[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / video-blacklist.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import { expect } from 'chai'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
import { HttpStatusCode, VideoBlacklistType } from '@shared/models'
import {
  BlacklistCommand,
  cleanupTests,
  createMultipleServers,
  doubleFollow,
  makePostBodyRequest,
  makePutBodyRequest,
  PeerTubeServer,
  setAccessTokensToServers,
  waitJobs
} from '@shared/server-commands'

describe('Test video blacklist API validators', function () {
  let servers: PeerTubeServer[]
  let notBlacklistedVideoId: string
  let remoteVideoUUID: string
  let userAccessToken1 = ''
  let userAccessToken2 = ''
  let command: BlacklistCommand

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(120000)

    servers = await createMultipleServers(2)

    await setAccessTokensToServers(servers)
    await doubleFollow(servers[0], servers[1])

    {
      const username = 'user1'
      const password = 'my super password'
      await servers[0].users.create({ username: username, password: password })
      userAccessToken1 = await servers[0].login.getAccessToken({ username, password })
    }

    {
      const username = 'user2'
      const password = 'my super password'
      await servers[0].users.create({ username: username, password: password })
      userAccessToken2 = await servers[0].login.getAccessToken({ username, password })
    }

    {
      servers[0].store.videoCreated = await servers[0].videos.upload({ token: userAccessToken1 })
    }

    {
      const { uuid } = await servers[0].videos.upload()
      notBlacklistedVideoId = uuid
    }

    {
      const { uuid } = await servers[1].videos.upload()
      remoteVideoUUID = uuid
    }

    await waitJobs(servers)

    command = servers[0].blacklist
  })

  describe('When adding a video in blacklist', function () {
    const basePath = '/api/v1/videos/'

    it('Should fail with nothing', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should fail with a wrong video', async function () {
      const wrongPath = '/api/v1/videos/blabla/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
    })

    it('Should fail with a non authenticated user', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: userAccessToken2,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an invalid reason', async function () {
      const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
      const fields = { reason: 'a'.repeat(305) }

      await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should fail to unfederate a remote video', async function () {
      const path = basePath + remoteVideoUUID + '/blacklist'
      const fields = { unfederate: true }

      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should succeed with the correct params', async function () {
      const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
      const fields = {}

      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When updating a video in blacklist', function () {
    const basePath = '/api/v1/videos/'

    it('Should fail with a wrong video', async function () {
      const wrongPath = '/api/v1/videos/blabla/blacklist'
      const fields = {}
      await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
    })

    it('Should fail with a video not blacklisted', async function () {
      const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
      const fields = {}
      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a non authenticated user', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: userAccessToken2,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an invalid reason', async function () {
      const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
      const fields = { reason: 'a'.repeat(305) }

      await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should succeed with the correct params', async function () {
      const path = basePath + servers[0].store.videoCreated.shortUUID + '/blacklist'
      const fields = { reason: 'hello' }

      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When getting blacklisted video', function () {

    it('Should fail with a non authenticated user', async function () {
      await servers[0].videos.get({ id: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with another user', async function () {
      await servers[0].videos.getWithToken({
        token: userAccessToken2,
        id: servers[0].store.videoCreated.uuid,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the owner authenticated user', async function () {
      const video = await servers[0].videos.getWithToken({ token: userAccessToken1, id: servers[0].store.videoCreated.uuid })
      expect(video.blacklisted).to.be.true
    })

    it('Should succeed with an admin', async function () {
      const video = servers[0].store.videoCreated

      for (const id of [ video.id, video.uuid, video.shortUUID ]) {
        const video = await servers[0].videos.getWithToken({ id, expectedStatus: HttpStatusCode.OK_200 })
        expect(video.blacklisted).to.be.true
      }
    })
  })

  describe('When removing a video in blacklist', function () {

    it('Should fail with a non authenticated user', async function () {
      await command.remove({
        token: 'fake token',
        videoId: servers[0].store.videoCreated.uuid,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with a non admin user', async function () {
      await command.remove({
        token: userAccessToken2,
        videoId: servers[0].store.videoCreated.uuid,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an incorrect id', async function () {
      await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    })

    it('Should fail with a not blacklisted video', async function () {
      // The video was not added to the blacklist so it should fail
      await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should succeed with the correct params', async function () {
      await command.remove({ videoId: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })
  })

  describe('When listing videos in blacklist', function () {
    const basePath = '/api/v1/videos/blacklist/'

    it('Should fail with a non authenticated user', async function () {
      await servers[0].blacklist.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      await servers[0].blacklist.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with an invalid type', async function () {
      await servers[0].blacklist.list({ type: 0, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    })

    it('Should succeed with the correct parameters', async function () {
      await servers[0].blacklist.list({ type: VideoBlacklistType.MANUAL })
    })
  })

  after(async function () {
    await cleanupTests(servers)
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
792dbaf0 GS	2
792dbaf0 GS	3	import 'mocha'
e3d15a6a	4	import { expect } from 'chai'
c55e3d72 C	5	import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
c55e3d72 C	6	import { HttpStatusCode, VideoBlacklistType } from '@shared/models'
792dbaf0	7	import {
e3d15a6a	8	BlacklistCommand,
7c3b7976	9	cleanupTests,
254d3579	10	createMultipleServers,
4c7e60bc	11	doubleFollow,
26b7305a C	12	makePostBodyRequest,
26b7305a C	13	makePutBodyRequest,
254d3579	14	PeerTubeServer,
26b7305a	15	setAccessTokensToServers,
a1587156	16	waitJobs
bf54587a	17	} from '@shared/server-commands'
792dbaf0 GS	18
792dbaf0 GS	19	describe('Test video blacklist API validators', function () {
254d3579	20	let servers: PeerTubeServer[]
d23dd9fb	21	let notBlacklistedVideoId: string
5abb9fbb	22	let remoteVideoUUID: string
e5e7f7fe C	23	let userAccessToken1 = ''
e5e7f7fe C	24	let userAccessToken2 = ''
e3d15a6a	25	let command: BlacklistCommand
792dbaf0 GS	26
	27	// ---------------------------------------------------------------
	28
	29	before(async function () {
	30	this.timeout(120000)
	31
254d3579	32	servers = await createMultipleServers(2)
792dbaf0	33
5abb9fbb C	34	await setAccessTokensToServers(servers)
5abb9fbb C	35	await doubleFollow(servers[0], servers[1])
792dbaf0	36
e5e7f7fe C	37	{
	38	const username = 'user1'
	39	const password = 'my super password'
89d241a7 C	40	await servers[0].users.create({ username: username, password: password })
89d241a7 C	41	userAccessToken1 = await servers[0].login.getAccessToken({ username, password })
e5e7f7fe	42	}
792dbaf0	43
26b7305a	44	{
e5e7f7fe C	45	const username = 'user2'
e5e7f7fe C	46	const password = 'my super password'
89d241a7 C	47	await servers[0].users.create({ username: username, password: password })
89d241a7 C	48	userAccessToken2 = await servers[0].login.getAccessToken({ username, password })
e5e7f7fe C	49	}
	50
	51	{
83903cb6	52	servers[0].store.videoCreated = await servers[0].videos.upload({ token: userAccessToken1 })
26b7305a C	53	}
	54
	55	{
89d241a7	56	const { uuid } = await servers[0].videos.upload()
d23dd9fb	57	notBlacklistedVideoId = uuid
26b7305a	58	}
5abb9fbb C	59
5abb9fbb C	60	{
89d241a7	61	const { uuid } = await servers[1].videos.upload()
d23dd9fb	62	remoteVideoUUID = uuid
5abb9fbb C	63	}
	64
	65	await waitJobs(servers)
e3d15a6a	66
89d241a7	67	command = servers[0].blacklist
792dbaf0 GS	68	})
	69
	70	describe('When adding a video in blacklist', function () {
	71	const basePath = '/api/v1/videos/'
	72
	73	it('Should fail with nothing', async function () {
83903cb6	74	const path = basePath + servers[0].store.videoCreated + '/blacklist'
792dbaf0	75	const fields = {}
5abb9fbb	76	await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
792dbaf0 GS	77	})
	78
	79	it('Should fail with a wrong video', async function () {
	80	const wrongPath = '/api/v1/videos/blabla/blacklist'
	81	const fields = {}
5abb9fbb	82	await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
792dbaf0 GS	83	})
	84
	85	it('Should fail with a non authenticated user', async function () {
83903cb6	86	const path = basePath + servers[0].store.videoCreated + '/blacklist'
11ba2ab3	87	const fields = {}
c0e8b12e	88	await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
792dbaf0 GS	89	})
	90
	91	it('Should fail with a non admin user', async function () {
83903cb6	92	const path = basePath + servers[0].store.videoCreated + '/blacklist'
11ba2ab3	93	const fields = {}
2d53be02 RK	94	await makePostBodyRequest({
	95	url: servers[0].url,
	96	path,
	97	token: userAccessToken2,
	98	fields,
c0e8b12e	99	expectedStatus: HttpStatusCode.FORBIDDEN_403
2d53be02	100	})
792dbaf0 GS	101	})
792dbaf0 GS	102
26b7305a	103	it('Should fail with an invalid reason', async function () {
83903cb6	104	const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
26b7305a C	105	const fields = { reason: 'a'.repeat(305) }
26b7305a C	106
5abb9fbb C	107	await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
	108	})
	109
	110	it('Should fail to unfederate a remote video', async function () {
	111	const path = basePath + remoteVideoUUID + '/blacklist'
	112	const fields = { unfederate: true }
	113
2d53be02 RK	114	await makePostBodyRequest({
	115	url: servers[0].url,
	116	path,
	117	token: servers[0].accessToken,
	118	fields,
c0e8b12e	119	expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02	120	})
26b7305a C	121	})
	122
	123	it('Should succeed with the correct params', async function () {
83903cb6	124	const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
a1587156	125	const fields = {}
26b7305a	126
2d53be02 RK	127	await makePostBodyRequest({
	128	url: servers[0].url,
	129	path,
	130	token: servers[0].accessToken,
	131	fields,
c0e8b12e	132	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	133	})
26b7305a C	134	})
	135	})
	136
	137	describe('When updating a video in blacklist', function () {
	138	const basePath = '/api/v1/videos/'
	139
	140	it('Should fail with a wrong video', async function () {
	141	const wrongPath = '/api/v1/videos/blabla/blacklist'
	142	const fields = {}
5abb9fbb	143	await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
26b7305a C	144	})
	145
	146	it('Should fail with a video not blacklisted', async function () {
	147	const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
	148	const fields = {}
2d53be02 RK	149	await makePutBodyRequest({
	150	url: servers[0].url,
	151	path,
	152	token: servers[0].accessToken,
	153	fields,
c0e8b12e	154	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	155	})
26b7305a C	156	})
	157
	158	it('Should fail with a non authenticated user', async function () {
83903cb6	159	const path = basePath + servers[0].store.videoCreated + '/blacklist'
26b7305a	160	const fields = {}
c0e8b12e	161	await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
26b7305a C	162	})
	163
	164	it('Should fail with a non admin user', async function () {
83903cb6	165	const path = basePath + servers[0].store.videoCreated + '/blacklist'
11ba2ab3	166	const fields = {}
2d53be02 RK	167	await makePutBodyRequest({
	168	url: servers[0].url,
	169	path,
	170	token: userAccessToken2,
	171	fields,
c0e8b12e	172	expectedStatus: HttpStatusCode.FORBIDDEN_403
2d53be02	173	})
26b7305a C	174	})
	175
	176	it('Should fail with an invalid reason', async function () {
83903cb6	177	const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
26b7305a C	178	const fields = { reason: 'a'.repeat(305) }
26b7305a C	179
5abb9fbb	180	await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
26b7305a C	181	})
	182
	183	it('Should succeed with the correct params', async function () {
83903cb6	184	const path = basePath + servers[0].store.videoCreated.shortUUID + '/blacklist'
26b7305a C	185	const fields = { reason: 'hello' }
26b7305a C	186
2d53be02 RK	187	await makePutBodyRequest({
	188	url: servers[0].url,
	189	path,
	190	token: servers[0].accessToken,
	191	fields,
c0e8b12e	192	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	193	})
792dbaf0 GS	194	})
	195	})
	196
e5e7f7fe C	197	describe('When getting blacklisted video', function () {
	198
	199	it('Should fail with a non authenticated user', async function () {
83903cb6	200	await servers[0].videos.get({ id: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
e5e7f7fe C	201	})
	202
	203	it('Should fail with another user', async function () {
89d241a7	204	await servers[0].videos.getWithToken({
d23dd9fb	205	token: userAccessToken2,
83903cb6	206	id: servers[0].store.videoCreated.uuid,
d23dd9fb C	207	expectedStatus: HttpStatusCode.FORBIDDEN_403
d23dd9fb C	208	})
e5e7f7fe C	209	})
	210
	211	it('Should succeed with the owner authenticated user', async function () {
83903cb6	212	const video = await servers[0].videos.getWithToken({ token: userAccessToken1, id: servers[0].store.videoCreated.uuid })
e5e7f7fe C	213	expect(video.blacklisted).to.be.true
	214	})
	215
	216	it('Should succeed with an admin', async function () {
83903cb6	217	const video = servers[0].store.videoCreated
e5e7f7fe	218
d4a8e7a6	219	for (const id of [ video.id, video.uuid, video.shortUUID ]) {
89d241a7	220	const video = await servers[0].videos.getWithToken({ id, expectedStatus: HttpStatusCode.OK_200 })
d4a8e7a6 C	221	expect(video.blacklisted).to.be.true
d4a8e7a6 C	222	}
e5e7f7fe C	223	})
	224	})
	225
792dbaf0	226	describe('When removing a video in blacklist', function () {
e3d15a6a	227
792dbaf0	228	it('Should fail with a non authenticated user', async function () {
83903cb6 C	229	await command.remove({
	230	token: 'fake token',
	231	videoId: servers[0].store.videoCreated.uuid,
	232	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	233	})
792dbaf0 GS	234	})
	235
	236	it('Should fail with a non admin user', async function () {
83903cb6 C	237	await command.remove({
	238	token: userAccessToken2,
	239	videoId: servers[0].store.videoCreated.uuid,
	240	expectedStatus: HttpStatusCode.FORBIDDEN_403
	241	})
792dbaf0 GS	242	})
	243
	244	it('Should fail with an incorrect id', async function () {
e3d15a6a	245	await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
792dbaf0 GS	246	})
	247
	248	it('Should fail with a not blacklisted video', async function () {
	249	// The video was not added to the blacklist so it should fail
e3d15a6a	250	await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
26b7305a C	251	})
	252
	253	it('Should succeed with the correct params', async function () {
83903cb6	254	await command.remove({ videoId: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
792dbaf0 GS	255	})
	256	})
	257
	258	describe('When listing videos in blacklist', function () {
35bf0c83	259	const basePath = '/api/v1/videos/blacklist/'
792dbaf0 GS	260
792dbaf0 GS	261	it('Should fail with a non authenticated user', async function () {
89d241a7	262	await servers[0].blacklist.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
792dbaf0 GS	263	})
	264
	265	it('Should fail with a non admin user', async function () {
89d241a7	266	await servers[0].blacklist.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
792dbaf0 GS	267	})
	268
	269	it('Should fail with a bad start pagination', async function () {
5abb9fbb	270	await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
792dbaf0 GS	271	})
	272
	273	it('Should fail with a bad count pagination', async function () {
5abb9fbb	274	await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
792dbaf0 GS	275	})
	276
	277	it('Should fail with an incorrect sort', async function () {
5abb9fbb	278	await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
792dbaf0	279	})
7ccddd7b JM	280
7ccddd7b JM	281	it('Should fail with an invalid type', async function () {
89d241a7	282	await servers[0].blacklist.list({ type: 0, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
7ccddd7b JM	283	})
	284
	285	it('Should succeed with the correct parameters', async function () {
89d241a7	286	await servers[0].blacklist.list({ type: VideoBlacklistType.MANUAL })
7ccddd7b	287	})
792dbaf0 GS	288	})
792dbaf0 GS	289
7c3b7976 C	290	after(async function () {
7c3b7976 C	291	await cleanupTests(servers)
792dbaf0 GS	292	})
792dbaf0 GS	293	})