[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / video-blacklist.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import { expect } from 'chai'
import {
  BlacklistCommand,
  checkBadCountPagination,
  checkBadSortPagination,
  checkBadStartPagination,
  cleanupTests,
  createMultipleServers,
  doubleFollow,
  makePostBodyRequest,
  makePutBodyRequest,
  PeerTubeServer,
  setAccessTokensToServers,
  waitJobs
} from '@shared/extra-utils'
import { HttpStatusCode, VideoBlacklistType } from '@shared/models'

describe('Test video blacklist API validators', function () {
  let servers: PeerTubeServer[]
  let notBlacklistedVideoId: string
  let remoteVideoUUID: string
  let userAccessToken1 = ''
  let userAccessToken2 = ''
  let command: BlacklistCommand

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(120000)

    servers = await createMultipleServers(2)

    await setAccessTokensToServers(servers)
    await doubleFollow(servers[0], servers[1])

    {
      const username = 'user1'
      const password = 'my super password'
      await servers[0].users.create({ username: username, password: password })
      userAccessToken1 = await servers[0].login.getAccessToken({ username, password })
    }

    {
      const username = 'user2'
      const password = 'my super password'
      await servers[0].users.create({ username: username, password: password })
      userAccessToken2 = await servers[0].login.getAccessToken({ username, password })
    }

    {
      servers[0].store.video = await servers[0].videos.upload({ token: userAccessToken1 })
    }

    {
      const { uuid } = await servers[0].videos.upload()
      notBlacklistedVideoId = uuid
    }

    {
      const { uuid } = await servers[1].videos.upload()
      remoteVideoUUID = uuid
    }

    await waitJobs(servers)

    command = servers[0].blacklist
  })

  describe('When adding a video in blacklist', function () {
    const basePath = '/api/v1/videos/'

    it('Should fail with nothing', async function () {
      const path = basePath + servers[0].store.video + '/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should fail with a wrong video', async function () {
      const wrongPath = '/api/v1/videos/blabla/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
    })

    it('Should fail with a non authenticated user', async function () {
      const path = basePath + servers[0].store.video + '/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      const path = basePath + servers[0].store.video + '/blacklist'
      const fields = {}
      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: userAccessToken2,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an invalid reason', async function () {
      const path = basePath + servers[0].store.video.uuid + '/blacklist'
      const fields = { reason: 'a'.repeat(305) }

      await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should fail to unfederate a remote video', async function () {
      const path = basePath + remoteVideoUUID + '/blacklist'
      const fields = { unfederate: true }

      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should succeed with the correct params', async function () {
      const path = basePath + servers[0].store.video.uuid + '/blacklist'
      const fields = {}

      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When updating a video in blacklist', function () {
    const basePath = '/api/v1/videos/'

    it('Should fail with a wrong video', async function () {
      const wrongPath = '/api/v1/videos/blabla/blacklist'
      const fields = {}
      await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
    })

    it('Should fail with a video not blacklisted', async function () {
      const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
      const fields = {}
      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a non authenticated user', async function () {
      const path = basePath + servers[0].store.video + '/blacklist'
      const fields = {}
      await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      const path = basePath + servers[0].store.video + '/blacklist'
      const fields = {}
      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: userAccessToken2,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an invalid reason', async function () {
      const path = basePath + servers[0].store.video.uuid + '/blacklist'
      const fields = { reason: 'a'.repeat(305) }

      await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should succeed with the correct params', async function () {
      const path = basePath + servers[0].store.video.shortUUID + '/blacklist'
      const fields = { reason: 'hello' }

      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When getting blacklisted video', function () {

    it('Should fail with a non authenticated user', async function () {
      await servers[0].videos.get({ id: servers[0].store.video.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with another user', async function () {
      await servers[0].videos.getWithToken({
        token: userAccessToken2,
        id: servers[0].store.video.uuid,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the owner authenticated user', async function () {
      const video = await servers[0].videos.getWithToken({ token: userAccessToken1, id: servers[0].store.video.uuid })
      expect(video.blacklisted).to.be.true
    })

    it('Should succeed with an admin', async function () {
      const video = servers[0].store.video

      for (const id of [ video.id, video.uuid, video.shortUUID ]) {
        const video = await servers[0].videos.getWithToken({ id, expectedStatus: HttpStatusCode.OK_200 })
        expect(video.blacklisted).to.be.true
      }
    })
  })

  describe('When removing a video in blacklist', function () {

    it('Should fail with a non authenticated user', async function () {
      await command.remove({ token: 'fake token', videoId: servers[0].store.video.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      await command.remove({ token: userAccessToken2, videoId: servers[0].store.video.uuid, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

    it('Should fail with an incorrect id', async function () {
      await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    })

    it('Should fail with a not blacklisted video', async function () {
      // The video was not added to the blacklist so it should fail
      await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should succeed with the correct params', async function () {
      await command.remove({ videoId: servers[0].store.video.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })
  })

  describe('When listing videos in blacklist', function () {
    const basePath = '/api/v1/videos/blacklist/'

    it('Should fail with a non authenticated user', async function () {
      await servers[0].blacklist.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      await servers[0].blacklist.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with an invalid type', async function () {
      await servers[0].blacklist.list({ type: 0, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    })

    it('Should succeed with the correct parameters', async function () {
      await servers[0].blacklist.list({ type: VideoBlacklistType.MANUAL })
    })
  })

  after(async function () {
    await cleanupTests(servers)
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
792dbaf0 GS	2
792dbaf0 GS	3	import 'mocha'
e3d15a6a	4	import { expect } from 'chai'
792dbaf0	5	import {
e3d15a6a C	6	BlacklistCommand,
	7	checkBadCountPagination,
	8	checkBadSortPagination,
	9	checkBadStartPagination,
7c3b7976	10	cleanupTests,
254d3579	11	createMultipleServers,
4c7e60bc	12	doubleFollow,
26b7305a C	13	makePostBodyRequest,
26b7305a C	14	makePutBodyRequest,
254d3579	15	PeerTubeServer,
26b7305a	16	setAccessTokensToServers,
a1587156	17	waitJobs
e3d15a6a	18	} from '@shared/extra-utils'
4c7e60bc	19	import { HttpStatusCode, VideoBlacklistType } from '@shared/models'
792dbaf0 GS	20
792dbaf0 GS	21	describe('Test video blacklist API validators', function () {
254d3579	22	let servers: PeerTubeServer[]
d23dd9fb	23	let notBlacklistedVideoId: string
5abb9fbb	24	let remoteVideoUUID: string
e5e7f7fe C	25	let userAccessToken1 = ''
e5e7f7fe C	26	let userAccessToken2 = ''
e3d15a6a	27	let command: BlacklistCommand
792dbaf0 GS	28
	29	// ---------------------------------------------------------------
	30
	31	before(async function () {
	32	this.timeout(120000)
	33
254d3579	34	servers = await createMultipleServers(2)
792dbaf0	35
5abb9fbb C	36	await setAccessTokensToServers(servers)
5abb9fbb C	37	await doubleFollow(servers[0], servers[1])
792dbaf0	38
e5e7f7fe C	39	{
	40	const username = 'user1'
	41	const password = 'my super password'
89d241a7 C	42	await servers[0].users.create({ username: username, password: password })
89d241a7 C	43	userAccessToken1 = await servers[0].login.getAccessToken({ username, password })
e5e7f7fe	44	}
792dbaf0	45
26b7305a	46	{
e5e7f7fe C	47	const username = 'user2'
e5e7f7fe C	48	const password = 'my super password'
89d241a7 C	49	await servers[0].users.create({ username: username, password: password })
89d241a7 C	50	userAccessToken2 = await servers[0].login.getAccessToken({ username, password })
e5e7f7fe C	51	}
	52
	53	{
89d241a7	54	servers[0].store.video = await servers[0].videos.upload({ token: userAccessToken1 })
26b7305a C	55	}
	56
	57	{
89d241a7	58	const { uuid } = await servers[0].videos.upload()
d23dd9fb	59	notBlacklistedVideoId = uuid
26b7305a	60	}
5abb9fbb C	61
5abb9fbb C	62	{
89d241a7	63	const { uuid } = await servers[1].videos.upload()
d23dd9fb	64	remoteVideoUUID = uuid
5abb9fbb C	65	}
	66
	67	await waitJobs(servers)
e3d15a6a	68
89d241a7	69	command = servers[0].blacklist
792dbaf0 GS	70	})
	71
	72	describe('When adding a video in blacklist', function () {
	73	const basePath = '/api/v1/videos/'
	74
	75	it('Should fail with nothing', async function () {
89d241a7	76	const path = basePath + servers[0].store.video + '/blacklist'
792dbaf0	77	const fields = {}
5abb9fbb	78	await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
792dbaf0 GS	79	})
	80
	81	it('Should fail with a wrong video', async function () {
	82	const wrongPath = '/api/v1/videos/blabla/blacklist'
	83	const fields = {}
5abb9fbb	84	await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
792dbaf0 GS	85	})
	86
	87	it('Should fail with a non authenticated user', async function () {
89d241a7	88	const path = basePath + servers[0].store.video + '/blacklist'
11ba2ab3	89	const fields = {}
c0e8b12e	90	await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
792dbaf0 GS	91	})
	92
	93	it('Should fail with a non admin user', async function () {
89d241a7	94	const path = basePath + servers[0].store.video + '/blacklist'
11ba2ab3	95	const fields = {}
2d53be02 RK	96	await makePostBodyRequest({
	97	url: servers[0].url,
	98	path,
	99	token: userAccessToken2,
	100	fields,
c0e8b12e	101	expectedStatus: HttpStatusCode.FORBIDDEN_403
2d53be02	102	})
792dbaf0 GS	103	})
792dbaf0 GS	104
26b7305a	105	it('Should fail with an invalid reason', async function () {
89d241a7	106	const path = basePath + servers[0].store.video.uuid + '/blacklist'
26b7305a C	107	const fields = { reason: 'a'.repeat(305) }
26b7305a C	108
5abb9fbb C	109	await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
	110	})
	111
	112	it('Should fail to unfederate a remote video', async function () {
	113	const path = basePath + remoteVideoUUID + '/blacklist'
	114	const fields = { unfederate: true }
	115
2d53be02 RK	116	await makePostBodyRequest({
	117	url: servers[0].url,
	118	path,
	119	token: servers[0].accessToken,
	120	fields,
c0e8b12e	121	expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02	122	})
26b7305a C	123	})
	124
	125	it('Should succeed with the correct params', async function () {
89d241a7	126	const path = basePath + servers[0].store.video.uuid + '/blacklist'
a1587156	127	const fields = {}
26b7305a	128
2d53be02 RK	129	await makePostBodyRequest({
	130	url: servers[0].url,
	131	path,
	132	token: servers[0].accessToken,
	133	fields,
c0e8b12e	134	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	135	})
26b7305a C	136	})
	137	})
	138
	139	describe('When updating a video in blacklist', function () {
	140	const basePath = '/api/v1/videos/'
	141
	142	it('Should fail with a wrong video', async function () {
	143	const wrongPath = '/api/v1/videos/blabla/blacklist'
	144	const fields = {}
5abb9fbb	145	await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
26b7305a C	146	})
	147
	148	it('Should fail with a video not blacklisted', async function () {
	149	const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
	150	const fields = {}
2d53be02 RK	151	await makePutBodyRequest({
	152	url: servers[0].url,
	153	path,
	154	token: servers[0].accessToken,
	155	fields,
c0e8b12e	156	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	157	})
26b7305a C	158	})
	159
	160	it('Should fail with a non authenticated user', async function () {
89d241a7	161	const path = basePath + servers[0].store.video + '/blacklist'
26b7305a	162	const fields = {}
c0e8b12e	163	await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
26b7305a C	164	})
	165
	166	it('Should fail with a non admin user', async function () {
89d241a7	167	const path = basePath + servers[0].store.video + '/blacklist'
11ba2ab3	168	const fields = {}
2d53be02 RK	169	await makePutBodyRequest({
	170	url: servers[0].url,
	171	path,
	172	token: userAccessToken2,
	173	fields,
c0e8b12e	174	expectedStatus: HttpStatusCode.FORBIDDEN_403
2d53be02	175	})
26b7305a C	176	})
	177
	178	it('Should fail with an invalid reason', async function () {
89d241a7	179	const path = basePath + servers[0].store.video.uuid + '/blacklist'
26b7305a C	180	const fields = { reason: 'a'.repeat(305) }
26b7305a C	181
5abb9fbb	182	await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
26b7305a C	183	})
	184
	185	it('Should succeed with the correct params', async function () {
89d241a7	186	const path = basePath + servers[0].store.video.shortUUID + '/blacklist'
26b7305a C	187	const fields = { reason: 'hello' }
26b7305a C	188
2d53be02 RK	189	await makePutBodyRequest({
	190	url: servers[0].url,
	191	path,
	192	token: servers[0].accessToken,
	193	fields,
c0e8b12e	194	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	195	})
792dbaf0 GS	196	})
	197	})
	198
e5e7f7fe C	199	describe('When getting blacklisted video', function () {
	200
	201	it('Should fail with a non authenticated user', async function () {
89d241a7	202	await servers[0].videos.get({ id: servers[0].store.video.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
e5e7f7fe C	203	})
	204
	205	it('Should fail with another user', async function () {
89d241a7	206	await servers[0].videos.getWithToken({
d23dd9fb	207	token: userAccessToken2,
89d241a7	208	id: servers[0].store.video.uuid,
d23dd9fb C	209	expectedStatus: HttpStatusCode.FORBIDDEN_403
d23dd9fb C	210	})
e5e7f7fe C	211	})
	212
	213	it('Should succeed with the owner authenticated user', async function () {
89d241a7	214	const video = await servers[0].videos.getWithToken({ token: userAccessToken1, id: servers[0].store.video.uuid })
e5e7f7fe C	215	expect(video.blacklisted).to.be.true
	216	})
	217
	218	it('Should succeed with an admin', async function () {
89d241a7	219	const video = servers[0].store.video
e5e7f7fe	220
d4a8e7a6	221	for (const id of [ video.id, video.uuid, video.shortUUID ]) {
89d241a7	222	const video = await servers[0].videos.getWithToken({ id, expectedStatus: HttpStatusCode.OK_200 })
d4a8e7a6 C	223	expect(video.blacklisted).to.be.true
d4a8e7a6 C	224	}
e5e7f7fe C	225	})
	226	})
	227
792dbaf0	228	describe('When removing a video in blacklist', function () {
e3d15a6a	229
792dbaf0	230	it('Should fail with a non authenticated user', async function () {
89d241a7	231	await command.remove({ token: 'fake token', videoId: servers[0].store.video.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
792dbaf0 GS	232	})
	233
	234	it('Should fail with a non admin user', async function () {
89d241a7	235	await command.remove({ token: userAccessToken2, videoId: servers[0].store.video.uuid, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
792dbaf0 GS	236	})
	237
	238	it('Should fail with an incorrect id', async function () {
e3d15a6a	239	await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
792dbaf0 GS	240	})
	241
	242	it('Should fail with a not blacklisted video', async function () {
	243	// The video was not added to the blacklist so it should fail
e3d15a6a	244	await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
26b7305a C	245	})
	246
	247	it('Should succeed with the correct params', async function () {
89d241a7	248	await command.remove({ videoId: servers[0].store.video.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
792dbaf0 GS	249	})
	250	})
	251
	252	describe('When listing videos in blacklist', function () {
35bf0c83	253	const basePath = '/api/v1/videos/blacklist/'
792dbaf0 GS	254
792dbaf0 GS	255	it('Should fail with a non authenticated user', async function () {
89d241a7	256	await servers[0].blacklist.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
792dbaf0 GS	257	})
	258
	259	it('Should fail with a non admin user', async function () {
89d241a7	260	await servers[0].blacklist.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
792dbaf0 GS	261	})
	262
	263	it('Should fail with a bad start pagination', async function () {
5abb9fbb	264	await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
792dbaf0 GS	265	})
	266
	267	it('Should fail with a bad count pagination', async function () {
5abb9fbb	268	await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
792dbaf0 GS	269	})
	270
	271	it('Should fail with an incorrect sort', async function () {
5abb9fbb	272	await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
792dbaf0	273	})
7ccddd7b JM	274
7ccddd7b JM	275	it('Should fail with an invalid type', async function () {
89d241a7	276	await servers[0].blacklist.list({ type: 0, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
7ccddd7b JM	277	})
	278
	279	it('Should succeed with the correct parameters', async function () {
89d241a7	280	await servers[0].blacklist.list({ type: VideoBlacklistType.MANUAL })
7ccddd7b	281	})
792dbaf0 GS	282	})
792dbaf0 GS	283
7c3b7976 C	284	after(async function () {
7c3b7976 C	285	await cleanupTests(servers)
792dbaf0 GS	286	})
792dbaf0 GS	287	})