[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / video-blacklist.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import { expect } from 'chai'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
import { HttpStatusCode, VideoBlacklistType } from '@shared/models'
import {
  BlacklistCommand,
  cleanupTests,
  createMultipleServers,
  doubleFollow,
  makePostBodyRequest,
  makePutBodyRequest,
  PeerTubeServer,
  setAccessTokensToServers,
  waitJobs
} from '@shared/server-commands'

describe('Test video blacklist API validators', function () {
  let servers: PeerTubeServer[]
  let notBlacklistedVideoId: string
  let remoteVideoUUID: string
  let userAccessToken1 = ''
  let userAccessToken2 = ''
  let command: BlacklistCommand

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(120000)

    servers = await createMultipleServers(2)

    await setAccessTokensToServers(servers)
    await doubleFollow(servers[0], servers[1])

    {
      const username = 'user1'
      const password = 'my super password'
      await servers[0].users.create({ username, password })
      userAccessToken1 = await servers[0].login.getAccessToken({ username, password })
    }

    {
      const username = 'user2'
      const password = 'my super password'
      await servers[0].users.create({ username, password })
      userAccessToken2 = await servers[0].login.getAccessToken({ username, password })
    }

    {
      servers[0].store.videoCreated = await servers[0].videos.upload({ token: userAccessToken1 })
    }

    {
      const { uuid } = await servers[0].videos.upload()
      notBlacklistedVideoId = uuid
    }

    {
      const { uuid } = await servers[1].videos.upload()
      remoteVideoUUID = uuid
    }

    await waitJobs(servers)

    command = servers[0].blacklist
  })

  describe('When adding a video in blacklist', function () {
    const basePath = '/api/v1/videos/'

    it('Should fail with nothing', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should fail with a wrong video', async function () {
      const wrongPath = '/api/v1/videos/blabla/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
    })

    it('Should fail with a non authenticated user', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: userAccessToken2,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an invalid reason', async function () {
      const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
      const fields = { reason: 'a'.repeat(305) }

      await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should fail to unfederate a remote video', async function () {
      const path = basePath + remoteVideoUUID + '/blacklist'
      const fields = { unfederate: true }

      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should succeed with the correct params', async function () {
      const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
      const fields = {}

      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When updating a video in blacklist', function () {
    const basePath = '/api/v1/videos/'

    it('Should fail with a wrong video', async function () {
      const wrongPath = '/api/v1/videos/blabla/blacklist'
      const fields = {}
      await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
    })

    it('Should fail with a video not blacklisted', async function () {
      const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
      const fields = {}
      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a non authenticated user', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      const path = basePath + servers[0].store.videoCreated + '/blacklist'
      const fields = {}
      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: userAccessToken2,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an invalid reason', async function () {
      const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
      const fields = { reason: 'a'.repeat(305) }

      await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should succeed with the correct params', async function () {
      const path = basePath + servers[0].store.videoCreated.shortUUID + '/blacklist'
      const fields = { reason: 'hello' }

      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When getting blacklisted video', function () {

    it('Should fail with a non authenticated user', async function () {
      await servers[0].videos.get({ id: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with another user', async function () {
      await servers[0].videos.getWithToken({
        token: userAccessToken2,
        id: servers[0].store.videoCreated.uuid,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the owner authenticated user', async function () {
      const video = await servers[0].videos.getWithToken({ token: userAccessToken1, id: servers[0].store.videoCreated.uuid })
      expect(video.blacklisted).to.be.true
    })

    it('Should succeed with an admin', async function () {
      const video = servers[0].store.videoCreated

      for (const id of [ video.id, video.uuid, video.shortUUID ]) {
        const video = await servers[0].videos.getWithToken({ id, expectedStatus: HttpStatusCode.OK_200 })
        expect(video.blacklisted).to.be.true
      }
    })
  })

  describe('When removing a video in blacklist', function () {

    it('Should fail with a non authenticated user', async function () {
      await command.remove({
        token: 'fake token',
        videoId: servers[0].store.videoCreated.uuid,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with a non admin user', async function () {
      await command.remove({
        token: userAccessToken2,
        videoId: servers[0].store.videoCreated.uuid,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an incorrect id', async function () {
      await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    })

    it('Should fail with a not blacklisted video', async function () {
      // The video was not added to the blacklist so it should fail
      await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should succeed with the correct params', async function () {
      await command.remove({ videoId: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })
  })

  describe('When listing videos in blacklist', function () {
    const basePath = '/api/v1/videos/blacklist/'

    it('Should fail with a non authenticated user', async function () {
      await servers[0].blacklist.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      await servers[0].blacklist.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with an invalid type', async function () {
      await servers[0].blacklist.list({ type: 0 as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    })

    it('Should succeed with the correct parameters', async function () {
      await servers[0].blacklist.list({ type: VideoBlacklistType.MANUAL })
    })
  })

  after(async function () {
    await cleanupTests(servers)
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
792dbaf0	2
e3d15a6a	3	import { expect } from 'chai'
c55e3d72 C	4	import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
c55e3d72 C	5	import { HttpStatusCode, VideoBlacklistType } from '@shared/models'
792dbaf0	6	import {
e3d15a6a	7	BlacklistCommand,
7c3b7976	8	cleanupTests,
254d3579	9	createMultipleServers,
4c7e60bc	10	doubleFollow,
26b7305a C	11	makePostBodyRequest,
26b7305a C	12	makePutBodyRequest,
254d3579	13	PeerTubeServer,
26b7305a	14	setAccessTokensToServers,
a1587156	15	waitJobs
bf54587a	16	} from '@shared/server-commands'
792dbaf0 GS	17
792dbaf0 GS	18	describe('Test video blacklist API validators', function () {
254d3579	19	let servers: PeerTubeServer[]
d23dd9fb	20	let notBlacklistedVideoId: string
5abb9fbb	21	let remoteVideoUUID: string
e5e7f7fe C	22	let userAccessToken1 = ''
e5e7f7fe C	23	let userAccessToken2 = ''
e3d15a6a	24	let command: BlacklistCommand
792dbaf0 GS	25
	26	// ---------------------------------------------------------------
	27
	28	before(async function () {
	29	this.timeout(120000)
	30
254d3579	31	servers = await createMultipleServers(2)
792dbaf0	32
5abb9fbb C	33	await setAccessTokensToServers(servers)
5abb9fbb C	34	await doubleFollow(servers[0], servers[1])
792dbaf0	35
e5e7f7fe C	36	{
	37	const username = 'user1'
	38	const password = 'my super password'
ba2684ce	39	await servers[0].users.create({ username, password })
89d241a7	40	userAccessToken1 = await servers[0].login.getAccessToken({ username, password })
e5e7f7fe	41	}
792dbaf0	42
26b7305a	43	{
e5e7f7fe C	44	const username = 'user2'
e5e7f7fe C	45	const password = 'my super password'
ba2684ce	46	await servers[0].users.create({ username, password })
89d241a7	47	userAccessToken2 = await servers[0].login.getAccessToken({ username, password })
e5e7f7fe C	48	}
	49
	50	{
83903cb6	51	servers[0].store.videoCreated = await servers[0].videos.upload({ token: userAccessToken1 })
26b7305a C	52	}
	53
	54	{
89d241a7	55	const { uuid } = await servers[0].videos.upload()
d23dd9fb	56	notBlacklistedVideoId = uuid
26b7305a	57	}
5abb9fbb C	58
5abb9fbb C	59	{
89d241a7	60	const { uuid } = await servers[1].videos.upload()
d23dd9fb	61	remoteVideoUUID = uuid
5abb9fbb C	62	}
	63
	64	await waitJobs(servers)
e3d15a6a	65
89d241a7	66	command = servers[0].blacklist
792dbaf0 GS	67	})
	68
	69	describe('When adding a video in blacklist', function () {
	70	const basePath = '/api/v1/videos/'
	71
	72	it('Should fail with nothing', async function () {
83903cb6	73	const path = basePath + servers[0].store.videoCreated + '/blacklist'
792dbaf0	74	const fields = {}
5abb9fbb	75	await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
792dbaf0 GS	76	})
	77
	78	it('Should fail with a wrong video', async function () {
	79	const wrongPath = '/api/v1/videos/blabla/blacklist'
	80	const fields = {}
5abb9fbb	81	await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
792dbaf0 GS	82	})
	83
	84	it('Should fail with a non authenticated user', async function () {
83903cb6	85	const path = basePath + servers[0].store.videoCreated + '/blacklist'
11ba2ab3	86	const fields = {}
c0e8b12e	87	await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
792dbaf0 GS	88	})
	89
	90	it('Should fail with a non admin user', async function () {
83903cb6	91	const path = basePath + servers[0].store.videoCreated + '/blacklist'
11ba2ab3	92	const fields = {}
2d53be02 RK	93	await makePostBodyRequest({
	94	url: servers[0].url,
	95	path,
	96	token: userAccessToken2,
	97	fields,
c0e8b12e	98	expectedStatus: HttpStatusCode.FORBIDDEN_403
2d53be02	99	})
792dbaf0 GS	100	})
792dbaf0 GS	101
26b7305a	102	it('Should fail with an invalid reason', async function () {
83903cb6	103	const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
26b7305a C	104	const fields = { reason: 'a'.repeat(305) }
26b7305a C	105
5abb9fbb C	106	await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
	107	})
	108
	109	it('Should fail to unfederate a remote video', async function () {
	110	const path = basePath + remoteVideoUUID + '/blacklist'
	111	const fields = { unfederate: true }
	112
2d53be02 RK	113	await makePostBodyRequest({
	114	url: servers[0].url,
	115	path,
	116	token: servers[0].accessToken,
	117	fields,
c0e8b12e	118	expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02	119	})
26b7305a C	120	})
	121
	122	it('Should succeed with the correct params', async function () {
83903cb6	123	const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
a1587156	124	const fields = {}
26b7305a	125
2d53be02 RK	126	await makePostBodyRequest({
	127	url: servers[0].url,
	128	path,
	129	token: servers[0].accessToken,
	130	fields,
c0e8b12e	131	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	132	})
26b7305a C	133	})
	134	})
	135
	136	describe('When updating a video in blacklist', function () {
	137	const basePath = '/api/v1/videos/'
	138
	139	it('Should fail with a wrong video', async function () {
	140	const wrongPath = '/api/v1/videos/blabla/blacklist'
	141	const fields = {}
5abb9fbb	142	await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
26b7305a C	143	})
	144
	145	it('Should fail with a video not blacklisted', async function () {
	146	const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
	147	const fields = {}
2d53be02 RK	148	await makePutBodyRequest({
	149	url: servers[0].url,
	150	path,
	151	token: servers[0].accessToken,
	152	fields,
c0e8b12e	153	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	154	})
26b7305a C	155	})
	156
	157	it('Should fail with a non authenticated user', async function () {
83903cb6	158	const path = basePath + servers[0].store.videoCreated + '/blacklist'
26b7305a	159	const fields = {}
c0e8b12e	160	await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
26b7305a C	161	})
	162
	163	it('Should fail with a non admin user', async function () {
83903cb6	164	const path = basePath + servers[0].store.videoCreated + '/blacklist'
11ba2ab3	165	const fields = {}
2d53be02 RK	166	await makePutBodyRequest({
	167	url: servers[0].url,
	168	path,
	169	token: userAccessToken2,
	170	fields,
c0e8b12e	171	expectedStatus: HttpStatusCode.FORBIDDEN_403
2d53be02	172	})
26b7305a C	173	})
	174
	175	it('Should fail with an invalid reason', async function () {
83903cb6	176	const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
26b7305a C	177	const fields = { reason: 'a'.repeat(305) }
26b7305a C	178
5abb9fbb	179	await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
26b7305a C	180	})
	181
	182	it('Should succeed with the correct params', async function () {
83903cb6	183	const path = basePath + servers[0].store.videoCreated.shortUUID + '/blacklist'
26b7305a C	184	const fields = { reason: 'hello' }
26b7305a C	185
2d53be02 RK	186	await makePutBodyRequest({
	187	url: servers[0].url,
	188	path,
	189	token: servers[0].accessToken,
	190	fields,
c0e8b12e	191	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	192	})
792dbaf0 GS	193	})
	194	})
	195
e5e7f7fe C	196	describe('When getting blacklisted video', function () {
	197
	198	it('Should fail with a non authenticated user', async function () {
83903cb6	199	await servers[0].videos.get({ id: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
e5e7f7fe C	200	})
	201
	202	it('Should fail with another user', async function () {
89d241a7	203	await servers[0].videos.getWithToken({
d23dd9fb	204	token: userAccessToken2,
83903cb6	205	id: servers[0].store.videoCreated.uuid,
d23dd9fb C	206	expectedStatus: HttpStatusCode.FORBIDDEN_403
d23dd9fb C	207	})
e5e7f7fe C	208	})
	209
	210	it('Should succeed with the owner authenticated user', async function () {
83903cb6	211	const video = await servers[0].videos.getWithToken({ token: userAccessToken1, id: servers[0].store.videoCreated.uuid })
e5e7f7fe C	212	expect(video.blacklisted).to.be.true
	213	})
	214
	215	it('Should succeed with an admin', async function () {
83903cb6	216	const video = servers[0].store.videoCreated
e5e7f7fe	217
d4a8e7a6	218	for (const id of [ video.id, video.uuid, video.shortUUID ]) {
89d241a7	219	const video = await servers[0].videos.getWithToken({ id, expectedStatus: HttpStatusCode.OK_200 })
d4a8e7a6 C	220	expect(video.blacklisted).to.be.true
d4a8e7a6 C	221	}
e5e7f7fe C	222	})
	223	})
	224
792dbaf0	225	describe('When removing a video in blacklist', function () {
e3d15a6a	226
792dbaf0	227	it('Should fail with a non authenticated user', async function () {
83903cb6 C	228	await command.remove({
	229	token: 'fake token',
	230	videoId: servers[0].store.videoCreated.uuid,
	231	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	232	})
792dbaf0 GS	233	})
	234
	235	it('Should fail with a non admin user', async function () {
83903cb6 C	236	await command.remove({
	237	token: userAccessToken2,
	238	videoId: servers[0].store.videoCreated.uuid,
	239	expectedStatus: HttpStatusCode.FORBIDDEN_403
	240	})
792dbaf0 GS	241	})
	242
	243	it('Should fail with an incorrect id', async function () {
e3d15a6a	244	await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
792dbaf0 GS	245	})
	246
	247	it('Should fail with a not blacklisted video', async function () {
	248	// The video was not added to the blacklist so it should fail
e3d15a6a	249	await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
26b7305a C	250	})
	251
	252	it('Should succeed with the correct params', async function () {
83903cb6	253	await command.remove({ videoId: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
792dbaf0 GS	254	})
	255	})
	256
	257	describe('When listing videos in blacklist', function () {
35bf0c83	258	const basePath = '/api/v1/videos/blacklist/'
792dbaf0 GS	259
792dbaf0 GS	260	it('Should fail with a non authenticated user', async function () {
89d241a7	261	await servers[0].blacklist.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
792dbaf0 GS	262	})
	263
	264	it('Should fail with a non admin user', async function () {
89d241a7	265	await servers[0].blacklist.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
792dbaf0 GS	266	})
	267
	268	it('Should fail with a bad start pagination', async function () {
5abb9fbb	269	await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
792dbaf0 GS	270	})
	271
	272	it('Should fail with a bad count pagination', async function () {
5abb9fbb	273	await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
792dbaf0 GS	274	})
	275
	276	it('Should fail with an incorrect sort', async function () {
5abb9fbb	277	await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
792dbaf0	278	})
7ccddd7b JM	279
7ccddd7b JM	280	it('Should fail with an invalid type', async function () {
d102de1b	281	await servers[0].blacklist.list({ type: 0 as any, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
7ccddd7b JM	282	})
	283
	284	it('Should succeed with the correct parameters', async function () {
89d241a7	285	await servers[0].blacklist.list({ type: VideoBlacklistType.MANUAL })
7ccddd7b	286	})
792dbaf0 GS	287	})
792dbaf0 GS	288
7c3b7976 C	289	after(async function () {
7c3b7976 C	290	await cleanupTests(servers)
792dbaf0 GS	291	})
792dbaf0 GS	292	})