONFLICT_409)
+      })
+
+      it('Should fail with a "peertube" username', async function () {
+        const fields = { ...baseCorrectParams, username: 'peertube' }
+
+        await check(fields, HttpStatusCode.CONFLICT_409)
+      })
+
+      it('Should fail if we register a user with the same email', async function () {
+        const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
+
+        await check(fields, HttpStatusCode.CONFLICT_409)
+      })
+
+      it('Should fail with a bad display name', async function () {
+        const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
+
+        await check(fields)
+      })
+
+      it('Should fail with a bad channel name', async function () {
+        const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
+
+        await check(fields)
+      })
+
+      it('Should fail with a bad channel display name', async function () {
+        const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
+
+        await check(fields)
+      })
+
+      it('Should fail with a channel name that is the same as username', async function () {
+        const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
+        const fields = { ...baseCorrectParams, ...source }
+
+        await check(fields)
+      })
+
+      it('Should fail with an existing channel', async function () {
+        const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
+        await server.channels.create({ attributes })
+
+        const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
+
+        await check(fields, HttpStatusCode.CONFLICT_409)
+      })
+
+      it('Should fail on a server with registration disabled', async function () {
+        this.timeout(60000)
+
+        await server.config.updateExistingSubConfig({
+          newConfig: {
+            signup: {
+              enabled: false
+            }
+          }
+        })
+
+        await server.registrations.register({ username: 'user4', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+        await server.registrations.requestRegistration({
+          username: 'user4',
+          registrationReason: 'reason',
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      })
+
+      it('Should fail if the user limit is reached', async function () {
+        this.timeout(60000)
+
+        const { total } = await server.users.list()
+
+        await server.config.enableSignup(false, total)
+        await server.registrations.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+
+        await server.config.enableSignup(true, total)
+        await server.registrations.requestRegistration({
+          username: 'user42',
+          registrationReason: 'reason',
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      })
+
+      it('Should succeed if the user limit is not reached', async function () {
+        this.timeout(60000)
+
+        const { total } = await server.users.list()
+
+        await server.config.enableSignup(false, total + 1)
+        await server.registrations.register({ username: 'user43', expectedStatus: HttpStatusCode.NO_CONTENT_204 })
+
+        await server.config.enableSignup(true, total + 2)
+        await server.registrations.requestRegistration({
+          username: 'user44',
+          registrationReason: 'reason',
+          expectedStatus: HttpStatusCode.OK_200
+        })
+      })
+    })
+
+    describe('On direct registration', function () {
+
+      it('Should succeed with the correct params', async function () {
+        await server.config.enableSignup(false)
+
+        const fields = {
+          username: 'user_direct_1',
+          displayName: 'super user direct 1',
+          email: 'user_direct_1@example.com',
+          password: 'my super password',
+          channel: { name: 'super_user_direct_1_channel', displayName: 'super user direct 1 channel' }
+        }
+
+        await makePostBodyRequest({ url: server.url, path: registrationPath, fields, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
+      })
+
+      it('Should fail if the instance requires approval', async function () {
+        this.timeout(60000)
+
+        await server.config.enableSignup(true)
+        await server.registrations.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+      })
+    })
+
+    describe('On registration request', function () {
+
+      before(async function () {
+        this.timeout(60000)
+
+        await server.config.enableSignup(true)
+      })
+
+      it('Should fail with an invalid registration reason', async function () {
+        for (const registrationReason of [ '', 't', 't'.repeat(5000) ]) {
+          await server.registrations.requestRegistration({
+            username: 'user_request_1',
+            registrationReason,
+            expectedStatus: HttpStatusCode.BAD_REQUEST_400
+          })
+        }
+      })
+
+      it('Should succeed with the correct params', async function () {
+        await server.registrations.requestRegistration({
+          username: 'user_request_2',
+          registrationReason: 'tt',
+          channel: {
+            displayName: 'my user request 2 channel',
+            name: 'user_request_2_channel'
+          }
+        })
+      })
+
+      it('Should fail if the user is already awaiting registration approval', async function () {
+        await server.registrations.requestRegistration({
+          username: 'user_request_2',
+          registrationReason: 'tt',
+          channel: {
+            displayName: 'my user request 42 channel',
+            name: 'user_request_42_channel'
+          },
+          expectedStatus: HttpStatusCode.CONFLICT_409
+        })
+      })
+
+      it('Should fail if the channel is already awaiting registration approval', async function () {
+        await server.registrations.requestRegistration({
+          username: 'user42',
+          registrationReason: 'tt',
+          channel: {
+            displayName: 'my user request 2 channel',
+            name: 'user_request_2_channel'
+          },
+          expectedStatus: HttpStatusCode.CONFLICT_409
+        })
+      })
+
+      it('Should fail if the instance does not require approval', async function () {
+        this.timeout(60000)
+
+        await server.config.enableSignup(false)
+
+        await server.registrations.requestRegistration({
+          username: 'user42',
+          registrationReason: 'toto',
+          expectedStatus: HttpStatusCode.BAD_REQUEST_400
+        })
+      })
+    })
+  })
+
+  describe('Registrations accept/reject', function () {
+    let id1: number
+    let id2: number
+
+    before(async function () {
+      this.timeout(60000)
+
+      await server.config.enableSignup(true);
+
+      ({ id: id1 } = await server.registrations.requestRegistration({ username: 'request_2', registrationReason: 'toto' }));
+      ({ id: id2 } = await server.registrations.requestRegistration({ username: 'request_3', registrationReason: 'toto' }))
+    })
+
+    it('Should fail to accept/reject registration without token', async function () {
+      const options = { id: id1, moderationResponse: 'tt', token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }
+      await server.registrations.accept(options)
+      await server.registrations.reject(options)
+    })
+
+    it('Should fail to accept/reject registration with a non moderator user', async function () {
+      const options = { id: id1, moderationResponse: 'tt', token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }
+      await server.registrations.accept(options)
+      await server.registrations.reject(options)
+    })
+
+    it('Should fail to accept/reject registration with a bad registration id', async function () {
+      {
+        const options = { id: 't' as any, moderationResponse: 'tt', token: moderatorToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
+        await server.registrations.accept(options)
+        await server.registrations.reject(options)
+      }
+
+      {
+        const options = { id: 42, moderationResponse: 'tt', token: moderatorToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 }
+        await server.registrations.accept(options)
+        await server.registrations.reject(options)
+      }
+    })
+
+    it('Should fail to accept/reject registration with a bad moderation resposne', async function () {
+      for (const moderationResponse of [ '', 't', 't'.repeat(5000) ]) {
+        const options = { id: id1, moderationResponse, token: moderatorToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }
+        await server.registrations.accept(options)
+        await server.registrations.reject(options)
+      }
+    })
+
+    it('Should succeed to accept a registration', async function () {
+      await server.registrations.accept({ id: id1, moderationResponse: 'tt', token: moderatorToken })
+    })
+
+    it('Should succeed to reject a registration', async function () {
+      await server.registrations.reject({ id: id2, moderationResponse: 'tt', token: moderatorToken })
+    })
+
+    it('Should fail to accept/reject a registration that was already accepted/rejected', async function () {
+      for (const id of [ id1, id2 ]) {
+        const options = { id, moderationResponse: 'tt', token: moderatorToken, expectedStatus: HttpStatusCode.CONFLICT_409 }
+        await server.registrations.accept(options)
+        await server.registrations.reject(options)
+      }
+    })
+  })
+
+  describe('Registrations deletion', function () {
+    let id1: number
+    let id2: number
+    let id3: number
+
+    before(async function () {
+      ({ id: id1 } = await server.registrations.requestRegistration({ username: 'request_4', registrationReason: 'toto' }));
+      ({ id: id2 } = await server.registrations.requestRegistration({ username: 'request_5', registrationReason: 'toto' }));
+      ({ id: id3 } = await server.registrations.requestRegistration({ username: 'request_6', registrationReason: 'toto' }))
+
+      await server.registrations.accept({ id: id2, moderationResponse: 'tt' })
+      await server.registrations.reject({ id: id3, moderationResponse: 'tt' })
+    })
+
+    it('Should fail to delete registration without token', async function () {
+      await server.registrations.delete({ id: id1, token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+
+    it('Should fail to delete registration with a non moderator user', async function () {
+      await server.registrations.delete({ id: id1, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    })
+
+    it('Should fail to delete registration with a bad registration id', async function () {
+      await server.registrations.delete({ id: 't' as any, token: moderatorToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      await server.registrations.delete({ id: 42, token: moderatorToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
+    })
+
+    it('Should succeed with the correct params', async function () {
+      await server.registrations.delete({ id: id1, token: moderatorToken })
+      await server.registrations.delete({ id: id2, token: moderatorToken })
+      await server.registrations.delete({ id: id3, token: moderatorToken })
+    })
+  })
+
+  describe('Listing registrations', function () {
+    const path = '/api/v1/users/registrations'
+
+    it('Should fail with a bad start pagination', async function () {
+      await checkBadStartPagination(server.url, path, server.accessToken)
+    })
+
+    it('Should fail with a bad count pagination', async function () {
+      await checkBadCountPagination(server.url, path, server.accessToken)
+    })
+
+    it('Should fail with an incorrect sort', async function () {
+      await checkBadSortPagination(server.url, path, server.accessToken)
+    })
+
+    it('Should fail with a non authenticated user', async function () {
+      await server.registrations.list({
+        token: null,
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+
+    it('Should fail with a non admin user', async function () {
+      await server.registrations.list({
+        token: userToken,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
+
+    it('Should succeed with the correct params', async function () {
+      await server.registrations.list({
+        token: moderatorToken,
+        search: 'toto'
+      })
+    })
+  })
+
+  after(async function () {
+    await cleanupTests([ server ])
+  })
+})
diff --git a/server/tests/api/check-params/upload-quota.ts b/server/tests/api/check-params/upload-quota.ts
index 70e6f4af9..fdc711bd5 100644
--- a/server/tests/api/check-params/upload-quota.ts
+++ b/server/tests/api/check-params/upload-quota.ts
@@ -42,7 +42,7 @@ describe('Test upload quota', function () {
       this.timeout(30000)
 
       const user = { username: 'registered' + randomInt(1, 1500), password: 'password' }
-      await server.users.register(user)
+      await server.registrations.register(user)
       const userToken = await server.login.getAccessToken(user)
 
       const attributes = { fixture: 'video_short2.webm' }
@@ -57,7 +57,7 @@ describe('Test upload quota', function () {
       this.timeout(30000)
 
       const user = { username: 'registered' + randomInt(1, 1500), password: 'password' }
-      await server.users.register(user)
+      await server.registrations.register(user)
       const userToken = await server.login.getAccessToken(user)
 
       const attributes = { fixture: 'video_short2.webm' }
diff --git a/server/tests/api/check-params/users-admin.ts b/server/tests/api/check-params/users-admin.ts
index 7ba709c4a..be2496bb4 100644
--- a/server/tests/api/check-params/users-admin.ts
+++ b/server/tests/api/check-params/users-admin.ts
@@ -5,6 +5,7 @@ import { omit } from '@shared/core-utils'
 import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models'
 import {
   cleanupTests,
+  ConfigCommand,
   createSingleServer,
   killallServers,
   makeGetRequest,
@@ -156,13 +157,7 @@ describe('Test users admin API validators', function () {
 
       await killallServers([ server ])
 
-      const config = {
-        smtp: {
-          hostname: '127.0.0.1',
-          port: emailPort
-        }
-      }
-      await server.run(config)
+      await server.run(ConfigCommand.getEmailOverrideConfig(emailPort))
 
       const fields = {
         ...baseCorrectParams,
diff --git a/server/tests/api/check-params/users-emails.ts b/server/tests/api/check-params/users-emails.ts
new file mode 100644
index 000000000..8cfb1d15f
--- /dev/null
+++ b/server/tests/api/check-params/users-emails.ts
@@ -0,0 +1,119 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import { MockSmtpServer } from '@server/tests/shared'
+import { HttpStatusCode, UserRole } from '@shared/models'
+import { cleanupTests, createSingleServer, makePostBodyRequest, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
+
+describe('Test users API validators', function () {
+  let server: PeerTubeServer
+
+  // ---------------------------------------------------------------
+
+  before(async function () {
+    this.timeout(30000)
+
+    server = await createSingleServer(1, {
+      rates_limit: {
+        ask_send_email: {
+          max: 10
+        }
+      }
+    })
+
+    await setAccessTokensToServers([ server ])
+    await server.config.enableSignup(true)
+
+    await server.users.generate('moderator2', UserRole.MODERATOR)
+
+    await server.registrations.requestRegistration({
+      username: 'request1',
+      registrationReason: 'tt'
+    })
+  })
+
+  describe('When asking a password reset', function () {
+    const path = '/api/v1/users/ask-reset-password'
+
+    it('Should fail with a missing email', async function () {
+      const fields = {}
+
+      await makePostBodyRequest({ url: server.url, path, fields })
+    })
+
+    it('Should fail with an invalid email', async function () {
+      const fields = { email: 'hello' }
+
+      await makePostBodyRequest({ url: server.url, path, fields })
+    })
+
+    it('Should success with the correct params', async function () {
+      const fields = { email: 'admin@example.com' }
+
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        fields,
+        expectedStatus: HttpStatusCode.NO_CONTENT_204
+      })
+    })
+  })
+
+  describe('When asking for an account verification email', function () {
+    const path = '/api/v1/users/ask-send-verify-email'
+
+    it('Should fail with a missing email', async function () {
+      const fields = {}
+
+      await makePostBodyRequest({ url: server.url, path, fields })
+    })
+
+    it('Should fail with an invalid email', async function () {
+      const fields = { email: 'hello' }
+
+      await makePostBodyRequest({ url: server.url, path, fields })
+    })
+
+    it('Should succeed with the correct params', async function () {
+      const fields = { email: 'admin@example.com' }
+
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        fields,
+        expectedStatus: HttpStatusCode.NO_CONTENT_204
+      })
+    })
+  })
+
+  describe('When asking for a registration verification email', function () {
+    const path = '/api/v1/users/registrations/ask-send-verify-email'
+
+    it('Should fail with a missing email', async function () {
+      const fields = {}
+
+      await makePostBodyRequest({ url: server.url, path, fields })
+    })
+
+    it('Should fail with an invalid email', async function () {
+      const fields = { email: 'hello' }
+
+      await makePostBodyRequest({ url: server.url, path, fields })
+    })
+
+    it('Should succeed with the correct params', async function () {
+      const fields = { email: 'request1@example.com' }
+
+      await makePostBodyRequest({
+        url: server.url,
+        path,
+        fields,
+        expectedStatus: HttpStatusCode.NO_CONTENT_204
+      })
+    })
+  })
+
+  after(async function () {
+    MockSmtpServer.Instance.kill()
+
+    await cleanupTests([ server ])
+  })
+})
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
deleted file mode 100644
index 7acfd8c2c..000000000
--- a/server/tests/api/check-params/users.ts
+++ /dev/null
@@ -1,255 +0,0 @@
-/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
-import { MockSmtpServer } from '@server/tests/shared'
-import { omit } from '@shared/core-utils'
-import { HttpStatusCode, UserRole } from '@shared/models'
-import { cleanupTests, createSingleServer, makePostBodyRequest, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
-
-describe('Test users API validators', function () {
-  const path = '/api/v1/users/'
-  let server: PeerTubeServer
-  let serverWithRegistrationDisabled: PeerTubeServer
-
-  // ---------------------------------------------------------------
-
-  before(async function () {
-    this.timeout(30000)
-
-    const res = await Promise.all([
-      createSingleServer(1, { signup: { limit: 3 } }),
-      createSingleServer(2)
-    ])
-
-    server = res[0]
-    serverWithRegistrationDisabled = res[1]
-
-    await setAccessTokensToServers([ server ])
-
-    await server.users.generate('moderator2', UserRole.MODERATOR)
-  })
-
-  describe('When registering a new user', function () {
-    const registrationPath = path + '/register'
-    const baseCorrectParams = {
-      username: 'user3',
-      displayName: 'super user',
-      email: 'test3@example.com',
-      password: 'my super password'
-    }
-
-    it('Should fail with a too small username', async function () {
-      const fields = { ...baseCorrectParams, username: '' }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with a too long username', async function () {
-      const fields = { ...baseCorrectParams, username: 'super'.repeat(50) }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with an incorrect username', async function () {
-      const fields = { ...baseCorrectParams, username: 'my username' }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with a missing email', async function () {
-      const fields = omit(baseCorrectParams, [ 'email' ])
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with an invalid email', async function () {
-      const fields = { ...baseCorrectParams, email: 'test_example.com' }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with a too small password', async function () {
-      const fields = { ...baseCorrectParams, password: 'bla' }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with a too long password', async function () {
-      const fields = { ...baseCorrectParams, password: 'super'.repeat(61) }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail if we register a user with the same username', async function () {
-      const fields = { ...baseCorrectParams, username: 'root' }
-
-      await makePostBodyRequest({
-        url: server.url,
-        path: registrationPath,
-        token: server.accessToken,
-        fields,
-        expectedStatus: HttpStatusCode.CONFLICT_409
-      })
-    })
-
-    it('Should fail with a "peertube" username', async function () {
-      const fields = { ...baseCorrectParams, username: 'peertube' }
-
-      await makePostBodyRequest({
-        url: server.url,
-        path: registrationPath,
-        token: server.accessToken,
-        fields,
-        expectedStatus: HttpStatusCode.CONFLICT_409
-      })
-    })
-
-    it('Should fail if we register a user with the same email', async function () {
-      const fields = { ...baseCorrectParams, email: 'admin' + server.internalServerNumber + '@example.com' }
-
-      await makePostBodyRequest({
-        url: server.url,
-        path: registrationPath,
-        token: server.accessToken,
-        fields,
-        expectedStatus: HttpStatusCode.CONFLICT_409
-      })
-    })
-
-    it('Should fail with a bad display name', async function () {
-      const fields = { ...baseCorrectParams, displayName: 'a'.repeat(150) }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with a bad channel name', async function () {
-      const fields = { ...baseCorrectParams, channel: { name: '[]azf', displayName: 'toto' } }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with a bad channel display name', async function () {
-      const fields = { ...baseCorrectParams, channel: { name: 'toto', displayName: '' } }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with a channel name that is the same as username', async function () {
-      const source = { username: 'super_user', channel: { name: 'super_user', displayName: 'display name' } }
-      const fields = { ...baseCorrectParams, ...source }
-
-      await makePostBodyRequest({ url: server.url, path: registrationPath, token: server.accessToken, fields })
-    })
-
-    it('Should fail with an existing channel', async function () {
-      const attributes = { name: 'existing_channel', displayName: 'hello', description: 'super description' }
-      await server.channels.create({ attributes })
-
-      const fields = { ...baseCorrectParams, channel: { name: 'existing_channel', displayName: 'toto' } }
-
-      await makePostBodyRequest({
-        url: server.url,
-        path: registrationPath,
-        token: server.accessToken,
-        fields,
-        expectedStatus: HttpStatusCode.CONFLICT_409
-      })
-    })
-
-    it('Should succeed with the correct params', async function () {
-      const fields = { ...baseCorrectParams, channel: { name: 'super_channel', displayName: 'toto' } }
-
-      await makePostBodyRequest({
-        url: server.url,
-        path: registrationPath,
-        token: server.accessToken,
-        fields,
-        expectedStatus: HttpStatusCode.NO_CONTENT_204
-      })
-    })
-
-    it('Should fail on a server with registration disabled', async function () {
-      const fields = {
-        username: 'user4',
-        email: 'test4@example.com',
-        password: 'my super password 4'
-      }
-
-      await makePostBodyRequest({
-        url: serverWithRegistrationDisabled.url,
-        path: registrationPath,
-        token: serverWithRegistrationDisabled.accessToken,
-        fields,
-        expectedStatus: HttpStatusCode.FORBIDDEN_403
-      })
-    })
-  })
-
-  describe('When registering multiple users on a server with users limit', function () {
-
-    it('Should fail when after 3 registrations', async function () {
-      await server.users.register({ username: 'user42', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
-    })
-
-  })
-
-  describe('When asking a password reset', function () {
-    const path = '/api/v1/users/ask-reset-password'
-
-    it('Should fail with a missing email', async function () {
-      const fields = {}
-
-      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
-    })
-
-    it('Should fail with an invalid email', async function () {
-      const fields = { email: 'hello' }
-
-      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
-    })
-
-    it('Should success with the correct params', async function () {
-      const fields = { email: 'admin@example.com' }
-
-      await makePostBodyRequest({
-        url: server.url,
-        path,
-        token: server.accessToken,
-        fields,
-        expectedStatus: HttpStatusCode.NO_CONTENT_204
-      })
-    })
-  })
-
-  describe('When asking for an account verification email', function () {
-    const path = '/api/v1/users/ask-send-verify-email'
-
-    it('Should fail with a missing email', async function () {
-      const fields = {}
-
-      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
-    })
-
-    it('Should fail with an invalid email', async function () {
-      const fields = { email: 'hello' }
-
-      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
-    })
-
-    it('Should succeed with the correct params', async function () {
-      const fields = { email: 'admin@example.com' }
-
-      await makePostBodyRequest({
-        url: server.url,
-        path,
-        token: server.accessToken,
-        fields,
-        expectedStatus: HttpStatusCode.NO_CONTENT_204
-      })
-    })
-  })
-
-  after(async function () {
-    MockSmtpServer.Instance.kill()
-
-    await cleanupTests([ server, serverWithRegistrationDisabled ])
-  })
-})
diff --git a/server/tests/api/live/live-fast-restream.ts b/server/tests/api/live/live-fast-restream.ts
index c0bb8d529..9e6d10dbd 100644
--- a/server/tests/api/live/live-fast-restream.ts
+++ b/server/tests/api/live/live-fast-restream.ts
@@ -78,9 +78,15 @@ describe('Fast restream in live', function () {
       const video = await server.videos.get({ id: liveId })
       expect(video.streamingPlaylists).to.have.lengthOf(1)
 
-      await server.live.getSegmentFile({ videoUUID: liveId, segment: 0, playlistNumber: 0 })
-      await makeRawRequest({ url: video.streamingPlaylists[0].playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
-      await makeRawRequest({ url: video.streamingPlaylists[0].segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
+      try {
+        await server.live.getSegmentFile({ videoUUID: liveId, segment: 0, playlistNumber: 0 })
+        await makeRawRequest({ url: video.streamingPlaylists[0].playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
+        await makeRawRequest({ url: video.streamingPlaylists[0].segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
+      } catch (err) {
+        // FIXME: try to debug error in CI "Unexpected end of JSON input"
+        console.error(err)
+        throw err
+      }
 
       await wait(100)
     }
@@ -89,6 +95,9 @@ describe('Fast restream in live', function () {
   async function runTest (replay: boolean) {
     const { ffmpegCommand, liveVideoUUID } = await fastRestreamWrapper({ replay })
 
+    // TODO: remove, we try to debug a test timeout failure here
+    console.log('Ensuring last live works')
+
     await ensureLastLiveWorks(liveVideoUUID)
 
     await stopFfmpeg(ffmpegCommand)
@@ -129,7 +138,7 @@ describe('Fast restream in live', function () {
     await server.config.enableLive({ allowReplay: true, transcoding: true, resolutions: 'min' })
   })
 
-  it('Should correctly fast reastream in a permanent live with and without save replay', async function () {
+  it('Should correctly fast restream in a permanent live with and without save replay', async function () {
     this.timeout(480000)
 
     // A test can take a long time, so prefer to run them in parallel
diff --git a/server/tests/api/notifications/index.ts b/server/tests/api/notifications/index.ts
index 8caa30a3d..c0216b74f 100644
--- a/server/tests/api/notifications/index.ts
+++ b/server/tests/api/notifications/index.ts
@@ -2,4 +2,5 @@ import './admin-notifications'
 import './comments-notifications'
 import './moderation-notifications'
 import './notifications-api'
+import './registrations-notifications'
 import './user-notifications'
diff --git a/server/tests/api/notifications/moderation-notifications.ts b/server/tests/api/notifications/moderation-notifications.ts
index b127a7a31..bb11a08aa 100644
--- a/server/tests/api/notifications/moderation-notifications.ts
+++ b/server/tests/api/notifications/moderation-notifications.ts
@@ -11,7 +11,6 @@ import {
   checkNewInstanceFollower,
   checkNewVideoAbuseForModerators,
   checkNewVideoFromSubscription,
-  checkUserRegistered,
   checkVideoAutoBlacklistForModerators,
   checkVideoIsPublished,
   MockInstancesIndex,
@@ -34,7 +33,7 @@ describe('Test moderation notifications', function () {
   let emails: object[] = []
 
   before(async function () {
-    this.timeout(120000)
+    this.timeout(50000)
 
     const res = await prepareNotificationsTest(3)
     emails = res.emails
@@ -60,7 +59,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should not send a notification to moderators on local abuse reported by an admin', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -72,7 +71,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on local video abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -84,7 +83,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on remote video abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -99,7 +98,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on local comment abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -118,7 +117,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on remote comment abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -140,7 +139,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on local account abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const username = 'user' + new Date().getTime()
       const { account } = await servers[0].users.create({ username, password: 'donald' })
@@ -153,7 +152,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on remote account abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const username = 'user' + new Date().getTime()
       const tmpToken = await servers[0].users.generateUserAndToken(username)
@@ -327,32 +326,6 @@ describe('Test moderation notifications', function () {
     })
   })
 
-  describe('New registration', function () {
-    let baseParams: CheckerBaseParams
-
-    before(() => {
-      baseParams = {
-        server: servers[0],
-        emails,
-        socketNotifications: adminNotifications,
-        token: servers[0].accessToken
-      }
-    })
-
-    it('Should send a notification only to moderators when a user registers on the instance', async function () {
-      this.timeout(10000)
-
-      await servers[0].users.register({ username: 'user_45' })
-
-      await waitJobs(servers)
-
-      await checkUserRegistered({ ...baseParams, username: 'user_45', checkType: 'presence' })
-
-      const userOverride = { socketNotifications: userNotifications, token: userToken1, check: { web: true, mail: false } }
-      await checkUserRegistered({ ...baseParams, ...userOverride, username: 'user_45', checkType: 'absence' })
-    })
-  })
-
   describe('New instance follows', function () {
     const instanceIndexServer = new MockInstancesIndex()
     let config: any
@@ -512,10 +485,14 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should not send video publish notification if auto-blacklisted', async function () {
+      this.timeout(120000)
+
       await checkVideoIsPublished({ ...userBaseParams, videoName, shortUUID, checkType: 'absence' })
     })
 
     it('Should not send a local user subscription notification if auto-blacklisted', async function () {
+      this.timeout(120000)
+
       await checkNewVideoFromSubscription({ ...adminBaseParamsServer1, videoName, shortUUID, checkType: 'absence' })
     })
 
@@ -524,7 +501,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send video published and unblacklist after video unblacklisted', async function () {
-      this.timeout(40000)
+      this.timeout(120000)
 
       await servers[0].blacklist.remove({ videoId: uuid })
 
@@ -537,10 +514,14 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a local user subscription notification after removed from blacklist', async function () {
+      this.timeout(120000)
+
       await checkNewVideoFromSubscription({ ...adminBaseParamsServer1, videoName, shortUUID, checkType: 'presence' })
     })
 
     it('Should send a remote user subscription notification after removed from blacklist', async function () {
+      this.timeout(120000)
+
       await checkNewVideoFromSubscription({ ...adminBaseParamsServer2, videoName, shortUUID, checkType: 'presence' })
     })
 
@@ -576,7 +557,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should not send publish/subscription notifications after scheduled update if video still auto-blacklisted', async function () {
-      this.timeout(40000)
+      this.timeout(120000)
 
       // In 2 seconds
       const updateAt = new Date(new Date().getTime() + 2000)
diff --git a/server/tests/api/notifications/registrations-notifications.ts b/server/tests/api/notifications/registrations-notifications.ts
new file mode 100644
index 000000000..b5a7c2bb5
--- /dev/null
+++ b/server/tests/api/notifications/registrations-notifications.ts
@@ -0,0 +1,88 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+
+import {
+  CheckerBaseParams,
+  checkRegistrationRequest,
+  checkUserRegistered,
+  MockSmtpServer,
+  prepareNotificationsTest
+} from '@server/tests/shared'
+import { UserNotification } from '@shared/models'
+import { cleanupTests, PeerTubeServer, waitJobs } from '@shared/server-commands'
+
+describe('Test registrations notifications', function () {
+  let server: PeerTubeServer
+  let userToken1: string
+
+  let userNotifications: UserNotification[] = []
+  let adminNotifications: UserNotification[] = []
+  let emails: object[] = []
+
+  let baseParams: CheckerBaseParams
+
+  before(async function () {
+    this.timeout(50000)
+
+    const res = await prepareNotificationsTest(1)
+
+    server = res.servers[0]
+    emails = res.emails
+    userToken1 = res.userAccessToken
+    adminNotifications = res.adminNotifications
+    userNotifications = res.userNotifications
+
+    baseParams = {
+      server,
+      emails,
+      socketNotifications: adminNotifications,
+      token: server.accessToken
+    }
+  })
+
+  describe('New direct registration for moderators', function () {
+
+    before(async function () {
+      await server.config.enableSignup(false)
+    })
+
+    it('Should send a notification only to moderators when a user registers on the instance', async function () {
+      this.timeout(50000)
+
+      await server.registrations.register({ username: 'user_10' })
+
+      await waitJobs([ server ])
+
+      await checkUserRegistered({ ...baseParams, username: 'user_10', checkType: 'presence' })
+
+      const userOverride = { socketNotifications: userNotifications, token: userToken1, check: { web: true, mail: false } }
+      await checkUserRegistered({ ...baseParams, ...userOverride, username: 'user_10', checkType: 'absence' })
+    })
+  })
+
+  describe('New registration request for moderators', function () {
+
+    before(async function () {
+      await server.config.enableSignup(true)
+    })
+
+    it('Should send a notification on new registration request', async function () {
+      this.timeout(50000)
+
+      const registrationReason = 'my reason'
+      await server.registrations.requestRegistration({ username: 'user_11', registrationReason })
+
+      await waitJobs([ server ])
+
+      await checkRegistrationRequest({ ...baseParams, username: 'user_11', registrationReason, checkType: 'presence' })
+
+      const userOverride = { socketNotifications: userNotifications, token: userToken1, check: { web: true, mail: false } }
+      await checkRegistrationRequest({ ...baseParams, ...userOverride, username: 'user_11', registrationReason, checkType: 'absence' })
+    })
+  })
+
+  after(async function () {
+    MockSmtpServer.Instance.kill()
+
+    await cleanupTests([ server ])
+  })
+})
diff --git a/server/tests/api/object-storage/video-static-file-privacy.ts b/server/tests/api/object-storage/video-static-file-privacy.ts
index 71ad35a43..869d437d5 100644
--- a/server/tests/api/object-storage/video-static-file-privacy.ts
+++ b/server/tests/api/object-storage/video-static-file-privacy.ts
@@ -120,7 +120,7 @@ describe('Object storage for video static file privacy', function () {
     // ---------------------------------------------------------------------------
 
     it('Should upload a private video and have appropriate object storage ACL', async function () {
-      this.timeout(60000)
+      this.timeout(120000)
 
       {
         const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
@@ -138,7 +138,7 @@ describe('Object storage for video static file privacy', function () {
     })
 
     it('Should upload a public video and have appropriate object storage ACL', async function () {
-      this.timeout(60000)
+      this.timeout(120000)
 
       const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.UNLISTED })
       await waitJobs([ server ])
diff --git a/server/tests/api/server/config-defaults.ts b/server/tests/api/server/config-defaults.ts
index 4fa37d0e2..d3b3a2447 100644
--- a/server/tests/api/server/config-defaults.ts
+++ b/server/tests/api/server/config-defaults.ts
@@ -149,7 +149,7 @@ describe('Test config defaults', function () {
       })
 
       it('Should register a user with this default setting', async function () {
-        await server.users.register({ username: 'user_p2p_2' })
+        await server.registrations.register({ username: 'user_p2p_2' })
 
         const userToken = await server.login.getAccessToken('user_p2p_2')
 
@@ -194,7 +194,7 @@ describe('Test config defaults', function () {
       })
 
       it('Should register a user with this default setting', async function () {
-        await server.users.register({ username: 'user_p2p_4' })
+        await server.registrations.register({ username: 'user_p2p_4' })
 
         const userToken = await server.login.getAccessToken('user_p2p_4')
 
diff --git a/server/tests/api/server/config.ts b/server/tests/api/server/config.ts
index 22446fe0c..b91519660 100644
--- a/server/tests/api/server/config.ts
+++ b/server/tests/api/server/config.ts
@@ -50,6 +50,7 @@ function checkInitialConfig (server: PeerTubeServer, data: CustomConfig) {
   expect(data.signup.enabled).to.be.true
   expect(data.signup.limit).to.equal(4)
   expect(data.signup.minimumAge).to.equal(16)
+  expect(data.signup.requiresApproval).to.be.false
   expect(data.signup.requiresEmailVerification).to.be.false
 
   expect(data.admin.email).to.equal('admin' + server.internalServerNumber + '@example.com')
@@ -152,6 +153,7 @@ function checkUpdatedConfig (data: CustomConfig) {
 
   expect(data.signup.enabled).to.be.false
   expect(data.signup.limit).to.equal(5)
+  expect(data.signup.requiresApproval).to.be.false
   expect(data.signup.requiresEmailVerification).to.be.false
   expect(data.signup.minimumAge).to.equal(10)
 
@@ -285,6 +287,7 @@ const newCustomConfig: CustomConfig = {
   signup: {
     enabled: false,
     limit: 5,
+    requiresApproval: false,
     requiresEmailVerification: false,
     minimumAge: 10
   },
@@ -468,9 +471,9 @@ describe('Test config', function () {
     this.timeout(5000)
 
     await Promise.all([
-      server.users.register({ username: 'user1' }),
-      server.users.register({ username: 'user2' }),
-      server.users.register({ username: 'user3' })
+      server.registrations.register({ username: 'user1' }),
+      server.registrations.register({ username: 'user2' }),
+      server.registrations.register({ username: 'user3' })
     ])
 
     const data = await server.config.getConfig()
diff --git a/server/tests/api/server/contact-form.ts b/server/tests/api/server/contact-form.ts
index 325218008..dd971203a 100644
--- a/server/tests/api/server/contact-form.ts
+++ b/server/tests/api/server/contact-form.ts
@@ -6,6 +6,7 @@ import { wait } from '@shared/core-utils'
 import { HttpStatusCode } from '@shared/models'
 import {
   cleanupTests,
+  ConfigCommand,
   ContactFormCommand,
   createSingleServer,
   PeerTubeServer,
@@ -23,13 +24,7 @@ describe('Test contact form', function () {
 
     const port = await MockSmtpServer.Instance.collectEmails(emails)
 
-    const overrideConfig = {
-      smtp: {
-        hostname: '127.0.0.1',
-        port
-      }
-    }
-    server = await createSingleServer(1, overrideConfig)
+    server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(port))
     await setAccessTokensToServers([ server ])
 
     command = server.contactForm
diff --git a/server/tests/api/server/email.ts b/server/tests/api/server/email.ts
index 4ab5463fe..db7aa65bd 100644
--- a/server/tests/api/server/email.ts
+++ b/server/tests/api/server/email.ts
@@ -3,7 +3,14 @@
 import { expect } from 'chai'
 import { MockSmtpServer } from '@server/tests/shared'
 import { HttpStatusCode } from '@shared/models'
-import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers, waitJobs } from '@shared/server-commands'
+import {
+  cleanupTests,
+  ConfigCommand,
+  createSingleServer,
+  PeerTubeServer,
+  setAccessTokensToServers,
+  waitJobs
+} from '@shared/server-commands'
 
 describe('Test emails', function () {
   let server: PeerTubeServer
@@ -24,21 +31,15 @@ describe('Test emails', function () {
     username: 'user_1',
     password: 'super_password'
   }
-  let emailPort: number
 
   before(async function () {
     this.timeout(50000)
 
-    emailPort = await MockSmtpServer.Instance.collectEmails(emails)
+    const emailPort = await MockSmtpServer.Instance.collectEmails(emails)
+    server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(emailPort))
 
-    const overrideConfig = {
-      smtp: {
-        hostname: '127.0.0.1',
-        port: emailPort
-      }
-    }
-    server = await createSingleServer(1, overrideConfig)
     await setAccessTokensToServers([ server ])
+    await server.config.enableSignup(true)
 
     {
       const created = await server.users.create({ username: user.username, password: user.password })
@@ -322,6 +323,62 @@ describe('Test emails', function () {
     })
   })
 
+  describe('When verifying a registration email', function () {
+    let registrationId: number
+    let registrationIdEmail: number
+
+    before(async function () {
+      const { id } = await server.registrations.requestRegistration({
+        username: 'request_1',
+        email: 'request_1@example.com',
+        registrationReason: 'tt'
+      })
+      registrationId = id
+    })
+
+    it('Should ask to send the verification email', async function () {
+      this.timeout(10000)
+
+      await server.registrations.askSendVerifyEmail({ email: 'request_1@example.com' })
+
+      await waitJobs(server)
+      expect(emails).to.have.lengthOf(9)
+
+      const email = emails[8]
+
+      expect(email['from'][0]['name']).equal('PeerTube')
+      expect(email['from'][0]['address']).equal('test-admin@127.0.0.1')
+      expect(email['to'][0]['address']).equal('request_1@example.com')
+      expect(email['subject']).contains('Verify')
+
+      const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
+      expect(verificationStringMatches).not.to.be.null
+
+      verificationString = verificationStringMatches[1]
+      expect(verificationString).to.not.be.undefined
+      expect(verificationString).to.have.length.above(2)
+
+      const registrationIdMatches = /registrationId=([0-9]+)/.exec(email['text'])
+      expect(registrationIdMatches).not.to.be.null
+
+      registrationIdEmail = parseInt(registrationIdMatches[1], 10)
+
+      expect(registrationId).to.equal(registrationIdEmail)
+    })
+
+    it('Should not verify the email with an invalid verification string', async function () {
+      await server.registrations.verifyEmail({
+        registrationId: registrationIdEmail,
+        verificationString: verificationString + 'b',
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
+
+    it('Should verify the email', async function () {
+      await server.registrations.verifyEmail({ registrationId: registrationIdEmail, verificationString })
+    })
+  })
+
   after(async function () {
     MockSmtpServer.Instance.kill()
 
diff --git a/server/tests/api/server/reverse-proxy.ts b/server/tests/api/server/reverse-proxy.ts
index d882f0bde..11c96c4b5 100644
--- a/server/tests/api/server/reverse-proxy.ts
+++ b/server/tests/api/server/reverse-proxy.ts
@@ -106,13 +106,13 @@ describe('Test application behind a reverse proxy', function () {
   it('Should rate limit signup', async function () {
     for (let i = 0; i < 10; i++) {
       try {
-        await server.users.register({ username: 'test' + i })
+        await server.registrations.register({ username: 'test' + i })
       } catch {
         // empty
       }
     }
 
-    await server.users.register({ username: 'test42', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
+    await server.registrations.register({ username: 'test42', expectedStatus: HttpStatusCode.TOO_MANY_REQUESTS_429 })
   })
 
   it('Should not rate limit failed signup', async function () {
@@ -121,10 +121,10 @@ describe('Test application behind a reverse proxy', function () {
     await wait(7000)
 
     for (let i = 0; i < 3; i++) {
-      await server.users.register({ username: 'test' + i, expectedStatus: HttpStatusCode.CONFLICT_409 })
+      await server.registrations.register({ username: 'test' + i, expectedStatus: HttpStatusCode.CONFLICT_409 })
     }
 
-    await server.users.register({ username: 'test43', expectedStatus: HttpStatusCode.NO_CONTENT_204 })
+    await server.registrations.register({ username: 'test43', expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 
   })
 
diff --git a/server/tests/api/users/index.ts b/server/tests/api/users/index.ts
index 643f1a531..a4443a8ec 100644
--- a/server/tests/api/users/index.ts
+++ b/server/tests/api/users/index.ts
@@ -1,6 +1,8 @@
+import './oauth'
+import './registrations`'
 import './two-factor'
 import './user-subscriptions'
 import './user-videos'
 import './users'
 import './users-multiple-servers'
-import './users-verification'
+import './users-email-verification'
diff --git a/server/tests/api/users/oauth.ts b/server/tests/api/users/oauth.ts
new file mode 100644
index 000000000..6a3da5ea2
--- /dev/null
+++ b/server/tests/api/users/oauth.ts
@@ -0,0 +1,192 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+
+import { expect } from 'chai'
+import { wait } from '@shared/core-utils'
+import { HttpStatusCode, OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models'
+import { cleanupTests, createSingleServer, killallServers, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
+
+describe('Test oauth', function () {
+  let server: PeerTubeServer
+
+  before(async function () {
+    this.timeout(30000)
+
+    server = await createSingleServer(1, {
+      rates_limit: {
+        login: {
+          max: 30
+        }
+      }
+    })
+
+    await setAccessTokensToServers([ server ])
+  })
+
+  describe('OAuth client', function () {
+
+    function expectInvalidClient (body: PeerTubeProblemDocument) {
+      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
+      expect(body.error).to.contain('client is invalid')
+      expect(body.type.startsWith('https://')).to.be.true
+      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
+    }
+
+    it('Should create a new client')
+
+    it('Should return the first client')
+
+    it('Should remove the last client')
+
+    it('Should not login with an invalid client id', async function () {
+      const client = { id: 'client', secret: server.store.client.secret }
+      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+
+      expectInvalidClient(body)
+    })
+
+    it('Should not login with an invalid client secret', async function () {
+      const client = { id: server.store.client.id, secret: 'coucou' }
+      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+
+      expectInvalidClient(body)
+    })
+  })
+
+  describe('Login', function () {
+
+    function expectInvalidCredentials (body: PeerTubeProblemDocument) {
+      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
+      expect(body.error).to.contain('credentials are invalid')
+      expect(body.type.startsWith('https://')).to.be.true
+      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
+    }
+
+    it('Should not login with an invalid username', async function () {
+      const user = { username: 'captain crochet', password: server.store.user.password }
+      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+
+      expectInvalidCredentials(body)
+    })
+
+    it('Should not login with an invalid password', async function () {
+      const user = { username: server.store.user.username, password: 'mew_three' }
+      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+
+      expectInvalidCredentials(body)
+    })
+
+    it('Should be able to login', async function () {
+      await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
+    })
+
+    it('Should be able to login with an insensitive username', async function () {
+      const user = { username: 'RoOt', password: server.store.user.password }
+      await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
+
+      const user2 = { username: 'rOoT', password: server.store.user.password }
+      await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
+
+      const user3 = { username: 'ROOt', password: server.store.user.password }
+      await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
+    })
+  })
+
+  describe('Logout', function () {
+
+    it('Should logout (revoke token)', async function () {
+      await server.login.logout({ token: server.accessToken })
+    })
+
+    it('Should not be able to get the user information', async function () {
+      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+
+    it('Should not be able to upload a video', async function () {
+      await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+
+    it('Should be able to login again', async function () {
+      const body = await server.login.login()
+      server.accessToken = body.access_token
+      server.refreshToken = body.refresh_token
+    })
+
+    it('Should be able to get my user information again', async function () {
+      await server.users.getMyInfo()
+    })
+
+    it('Should have an expired access token', async function () {
+      this.timeout(60000)
+
+      await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
+      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
+
+      await killallServers([ server ])
+      await server.run()
+
+      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+
+    it('Should not be able to refresh an access token with an expired refresh token', async function () {
+      await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    })
+
+    it('Should refresh the token', async function () {
+      this.timeout(50000)
+
+      const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
+      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
+
+      await killallServers([ server ])
+      await server.run()
+
+      const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
+      server.accessToken = res.body.access_token
+      server.refreshToken = res.body.refresh_token
+    })
+
+    it('Should be able to get my user information again', async function () {
+      await server.users.getMyInfo()
+    })
+  })
+
+  describe('Custom token lifetime', function () {
+    before(async function () {
+      this.timeout(120_000)
+
+      await server.kill()
+      await server.run({
+        oauth2: {
+          token_lifetime: {
+            access_token: '2 seconds',
+            refresh_token: '2 seconds'
+          }
+        }
+      })
+    })
+
+    it('Should have a very short access token lifetime', async function () {
+      this.timeout(50000)
+
+      const { access_token: accessToken } = await server.login.login()
+      await server.users.getMyInfo({ token: accessToken })
+
+      await wait(3000)
+      await server.users.getMyInfo({ token: accessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+
+    it('Should have a very short refresh token lifetime', async function () {
+      this.timeout(50000)
+
+      const { refresh_token: refreshToken } = await server.login.login()
+      await server.login.refreshToken({ refreshToken })
+
+      await wait(3000)
+      await server.login.refreshToken({ refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    })
+  })
+
+  after(async function () {
+    await cleanupTests([ server ])
+  })
+})
diff --git a/server/tests/api/users/registrations.ts b/server/tests/api/users/registrations.ts
new file mode 100644
index 000000000..e6524f07d
--- /dev/null
+++ b/server/tests/api/users/registrations.ts
@@ -0,0 +1,415 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+
+import { expect } from 'chai'
+import { MockSmtpServer } from '@server/tests/shared'
+import { UserRegistrationState, UserRole } from '@shared/models'
+import {
+  cleanupTests,
+  ConfigCommand,
+  createSingleServer,
+  PeerTubeServer,
+  setAccessTokensToServers,
+  waitJobs
+} from '@shared/server-commands'
+
+describe('Test registrations', function () {
+  let server: PeerTubeServer
+
+  const emails: object[] = []
+  let emailPort: number
+
+  before(async function () {
+    this.timeout(30000)
+
+    emailPort = await MockSmtpServer.Instance.collectEmails(emails)
+
+    server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(emailPort))
+
+    await setAccessTokensToServers([ server ])
+    await server.config.enableSignup(false)
+  })
+
+  describe('Direct registrations of a new user', function () {
+    let user1Token: string
+
+    it('Should register a new user', async function () {
+      const user = { displayName: 'super user 1', username: 'user_1', password: 'my super password' }
+      const channel = { name: 'my_user_1_channel', displayName: 'my channel rocks' }
+
+      await server.registrations.register({ ...user, channel })
+    })
+
+    it('Should be able to login with this registered user', async function () {
+      const user1 = { username: 'user_1', password: 'my super password' }
+
+      user1Token = await server.login.getAccessToken(user1)
+    })
+
+    it('Should have the correct display name', async function () {
+      const user = await server.users.getMyInfo({ token: user1Token })
+      expect(user.account.displayName).to.equal('super user 1')
+    })
+
+    it('Should have the correct video quota', async function () {
+      const user = await server.users.getMyInfo({ token: user1Token })
+      expect(user.videoQuota).to.equal(5 * 1024 * 1024)
+    })
+
+    it('Should have created the channel', async function () {
+      const { displayName } = await server.channels.get({ channelName: 'my_user_1_channel' })
+
+      expect(displayName).to.equal('my channel rocks')
+    })
+
+    it('Should remove me', async function () {
+      {
+        const { data } = await server.users.list()
+        expect(data.find(u => u.username === 'user_1')).to.not.be.undefined
+      }
+
+      await server.users.deleteMe({ token: user1Token })
+
+      {
+        const { data } = await server.users.list()
+        expect(data.find(u => u.username === 'user_1')).to.be.undefined
+      }
+    })
+  })
+
+  describe('Registration requests', function () {
+    let id2: number
+    let id3: number
+    let id4: number
+
+    let user2Token: string
+    let user3Token: string
+
+    before(async function () {
+      this.timeout(60000)
+
+      await server.config.enableSignup(true)
+
+      {
+        const { id } = await server.registrations.requestRegistration({
+          username: 'user4',
+          registrationReason: 'registration reason 4'
+        })
+
+        id4 = id
+      }
+    })
+
+    it('Should request a registration without a channel', async function () {
+      {
+        const { id } = await server.registrations.requestRegistration({
+          username: 'user2',
+          displayName: 'my super user 2',
+          email: 'user2@example.com',
+          password: 'user2password',
+          registrationReason: 'registration reason 2'
+        })
+
+        id2 = id
+      }
+    })
+
+    it('Should request a registration with a channel', async function () {
+      const { id } = await server.registrations.requestRegistration({
+        username: 'user3',
+        displayName: 'my super user 3',
+        channel: {
+          displayName: 'my user 3 channel',
+          name: 'super_user3_channel'
+        },
+        email: 'user3@example.com',
+        password: 'user3password',
+        registrationReason: 'registration reason 3'
+      })
+
+      id3 = id
+    })
+
+    it('Should list these registration requests', async function () {
+      {
+        const { total, data } = await server.registrations.list({ sort: '-createdAt' })
+        expect(total).to.equal(3)
+        expect(data).to.have.lengthOf(3)
+
+        {
+          expect(data[0].id).to.equal(id3)
+          expect(data[0].username).to.equal('user3')
+          expect(data[0].accountDisplayName).to.equal('my super user 3')
+
+          expect(data[0].channelDisplayName).to.equal('my user 3 channel')
+          expect(data[0].channelHandle).to.equal('super_user3_channel')
+
+          expect(data[0].createdAt).to.exist
+          expect(data[0].updatedAt).to.exist
+
+          expect(data[0].email).to.equal('user3@example.com')
+          expect(data[0].emailVerified).to.be.null
+
+          expect(data[0].moderationResponse).to.be.null
+          expect(data[0].registrationReason).to.equal('registration reason 3')
+          expect(data[0].state.id).to.equal(UserRegistrationState.PENDING)
+          expect(data[0].state.label).to.equal('Pending')
+          expect(data[0].user).to.be.null
+        }
+
+        {
+          expect(data[1].id).to.equal(id2)
+          expect(data[1].username).to.equal('user2')
+          expect(data[1].accountDisplayName).to.equal('my super user 2')
+
+          expect(data[1].channelDisplayName).to.be.null
+          expect(data[1].channelHandle).to.be.null
+
+          expect(data[1].createdAt).to.exist
+          expect(data[1].updatedAt).to.exist
+
+          expect(data[1].email).to.equal('user2@example.com')
+          expect(data[1].emailVerified).to.be.null
+
+          expect(data[1].moderationResponse).to.be.null
+          expect(data[1].registrationReason).to.equal('registration reason 2')
+          expect(data[1].state.id).to.equal(UserRegistrationState.PENDING)
+          expect(data[1].state.label).to.equal('Pending')
+          expect(data[1].user).to.be.null
+        }
+
+        {
+          expect(data[2].username).to.equal('user4')
+        }
+      }
+
+      {
+        const { total, data } = await server.registrations.list({ count: 1, start: 1, sort: 'createdAt' })
+
+        expect(total).to.equal(3)
+        expect(data).to.have.lengthOf(1)
+        expect(data[0].id).to.equal(id2)
+      }
+
+      {
+        const { total, data } = await server.registrations.list({ search: 'user3' })
+        expect(total).to.equal(1)
+        expect(data).to.have.lengthOf(1)
+        expect(data[0].id).to.equal(id3)
+      }
+    })
+
+    it('Should reject a registration request', async function () {
+      await server.registrations.reject({ id: id4, moderationResponse: 'I do not want id 4 on this instance' })
+    })
+
+    it('Should have sent an email to the user explanining the registration has been rejected', async function () {
+      this.timeout(50000)
+
+      await waitJobs([ server ])
+
+      const email = emails.find(e => e['to'][0]['address'] === 'user4@example.com')
+      expect(email).to.exist
+
+      expect(email['subject']).to.contain('been rejected')
+      expect(email['text']).to.contain('been rejected')
+      expect(email['text']).to.contain('I do not want id 4 on this instance')
+    })
+
+    it('Should accept registration requests', async function () {
+      await server.registrations.accept({ id: id2, moderationResponse: 'Welcome id 2' })
+      await server.registrations.accept({ id: id3, moderationResponse: 'Welcome id 3' })
+    })
+
+    it('Should have sent an email to the user explanining the registration has been accepted', async function () {
+      this.timeout(50000)
+
+      await waitJobs([ server ])
+
+      {
+        const email = emails.find(e => e['to'][0]['address'] === 'user2@example.com')
+        expect(email).to.exist
+
+        expect(email['subject']).to.contain('been accepted')
+        expect(email['text']).to.contain('been accepted')
+        expect(email['text']).to.contain('Welcome id 2')
+      }
+
+      {
+        const email = emails.find(e => e['to'][0]['address'] === 'user3@example.com')
+        expect(email).to.exist
+
+        expect(email['subject']).to.contain('been accepted')
+        expect(email['text']).to.contain('been accepted')
+        expect(email['text']).to.contain('Welcome id 3')
+      }
+    })
+
+    it('Should login with these users', async function () {
+      user2Token = await server.login.getAccessToken({ username: 'user2', password: 'user2password' })
+      user3Token = await server.login.getAccessToken({ username: 'user3', password: 'user3password' })
+    })
+
+    it('Should have created the appropriate attributes for user 2', async function () {
+      const me = await server.users.getMyInfo({ token: user2Token })
+
+      expect(me.username).to.equal('user2')
+      expect(me.account.displayName).to.equal('my super user 2')
+      expect(me.videoQuota).to.equal(5 * 1024 * 1024)
+      expect(me.videoChannels[0].name).to.equal('user2_channel')
+      expect(me.videoChannels[0].displayName).to.equal('Main user2 channel')
+      expect(me.role.id).to.equal(UserRole.USER)
+      expect(me.email).to.equal('user2@example.com')
+    })
+
+    it('Should have created the appropriate attributes for user 3', async function () {
+      const me = await server.users.getMyInfo({ token: user3Token })
+
+      expect(me.username).to.equal('user3')
+      expect(me.account.displayName).to.equal('my super user 3')
+      expect(me.videoQuota).to.equal(5 * 1024 * 1024)
+      expect(me.videoChannels[0].name).to.equal('super_user3_channel')
+      expect(me.videoChannels[0].displayName).to.equal('my user 3 channel')
+      expect(me.role.id).to.equal(UserRole.USER)
+      expect(me.email).to.equal('user3@example.com')
+    })
+
+    it('Should list these accepted/rejected registration requests', async function () {
+      const { data } = await server.registrations.list({ sort: 'createdAt' })
+      const { data: users } = await server.users.list()
+
+      {
+        expect(data[0].id).to.equal(id4)
+        expect(data[0].state.id).to.equal(UserRegistrationState.REJECTED)
+        expect(data[0].state.label).to.equal('Rejected')
+
+        expect(data[0].moderationResponse).to.equal('I do not want id 4 on this instance')
+        expect(data[0].user).to.be.null
+
+        expect(users.find(u => u.username === 'user4')).to.not.exist
+      }
+
+      {
+        expect(data[1].id).to.equal(id2)
+        expect(data[1].state.id).to.equal(UserRegistrationState.ACCEPTED)
+        expect(data[1].state.label).to.equal('Accepted')
+
+        expect(data[1].moderationResponse).to.equal('Welcome id 2')
+        expect(data[1].user).to.exist
+
+        const user2 = users.find(u => u.username === 'user2')
+        expect(data[1].user.id).to.equal(user2.id)
+      }
+
+      {
+        expect(data[2].id).to.equal(id3)
+        expect(data[2].state.id).to.equal(UserRegistrationState.ACCEPTED)
+        expect(data[2].state.label).to.equal('Accepted')
+
+        expect(data[2].moderationResponse).to.equal('Welcome id 3')
+        expect(data[2].user).to.exist
+
+        const user3 = users.find(u => u.username === 'user3')
+        expect(data[2].user.id).to.equal(user3.id)
+      }
+    })
+
+    it('Shoulde delete a registration', async function () {
+      await server.registrations.delete({ id: id2 })
+      await server.registrations.delete({ id: id3 })
+
+      const { total, data } = await server.registrations.list()
+      expect(total).to.equal(1)
+      expect(data).to.have.lengthOf(1)
+      expect(data[0].id).to.equal(id4)
+
+      const { data: users } = await server.users.list()
+
+      for (const username of [ 'user2', 'user3' ]) {
+        expect(users.find(u => u.username === username)).to.exist
+      }
+    })
+
+    it('Should be able to prevent email delivery on accept/reject', async function () {
+      this.timeout(50000)
+
+      let id1: number
+      let id2: number
+
+      {
+        const { id } = await server.registrations.requestRegistration({
+          username: 'user7',
+          email: 'user7@example.com',
+          registrationReason: 'tt'
+        })
+        id1 = id
+      }
+      {
+        const { id } = await server.registrations.requestRegistration({
+          username: 'user8',
+          email: 'user8@example.com',
+          registrationReason: 'tt'
+        })
+        id2 = id
+      }
+
+      await server.registrations.accept({ id: id1, moderationResponse: 'tt', preventEmailDelivery: true })
+      await server.registrations.reject({ id: id2, moderationResponse: 'tt', preventEmailDelivery: true })
+
+      await waitJobs([ server ])
+
+      const filtered = emails.filter(e => {
+        const address = e['to'][0]['address']
+        return address === 'user7@example.com' || address === 'user8@example.com'
+      })
+
+      expect(filtered).to.have.lengthOf(0)
+    })
+
+    it('Should request a registration without a channel, that will conflict with an already existing channel', async function () {
+      let id1: number
+      let id2: number
+
+      {
+        const { id } = await server.registrations.requestRegistration({
+          registrationReason: 'tt',
+          username: 'user5',
+          password: 'user5password',
+          channel: {
+            displayName: 'channel 6',
+            name: 'user6_channel'
+          }
+        })
+
+        id1 = id
+      }
+
+      {
+        const { id } = await server.registrations.requestRegistration({
+          registrationReason: 'tt',
+          username: 'user6',
+          password: 'user6password'
+        })
+
+        id2 = id
+      }
+
+      await server.registrations.accept({ id: id1, moderationResponse: 'tt' })
+      await server.registrations.accept({ id: id2, moderationResponse: 'tt' })
+
+      const user5Token = await server.login.getAccessToken('user5', 'user5password')
+      const user6Token = await server.login.getAccessToken('user6', 'user6password')
+
+      const user5 = await server.users.getMyInfo({ token: user5Token })
+      const user6 = await server.users.getMyInfo({ token: user6Token })
+
+      expect(user5.videoChannels[0].name).to.equal('user6_channel')
+      expect(user6.videoChannels[0].name).to.equal('user6_channel-1')
+    })
+  })
+
+  after(async function () {
+    MockSmtpServer.Instance.kill()
+
+    await cleanupTests([ server ])
+  })
+})
diff --git a/server/tests/api/users/users-verification.ts b/server/tests/api/users/users-email-verification.ts
index 19a8df9e1..cb84dc758 100644
--- a/server/tests/api/users/users-verification.ts
+++ b/server/tests/api/users/users-email-verification.ts
@@ -3,9 +3,16 @@
 import { expect } from 'chai'
 import { MockSmtpServer } from '@server/tests/shared'
 import { HttpStatusCode } from '@shared/models'
-import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers, waitJobs } from '@shared/server-commands'
-
-describe('Test users account verification', function () {
+import {
+  cleanupTests,
+  ConfigCommand,
+  createSingleServer,
+  PeerTubeServer,
+  setAccessTokensToServers,
+  waitJobs
+} from '@shared/server-commands'
+
+describe('Test users email verification', function () {
   let server: PeerTubeServer
   let userId: number
   let userAccessToken: string
@@ -25,14 +32,7 @@ describe('Test users account verification', function () {
     this.timeout(30000)
 
     const port = await MockSmtpServer.Instance.collectEmails(emails)
-
-    const overrideConfig = {
-      smtp: {
-        hostname: '127.0.0.1',
-        port
-      }
-    }
-    server = await createSingleServer(1, overrideConfig)
+    server = await createSingleServer(1, ConfigCommand.getEmailOverrideConfig(port))
 
     await setAccessTokensToServers([ server ])
   })
@@ -40,17 +40,18 @@ describe('Test users account verification', function () {
   it('Should register user and send verification email if verification required', async function () {
     this.timeout(30000)
 
-    await server.config.updateCustomSubConfig({
+    await server.config.updateExistingSubConfig({
       newConfig: {
         signup: {
           enabled: true,
+          requiresApproval: false,
           requiresEmailVerification: true,
           limit: 10
         }
       }
     })
 
-    await server.users.register(user1)
+    await server.registrations.register(user1)
 
     await waitJobs(server)
     expectedEmailsLength++
@@ -127,17 +128,15 @@ describe('Test users account verification', function () {
 
   it('Should register user not requiring email verification if setting not enabled', async function () {
     this.timeout(5000)
-    await server.config.updateCustomSubConfig({
+    await server.config.updateExistingSubConfig({
       newConfig: {
         signup: {
-          enabled: true,
-          requiresEmailVerification: false,
-          limit: 10
+          requiresEmailVerification: false
         }
       }
     })
 
-    await server.users.register(user2)
+    await server.registrations.register(user2)
 
     await waitJobs(server)
     expect(emails).to.have.lengthOf(expectedEmailsLength)
@@ -152,9 +151,7 @@ describe('Test users account verification', function () {
     await server.config.updateCustomSubConfig({
       newConfig: {
         signup: {
-          enabled: true,
-          requiresEmailVerification: true,
-          limit: 10
+          requiresEmailVerification: true
         }
       }
     })
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index 421b3ce16..f1e170971 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -2,15 +2,8 @@
 
 import { expect } from 'chai'
 import { testImage } from '@server/tests/shared'
-import { AbuseState, HttpStatusCode, OAuth2ErrorCode, UserAdminFlag, UserRole, VideoPlaylistType } from '@shared/models'
-import {
-  cleanupTests,
-  createSingleServer,
-  killallServers,
-  makePutBodyRequest,
-  PeerTubeServer,
-  setAccessTokensToServers
-} from '@shared/server-commands'
+import { AbuseState, HttpStatusCode, UserAdminFlag, UserRole, VideoPlaylistType } from '@shared/models'
+import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
 
 describe('Test users', function () {
   let server: PeerTubeServer
@@ -39,166 +32,6 @@ describe('Test users', function () {
     await server.plugins.install({ npmName: 'peertube-theme-background-red' })
   })
 
-  describe('OAuth client', function () {
-    it('Should create a new client')
-
-    it('Should return the first client')
-
-    it('Should remove the last client')
-
-    it('Should not login with an invalid client id', async function () {
-      const client = { id: 'client', secret: server.store.client.secret }
-      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
-      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
-      expect(body.error).to.contain('client is invalid')
-      expect(body.type.startsWith('https://')).to.be.true
-      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
-    })
-
-    it('Should not login with an invalid client secret', async function () {
-      const client = { id: server.store.client.id, secret: 'coucou' }
-      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
-      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
-      expect(body.error).to.contain('client is invalid')
-      expect(body.type.startsWith('https://')).to.be.true
-      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
-    })
-  })
-
-  describe('Login', function () {
-
-    it('Should not login with an invalid username', async function () {
-      const user = { username: 'captain crochet', password: server.store.user.password }
-      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
-      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
-      expect(body.error).to.contain('credentials are invalid')
-      expect(body.type.startsWith('https://')).to.be.true
-      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
-    })
-
-    it('Should not login with an invalid password', async function () {
-      const user = { username: server.store.user.username, password: 'mew_three' }
-      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
-      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
-      expect(body.error).to.contain('credentials are invalid')
-      expect(body.type.startsWith('https://')).to.be.true
-      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
-    })
-
-    it('Should not be able to upload a video', async function () {
-      token = 'my_super_token'
-
-      await server.videos.upload({ token, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
-    })
-
-    it('Should not be able to follow', async function () {
-      token = 'my_super_token'
-
-      await server.follows.follow({
-        hosts: [ 'http://example.com' ],
-        token,
-        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
-      })
-    })
-
-    it('Should not be able to unfollow')
-
-    it('Should be able to login', async function () {
-      const body = await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
-
-      token = body.access_token
-    })
-
-    it('Should be able to login with an insensitive username', async function () {
-      const user = { username: 'RoOt', password: server.store.user.password }
-      await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
-
-      const user2 = { username: 'rOoT', password: server.store.user.password }
-      await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
-
-      const user3 = { username: 'ROOt', password: server.store.user.password }
-      await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
-    })
-  })
-
-  describe('Logout', function () {
-    it('Should logout (revoke token)', async function () {
-      await server.login.logout({ token: server.accessToken })
-    })
-
-    it('Should not be able to get the user information', async function () {
-      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
-    })
-
-    it('Should not be able to upload a video', async function () {
-      await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
-    })
-
-    it('Should not be able to rate a video', async function () {
-      const path = '/api/v1/videos/'
-      const data = {
-        rating: 'likes'
-      }
-
-      const options = {
-        url: server.url,
-        path: path + videoId,
-        token: 'wrong token',
-        fields: data,
-        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
-      }
-      await makePutBodyRequest(options)
-    })
-
-    it('Should be able to login again', async function () {
-      const body = await server.login.login()
-      server.accessToken = body.access_token
-      server.refreshToken = body.refresh_token
-    })
-
-    it('Should be able to get my user information again', async function () {
-      await server.users.getMyInfo()
-    })
-
-    it('Should have an expired access token', async function () {
-      this.timeout(60000)
-
-      await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
-      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
-
-      await killallServers([ server ])
-      await server.run()
-
-      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
-    })
-
-    it('Should not be able to refresh an access token with an expired refresh token', async function () {
-      await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-    })
-
-    it('Should refresh the token', async function () {
-      this.timeout(50000)
-
-      const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
-      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
-
-      await killallServers([ server ])
-      await server.run()
-
-      const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
-      server.accessToken = res.body.access_token
-      server.refreshToken = res.body.refresh_token
-    })
-
-    it('Should be able to get my user information again', async function () {
-      await server.users.getMyInfo()
-    })
-  })
-
   describe('Creating a user', function () {
 
     it('Should be able to create a new user', async function () {
@@ -512,6 +345,7 @@ describe('Test users', function () {
   })
 
   describe('Updating another user', function () {
+
     it('Should be able to update another user', async function () {
       await server.users.update({
         userId,
@@ -562,13 +396,6 @@ describe('Test users', function () {
     })
   })
 
-  describe('Video blacklists', function () {
-
-    it('Should be able to list my video blacklist', async function () {
-      await server.blacklist.list({ token: userToken })
-    })
-  })
-
   describe('Remove a user', function () {
 
     before(async function () {
@@ -602,59 +429,10 @@ describe('Test users', function () {
     })
   })
 
-  describe('Registering a new user', function () {
-    let user15AccessToken: string
-
-    it('Should register a new user', async function () {
-      const user = { displayName: 'super user 15', username: 'user_15', password: 'my super password' }
-      const channel = { name: 'my_user_15_channel', displayName: 'my channel rocks' }
-
-      await server.users.register({ ...user, channel })
-    })
-
-    it('Should be able to login with this registered user', async function () {
-      const user15 = {
-        username: 'user_15',
-        password: 'my super password'
-      }
-
-      user15AccessToken = await server.login.getAccessToken(user15)
-    })
-
-    it('Should have the correct display name', async function () {
-      const user = await server.users.getMyInfo({ token: user15AccessToken })
-      expect(user.account.displayName).to.equal('super user 15')
-    })
-
-    it('Should have the correct video quota', async function () {
-      const user = await server.users.getMyInfo({ token: user15AccessToken })
-      expect(user.videoQuota).to.equal(5 * 1024 * 1024)
-    })
-
-    it('Should have created the channel', async function () {
-      const { displayName } = await server.channels.get({ channelName: 'my_user_15_channel' })
-
-      expect(displayName).to.equal('my channel rocks')
-    })
-
-    it('Should remove me', async function () {
-      {
-        const { data } = await server.users.list()
-        expect(data.find(u => u.username === 'user_15')).to.not.be.undefined
-      }
-
-      await server.users.deleteMe({ token: user15AccessToken })
-
-      {
-        const { data } = await server.users.list()
-        expect(data.find(u => u.username === 'user_15')).to.be.undefined
-      }
-    })
-  })
-
   describe('User blocking', function () {
-    let user16Id
-    let user16AccessToken
+    let user16Id: number
+    let user16AccessToken: string
+
     const user16 = {
       username: 'user_16',
       password: 'my super password'
diff --git a/server/tests/api/videos/video-channel-syncs.ts b/server/tests/api/videos/video-channel-syncs.ts
index 91291524d..dd483f95e 100644
--- a/server/tests/api/videos/video-channel-syncs.ts
+++ b/server/tests/api/videos/video-channel-syncs.ts
@@ -307,6 +307,7 @@ describe('Test channel synchronizations', function () {
     })
   }
 
-  runSuite('youtube-dl')
+  // FIXME: suite is broken with youtube-dl
+  // runSuite('youtube-dl')
   runSuite('yt-dlp')
 })
diff --git a/server/tests/api/videos/video-comments.ts b/server/tests/api/videos/video-comments.ts
index dc47f8a4a..e35500b0b 100644
--- a/server/tests/api/videos/video-comments.ts
+++ b/server/tests/api/videos/video-comments.ts
@@ -38,6 +38,8 @@ describe('Test video comments', function () {
     await setDefaultAccountAvatar(server)
 
     userAccessTokenServer1 = await server.users.generateUserAndToken('user1')
+    await setDefaultChannelAvatar(server, 'user1_channel')
+    await setDefaultAccountAvatar(server, userAccessTokenServer1)
 
     command = server.comments
   })
@@ -167,6 +169,13 @@ describe('Test video comments', function () {
       expect(body.data[2].totalReplies).to.equal(0)
     })
 
+    it('Should list the and sort them by total replies', async function () {
+      const body = await command.listThreads({ videoId: videoUUID, sort: 'totalReplies' })
+
+      expect(body.data[2].text).to.equal('my super first comment')
+      expect(body.data[2].totalReplies).to.equal(3)
+    })
+
     it('Should delete a reply', async function () {
       await command.delete({ videoId, commentId: replyToDeleteId })
 
@@ -232,16 +241,34 @@ describe('Test video comments', function () {
       await command.addReply({ videoId, toCommentId: threadId2, text: text3 })
 
       const tree = await command.getThread({ videoId: videoUUID, threadId: threadId2 })
-      expect(tree.comment.totalReplies).to.equal(tree.comment.totalRepliesFromVideoAuthor + 1)
+      expect(tree.comment.totalRepliesFromVideoAuthor).to.equal(1)
+      expect(tree.comment.totalReplies).to.equal(2)
     })
   })
 
   describe('All instance comments', function () {
 
     it('Should list instance comments as admin', async function () {
-      const { data } = await command.listForAdmin({ start: 0, count: 1 })
+      {
+        const { data, total } = await command.listForAdmin({ start: 0, count: 1 })
+
+        expect(total).to.equal(7)
+        expect(data).to.have.lengthOf(1)
+        expect(data[0].text).to.equal('my second answer to thread 4')
+        expect(data[0].account.name).to.equal('root')
+        expect(data[0].account.displayName).to.equal('root')
+        expect(data[0].account.avatars).to.have.lengthOf(2)
+      }
+
+      {
+        const { data, total } = await command.listForAdmin({ start: 1, count: 2 })
 
-      expect(data[0].text).to.equal('my second answer to thread 4')
+        expect(total).to.equal(7)
+        expect(data).to.have.lengthOf(2)
+
+        expect(data[0].account.avatars).to.have.lengthOf(2)
+        expect(data[1].account.avatars).to.have.lengthOf(2)
+      }
     })
 
     it('Should filter instance comments by isLocal', async function () {
diff --git a/server/tests/api/videos/video-imports.ts b/server/tests/api/videos/video-imports.ts
index 0583134b2..5636de45f 100644
--- a/server/tests/api/videos/video-imports.ts
+++ b/server/tests/api/videos/video-imports.ts
@@ -41,7 +41,7 @@ async function checkVideosServer1 (server: PeerTubeServer, idHttp: string, idMag
   const videoTorrent = await server.videos.get({ id: idTorrent })
 
   for (const video of [ videoMagnet, videoTorrent ]) {
-    expect(video.category.label).to.equal('Misc')
+    expect(video.category.label).to.equal('Unknown')
     expect(video.licence.label).to.equal('Unknown')
     expect(video.language.label).to.equal('Unknown')
     expect(video.nsfw).to.be.false
diff --git a/server/tests/api/videos/video-playlists.ts b/server/tests/api/videos/video-playlists.ts
index 6a18cf26a..e8e653382 100644
--- a/server/tests/api/videos/video-playlists.ts
+++ b/server/tests/api/videos/video-playlists.ts
@@ -3,6 +3,7 @@
 import { expect } from 'chai'
 import { checkPlaylistFilesWereRemoved, testImage } from '@server/tests/shared'
 import { wait } from '@shared/core-utils'
+import { uuidToShort } from '@shared/extra-utils'
 import {
   HttpStatusCode,
   VideoPlaylist,
@@ -23,7 +24,6 @@ import {
   setDefaultVideoChannel,
   waitJobs
 } from '@shared/server-commands'
-import { uuidToShort } from '@shared/extra-utils'
 
 async function checkPlaylistElementType (
   servers: PeerTubeServer[],
@@ -752,19 +752,6 @@ describe('Test video playlists', function () {
         await checkPlaylistElementType(group2, playlistServer1UUID2, VideoPlaylistElementType.REGULAR, position, name, 3)
       }
     })
-
-    it('Should hide the video if it is NSFW', async function () {
-      const body = await commands[0].listVideos({ token: userTokenServer1, playlistId: playlistServer1UUID2, query: { nsfw: 'false' } })
-      expect(body.total).to.equal(3)
-
-      const elements = body.data
-      const element = elements.find(e => e.position === 3)
-
-      expect(element).to.exist
-      expect(element.video).to.be.null
-      expect(element.type).to.equal(VideoPlaylistElementType.UNAVAILABLE)
-    })
-
   })
 
   describe('Managing playlist elements', function () {