]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import 'mocha' | |
4 | import { | |
5 | checkBadCountPagination, | |
6 | checkBadSortPagination, | |
7 | checkBadStartPagination, | |
8 | cleanupTests, | |
9 | createMultipleServers, | |
10 | doubleFollow, | |
11 | makeDeleteRequest, | |
12 | makeGetRequest, | |
13 | makePostBodyRequest, | |
14 | PeerTubeServer, | |
15 | setAccessTokensToServers | |
16 | } from '@shared/extra-utils' | |
17 | import { HttpStatusCode } from '@shared/models' | |
18 | ||
19 | describe('Test blocklist API validators', function () { | |
20 | let servers: PeerTubeServer[] | |
21 | let server: PeerTubeServer | |
22 | let userAccessToken: string | |
23 | ||
24 | before(async function () { | |
25 | this.timeout(60000) | |
26 | ||
27 | servers = await createMultipleServers(2) | |
28 | await setAccessTokensToServers(servers) | |
29 | ||
30 | server = servers[0] | |
31 | ||
32 | const user = { username: 'user1', password: 'password' } | |
33 | await server.users.create({ username: user.username, password: user.password }) | |
34 | ||
35 | userAccessToken = await server.login.getAccessToken(user) | |
36 | ||
37 | await doubleFollow(servers[0], servers[1]) | |
38 | }) | |
39 | ||
40 | // --------------------------------------------------------------- | |
41 | ||
42 | describe('When managing user blocklist', function () { | |
43 | ||
44 | describe('When managing user accounts blocklist', function () { | |
45 | const path = '/api/v1/users/me/blocklist/accounts' | |
46 | ||
47 | describe('When listing blocked accounts', function () { | |
48 | it('Should fail with an unauthenticated user', async function () { | |
49 | await makeGetRequest({ | |
50 | url: server.url, | |
51 | path, | |
52 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
53 | }) | |
54 | }) | |
55 | ||
56 | it('Should fail with a bad start pagination', async function () { | |
57 | await checkBadStartPagination(server.url, path, server.accessToken) | |
58 | }) | |
59 | ||
60 | it('Should fail with a bad count pagination', async function () { | |
61 | await checkBadCountPagination(server.url, path, server.accessToken) | |
62 | }) | |
63 | ||
64 | it('Should fail with an incorrect sort', async function () { | |
65 | await checkBadSortPagination(server.url, path, server.accessToken) | |
66 | }) | |
67 | }) | |
68 | ||
69 | describe('When blocking an account', function () { | |
70 | it('Should fail with an unauthenticated user', async function () { | |
71 | await makePostBodyRequest({ | |
72 | url: server.url, | |
73 | path, | |
74 | fields: { accountName: 'user1' }, | |
75 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
76 | }) | |
77 | }) | |
78 | ||
79 | it('Should fail with an unknown account', async function () { | |
80 | await makePostBodyRequest({ | |
81 | url: server.url, | |
82 | token: server.accessToken, | |
83 | path, | |
84 | fields: { accountName: 'user2' }, | |
85 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
86 | }) | |
87 | }) | |
88 | ||
89 | it('Should fail to block ourselves', async function () { | |
90 | await makePostBodyRequest({ | |
91 | url: server.url, | |
92 | token: server.accessToken, | |
93 | path, | |
94 | fields: { accountName: 'root' }, | |
95 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
96 | }) | |
97 | }) | |
98 | ||
99 | it('Should succeed with the correct params', async function () { | |
100 | await makePostBodyRequest({ | |
101 | url: server.url, | |
102 | token: server.accessToken, | |
103 | path, | |
104 | fields: { accountName: 'user1' }, | |
105 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
106 | }) | |
107 | }) | |
108 | }) | |
109 | ||
110 | describe('When unblocking an account', function () { | |
111 | it('Should fail with an unauthenticated user', async function () { | |
112 | await makeDeleteRequest({ | |
113 | url: server.url, | |
114 | path: path + '/user1', | |
115 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
116 | }) | |
117 | }) | |
118 | ||
119 | it('Should fail with an unknown account block', async function () { | |
120 | await makeDeleteRequest({ | |
121 | url: server.url, | |
122 | path: path + '/user2', | |
123 | token: server.accessToken, | |
124 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
125 | }) | |
126 | }) | |
127 | ||
128 | it('Should succeed with the correct params', async function () { | |
129 | await makeDeleteRequest({ | |
130 | url: server.url, | |
131 | path: path + '/user1', | |
132 | token: server.accessToken, | |
133 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
134 | }) | |
135 | }) | |
136 | }) | |
137 | }) | |
138 | ||
139 | describe('When managing user servers blocklist', function () { | |
140 | const path = '/api/v1/users/me/blocklist/servers' | |
141 | ||
142 | describe('When listing blocked servers', function () { | |
143 | it('Should fail with an unauthenticated user', async function () { | |
144 | await makeGetRequest({ | |
145 | url: server.url, | |
146 | path, | |
147 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
148 | }) | |
149 | }) | |
150 | ||
151 | it('Should fail with a bad start pagination', async function () { | |
152 | await checkBadStartPagination(server.url, path, server.accessToken) | |
153 | }) | |
154 | ||
155 | it('Should fail with a bad count pagination', async function () { | |
156 | await checkBadCountPagination(server.url, path, server.accessToken) | |
157 | }) | |
158 | ||
159 | it('Should fail with an incorrect sort', async function () { | |
160 | await checkBadSortPagination(server.url, path, server.accessToken) | |
161 | }) | |
162 | }) | |
163 | ||
164 | describe('When blocking a server', function () { | |
165 | it('Should fail with an unauthenticated user', async function () { | |
166 | await makePostBodyRequest({ | |
167 | url: server.url, | |
168 | path, | |
169 | fields: { host: 'localhost:9002' }, | |
170 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
171 | }) | |
172 | }) | |
173 | ||
174 | it('Should succeed with an unknown server', async function () { | |
175 | await makePostBodyRequest({ | |
176 | url: server.url, | |
177 | token: server.accessToken, | |
178 | path, | |
179 | fields: { host: 'localhost:9003' }, | |
180 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
181 | }) | |
182 | }) | |
183 | ||
184 | it('Should fail with our own server', async function () { | |
185 | await makePostBodyRequest({ | |
186 | url: server.url, | |
187 | token: server.accessToken, | |
188 | path, | |
189 | fields: { host: 'localhost:' + server.port }, | |
190 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
191 | }) | |
192 | }) | |
193 | ||
194 | it('Should succeed with the correct params', async function () { | |
195 | await makePostBodyRequest({ | |
196 | url: server.url, | |
197 | token: server.accessToken, | |
198 | path, | |
199 | fields: { host: 'localhost:' + servers[1].port }, | |
200 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
201 | }) | |
202 | }) | |
203 | }) | |
204 | ||
205 | describe('When unblocking a server', function () { | |
206 | it('Should fail with an unauthenticated user', async function () { | |
207 | await makeDeleteRequest({ | |
208 | url: server.url, | |
209 | path: path + '/localhost:' + servers[1].port, | |
210 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
211 | }) | |
212 | }) | |
213 | ||
214 | it('Should fail with an unknown server block', async function () { | |
215 | await makeDeleteRequest({ | |
216 | url: server.url, | |
217 | path: path + '/localhost:9004', | |
218 | token: server.accessToken, | |
219 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
220 | }) | |
221 | }) | |
222 | ||
223 | it('Should succeed with the correct params', async function () { | |
224 | await makeDeleteRequest({ | |
225 | url: server.url, | |
226 | path: path + '/localhost:' + servers[1].port, | |
227 | token: server.accessToken, | |
228 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
229 | }) | |
230 | }) | |
231 | }) | |
232 | }) | |
233 | }) | |
234 | ||
235 | describe('When managing server blocklist', function () { | |
236 | ||
237 | describe('When managing server accounts blocklist', function () { | |
238 | const path = '/api/v1/server/blocklist/accounts' | |
239 | ||
240 | describe('When listing blocked accounts', function () { | |
241 | it('Should fail with an unauthenticated user', async function () { | |
242 | await makeGetRequest({ | |
243 | url: server.url, | |
244 | path, | |
245 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
246 | }) | |
247 | }) | |
248 | ||
249 | it('Should fail with a user without the appropriate rights', async function () { | |
250 | await makeGetRequest({ | |
251 | url: server.url, | |
252 | token: userAccessToken, | |
253 | path, | |
254 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
255 | }) | |
256 | }) | |
257 | ||
258 | it('Should fail with a bad start pagination', async function () { | |
259 | await checkBadStartPagination(server.url, path, server.accessToken) | |
260 | }) | |
261 | ||
262 | it('Should fail with a bad count pagination', async function () { | |
263 | await checkBadCountPagination(server.url, path, server.accessToken) | |
264 | }) | |
265 | ||
266 | it('Should fail with an incorrect sort', async function () { | |
267 | await checkBadSortPagination(server.url, path, server.accessToken) | |
268 | }) | |
269 | }) | |
270 | ||
271 | describe('When blocking an account', function () { | |
272 | it('Should fail with an unauthenticated user', async function () { | |
273 | await makePostBodyRequest({ | |
274 | url: server.url, | |
275 | path, | |
276 | fields: { accountName: 'user1' }, | |
277 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
278 | }) | |
279 | }) | |
280 | ||
281 | it('Should fail with a user without the appropriate rights', async function () { | |
282 | await makePostBodyRequest({ | |
283 | url: server.url, | |
284 | token: userAccessToken, | |
285 | path, | |
286 | fields: { accountName: 'user1' }, | |
287 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
288 | }) | |
289 | }) | |
290 | ||
291 | it('Should fail with an unknown account', async function () { | |
292 | await makePostBodyRequest({ | |
293 | url: server.url, | |
294 | token: server.accessToken, | |
295 | path, | |
296 | fields: { accountName: 'user2' }, | |
297 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
298 | }) | |
299 | }) | |
300 | ||
301 | it('Should fail to block ourselves', async function () { | |
302 | await makePostBodyRequest({ | |
303 | url: server.url, | |
304 | token: server.accessToken, | |
305 | path, | |
306 | fields: { accountName: 'root' }, | |
307 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
308 | }) | |
309 | }) | |
310 | ||
311 | it('Should succeed with the correct params', async function () { | |
312 | await makePostBodyRequest({ | |
313 | url: server.url, | |
314 | token: server.accessToken, | |
315 | path, | |
316 | fields: { accountName: 'user1' }, | |
317 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
318 | }) | |
319 | }) | |
320 | }) | |
321 | ||
322 | describe('When unblocking an account', function () { | |
323 | it('Should fail with an unauthenticated user', async function () { | |
324 | await makeDeleteRequest({ | |
325 | url: server.url, | |
326 | path: path + '/user1', | |
327 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
328 | }) | |
329 | }) | |
330 | ||
331 | it('Should fail with a user without the appropriate rights', async function () { | |
332 | await makeDeleteRequest({ | |
333 | url: server.url, | |
334 | path: path + '/user1', | |
335 | token: userAccessToken, | |
336 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
337 | }) | |
338 | }) | |
339 | ||
340 | it('Should fail with an unknown account block', async function () { | |
341 | await makeDeleteRequest({ | |
342 | url: server.url, | |
343 | path: path + '/user2', | |
344 | token: server.accessToken, | |
345 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
346 | }) | |
347 | }) | |
348 | ||
349 | it('Should succeed with the correct params', async function () { | |
350 | await makeDeleteRequest({ | |
351 | url: server.url, | |
352 | path: path + '/user1', | |
353 | token: server.accessToken, | |
354 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
355 | }) | |
356 | }) | |
357 | }) | |
358 | }) | |
359 | ||
360 | describe('When managing server servers blocklist', function () { | |
361 | const path = '/api/v1/server/blocklist/servers' | |
362 | ||
363 | describe('When listing blocked servers', function () { | |
364 | it('Should fail with an unauthenticated user', async function () { | |
365 | await makeGetRequest({ | |
366 | url: server.url, | |
367 | path, | |
368 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
369 | }) | |
370 | }) | |
371 | ||
372 | it('Should fail with a user without the appropriate rights', async function () { | |
373 | await makeGetRequest({ | |
374 | url: server.url, | |
375 | token: userAccessToken, | |
376 | path, | |
377 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
378 | }) | |
379 | }) | |
380 | ||
381 | it('Should fail with a bad start pagination', async function () { | |
382 | await checkBadStartPagination(server.url, path, server.accessToken) | |
383 | }) | |
384 | ||
385 | it('Should fail with a bad count pagination', async function () { | |
386 | await checkBadCountPagination(server.url, path, server.accessToken) | |
387 | }) | |
388 | ||
389 | it('Should fail with an incorrect sort', async function () { | |
390 | await checkBadSortPagination(server.url, path, server.accessToken) | |
391 | }) | |
392 | }) | |
393 | ||
394 | describe('When blocking a server', function () { | |
395 | it('Should fail with an unauthenticated user', async function () { | |
396 | await makePostBodyRequest({ | |
397 | url: server.url, | |
398 | path, | |
399 | fields: { host: 'localhost:' + servers[1].port }, | |
400 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
401 | }) | |
402 | }) | |
403 | ||
404 | it('Should fail with a user without the appropriate rights', async function () { | |
405 | await makePostBodyRequest({ | |
406 | url: server.url, | |
407 | token: userAccessToken, | |
408 | path, | |
409 | fields: { host: 'localhost:' + servers[1].port }, | |
410 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
411 | }) | |
412 | }) | |
413 | ||
414 | it('Should succeed with an unknown server', async function () { | |
415 | await makePostBodyRequest({ | |
416 | url: server.url, | |
417 | token: server.accessToken, | |
418 | path, | |
419 | fields: { host: 'localhost:9003' }, | |
420 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
421 | }) | |
422 | }) | |
423 | ||
424 | it('Should fail with our own server', async function () { | |
425 | await makePostBodyRequest({ | |
426 | url: server.url, | |
427 | token: server.accessToken, | |
428 | path, | |
429 | fields: { host: 'localhost:' + server.port }, | |
430 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
431 | }) | |
432 | }) | |
433 | ||
434 | it('Should succeed with the correct params', async function () { | |
435 | await makePostBodyRequest({ | |
436 | url: server.url, | |
437 | token: server.accessToken, | |
438 | path, | |
439 | fields: { host: 'localhost:' + servers[1].port }, | |
440 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
441 | }) | |
442 | }) | |
443 | }) | |
444 | ||
445 | describe('When unblocking a server', function () { | |
446 | it('Should fail with an unauthenticated user', async function () { | |
447 | await makeDeleteRequest({ | |
448 | url: server.url, | |
449 | path: path + '/localhost:' + servers[1].port, | |
450 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
451 | }) | |
452 | }) | |
453 | ||
454 | it('Should fail with a user without the appropriate rights', async function () { | |
455 | await makeDeleteRequest({ | |
456 | url: server.url, | |
457 | path: path + '/localhost:' + servers[1].port, | |
458 | token: userAccessToken, | |
459 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
460 | }) | |
461 | }) | |
462 | ||
463 | it('Should fail with an unknown server block', async function () { | |
464 | await makeDeleteRequest({ | |
465 | url: server.url, | |
466 | path: path + '/localhost:9004', | |
467 | token: server.accessToken, | |
468 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
469 | }) | |
470 | }) | |
471 | ||
472 | it('Should succeed with the correct params', async function () { | |
473 | await makeDeleteRequest({ | |
474 | url: server.url, | |
475 | path: path + '/localhost:' + servers[1].port, | |
476 | token: server.accessToken, | |
477 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
478 | }) | |
479 | }) | |
480 | }) | |
481 | }) | |
482 | }) | |
483 | ||
484 | describe('When getting blocklist status', function () { | |
485 | const path = '/api/v1/blocklist/status' | |
486 | ||
487 | it('Should fail with a bad token', async function () { | |
488 | await makeGetRequest({ | |
489 | url: server.url, | |
490 | path, | |
491 | token: 'false', | |
492 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
493 | }) | |
494 | }) | |
495 | ||
496 | it('Should fail with a bad accounts field', async function () { | |
497 | await makeGetRequest({ | |
498 | url: server.url, | |
499 | path, | |
500 | query: { | |
501 | accounts: 1 | |
502 | }, | |
503 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
504 | }) | |
505 | ||
506 | await makeGetRequest({ | |
507 | url: server.url, | |
508 | path, | |
509 | query: { | |
510 | accounts: [ 1 ] | |
511 | }, | |
512 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
513 | }) | |
514 | }) | |
515 | ||
516 | it('Should fail with a bad hosts field', async function () { | |
517 | await makeGetRequest({ | |
518 | url: server.url, | |
519 | path, | |
520 | query: { | |
521 | hosts: 1 | |
522 | }, | |
523 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
524 | }) | |
525 | ||
526 | await makeGetRequest({ | |
527 | url: server.url, | |
528 | path, | |
529 | query: { | |
530 | hosts: [ 1 ] | |
531 | }, | |
532 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
533 | }) | |
534 | }) | |
535 | ||
536 | it('Should succeed with the correct parameters', async function () { | |
537 | await makeGetRequest({ | |
538 | url: server.url, | |
539 | path, | |
540 | query: {}, | |
541 | expectedStatus: HttpStatusCode.OK_200 | |
542 | }) | |
543 | ||
544 | await makeGetRequest({ | |
545 | url: server.url, | |
546 | path, | |
547 | query: { | |
548 | hosts: [ 'example.com' ], | |
549 | accounts: [ 'john@example.com' ] | |
550 | }, | |
551 | expectedStatus: HttpStatusCode.OK_200 | |
552 | }) | |
553 | }) | |
554 | }) | |
555 | ||
556 | after(async function () { | |
557 | await cleanupTests(servers) | |
558 | }) | |
559 | }) |