From d9eaee3939bf2e93e5d775d32bce77842201faba Mon Sep 17 00:00:00 2001 From: Josh Morel Date: Fri, 31 Aug 2018 03:18:19 -0400 Subject: add user account email verificiation (#977) * add user account email verificiation includes server and client code to: * enable verificationRequired via custom config * send verification email with registration * ask for verification email * verify via email * prevent login if not verified and required * conditional client links to ask for new verification email * allow login for verified=null these are users created when verification not required should still be able to login when verification is enabled * refactor email verifcation pr * change naming from verified to emailVerified * change naming from askVerifyEmail to askSendVerifyEmail * undo unrelated automatic prettier formatting on api/config * use redirectService for home * remove redundant success notification on email verified * revert test.yaml smpt host --- server/tests/api/users/index.ts | 1 + server/tests/api/users/users-verification.ts | 133 +++++++++++++++++++++++++++ server/tests/api/users/users.ts | 2 +- 3 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 server/tests/api/users/users-verification.ts (limited to 'server/tests/api/users') diff --git a/server/tests/api/users/index.ts b/server/tests/api/users/index.ts index 4ce87fb91..21d75da3e 100644 --- a/server/tests/api/users/index.ts +++ b/server/tests/api/users/index.ts @@ -1,3 +1,4 @@ import './user-subscriptions' import './users' +import './users-verification' import './users-multiple-servers' diff --git a/server/tests/api/users/users-verification.ts b/server/tests/api/users/users-verification.ts new file mode 100644 index 000000000..fa5f5e371 --- /dev/null +++ b/server/tests/api/users/users-verification.ts @@ -0,0 +1,133 @@ +/* tslint:disable:no-unused-expression */ + +import * as chai from 'chai' +import 'mocha' +import { + registerUser, flushTests, getUserInformation, getMyUserInformation, killallServers, + userLogin, login, runServer, ServerInfo, verifyEmail, updateCustomSubConfig +} from '../../utils' +import { setAccessTokensToServers } from '../../utils/users/login' +import { mockSmtpServer } from '../../utils/miscs/email' +import { waitJobs } from '../../utils/server/jobs' + +const expect = chai.expect + +describe('Test users account verification', function () { + let server: ServerInfo + let userId: number + let verificationString: string + let expectedEmailsLength = 0 + const user1 = { + username: 'user_1', + password: 'super password' + } + const user2 = { + username: 'user_2', + password: 'super password' + } + const emails: object[] = [] + + before(async function () { + this.timeout(30000) + + await mockSmtpServer(emails) + + await flushTests() + + const overrideConfig = { + smtp: { + hostname: 'localhost' + } + } + server = await runServer(1, overrideConfig) + + await setAccessTokensToServers([ server ]) + }) + + it('Should register user and send verification email if verification required', async function () { + this.timeout(5000) + await updateCustomSubConfig(server.url, server.accessToken, { + signup: { + enabled: true, + requiresEmailVerification: true, + limit: 10 + } + }) + + await registerUser(server.url, user1.username, user1.password) + + await waitJobs(server) + expectedEmailsLength++ + expect(emails).to.have.lengthOf(expectedEmailsLength) + + const email = emails[expectedEmailsLength - 1] + + const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text']) + expect(verificationStringMatches).not.to.be.null + + verificationString = verificationStringMatches[1] + expect(verificationString).to.have.length.above(2) + + const userIdMatches = /userId=([0-9]+)/.exec(email['text']) + expect(userIdMatches).not.to.be.null + + userId = parseInt(userIdMatches[1], 10) + + const resUserInfo = await getUserInformation(server.url, server.accessToken, userId) + expect(resUserInfo.body.emailVerified).to.be.false + }) + + it('Should not allow login for user with unverified email', async function () { + const resLogin = await login(server.url, server.client, user1, 400) + expect(resLogin.body.error).to.contain('User email is not verified.') + }) + + it('Should verify the user via email and allow login', async function () { + await verifyEmail(server.url, userId, verificationString) + await login(server.url, server.client, user1) + const resUserVerified = await getUserInformation(server.url, server.accessToken, userId) + expect(resUserVerified.body.emailVerified).to.be.true + }) + + it('Should register user not requiring email verification if setting not enabled', async function () { + this.timeout(5000) + await updateCustomSubConfig(server.url, server.accessToken, { + signup: { + enabled: true, + requiresEmailVerification: false, + limit: 10 + } + }) + + await registerUser(server.url, user2.username, user2.password) + + await waitJobs(server) + expect(emails).to.have.lengthOf(expectedEmailsLength) + + const accessToken = await userLogin(server, user2) + + const resMyUserInfo = await getMyUserInformation(server.url, accessToken) + expect(resMyUserInfo.body.emailVerified).to.be.null + }) + + it('Should allow login for user with unverified email when setting later enabled', async function () { + await updateCustomSubConfig(server.url, server.accessToken, { + signup: { + enabled: true, + requiresEmailVerification: true, + limit: 10 + } + }) + + await userLogin(server, user2) + }) + + after(async function () { + killallServers([ server ]) + + // Keep the logs if the test failed + if (this[ 'ok' ]) { + await flushTests() + } + }) +}) diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts index 04dcc8fd1..c0dd587ee 100644 --- a/server/tests/api/users/users.ts +++ b/server/tests/api/users/users.ts @@ -7,7 +7,7 @@ import { createUser, flushTests, getBlacklistedVideosList, getMyUserInformation, getMyUserVideoQuotaUsed, getMyUserVideoRating, getUserInformation, getUsersList, getUsersListPaginationAndSort, getVideosList, killallServers, login, makePutBodyRequest, rateVideo, registerUser, removeUser, removeVideo, runServer, ServerInfo, testImage, updateMyAvatar, updateMyUser, updateUser, uploadVideo, userLogin, - deleteMe, blockUser, unblockUser + deleteMe, blockUser, unblockUser, updateCustomSubConfig } from '../../utils/index' import { follow } from '../../utils/server/follows' import { setAccessTokensToServers } from '../../utils/users/login' -- cgit v1.2.3