diff --git a/client/src/app/shared/users/user.service.ts b/client/src/app/shared/users/user.service.ts
index e6dc3dbf8..249c589b7 100644
--- a/client/src/app/shared/users/user.service.ts
+++ b/client/src/app/shared/users/user.service.ts
@@ -94,4 +94,27 @@ export class UserService {
catchError(res => this.restExtractor.handleError(res))
)
}
+
+ verifyEmail (userId: number, verificationString: string) {
+ const url = `${UserService.BASE_USERS_URL}/${userId}/verify-email`
+ const body = {
+ verificationString
+ }
+
+ return this.authHttp.post(url, body)
+ .pipe(
+ map(this.restExtractor.extractDataBool),
+ catchError(res => this.restExtractor.handleError(res))
+ )
+ }
+
+ askSendVerifyEmail (email: string) {
+ const url = UserService.BASE_USERS_URL + '/ask-send-verify-email'
+
+ return this.authHttp.post(url, { email })
+ .pipe(
+ map(this.restExtractor.extractDataBool),
+ catchError(err => this.restExtractor.handleError(err))
+ )
+ }
}
diff --git a/client/src/app/signup/signup.component.ts b/client/src/app/signup/signup.component.ts
index 47f9bc6f4..16e444678 100644
--- a/client/src/app/signup/signup.component.ts
+++ b/client/src/app/signup/signup.component.ts
@@ -3,7 +3,7 @@ import { Router } from '@angular/router'
import { NotificationsService } from 'angular2-notifications'
import { UserCreate } from '../../../../shared'
import { FormReactive, UserService, UserValidatorsService } from '../shared'
-import { RedirectService } from '@app/core'
+import { RedirectService, ServerService } from '@app/core'
import { I18n } from '@ngx-translate/i18n-polyfill'
import { FormValidatorService } from '@app/shared/forms/form-validators/form-validator.service'
@@ -21,6 +21,7 @@ export class SignupComponent extends FormReactive implements OnInit {
private router: Router,
private notificationsService: NotificationsService,
private userService: UserService,
+ private serverService: ServerService,
private redirectService: RedirectService,
private i18n: I18n
) {
@@ -31,6 +32,10 @@ export class SignupComponent extends FormReactive implements OnInit {
return window.location.host
}
+ get requiresEmailVerification () {
+ return this.serverService.getConfig().signup.requiresEmailVerification
+ }
+
ngOnInit () {
this.buildForm({
username: this.userValidatorsService.USER_USERNAME,
@@ -47,10 +52,17 @@ export class SignupComponent extends FormReactive implements OnInit {
this.userService.signup(userCreate).subscribe(
() => {
- this.notificationsService.success(
- this.i18n('Success'),
- this.i18n('Registration for {{username}} complete.', { username: userCreate.username })
- )
+ if (this.requiresEmailVerification) {
+ this.notificationsService.alert(
+ this.i18n('Welcome'),
+ this.i18n('Please check your email to verify your account and complete signup.')
+ )
+ } else {
+ this.notificationsService.success(
+ this.i18n('Success'),
+ this.i18n('Registration for {{username}} complete.', { username: userCreate.username })
+ )
+ }
this.redirectService.redirectToHomepage()
},
diff --git a/config/default.yaml b/config/default.yaml
index 7799ea927..ef63fbd28 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -74,6 +74,7 @@ admin:
signup:
enabled: false
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
+ requires_email_verification: false
filters:
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
whitelist: []
diff --git a/config/production.yaml.example b/config/production.yaml.example
index 33a26dec1..f7b153698 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -87,6 +87,7 @@ admin:
signup:
enabled: false
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
+ requires_email_verification: false
filters:
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
whitelist: []
diff --git a/config/test.yaml b/config/test.yaml
index 879b6bdd4..6a8e47aac 100644
--- a/config/test.yaml
+++ b/config/test.yaml
@@ -29,6 +29,7 @@ cache:
signup:
enabled: true
+ requires_email_verification: false
transcoding:
enabled: true
diff --git a/server/controllers/api/config.ts b/server/controllers/api/config.ts
index 25ddd1fa6..6edbe4820 100644
--- a/server/controllers/api/config.ts
+++ b/server/controllers/api/config.ts
@@ -60,7 +60,8 @@ async function getConfig (req: express.Request, res: express.Response, next: exp
serverVersion: packageJSON.version,
signup: {
allowed,
- allowedForCurrentIP
+ allowedForCurrentIP,
+ requiresEmailVerification: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION
},
transcoding: {
enabledResolutions
@@ -159,12 +160,20 @@ async function updateCustomConfig (req: express.Request, res: express.Response,
toUpdate.transcoding.threads = parseInt('' + toUpdate.transcoding.threads, 10)
// camelCase to snake_case key
- const toUpdateJSON = omit(toUpdate, 'user.videoQuota', 'instance.defaultClientRoute', 'instance.shortDescription', 'cache.videoCaptions')
+ const toUpdateJSON = omit(
+ toUpdate,
+ 'user.videoQuota',
+ 'instance.defaultClientRoute',
+ 'instance.shortDescription',
+ 'cache.videoCaptions',
+ 'signup.requiresEmailVerification'
+ )
toUpdateJSON.user['video_quota'] = toUpdate.user.videoQuota
toUpdateJSON.user['video_quota_daily'] = toUpdate.user.videoQuotaDaily
toUpdateJSON.instance['default_client_route'] = toUpdate.instance.defaultClientRoute
toUpdateJSON.instance['short_description'] = toUpdate.instance.shortDescription
toUpdateJSON.instance['default_nsfw_policy'] = toUpdate.instance.defaultNSFWPolicy
+ toUpdateJSON.signup['requires_email_verification'] = toUpdate.signup.requiresEmailVerification
await writeJSON(CONFIG.CUSTOM_FILE, toUpdateJSON, { spaces: 2 })
@@ -220,7 +229,8 @@ function customConfig (): CustomConfig {
},
signup: {
enabled: CONFIG.SIGNUP.ENABLED,
- limit: CONFIG.SIGNUP.LIMIT
+ limit: CONFIG.SIGNUP.LIMIT,
+ requiresEmailVerification: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION
},
admin: {
email: CONFIG.ADMIN.EMAIL
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 25d51ae5e..008c34ca4 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -25,7 +25,10 @@ import {
usersSortValidator,
usersUpdateValidator
} from '../../../middlewares'
-import { usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator } from '../../../middlewares/validators'
+import {
+ usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator,
+ usersAskSendVerifyEmailValidator, usersVerifyEmailValidator
+} from '../../../middlewares/validators'
import { UserModel } from '../../../models/account/user'
import { OAuthTokenModel } from '../../../models/oauth/oauth-token'
import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
@@ -110,6 +113,17 @@ usersRouter.post('/:id/reset-password',
asyncMiddleware(resetUserPassword)
)
+usersRouter.post('/ask-send-verify-email',
+ loginRateLimiter,
+ asyncMiddleware(usersAskSendVerifyEmailValidator),
+ asyncMiddleware(askSendVerifyUserEmail)
+)
+
+usersRouter.post('/:id/verify-email',
+ asyncMiddleware(usersVerifyEmailValidator),
+ asyncMiddleware(verifyUserEmail)
+)
+
usersRouter.post('/token',
loginRateLimiter,
token,
@@ -165,7 +179,8 @@ async function registerUser (req: express.Request, res: express.Response) {
autoPlayVideo: true,
role: UserRole.USER,
videoQuota: CONFIG.USER.VIDEO_QUOTA,
- videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY
+ videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY,
+ emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
})
const { user } = await createUserAccountAndChannel(userToCreate)
@@ -173,6 +188,10 @@ async function registerUser (req: express.Request, res: express.Response) {
auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
logger.info('User %s with its channel and account registered.', body.username)
+ if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
+ await sendVerifyUserEmail(user)
+ }
+
return res.type('json').status(204).end()
}
@@ -261,6 +280,30 @@ async function resetUserPassword (req: express.Request, res: express.Response, n
return res.status(204).end()
}
+async function sendVerifyUserEmail (user: UserModel) {
+ const verificationString = await Redis.Instance.setVerifyEmailVerificationString(user.id)
+ const url = CONFIG.WEBSERVER.URL + '/verify-account/email?userId=' + user.id + '&verificationString=' + verificationString
+ await Emailer.Instance.addVerifyEmailJob(user.email, url)
+ return
+}
+
+async function askSendVerifyUserEmail (req: express.Request, res: express.Response, next: express.NextFunction) {
+ const user = res.locals.user as UserModel
+
+ await sendVerifyUserEmail(user)
+
+ return res.status(204).end()
+}
+
+async function verifyUserEmail (req: express.Request, res: express.Response, next: express.NextFunction) {
+ const user = res.locals.user as UserModel
+ user.emailVerified = true
+
+ await user.save()
+
+ return res.status(204).end()
+}
+
function success (req: express.Request, res: express.Response, next: express.NextFunction) {
res.end()
}
diff --git a/server/helpers/audit-logger.ts b/server/helpers/audit-logger.ts
index db20df20f..7db72b69c 100644
--- a/server/helpers/audit-logger.ts
+++ b/server/helpers/audit-logger.ts
@@ -234,6 +234,7 @@ const customConfigKeysToKeep = [
'cache-captions-size',
'signup-enabled',
'signup-limit',
+ 'signup-requiresEmailVerification',
'admin-email',
'user-videoQuota',
'transcoding-enabled',
diff --git a/server/helpers/custom-validators/users.ts b/server/helpers/custom-validators/users.ts
index 8d6247e41..90fc74a48 100644
--- a/server/helpers/custom-validators/users.ts
+++ b/server/helpers/custom-validators/users.ts
@@ -33,6 +33,10 @@ function isUserDescriptionValid (value: string) {
return value === null || (exists(value) && validator.isLength(value, CONSTRAINTS_FIELDS.USERS.DESCRIPTION))
}
+function isUserEmailVerifiedValid (value: any) {
+ return isBooleanValid(value)
+}
+
const nsfwPolicies = values(NSFW_POLICY_TYPES)
function isUserNSFWPolicyValid (value: any) {
return exists(value) && nsfwPolicies.indexOf(value) !== -1
@@ -72,6 +76,7 @@ export {
isUserVideoQuotaValid,
isUserVideoQuotaDailyValid,
isUserUsernameValid,
+ isUserEmailVerifiedValid,
isUserNSFWPolicyValid,
isUserAutoPlayVideoValid,
isUserDisplayNameValid,
diff --git a/server/initializers/checker.ts b/server/initializers/checker.ts
index 916e9067e..ee02ecf48 100644
--- a/server/initializers/checker.ts
+++ b/server/initializers/checker.ts
@@ -49,7 +49,8 @@ function checkMissedConfig () {
'log.level',
'user.video_quota', 'user.video_quota_daily',
'cache.previews.size', 'admin.email',
- 'signup.enabled', 'signup.limit', 'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',
+ 'signup.enabled', 'signup.limit', 'signup.requires_email_verification',
+ 'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',
'transcoding.enabled', 'transcoding.threads',
'import.videos.http.enabled',
'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route',
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 2d9a2e670..5d93c6b82 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -15,7 +15,7 @@ let config: IConfig = require('config')
// ---------------------------------------------------------------------------
-const LAST_MIGRATION_VERSION = 260
+const LAST_MIGRATION_VERSION = 265
// ---------------------------------------------------------------------------
@@ -204,6 +204,7 @@ const CONFIG = {
SIGNUP: {
get ENABLED () { return config.get
('signup.enabled') },
get LIMIT () { return config.get('signup.limit') },
+ get REQUIRES_EMAIL_VERIFICATION () { return config.get('signup.requires_email_verification') },
FILTERS: {
CIDR: {
get WHITELIST () { return config.get('signup.filters.cidr.whitelist') },
@@ -500,6 +501,8 @@ const BCRYPT_SALT_SIZE = 10
const USER_PASSWORD_RESET_LIFETIME = 60000 * 5 // 5 minutes
+const USER_EMAIL_VERIFY_LIFETIME = 60000 * 60 // 60 minutes
+
const NSFW_POLICY_TYPES: { [ id: string]: NSFWPolicyType } = {
DO_NOT_LIST: 'do_not_list',
BLUR: 'blur',
@@ -661,6 +664,7 @@ export {
VIDEO_ABUSE_STATES,
JOB_REQUEST_TIMEOUT,
USER_PASSWORD_RESET_LIFETIME,
+ USER_EMAIL_VERIFY_LIFETIME,
IMAGE_MIMETYPE_EXT,
SCHEDULER_INTERVALS_MS,
REPEAT_JOBS,
diff --git a/server/initializers/installer.ts b/server/initializers/installer.ts
index d4aaec8fe..818bb04a2 100644
--- a/server/initializers/installer.ts
+++ b/server/initializers/installer.ts
@@ -122,6 +122,7 @@ async function createOAuthAdminIfNotExist () {
email,
password,
role,
+ verified: true,
nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
videoQuota: -1,
videoQuotaDaily: -1
diff --git a/server/initializers/migrations/0265-user-email-verified.ts b/server/initializers/migrations/0265-user-email-verified.ts
new file mode 100644
index 000000000..59dfdad2b
--- /dev/null
+++ b/server/initializers/migrations/0265-user-email-verified.ts
@@ -0,0 +1,24 @@
+import * as Sequelize from 'sequelize'
+
+async function up (utils: {
+ transaction: Sequelize.Transaction
+ queryInterface: Sequelize.QueryInterface
+ sequelize: Sequelize.Sequelize
+}): Promise {
+ {
+ const data = {
+ type: Sequelize.BOOLEAN,
+ allowNull: true,
+ defaultValue: null
+ }
+
+ await utils.queryInterface.addColumn('user', 'emailVerified', data)
+ }
+
+}
+
+function down (options) {
+ throw new Error('Not implemented.')
+}
+
+export { up, down }
diff --git a/server/lib/emailer.ts b/server/lib/emailer.ts
index bf8e5b6c3..9327792fb 100644
--- a/server/lib/emailer.ts
+++ b/server/lib/emailer.ts
@@ -89,6 +89,23 @@ class Emailer {
return JobQueue.Instance.createJob({ type: 'email', payload: emailPayload })
}
+ addVerifyEmailJob (to: string, verifyEmailUrl: string) {
+ const text = `Welcome to PeerTube,\n\n` +
+ `To start using PeerTube on ${CONFIG.WEBSERVER.HOST} you must verify your email! ` +
+ `Please follow this link to verify this email belongs to you: ${verifyEmailUrl}\n\n` +
+ `If you are not the person who initiated this request, please ignore this email.\n\n` +
+ `Cheers,\n` +
+ `PeerTube.`
+
+ const emailPayload: EmailPayload = {
+ to: [ to ],
+ subject: 'Verify your PeerTube email',
+ text
+ }
+
+ return JobQueue.Instance.createJob({ type: 'email', payload: emailPayload })
+ }
+
async addVideoAbuseReportJob (videoId: number) {
const video = await VideoModel.load(videoId)
if (!video) throw new Error('Unknown Video id during Abuse report.')
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts
index 09eaf75d1..2f8667e19 100644
--- a/server/lib/oauth-model.ts
+++ b/server/lib/oauth-model.ts
@@ -3,6 +3,7 @@ import { logger } from '../helpers/logger'
import { UserModel } from '../models/account/user'
import { OAuthClientModel } from '../models/oauth/oauth-client'
import { OAuthTokenModel } from '../models/oauth/oauth-token'
+import { CONFIG } from '../initializers/constants'
type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date }
@@ -37,6 +38,10 @@ async function getUser (usernameOrEmail: string, password: string) {
if (user.blocked) throw new AccessDeniedError('User is blocked.')
+ if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) {
+ throw new AccessDeniedError('User email is not verified.')
+ }
+
return user
}
diff --git a/server/lib/redis.ts b/server/lib/redis.ts
index 0b4b41e4e..e4e435659 100644
--- a/server/lib/redis.ts
+++ b/server/lib/redis.ts
@@ -2,7 +2,7 @@ import * as express from 'express'
import { createClient, RedisClient } from 'redis'
import { logger } from '../helpers/logger'
import { generateRandomString } from '../helpers/utils'
-import { CONFIG, USER_PASSWORD_RESET_LIFETIME, VIDEO_VIEW_LIFETIME } from '../initializers'
+import { CONFIG, USER_PASSWORD_RESET_LIFETIME, USER_EMAIL_VERIFY_LIFETIME, VIDEO_VIEW_LIFETIME } from '../initializers'
type CachedRoute = {
body: string,
@@ -60,6 +60,18 @@ class Redis {
return this.getValue(this.generateResetPasswordKey(userId))
}
+ async setVerifyEmailVerificationString (userId: number) {
+ const generatedString = await generateRandomString(32)
+
+ await this.setValue(this.generateVerifyEmailKey(userId), generatedString, USER_EMAIL_VERIFY_LIFETIME)
+
+ return generatedString
+ }
+
+ async getVerifyEmailLink (userId: number) {
+ return this.getValue(this.generateVerifyEmailKey(userId))
+ }
+
setIPVideoView (ip: string, videoUUID: string) {
return this.setValue(this.buildViewKey(ip, videoUUID), '1', VIDEO_VIEW_LIFETIME)
}
@@ -135,6 +147,10 @@ class Redis {
return 'reset-password-' + userId
}
+ generateVerifyEmailKey (userId: number) {
+ return 'verify-email-' + userId
+ }
+
buildViewKey (ip: string, videoUUID: string) {
return videoUUID + '-' + ip
}
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 6c5e783e9..a595c39ec 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -248,6 +248,48 @@ const usersResetPasswordValidator = [
}
]
+const usersAskSendVerifyEmailValidator = [
+ body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking askUsersSendVerifyEmail parameters', { parameters: req.body })
+
+ if (areValidationErrors(req, res)) return
+ const exists = await checkUserEmailExist(req.body.email, res, false)
+ if (!exists) {
+ logger.debug('User with email %s does not exist (asking verify email).', req.body.email)
+ // Do not leak our emails
+ return res.status(204).end()
+ }
+
+ return next()
+ }
+]
+
+const usersVerifyEmailValidator = [
+ param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+ body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersVerifyEmail parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+ if (!await checkUserIdExist(req.params.id, res)) return
+
+ const user = res.locals.user as UserModel
+ const redisVerificationString = await Redis.Instance.getVerifyEmailLink(user.id)
+
+ if (redisVerificationString !== req.body.verificationString) {
+ return res
+ .status(403)
+ .send({ error: 'Invalid verification string.' })
+ .end()
+ }
+
+ return next()
+ }
+]
+
// ---------------------------------------------------------------------------
export {
@@ -263,7 +305,9 @@ export {
ensureUserRegistrationAllowedForIP,
usersGetValidator,
usersAskResetPasswordValidator,
- usersResetPasswordValidator
+ usersResetPasswordValidator,
+ usersAskSendVerifyEmailValidator,
+ usersVerifyEmailValidator
}
// ---------------------------------------------------------------------------
diff --git a/server/models/account/user.ts b/server/models/account/user.ts
index bae683b12..89265774b 100644
--- a/server/models/account/user.ts
+++ b/server/models/account/user.ts
@@ -24,6 +24,7 @@ import {
isUserBlockedReasonValid,
isUserBlockedValid,
isUserNSFWPolicyValid,
+ isUserEmailVerifiedValid,
isUserPasswordValid,
isUserRoleValid,
isUserUsernameValid,
@@ -92,6 +93,12 @@ export class UserModel extends Model {
@Column(DataType.STRING(400))
email: string
+ @AllowNull(true)
+ @Default(null)
+ @Is('UserEmailVerified', value => throwIfNotValid(value, isUserEmailVerifiedValid, 'email verified boolean'))
+ @Column
+ emailVerified: boolean
+
@AllowNull(false)
@Is('UserNSFWPolicy', value => throwIfNotValid(value, isUserNSFWPolicyValid, 'NSFW policy'))
@Column(DataType.ENUM(values(NSFW_POLICY_TYPES)))
@@ -304,6 +311,7 @@ export class UserModel extends Model {
id: this.id,
username: this.username,
email: this.email,
+ emailVerified: this.emailVerified,
nsfwPolicy: this.nsfwPolicy,
autoPlayVideo: this.autoPlayVideo,
role: this.role,
diff --git a/server/tests/api/check-params/config.ts b/server/tests/api/check-params/config.ts
index ecfb76d47..d807f910b 100644
--- a/server/tests/api/check-params/config.ts
+++ b/server/tests/api/check-params/config.ts
@@ -42,7 +42,8 @@ describe('Test config API validators', function () {
},
signup: {
enabled: false,
- limit: 5
+ limit: 5,
+ requiresEmailVerification: false
},
admin: {
email: 'superadmin1@example.com'
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index 8b2ed1b04..95903c8a5 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -737,6 +737,28 @@ describe('Test users API validators', function () {
})
})
+ describe('When asking for an account verification email', function () {
+ const path = '/api/v1/users/ask-send-verify-email'
+
+ it('Should fail with a missing email', async function () {
+ const fields = {}
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should fail with an invalid email', async function () {
+ const fields = { email: 'hello' }
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ const fields = { email: 'admin@example.com' }
+
+ await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
+ })
+ })
+
after(async function () {
killallServers([ server, serverWithRegistrationDisabled ])
diff --git a/server/tests/api/server/config.ts b/server/tests/api/server/config.ts
index ece4118a6..facd1688d 100644
--- a/server/tests/api/server/config.ts
+++ b/server/tests/api/server/config.ts
@@ -35,6 +35,7 @@ function checkInitialConfig (data: CustomConfig) {
expect(data.cache.captions.size).to.equal(1)
expect(data.signup.enabled).to.be.true
expect(data.signup.limit).to.equal(4)
+ expect(data.signup.requiresEmailVerification).to.be.false
expect(data.admin.email).to.equal('admin1@example.com')
expect(data.user.videoQuota).to.equal(5242880)
expect(data.user.videoQuotaDaily).to.equal(-1)
@@ -64,6 +65,7 @@ function checkUpdatedConfig (data: CustomConfig) {
expect(data.cache.captions.size).to.equal(3)
expect(data.signup.enabled).to.be.false
expect(data.signup.limit).to.equal(5)
+ expect(data.signup.requiresEmailVerification).to.be.true
expect(data.admin.email).to.equal('superadmin1@example.com')
expect(data.user.videoQuota).to.equal(5242881)
expect(data.user.videoQuotaDaily).to.equal(318742)
@@ -148,7 +150,8 @@ describe('Test config', function () {
},
signup: {
enabled: false,
- limit: 5
+ limit: 5,
+ requiresEmailVerification: true
},
admin: {
email: 'superadmin1@example.com'
diff --git a/server/tests/api/server/email.ts b/server/tests/api/server/email.ts
index db937f288..713a27143 100644
--- a/server/tests/api/server/email.ts
+++ b/server/tests/api/server/email.ts
@@ -5,6 +5,7 @@ import 'mocha'
import {
addVideoToBlacklist,
askResetPassword,
+ askSendVerifyEmail,
blockUser,
createUser, removeVideoFromBlacklist,
reportVideoAbuse,
@@ -12,7 +13,8 @@ import {
runServer,
unblockUser,
uploadVideo,
- userLogin
+ userLogin,
+ verifyEmail
} from '../../utils'
import { flushTests, killallServers, ServerInfo, setAccessTokensToServers } from '../../utils/index'
import { mockSmtpServer } from '../../utils/miscs/email'
@@ -207,6 +209,44 @@ describe('Test emails', function () {
})
})
+ describe('When verifying a user email', function () {
+
+ it('Should ask to send the verification email', async function () {
+ this.timeout(10000)
+
+ await askSendVerifyEmail(server.url, 'user_1@example.com')
+
+ await waitJobs(server)
+ expect(emails).to.have.lengthOf(7)
+
+ const email = emails[6]
+
+ expect(email['from'][0]['address']).equal('test-admin@localhost')
+ expect(email['to'][0]['address']).equal('user_1@example.com')
+ expect(email['subject']).contains('Verify')
+
+ const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
+ expect(verificationStringMatches).not.to.be.null
+
+ verificationString = verificationStringMatches[1]
+ expect(verificationString).to.not.be.undefined
+ expect(verificationString).to.have.length.above(2)
+
+ const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
+ expect(userIdMatches).not.to.be.null
+
+ userId = parseInt(userIdMatches[1], 10)
+ })
+
+ it('Should not verify the email with an invalid verification string', async function () {
+ await verifyEmail(server.url, userId, verificationString + 'b', 403)
+ })
+
+ it('Should verify the email', async function () {
+ await verifyEmail(server.url, userId, verificationString)
+ })
+ })
+
after(async function () {
killallServers([ server ])
})
diff --git a/server/tests/api/users/index.ts b/server/tests/api/users/index.ts
index 4ce87fb91..21d75da3e 100644
--- a/server/tests/api/users/index.ts
+++ b/server/tests/api/users/index.ts
@@ -1,3 +1,4 @@
import './user-subscriptions'
import './users'
+import './users-verification'
import './users-multiple-servers'
diff --git a/server/tests/api/users/users-verification.ts b/server/tests/api/users/users-verification.ts
new file mode 100644
index 000000000..fa5f5e371
--- /dev/null
+++ b/server/tests/api/users/users-verification.ts
@@ -0,0 +1,133 @@
+/* tslint:disable:no-unused-expression */
+
+import * as chai from 'chai'
+import 'mocha'
+import {
+ registerUser, flushTests, getUserInformation, getMyUserInformation, killallServers,
+ userLogin, login, runServer, ServerInfo, verifyEmail, updateCustomSubConfig
+} from '../../utils'
+import { setAccessTokensToServers } from '../../utils/users/login'
+import { mockSmtpServer } from '../../utils/miscs/email'
+import { waitJobs } from '../../utils/server/jobs'
+
+const expect = chai.expect
+
+describe('Test users account verification', function () {
+ let server: ServerInfo
+ let userId: number
+ let verificationString: string
+ let expectedEmailsLength = 0
+ const user1 = {
+ username: 'user_1',
+ password: 'super password'
+ }
+ const user2 = {
+ username: 'user_2',
+ password: 'super password'
+ }
+ const emails: object[] = []
+
+ before(async function () {
+ this.timeout(30000)
+
+ await mockSmtpServer(emails)
+
+ await flushTests()
+
+ const overrideConfig = {
+ smtp: {
+ hostname: 'localhost'
+ }
+ }
+ server = await runServer(1, overrideConfig)
+
+ await setAccessTokensToServers([ server ])
+ })
+
+ it('Should register user and send verification email if verification required', async function () {
+ this.timeout(5000)
+ await updateCustomSubConfig(server.url, server.accessToken, {
+ signup: {
+ enabled: true,
+ requiresEmailVerification: true,
+ limit: 10
+ }
+ })
+
+ await registerUser(server.url, user1.username, user1.password)
+
+ await waitJobs(server)
+ expectedEmailsLength++
+ expect(emails).to.have.lengthOf(expectedEmailsLength)
+
+ const email = emails[expectedEmailsLength - 1]
+
+ const verificationStringMatches = /verificationString=([a-z0-9]+)/.exec(email['text'])
+ expect(verificationStringMatches).not.to.be.null
+
+ verificationString = verificationStringMatches[1]
+ expect(verificationString).to.have.length.above(2)
+
+ const userIdMatches = /userId=([0-9]+)/.exec(email['text'])
+ expect(userIdMatches).not.to.be.null
+
+ userId = parseInt(userIdMatches[1], 10)
+
+ const resUserInfo = await getUserInformation(server.url, server.accessToken, userId)
+ expect(resUserInfo.body.emailVerified).to.be.false
+ })
+
+ it('Should not allow login for user with unverified email', async function () {
+ const resLogin = await login(server.url, server.client, user1, 400)
+ expect(resLogin.body.error).to.contain('User email is not verified.')
+ })
+
+ it('Should verify the user via email and allow login', async function () {
+ await verifyEmail(server.url, userId, verificationString)
+ await login(server.url, server.client, user1)
+ const resUserVerified = await getUserInformation(server.url, server.accessToken, userId)
+ expect(resUserVerified.body.emailVerified).to.be.true
+ })
+
+ it('Should register user not requiring email verification if setting not enabled', async function () {
+ this.timeout(5000)
+ await updateCustomSubConfig(server.url, server.accessToken, {
+ signup: {
+ enabled: true,
+ requiresEmailVerification: false,
+ limit: 10
+ }
+ })
+
+ await registerUser(server.url, user2.username, user2.password)
+
+ await waitJobs(server)
+ expect(emails).to.have.lengthOf(expectedEmailsLength)
+
+ const accessToken = await userLogin(server, user2)
+
+ const resMyUserInfo = await getMyUserInformation(server.url, accessToken)
+ expect(resMyUserInfo.body.emailVerified).to.be.null
+ })
+
+ it('Should allow login for user with unverified email when setting later enabled', async function () {
+ await updateCustomSubConfig(server.url, server.accessToken, {
+ signup: {
+ enabled: true,
+ requiresEmailVerification: true,
+ limit: 10
+ }
+ })
+
+ await userLogin(server, user2)
+ })
+
+ after(async function () {
+ killallServers([ server ])
+
+ // Keep the logs if the test failed
+ if (this[ 'ok' ]) {
+ await flushTests()
+ }
+ })
+})
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index 04dcc8fd1..c0dd587ee 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -7,7 +7,7 @@ import {
createUser, flushTests, getBlacklistedVideosList, getMyUserInformation, getMyUserVideoQuotaUsed, getMyUserVideoRating,
getUserInformation, getUsersList, getUsersListPaginationAndSort, getVideosList, killallServers, login, makePutBodyRequest, rateVideo,
registerUser, removeUser, removeVideo, runServer, ServerInfo, testImage, updateMyAvatar, updateMyUser, updateUser, uploadVideo, userLogin,
- deleteMe, blockUser, unblockUser
+ deleteMe, blockUser, unblockUser, updateCustomSubConfig
} from '../../utils/index'
import { follow } from '../../utils/server/follows'
import { setAccessTokensToServers } from '../../utils/users/login'
diff --git a/server/tests/utils/server/config.ts b/server/tests/utils/server/config.ts
index 799c31ae5..b85e02ab7 100644
--- a/server/tests/utils/server/config.ts
+++ b/server/tests/utils/server/config.ts
@@ -74,7 +74,8 @@ function updateCustomSubConfig (url: string, token: string, newConfig: any) {
},
signup: {
enabled: false,
- limit: 5
+ limit: 5,
+ requiresEmailVerification: false
},
admin: {
email: 'superadmin1@example.com'
diff --git a/server/tests/utils/users/users.ts b/server/tests/utils/users/users.ts
index 5dba34b69..cd1b07701 100644
--- a/server/tests/utils/users/users.ts
+++ b/server/tests/utils/users/users.ts
@@ -246,6 +246,28 @@ function resetPassword (url: string, userId: number, verificationString: string,
})
}
+function askSendVerifyEmail (url: string, email: string) {
+ const path = '/api/v1/users/ask-send-verify-email'
+
+ return makePostBodyRequest({
+ url,
+ path,
+ fields: { email },
+ statusCodeExpected: 204
+ })
+}
+
+function verifyEmail (url: string, userId: number, verificationString: string, statusCodeExpected = 204) {
+ const path = '/api/v1/users/' + userId + '/verify-email'
+
+ return makePostBodyRequest({
+ url,
+ path,
+ fields: { verificationString },
+ statusCodeExpected
+ })
+}
+
// ---------------------------------------------------------------------------
export {
@@ -265,5 +287,7 @@ export {
unblockUser,
askResetPassword,
resetPassword,
- updateMyAvatar
+ updateMyAvatar,
+ askSendVerifyEmail,
+ verifyEmail
}
diff --git a/shared/models/server/custom-config.model.ts b/shared/models/server/custom-config.model.ts
index 2f5cebf7f..3afd36fcd 100644
--- a/shared/models/server/custom-config.model.ts
+++ b/shared/models/server/custom-config.model.ts
@@ -34,6 +34,7 @@ export interface CustomConfig {
signup: {
enabled: boolean
limit: number
+ requiresEmailVerification: boolean
}
admin: {
diff --git a/shared/models/server/server-config.model.ts b/shared/models/server/server-config.model.ts
index 9bbeb14d2..e0ff8c07d 100644
--- a/shared/models/server/server-config.model.ts
+++ b/shared/models/server/server-config.model.ts
@@ -16,7 +16,8 @@ export interface ServerConfig {
signup: {
allowed: boolean,
- allowedForCurrentIP: boolean
+ allowedForCurrentIP: boolean,
+ requiresEmailVerification: boolean
}
transcoding: {