server/tests/api/check-params/abuses.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
   4 import { AbuseCreate, AbuseState, HttpStatusCode } from '@shared/models'
   5 import {
   6   AbusesCommand,
   7   cleanupTests,
   8   createSingleServer,
   9   doubleFollow,
  10   makeGetRequest,
  11   makePostBodyRequest,
  12   PeerTubeServer,
  13   setAccessTokensToServers,
  14   waitJobs
  15 } from '@shared/server-commands'
  16
  17 describe('Test abuses API validators', function () {
  18   const basePath = '/api/v1/abuses/'
  19
  20   let server: PeerTubeServer
  21
  22   let userToken = ''
  23   let userToken2 = ''
  24   let abuseId: number
  25   let messageId: number
  26
  27   let command: AbusesCommand
  28
  29   // ---------------------------------------------------------------
  30
  31   before(async function () {
  32     this.timeout(30000)
  33
  34     server = await createSingleServer(1)
  35
  36     await setAccessTokensToServers([ server ])
  37
  38     userToken = await server.users.generateUserAndToken('user_1')
  39     userToken2 = await server.users.generateUserAndToken('user_2')
  40
  41     server.store.videoCreated = await server.videos.upload()
  42
  43     command = server.abuses
  44   })
  45
  46   describe('When listing abuses for admins', function () {
  47     const path = basePath
  48
  49     it('Should fail with a bad start pagination', async function () {
  50       await checkBadStartPagination(server.url, path, server.accessToken)
  51     })
  52
  53     it('Should fail with a bad count pagination', async function () {
  54       await checkBadCountPagination(server.url, path, server.accessToken)
  55     })
  56
  57     it('Should fail with an incorrect sort', async function () {
  58       await checkBadSortPagination(server.url, path, server.accessToken)
  59     })
  60
  61     it('Should fail with a non authenticated user', async function () {
  62       await makeGetRequest({
  63         url: server.url,
  64         path,
  65         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
  66       })
  67     })
  68
  69     it('Should fail with a non admin user', async function () {
  70       await makeGetRequest({
  71         url: server.url,
  72         path,
  73         token: userToken,
  74         expectedStatus: HttpStatusCode.FORBIDDEN_403
  75       })
  76     })
  77
  78     it('Should fail with a bad id filter', async function () {
  79       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } })
  80     })
  81
  82     it('Should fail with a bad filter', async function () {
  83       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } })
  84       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } })
  85     })
  86
  87     it('Should fail with bad predefined reason', async function () {
  88       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } })
  89     })
  90
  91     it('Should fail with a bad state filter', async function () {
  92       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } })
  93       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } })
  94     })
  95
  96     it('Should fail with a bad videoIs filter', async function () {
  97       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } })
  98     })
  99
 100     it('Should succeed with the correct params', async function () {
 101       const query = {
 102         id: 13,
 103         predefinedReason: 'violentOrRepulsive',
 104         filter: 'comment',
 105         state: 2,
 106         videoIs: 'deleted'
 107       }
 108
 109       await makeGetRequest({ url: server.url, path, token: server.accessToken, query, expectedStatus: HttpStatusCode.OK_200 })
 110     })
 111   })
 112
 113   describe('When listing abuses for users', function () {
 114     const path = '/api/v1/users/me/abuses'
 115
 116     it('Should fail with a bad start pagination', async function () {
 117       await checkBadStartPagination(server.url, path, userToken)
 118     })
 119
 120     it('Should fail with a bad count pagination', async function () {
 121       await checkBadCountPagination(server.url, path, userToken)
 122     })
 123
 124     it('Should fail with an incorrect sort', async function () {
 125       await checkBadSortPagination(server.url, path, userToken)
 126     })
 127
 128     it('Should fail with a non authenticated user', async function () {
 129       await makeGetRequest({
 130         url: server.url,
 131         path,
 132         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 133       })
 134     })
 135
 136     it('Should fail with a bad id filter', async function () {
 137       await makeGetRequest({ url: server.url, path, token: userToken, query: { id: 'toto' } })
 138     })
 139
 140     it('Should fail with a bad state filter', async function () {
 141       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 'toto' } })
 142       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 0 } })
 143     })
 144
 145     it('Should succeed with the correct params', async function () {
 146       const query = {
 147         id: 13,
 148         state: 2
 149       }
 150
 151       await makeGetRequest({ url: server.url, path, token: userToken, query, expectedStatus: HttpStatusCode.OK_200 })
 152     })
 153   })
 154
 155   describe('When reporting an abuse', function () {
 156     const path = basePath
 157
 158     it('Should fail with nothing', async function () {
 159       const fields = {}
 160       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 161     })
 162
 163     it('Should fail with a wrong video', async function () {
 164       const fields = { video: { id: 'blabla' }, reason: 'my super reason' }
 165       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 166     })
 167
 168     it('Should fail with an unknown video', async function () {
 169       const fields = { video: { id: 42 }, reason: 'my super reason' }
 170       await makePostBodyRequest({
 171         url: server.url,
 172         path,
 173         token: userToken,
 174         fields,
 175         expectedStatus: HttpStatusCode.NOT_FOUND_404
 176       })
 177     })
 178
 179     it('Should fail with a wrong comment', async function () {
 180       const fields = { comment: { id: 'blabla' }, reason: 'my super reason' }
 181       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 182     })
 183
 184     it('Should fail with an unknown comment', async function () {
 185       const fields = { comment: { id: 42 }, reason: 'my super reason' }
 186       await makePostBodyRequest({
 187         url: server.url,
 188         path,
 189         token: userToken,
 190         fields,
 191         expectedStatus: HttpStatusCode.NOT_FOUND_404
 192       })
 193     })
 194
 195     it('Should fail with a wrong account', async function () {
 196       const fields = { account: { id: 'blabla' }, reason: 'my super reason' }
 197       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 198     })
 199
 200     it('Should fail with an unknown account', async function () {
 201       const fields = { account: { id: 42 }, reason: 'my super reason' }
 202       await makePostBodyRequest({
 203         url: server.url,
 204         path,
 205         token: userToken,
 206         fields,
 207         expectedStatus: HttpStatusCode.NOT_FOUND_404
 208       })
 209     })
 210
 211     it('Should fail with not account, comment or video', async function () {
 212       const fields = { reason: 'my super reason' }
 213       await makePostBodyRequest({
 214         url: server.url,
 215         path,
 216         token: userToken,
 217         fields,
 218         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 219       })
 220     })
 221
 222     it('Should fail with a non authenticated user', async function () {
 223       const fields = { video: { id: server.store.videoCreated.id }, reason: 'my super reason' }
 224
 225       await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 226     })
 227
 228     it('Should fail with a reason too short', async function () {
 229       const fields = { video: { id: server.store.videoCreated.id }, reason: 'h' }
 230
 231       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 232     })
 233
 234     it('Should fail with a too big reason', async function () {
 235       const fields = { video: { id: server.store.videoCreated.id }, reason: 'super'.repeat(605) }
 236
 237       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 238     })
 239
 240     it('Should succeed with the correct parameters (basic)', async function () {
 241       const fields: AbuseCreate = { video: { id: server.store.videoCreated.shortUUID }, reason: 'my super reason' }
 242
 243       const res = await makePostBodyRequest({
 244         url: server.url,
 245         path,
 246         token: userToken,
 247         fields,
 248         expectedStatus: HttpStatusCode.OK_200
 249       })
 250       abuseId = res.body.abuse.id
 251     })
 252
 253     it('Should fail with a wrong predefined reason', async function () {
 254       const fields = { video: server.store.videoCreated, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] }
 255
 256       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 257     })
 258
 259     it('Should fail with negative timestamps', async function () {
 260       const fields = { video: { id: server.store.videoCreated.id, startAt: -1 }, reason: 'my super reason' }
 261
 262       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 263     })
 264
 265     it('Should fail mith misordered startAt/endAt', async function () {
 266       const fields = { video: { id: server.store.videoCreated.id, startAt: 5, endAt: 1 }, reason: 'my super reason' }
 267
 268       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 269     })
 270
 271     it('Should succeed with the correct parameters (advanced)', async function () {
 272       const fields: AbuseCreate = {
 273         video: {
 274           id: server.store.videoCreated.id,
 275           startAt: 1,
 276           endAt: 5
 277         },
 278         reason: 'my super reason',
 279         predefinedReasons: [ 'serverRules' ]
 280       }
 281
 282       await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.OK_200 })
 283     })
 284   })
 285
 286   describe('When updating an abuse', function () {
 287
 288     it('Should fail with a non authenticated user', async function () {
 289       await command.update({ token: 'blabla', abuseId, body: {}, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 290     })
 291
 292     it('Should fail with a non admin user', async function () {
 293       await command.update({ token: userToken, abuseId, body: {}, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 294     })
 295
 296     it('Should fail with a bad abuse id', async function () {
 297       await command.update({ abuseId: 45, body: {}, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 298     })
 299
 300     it('Should fail with a bad state', async function () {
 301       const body = { state: 5 }
 302       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 303     })
 304
 305     it('Should fail with a bad moderation comment', async function () {
 306       const body = { moderationComment: 'b'.repeat(3001) }
 307       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 308     })
 309
 310     it('Should succeed with the correct params', async function () {
 311       const body = { state: AbuseState.ACCEPTED }
 312       await command.update({ abuseId, body })
 313     })
 314   })
 315
 316   describe('When creating an abuse message', function () {
 317     const message = 'my super message'
 318
 319     it('Should fail with an invalid abuse id', async function () {
 320       await command.addMessage({ token: userToken2, abuseId: 888, message, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 321     })
 322
 323     it('Should fail with a non authenticated user', async function () {
 324       await command.addMessage({ token: 'fake_token', abuseId, message, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 325     })
 326
 327     it('Should fail with an invalid logged in user', async function () {
 328       await command.addMessage({ token: userToken2, abuseId, message, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 329     })
 330
 331     it('Should fail with an invalid message', async function () {
 332       await command.addMessage({ token: userToken, abuseId, message: 'a'.repeat(5000), expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 333     })
 334
 335     it('Should succeed with the correct params', async function () {
 336       const res = await command.addMessage({ token: userToken, abuseId, message })
 337       messageId = res.body.abuseMessage.id
 338     })
 339   })
 340
 341   describe('When listing abuse messages', function () {
 342
 343     it('Should fail with an invalid abuse id', async function () {
 344       await command.listMessages({ token: userToken, abuseId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 345     })
 346
 347     it('Should fail with a non authenticated user', async function () {
 348       await command.listMessages({ token: 'fake_token', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 349     })
 350
 351     it('Should fail with an invalid logged in user', async function () {
 352       await command.listMessages({ token: userToken2, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 353     })
 354
 355     it('Should succeed with the correct params', async function () {
 356       await command.listMessages({ token: userToken, abuseId })
 357     })
 358   })
 359
 360   describe('When deleting an abuse message', function () {
 361     it('Should fail with an invalid abuse id', async function () {
 362       await command.deleteMessage({ token: userToken, abuseId: 888, messageId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 363     })
 364
 365     it('Should fail with an invalid message id', async function () {
 366       await command.deleteMessage({ token: userToken, abuseId, messageId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 367     })
 368
 369     it('Should fail with a non authenticated user', async function () {
 370       await command.deleteMessage({ token: 'fake_token', abuseId, messageId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 371     })
 372
 373     it('Should fail with an invalid logged in user', async function () {
 374       await command.deleteMessage({ token: userToken2, abuseId, messageId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 375     })
 376
 377     it('Should succeed with the correct params', async function () {
 378       await command.deleteMessage({ token: userToken, abuseId, messageId })
 379     })
 380   })
 381
 382   describe('When deleting a video abuse', function () {
 383
 384     it('Should fail with a non authenticated user', async function () {
 385       await command.delete({ token: 'blabla', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 386     })
 387
 388     it('Should fail with a non admin user', async function () {
 389       await command.delete({ token: userToken, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 390     })
 391
 392     it('Should fail with a bad abuse id', async function () {
 393       await command.delete({ abuseId: 45, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 394     })
 395
 396     it('Should succeed with the correct params', async function () {
 397       await command.delete({ abuseId })
 398     })
 399   })
 400
 401   describe('When trying to manage messages of a remote abuse', function () {
 402     let remoteAbuseId: number
 403     let anotherServer: PeerTubeServer
 404
 405     before(async function () {
 406       this.timeout(50000)
 407
 408       anotherServer = await createSingleServer(2)
 409       await setAccessTokensToServers([ anotherServer ])
 410
 411       await doubleFollow(anotherServer, server)
 412
 413       const server2VideoId = await anotherServer.videos.getId({ uuid: server.store.videoCreated.uuid })
 414       await anotherServer.abuses.report({ reason: 'remote server', videoId: server2VideoId })
 415
 416       await waitJobs([ server, anotherServer ])
 417
 418       const body = await command.getAdminList({ sort: '-createdAt' })
 419       remoteAbuseId = body.data[0].id
 420     })
 421
 422     it('Should fail when listing abuse messages of a remote abuse', async function () {
 423       await command.listMessages({ abuseId: remoteAbuseId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 424     })
 425
 426     it('Should fail when creating abuse message of a remote abuse', async function () {
 427       await command.addMessage({ abuseId: remoteAbuseId, message: 'message', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 428     })
 429
 430     after(async function () {
 431       await cleanupTests([ anotherServer ])
 432     })
 433   })
 434
 435   after(async function () {
 436     await cleanupTests([ server ])
 437   })
 438 })