server/tests/api/check-params/abuses.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { AbuseCreate, AbuseState } from '@shared/models'
   5 import {
   6   addAbuseMessage,
   7   cleanupTests,
   8   createUser,
   9   deleteAbuse,
  10   deleteAbuseMessage,
  11   doubleFollow,
  12   flushAndRunServer,
  13   generateUserAccessToken,
  14   getAdminAbusesList,
  15   getVideoIdFromUUID,
  16   listAbuseMessages,
  17   makeGetRequest,
  18   makePostBodyRequest,
  19   reportAbuse,
  20   ServerInfo,
  21   setAccessTokensToServers,
  22   updateAbuse,
  23   uploadVideo,
  24   userLogin,
  25   waitJobs
  26 } from '../../../../shared/extra-utils'
  27 import {
  28   checkBadCountPagination,
  29   checkBadSortPagination,
  30   checkBadStartPagination
  31 } from '../../../../shared/extra-utils/requests/check-api-params'
  32 import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
  33
  34 describe('Test abuses API validators', function () {
  35   const basePath = '/api/v1/abuses/'
  36
  37   let server: ServerInfo
  38
  39   let userAccessToken = ''
  40   let userAccessToken2 = ''
  41   let abuseId: number
  42   let messageId: number
  43
  44   // ---------------------------------------------------------------
  45
  46   before(async function () {
  47     this.timeout(30000)
  48
  49     server = await flushAndRunServer(1)
  50
  51     await setAccessTokensToServers([ server ])
  52
  53     const username = 'user1'
  54     const password = 'my super password'
  55     await createUser({ url: server.url, accessToken: server.accessToken, username: username, password: password })
  56     userAccessToken = await userLogin(server, { username, password })
  57
  58     {
  59       userAccessToken2 = await generateUserAccessToken(server, 'user_2')
  60     }
  61
  62     const res = await uploadVideo(server.url, server.accessToken, {})
  63     server.video = res.body.video
  64   })
  65
  66   describe('When listing abuses for admins', function () {
  67     const path = basePath
  68
  69     it('Should fail with a bad start pagination', async function () {
  70       await checkBadStartPagination(server.url, path, server.accessToken)
  71     })
  72
  73     it('Should fail with a bad count pagination', async function () {
  74       await checkBadCountPagination(server.url, path, server.accessToken)
  75     })
  76
  77     it('Should fail with an incorrect sort', async function () {
  78       await checkBadSortPagination(server.url, path, server.accessToken)
  79     })
  80
  81     it('Should fail with a non authenticated user', async function () {
  82       await makeGetRequest({
  83         url: server.url,
  84         path,
  85         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
  86       })
  87     })
  88
  89     it('Should fail with a non admin user', async function () {
  90       await makeGetRequest({
  91         url: server.url,
  92         path,
  93         token: userAccessToken,
  94         statusCodeExpected: HttpStatusCode.FORBIDDEN_403
  95       })
  96     })
  97
  98     it('Should fail with a bad id filter', async function () {
  99       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } })
 100     })
 101
 102     it('Should fail with a bad filter', async function () {
 103       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } })
 104       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } })
 105     })
 106
 107     it('Should fail with bad predefined reason', async function () {
 108       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } })
 109     })
 110
 111     it('Should fail with a bad state filter', async function () {
 112       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } })
 113       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } })
 114     })
 115
 116     it('Should fail with a bad videoIs filter', async function () {
 117       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } })
 118     })
 119
 120     it('Should succeed with the correct params', async function () {
 121       const query = {
 122         id: 13,
 123         predefinedReason: 'violentOrRepulsive',
 124         filter: 'comment',
 125         state: 2,
 126         videoIs: 'deleted'
 127       }
 128
 129       await makeGetRequest({ url: server.url, path, token: server.accessToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 130     })
 131   })
 132
 133   describe('When listing abuses for users', function () {
 134     const path = '/api/v1/users/me/abuses'
 135
 136     it('Should fail with a bad start pagination', async function () {
 137       await checkBadStartPagination(server.url, path, userAccessToken)
 138     })
 139
 140     it('Should fail with a bad count pagination', async function () {
 141       await checkBadCountPagination(server.url, path, userAccessToken)
 142     })
 143
 144     it('Should fail with an incorrect sort', async function () {
 145       await checkBadSortPagination(server.url, path, userAccessToken)
 146     })
 147
 148     it('Should fail with a non authenticated user', async function () {
 149       await makeGetRequest({
 150         url: server.url,
 151         path,
 152         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 153       })
 154     })
 155
 156     it('Should fail with a bad id filter', async function () {
 157       await makeGetRequest({ url: server.url, path, token: userAccessToken, query: { id: 'toto' } })
 158     })
 159
 160     it('Should fail with a bad state filter', async function () {
 161       await makeGetRequest({ url: server.url, path, token: userAccessToken, query: { state: 'toto' } })
 162       await makeGetRequest({ url: server.url, path, token: userAccessToken, query: { state: 0 } })
 163     })
 164
 165     it('Should succeed with the correct params', async function () {
 166       const query = {
 167         id: 13,
 168         state: 2
 169       }
 170
 171       await makeGetRequest({ url: server.url, path, token: userAccessToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 172     })
 173   })
 174
 175   describe('When reporting an abuse', function () {
 176     const path = basePath
 177
 178     it('Should fail with nothing', async function () {
 179       const fields = {}
 180       await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields })
 181     })
 182
 183     it('Should fail with a wrong video', async function () {
 184       const fields = { video: { id: 'blabla' }, reason: 'my super reason' }
 185       await makePostBodyRequest({ url: server.url, path: path, token: userAccessToken, fields })
 186     })
 187
 188     it('Should fail with an unknown video', async function () {
 189       const fields = { video: { id: 42 }, reason: 'my super reason' }
 190       await makePostBodyRequest({
 191         url: server.url,
 192         path,
 193         token: userAccessToken,
 194         fields,
 195         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 196       })
 197     })
 198
 199     it('Should fail with a wrong comment', async function () {
 200       const fields = { comment: { id: 'blabla' }, reason: 'my super reason' }
 201       await makePostBodyRequest({ url: server.url, path: path, token: userAccessToken, fields })
 202     })
 203
 204     it('Should fail with an unknown comment', async function () {
 205       const fields = { comment: { id: 42 }, reason: 'my super reason' }
 206       await makePostBodyRequest({
 207         url: server.url,
 208         path,
 209         token: userAccessToken,
 210         fields,
 211         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 212       })
 213     })
 214
 215     it('Should fail with a wrong account', async function () {
 216       const fields = { account: { id: 'blabla' }, reason: 'my super reason' }
 217       await makePostBodyRequest({ url: server.url, path: path, token: userAccessToken, fields })
 218     })
 219
 220     it('Should fail with an unknown account', async function () {
 221       const fields = { account: { id: 42 }, reason: 'my super reason' }
 222       await makePostBodyRequest({
 223         url: server.url,
 224         path,
 225         token: userAccessToken,
 226         fields,
 227         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 228       })
 229     })
 230
 231     it('Should fail with not account, comment or video', async function () {
 232       const fields = { reason: 'my super reason' }
 233       await makePostBodyRequest({
 234         url: server.url,
 235         path,
 236         token: userAccessToken,
 237         fields,
 238         statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
 239       })
 240     })
 241
 242     it('Should fail with a non authenticated user', async function () {
 243       const fields = { video: { id: server.video.id }, reason: 'my super reason' }
 244
 245       await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
 246     })
 247
 248     it('Should fail with a reason too short', async function () {
 249       const fields = { video: { id: server.video.id }, reason: 'h' }
 250
 251       await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields })
 252     })
 253
 254     it('Should fail with a too big reason', async function () {
 255       const fields = { video: { id: server.video.id }, reason: 'super'.repeat(605) }
 256
 257       await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields })
 258     })
 259
 260     it('Should succeed with the correct parameters (basic)', async function () {
 261       const fields: AbuseCreate = { video: { id: server.video.id }, reason: 'my super reason' }
 262
 263       const res = await makePostBodyRequest({
 264         url: server.url,
 265         path,
 266         token: userAccessToken,
 267         fields,
 268         statusCodeExpected: HttpStatusCode.OK_200
 269       })
 270       abuseId = res.body.abuse.id
 271     })
 272
 273     it('Should fail with a wrong predefined reason', async function () {
 274       const fields = { video: { id: server.video.id }, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] }
 275
 276       await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields })
 277     })
 278
 279     it('Should fail with negative timestamps', async function () {
 280       const fields = { video: { id: server.video.id, startAt: -1 }, reason: 'my super reason' }
 281
 282       await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields })
 283     })
 284
 285     it('Should fail mith misordered startAt/endAt', async function () {
 286       const fields = { video: { id: server.video.id, startAt: 5, endAt: 1 }, reason: 'my super reason' }
 287
 288       await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields })
 289     })
 290
 291     it('Should succeed with the corret parameters (advanced)', async function () {
 292       const fields: AbuseCreate = {
 293         video: {
 294           id: server.video.id,
 295           startAt: 1,
 296           endAt: 5
 297         },
 298         reason: 'my super reason',
 299         predefinedReasons: [ 'serverRules' ]
 300       }
 301
 302       await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields, statusCodeExpected: HttpStatusCode.OK_200 })
 303     })
 304   })
 305
 306   describe('When updating an abuse', function () {
 307
 308     it('Should fail with a non authenticated user', async function () {
 309       await updateAbuse(server.url, 'blabla', abuseId, {}, HttpStatusCode.UNAUTHORIZED_401)
 310     })
 311
 312     it('Should fail with a non admin user', async function () {
 313       await updateAbuse(server.url, userAccessToken, abuseId, {}, HttpStatusCode.FORBIDDEN_403)
 314     })
 315
 316     it('Should fail with a bad abuse id', async function () {
 317       await updateAbuse(server.url, server.accessToken, 45, {}, HttpStatusCode.NOT_FOUND_404)
 318     })
 319
 320     it('Should fail with a bad state', async function () {
 321       const body = { state: 5 }
 322       await updateAbuse(server.url, server.accessToken, abuseId, body, HttpStatusCode.BAD_REQUEST_400)
 323     })
 324
 325     it('Should fail with a bad moderation comment', async function () {
 326       const body = { moderationComment: 'b'.repeat(3001) }
 327       await updateAbuse(server.url, server.accessToken, abuseId, body, HttpStatusCode.BAD_REQUEST_400)
 328     })
 329
 330     it('Should succeed with the correct params', async function () {
 331       const body = { state: AbuseState.ACCEPTED }
 332       await updateAbuse(server.url, server.accessToken, abuseId, body)
 333     })
 334   })
 335
 336   describe('When creating an abuse message', function () {
 337     const message = 'my super message'
 338
 339     it('Should fail with an invalid abuse id', async function () {
 340       await addAbuseMessage(server.url, userAccessToken2, 888, message, HttpStatusCode.NOT_FOUND_404)
 341     })
 342
 343     it('Should fail with a non authenticated user', async function () {
 344       await addAbuseMessage(server.url, 'fake_token', abuseId, message, HttpStatusCode.UNAUTHORIZED_401)
 345     })
 346
 347     it('Should fail with an invalid logged in user', async function () {
 348       await addAbuseMessage(server.url, userAccessToken2, abuseId, message, HttpStatusCode.FORBIDDEN_403)
 349     })
 350
 351     it('Should fail with an invalid message', async function () {
 352       await addAbuseMessage(server.url, userAccessToken, abuseId, 'a'.repeat(5000), HttpStatusCode.BAD_REQUEST_400)
 353     })
 354
 355     it('Should suceed with the correct params', async function () {
 356       const res = await addAbuseMessage(server.url, userAccessToken, abuseId, message)
 357       messageId = res.body.abuseMessage.id
 358     })
 359   })
 360
 361   describe('When listing abuse messages', function () {
 362
 363     it('Should fail with an invalid abuse id', async function () {
 364       await listAbuseMessages(server.url, userAccessToken, 888, HttpStatusCode.NOT_FOUND_404)
 365     })
 366
 367     it('Should fail with a non authenticated user', async function () {
 368       await listAbuseMessages(server.url, 'fake_token', abuseId, HttpStatusCode.UNAUTHORIZED_401)
 369     })
 370
 371     it('Should fail with an invalid logged in user', async function () {
 372       await listAbuseMessages(server.url, userAccessToken2, abuseId, HttpStatusCode.FORBIDDEN_403)
 373     })
 374
 375     it('Should succeed with the correct params', async function () {
 376       await listAbuseMessages(server.url, userAccessToken, abuseId)
 377     })
 378   })
 379
 380   describe('When deleting an abuse message', function () {
 381
 382     it('Should fail with an invalid abuse id', async function () {
 383       await deleteAbuseMessage(server.url, userAccessToken, 888, messageId, HttpStatusCode.NOT_FOUND_404)
 384     })
 385
 386     it('Should fail with an invalid message id', async function () {
 387       await deleteAbuseMessage(server.url, userAccessToken, abuseId, 888, HttpStatusCode.NOT_FOUND_404)
 388     })
 389
 390     it('Should fail with a non authenticated user', async function () {
 391       await deleteAbuseMessage(server.url, 'fake_token', abuseId, messageId, HttpStatusCode.UNAUTHORIZED_401)
 392     })
 393
 394     it('Should fail with an invalid logged in user', async function () {
 395       await deleteAbuseMessage(server.url, userAccessToken2, abuseId, messageId, HttpStatusCode.FORBIDDEN_403)
 396     })
 397
 398     it('Should succeed with the correct params', async function () {
 399       await deleteAbuseMessage(server.url, userAccessToken, abuseId, messageId)
 400     })
 401   })
 402
 403   describe('When deleting a video abuse', function () {
 404
 405     it('Should fail with a non authenticated user', async function () {
 406       await deleteAbuse(server.url, 'blabla', abuseId, HttpStatusCode.UNAUTHORIZED_401)
 407     })
 408
 409     it('Should fail with a non admin user', async function () {
 410       await deleteAbuse(server.url, userAccessToken, abuseId, HttpStatusCode.FORBIDDEN_403)
 411     })
 412
 413     it('Should fail with a bad abuse id', async function () {
 414       await deleteAbuse(server.url, server.accessToken, 45, HttpStatusCode.NOT_FOUND_404)
 415     })
 416
 417     it('Should succeed with the correct params', async function () {
 418       await deleteAbuse(server.url, server.accessToken, abuseId)
 419     })
 420   })
 421
 422   describe('When trying to manage messages of a remote abuse', function () {
 423     let remoteAbuseId: number
 424     let anotherServer: ServerInfo
 425
 426     before(async function () {
 427       this.timeout(50000)
 428
 429       anotherServer = await flushAndRunServer(2)
 430       await setAccessTokensToServers([ anotherServer ])
 431
 432       await doubleFollow(anotherServer, server)
 433
 434       const server2VideoId = await getVideoIdFromUUID(anotherServer.url, server.video.uuid)
 435       await reportAbuse({
 436         url: anotherServer.url,
 437         token: anotherServer.accessToken,
 438         reason: 'remote server',
 439         videoId: server2VideoId
 440       })
 441
 442       await waitJobs([ server, anotherServer ])
 443
 444       const res = await getAdminAbusesList({ url: server.url, token: server.accessToken, sort: '-createdAt' })
 445       remoteAbuseId = res.body.data[0].id
 446     })
 447
 448     it('Should fail when listing abuse messages of a remote abuse', async function () {
 449       await listAbuseMessages(server.url, server.accessToken, remoteAbuseId, HttpStatusCode.BAD_REQUEST_400)
 450     })
 451
 452     it('Should fail when creating abuse message of a remote abuse', async function () {
 453       await addAbuseMessage(server.url, server.accessToken, remoteAbuseId, 'message', HttpStatusCode.BAD_REQUEST_400)
 454     })
 455
 456     after(async function () {
 457       await cleanupTests([ anotherServer ])
 458     })
 459   })
 460
 461   after(async function () {
 462     await cleanupTests([ server ])
 463   })
 464 })