server/tests/api/check-params/abuses.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { HttpStatusCode } from '@shared/core-utils'
   5 import {
   6   AbusesCommand,
   7   checkBadCountPagination,
   8   checkBadSortPagination,
   9   checkBadStartPagination,
  10   cleanupTests,
  11   doubleFollow,
  12   createSingleServer,
  13   makeGetRequest,
  14   makePostBodyRequest,
  15   PeerTubeServer,
  16   setAccessTokensToServers,
  17   waitJobs
  18 } from '@shared/extra-utils'
  19 import { AbuseCreate, AbuseState } from '@shared/models'
  20
  21 describe('Test abuses API validators', function () {
  22   const basePath = '/api/v1/abuses/'
  23
  24   let server: PeerTubeServer
  25
  26   let userToken = ''
  27   let userToken2 = ''
  28   let abuseId: number
  29   let messageId: number
  30
  31   let command: AbusesCommand
  32
  33   // ---------------------------------------------------------------
  34
  35   before(async function () {
  36     this.timeout(30000)
  37
  38     server = await createSingleServer(1)
  39
  40     await setAccessTokensToServers([ server ])
  41
  42     userToken = await server.users.generateUserAndToken('user_1')
  43     userToken2 = await server.users.generateUserAndToken('user_2')
  44
  45     server.store.video = await server.videos.upload()
  46
  47     command = server.abuses
  48   })
  49
  50   describe('When listing abuses for admins', function () {
  51     const path = basePath
  52
  53     it('Should fail with a bad start pagination', async function () {
  54       await checkBadStartPagination(server.url, path, server.accessToken)
  55     })
  56
  57     it('Should fail with a bad count pagination', async function () {
  58       await checkBadCountPagination(server.url, path, server.accessToken)
  59     })
  60
  61     it('Should fail with an incorrect sort', async function () {
  62       await checkBadSortPagination(server.url, path, server.accessToken)
  63     })
  64
  65     it('Should fail with a non authenticated user', async function () {
  66       await makeGetRequest({
  67         url: server.url,
  68         path,
  69         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
  70       })
  71     })
  72
  73     it('Should fail with a non admin user', async function () {
  74       await makeGetRequest({
  75         url: server.url,
  76         path,
  77         token: userToken,
  78         statusCodeExpected: HttpStatusCode.FORBIDDEN_403
  79       })
  80     })
  81
  82     it('Should fail with a bad id filter', async function () {
  83       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } })
  84     })
  85
  86     it('Should fail with a bad filter', async function () {
  87       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } })
  88       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } })
  89     })
  90
  91     it('Should fail with bad predefined reason', async function () {
  92       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } })
  93     })
  94
  95     it('Should fail with a bad state filter', async function () {
  96       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } })
  97       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } })
  98     })
  99
 100     it('Should fail with a bad videoIs filter', async function () {
 101       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } })
 102     })
 103
 104     it('Should succeed with the correct params', async function () {
 105       const query = {
 106         id: 13,
 107         predefinedReason: 'violentOrRepulsive',
 108         filter: 'comment',
 109         state: 2,
 110         videoIs: 'deleted'
 111       }
 112
 113       await makeGetRequest({ url: server.url, path, token: server.accessToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 114     })
 115   })
 116
 117   describe('When listing abuses for users', function () {
 118     const path = '/api/v1/users/me/abuses'
 119
 120     it('Should fail with a bad start pagination', async function () {
 121       await checkBadStartPagination(server.url, path, userToken)
 122     })
 123
 124     it('Should fail with a bad count pagination', async function () {
 125       await checkBadCountPagination(server.url, path, userToken)
 126     })
 127
 128     it('Should fail with an incorrect sort', async function () {
 129       await checkBadSortPagination(server.url, path, userToken)
 130     })
 131
 132     it('Should fail with a non authenticated user', async function () {
 133       await makeGetRequest({
 134         url: server.url,
 135         path,
 136         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 137       })
 138     })
 139
 140     it('Should fail with a bad id filter', async function () {
 141       await makeGetRequest({ url: server.url, path, token: userToken, query: { id: 'toto' } })
 142     })
 143
 144     it('Should fail with a bad state filter', async function () {
 145       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 'toto' } })
 146       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 0 } })
 147     })
 148
 149     it('Should succeed with the correct params', async function () {
 150       const query = {
 151         id: 13,
 152         state: 2
 153       }
 154
 155       await makeGetRequest({ url: server.url, path, token: userToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 156     })
 157   })
 158
 159   describe('When reporting an abuse', function () {
 160     const path = basePath
 161
 162     it('Should fail with nothing', async function () {
 163       const fields = {}
 164       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 165     })
 166
 167     it('Should fail with a wrong video', async function () {
 168       const fields = { video: { id: 'blabla' }, reason: 'my super reason' }
 169       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 170     })
 171
 172     it('Should fail with an unknown video', async function () {
 173       const fields = { video: { id: 42 }, reason: 'my super reason' }
 174       await makePostBodyRequest({
 175         url: server.url,
 176         path,
 177         token: userToken,
 178         fields,
 179         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 180       })
 181     })
 182
 183     it('Should fail with a wrong comment', async function () {
 184       const fields = { comment: { id: 'blabla' }, reason: 'my super reason' }
 185       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 186     })
 187
 188     it('Should fail with an unknown comment', async function () {
 189       const fields = { comment: { id: 42 }, reason: 'my super reason' }
 190       await makePostBodyRequest({
 191         url: server.url,
 192         path,
 193         token: userToken,
 194         fields,
 195         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 196       })
 197     })
 198
 199     it('Should fail with a wrong account', async function () {
 200       const fields = { account: { id: 'blabla' }, reason: 'my super reason' }
 201       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 202     })
 203
 204     it('Should fail with an unknown account', async function () {
 205       const fields = { account: { id: 42 }, reason: 'my super reason' }
 206       await makePostBodyRequest({
 207         url: server.url,
 208         path,
 209         token: userToken,
 210         fields,
 211         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 212       })
 213     })
 214
 215     it('Should fail with not account, comment or video', async function () {
 216       const fields = { reason: 'my super reason' }
 217       await makePostBodyRequest({
 218         url: server.url,
 219         path,
 220         token: userToken,
 221         fields,
 222         statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
 223       })
 224     })
 225
 226     it('Should fail with a non authenticated user', async function () {
 227       const fields = { video: { id: server.store.video.id }, reason: 'my super reason' }
 228
 229       await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
 230     })
 231
 232     it('Should fail with a reason too short', async function () {
 233       const fields = { video: { id: server.store.video.id }, reason: 'h' }
 234
 235       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 236     })
 237
 238     it('Should fail with a too big reason', async function () {
 239       const fields = { video: { id: server.store.video.id }, reason: 'super'.repeat(605) }
 240
 241       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 242     })
 243
 244     it('Should succeed with the correct parameters (basic)', async function () {
 245       const fields: AbuseCreate = { video: { id: server.store.video.shortUUID }, reason: 'my super reason' }
 246
 247       const res = await makePostBodyRequest({
 248         url: server.url,
 249         path,
 250         token: userToken,
 251         fields,
 252         statusCodeExpected: HttpStatusCode.OK_200
 253       })
 254       abuseId = res.body.abuse.id
 255     })
 256
 257     it('Should fail with a wrong predefined reason', async function () {
 258       const fields = { video: { id: server.store.video.id }, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] }
 259
 260       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 261     })
 262
 263     it('Should fail with negative timestamps', async function () {
 264       const fields = { video: { id: server.store.video.id, startAt: -1 }, reason: 'my super reason' }
 265
 266       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 267     })
 268
 269     it('Should fail mith misordered startAt/endAt', async function () {
 270       const fields = { video: { id: server.store.video.id, startAt: 5, endAt: 1 }, reason: 'my super reason' }
 271
 272       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 273     })
 274
 275     it('Should succeed with the corret parameters (advanced)', async function () {
 276       const fields: AbuseCreate = {
 277         video: {
 278           id: server.store.video.id,
 279           startAt: 1,
 280           endAt: 5
 281         },
 282         reason: 'my super reason',
 283         predefinedReasons: [ 'serverRules' ]
 284       }
 285
 286       await makePostBodyRequest({ url: server.url, path, token: userToken, fields, statusCodeExpected: HttpStatusCode.OK_200 })
 287     })
 288   })
 289
 290   describe('When updating an abuse', function () {
 291
 292     it('Should fail with a non authenticated user', async function () {
 293       await command.update({ token: 'blabla', abuseId, body: {}, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 294     })
 295
 296     it('Should fail with a non admin user', async function () {
 297       await command.update({ token: userToken, abuseId, body: {}, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 298     })
 299
 300     it('Should fail with a bad abuse id', async function () {
 301       await command.update({ abuseId: 45, body: {}, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 302     })
 303
 304     it('Should fail with a bad state', async function () {
 305       const body = { state: 5 }
 306       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 307     })
 308
 309     it('Should fail with a bad moderation comment', async function () {
 310       const body = { moderationComment: 'b'.repeat(3001) }
 311       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 312     })
 313
 314     it('Should succeed with the correct params', async function () {
 315       const body = { state: AbuseState.ACCEPTED }
 316       await command.update({ abuseId, body })
 317     })
 318   })
 319
 320   describe('When creating an abuse message', function () {
 321     const message = 'my super message'
 322
 323     it('Should fail with an invalid abuse id', async function () {
 324       await command.addMessage({ token: userToken2, abuseId: 888, message, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 325     })
 326
 327     it('Should fail with a non authenticated user', async function () {
 328       await command.addMessage({ token: 'fake_token', abuseId, message, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 329     })
 330
 331     it('Should fail with an invalid logged in user', async function () {
 332       await command.addMessage({ token: userToken2, abuseId, message, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 333     })
 334
 335     it('Should fail with an invalid message', async function () {
 336       await command.addMessage({ token: userToken, abuseId, message: 'a'.repeat(5000), expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 337     })
 338
 339     it('Should suceed with the correct params', async function () {
 340       const res = await command.addMessage({ token: userToken, abuseId, message })
 341       messageId = res.body.abuseMessage.id
 342     })
 343   })
 344
 345   describe('When listing abuse messages', function () {
 346
 347     it('Should fail with an invalid abuse id', async function () {
 348       await command.listMessages({ token: userToken, abuseId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 349     })
 350
 351     it('Should fail with a non authenticated user', async function () {
 352       await command.listMessages({ token: 'fake_token', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 353     })
 354
 355     it('Should fail with an invalid logged in user', async function () {
 356       await command.listMessages({ token: userToken2, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 357     })
 358
 359     it('Should succeed with the correct params', async function () {
 360       await command.listMessages({ token: userToken, abuseId })
 361     })
 362   })
 363
 364   describe('When deleting an abuse message', function () {
 365     it('Should fail with an invalid abuse id', async function () {
 366       await command.deleteMessage({ token: userToken, abuseId: 888, messageId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 367     })
 368
 369     it('Should fail with an invalid message id', async function () {
 370       await command.deleteMessage({ token: userToken, abuseId, messageId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 371     })
 372
 373     it('Should fail with a non authenticated user', async function () {
 374       await command.deleteMessage({ token: 'fake_token', abuseId, messageId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 375     })
 376
 377     it('Should fail with an invalid logged in user', async function () {
 378       await command.deleteMessage({ token: userToken2, abuseId, messageId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 379     })
 380
 381     it('Should succeed with the correct params', async function () {
 382       await command.deleteMessage({ token: userToken, abuseId, messageId })
 383     })
 384   })
 385
 386   describe('When deleting a video abuse', function () {
 387
 388     it('Should fail with a non authenticated user', async function () {
 389       await command.delete({ token: 'blabla', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 390     })
 391
 392     it('Should fail with a non admin user', async function () {
 393       await command.delete({ token: userToken, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 394     })
 395
 396     it('Should fail with a bad abuse id', async function () {
 397       await command.delete({ abuseId: 45, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 398     })
 399
 400     it('Should succeed with the correct params', async function () {
 401       await command.delete({ abuseId })
 402     })
 403   })
 404
 405   describe('When trying to manage messages of a remote abuse', function () {
 406     let remoteAbuseId: number
 407     let anotherServer: PeerTubeServer
 408
 409     before(async function () {
 410       this.timeout(50000)
 411
 412       anotherServer = await createSingleServer(2)
 413       await setAccessTokensToServers([ anotherServer ])
 414
 415       await doubleFollow(anotherServer, server)
 416
 417       const server2VideoId = await anotherServer.videos.getId({ uuid: server.store.video.uuid })
 418       await anotherServer.abuses.report({ reason: 'remote server', videoId: server2VideoId })
 419
 420       await waitJobs([ server, anotherServer ])
 421
 422       const body = await command.getAdminList({ sort: '-createdAt' })
 423       remoteAbuseId = body.data[0].id
 424     })
 425
 426     it('Should fail when listing abuse messages of a remote abuse', async function () {
 427       await command.listMessages({ abuseId: remoteAbuseId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 428     })
 429
 430     it('Should fail when creating abuse message of a remote abuse', async function () {
 431       await command.addMessage({ abuseId: remoteAbuseId, message: 'message', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 432     })
 433
 434     after(async function () {
 435       await cleanupTests([ anotherServer ])
 436     })
 437   })
 438
 439   after(async function () {
 440     await cleanupTests([ server ])
 441   })
 442 })