3 files changed, 62 insertions, 7 deletions

diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index 60165ae22..b3fb61f6c 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -8,7 +8,7 @@ import { UserRole, VideoImport, VideoImportState } from '../../../../shared'
 import {
   createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
   makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
-  updateUser, uploadVideo, userLogin, deleteMe
+  updateUser, uploadVideo, userLogin, deleteMe, unblockUser, blockUser
 } from '../../utils'
 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
 import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../utils/videos/video-imports'
@@ -455,17 +455,29 @@ describe('Test users API validators', function () {
     })
   })
 
-  describe('When removing an user', function () {
+  describe('When blocking/unblocking/removing user', function () {
     it('Should fail with an incorrect id', async function () {
       await removeUser(server.url, 'blabla', server.accessToken, 400)
+      await blockUser(server.url, 'blabla', server.accessToken, 400)
+      await unblockUser(server.url, 'blabla', server.accessToken, 400)
     })
 
     it('Should fail with the root user', async function () {
       await removeUser(server.url, rootId, server.accessToken, 400)
+      await blockUser(server.url, rootId, server.accessToken, 400)
+      await unblockUser(server.url, rootId, server.accessToken, 400)
     })
 
     it('Should return 404 with a non existing id', async function () {
       await removeUser(server.url, 4545454, server.accessToken, 404)
+      await blockUser(server.url, 4545454, server.accessToken, 404)
+      await unblockUser(server.url, 4545454, server.accessToken, 404)
+    })
+
+    it('Should fail with a non admin user', async function () {
+      await removeUser(server.url, userId, userAccessToken, 403)
+      await blockUser(server.url, userId, userAccessToken, 403)
+      await unblockUser(server.url, userId, userAccessToken, 403)
     })
   })
 
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index c9e8eb6f9..77aa00f60 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -7,7 +7,7 @@ import {
   createUser, flushTests, getBlacklistedVideosList, getMyUserInformation, getMyUserVideoQuotaUsed, getMyUserVideoRating,
   getUserInformation, getUsersList, getUsersListPaginationAndSort, getVideosList, killallServers, login, makePutBodyRequest, rateVideo,
   registerUser, removeUser, removeVideo, runServer, ServerInfo, testImage, updateMyAvatar, updateMyUser, updateUser, uploadVideo, userLogin,
-  deleteMe
+  deleteMe, blockUser, unblockUser
 } from '../../utils/index'
 import { follow } from '../../utils/server/follows'
 import { setAccessTokensToServers } from '../../utils/users/login'
@@ -45,28 +45,28 @@ describe('Test users', function () {
     const client = { id: 'client', secret: server.client.secret }
     const res = await login(server.url, client, server.user, 400)
 
-    expect(res.body.error).to.equal('Authentication failed.')
+    expect(res.body.error).to.contain('client is invalid')
   })
 
   it('Should not login with an invalid client secret', async function () {
     const client = { id: server.client.id, secret: 'coucou' }
     const res = await login(server.url, client, server.user, 400)
 
-    expect(res.body.error).to.equal('Authentication failed.')
+    expect(res.body.error).to.contain('client is invalid')
   })
 
   it('Should not login with an invalid username', async function () {
     const user = { username: 'captain crochet', password: server.user.password }
     const res = await login(server.url, server.client, user, 400)
 
-    expect(res.body.error).to.equal('Authentication failed.')
+    expect(res.body.error).to.contain('credentials are invalid')
   })
 
   it('Should not login with an invalid password', async function () {
     const user = { username: server.user.username, password: 'mew_three' }
     const res = await login(server.url, server.client, user, 400)
 
-    expect(res.body.error).to.equal('Authentication failed.')
+    expect(res.body.error).to.contain('credentials are invalid')
   })
 
   it('Should not be able to upload a video', async function () {
@@ -493,6 +493,27 @@ describe('Test users', function () {
     }
   })
 
+  it('Should block and unblock a user', async function () {
+    const user16 = {
+      username: 'user_16',
+      password: 'my super password'
+    }
+    const resUser = await createUser(server.url, server.accessToken, user16.username, user16.password)
+    const user16Id = resUser.body.user.id
+
+    accessToken = await userLogin(server, user16)
+
+    await getMyUserInformation(server.url, accessToken, 200)
+    await blockUser(server.url, user16Id, server.accessToken)
+
+    await getMyUserInformation(server.url, accessToken, 401)
+    await userLogin(server, user16, 400)
+
+    await unblockUser(server.url, user16Id, server.accessToken)
+    accessToken = await userLogin(server, user16)
+    await getMyUserInformation(server.url, accessToken, 200)
+  })
+
   after(async function () {
     killallServers([ server ])
 
diff --git a/server/tests/utils/users/users.ts b/server/tests/utils/users/users.ts
index e24e721bd..7e15fc86e 100644
--- a/server/tests/utils/users/users.ts
+++ b/server/tests/utils/users/users.ts
@@ -134,6 +134,26 @@ function removeUser (url: string, userId: number | string, accessToken: string,
           .expect(expectedStatus)
 }
 
+function blockUser (url: string, userId: number | string, accessToken: string, expectedStatus = 204) {
+  const path = '/api/v1/users'
+
+  return request(url)
+    .post(path + '/' + userId + '/block')
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .expect(expectedStatus)
+}
+
+function unblockUser (url: string, userId: number | string, accessToken: string, expectedStatus = 204) {
+  const path = '/api/v1/users'
+
+  return request(url)
+    .post(path + '/' + userId + '/unblock')
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .expect(expectedStatus)
+}
+
 function updateMyUser (options: {
   url: string
   accessToken: string,
@@ -234,6 +254,8 @@ export {
   updateUser,
   updateMyUser,
   getUserInformation,
+  blockUser,
+  unblockUser,
   askResetPassword,
   resetPassword,
   updateMyAvatar