27 files changed, 814 insertions, 116 deletions

diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts
index 8bde54a40..364b53e0f 100644
--- a/server/tests/api/activitypub/security.ts
+++ b/server/tests/api/activitypub/security.ts
@@ -8,6 +8,8 @@ import {
   cleanupTests,
   closeAllSequelize,
   flushAndRunMultipleServers,
+  killallServers,
+  reRunServer,
   ServerInfo,
   setActorField,
   wait
@@ -20,21 +22,32 @@ import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activi
 const expect = chai.expect
 
 function setKeysOfServer (onServer: ServerInfo, ofServer: ServerInfo, publicKey: string, privateKey: string) {
+  const url = 'http://localhost:' + ofServer.port + '/accounts/peertube'
+
   return Promise.all([
-    setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'publicKey', publicKey),
-    setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'privateKey', privateKey)
+    setActorField(onServer.internalServerNumber, url, 'publicKey', publicKey),
+    setActorField(onServer.internalServerNumber, url, 'privateKey', privateKey)
   ])
 }
 
-function getAnnounceWithoutContext (server2: ServerInfo) {
+function setUpdatedAtOfServer (onServer: ServerInfo, ofServer: ServerInfo, updatedAt: string) {
+  const url = 'http://localhost:' + ofServer.port + '/accounts/peertube'
+
+  return Promise.all([
+    setActorField(onServer.internalServerNumber, url, 'createdAt', updatedAt),
+    setActorField(onServer.internalServerNumber, url, 'updatedAt', updatedAt)
+  ])
+}
+
+function getAnnounceWithoutContext (server: ServerInfo) {
   const json = require('./json/peertube/announce-without-context.json')
   const result: typeof json = {}
 
   for (const key of Object.keys(json)) {
     if (Array.isArray(json[key])) {
-      result[key] = json[key].map(v => v.replace(':9002', `:${server2.port}`))
+      result[key] = json[key].map(v => v.replace(':9002', `:${server.port}`))
     } else {
-      result[key] = json[key].replace(':9002', `:${server2.port}`)
+      result[key] = json[key].replace(':9002', `:${server.port}`)
     }
   }
 
@@ -64,7 +77,8 @@ describe('Test ActivityPub security', function () {
 
     url = servers[0].url + '/inbox'
 
-    await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
+    await setKeysOfServer(servers[0], servers[1], keys.publicKey, null)
+    await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
 
     const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
     const by = { url: 'http://localhost:' + servers[1].port + '/accounts/peertube', privateKey: keys.privateKey }
@@ -79,9 +93,12 @@ describe('Test ActivityPub security', function () {
         Digest: buildDigest({ hello: 'coucou' })
       }
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should fail with an invalid date', async function () {
@@ -89,9 +106,12 @@ describe('Test ActivityPub security', function () {
       const headers = buildGlobalHeaders(body)
       headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT'
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should fail with bad keys', async function () {
@@ -101,9 +121,12 @@ describe('Test ActivityPub security', function () {
       const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
       const headers = buildGlobalHeaders(body)
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should reject requests without appropriate signed headers', async function () {
@@ -123,8 +146,12 @@ describe('Test ActivityPub security', function () {
       for (const badHeaders of badHeadersMatrix) {
         signatureOptions.headers = badHeaders
 
-        const { response } = await makePOSTAPRequest(url, body, signatureOptions, headers)
-        expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+        try {
+          await makePOSTAPRequest(url, body, signatureOptions, headers)
+          expect(true, 'Did not throw').to.be.false
+        } catch (err) {
+          expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+        }
       }
     })
 
@@ -132,27 +159,32 @@ describe('Test ActivityPub security', function () {
       const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
       const headers = buildGlobalHeaders(body)
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
+      const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+      expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
     })
 
     it('Should refresh the actor keys', async function () {
       this.timeout(20000)
 
-      // Wait refresh invalidation
-      await wait(10000)
-
       // Update keys of server 2 to invalid keys
       // Server 1 should refresh the actor and fail
       await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
+      await setUpdatedAtOfServer(servers[0], servers[1], '2015-07-17 22:00:00+00')
+
+      // Invalid peertube actor cache
+      killallServers([ servers[1] ])
+      await reRunServer(servers[1])
 
       const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
       const headers = buildGlobalHeaders(body)
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        console.error(err)
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
   })
 
@@ -183,9 +215,12 @@ describe('Test ActivityPub security', function () {
 
       const headers = buildGlobalHeaders(signedBody)
 
-      const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should fail with an altered body', async function () {
@@ -204,9 +239,12 @@ describe('Test ActivityPub security', function () {
 
       const headers = buildGlobalHeaders(signedBody)
 
-      const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should succeed with a valid signature', async function () {
@@ -220,9 +258,8 @@ describe('Test ActivityPub security', function () {
 
       const headers = buildGlobalHeaders(signedBody)
 
-      const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
+      const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
+      expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
     })
 
     it('Should refresh the actor keys', async function () {
@@ -243,9 +280,12 @@ describe('Test ActivityPub security', function () {
 
       const headers = buildGlobalHeaders(signedBody)
 
-      const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
   })
 
diff --git a/server/tests/api/check-params/user-notifications.ts b/server/tests/api/check-params/user-notifications.ts
index 05a78b0ad..26d4423f9 100644
--- a/server/tests/api/check-params/user-notifications.ts
+++ b/server/tests/api/check-params/user-notifications.ts
@@ -176,7 +176,9 @@ describe('Test user notifications API validators', function () {
       newInstanceFollower: UserNotificationSettingValue.WEB,
       autoInstanceFollowing: UserNotificationSettingValue.WEB,
       abuseNewMessage: UserNotificationSettingValue.WEB,
-      abuseStateChange: UserNotificationSettingValue.WEB
+      abuseStateChange: UserNotificationSettingValue.WEB,
+      newPeerTubeVersion: UserNotificationSettingValue.WEB,
+      newPluginVersion: UserNotificationSettingValue.WEB
     }
 
     it('Should fail with missing fields', async function () {
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index 0a13f5b67..2b03fde2d 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -241,7 +241,7 @@ describe('Test users API validators', function () {
     })
 
     it('Should succeed with no password on a server with smtp enabled', async function () {
-      this.timeout(10000)
+      this.timeout(20000)
 
       killallServers([ server ])
 
diff --git a/server/tests/api/check-params/video-channels.ts b/server/tests/api/check-params/video-channels.ts
index 0dd436426..bc2e6192e 100644
--- a/server/tests/api/check-params/video-channels.ts
+++ b/server/tests/api/check-params/video-channels.ts
@@ -234,7 +234,8 @@ describe('Test video channels API validator', function () {
     })
   })
 
-  describe('When updating video channel avatar', function () {
+  describe('When updating video channel avatar/banner', function () {
+    const types = [ 'avatar', 'banner' ]
     let path: string
 
     before(async function () {
@@ -242,48 +243,57 @@ describe('Test video channels API validator', function () {
     })
 
     it('Should fail with an incorrect input file', async function () {
-      const fields = {}
-      const attaches = {
-        avatarfile: join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
+      for (const type of types) {
+        const fields = {}
+        const attaches = {
+          [type + 'file']: join(__dirname, '..', '..', 'fixtures', 'video_short.mp4')
+        }
+
+        await makeUploadRequest({ url: server.url, path: `${path}/${type}/pick`, token: server.accessToken, fields, attaches })
       }
-      await makeUploadRequest({ url: server.url, path: path + '/avatar/pick', token: server.accessToken, fields, attaches })
     })
 
     it('Should fail with a big file', async function () {
-      const fields = {}
-      const attaches = {
-        avatarfile: join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
+      for (const type of types) {
+        const fields = {}
+        const attaches = {
+          [type + 'file']: join(__dirname, '..', '..', 'fixtures', 'avatar-big.png')
+        }
+        await makeUploadRequest({ url: server.url, path: `${path}/${type}/pick`, token: server.accessToken, fields, attaches })
       }
-      await makeUploadRequest({ url: server.url, path: path + '/avatar/pick', token: server.accessToken, fields, attaches })
     })
 
     it('Should fail with an unauthenticated user', async function () {
-      const fields = {}
-      const attaches = {
-        avatarfile: join(__dirname, '..', '..', 'fixtures', 'avatar.png')
+      for (const type of types) {
+        const fields = {}
+        const attaches = {
+          [type + 'file']: join(__dirname, '..', '..', 'fixtures', 'avatar.png')
+        }
+        await makeUploadRequest({
+          url: server.url,
+          path: `${path}/${type}/pick`,
+          fields,
+          attaches,
+          statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
+        })
       }
-      await makeUploadRequest({
-        url: server.url,
-        path: path + '/avatar/pick',
-        fields,
-        attaches,
-        statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
-      })
     })
 
     it('Should succeed with the correct params', async function () {
-      const fields = {}
-      const attaches = {
-        avatarfile: join(__dirname, '..', '..', 'fixtures', 'avatar.png')
+      for (const type of types) {
+        const fields = {}
+        const attaches = {
+          [type + 'file']: join(__dirname, '..', '..', 'fixtures', 'avatar.png')
+        }
+        await makeUploadRequest({
+          url: server.url,
+          path: `${path}/${type}/pick`,
+          token: server.accessToken,
+          fields,
+          attaches,
+          statusCodeExpected: HttpStatusCode.OK_200
+        })
       }
-      await makeUploadRequest({
-        url: server.url,
-        path: path + '/avatar/pick',
-        token: server.accessToken,
-        fields,
-        attaches,
-        statusCodeExpected: HttpStatusCode.OK_200
-      })
     })
   })
 
diff --git a/server/tests/api/notifications/admin-notifications.ts b/server/tests/api/notifications/admin-notifications.ts
new file mode 100644
index 000000000..e07327d74
--- /dev/null
+++ b/server/tests/api/notifications/admin-notifications.ts
@@ -0,0 +1,165 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+
+import 'mocha'
+import { expect } from 'chai'
+import { MockJoinPeerTubeVersions } from '@shared/extra-utils/mock-servers/joinpeertube-versions'
+import { cleanupTests, installPlugin, setPluginLatestVersion, setPluginVersion, wait } from '../../../../shared/extra-utils'
+import { ServerInfo } from '../../../../shared/extra-utils/index'
+import { MockSmtpServer } from '../../../../shared/extra-utils/miscs/email'
+import {
+  CheckerBaseParams,
+  checkNewPeerTubeVersion,
+  checkNewPluginVersion,
+  prepareNotificationsTest
+} from '../../../../shared/extra-utils/users/user-notifications'
+import { UserNotification, UserNotificationType } from '../../../../shared/models/users'
+import { PluginType } from '@shared/models'
+
+describe('Test admin notifications', function () {
+  let server: ServerInfo
+  let userNotifications: UserNotification[] = []
+  let adminNotifications: UserNotification[] = []
+  let emails: object[] = []
+  let baseParams: CheckerBaseParams
+  let joinPeerTubeServer: MockJoinPeerTubeVersions
+
+  before(async function () {
+    this.timeout(120000)
+
+    const config = {
+      peertube: {
+        check_latest_version: {
+          enabled: true,
+          url: 'http://localhost:42102/versions.json'
+        }
+      },
+      plugins: {
+        index: {
+          enabled: true,
+          check_latest_versions_interval: '5 seconds'
+        }
+      }
+    }
+
+    const res = await prepareNotificationsTest(1, config)
+    emails = res.emails
+    server = res.servers[0]
+
+    userNotifications = res.userNotifications
+    adminNotifications = res.adminNotifications
+
+    baseParams = {
+      server: server,
+      emails,
+      socketNotifications: adminNotifications,
+      token: server.accessToken
+    }
+
+    await installPlugin({
+      url: server.url,
+      accessToken: server.accessToken,
+      npmName: 'peertube-plugin-hello-world'
+    })
+
+    await installPlugin({
+      url: server.url,
+      accessToken: server.accessToken,
+      npmName: 'peertube-theme-background-red'
+    })
+
+    joinPeerTubeServer = new MockJoinPeerTubeVersions()
+    await joinPeerTubeServer.initialize()
+  })
+
+  describe('Latest PeerTube version notification', function () {
+
+    it('Should not send a notification to admins if there is not a new version', async function () {
+      this.timeout(30000)
+
+      joinPeerTubeServer.setLatestVersion('1.4.2')
+
+      await wait(3000)
+      await checkNewPeerTubeVersion(baseParams, '1.4.2', 'absence')
+    })
+
+    it('Should send a notification to admins on new plugin version', async function () {
+      this.timeout(30000)
+
+      joinPeerTubeServer.setLatestVersion('15.4.2')
+
+      await wait(3000)
+      await checkNewPeerTubeVersion(baseParams, '15.4.2', 'presence')
+    })
+
+    it('Should not send the same notification to admins', async function () {
+      this.timeout(30000)
+
+      await wait(3000)
+      expect(adminNotifications.filter(n => n.type === UserNotificationType.NEW_PEERTUBE_VERSION)).to.have.lengthOf(1)
+    })
+
+    it('Should not have sent a notification to users', async function () {
+      this.timeout(30000)
+
+      expect(userNotifications.filter(n => n.type === UserNotificationType.NEW_PEERTUBE_VERSION)).to.have.lengthOf(0)
+    })
+
+    it('Should send a new notification after a new release', async function () {
+      this.timeout(30000)
+
+      joinPeerTubeServer.setLatestVersion('15.4.3')
+
+      await wait(3000)
+      await checkNewPeerTubeVersion(baseParams, '15.4.3', 'presence')
+      expect(adminNotifications.filter(n => n.type === UserNotificationType.NEW_PEERTUBE_VERSION)).to.have.lengthOf(2)
+    })
+  })
+
+  describe('Latest plugin version notification', function () {
+
+    it('Should not send a notification to admins if there is no new plugin version', async function () {
+      this.timeout(30000)
+
+      await wait(6000)
+      await checkNewPluginVersion(baseParams, PluginType.PLUGIN, 'hello-world', 'absence')
+    })
+
+    it('Should send a notification to admins on new plugin version', async function () {
+      this.timeout(30000)
+
+      await setPluginVersion(server.internalServerNumber, 'hello-world', '0.0.1')
+      await setPluginLatestVersion(server.internalServerNumber, 'hello-world', '0.0.1')
+      await wait(6000)
+
+      await checkNewPluginVersion(baseParams, PluginType.PLUGIN, 'hello-world', 'presence')
+    })
+
+    it('Should not send the same notification to admins', async function () {
+      this.timeout(30000)
+
+      await wait(6000)
+
+      expect(adminNotifications.filter(n => n.type === UserNotificationType.NEW_PLUGIN_VERSION)).to.have.lengthOf(1)
+    })
+
+    it('Should not have sent a notification to users', async function () {
+      expect(userNotifications.filter(n => n.type === UserNotificationType.NEW_PLUGIN_VERSION)).to.have.lengthOf(0)
+    })
+
+    it('Should send a new notification after a new plugin release', async function () {
+      this.timeout(30000)
+
+      await setPluginVersion(server.internalServerNumber, 'hello-world', '0.0.1')
+      await setPluginLatestVersion(server.internalServerNumber, 'hello-world', '0.0.1')
+      await wait(6000)
+
+      expect(adminNotifications.filter(n => n.type === UserNotificationType.NEW_PEERTUBE_VERSION)).to.have.lengthOf(2)
+    })
+  })
+
+  after(async function () {
+    MockSmtpServer.Instance.kill()
+
+    await cleanupTests([ server ])
+  })
+})
diff --git a/server/tests/api/notifications/index.ts b/server/tests/api/notifications/index.ts
index bd07a339e..8caa30a3d 100644
--- a/server/tests/api/notifications/index.ts
+++ b/server/tests/api/notifications/index.ts
@@ -1,3 +1,4 @@
+import './admin-notifications'
 import './comments-notifications'
 import './moderation-notifications'
 import './notifications-api'
diff --git a/server/tests/api/server/handle-down.ts b/server/tests/api/server/handle-down.ts
index 043754e70..f3ba11950 100644
--- a/server/tests/api/server/handle-down.ts
+++ b/server/tests/api/server/handle-down.ts
@@ -348,8 +348,8 @@ describe('Test handle downs', function () {
 
     for (let i = 0; i < 3; i++) {
       await getVideo(servers[1].url, videoIdsServer1[i])
-      await wait(1000)
       await waitJobs([ servers[1] ])
+      await wait(1500)
     }
 
     for (const id of videoIdsServer1) {
diff --git a/server/tests/api/server/services.ts b/server/tests/api/server/services.ts
index df910c111..f0fa91674 100644
--- a/server/tests/api/server/services.ts
+++ b/server/tests/api/server/services.ts
@@ -20,6 +20,7 @@ const expect = chai.expect
 describe('Test services', function () {
   let server: ServerInfo = null
   let playlistUUID: string
+  let playlistDisplayName: string
   let video: Video
 
   before(async function () {
@@ -52,6 +53,7 @@ describe('Test services', function () {
       })
 
       playlistUUID = res.body.videoPlaylist.uuid
+      playlistDisplayName = 'The Life and Times of Scrooge McDuck'
 
       await addVideoInPlaylist({
         url: server.url,
@@ -69,7 +71,7 @@ describe('Test services', function () {
 
     const res = await getOEmbed(server.url, oembedUrl)
     const expectedHtml = '<iframe width="560" height="315" sandbox="allow-same-origin allow-scripts" ' +
-      `src="http://localhost:${server.port}/videos/embed/${video.uuid}" ` +
+      `title="${video.name}" src="http://localhost:${server.port}/videos/embed/${video.uuid}" ` +
       'frameborder="0" allowfullscreen></iframe>'
     const expectedThumbnailUrl = 'http://localhost:' + server.port + video.previewPath
 
@@ -88,7 +90,7 @@ describe('Test services', function () {
 
     const res = await getOEmbed(server.url, oembedUrl)
     const expectedHtml = '<iframe width="560" height="315" sandbox="allow-same-origin allow-scripts" ' +
-      `src="http://localhost:${server.port}/video-playlists/embed/${playlistUUID}" ` +
+      `title="${playlistDisplayName}" src="http://localhost:${server.port}/video-playlists/embed/${playlistUUID}" ` +
       'frameborder="0" allowfullscreen></iframe>'
 
     expect(res.body.html).to.equal(expectedHtml)
@@ -97,8 +99,8 @@ describe('Test services', function () {
     expect(res.body.width).to.equal(560)
     expect(res.body.height).to.equal(315)
     expect(res.body.thumbnail_url).exist
-    expect(res.body.thumbnail_width).to.equal(223)
-    expect(res.body.thumbnail_height).to.equal(122)
+    expect(res.body.thumbnail_width).to.equal(280)
+    expect(res.body.thumbnail_height).to.equal(157)
   })
 
   it('Should have a valid oEmbed response with small max height query', async function () {
@@ -109,7 +111,7 @@ describe('Test services', function () {
 
     const res = await getOEmbed(server.url, oembedUrl, format, maxHeight, maxWidth)
     const expectedHtml = '<iframe width="50" height="50" sandbox="allow-same-origin allow-scripts" ' +
-      `src="http://localhost:${server.port}/videos/embed/${video.uuid}" ` +
+      `title="${video.name}" src="http://localhost:${server.port}/videos/embed/${video.uuid}" ` +
       'frameborder="0" allowfullscreen></iframe>'
 
     expect(res.body.html).to.equal(expectedHtml)
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index 62a59033f..cea98aac7 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -4,10 +4,12 @@ import 'mocha'
 import * as chai from 'chai'
 import { AbuseState, AbuseUpdate, MyUser, User, UserRole, Video, VideoPlaylistType } from '@shared/models'
 import { CustomConfig } from '@shared/models/server'
+import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
 import {
   addVideoCommentThread,
   blockUser,
   cleanupTests,
+  closeAllSequelize,
   createUser,
   deleteMe,
   flushAndRunServer,
@@ -24,6 +26,7 @@ import {
   getVideoChannel,
   getVideosList,
   installPlugin,
+  killallServers,
   login,
   makePutBodyRequest,
   rateVideo,
@@ -31,7 +34,9 @@ import {
   removeUser,
   removeVideo,
   reportAbuse,
+  reRunServer,
   ServerInfo,
+  setTokenField,
   testImage,
   unblockUser,
   updateAbuse,
@@ -44,10 +49,9 @@ import {
   waitJobs
 } from '../../../../shared/extra-utils'
 import { follow } from '../../../../shared/extra-utils/server/follows'
-import { logout, serverLogin, setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
+import { logout, refreshToken, setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
 import { getMyVideos } from '../../../../shared/extra-utils/videos/videos'
 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
-import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
 
 const expect = chai.expect
 
@@ -89,6 +93,7 @@ describe('Test users', function () {
       const client = { id: 'client', secret: server.client.secret }
       const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400)
 
+      expect(res.body.code).to.equal('invalid_client')
       expect(res.body.error).to.contain('client is invalid')
     })
 
@@ -96,6 +101,7 @@ describe('Test users', function () {
       const client = { id: server.client.id, secret: 'coucou' }
       const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400)
 
+      expect(res.body.code).to.equal('invalid_client')
       expect(res.body.error).to.contain('client is invalid')
     })
   })
@@ -106,6 +112,7 @@ describe('Test users', function () {
       const user = { username: 'captain crochet', password: server.user.password }
       const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400)
 
+      expect(res.body.code).to.equal('invalid_grant')
       expect(res.body.error).to.contain('credentials are invalid')
     })
 
@@ -113,6 +120,7 @@ describe('Test users', function () {
       const user = { username: server.user.username, password: 'mew_three' }
       const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400)
 
+      expect(res.body.code).to.equal('invalid_grant')
       expect(res.body.error).to.contain('credentials are invalid')
     })
 
@@ -245,12 +253,44 @@ describe('Test users', function () {
     })
 
     it('Should be able to login again', async function () {
-      server.accessToken = await serverLogin(server)
+      const res = await login(server.url, server.client, server.user)
+      server.accessToken = res.body.access_token
+      server.refreshToken = res.body.refresh_token
+    })
+
+    it('Should be able to get my user information again', async function () {
+      await getMyUserInformation(server.url, server.accessToken)
+    })
+
+    it('Should have an expired access token', async function () {
+      this.timeout(15000)
+
+      await setTokenField(server.internalServerNumber, server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
+      await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
+
+      killallServers([ server ])
+      await reRunServer(server)
+
+      await getMyUserInformation(server.url, server.accessToken, 401)
+    })
+
+    it('Should not be able to refresh an access token with an expired refresh token', async function () {
+      await refreshToken(server, server.refreshToken, 400)
     })
 
-    it('Should have an expired access token')
+    it('Should refresh the token', async function () {
+      this.timeout(15000)
+
+      const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
+      await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', futureDate)
 
-    it('Should refresh the token')
+      killallServers([ server ])
+      await reRunServer(server)
+
+      const res = await refreshToken(server, server.refreshToken)
+      server.accessToken = res.body.access_token
+      server.refreshToken = res.body.refresh_token
+    })
 
     it('Should be able to get my user information again', async function () {
       await getMyUserInformation(server.url, server.accessToken)
@@ -976,6 +1016,7 @@ describe('Test users', function () {
   })
 
   after(async function () {
+    await closeAllSequelize([ server ])
     await cleanupTests([ server ])
   })
 })
diff --git a/server/tests/api/videos/video-channels.ts b/server/tests/api/videos/video-channels.ts
index 367f99fdd..d12d58e75 100644
--- a/server/tests/api/videos/video-channels.ts
+++ b/server/tests/api/videos/video-channels.ts
@@ -2,16 +2,20 @@
 
 import 'mocha'
 import * as chai from 'chai'
+import { basename } from 'path'
 import {
   cleanupTests,
   createUser,
+  deleteVideoChannelImage,
   doubleFollow,
   flushAndRunMultipleServers,
+  getActorImage,
   getVideo,
+  getVideoChannel,
   getVideoChannelVideos,
   testImage,
   updateVideo,
-  updateVideoChannelAvatar,
+  updateVideoChannelImage,
   uploadVideo,
   userLogin,
   wait
@@ -21,7 +25,6 @@ import {
   deleteVideoChannel,
   getAccountVideoChannelsList,
   getMyUserInformation,
-  getVideoChannel,
   getVideoChannelsList,
   ServerInfo,
   setAccessTokensToServers,
@@ -30,9 +33,17 @@ import {
 } from '../../../../shared/extra-utils/index'
 import { waitJobs } from '../../../../shared/extra-utils/server/jobs'
 import { User, Video, VideoChannel, VideoDetails } from '../../../../shared/index'
+import { ACTOR_IMAGES_SIZE } from '@server/initializers/constants'
 
 const expect = chai.expect
 
+async function findChannel (server: ServerInfo, channelId: number) {
+  const res = await getVideoChannelsList(server.url, 0, 5, '-name')
+  const videoChannel = res.body.data.find(c => c.id === channelId)
+
+  return videoChannel as VideoChannel
+}
+
 describe('Test video channels', function () {
   let servers: ServerInfo[]
   let userInfo: User
@@ -262,38 +273,94 @@ describe('Test video channels', function () {
   })
 
   it('Should update video channel avatar', async function () {
-    this.timeout(5000)
+    this.timeout(15000)
 
     const fixture = 'avatar.png'
 
-    await updateVideoChannelAvatar({
+    await updateVideoChannelImage({
       url: servers[0].url,
       accessToken: servers[0].accessToken,
       videoChannelName: 'second_video_channel',
-      fixture
+      fixture,
+      type: 'avatar'
     })
 
     await waitJobs(servers)
+
+    for (const server of servers) {
+      const videoChannel = await findChannel(server, secondVideoChannelId)
+
+      await testImage(server.url, 'avatar-resized', videoChannel.avatar.path, '.png')
+
+      const row = await getActorImage(server.internalServerNumber, basename(videoChannel.avatar.path))
+      expect(row.height).to.equal(ACTOR_IMAGES_SIZE.AVATARS.height)
+      expect(row.width).to.equal(ACTOR_IMAGES_SIZE.AVATARS.width)
+    }
   })
 
-  it('Should have video channel avatar updated', async function () {
+  it('Should update video channel banner', async function () {
+    this.timeout(15000)
+
+    const fixture = 'banner.jpg'
+
+    await updateVideoChannelImage({
+      url: servers[0].url,
+      accessToken: servers[0].accessToken,
+      videoChannelName: 'second_video_channel',
+      fixture,
+      type: 'banner'
+    })
+
+    await waitJobs(servers)
+
     for (const server of servers) {
-      const res = await getVideoChannelsList(server.url, 0, 1, '-name')
+      const res = await getVideoChannel(server.url, 'second_video_channel@' + servers[0].host)
+      const videoChannel = res.body
 
-      const videoChannel = res.body.data.find(c => c.id === secondVideoChannelId)
+      await testImage(server.url, 'banner-resized', videoChannel.banner.path)
 
-      await testImage(server.url, 'avatar-resized', videoChannel.avatar.path, '.png')
+      const row = await getActorImage(server.internalServerNumber, basename(videoChannel.banner.path))
+      expect(row.height).to.equal(ACTOR_IMAGES_SIZE.BANNERS.height)
+      expect(row.width).to.equal(ACTOR_IMAGES_SIZE.BANNERS.width)
+    }
+  })
+
+  it('Should delete the video channel avatar', async function () {
+    this.timeout(15000)
+
+    await deleteVideoChannelImage({
+      url: servers[0].url,
+      accessToken: servers[0].accessToken,
+      videoChannelName: 'second_video_channel',
+      type: 'avatar'
+    })
+
+    await waitJobs(servers)
+
+    for (const server of servers) {
+      const videoChannel = await findChannel(server, secondVideoChannelId)
+
+      expect(videoChannel.avatar).to.be.null
     }
   })
 
-  it('Should get video channel', async function () {
-    const res = await getVideoChannel(servers[0].url, 'second_video_channel')
+  it('Should delete the video channel banner', async function () {
+    this.timeout(15000)
+
+    await deleteVideoChannelImage({
+      url: servers[0].url,
+      accessToken: servers[0].accessToken,
+      videoChannelName: 'second_video_channel',
+      type: 'banner'
+    })
+
+    await waitJobs(servers)
+
+    for (const server of servers) {
+      const videoChannel = await findChannel(server, secondVideoChannelId)
 
-    const videoChannel = res.body
-    expect(videoChannel.name).to.equal('second_video_channel')
-    expect(videoChannel.displayName).to.equal('video channel updated')
-    expect(videoChannel.description).to.equal('video channel description updated')
-    expect(videoChannel.support).to.equal('video channel support text updated')
+      expect(videoChannel.banner).to.be.null
+    }
   })
 
   it('Should list the second video channel videos', async function () {
diff --git a/server/tests/cli/index.ts b/server/tests/cli/index.ts
index 242589010..7e6eebd17 100644
--- a/server/tests/cli/index.ts
+++ b/server/tests/cli/index.ts
@@ -6,5 +6,6 @@ import './peertube'
 import './plugins'
 import './print-transcode-command'
 import './prune-storage'
+import './regenerate-thumbnails'
 import './reset-password'
 import './update-host'
diff --git a/server/tests/cli/regenerate-thumbnails.ts b/server/tests/cli/regenerate-thumbnails.ts
new file mode 100644
index 000000000..8acb9f263
--- /dev/null
+++ b/server/tests/cli/regenerate-thumbnails.ts
@@ -0,0 +1,124 @@
+import 'mocha'
+import { expect } from 'chai'
+import { writeFile } from 'fs-extra'
+import { basename, join } from 'path'
+import { Video, VideoDetails } from '@shared/models'
+import {
+  buildServerDirectory,
+  cleanupTests,
+  doubleFollow,
+  execCLI,
+  flushAndRunMultipleServers,
+  getEnvCli,
+  getVideo,
+  makeRawRequest,
+  ServerInfo,
+  setAccessTokensToServers,
+  uploadVideoAndGetId,
+  waitJobs
+} from '../../../shared/extra-utils'
+import { HttpStatusCode } from '@shared/core-utils'
+
+async function testThumbnail (server: ServerInfo, videoId: number | string) {
+  const res = await getVideo(server.url, videoId)
+  const video: VideoDetails = res.body
+
+  const res1 = await makeRawRequest(join(server.url, video.thumbnailPath), HttpStatusCode.OK_200)
+  expect(res1.body).to.not.have.lengthOf(0)
+
+  const res2 = await makeRawRequest(join(server.url, video.thumbnailPath), HttpStatusCode.OK_200)
+  expect(res2.body).to.not.have.lengthOf(0)
+}
+
+describe('Test regenerate thumbnails script', function () {
+  let servers: ServerInfo[]
+
+  let video1: Video
+  let video2: Video
+  let remoteVideo: Video
+
+  let thumbnail1Path: string
+  let thumbnailRemotePath: string
+
+  before(async function () {
+    this.timeout(60000)
+
+    servers = await flushAndRunMultipleServers(2)
+    await setAccessTokensToServers(servers)
+
+    await doubleFollow(servers[0], servers[1])
+
+    {
+      const videoUUID1 = (await uploadVideoAndGetId({ server: servers[0], videoName: 'video 1' })).uuid
+      video1 = await (getVideo(servers[0].url, videoUUID1).then(res => res.body))
+
+      thumbnail1Path = join(buildServerDirectory(servers[0], 'thumbnails'), basename(video1.thumbnailPath))
+
+      const videoUUID2 = (await uploadVideoAndGetId({ server: servers[0], videoName: 'video 2' })).uuid
+      video2 = await (getVideo(servers[0].url, videoUUID2).then(res => res.body))
+    }
+
+    {
+      const videoUUID = (await uploadVideoAndGetId({ server: servers[1], videoName: 'video 3' })).uuid
+      await waitJobs(servers)
+
+      remoteVideo = await (getVideo(servers[0].url, videoUUID).then(res => res.body))
+
+      thumbnailRemotePath = join(buildServerDirectory(servers[0], 'thumbnails'), basename(remoteVideo.thumbnailPath))
+    }
+
+    await writeFile(thumbnail1Path, '')
+    await writeFile(thumbnailRemotePath, '')
+  })
+
+  it('Should have empty thumbnails', async function () {
+    {
+      const res = await makeRawRequest(join(servers[0].url, video1.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res.body).to.have.lengthOf(0)
+    }
+
+    {
+      const res = await makeRawRequest(join(servers[0].url, video2.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res.body).to.not.have.lengthOf(0)
+    }
+
+    {
+      const res = await makeRawRequest(join(servers[0].url, remoteVideo.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res.body).to.have.lengthOf(0)
+    }
+  })
+
+  it('Should regenerate local thumbnails from the CLI', async function () {
+    this.timeout(15000)
+
+    const env = getEnvCli(servers[0])
+    await execCLI(`${env} npm run regenerate-thumbnails`)
+  })
+
+  it('Should have generated new thumbnail files', async function () {
+    await testThumbnail(servers[0], video1.uuid)
+    await testThumbnail(servers[0], video2.uuid)
+
+    const res = await makeRawRequest(join(servers[0].url, remoteVideo.thumbnailPath), HttpStatusCode.OK_200)
+    expect(res.body).to.have.lengthOf(0)
+  })
+
+  it('Should have deleted old thumbnail files', async function () {
+    {
+      await makeRawRequest(join(servers[0].url, video1.thumbnailPath), HttpStatusCode.NOT_FOUND_404)
+    }
+
+    {
+      await makeRawRequest(join(servers[0].url, video2.thumbnailPath), HttpStatusCode.NOT_FOUND_404)
+    }
+
+    {
+      const res = await makeRawRequest(join(servers[0].url, remoteVideo.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res.body).to.have.lengthOf(0)
+    }
+  })
+
+  after(async function () {
+    await cleanupTests(servers)
+  })
+})
diff --git a/server/tests/feeds/feeds.ts b/server/tests/feeds/feeds.ts
index f1055ea44..7bad81751 100644
--- a/server/tests/feeds/feeds.ts
+++ b/server/tests/feeds/feeds.ts
@@ -2,7 +2,7 @@
 
 import 'mocha'
 import * as chai from 'chai'
-import * as libxmljs from 'libxmljs'
+import * as xmlParser from 'fast-xml-parser'
 import {
   addAccountToAccountBlocklist,
   addAccountToServerBlocklist,
@@ -139,12 +139,15 @@ describe('Test syndication feeds', () => {
     it('Should contain a valid enclosure (covers RSS 2.0 endpoint)', async function () {
       for (const server of servers) {
         const rss = await getXMLfeed(server.url, 'videos')
-        const xmlDoc = libxmljs.parseXmlString(rss.text)
-        const xmlEnclosure = xmlDoc.get('/rss/channel/item/enclosure')
-        expect(xmlEnclosure).to.exist
-        expect(xmlEnclosure.attr('type').value()).to.be.equal('application/x-bittorrent')
-        expect(xmlEnclosure.attr('length').value()).to.be.equal('218910')
-        expect(xmlEnclosure.attr('url').value()).to.contain('720.torrent')
+        expect(xmlParser.validate(rss.text)).to.be.true
+
+        const xmlDoc = xmlParser.parse(rss.text, { parseAttributeValue: true, ignoreAttributes: false })
+
+        const enclosure = xmlDoc.rss.channel.item[0].enclosure
+        expect(enclosure).to.exist
+        expect(enclosure['@_type']).to.equal('application/x-bittorrent')
+        expect(enclosure['@_length']).to.equal(218910)
+        expect(enclosure['@_url']).to.contain('720.torrent')
       }
     })
 
diff --git a/server/tests/fixtures/banner-resized.jpg b/server/tests/fixtures/banner-resized.jpg
new file mode 100644
index 000000000..13ea422cb
--- /dev/null
+++ b/server/tests/fixtures/banner-resized.jpg
diff --git a/server/tests/fixtures/banner.jpg b/server/tests/fixtures/banner.jpg
new file mode 100644
index 000000000..e5f284f59
--- /dev/null
+++ b/server/tests/fixtures/banner.jpg
diff --git a/server/tests/fixtures/peertube-plugin-test/main.js b/server/tests/fixtures/peertube-plugin-test/main.js
index 305d92002..ee0bc39f3 100644
--- a/server/tests/fixtures/peertube-plugin-test/main.js
+++ b/server/tests/fixtures/peertube-plugin-test/main.js
@@ -184,6 +184,76 @@ async function register ({ registerHook, registerSetting, settingsManager, stora
       return result
     }
   })
+
+  registerHook({
+    target: 'filter:api.download.torrent.allowed.result',
+    handler: (result, params) => {
+      if (params && params.downloadName.includes('bad torrent')) {
+        return { allowed: false, errorMessage: 'Liu Bei' }
+      }
+
+      return result
+    }
+  })
+
+  registerHook({
+    target: 'filter:api.download.video.allowed.result',
+    handler: (result, params) => {
+      if (params && !params.streamingPlaylist && params.video.name.includes('bad file')) {
+        return { allowed: false, errorMessage: 'Cao Cao' }
+      }
+
+      if (params && params.streamingPlaylist && params.video.name.includes('bad playlist file')) {
+        return { allowed: false, errorMessage: 'Sun Jian' }
+      }
+
+      return result
+    }
+  })
+
+  registerHook({
+    target: 'filter:html.embed.video.allowed.result',
+    handler: (result, params) => {
+      return {
+        allowed: false,
+        html: 'Lu Bu'
+      }
+    }
+  })
+
+  registerHook({
+    target: 'filter:html.embed.video-playlist.allowed.result',
+    handler: (result, params) => {
+      return {
+        allowed: false,
+        html: 'Diao Chan'
+      }
+    }
+  })
+
+  {
+    const searchHooks = [
+      'filter:api.search.videos.local.list.params',
+      'filter:api.search.videos.local.list.result',
+      'filter:api.search.videos.index.list.params',
+      'filter:api.search.videos.index.list.result',
+      'filter:api.search.video-channels.local.list.params',
+      'filter:api.search.video-channels.local.list.result',
+      'filter:api.search.video-channels.index.list.params',
+      'filter:api.search.video-channels.index.list.result',
+    ]
+
+    for (const h of searchHooks) {
+      registerHook({
+        target: h,
+        handler: (obj) => {
+          peertubeHelpers.logger.debug('Run hook %s.', h)
+
+          return obj
+        }
+      })
+    }
+  }
 }
 
 async function unregister () {
diff --git a/server/tests/fixtures/thumbnail-playlist.jpg b/server/tests/fixtures/thumbnail-playlist.jpg
index 19db4f18c..62cd77435 100644
--- a/server/tests/fixtures/thumbnail-playlist.jpg
+++ b/server/tests/fixtures/thumbnail-playlist.jpg
diff --git a/server/tests/fixtures/video_import_thumbnail.jpg b/server/tests/fixtures/video_import_thumbnail.jpg
index fcc50b75f..9ee1bc382 100644
--- a/server/tests/fixtures/video_import_thumbnail.jpg
+++ b/server/tests/fixtures/video_import_thumbnail.jpg
diff --git a/server/tests/fixtures/video_short.mp4.jpg b/server/tests/fixtures/video_short.mp4.jpg
index 48790ffec..62cd77435 100644
--- a/server/tests/fixtures/video_short.mp4.jpg
+++ b/server/tests/fixtures/video_short.mp4.jpg
diff --git a/server/tests/fixtures/video_short.ogv.jpg b/server/tests/fixtures/video_short.ogv.jpg
index c4c1d00e5..62cd77435 100644
--- a/server/tests/fixtures/video_short.ogv.jpg
+++ b/server/tests/fixtures/video_short.ogv.jpg
diff --git a/server/tests/fixtures/video_short.webm.jpg b/server/tests/fixtures/video_short.webm.jpg
index 7f8047516..62cd77435 100644
--- a/server/tests/fixtures/video_short.webm.jpg
+++ b/server/tests/fixtures/video_short.webm.jpg
diff --git a/server/tests/fixtures/video_short1.webm.jpg b/server/tests/fixtures/video_short1.webm.jpg
index 582eb9ea3..615cb2a5d 100644
--- a/server/tests/fixtures/video_short1.webm.jpg
+++ b/server/tests/fixtures/video_short1.webm.jpg
diff --git a/server/tests/fixtures/video_short2.webm.jpg b/server/tests/fixtures/video_short2.webm.jpg
index b331aba3b..aa3126381 100644
--- a/server/tests/fixtures/video_short2.webm.jpg
+++ b/server/tests/fixtures/video_short2.webm.jpg
diff --git a/server/tests/fixtures/video_short3.webm.jpg b/server/tests/fixtures/video_short3.webm.jpg
index ec8652167..62cd77435 100644
--- a/server/tests/fixtures/video_short3.webm.jpg
+++ b/server/tests/fixtures/video_short3.webm.jpg
diff --git a/server/tests/helpers/request.ts b/server/tests/helpers/request.ts
index f8b2d599b..5e77f129e 100644
--- a/server/tests/helpers/request.ts
+++ b/server/tests/helpers/request.ts
@@ -1,11 +1,11 @@
 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
 
 import 'mocha'
-import { doRequest, doRequestAndSaveToFile } from '../../helpers/requests'
-import { get4KFileUrl, root, wait } from '../../../shared/extra-utils'
-import { join } from 'path'
-import { pathExists, remove } from 'fs-extra'
 import { expect } from 'chai'
+import { pathExists, remove } from 'fs-extra'
+import { join } from 'path'
+import { get4KFileUrl, root, wait } from '../../../shared/extra-utils'
+import { doRequest, doRequestAndSaveToFile } from '../../helpers/requests'
 
 describe('Request helpers', function () {
   const destPath1 = join(root(), 'test-output-1.txt')
@@ -13,7 +13,7 @@ describe('Request helpers', function () {
 
   it('Should throw an error when the bytes limit is exceeded for request', async function () {
     try {
-      await doRequest({ uri: get4KFileUrl() }, 3)
+      await doRequest(get4KFileUrl(), { bodyKBLimit: 3 })
     } catch {
       return
     }
@@ -23,7 +23,7 @@ describe('Request helpers', function () {
 
   it('Should throw an error when the bytes limit is exceeded for request and save file', async function () {
     try {
-      await doRequestAndSaveToFile({ uri: get4KFileUrl() }, destPath1, 3)
+      await doRequestAndSaveToFile(get4KFileUrl(), destPath1, { bodyKBLimit: 3 })
     } catch {
 
       await wait(500)
@@ -35,8 +35,8 @@ describe('Request helpers', function () {
   })
 
   it('Should succeed if the file is below the limit', async function () {
-    await doRequest({ uri: get4KFileUrl() }, 5)
-    await doRequestAndSaveToFile({ uri: get4KFileUrl() }, destPath2, 5)
+    await doRequest(get4KFileUrl(), { bodyKBLimit: 5 })
+    await doRequestAndSaveToFile(get4KFileUrl(), destPath2, { bodyKBLimit: 5 })
 
     expect(await pathExists(destPath2)).to.be.true
   })
diff --git a/server/tests/plugins/external-auth.ts b/server/tests/plugins/external-auth.ts
index a1b5e8f5d..5addb45c7 100644
--- a/server/tests/plugins/external-auth.ts
+++ b/server/tests/plugins/external-auth.ts
@@ -137,7 +137,7 @@ describe('Test external auth plugins', function () {
 
     await loginUsingExternalToken(server, 'cyan', externalAuthToken, HttpStatusCode.BAD_REQUEST_400)
 
-    await waitUntilLog(server, 'expired external auth token')
+    await waitUntilLog(server, 'expired external auth token', 2)
   })
 
   it('Should auto login Cyan, create the user and use the token', async function () {
diff --git a/server/tests/plugins/filter-hooks.ts b/server/tests/plugins/filter-hooks.ts
index d88170201..ac958c5f5 100644
--- a/server/tests/plugins/filter-hooks.ts
+++ b/server/tests/plugins/filter-hooks.ts
@@ -2,11 +2,15 @@
 
 import 'mocha'
 import * as chai from 'chai'
+import { advancedVideoChannelSearch } from '@shared/extra-utils/search/video-channels'
 import { ServerConfig } from '@shared/models'
+import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
 import {
   addVideoCommentReply,
   addVideoCommentThread,
+  advancedVideosSearch,
   createLive,
+  createVideoPlaylist,
   doubleFollow,
   getAccountVideos,
   getConfig,
@@ -15,24 +19,33 @@ import {
   getVideo,
   getVideoChannelVideos,
   getVideoCommentThreads,
+  getVideoPlaylist,
   getVideosList,
   getVideosListPagination,
   getVideoThreadComments,
   getVideoWithToken,
   installPlugin,
+  makeRawRequest,
   registerUser,
   setAccessTokensToServers,
   setDefaultVideoChannel,
   updateCustomSubConfig,
   updateVideo,
   uploadVideo,
+  uploadVideoAndGetId,
   waitJobs
 } from '../../../shared/extra-utils'
-import { cleanupTests, flushAndRunMultipleServers, ServerInfo } from '../../../shared/extra-utils/server/servers'
+import { cleanupTests, flushAndRunMultipleServers, ServerInfo, waitUntilLog } from '../../../shared/extra-utils/server/servers'
 import { getGoodVideoUrl, getMyVideoImports, importVideo } from '../../../shared/extra-utils/videos/video-imports'
-import { VideoDetails, VideoImport, VideoImportState, VideoPrivacy } from '../../../shared/models/videos'
+import {
+  VideoDetails,
+  VideoImport,
+  VideoImportState,
+  VideoPlaylist,
+  VideoPlaylistPrivacy,
+  VideoPrivacy
+} from '../../../shared/models/videos'
 import { VideoCommentThreadTree } from '../../../shared/models/videos/video-comment.model'
-import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
 
 const expect = chai.expect
 
@@ -355,6 +368,165 @@ describe('Test plugin filter hooks', function () {
     })
   })
 
+  describe('Download hooks', function () {
+    const downloadVideos: VideoDetails[] = []
+
+    before(async function () {
+      this.timeout(60000)
+
+      await updateCustomSubConfig(servers[0].url, servers[0].accessToken, {
+        transcoding: {
+          webtorrent: {
+            enabled: true
+          },
+          hls: {
+            enabled: true
+          }
+        }
+      })
+
+      const uuids: string[] = []
+
+      for (const name of [ 'bad torrent', 'bad file', 'bad playlist file' ]) {
+        const uuid = (await uploadVideoAndGetId({ server: servers[0], videoName: name })).uuid
+        uuids.push(uuid)
+      }
+
+      await waitJobs(servers)
+
+      for (const uuid of uuids) {
+        const res = await getVideo(servers[0].url, uuid)
+        downloadVideos.push(res.body)
+      }
+    })
+
+    it('Should run filter:api.download.torrent.allowed.result', async function () {
+      const res = await makeRawRequest(downloadVideos[0].files[0].torrentDownloadUrl, 403)
+      expect(res.body.error).to.equal('Liu Bei')
+
+      await makeRawRequest(downloadVideos[1].files[0].torrentDownloadUrl, 200)
+      await makeRawRequest(downloadVideos[2].files[0].torrentDownloadUrl, 200)
+    })
+
+    it('Should run filter:api.download.video.allowed.result', async function () {
+      {
+        const res = await makeRawRequest(downloadVideos[1].files[0].fileDownloadUrl, 403)
+        expect(res.body.error).to.equal('Cao Cao')
+
+        await makeRawRequest(downloadVideos[0].files[0].fileDownloadUrl, 200)
+        await makeRawRequest(downloadVideos[2].files[0].fileDownloadUrl, 200)
+      }
+
+      {
+        const res = await makeRawRequest(downloadVideos[2].streamingPlaylists[0].files[0].fileDownloadUrl, 403)
+        expect(res.body.error).to.equal('Sun Jian')
+
+        await makeRawRequest(downloadVideos[2].files[0].fileDownloadUrl, 200)
+
+        await makeRawRequest(downloadVideos[0].streamingPlaylists[0].files[0].fileDownloadUrl, 200)
+        await makeRawRequest(downloadVideos[1].streamingPlaylists[0].files[0].fileDownloadUrl, 200)
+      }
+    })
+  })
+
+  describe('Embed filters', function () {
+    const embedVideos: VideoDetails[] = []
+    const embedPlaylists: VideoPlaylist[] = []
+
+    before(async function () {
+      this.timeout(60000)
+
+      await updateCustomSubConfig(servers[0].url, servers[0].accessToken, {
+        transcoding: {
+          enabled: false
+        }
+      })
+
+      for (const name of [ 'bad embed', 'good embed' ]) {
+        {
+          const uuid = (await uploadVideoAndGetId({ server: servers[0], videoName: name })).uuid
+          const res = await getVideo(servers[0].url, uuid)
+          embedVideos.push(res.body)
+        }
+
+        {
+          const playlistAttrs = { displayName: name, videoChannelId: servers[0].videoChannel.id, privacy: VideoPlaylistPrivacy.PUBLIC }
+          const res = await createVideoPlaylist({ url: servers[0].url, token: servers[0].accessToken, playlistAttrs })
+
+          const resPlaylist = await getVideoPlaylist(servers[0].url, res.body.videoPlaylist.id)
+          embedPlaylists.push(resPlaylist.body)
+        }
+      }
+    })
+
+    it('Should run filter:html.embed.video.allowed.result', async function () {
+      const res = await makeRawRequest(servers[0].url + embedVideos[0].embedPath, 200)
+      expect(res.text).to.equal('Lu Bu')
+    })
+
+    it('Should run filter:html.embed.video-playlist.allowed.result', async function () {
+      const res = await makeRawRequest(servers[0].url + embedPlaylists[0].embedPath, 200)
+      expect(res.text).to.equal('Diao Chan')
+    })
+  })
+
+  describe('Search filters', function () {
+
+    before(async function () {
+      await updateCustomSubConfig(servers[0].url, servers[0].accessToken, {
+        search: {
+          searchIndex: {
+            enabled: true,
+            isDefaultSearch: false,
+            disableLocalSearch: false
+          }
+        }
+      })
+    })
+
+    it('Should run filter:api.search.videos.local.list.{params,result}', async function () {
+      await advancedVideosSearch(servers[0].url, {
+        search: 'Sun Quan'
+      })
+
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.local.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.local.list.result', 1)
+    })
+
+    it('Should run filter:api.search.videos.index.list.{params,result}', async function () {
+      await advancedVideosSearch(servers[0].url, {
+        search: 'Sun Quan',
+        searchTarget: 'search-index'
+      })
+
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.local.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.local.list.result', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.index.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.index.list.result', 1)
+    })
+
+    it('Should run filter:api.search.video-channels.local.list.{params,result}', async function () {
+      await advancedVideoChannelSearch(servers[0].url, {
+        search: 'Sun Ce'
+      })
+
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.local.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.local.list.result', 1)
+    })
+
+    it('Should run filter:api.search.video-channels.index.list.{params,result}', async function () {
+      await advancedVideoChannelSearch(servers[0].url, {
+        search: 'Sun Ce',
+        searchTarget: 'search-index'
+      })
+
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.local.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.local.list.result', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.index.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.index.list.result', 1)
+    })
+  })
+
   after(async function () {
     await cleanupTests(servers)
   })