[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / video-blacklist.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import { expect } from 'chai'
import { HttpStatusCode } from '@shared/core-utils'
import {
  BlacklistCommand,
  checkBadCountPagination,
  checkBadSortPagination,
  checkBadStartPagination,
  cleanupTests,
  doubleFollow,
  flushAndRunMultipleServers,
  getVideo,
  getVideoWithToken,
  makePostBodyRequest,
  makePutBodyRequest,
  ServerInfo,
  setAccessTokensToServers,
  uploadVideo,
  waitJobs
} from '@shared/extra-utils'
import { VideoBlacklistType, VideoDetails } from '@shared/models'

describe('Test video blacklist API validators', function () {
  let servers: ServerInfo[]
  let notBlacklistedVideoId: number
  let remoteVideoUUID: string
  let userAccessToken1 = ''
  let userAccessToken2 = ''
  let command: BlacklistCommand

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(120000)

    servers = await flushAndRunMultipleServers(2)

    await setAccessTokensToServers(servers)
    await doubleFollow(servers[0], servers[1])

    {
      const username = 'user1'
      const password = 'my super password'
      await servers[0].usersCommand.create({ username: username, password: password })
      userAccessToken1 = await servers[0].loginCommand.getAccessToken({ username, password })
    }

    {
      const username = 'user2'
      const password = 'my super password'
      await servers[0].usersCommand.create({ username: username, password: password })
      userAccessToken2 = await servers[0].loginCommand.getAccessToken({ username, password })
    }

    {
      const res = await uploadVideo(servers[0].url, userAccessToken1, {})
      servers[0].video = res.body.video
    }

    {
      const res = await uploadVideo(servers[0].url, servers[0].accessToken, {})
      notBlacklistedVideoId = res.body.video.uuid
    }

    {
      const res = await uploadVideo(servers[1].url, servers[1].accessToken, {})
      remoteVideoUUID = res.body.video.uuid
    }

    await waitJobs(servers)

    command = servers[0].blacklistCommand
  })

  describe('When adding a video in blacklist', function () {
    const basePath = '/api/v1/videos/'

    it('Should fail with nothing', async function () {
      const path = basePath + servers[0].video + '/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should fail with a wrong video', async function () {
      const wrongPath = '/api/v1/videos/blabla/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
    })

    it('Should fail with a non authenticated user', async function () {
      const path = basePath + servers[0].video + '/blacklist'
      const fields = {}
      await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      const path = basePath + servers[0].video + '/blacklist'
      const fields = {}
      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: userAccessToken2,
        fields,
        statusCodeExpected: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an invalid reason', async function () {
      const path = basePath + servers[0].video.uuid + '/blacklist'
      const fields = { reason: 'a'.repeat(305) }

      await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should fail to unfederate a remote video', async function () {
      const path = basePath + remoteVideoUUID + '/blacklist'
      const fields = { unfederate: true }

      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        statusCodeExpected: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should succeed with the correct params', async function () {
      const path = basePath + servers[0].video.uuid + '/blacklist'
      const fields = {}

      await makePostBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        statusCodeExpected: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When updating a video in blacklist', function () {
    const basePath = '/api/v1/videos/'

    it('Should fail with a wrong video', async function () {
      const wrongPath = '/api/v1/videos/blabla/blacklist'
      const fields = {}
      await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
    })

    it('Should fail with a video not blacklisted', async function () {
      const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
      const fields = {}
      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        statusCodeExpected: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a non authenticated user', async function () {
      const path = basePath + servers[0].video + '/blacklist'
      const fields = {}
      await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      const path = basePath + servers[0].video + '/blacklist'
      const fields = {}
      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: userAccessToken2,
        fields,
        statusCodeExpected: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an invalid reason', async function () {
      const path = basePath + servers[0].video.uuid + '/blacklist'
      const fields = { reason: 'a'.repeat(305) }

      await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
    })

    it('Should succeed with the correct params', async function () {
      const path = basePath + servers[0].video.shortUUID + '/blacklist'
      const fields = { reason: 'hello' }

      await makePutBodyRequest({
        url: servers[0].url,
        path,
        token: servers[0].accessToken,
        fields,
        statusCodeExpected: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When getting blacklisted video', function () {

    it('Should fail with a non authenticated user', async function () {
      await getVideo(servers[0].url, servers[0].video.uuid, HttpStatusCode.UNAUTHORIZED_401)
    })

    it('Should fail with another user', async function () {
      await getVideoWithToken(servers[0].url, userAccessToken2, servers[0].video.uuid, HttpStatusCode.FORBIDDEN_403)
    })

    it('Should succeed with the owner authenticated user', async function () {
      const res = await getVideoWithToken(servers[0].url, userAccessToken1, servers[0].video.uuid, HttpStatusCode.OK_200)
      const video: VideoDetails = res.body

      expect(video.blacklisted).to.be.true
    })

    it('Should succeed with an admin', async function () {
      const video = servers[0].video

      for (const id of [ video.id, video.uuid, video.shortUUID ]) {
        const res = await getVideoWithToken(servers[0].url, servers[0].accessToken, id, HttpStatusCode.OK_200)
        const video: VideoDetails = res.body

        expect(video.blacklisted).to.be.true
      }
    })
  })

  describe('When removing a video in blacklist', function () {

    it('Should fail with a non authenticated user', async function () {
      await command.remove({ token: 'fake token', videoId: servers[0].video.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      await command.remove({ token: userAccessToken2, videoId: servers[0].video.uuid, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

    it('Should fail with an incorrect id', async function () {
      await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    })

    it('Should fail with a not blacklisted video', async function () {
      // The video was not added to the blacklist so it should fail
      await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should succeed with the correct params', async function () {
      await command.remove({ videoId: servers[0].video.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })
  })

  describe('When listing videos in blacklist', function () {
    const basePath = '/api/v1/videos/blacklist/'

    it('Should fail with a non authenticated user', async function () {
      await servers[0].blacklistCommand.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with a non admin user', async function () {
      await servers[0].blacklistCommand.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
    })

    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
    })

    it('Should fail with an invalid type', async function () {
      await servers[0].blacklistCommand.list({ type: 0, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    })

    it('Should succeed with the correct parameters', async function () {
      await servers[0].blacklistCommand.list({ type: VideoBlacklistType.MANUAL })
    })
  })

  after(async function () {
    await cleanupTests(servers)
  })
})
Commit	Line	Data
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import 'mocha'
	4	import { expect } from 'chai'
	5	import { HttpStatusCode } from '@shared/core-utils'
	6	import {
	7	BlacklistCommand,
	8	checkBadCountPagination,
	9	checkBadSortPagination,
	10	checkBadStartPagination,
	11	cleanupTests,
	12	doubleFollow,
	13	flushAndRunMultipleServers,
	14	getVideo,
	15	getVideoWithToken,
	16	makePostBodyRequest,
	17	makePutBodyRequest,
	18	ServerInfo,
	19	setAccessTokensToServers,
	20	uploadVideo,
	21	waitJobs
	22	} from '@shared/extra-utils'
	23	import { VideoBlacklistType, VideoDetails } from '@shared/models'
	24
	25	describe('Test video blacklist API validators', function () {
	26	let servers: ServerInfo[]
	27	let notBlacklistedVideoId: number
	28	let remoteVideoUUID: string
	29	let userAccessToken1 = ''
	30	let userAccessToken2 = ''
	31	let command: BlacklistCommand
	32
	33	// ---------------------------------------------------------------
	34
	35	before(async function () {
	36	this.timeout(120000)
	37
	38	servers = await flushAndRunMultipleServers(2)
	39
	40	await setAccessTokensToServers(servers)
	41	await doubleFollow(servers[0], servers[1])
	42
	43	{
	44	const username = 'user1'
	45	const password = 'my super password'
	46	await servers[0].usersCommand.create({ username: username, password: password })
	47	userAccessToken1 = await servers[0].loginCommand.getAccessToken({ username, password })
	48	}
	49
	50	{
	51	const username = 'user2'
	52	const password = 'my super password'
	53	await servers[0].usersCommand.create({ username: username, password: password })
	54	userAccessToken2 = await servers[0].loginCommand.getAccessToken({ username, password })
	55	}
	56
	57	{
	58	const res = await uploadVideo(servers[0].url, userAccessToken1, {})
	59	servers[0].video = res.body.video
	60	}
	61
	62	{
	63	const res = await uploadVideo(servers[0].url, servers[0].accessToken, {})
	64	notBlacklistedVideoId = res.body.video.uuid
	65	}
	66
	67	{
	68	const res = await uploadVideo(servers[1].url, servers[1].accessToken, {})
	69	remoteVideoUUID = res.body.video.uuid
	70	}
	71
	72	await waitJobs(servers)
	73
	74	command = servers[0].blacklistCommand
	75	})
	76
	77	describe('When adding a video in blacklist', function () {
	78	const basePath = '/api/v1/videos/'
	79
	80	it('Should fail with nothing', async function () {
	81	const path = basePath + servers[0].video + '/blacklist'
	82	const fields = {}
	83	await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
	84	})
	85
	86	it('Should fail with a wrong video', async function () {
	87	const wrongPath = '/api/v1/videos/blabla/blacklist'
	88	const fields = {}
	89	await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
	90	})
	91
	92	it('Should fail with a non authenticated user', async function () {
	93	const path = basePath + servers[0].video + '/blacklist'
	94	const fields = {}
	95	await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
	96	})
	97
	98	it('Should fail with a non admin user', async function () {
	99	const path = basePath + servers[0].video + '/blacklist'
	100	const fields = {}
	101	await makePostBodyRequest({
	102	url: servers[0].url,
	103	path,
	104	token: userAccessToken2,
	105	fields,
	106	statusCodeExpected: HttpStatusCode.FORBIDDEN_403
	107	})
	108	})
	109
	110	it('Should fail with an invalid reason', async function () {
	111	const path = basePath + servers[0].video.uuid + '/blacklist'
	112	const fields = { reason: 'a'.repeat(305) }
	113
	114	await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
	115	})
	116
	117	it('Should fail to unfederate a remote video', async function () {
	118	const path = basePath + remoteVideoUUID + '/blacklist'
	119	const fields = { unfederate: true }
	120
	121	await makePostBodyRequest({
	122	url: servers[0].url,
	123	path,
	124	token: servers[0].accessToken,
	125	fields,
	126	statusCodeExpected: HttpStatusCode.CONFLICT_409
	127	})
	128	})
	129
	130	it('Should succeed with the correct params', async function () {
	131	const path = basePath + servers[0].video.uuid + '/blacklist'
	132	const fields = {}
	133
	134	await makePostBodyRequest({
	135	url: servers[0].url,
	136	path,
	137	token: servers[0].accessToken,
	138	fields,
	139	statusCodeExpected: HttpStatusCode.NO_CONTENT_204
	140	})
	141	})
	142	})
	143
	144	describe('When updating a video in blacklist', function () {
	145	const basePath = '/api/v1/videos/'
	146
	147	it('Should fail with a wrong video', async function () {
	148	const wrongPath = '/api/v1/videos/blabla/blacklist'
	149	const fields = {}
	150	await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
	151	})
	152
	153	it('Should fail with a video not blacklisted', async function () {
	154	const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
	155	const fields = {}
	156	await makePutBodyRequest({
	157	url: servers[0].url,
	158	path,
	159	token: servers[0].accessToken,
	160	fields,
	161	statusCodeExpected: HttpStatusCode.NOT_FOUND_404
	162	})
	163	})
	164
	165	it('Should fail with a non authenticated user', async function () {
	166	const path = basePath + servers[0].video + '/blacklist'
	167	const fields = {}
	168	await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
	169	})
	170
	171	it('Should fail with a non admin user', async function () {
	172	const path = basePath + servers[0].video + '/blacklist'
	173	const fields = {}
	174	await makePutBodyRequest({
	175	url: servers[0].url,
	176	path,
	177	token: userAccessToken2,
	178	fields,
	179	statusCodeExpected: HttpStatusCode.FORBIDDEN_403
	180	})
	181	})
	182
	183	it('Should fail with an invalid reason', async function () {
	184	const path = basePath + servers[0].video.uuid + '/blacklist'
	185	const fields = { reason: 'a'.repeat(305) }
	186
	187	await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
	188	})
	189
	190	it('Should succeed with the correct params', async function () {
	191	const path = basePath + servers[0].video.shortUUID + '/blacklist'
	192	const fields = { reason: 'hello' }
	193
	194	await makePutBodyRequest({
	195	url: servers[0].url,
	196	path,
	197	token: servers[0].accessToken,
	198	fields,
	199	statusCodeExpected: HttpStatusCode.NO_CONTENT_204
	200	})
	201	})
	202	})
	203
	204	describe('When getting blacklisted video', function () {
	205
	206	it('Should fail with a non authenticated user', async function () {
	207	await getVideo(servers[0].url, servers[0].video.uuid, HttpStatusCode.UNAUTHORIZED_401)
	208	})
	209
	210	it('Should fail with another user', async function () {
	211	await getVideoWithToken(servers[0].url, userAccessToken2, servers[0].video.uuid, HttpStatusCode.FORBIDDEN_403)
	212	})
	213
	214	it('Should succeed with the owner authenticated user', async function () {
	215	const res = await getVideoWithToken(servers[0].url, userAccessToken1, servers[0].video.uuid, HttpStatusCode.OK_200)
	216	const video: VideoDetails = res.body
	217
	218	expect(video.blacklisted).to.be.true
	219	})
	220
	221	it('Should succeed with an admin', async function () {
	222	const video = servers[0].video
	223
	224	for (const id of [ video.id, video.uuid, video.shortUUID ]) {
	225	const res = await getVideoWithToken(servers[0].url, servers[0].accessToken, id, HttpStatusCode.OK_200)
	226	const video: VideoDetails = res.body
	227
	228	expect(video.blacklisted).to.be.true
	229	}
	230	})
	231	})
	232
	233	describe('When removing a video in blacklist', function () {
	234
	235	it('Should fail with a non authenticated user', async function () {
	236	await command.remove({ token: 'fake token', videoId: servers[0].video.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	237	})
	238
	239	it('Should fail with a non admin user', async function () {
	240	await command.remove({ token: userAccessToken2, videoId: servers[0].video.uuid, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
	241	})
	242
	243	it('Should fail with an incorrect id', async function () {
	244	await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	245	})
	246
	247	it('Should fail with a not blacklisted video', async function () {
	248	// The video was not added to the blacklist so it should fail
	249	await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
	250	})
	251
	252	it('Should succeed with the correct params', async function () {
	253	await command.remove({ videoId: servers[0].video.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
	254	})
	255	})
	256
	257	describe('When listing videos in blacklist', function () {
	258	const basePath = '/api/v1/videos/blacklist/'
	259
	260	it('Should fail with a non authenticated user', async function () {
	261	await servers[0].blacklistCommand.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	262	})
	263
	264	it('Should fail with a non admin user', async function () {
	265	await servers[0].blacklistCommand.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
	266	})
	267
	268	it('Should fail with a bad start pagination', async function () {
	269	await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
	270	})
	271
	272	it('Should fail with a bad count pagination', async function () {
	273	await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
	274	})
	275
	276	it('Should fail with an incorrect sort', async function () {
	277	await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
	278	})
	279
	280	it('Should fail with an invalid type', async function () {
	281	await servers[0].blacklistCommand.list({ type: 0, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	282	})
	283
	284	it('Should succeed with the correct parameters', async function () {
	285	await servers[0].blacklistCommand.list({ type: VideoBlacklistType.MANUAL })
	286	})
	287	})
	288
	289	after(async function () {
	290	await cleanupTests(servers)
	291	})
	292	})