]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import 'mocha' | |
4 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared' | |
5 | import { HttpStatusCode } from '@shared/models' | |
6 | import { | |
7 | cleanupTests, | |
8 | createMultipleServers, | |
9 | doubleFollow, | |
10 | makeDeleteRequest, | |
11 | makeGetRequest, | |
12 | makePostBodyRequest, | |
13 | PeerTubeServer, | |
14 | setAccessTokensToServers | |
15 | } from '@shared/server-commands' | |
16 | ||
17 | describe('Test blocklist API validators', function () { | |
18 | let servers: PeerTubeServer[] | |
19 | let server: PeerTubeServer | |
20 | let userAccessToken: string | |
21 | ||
22 | before(async function () { | |
23 | this.timeout(60000) | |
24 | ||
25 | servers = await createMultipleServers(2) | |
26 | await setAccessTokensToServers(servers) | |
27 | ||
28 | server = servers[0] | |
29 | ||
30 | const user = { username: 'user1', password: 'password' } | |
31 | await server.users.create({ username: user.username, password: user.password }) | |
32 | ||
33 | userAccessToken = await server.login.getAccessToken(user) | |
34 | ||
35 | await doubleFollow(servers[0], servers[1]) | |
36 | }) | |
37 | ||
38 | // --------------------------------------------------------------- | |
39 | ||
40 | describe('When managing user blocklist', function () { | |
41 | ||
42 | describe('When managing user accounts blocklist', function () { | |
43 | const path = '/api/v1/users/me/blocklist/accounts' | |
44 | ||
45 | describe('When listing blocked accounts', function () { | |
46 | it('Should fail with an unauthenticated user', async function () { | |
47 | await makeGetRequest({ | |
48 | url: server.url, | |
49 | path, | |
50 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
51 | }) | |
52 | }) | |
53 | ||
54 | it('Should fail with a bad start pagination', async function () { | |
55 | await checkBadStartPagination(server.url, path, server.accessToken) | |
56 | }) | |
57 | ||
58 | it('Should fail with a bad count pagination', async function () { | |
59 | await checkBadCountPagination(server.url, path, server.accessToken) | |
60 | }) | |
61 | ||
62 | it('Should fail with an incorrect sort', async function () { | |
63 | await checkBadSortPagination(server.url, path, server.accessToken) | |
64 | }) | |
65 | }) | |
66 | ||
67 | describe('When blocking an account', function () { | |
68 | it('Should fail with an unauthenticated user', async function () { | |
69 | await makePostBodyRequest({ | |
70 | url: server.url, | |
71 | path, | |
72 | fields: { accountName: 'user1' }, | |
73 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
74 | }) | |
75 | }) | |
76 | ||
77 | it('Should fail with an unknown account', async function () { | |
78 | await makePostBodyRequest({ | |
79 | url: server.url, | |
80 | token: server.accessToken, | |
81 | path, | |
82 | fields: { accountName: 'user2' }, | |
83 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
84 | }) | |
85 | }) | |
86 | ||
87 | it('Should fail to block ourselves', async function () { | |
88 | await makePostBodyRequest({ | |
89 | url: server.url, | |
90 | token: server.accessToken, | |
91 | path, | |
92 | fields: { accountName: 'root' }, | |
93 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
94 | }) | |
95 | }) | |
96 | ||
97 | it('Should succeed with the correct params', async function () { | |
98 | await makePostBodyRequest({ | |
99 | url: server.url, | |
100 | token: server.accessToken, | |
101 | path, | |
102 | fields: { accountName: 'user1' }, | |
103 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
104 | }) | |
105 | }) | |
106 | }) | |
107 | ||
108 | describe('When unblocking an account', function () { | |
109 | it('Should fail with an unauthenticated user', async function () { | |
110 | await makeDeleteRequest({ | |
111 | url: server.url, | |
112 | path: path + '/user1', | |
113 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
114 | }) | |
115 | }) | |
116 | ||
117 | it('Should fail with an unknown account block', async function () { | |
118 | await makeDeleteRequest({ | |
119 | url: server.url, | |
120 | path: path + '/user2', | |
121 | token: server.accessToken, | |
122 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
123 | }) | |
124 | }) | |
125 | ||
126 | it('Should succeed with the correct params', async function () { | |
127 | await makeDeleteRequest({ | |
128 | url: server.url, | |
129 | path: path + '/user1', | |
130 | token: server.accessToken, | |
131 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
132 | }) | |
133 | }) | |
134 | }) | |
135 | }) | |
136 | ||
137 | describe('When managing user servers blocklist', function () { | |
138 | const path = '/api/v1/users/me/blocklist/servers' | |
139 | ||
140 | describe('When listing blocked servers', function () { | |
141 | it('Should fail with an unauthenticated user', async function () { | |
142 | await makeGetRequest({ | |
143 | url: server.url, | |
144 | path, | |
145 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
146 | }) | |
147 | }) | |
148 | ||
149 | it('Should fail with a bad start pagination', async function () { | |
150 | await checkBadStartPagination(server.url, path, server.accessToken) | |
151 | }) | |
152 | ||
153 | it('Should fail with a bad count pagination', async function () { | |
154 | await checkBadCountPagination(server.url, path, server.accessToken) | |
155 | }) | |
156 | ||
157 | it('Should fail with an incorrect sort', async function () { | |
158 | await checkBadSortPagination(server.url, path, server.accessToken) | |
159 | }) | |
160 | }) | |
161 | ||
162 | describe('When blocking a server', function () { | |
163 | it('Should fail with an unauthenticated user', async function () { | |
164 | await makePostBodyRequest({ | |
165 | url: server.url, | |
166 | path, | |
167 | fields: { host: 'localhost:9002' }, | |
168 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
169 | }) | |
170 | }) | |
171 | ||
172 | it('Should succeed with an unknown server', async function () { | |
173 | await makePostBodyRequest({ | |
174 | url: server.url, | |
175 | token: server.accessToken, | |
176 | path, | |
177 | fields: { host: 'localhost:9003' }, | |
178 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
179 | }) | |
180 | }) | |
181 | ||
182 | it('Should fail with our own server', async function () { | |
183 | await makePostBodyRequest({ | |
184 | url: server.url, | |
185 | token: server.accessToken, | |
186 | path, | |
187 | fields: { host: 'localhost:' + server.port }, | |
188 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
189 | }) | |
190 | }) | |
191 | ||
192 | it('Should succeed with the correct params', async function () { | |
193 | await makePostBodyRequest({ | |
194 | url: server.url, | |
195 | token: server.accessToken, | |
196 | path, | |
197 | fields: { host: 'localhost:' + servers[1].port }, | |
198 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
199 | }) | |
200 | }) | |
201 | }) | |
202 | ||
203 | describe('When unblocking a server', function () { | |
204 | it('Should fail with an unauthenticated user', async function () { | |
205 | await makeDeleteRequest({ | |
206 | url: server.url, | |
207 | path: path + '/localhost:' + servers[1].port, | |
208 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
209 | }) | |
210 | }) | |
211 | ||
212 | it('Should fail with an unknown server block', async function () { | |
213 | await makeDeleteRequest({ | |
214 | url: server.url, | |
215 | path: path + '/localhost:9004', | |
216 | token: server.accessToken, | |
217 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
218 | }) | |
219 | }) | |
220 | ||
221 | it('Should succeed with the correct params', async function () { | |
222 | await makeDeleteRequest({ | |
223 | url: server.url, | |
224 | path: path + '/localhost:' + servers[1].port, | |
225 | token: server.accessToken, | |
226 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
227 | }) | |
228 | }) | |
229 | }) | |
230 | }) | |
231 | }) | |
232 | ||
233 | describe('When managing server blocklist', function () { | |
234 | ||
235 | describe('When managing server accounts blocklist', function () { | |
236 | const path = '/api/v1/server/blocklist/accounts' | |
237 | ||
238 | describe('When listing blocked accounts', function () { | |
239 | it('Should fail with an unauthenticated user', async function () { | |
240 | await makeGetRequest({ | |
241 | url: server.url, | |
242 | path, | |
243 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
244 | }) | |
245 | }) | |
246 | ||
247 | it('Should fail with a user without the appropriate rights', async function () { | |
248 | await makeGetRequest({ | |
249 | url: server.url, | |
250 | token: userAccessToken, | |
251 | path, | |
252 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
253 | }) | |
254 | }) | |
255 | ||
256 | it('Should fail with a bad start pagination', async function () { | |
257 | await checkBadStartPagination(server.url, path, server.accessToken) | |
258 | }) | |
259 | ||
260 | it('Should fail with a bad count pagination', async function () { | |
261 | await checkBadCountPagination(server.url, path, server.accessToken) | |
262 | }) | |
263 | ||
264 | it('Should fail with an incorrect sort', async function () { | |
265 | await checkBadSortPagination(server.url, path, server.accessToken) | |
266 | }) | |
267 | }) | |
268 | ||
269 | describe('When blocking an account', function () { | |
270 | it('Should fail with an unauthenticated user', async function () { | |
271 | await makePostBodyRequest({ | |
272 | url: server.url, | |
273 | path, | |
274 | fields: { accountName: 'user1' }, | |
275 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
276 | }) | |
277 | }) | |
278 | ||
279 | it('Should fail with a user without the appropriate rights', async function () { | |
280 | await makePostBodyRequest({ | |
281 | url: server.url, | |
282 | token: userAccessToken, | |
283 | path, | |
284 | fields: { accountName: 'user1' }, | |
285 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
286 | }) | |
287 | }) | |
288 | ||
289 | it('Should fail with an unknown account', async function () { | |
290 | await makePostBodyRequest({ | |
291 | url: server.url, | |
292 | token: server.accessToken, | |
293 | path, | |
294 | fields: { accountName: 'user2' }, | |
295 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
296 | }) | |
297 | }) | |
298 | ||
299 | it('Should fail to block ourselves', async function () { | |
300 | await makePostBodyRequest({ | |
301 | url: server.url, | |
302 | token: server.accessToken, | |
303 | path, | |
304 | fields: { accountName: 'root' }, | |
305 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
306 | }) | |
307 | }) | |
308 | ||
309 | it('Should succeed with the correct params', async function () { | |
310 | await makePostBodyRequest({ | |
311 | url: server.url, | |
312 | token: server.accessToken, | |
313 | path, | |
314 | fields: { accountName: 'user1' }, | |
315 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
316 | }) | |
317 | }) | |
318 | }) | |
319 | ||
320 | describe('When unblocking an account', function () { | |
321 | it('Should fail with an unauthenticated user', async function () { | |
322 | await makeDeleteRequest({ | |
323 | url: server.url, | |
324 | path: path + '/user1', | |
325 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
326 | }) | |
327 | }) | |
328 | ||
329 | it('Should fail with a user without the appropriate rights', async function () { | |
330 | await makeDeleteRequest({ | |
331 | url: server.url, | |
332 | path: path + '/user1', | |
333 | token: userAccessToken, | |
334 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
335 | }) | |
336 | }) | |
337 | ||
338 | it('Should fail with an unknown account block', async function () { | |
339 | await makeDeleteRequest({ | |
340 | url: server.url, | |
341 | path: path + '/user2', | |
342 | token: server.accessToken, | |
343 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
344 | }) | |
345 | }) | |
346 | ||
347 | it('Should succeed with the correct params', async function () { | |
348 | await makeDeleteRequest({ | |
349 | url: server.url, | |
350 | path: path + '/user1', | |
351 | token: server.accessToken, | |
352 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
353 | }) | |
354 | }) | |
355 | }) | |
356 | }) | |
357 | ||
358 | describe('When managing server servers blocklist', function () { | |
359 | const path = '/api/v1/server/blocklist/servers' | |
360 | ||
361 | describe('When listing blocked servers', function () { | |
362 | it('Should fail with an unauthenticated user', async function () { | |
363 | await makeGetRequest({ | |
364 | url: server.url, | |
365 | path, | |
366 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
367 | }) | |
368 | }) | |
369 | ||
370 | it('Should fail with a user without the appropriate rights', async function () { | |
371 | await makeGetRequest({ | |
372 | url: server.url, | |
373 | token: userAccessToken, | |
374 | path, | |
375 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
376 | }) | |
377 | }) | |
378 | ||
379 | it('Should fail with a bad start pagination', async function () { | |
380 | await checkBadStartPagination(server.url, path, server.accessToken) | |
381 | }) | |
382 | ||
383 | it('Should fail with a bad count pagination', async function () { | |
384 | await checkBadCountPagination(server.url, path, server.accessToken) | |
385 | }) | |
386 | ||
387 | it('Should fail with an incorrect sort', async function () { | |
388 | await checkBadSortPagination(server.url, path, server.accessToken) | |
389 | }) | |
390 | }) | |
391 | ||
392 | describe('When blocking a server', function () { | |
393 | it('Should fail with an unauthenticated user', async function () { | |
394 | await makePostBodyRequest({ | |
395 | url: server.url, | |
396 | path, | |
397 | fields: { host: 'localhost:' + servers[1].port }, | |
398 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
399 | }) | |
400 | }) | |
401 | ||
402 | it('Should fail with a user without the appropriate rights', async function () { | |
403 | await makePostBodyRequest({ | |
404 | url: server.url, | |
405 | token: userAccessToken, | |
406 | path, | |
407 | fields: { host: 'localhost:' + servers[1].port }, | |
408 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
409 | }) | |
410 | }) | |
411 | ||
412 | it('Should succeed with an unknown server', async function () { | |
413 | await makePostBodyRequest({ | |
414 | url: server.url, | |
415 | token: server.accessToken, | |
416 | path, | |
417 | fields: { host: 'localhost:9003' }, | |
418 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
419 | }) | |
420 | }) | |
421 | ||
422 | it('Should fail with our own server', async function () { | |
423 | await makePostBodyRequest({ | |
424 | url: server.url, | |
425 | token: server.accessToken, | |
426 | path, | |
427 | fields: { host: 'localhost:' + server.port }, | |
428 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
429 | }) | |
430 | }) | |
431 | ||
432 | it('Should succeed with the correct params', async function () { | |
433 | await makePostBodyRequest({ | |
434 | url: server.url, | |
435 | token: server.accessToken, | |
436 | path, | |
437 | fields: { host: 'localhost:' + servers[1].port }, | |
438 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
439 | }) | |
440 | }) | |
441 | }) | |
442 | ||
443 | describe('When unblocking a server', function () { | |
444 | it('Should fail with an unauthenticated user', async function () { | |
445 | await makeDeleteRequest({ | |
446 | url: server.url, | |
447 | path: path + '/localhost:' + servers[1].port, | |
448 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
449 | }) | |
450 | }) | |
451 | ||
452 | it('Should fail with a user without the appropriate rights', async function () { | |
453 | await makeDeleteRequest({ | |
454 | url: server.url, | |
455 | path: path + '/localhost:' + servers[1].port, | |
456 | token: userAccessToken, | |
457 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
458 | }) | |
459 | }) | |
460 | ||
461 | it('Should fail with an unknown server block', async function () { | |
462 | await makeDeleteRequest({ | |
463 | url: server.url, | |
464 | path: path + '/localhost:9004', | |
465 | token: server.accessToken, | |
466 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
467 | }) | |
468 | }) | |
469 | ||
470 | it('Should succeed with the correct params', async function () { | |
471 | await makeDeleteRequest({ | |
472 | url: server.url, | |
473 | path: path + '/localhost:' + servers[1].port, | |
474 | token: server.accessToken, | |
475 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
476 | }) | |
477 | }) | |
478 | }) | |
479 | }) | |
480 | }) | |
481 | ||
482 | describe('When getting blocklist status', function () { | |
483 | const path = '/api/v1/blocklist/status' | |
484 | ||
485 | it('Should fail with a bad token', async function () { | |
486 | await makeGetRequest({ | |
487 | url: server.url, | |
488 | path, | |
489 | token: 'false', | |
490 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
491 | }) | |
492 | }) | |
493 | ||
494 | it('Should fail with a bad accounts field', async function () { | |
495 | await makeGetRequest({ | |
496 | url: server.url, | |
497 | path, | |
498 | query: { | |
499 | accounts: 1 | |
500 | }, | |
501 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
502 | }) | |
503 | ||
504 | await makeGetRequest({ | |
505 | url: server.url, | |
506 | path, | |
507 | query: { | |
508 | accounts: [ 1 ] | |
509 | }, | |
510 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
511 | }) | |
512 | }) | |
513 | ||
514 | it('Should fail with a bad hosts field', async function () { | |
515 | await makeGetRequest({ | |
516 | url: server.url, | |
517 | path, | |
518 | query: { | |
519 | hosts: 1 | |
520 | }, | |
521 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
522 | }) | |
523 | ||
524 | await makeGetRequest({ | |
525 | url: server.url, | |
526 | path, | |
527 | query: { | |
528 | hosts: [ 1 ] | |
529 | }, | |
530 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
531 | }) | |
532 | }) | |
533 | ||
534 | it('Should succeed with the correct parameters', async function () { | |
535 | await makeGetRequest({ | |
536 | url: server.url, | |
537 | path, | |
538 | query: {}, | |
539 | expectedStatus: HttpStatusCode.OK_200 | |
540 | }) | |
541 | ||
542 | await makeGetRequest({ | |
543 | url: server.url, | |
544 | path, | |
545 | query: { | |
546 | hosts: [ 'example.com' ], | |
547 | accounts: [ 'john@example.com' ] | |
548 | }, | |
549 | expectedStatus: HttpStatusCode.OK_200 | |
550 | }) | |
551 | }) | |
552 | }) | |
553 | ||
554 | after(async function () { | |
555 | await cleanupTests(servers) | |
556 | }) | |
557 | }) |