]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared' | |
4 | import { HttpStatusCode } from '@shared/models' | |
5 | import { | |
6 | cleanupTests, | |
7 | createMultipleServers, | |
8 | doubleFollow, | |
9 | makeDeleteRequest, | |
10 | makeGetRequest, | |
11 | makePostBodyRequest, | |
12 | PeerTubeServer, | |
13 | setAccessTokensToServers | |
14 | } from '@shared/server-commands' | |
15 | ||
16 | describe('Test blocklist API validators', function () { | |
17 | let servers: PeerTubeServer[] | |
18 | let server: PeerTubeServer | |
19 | let userAccessToken: string | |
20 | ||
21 | before(async function () { | |
22 | this.timeout(60000) | |
23 | ||
24 | servers = await createMultipleServers(2) | |
25 | await setAccessTokensToServers(servers) | |
26 | ||
27 | server = servers[0] | |
28 | ||
29 | const user = { username: 'user1', password: 'password' } | |
30 | await server.users.create({ username: user.username, password: user.password }) | |
31 | ||
32 | userAccessToken = await server.login.getAccessToken(user) | |
33 | ||
34 | await doubleFollow(servers[0], servers[1]) | |
35 | }) | |
36 | ||
37 | // --------------------------------------------------------------- | |
38 | ||
39 | describe('When managing user blocklist', function () { | |
40 | ||
41 | describe('When managing user accounts blocklist', function () { | |
42 | const path = '/api/v1/users/me/blocklist/accounts' | |
43 | ||
44 | describe('When listing blocked accounts', function () { | |
45 | it('Should fail with an unauthenticated user', async function () { | |
46 | await makeGetRequest({ | |
47 | url: server.url, | |
48 | path, | |
49 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
50 | }) | |
51 | }) | |
52 | ||
53 | it('Should fail with a bad start pagination', async function () { | |
54 | await checkBadStartPagination(server.url, path, server.accessToken) | |
55 | }) | |
56 | ||
57 | it('Should fail with a bad count pagination', async function () { | |
58 | await checkBadCountPagination(server.url, path, server.accessToken) | |
59 | }) | |
60 | ||
61 | it('Should fail with an incorrect sort', async function () { | |
62 | await checkBadSortPagination(server.url, path, server.accessToken) | |
63 | }) | |
64 | }) | |
65 | ||
66 | describe('When blocking an account', function () { | |
67 | it('Should fail with an unauthenticated user', async function () { | |
68 | await makePostBodyRequest({ | |
69 | url: server.url, | |
70 | path, | |
71 | fields: { accountName: 'user1' }, | |
72 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
73 | }) | |
74 | }) | |
75 | ||
76 | it('Should fail with an unknown account', async function () { | |
77 | await makePostBodyRequest({ | |
78 | url: server.url, | |
79 | token: server.accessToken, | |
80 | path, | |
81 | fields: { accountName: 'user2' }, | |
82 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
83 | }) | |
84 | }) | |
85 | ||
86 | it('Should fail to block ourselves', async function () { | |
87 | await makePostBodyRequest({ | |
88 | url: server.url, | |
89 | token: server.accessToken, | |
90 | path, | |
91 | fields: { accountName: 'root' }, | |
92 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
93 | }) | |
94 | }) | |
95 | ||
96 | it('Should succeed with the correct params', async function () { | |
97 | await makePostBodyRequest({ | |
98 | url: server.url, | |
99 | token: server.accessToken, | |
100 | path, | |
101 | fields: { accountName: 'user1' }, | |
102 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
103 | }) | |
104 | }) | |
105 | }) | |
106 | ||
107 | describe('When unblocking an account', function () { | |
108 | it('Should fail with an unauthenticated user', async function () { | |
109 | await makeDeleteRequest({ | |
110 | url: server.url, | |
111 | path: path + '/user1', | |
112 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
113 | }) | |
114 | }) | |
115 | ||
116 | it('Should fail with an unknown account block', async function () { | |
117 | await makeDeleteRequest({ | |
118 | url: server.url, | |
119 | path: path + '/user2', | |
120 | token: server.accessToken, | |
121 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
122 | }) | |
123 | }) | |
124 | ||
125 | it('Should succeed with the correct params', async function () { | |
126 | await makeDeleteRequest({ | |
127 | url: server.url, | |
128 | path: path + '/user1', | |
129 | token: server.accessToken, | |
130 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
131 | }) | |
132 | }) | |
133 | }) | |
134 | }) | |
135 | ||
136 | describe('When managing user servers blocklist', function () { | |
137 | const path = '/api/v1/users/me/blocklist/servers' | |
138 | ||
139 | describe('When listing blocked servers', function () { | |
140 | it('Should fail with an unauthenticated user', async function () { | |
141 | await makeGetRequest({ | |
142 | url: server.url, | |
143 | path, | |
144 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
145 | }) | |
146 | }) | |
147 | ||
148 | it('Should fail with a bad start pagination', async function () { | |
149 | await checkBadStartPagination(server.url, path, server.accessToken) | |
150 | }) | |
151 | ||
152 | it('Should fail with a bad count pagination', async function () { | |
153 | await checkBadCountPagination(server.url, path, server.accessToken) | |
154 | }) | |
155 | ||
156 | it('Should fail with an incorrect sort', async function () { | |
157 | await checkBadSortPagination(server.url, path, server.accessToken) | |
158 | }) | |
159 | }) | |
160 | ||
161 | describe('When blocking a server', function () { | |
162 | it('Should fail with an unauthenticated user', async function () { | |
163 | await makePostBodyRequest({ | |
164 | url: server.url, | |
165 | path, | |
166 | fields: { host: 'localhost:9002' }, | |
167 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
168 | }) | |
169 | }) | |
170 | ||
171 | it('Should succeed with an unknown server', async function () { | |
172 | await makePostBodyRequest({ | |
173 | url: server.url, | |
174 | token: server.accessToken, | |
175 | path, | |
176 | fields: { host: 'localhost:9003' }, | |
177 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
178 | }) | |
179 | }) | |
180 | ||
181 | it('Should fail with our own server', async function () { | |
182 | await makePostBodyRequest({ | |
183 | url: server.url, | |
184 | token: server.accessToken, | |
185 | path, | |
186 | fields: { host: 'localhost:' + server.port }, | |
187 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
188 | }) | |
189 | }) | |
190 | ||
191 | it('Should succeed with the correct params', async function () { | |
192 | await makePostBodyRequest({ | |
193 | url: server.url, | |
194 | token: server.accessToken, | |
195 | path, | |
196 | fields: { host: 'localhost:' + servers[1].port }, | |
197 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
198 | }) | |
199 | }) | |
200 | }) | |
201 | ||
202 | describe('When unblocking a server', function () { | |
203 | it('Should fail with an unauthenticated user', async function () { | |
204 | await makeDeleteRequest({ | |
205 | url: server.url, | |
206 | path: path + '/localhost:' + servers[1].port, | |
207 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
208 | }) | |
209 | }) | |
210 | ||
211 | it('Should fail with an unknown server block', async function () { | |
212 | await makeDeleteRequest({ | |
213 | url: server.url, | |
214 | path: path + '/localhost:9004', | |
215 | token: server.accessToken, | |
216 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
217 | }) | |
218 | }) | |
219 | ||
220 | it('Should succeed with the correct params', async function () { | |
221 | await makeDeleteRequest({ | |
222 | url: server.url, | |
223 | path: path + '/localhost:' + servers[1].port, | |
224 | token: server.accessToken, | |
225 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
226 | }) | |
227 | }) | |
228 | }) | |
229 | }) | |
230 | }) | |
231 | ||
232 | describe('When managing server blocklist', function () { | |
233 | ||
234 | describe('When managing server accounts blocklist', function () { | |
235 | const path = '/api/v1/server/blocklist/accounts' | |
236 | ||
237 | describe('When listing blocked accounts', function () { | |
238 | it('Should fail with an unauthenticated user', async function () { | |
239 | await makeGetRequest({ | |
240 | url: server.url, | |
241 | path, | |
242 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
243 | }) | |
244 | }) | |
245 | ||
246 | it('Should fail with a user without the appropriate rights', async function () { | |
247 | await makeGetRequest({ | |
248 | url: server.url, | |
249 | token: userAccessToken, | |
250 | path, | |
251 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
252 | }) | |
253 | }) | |
254 | ||
255 | it('Should fail with a bad start pagination', async function () { | |
256 | await checkBadStartPagination(server.url, path, server.accessToken) | |
257 | }) | |
258 | ||
259 | it('Should fail with a bad count pagination', async function () { | |
260 | await checkBadCountPagination(server.url, path, server.accessToken) | |
261 | }) | |
262 | ||
263 | it('Should fail with an incorrect sort', async function () { | |
264 | await checkBadSortPagination(server.url, path, server.accessToken) | |
265 | }) | |
266 | }) | |
267 | ||
268 | describe('When blocking an account', function () { | |
269 | it('Should fail with an unauthenticated user', async function () { | |
270 | await makePostBodyRequest({ | |
271 | url: server.url, | |
272 | path, | |
273 | fields: { accountName: 'user1' }, | |
274 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
275 | }) | |
276 | }) | |
277 | ||
278 | it('Should fail with a user without the appropriate rights', async function () { | |
279 | await makePostBodyRequest({ | |
280 | url: server.url, | |
281 | token: userAccessToken, | |
282 | path, | |
283 | fields: { accountName: 'user1' }, | |
284 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
285 | }) | |
286 | }) | |
287 | ||
288 | it('Should fail with an unknown account', async function () { | |
289 | await makePostBodyRequest({ | |
290 | url: server.url, | |
291 | token: server.accessToken, | |
292 | path, | |
293 | fields: { accountName: 'user2' }, | |
294 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
295 | }) | |
296 | }) | |
297 | ||
298 | it('Should fail to block ourselves', async function () { | |
299 | await makePostBodyRequest({ | |
300 | url: server.url, | |
301 | token: server.accessToken, | |
302 | path, | |
303 | fields: { accountName: 'root' }, | |
304 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
305 | }) | |
306 | }) | |
307 | ||
308 | it('Should succeed with the correct params', async function () { | |
309 | await makePostBodyRequest({ | |
310 | url: server.url, | |
311 | token: server.accessToken, | |
312 | path, | |
313 | fields: { accountName: 'user1' }, | |
314 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
315 | }) | |
316 | }) | |
317 | }) | |
318 | ||
319 | describe('When unblocking an account', function () { | |
320 | it('Should fail with an unauthenticated user', async function () { | |
321 | await makeDeleteRequest({ | |
322 | url: server.url, | |
323 | path: path + '/user1', | |
324 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
325 | }) | |
326 | }) | |
327 | ||
328 | it('Should fail with a user without the appropriate rights', async function () { | |
329 | await makeDeleteRequest({ | |
330 | url: server.url, | |
331 | path: path + '/user1', | |
332 | token: userAccessToken, | |
333 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
334 | }) | |
335 | }) | |
336 | ||
337 | it('Should fail with an unknown account block', async function () { | |
338 | await makeDeleteRequest({ | |
339 | url: server.url, | |
340 | path: path + '/user2', | |
341 | token: server.accessToken, | |
342 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
343 | }) | |
344 | }) | |
345 | ||
346 | it('Should succeed with the correct params', async function () { | |
347 | await makeDeleteRequest({ | |
348 | url: server.url, | |
349 | path: path + '/user1', | |
350 | token: server.accessToken, | |
351 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
352 | }) | |
353 | }) | |
354 | }) | |
355 | }) | |
356 | ||
357 | describe('When managing server servers blocklist', function () { | |
358 | const path = '/api/v1/server/blocklist/servers' | |
359 | ||
360 | describe('When listing blocked servers', function () { | |
361 | it('Should fail with an unauthenticated user', async function () { | |
362 | await makeGetRequest({ | |
363 | url: server.url, | |
364 | path, | |
365 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
366 | }) | |
367 | }) | |
368 | ||
369 | it('Should fail with a user without the appropriate rights', async function () { | |
370 | await makeGetRequest({ | |
371 | url: server.url, | |
372 | token: userAccessToken, | |
373 | path, | |
374 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
375 | }) | |
376 | }) | |
377 | ||
378 | it('Should fail with a bad start pagination', async function () { | |
379 | await checkBadStartPagination(server.url, path, server.accessToken) | |
380 | }) | |
381 | ||
382 | it('Should fail with a bad count pagination', async function () { | |
383 | await checkBadCountPagination(server.url, path, server.accessToken) | |
384 | }) | |
385 | ||
386 | it('Should fail with an incorrect sort', async function () { | |
387 | await checkBadSortPagination(server.url, path, server.accessToken) | |
388 | }) | |
389 | }) | |
390 | ||
391 | describe('When blocking a server', function () { | |
392 | it('Should fail with an unauthenticated user', async function () { | |
393 | await makePostBodyRequest({ | |
394 | url: server.url, | |
395 | path, | |
396 | fields: { host: 'localhost:' + servers[1].port }, | |
397 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
398 | }) | |
399 | }) | |
400 | ||
401 | it('Should fail with a user without the appropriate rights', async function () { | |
402 | await makePostBodyRequest({ | |
403 | url: server.url, | |
404 | token: userAccessToken, | |
405 | path, | |
406 | fields: { host: 'localhost:' + servers[1].port }, | |
407 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
408 | }) | |
409 | }) | |
410 | ||
411 | it('Should succeed with an unknown server', async function () { | |
412 | await makePostBodyRequest({ | |
413 | url: server.url, | |
414 | token: server.accessToken, | |
415 | path, | |
416 | fields: { host: 'localhost:9003' }, | |
417 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
418 | }) | |
419 | }) | |
420 | ||
421 | it('Should fail with our own server', async function () { | |
422 | await makePostBodyRequest({ | |
423 | url: server.url, | |
424 | token: server.accessToken, | |
425 | path, | |
426 | fields: { host: 'localhost:' + server.port }, | |
427 | expectedStatus: HttpStatusCode.CONFLICT_409 | |
428 | }) | |
429 | }) | |
430 | ||
431 | it('Should succeed with the correct params', async function () { | |
432 | await makePostBodyRequest({ | |
433 | url: server.url, | |
434 | token: server.accessToken, | |
435 | path, | |
436 | fields: { host: 'localhost:' + servers[1].port }, | |
437 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
438 | }) | |
439 | }) | |
440 | }) | |
441 | ||
442 | describe('When unblocking a server', function () { | |
443 | it('Should fail with an unauthenticated user', async function () { | |
444 | await makeDeleteRequest({ | |
445 | url: server.url, | |
446 | path: path + '/localhost:' + servers[1].port, | |
447 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
448 | }) | |
449 | }) | |
450 | ||
451 | it('Should fail with a user without the appropriate rights', async function () { | |
452 | await makeDeleteRequest({ | |
453 | url: server.url, | |
454 | path: path + '/localhost:' + servers[1].port, | |
455 | token: userAccessToken, | |
456 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
457 | }) | |
458 | }) | |
459 | ||
460 | it('Should fail with an unknown server block', async function () { | |
461 | await makeDeleteRequest({ | |
462 | url: server.url, | |
463 | path: path + '/localhost:9004', | |
464 | token: server.accessToken, | |
465 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
466 | }) | |
467 | }) | |
468 | ||
469 | it('Should succeed with the correct params', async function () { | |
470 | await makeDeleteRequest({ | |
471 | url: server.url, | |
472 | path: path + '/localhost:' + servers[1].port, | |
473 | token: server.accessToken, | |
474 | expectedStatus: HttpStatusCode.NO_CONTENT_204 | |
475 | }) | |
476 | }) | |
477 | }) | |
478 | }) | |
479 | }) | |
480 | ||
481 | describe('When getting blocklist status', function () { | |
482 | const path = '/api/v1/blocklist/status' | |
483 | ||
484 | it('Should fail with a bad token', async function () { | |
485 | await makeGetRequest({ | |
486 | url: server.url, | |
487 | path, | |
488 | token: 'false', | |
489 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
490 | }) | |
491 | }) | |
492 | ||
493 | it('Should fail with a bad accounts field', async function () { | |
494 | await makeGetRequest({ | |
495 | url: server.url, | |
496 | path, | |
497 | query: { | |
498 | accounts: 1 | |
499 | }, | |
500 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
501 | }) | |
502 | ||
503 | await makeGetRequest({ | |
504 | url: server.url, | |
505 | path, | |
506 | query: { | |
507 | accounts: [ 1 ] | |
508 | }, | |
509 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
510 | }) | |
511 | }) | |
512 | ||
513 | it('Should fail with a bad hosts field', async function () { | |
514 | await makeGetRequest({ | |
515 | url: server.url, | |
516 | path, | |
517 | query: { | |
518 | hosts: 1 | |
519 | }, | |
520 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
521 | }) | |
522 | ||
523 | await makeGetRequest({ | |
524 | url: server.url, | |
525 | path, | |
526 | query: { | |
527 | hosts: [ 1 ] | |
528 | }, | |
529 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
530 | }) | |
531 | }) | |
532 | ||
533 | it('Should succeed with the correct parameters', async function () { | |
534 | await makeGetRequest({ | |
535 | url: server.url, | |
536 | path, | |
537 | query: {}, | |
538 | expectedStatus: HttpStatusCode.OK_200 | |
539 | }) | |
540 | ||
541 | await makeGetRequest({ | |
542 | url: server.url, | |
543 | path, | |
544 | query: { | |
545 | hosts: [ 'example.com' ], | |
546 | accounts: [ 'john@example.com' ] | |
547 | }, | |
548 | expectedStatus: HttpStatusCode.OK_200 | |
549 | }) | |
550 | }) | |
551 | }) | |
552 | ||
553 | after(async function () { | |
554 | await cleanupTests(servers) | |
555 | }) | |
556 | }) |