server/tests/api/check-params/abuses.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
   5 import { AbuseCreate, AbuseState, HttpStatusCode } from '@shared/models'
   6 import {
   7   AbusesCommand,
   8   cleanupTests,
   9   createSingleServer,
  10   doubleFollow,
  11   makeGetRequest,
  12   makePostBodyRequest,
  13   PeerTubeServer,
  14   setAccessTokensToServers,
  15   waitJobs
  16 } from '@shared/server-commands'
  17
  18 describe('Test abuses API validators', function () {
  19   const basePath = '/api/v1/abuses/'
  20
  21   let server: PeerTubeServer
  22
  23   let userToken = ''
  24   let userToken2 = ''
  25   let abuseId: number
  26   let messageId: number
  27
  28   let command: AbusesCommand
  29
  30   // ---------------------------------------------------------------
  31
  32   before(async function () {
  33     this.timeout(30000)
  34
  35     server = await createSingleServer(1)
  36
  37     await setAccessTokensToServers([ server ])
  38
  39     userToken = await server.users.generateUserAndToken('user_1')
  40     userToken2 = await server.users.generateUserAndToken('user_2')
  41
  42     server.store.videoCreated = await server.videos.upload()
  43
  44     command = server.abuses
  45   })
  46
  47   describe('When listing abuses for admins', function () {
  48     const path = basePath
  49
  50     it('Should fail with a bad start pagination', async function () {
  51       await checkBadStartPagination(server.url, path, server.accessToken)
  52     })
  53
  54     it('Should fail with a bad count pagination', async function () {
  55       await checkBadCountPagination(server.url, path, server.accessToken)
  56     })
  57
  58     it('Should fail with an incorrect sort', async function () {
  59       await checkBadSortPagination(server.url, path, server.accessToken)
  60     })
  61
  62     it('Should fail with a non authenticated user', async function () {
  63       await makeGetRequest({
  64         url: server.url,
  65         path,
  66         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
  67       })
  68     })
  69
  70     it('Should fail with a non admin user', async function () {
  71       await makeGetRequest({
  72         url: server.url,
  73         path,
  74         token: userToken,
  75         expectedStatus: HttpStatusCode.FORBIDDEN_403
  76       })
  77     })
  78
  79     it('Should fail with a bad id filter', async function () {
  80       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } })
  81     })
  82
  83     it('Should fail with a bad filter', async function () {
  84       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } })
  85       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } })
  86     })
  87
  88     it('Should fail with bad predefined reason', async function () {
  89       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } })
  90     })
  91
  92     it('Should fail with a bad state filter', async function () {
  93       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } })
  94       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } })
  95     })
  96
  97     it('Should fail with a bad videoIs filter', async function () {
  98       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } })
  99     })
 100
 101     it('Should succeed with the correct params', async function () {
 102       const query = {
 103         id: 13,
 104         predefinedReason: 'violentOrRepulsive',
 105         filter: 'comment',
 106         state: 2,
 107         videoIs: 'deleted'
 108       }
 109
 110       await makeGetRequest({ url: server.url, path, token: server.accessToken, query, expectedStatus: HttpStatusCode.OK_200 })
 111     })
 112   })
 113
 114   describe('When listing abuses for users', function () {
 115     const path = '/api/v1/users/me/abuses'
 116
 117     it('Should fail with a bad start pagination', async function () {
 118       await checkBadStartPagination(server.url, path, userToken)
 119     })
 120
 121     it('Should fail with a bad count pagination', async function () {
 122       await checkBadCountPagination(server.url, path, userToken)
 123     })
 124
 125     it('Should fail with an incorrect sort', async function () {
 126       await checkBadSortPagination(server.url, path, userToken)
 127     })
 128
 129     it('Should fail with a non authenticated user', async function () {
 130       await makeGetRequest({
 131         url: server.url,
 132         path,
 133         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 134       })
 135     })
 136
 137     it('Should fail with a bad id filter', async function () {
 138       await makeGetRequest({ url: server.url, path, token: userToken, query: { id: 'toto' } })
 139     })
 140
 141     it('Should fail with a bad state filter', async function () {
 142       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 'toto' } })
 143       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 0 } })
 144     })
 145
 146     it('Should succeed with the correct params', async function () {
 147       const query = {
 148         id: 13,
 149         state: 2
 150       }
 151
 152       await makeGetRequest({ url: server.url, path, token: userToken, query, expectedStatus: HttpStatusCode.OK_200 })
 153     })
 154   })
 155
 156   describe('When reporting an abuse', function () {
 157     const path = basePath
 158
 159     it('Should fail with nothing', async function () {
 160       const fields = {}
 161       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 162     })
 163
 164     it('Should fail with a wrong video', async function () {
 165       const fields = { video: { id: 'blabla' }, reason: 'my super reason' }
 166       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 167     })
 168
 169     it('Should fail with an unknown video', async function () {
 170       const fields = { video: { id: 42 }, reason: 'my super reason' }
 171       await makePostBodyRequest({
 172         url: server.url,
 173         path,
 174         token: userToken,
 175         fields,
 176         expectedStatus: HttpStatusCode.NOT_FOUND_404
 177       })
 178     })
 179
 180     it('Should fail with a wrong comment', async function () {
 181       const fields = { comment: { id: 'blabla' }, reason: 'my super reason' }
 182       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 183     })
 184
 185     it('Should fail with an unknown comment', async function () {
 186       const fields = { comment: { id: 42 }, reason: 'my super reason' }
 187       await makePostBodyRequest({
 188         url: server.url,
 189         path,
 190         token: userToken,
 191         fields,
 192         expectedStatus: HttpStatusCode.NOT_FOUND_404
 193       })
 194     })
 195
 196     it('Should fail with a wrong account', async function () {
 197       const fields = { account: { id: 'blabla' }, reason: 'my super reason' }
 198       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 199     })
 200
 201     it('Should fail with an unknown account', async function () {
 202       const fields = { account: { id: 42 }, reason: 'my super reason' }
 203       await makePostBodyRequest({
 204         url: server.url,
 205         path,
 206         token: userToken,
 207         fields,
 208         expectedStatus: HttpStatusCode.NOT_FOUND_404
 209       })
 210     })
 211
 212     it('Should fail with not account, comment or video', async function () {
 213       const fields = { reason: 'my super reason' }
 214       await makePostBodyRequest({
 215         url: server.url,
 216         path,
 217         token: userToken,
 218         fields,
 219         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 220       })
 221     })
 222
 223     it('Should fail with a non authenticated user', async function () {
 224       const fields = { video: { id: server.store.videoCreated.id }, reason: 'my super reason' }
 225
 226       await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 227     })
 228
 229     it('Should fail with a reason too short', async function () {
 230       const fields = { video: { id: server.store.videoCreated.id }, reason: 'h' }
 231
 232       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 233     })
 234
 235     it('Should fail with a too big reason', async function () {
 236       const fields = { video: { id: server.store.videoCreated.id }, reason: 'super'.repeat(605) }
 237
 238       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 239     })
 240
 241     it('Should succeed with the correct parameters (basic)', async function () {
 242       const fields: AbuseCreate = { video: { id: server.store.videoCreated.shortUUID }, reason: 'my super reason' }
 243
 244       const res = await makePostBodyRequest({
 245         url: server.url,
 246         path,
 247         token: userToken,
 248         fields,
 249         expectedStatus: HttpStatusCode.OK_200
 250       })
 251       abuseId = res.body.abuse.id
 252     })
 253
 254     it('Should fail with a wrong predefined reason', async function () {
 255       const fields = { video: server.store.videoCreated, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] }
 256
 257       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 258     })
 259
 260     it('Should fail with negative timestamps', async function () {
 261       const fields = { video: { id: server.store.videoCreated.id, startAt: -1 }, reason: 'my super reason' }
 262
 263       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 264     })
 265
 266     it('Should fail mith misordered startAt/endAt', async function () {
 267       const fields = { video: { id: server.store.videoCreated.id, startAt: 5, endAt: 1 }, reason: 'my super reason' }
 268
 269       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 270     })
 271
 272     it('Should succeed with the correct parameters (advanced)', async function () {
 273       const fields: AbuseCreate = {
 274         video: {
 275           id: server.store.videoCreated.id,
 276           startAt: 1,
 277           endAt: 5
 278         },
 279         reason: 'my super reason',
 280         predefinedReasons: [ 'serverRules' ]
 281       }
 282
 283       await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.OK_200 })
 284     })
 285   })
 286
 287   describe('When updating an abuse', function () {
 288
 289     it('Should fail with a non authenticated user', async function () {
 290       await command.update({ token: 'blabla', abuseId, body: {}, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 291     })
 292
 293     it('Should fail with a non admin user', async function () {
 294       await command.update({ token: userToken, abuseId, body: {}, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 295     })
 296
 297     it('Should fail with a bad abuse id', async function () {
 298       await command.update({ abuseId: 45, body: {}, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 299     })
 300
 301     it('Should fail with a bad state', async function () {
 302       const body = { state: 5 }
 303       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 304     })
 305
 306     it('Should fail with a bad moderation comment', async function () {
 307       const body = { moderationComment: 'b'.repeat(3001) }
 308       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 309     })
 310
 311     it('Should succeed with the correct params', async function () {
 312       const body = { state: AbuseState.ACCEPTED }
 313       await command.update({ abuseId, body })
 314     })
 315   })
 316
 317   describe('When creating an abuse message', function () {
 318     const message = 'my super message'
 319
 320     it('Should fail with an invalid abuse id', async function () {
 321       await command.addMessage({ token: userToken2, abuseId: 888, message, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 322     })
 323
 324     it('Should fail with a non authenticated user', async function () {
 325       await command.addMessage({ token: 'fake_token', abuseId, message, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 326     })
 327
 328     it('Should fail with an invalid logged in user', async function () {
 329       await command.addMessage({ token: userToken2, abuseId, message, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 330     })
 331
 332     it('Should fail with an invalid message', async function () {
 333       await command.addMessage({ token: userToken, abuseId, message: 'a'.repeat(5000), expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 334     })
 335
 336     it('Should succeed with the correct params', async function () {
 337       const res = await command.addMessage({ token: userToken, abuseId, message })
 338       messageId = res.body.abuseMessage.id
 339     })
 340   })
 341
 342   describe('When listing abuse messages', function () {
 343
 344     it('Should fail with an invalid abuse id', async function () {
 345       await command.listMessages({ token: userToken, abuseId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 346     })
 347
 348     it('Should fail with a non authenticated user', async function () {
 349       await command.listMessages({ token: 'fake_token', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 350     })
 351
 352     it('Should fail with an invalid logged in user', async function () {
 353       await command.listMessages({ token: userToken2, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 354     })
 355
 356     it('Should succeed with the correct params', async function () {
 357       await command.listMessages({ token: userToken, abuseId })
 358     })
 359   })
 360
 361   describe('When deleting an abuse message', function () {
 362     it('Should fail with an invalid abuse id', async function () {
 363       await command.deleteMessage({ token: userToken, abuseId: 888, messageId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 364     })
 365
 366     it('Should fail with an invalid message id', async function () {
 367       await command.deleteMessage({ token: userToken, abuseId, messageId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 368     })
 369
 370     it('Should fail with a non authenticated user', async function () {
 371       await command.deleteMessage({ token: 'fake_token', abuseId, messageId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 372     })
 373
 374     it('Should fail with an invalid logged in user', async function () {
 375       await command.deleteMessage({ token: userToken2, abuseId, messageId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 376     })
 377
 378     it('Should succeed with the correct params', async function () {
 379       await command.deleteMessage({ token: userToken, abuseId, messageId })
 380     })
 381   })
 382
 383   describe('When deleting a video abuse', function () {
 384
 385     it('Should fail with a non authenticated user', async function () {
 386       await command.delete({ token: 'blabla', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 387     })
 388
 389     it('Should fail with a non admin user', async function () {
 390       await command.delete({ token: userToken, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 391     })
 392
 393     it('Should fail with a bad abuse id', async function () {
 394       await command.delete({ abuseId: 45, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 395     })
 396
 397     it('Should succeed with the correct params', async function () {
 398       await command.delete({ abuseId })
 399     })
 400   })
 401
 402   describe('When trying to manage messages of a remote abuse', function () {
 403     let remoteAbuseId: number
 404     let anotherServer: PeerTubeServer
 405
 406     before(async function () {
 407       this.timeout(50000)
 408
 409       anotherServer = await createSingleServer(2)
 410       await setAccessTokensToServers([ anotherServer ])
 411
 412       await doubleFollow(anotherServer, server)
 413
 414       const server2VideoId = await anotherServer.videos.getId({ uuid: server.store.videoCreated.uuid })
 415       await anotherServer.abuses.report({ reason: 'remote server', videoId: server2VideoId })
 416
 417       await waitJobs([ server, anotherServer ])
 418
 419       const body = await command.getAdminList({ sort: '-createdAt' })
 420       remoteAbuseId = body.data[0].id
 421     })
 422
 423     it('Should fail when listing abuse messages of a remote abuse', async function () {
 424       await command.listMessages({ abuseId: remoteAbuseId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 425     })
 426
 427     it('Should fail when creating abuse message of a remote abuse', async function () {
 428       await command.addMessage({ abuseId: remoteAbuseId, message: 'message', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 429     })
 430
 431     after(async function () {
 432       await cleanupTests([ anotherServer ])
 433     })
 434   })
 435
 436   after(async function () {
 437     await cleanupTests([ server ])
 438   })
 439 })