import { database as db } from '../../initializers/database'
import { checkErrors } from './utils'
import { isSignupAllowed, logger } from '../../helpers'
-import { VideoInstance } from '../../models'
+import { UserInstance, VideoInstance } from '../../models'
function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
logger.debug('Checking usersAdd parameters', { parameters: req.body })
checkErrors(req, res, () => {
- db.User.loadByUsernameOrEmail(req.body.username, req.body.email)
- .then(user => {
- if (user) return res.status(409).send('User already exists.')
+ checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
+ })
+}
- next()
- })
- .catch(err => {
- logger.error('Error in usersAdd request validator.', err)
- return res.sendStatus(500)
- })
+function usersRegisterValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+ req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
+ req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+ req.checkBody('email', 'Should have a valid email').isEmail()
+
+ logger.debug('Checking usersRegister parameters', { parameters: req.body })
+
+ checkErrors(req, res, () => {
+ checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
})
}
logger.debug('Checking usersRemove parameters', { parameters: req.params })
checkErrors(req, res, () => {
- db.User.loadById(req.params.id)
- .then(user => {
- if (!user) return res.status(404).send('User not found')
+ checkUserExists(req.params.id, res, (err, user) => {
+ if (err) {
+ logger.error('Error in usersRemoveValidator.', err)
+ return res.sendStatus(500)
+ }
- if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
+ if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
- next()
- })
- .catch(err => {
- logger.error('Error in usersRemove request validator.', err)
- return res.sendStatus(500)
- })
+ next()
+ })
})
}
req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
- logger.debug('Checking usersUpdate parameters', { parameters: req.body })
+ logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
checkErrors(req, res, next)
}
export {
usersAddValidator,
+ usersRegisterValidator,
usersRemoveValidator,
usersUpdateValidator,
usersUpdateMeValidator,
// ---------------------------------------------------------------------------
-function checkUserExists (id: number, res: express.Response, callback: () => void) {
+function checkUserExists (id: number, res: express.Response, callback: (err: Error, user: UserInstance) => void) {
db.User.loadById(id)
.then(user => {
if (!user) return res.status(404).send('User not found')
res.locals.user = user
- callback()
+ callback(null, user)
})
.catch(err => {
logger.error('Error in user request validator.', err)
return res.sendStatus(500)
})
}
+
+function checkUserDoesNotAlreadyExist (username: string, email: string, res: express.Response, callback: () => void) {
+ db.User.loadByUsernameOrEmail(username, email)
+ .then(user => {
+ if (user) return res.status(409).send('User already exists.')
+
+ callback()
+ })
+ .catch(err => {
+ logger.error('Error in usersAdd request validator.', err)
+ return res.sendStatus(500)
+ })
+}
const username = 'user1'
const password = 'my super password'
- await createUser(server.url, server.accessToken, username, password)
+ const videoQuota = 42000000
+ await createUser(server.url, server.accessToken, username, password, videoQuota)
const videoAttributes = {}
await uploadVideo(server.url, server.accessToken, videoAttributes)
const fields = {
username: 'ji',
email: 'test@example.com',
- password: 'my_super_password'
+ password: 'my_super_password',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
const fields = {
username: 'my_super_username_which_is_very_long',
email: 'test@example.com',
- password: 'my_super_password'
+ password: 'my_super_password',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
const fields = {
username: 'my username',
email: 'test@example.com',
- password: 'my_super_password'
+ password: 'my_super_password',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
it('Should fail with a missing email', async function () {
const fields = {
username: 'ji',
- password: 'my_super_password'
+ password: 'my_super_password',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
const fields = {
username: 'my_super_username_which_is_very_long',
email: 'test_example.com',
- password: 'my_super_password'
+ password: 'my_super_password',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
const fields = {
username: 'my_username',
email: 'test@example.com',
- password: 'bla'
+ password: 'bla',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
email: 'test@example.com',
password: 'my super long password which is very very very very very very very very very very very very very very' +
'very very very very very very very very very very very very very very very veryv very very very very' +
- 'very very very very very very very very very very very very very very very very very very very very long'
+ 'very very very very very very very very very very very very very very very very very very very very long',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
const fields = {
username: 'my_username',
email: 'test@example.com',
- password: 'my super password'
+ password: 'my super password',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
const fields = {
username: 'user1',
email: 'test@example.com',
- password: 'my super password'
+ password: 'my super password',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
const fields = {
username: 'my_username',
email: 'user1@example.com',
- password: 'my super password'
+ password: 'my super password',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
})
+ it('Should fail without a videoQuota', async function () {
+ const fields = {
+ username: 'my_username',
+ email: 'user1@example.com',
+ password: 'my super password'
+ }
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail with an invalid videoQuota', async function () {
+ const fields = {
+ username: 'my_username',
+ email: 'user1@example.com',
+ password: 'my super password',
+ videoQuota: -5
+ }
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
it('Should succeed with the correct params', async function () {
const fields = {
username: 'user2',
email: 'test@example.com',
- password: 'my super password'
+ password: 'my super password',
+ videoQuota: -1
}
await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
const fields = {
username: 'user3',
email: 'test@example.com',
- password: 'my super password'
+ password: 'my super password',
+ videoQuota: 42000000
}
await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: 403 })
})
})
- describe('When updating a user', function () {
- before(async function () {
- const res = await getUsersList(server.url)
+ describe('When updating my account', function () {
+ it('Should fail with an invalid email attribute', async function () {
+ const fields = {
+ email: 'blabla'
+ }
- userId = res.body.data[1].id
- rootId = res.body.data[2].id
+ await makePutBodyRequest({ url: server.url, path: path + 'me', token: server.accessToken, fields })
})
it('Should fail with a too small password', async function () {
password: 'bla'
}
- await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields })
+ await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
})
it('Should fail with a too long password', async function () {
'very very very very very very very very very very very very very very very very very very very very long'
}
- await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields })
+ await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
})
it('Should fail with an invalid display NSFW attribute', async function () {
displayNSFW: -1
}
- await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields })
+ await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields })
})
it('Should fail with an non authenticated user', async function () {
password: 'my super password'
}
- await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
+ await makePutBodyRequest({ url: server.url, path: path + 'me', token: 'super token', fields, statusCodeExpected: 401 })
})
it('Should succeed with the correct params', async function () {
const fields = {
password: 'my super password',
- displayNSFW: true
+ displayNSFW: true,
+ email: 'super_email@example.com'
}
- await makePutBodyRequest({ url: server.url, path: path + userId, token: userAccessToken, fields, statusCodeExpected: 204 })
+ await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 })
+ })
+ })
+
+ describe('When updating a user', function () {
+
+ before(async function () {
+ const res = await getUsersList(server.url)
+
+ userId = res.body.data[1].id
+ rootId = res.body.data[2].id
+ })
+
+ it('Should fail with an invalid email attribute', async function () {
+ const fields = {
+ email: 'blabla'
+ }
+
+ await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+ })
+
+ it('Should fail with an invalid videoQuota attribute', async function () {
+ const fields = {
+ videoQuota: -90
+ }
+
+ await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
+ })
+
+ it('Should fail with an non authenticated user', async function () {
+ const fields = {
+ videoQuota: 42
+ }
+
+ await makePutBodyRequest({ url: server.url, path: path + userId, token: 'super token', fields, statusCodeExpected: 401 })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ const fields = {
+ email: 'email@example.com',
+ videoQuota: 42
+ }
+
+ await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
})
})
})
})
+ describe('When having a video quota', function () {
+ it('Should fail with a user having too many video', async function () {
+ const fields = {
+ videoQuota: 42
+ }
+
+ await makePutBodyRequest({ url: server.url, path: path + rootId, token: server.accessToken, fields, statusCodeExpected: 204 })
+
+ const videoAttributes = {}
+ await uploadVideo(server.url, server.accessToken, videoAttributes, 403)
+ })
+
+ it('Should fail with a registered user having too many video', async function () {
+ this.timeout(10000)
+
+ server.user = {
+ username: 'user3',
+ email: 'test3@example.com',
+ password: 'my super password'
+ }
+ userAccessToken = await loginAndGetAccessToken(server)
+
+ const videoAttributes = { fixture: 'video_short2.webm' }
+ await uploadVideo(server.url, userAccessToken, videoAttributes)
+ await uploadVideo(server.url, userAccessToken, videoAttributes)
+ await uploadVideo(server.url, userAccessToken, videoAttributes)
+ await uploadVideo(server.url, userAccessToken, videoAttributes)
+ await uploadVideo(server.url, userAccessToken, videoAttributes)
+ await uploadVideo(server.url, userAccessToken, videoAttributes, 403)
+ })
+ })
+
after(async function () {
killallServers([ server, serverWithRegistrationDisabled ])
projects / oweals / peertube.git / commitdiff