server/tests/api/check-params/abuses.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { HttpStatusCode } from '@shared/core-utils'
   5 import {
   6   AbusesCommand,
   7   checkBadCountPagination,
   8   checkBadSortPagination,
   9   checkBadStartPagination,
  10   cleanupTests,
  11   createUser,
  12   doubleFollow,
  13   flushAndRunServer,
  14   generateUserAccessToken,
  15   getVideoIdFromUUID,
  16   makeGetRequest,
  17   makePostBodyRequest,
  18   ServerInfo,
  19   setAccessTokensToServers,
  20   uploadVideo,
  21   waitJobs
  22 } from '@shared/extra-utils'
  23 import { AbuseCreate, AbuseState } from '@shared/models'
  24
  25 describe('Test abuses API validators', function () {
  26   const basePath = '/api/v1/abuses/'
  27
  28   let server: ServerInfo
  29
  30   let userToken = ''
  31   let userToken2 = ''
  32   let abuseId: number
  33   let messageId: number
  34
  35   let command: AbusesCommand
  36
  37   // ---------------------------------------------------------------
  38
  39   before(async function () {
  40     this.timeout(30000)
  41
  42     server = await flushAndRunServer(1)
  43
  44     await setAccessTokensToServers([ server ])
  45
  46     const username = 'user1'
  47     const password = 'my super password'
  48     await createUser({ url: server.url, accessToken: server.accessToken, username: username, password: password })
  49     userToken = await server.loginCommand.getAccessToken({ username, password })
  50
  51     userToken2 = await generateUserAccessToken(server, 'user_2')
  52
  53     const res = await uploadVideo(server.url, server.accessToken, {})
  54     server.video = res.body.video
  55
  56     command = server.abusesCommand
  57   })
  58
  59   describe('When listing abuses for admins', function () {
  60     const path = basePath
  61
  62     it('Should fail with a bad start pagination', async function () {
  63       await checkBadStartPagination(server.url, path, server.accessToken)
  64     })
  65
  66     it('Should fail with a bad count pagination', async function () {
  67       await checkBadCountPagination(server.url, path, server.accessToken)
  68     })
  69
  70     it('Should fail with an incorrect sort', async function () {
  71       await checkBadSortPagination(server.url, path, server.accessToken)
  72     })
  73
  74     it('Should fail with a non authenticated user', async function () {
  75       await makeGetRequest({
  76         url: server.url,
  77         path,
  78         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
  79       })
  80     })
  81
  82     it('Should fail with a non admin user', async function () {
  83       await makeGetRequest({
  84         url: server.url,
  85         path,
  86         token: userToken,
  87         statusCodeExpected: HttpStatusCode.FORBIDDEN_403
  88       })
  89     })
  90
  91     it('Should fail with a bad id filter', async function () {
  92       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } })
  93     })
  94
  95     it('Should fail with a bad filter', async function () {
  96       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } })
  97       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } })
  98     })
  99
 100     it('Should fail with bad predefined reason', async function () {
 101       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } })
 102     })
 103
 104     it('Should fail with a bad state filter', async function () {
 105       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } })
 106       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } })
 107     })
 108
 109     it('Should fail with a bad videoIs filter', async function () {
 110       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } })
 111     })
 112
 113     it('Should succeed with the correct params', async function () {
 114       const query = {
 115         id: 13,
 116         predefinedReason: 'violentOrRepulsive',
 117         filter: 'comment',
 118         state: 2,
 119         videoIs: 'deleted'
 120       }
 121
 122       await makeGetRequest({ url: server.url, path, token: server.accessToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 123     })
 124   })
 125
 126   describe('When listing abuses for users', function () {
 127     const path = '/api/v1/users/me/abuses'
 128
 129     it('Should fail with a bad start pagination', async function () {
 130       await checkBadStartPagination(server.url, path, userToken)
 131     })
 132
 133     it('Should fail with a bad count pagination', async function () {
 134       await checkBadCountPagination(server.url, path, userToken)
 135     })
 136
 137     it('Should fail with an incorrect sort', async function () {
 138       await checkBadSortPagination(server.url, path, userToken)
 139     })
 140
 141     it('Should fail with a non authenticated user', async function () {
 142       await makeGetRequest({
 143         url: server.url,
 144         path,
 145         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 146       })
 147     })
 148
 149     it('Should fail with a bad id filter', async function () {
 150       await makeGetRequest({ url: server.url, path, token: userToken, query: { id: 'toto' } })
 151     })
 152
 153     it('Should fail with a bad state filter', async function () {
 154       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 'toto' } })
 155       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 0 } })
 156     })
 157
 158     it('Should succeed with the correct params', async function () {
 159       const query = {
 160         id: 13,
 161         state: 2
 162       }
 163
 164       await makeGetRequest({ url: server.url, path, token: userToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 165     })
 166   })
 167
 168   describe('When reporting an abuse', function () {
 169     const path = basePath
 170
 171     it('Should fail with nothing', async function () {
 172       const fields = {}
 173       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 174     })
 175
 176     it('Should fail with a wrong video', async function () {
 177       const fields = { video: { id: 'blabla' }, reason: 'my super reason' }
 178       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 179     })
 180
 181     it('Should fail with an unknown video', async function () {
 182       const fields = { video: { id: 42 }, reason: 'my super reason' }
 183       await makePostBodyRequest({
 184         url: server.url,
 185         path,
 186         token: userToken,
 187         fields,
 188         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 189       })
 190     })
 191
 192     it('Should fail with a wrong comment', async function () {
 193       const fields = { comment: { id: 'blabla' }, reason: 'my super reason' }
 194       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 195     })
 196
 197     it('Should fail with an unknown comment', async function () {
 198       const fields = { comment: { id: 42 }, reason: 'my super reason' }
 199       await makePostBodyRequest({
 200         url: server.url,
 201         path,
 202         token: userToken,
 203         fields,
 204         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 205       })
 206     })
 207
 208     it('Should fail with a wrong account', async function () {
 209       const fields = { account: { id: 'blabla' }, reason: 'my super reason' }
 210       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 211     })
 212
 213     it('Should fail with an unknown account', async function () {
 214       const fields = { account: { id: 42 }, reason: 'my super reason' }
 215       await makePostBodyRequest({
 216         url: server.url,
 217         path,
 218         token: userToken,
 219         fields,
 220         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 221       })
 222     })
 223
 224     it('Should fail with not account, comment or video', async function () {
 225       const fields = { reason: 'my super reason' }
 226       await makePostBodyRequest({
 227         url: server.url,
 228         path,
 229         token: userToken,
 230         fields,
 231         statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
 232       })
 233     })
 234
 235     it('Should fail with a non authenticated user', async function () {
 236       const fields = { video: { id: server.video.id }, reason: 'my super reason' }
 237
 238       await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
 239     })
 240
 241     it('Should fail with a reason too short', async function () {
 242       const fields = { video: { id: server.video.id }, reason: 'h' }
 243
 244       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 245     })
 246
 247     it('Should fail with a too big reason', async function () {
 248       const fields = { video: { id: server.video.id }, reason: 'super'.repeat(605) }
 249
 250       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 251     })
 252
 253     it('Should succeed with the correct parameters (basic)', async function () {
 254       const fields: AbuseCreate = { video: { id: server.video.shortUUID }, reason: 'my super reason' }
 255
 256       const res = await makePostBodyRequest({
 257         url: server.url,
 258         path,
 259         token: userToken,
 260         fields,
 261         statusCodeExpected: HttpStatusCode.OK_200
 262       })
 263       abuseId = res.body.abuse.id
 264     })
 265
 266     it('Should fail with a wrong predefined reason', async function () {
 267       const fields = { video: { id: server.video.id }, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] }
 268
 269       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 270     })
 271
 272     it('Should fail with negative timestamps', async function () {
 273       const fields = { video: { id: server.video.id, startAt: -1 }, reason: 'my super reason' }
 274
 275       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 276     })
 277
 278     it('Should fail mith misordered startAt/endAt', async function () {
 279       const fields = { video: { id: server.video.id, startAt: 5, endAt: 1 }, reason: 'my super reason' }
 280
 281       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 282     })
 283
 284     it('Should succeed with the corret parameters (advanced)', async function () {
 285       const fields: AbuseCreate = {
 286         video: {
 287           id: server.video.id,
 288           startAt: 1,
 289           endAt: 5
 290         },
 291         reason: 'my super reason',
 292         predefinedReasons: [ 'serverRules' ]
 293       }
 294
 295       await makePostBodyRequest({ url: server.url, path, token: userToken, fields, statusCodeExpected: HttpStatusCode.OK_200 })
 296     })
 297   })
 298
 299   describe('When updating an abuse', function () {
 300
 301     it('Should fail with a non authenticated user', async function () {
 302       await command.update({ token: 'blabla', abuseId, body: {}, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 303     })
 304
 305     it('Should fail with a non admin user', async function () {
 306       await command.update({ token: userToken, abuseId, body: {}, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 307     })
 308
 309     it('Should fail with a bad abuse id', async function () {
 310       await command.update({ abuseId: 45, body: {}, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 311     })
 312
 313     it('Should fail with a bad state', async function () {
 314       const body = { state: 5 }
 315       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 316     })
 317
 318     it('Should fail with a bad moderation comment', async function () {
 319       const body = { moderationComment: 'b'.repeat(3001) }
 320       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 321     })
 322
 323     it('Should succeed with the correct params', async function () {
 324       const body = { state: AbuseState.ACCEPTED }
 325       await command.update({ abuseId, body })
 326     })
 327   })
 328
 329   describe('When creating an abuse message', function () {
 330     const message = 'my super message'
 331
 332     it('Should fail with an invalid abuse id', async function () {
 333       await command.addMessage({ token: userToken2, abuseId: 888, message, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 334     })
 335
 336     it('Should fail with a non authenticated user', async function () {
 337       await command.addMessage({ token: 'fake_token', abuseId, message, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 338     })
 339
 340     it('Should fail with an invalid logged in user', async function () {
 341       await command.addMessage({ token: userToken2, abuseId, message, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 342     })
 343
 344     it('Should fail with an invalid message', async function () {
 345       await command.addMessage({ token: userToken, abuseId, message: 'a'.repeat(5000), expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 346     })
 347
 348     it('Should suceed with the correct params', async function () {
 349       const res = await command.addMessage({ token: userToken, abuseId, message })
 350       messageId = res.body.abuseMessage.id
 351     })
 352   })
 353
 354   describe('When listing abuse messages', function () {
 355
 356     it('Should fail with an invalid abuse id', async function () {
 357       await command.listMessages({ token: userToken, abuseId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 358     })
 359
 360     it('Should fail with a non authenticated user', async function () {
 361       await command.listMessages({ token: 'fake_token', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 362     })
 363
 364     it('Should fail with an invalid logged in user', async function () {
 365       await command.listMessages({ token: userToken2, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 366     })
 367
 368     it('Should succeed with the correct params', async function () {
 369       await command.listMessages({ token: userToken, abuseId })
 370     })
 371   })
 372
 373   describe('When deleting an abuse message', function () {
 374     it('Should fail with an invalid abuse id', async function () {
 375       await command.deleteMessage({ token: userToken, abuseId: 888, messageId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 376     })
 377
 378     it('Should fail with an invalid message id', async function () {
 379       await command.deleteMessage({ token: userToken, abuseId, messageId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 380     })
 381
 382     it('Should fail with a non authenticated user', async function () {
 383       await command.deleteMessage({ token: 'fake_token', abuseId, messageId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 384     })
 385
 386     it('Should fail with an invalid logged in user', async function () {
 387       await command.deleteMessage({ token: userToken2, abuseId, messageId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 388     })
 389
 390     it('Should succeed with the correct params', async function () {
 391       await command.deleteMessage({ token: userToken, abuseId, messageId })
 392     })
 393   })
 394
 395   describe('When deleting a video abuse', function () {
 396
 397     it('Should fail with a non authenticated user', async function () {
 398       await command.delete({ token: 'blabla', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 399     })
 400
 401     it('Should fail with a non admin user', async function () {
 402       await command.delete({ token: userToken, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 403     })
 404
 405     it('Should fail with a bad abuse id', async function () {
 406       await command.delete({ abuseId: 45, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 407     })
 408
 409     it('Should succeed with the correct params', async function () {
 410       await command.delete({ abuseId })
 411     })
 412   })
 413
 414   describe('When trying to manage messages of a remote abuse', function () {
 415     let remoteAbuseId: number
 416     let anotherServer: ServerInfo
 417
 418     before(async function () {
 419       this.timeout(50000)
 420
 421       anotherServer = await flushAndRunServer(2)
 422       await setAccessTokensToServers([ anotherServer ])
 423
 424       await doubleFollow(anotherServer, server)
 425
 426       const server2VideoId = await getVideoIdFromUUID(anotherServer.url, server.video.uuid)
 427       await anotherServer.abusesCommand.report({ reason: 'remote server', videoId: server2VideoId })
 428
 429       await waitJobs([ server, anotherServer ])
 430
 431       const body = await command.getAdminList({ sort: '-createdAt' })
 432       remoteAbuseId = body.data[0].id
 433     })
 434
 435     it('Should fail when listing abuse messages of a remote abuse', async function () {
 436       await command.listMessages({ abuseId: remoteAbuseId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 437     })
 438
 439     it('Should fail when creating abuse message of a remote abuse', async function () {
 440       await command.addMessage({ abuseId: remoteAbuseId, message: 'message', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 441     })
 442
 443     after(async function () {
 444       await cleanupTests([ anotherServer ])
 445     })
 446   })
 447
 448   after(async function () {
 449     await cleanupTests([ server ])
 450   })
 451 })