server/tests/api/check-params/abuses.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { HttpStatusCode } from '@shared/core-utils'
   5 import {
   6   AbusesCommand,
   7   checkBadCountPagination,
   8   checkBadSortPagination,
   9   checkBadStartPagination,
  10   cleanupTests,
  11   doubleFollow,
  12   flushAndRunServer,
  13   getVideoIdFromUUID,
  14   makeGetRequest,
  15   makePostBodyRequest,
  16   ServerInfo,
  17   setAccessTokensToServers,
  18   uploadVideo,
  19   waitJobs
  20 } from '@shared/extra-utils'
  21 import { AbuseCreate, AbuseState } from '@shared/models'
  22
  23 describe('Test abuses API validators', function () {
  24   const basePath = '/api/v1/abuses/'
  25
  26   let server: ServerInfo
  27
  28   let userToken = ''
  29   let userToken2 = ''
  30   let abuseId: number
  31   let messageId: number
  32
  33   let command: AbusesCommand
  34
  35   // ---------------------------------------------------------------
  36
  37   before(async function () {
  38     this.timeout(30000)
  39
  40     server = await flushAndRunServer(1)
  41
  42     await setAccessTokensToServers([ server ])
  43
  44     const username = 'user1'
  45     const password = 'my super password'
  46     await server.usersCommand.create({ username: username, password: password })
  47     userToken = await server.loginCommand.getAccessToken({ username, password })
  48
  49     userToken2 = await server.usersCommand.generateUserAndToken('user_2')
  50
  51     const res = await uploadVideo(server.url, server.accessToken, {})
  52     server.video = res.body.video
  53
  54     command = server.abusesCommand
  55   })
  56
  57   describe('When listing abuses for admins', function () {
  58     const path = basePath
  59
  60     it('Should fail with a bad start pagination', async function () {
  61       await checkBadStartPagination(server.url, path, server.accessToken)
  62     })
  63
  64     it('Should fail with a bad count pagination', async function () {
  65       await checkBadCountPagination(server.url, path, server.accessToken)
  66     })
  67
  68     it('Should fail with an incorrect sort', async function () {
  69       await checkBadSortPagination(server.url, path, server.accessToken)
  70     })
  71
  72     it('Should fail with a non authenticated user', async function () {
  73       await makeGetRequest({
  74         url: server.url,
  75         path,
  76         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
  77       })
  78     })
  79
  80     it('Should fail with a non admin user', async function () {
  81       await makeGetRequest({
  82         url: server.url,
  83         path,
  84         token: userToken,
  85         statusCodeExpected: HttpStatusCode.FORBIDDEN_403
  86       })
  87     })
  88
  89     it('Should fail with a bad id filter', async function () {
  90       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } })
  91     })
  92
  93     it('Should fail with a bad filter', async function () {
  94       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } })
  95       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } })
  96     })
  97
  98     it('Should fail with bad predefined reason', async function () {
  99       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } })
 100     })
 101
 102     it('Should fail with a bad state filter', async function () {
 103       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } })
 104       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } })
 105     })
 106
 107     it('Should fail with a bad videoIs filter', async function () {
 108       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } })
 109     })
 110
 111     it('Should succeed with the correct params', async function () {
 112       const query = {
 113         id: 13,
 114         predefinedReason: 'violentOrRepulsive',
 115         filter: 'comment',
 116         state: 2,
 117         videoIs: 'deleted'
 118       }
 119
 120       await makeGetRequest({ url: server.url, path, token: server.accessToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 121     })
 122   })
 123
 124   describe('When listing abuses for users', function () {
 125     const path = '/api/v1/users/me/abuses'
 126
 127     it('Should fail with a bad start pagination', async function () {
 128       await checkBadStartPagination(server.url, path, userToken)
 129     })
 130
 131     it('Should fail with a bad count pagination', async function () {
 132       await checkBadCountPagination(server.url, path, userToken)
 133     })
 134
 135     it('Should fail with an incorrect sort', async function () {
 136       await checkBadSortPagination(server.url, path, userToken)
 137     })
 138
 139     it('Should fail with a non authenticated user', async function () {
 140       await makeGetRequest({
 141         url: server.url,
 142         path,
 143         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 144       })
 145     })
 146
 147     it('Should fail with a bad id filter', async function () {
 148       await makeGetRequest({ url: server.url, path, token: userToken, query: { id: 'toto' } })
 149     })
 150
 151     it('Should fail with a bad state filter', async function () {
 152       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 'toto' } })
 153       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 0 } })
 154     })
 155
 156     it('Should succeed with the correct params', async function () {
 157       const query = {
 158         id: 13,
 159         state: 2
 160       }
 161
 162       await makeGetRequest({ url: server.url, path, token: userToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 163     })
 164   })
 165
 166   describe('When reporting an abuse', function () {
 167     const path = basePath
 168
 169     it('Should fail with nothing', async function () {
 170       const fields = {}
 171       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 172     })
 173
 174     it('Should fail with a wrong video', async function () {
 175       const fields = { video: { id: 'blabla' }, reason: 'my super reason' }
 176       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 177     })
 178
 179     it('Should fail with an unknown video', async function () {
 180       const fields = { video: { id: 42 }, reason: 'my super reason' }
 181       await makePostBodyRequest({
 182         url: server.url,
 183         path,
 184         token: userToken,
 185         fields,
 186         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 187       })
 188     })
 189
 190     it('Should fail with a wrong comment', async function () {
 191       const fields = { comment: { id: 'blabla' }, reason: 'my super reason' }
 192       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 193     })
 194
 195     it('Should fail with an unknown comment', async function () {
 196       const fields = { comment: { id: 42 }, reason: 'my super reason' }
 197       await makePostBodyRequest({
 198         url: server.url,
 199         path,
 200         token: userToken,
 201         fields,
 202         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 203       })
 204     })
 205
 206     it('Should fail with a wrong account', async function () {
 207       const fields = { account: { id: 'blabla' }, reason: 'my super reason' }
 208       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 209     })
 210
 211     it('Should fail with an unknown account', async function () {
 212       const fields = { account: { id: 42 }, reason: 'my super reason' }
 213       await makePostBodyRequest({
 214         url: server.url,
 215         path,
 216         token: userToken,
 217         fields,
 218         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 219       })
 220     })
 221
 222     it('Should fail with not account, comment or video', async function () {
 223       const fields = { reason: 'my super reason' }
 224       await makePostBodyRequest({
 225         url: server.url,
 226         path,
 227         token: userToken,
 228         fields,
 229         statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
 230       })
 231     })
 232
 233     it('Should fail with a non authenticated user', async function () {
 234       const fields = { video: { id: server.video.id }, reason: 'my super reason' }
 235
 236       await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
 237     })
 238
 239     it('Should fail with a reason too short', async function () {
 240       const fields = { video: { id: server.video.id }, reason: 'h' }
 241
 242       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 243     })
 244
 245     it('Should fail with a too big reason', async function () {
 246       const fields = { video: { id: server.video.id }, reason: 'super'.repeat(605) }
 247
 248       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 249     })
 250
 251     it('Should succeed with the correct parameters (basic)', async function () {
 252       const fields: AbuseCreate = { video: { id: server.video.shortUUID }, reason: 'my super reason' }
 253
 254       const res = await makePostBodyRequest({
 255         url: server.url,
 256         path,
 257         token: userToken,
 258         fields,
 259         statusCodeExpected: HttpStatusCode.OK_200
 260       })
 261       abuseId = res.body.abuse.id
 262     })
 263
 264     it('Should fail with a wrong predefined reason', async function () {
 265       const fields = { video: { id: server.video.id }, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] }
 266
 267       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 268     })
 269
 270     it('Should fail with negative timestamps', async function () {
 271       const fields = { video: { id: server.video.id, startAt: -1 }, reason: 'my super reason' }
 272
 273       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 274     })
 275
 276     it('Should fail mith misordered startAt/endAt', async function () {
 277       const fields = { video: { id: server.video.id, startAt: 5, endAt: 1 }, reason: 'my super reason' }
 278
 279       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 280     })
 281
 282     it('Should succeed with the corret parameters (advanced)', async function () {
 283       const fields: AbuseCreate = {
 284         video: {
 285           id: server.video.id,
 286           startAt: 1,
 287           endAt: 5
 288         },
 289         reason: 'my super reason',
 290         predefinedReasons: [ 'serverRules' ]
 291       }
 292
 293       await makePostBodyRequest({ url: server.url, path, token: userToken, fields, statusCodeExpected: HttpStatusCode.OK_200 })
 294     })
 295   })
 296
 297   describe('When updating an abuse', function () {
 298
 299     it('Should fail with a non authenticated user', async function () {
 300       await command.update({ token: 'blabla', abuseId, body: {}, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 301     })
 302
 303     it('Should fail with a non admin user', async function () {
 304       await command.update({ token: userToken, abuseId, body: {}, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 305     })
 306
 307     it('Should fail with a bad abuse id', async function () {
 308       await command.update({ abuseId: 45, body: {}, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 309     })
 310
 311     it('Should fail with a bad state', async function () {
 312       const body = { state: 5 }
 313       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 314     })
 315
 316     it('Should fail with a bad moderation comment', async function () {
 317       const body = { moderationComment: 'b'.repeat(3001) }
 318       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 319     })
 320
 321     it('Should succeed with the correct params', async function () {
 322       const body = { state: AbuseState.ACCEPTED }
 323       await command.update({ abuseId, body })
 324     })
 325   })
 326
 327   describe('When creating an abuse message', function () {
 328     const message = 'my super message'
 329
 330     it('Should fail with an invalid abuse id', async function () {
 331       await command.addMessage({ token: userToken2, abuseId: 888, message, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 332     })
 333
 334     it('Should fail with a non authenticated user', async function () {
 335       await command.addMessage({ token: 'fake_token', abuseId, message, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 336     })
 337
 338     it('Should fail with an invalid logged in user', async function () {
 339       await command.addMessage({ token: userToken2, abuseId, message, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 340     })
 341
 342     it('Should fail with an invalid message', async function () {
 343       await command.addMessage({ token: userToken, abuseId, message: 'a'.repeat(5000), expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 344     })
 345
 346     it('Should suceed with the correct params', async function () {
 347       const res = await command.addMessage({ token: userToken, abuseId, message })
 348       messageId = res.body.abuseMessage.id
 349     })
 350   })
 351
 352   describe('When listing abuse messages', function () {
 353
 354     it('Should fail with an invalid abuse id', async function () {
 355       await command.listMessages({ token: userToken, abuseId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 356     })
 357
 358     it('Should fail with a non authenticated user', async function () {
 359       await command.listMessages({ token: 'fake_token', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 360     })
 361
 362     it('Should fail with an invalid logged in user', async function () {
 363       await command.listMessages({ token: userToken2, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 364     })
 365
 366     it('Should succeed with the correct params', async function () {
 367       await command.listMessages({ token: userToken, abuseId })
 368     })
 369   })
 370
 371   describe('When deleting an abuse message', function () {
 372     it('Should fail with an invalid abuse id', async function () {
 373       await command.deleteMessage({ token: userToken, abuseId: 888, messageId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 374     })
 375
 376     it('Should fail with an invalid message id', async function () {
 377       await command.deleteMessage({ token: userToken, abuseId, messageId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 378     })
 379
 380     it('Should fail with a non authenticated user', async function () {
 381       await command.deleteMessage({ token: 'fake_token', abuseId, messageId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 382     })
 383
 384     it('Should fail with an invalid logged in user', async function () {
 385       await command.deleteMessage({ token: userToken2, abuseId, messageId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 386     })
 387
 388     it('Should succeed with the correct params', async function () {
 389       await command.deleteMessage({ token: userToken, abuseId, messageId })
 390     })
 391   })
 392
 393   describe('When deleting a video abuse', function () {
 394
 395     it('Should fail with a non authenticated user', async function () {
 396       await command.delete({ token: 'blabla', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 397     })
 398
 399     it('Should fail with a non admin user', async function () {
 400       await command.delete({ token: userToken, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 401     })
 402
 403     it('Should fail with a bad abuse id', async function () {
 404       await command.delete({ abuseId: 45, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 405     })
 406
 407     it('Should succeed with the correct params', async function () {
 408       await command.delete({ abuseId })
 409     })
 410   })
 411
 412   describe('When trying to manage messages of a remote abuse', function () {
 413     let remoteAbuseId: number
 414     let anotherServer: ServerInfo
 415
 416     before(async function () {
 417       this.timeout(50000)
 418
 419       anotherServer = await flushAndRunServer(2)
 420       await setAccessTokensToServers([ anotherServer ])
 421
 422       await doubleFollow(anotherServer, server)
 423
 424       const server2VideoId = await getVideoIdFromUUID(anotherServer.url, server.video.uuid)
 425       await anotherServer.abusesCommand.report({ reason: 'remote server', videoId: server2VideoId })
 426
 427       await waitJobs([ server, anotherServer ])
 428
 429       const body = await command.getAdminList({ sort: '-createdAt' })
 430       remoteAbuseId = body.data[0].id
 431     })
 432
 433     it('Should fail when listing abuse messages of a remote abuse', async function () {
 434       await command.listMessages({ abuseId: remoteAbuseId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 435     })
 436
 437     it('Should fail when creating abuse message of a remote abuse', async function () {
 438       await command.addMessage({ abuseId: remoteAbuseId, message: 'message', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 439     })
 440
 441     after(async function () {
 442       await cleanupTests([ anotherServer ])
 443     })
 444   })
 445
 446   after(async function () {
 447     await cleanupTests([ server ])
 448   })
 449 })