server/tests/api/check-params/abuses.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { HttpStatusCode } from '@shared/core-utils'
   5 import {
   6   AbusesCommand,
   7   checkBadCountPagination,
   8   checkBadSortPagination,
   9   checkBadStartPagination,
  10   cleanupTests,
  11   createUser,
  12   doubleFollow,
  13   flushAndRunServer,
  14   generateUserAccessToken,
  15   getVideoIdFromUUID,
  16   makeGetRequest,
  17   makePostBodyRequest,
  18   ServerInfo,
  19   setAccessTokensToServers,
  20   uploadVideo,
  21   userLogin,
  22   waitJobs
  23 } from '@shared/extra-utils'
  24 import { AbuseCreate, AbuseState } from '@shared/models'
  25
  26 describe('Test abuses API validators', function () {
  27   const basePath = '/api/v1/abuses/'
  28
  29   let server: ServerInfo
  30
  31   let userToken = ''
  32   let userToken2 = ''
  33   let abuseId: number
  34   let messageId: number
  35
  36   let command: AbusesCommand
  37
  38   // ---------------------------------------------------------------
  39
  40   before(async function () {
  41     this.timeout(30000)
  42
  43     server = await flushAndRunServer(1)
  44
  45     await setAccessTokensToServers([ server ])
  46
  47     const username = 'user1'
  48     const password = 'my super password'
  49     await createUser({ url: server.url, accessToken: server.accessToken, username: username, password: password })
  50     userToken = await userLogin(server, { username, password })
  51
  52     userToken2 = await generateUserAccessToken(server, 'user_2')
  53
  54     const res = await uploadVideo(server.url, server.accessToken, {})
  55     server.video = res.body.video
  56
  57     command = server.abusesCommand
  58   })
  59
  60   describe('When listing abuses for admins', function () {
  61     const path = basePath
  62
  63     it('Should fail with a bad start pagination', async function () {
  64       await checkBadStartPagination(server.url, path, server.accessToken)
  65     })
  66
  67     it('Should fail with a bad count pagination', async function () {
  68       await checkBadCountPagination(server.url, path, server.accessToken)
  69     })
  70
  71     it('Should fail with an incorrect sort', async function () {
  72       await checkBadSortPagination(server.url, path, server.accessToken)
  73     })
  74
  75     it('Should fail with a non authenticated user', async function () {
  76       await makeGetRequest({
  77         url: server.url,
  78         path,
  79         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
  80       })
  81     })
  82
  83     it('Should fail with a non admin user', async function () {
  84       await makeGetRequest({
  85         url: server.url,
  86         path,
  87         token: userToken,
  88         statusCodeExpected: HttpStatusCode.FORBIDDEN_403
  89       })
  90     })
  91
  92     it('Should fail with a bad id filter', async function () {
  93       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } })
  94     })
  95
  96     it('Should fail with a bad filter', async function () {
  97       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } })
  98       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } })
  99     })
 100
 101     it('Should fail with bad predefined reason', async function () {
 102       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } })
 103     })
 104
 105     it('Should fail with a bad state filter', async function () {
 106       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } })
 107       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } })
 108     })
 109
 110     it('Should fail with a bad videoIs filter', async function () {
 111       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } })
 112     })
 113
 114     it('Should succeed with the correct params', async function () {
 115       const query = {
 116         id: 13,
 117         predefinedReason: 'violentOrRepulsive',
 118         filter: 'comment',
 119         state: 2,
 120         videoIs: 'deleted'
 121       }
 122
 123       await makeGetRequest({ url: server.url, path, token: server.accessToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 124     })
 125   })
 126
 127   describe('When listing abuses for users', function () {
 128     const path = '/api/v1/users/me/abuses'
 129
 130     it('Should fail with a bad start pagination', async function () {
 131       await checkBadStartPagination(server.url, path, userToken)
 132     })
 133
 134     it('Should fail with a bad count pagination', async function () {
 135       await checkBadCountPagination(server.url, path, userToken)
 136     })
 137
 138     it('Should fail with an incorrect sort', async function () {
 139       await checkBadSortPagination(server.url, path, userToken)
 140     })
 141
 142     it('Should fail with a non authenticated user', async function () {
 143       await makeGetRequest({
 144         url: server.url,
 145         path,
 146         statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 147       })
 148     })
 149
 150     it('Should fail with a bad id filter', async function () {
 151       await makeGetRequest({ url: server.url, path, token: userToken, query: { id: 'toto' } })
 152     })
 153
 154     it('Should fail with a bad state filter', async function () {
 155       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 'toto' } })
 156       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 0 } })
 157     })
 158
 159     it('Should succeed with the correct params', async function () {
 160       const query = {
 161         id: 13,
 162         state: 2
 163       }
 164
 165       await makeGetRequest({ url: server.url, path, token: userToken, query, statusCodeExpected: HttpStatusCode.OK_200 })
 166     })
 167   })
 168
 169   describe('When reporting an abuse', function () {
 170     const path = basePath
 171
 172     it('Should fail with nothing', async function () {
 173       const fields = {}
 174       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 175     })
 176
 177     it('Should fail with a wrong video', async function () {
 178       const fields = { video: { id: 'blabla' }, reason: 'my super reason' }
 179       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 180     })
 181
 182     it('Should fail with an unknown video', async function () {
 183       const fields = { video: { id: 42 }, reason: 'my super reason' }
 184       await makePostBodyRequest({
 185         url: server.url,
 186         path,
 187         token: userToken,
 188         fields,
 189         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 190       })
 191     })
 192
 193     it('Should fail with a wrong comment', async function () {
 194       const fields = { comment: { id: 'blabla' }, reason: 'my super reason' }
 195       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 196     })
 197
 198     it('Should fail with an unknown comment', async function () {
 199       const fields = { comment: { id: 42 }, reason: 'my super reason' }
 200       await makePostBodyRequest({
 201         url: server.url,
 202         path,
 203         token: userToken,
 204         fields,
 205         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 206       })
 207     })
 208
 209     it('Should fail with a wrong account', async function () {
 210       const fields = { account: { id: 'blabla' }, reason: 'my super reason' }
 211       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 212     })
 213
 214     it('Should fail with an unknown account', async function () {
 215       const fields = { account: { id: 42 }, reason: 'my super reason' }
 216       await makePostBodyRequest({
 217         url: server.url,
 218         path,
 219         token: userToken,
 220         fields,
 221         statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 222       })
 223     })
 224
 225     it('Should fail with not account, comment or video', async function () {
 226       const fields = { reason: 'my super reason' }
 227       await makePostBodyRequest({
 228         url: server.url,
 229         path,
 230         token: userToken,
 231         fields,
 232         statusCodeExpected: HttpStatusCode.BAD_REQUEST_400
 233       })
 234     })
 235
 236     it('Should fail with a non authenticated user', async function () {
 237       const fields = { video: { id: server.video.id }, reason: 'my super reason' }
 238
 239       await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 })
 240     })
 241
 242     it('Should fail with a reason too short', async function () {
 243       const fields = { video: { id: server.video.id }, reason: 'h' }
 244
 245       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 246     })
 247
 248     it('Should fail with a too big reason', async function () {
 249       const fields = { video: { id: server.video.id }, reason: 'super'.repeat(605) }
 250
 251       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 252     })
 253
 254     it('Should succeed with the correct parameters (basic)', async function () {
 255       const fields: AbuseCreate = { video: { id: server.video.shortUUID }, reason: 'my super reason' }
 256
 257       const res = await makePostBodyRequest({
 258         url: server.url,
 259         path,
 260         token: userToken,
 261         fields,
 262         statusCodeExpected: HttpStatusCode.OK_200
 263       })
 264       abuseId = res.body.abuse.id
 265     })
 266
 267     it('Should fail with a wrong predefined reason', async function () {
 268       const fields = { video: { id: server.video.id }, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] }
 269
 270       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 271     })
 272
 273     it('Should fail with negative timestamps', async function () {
 274       const fields = { video: { id: server.video.id, startAt: -1 }, reason: 'my super reason' }
 275
 276       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 277     })
 278
 279     it('Should fail mith misordered startAt/endAt', async function () {
 280       const fields = { video: { id: server.video.id, startAt: 5, endAt: 1 }, reason: 'my super reason' }
 281
 282       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 283     })
 284
 285     it('Should succeed with the corret parameters (advanced)', async function () {
 286       const fields: AbuseCreate = {
 287         video: {
 288           id: server.video.id,
 289           startAt: 1,
 290           endAt: 5
 291         },
 292         reason: 'my super reason',
 293         predefinedReasons: [ 'serverRules' ]
 294       }
 295
 296       await makePostBodyRequest({ url: server.url, path, token: userToken, fields, statusCodeExpected: HttpStatusCode.OK_200 })
 297     })
 298   })
 299
 300   describe('When updating an abuse', function () {
 301
 302     it('Should fail with a non authenticated user', async function () {
 303       await command.update({ token: 'blabla', abuseId, body: {}, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 304     })
 305
 306     it('Should fail with a non admin user', async function () {
 307       await command.update({ token: userToken, abuseId, body: {}, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 308     })
 309
 310     it('Should fail with a bad abuse id', async function () {
 311       await command.update({ abuseId: 45, body: {}, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 312     })
 313
 314     it('Should fail with a bad state', async function () {
 315       const body = { state: 5 }
 316       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 317     })
 318
 319     it('Should fail with a bad moderation comment', async function () {
 320       const body = { moderationComment: 'b'.repeat(3001) }
 321       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 322     })
 323
 324     it('Should succeed with the correct params', async function () {
 325       const body = { state: AbuseState.ACCEPTED }
 326       await command.update({ abuseId, body })
 327     })
 328   })
 329
 330   describe('When creating an abuse message', function () {
 331     const message = 'my super message'
 332
 333     it('Should fail with an invalid abuse id', async function () {
 334       await command.addMessage({ token: userToken2, abuseId: 888, message, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 335     })
 336
 337     it('Should fail with a non authenticated user', async function () {
 338       await command.addMessage({ token: 'fake_token', abuseId, message, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 339     })
 340
 341     it('Should fail with an invalid logged in user', async function () {
 342       await command.addMessage({ token: userToken2, abuseId, message, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 343     })
 344
 345     it('Should fail with an invalid message', async function () {
 346       await command.addMessage({ token: userToken, abuseId, message: 'a'.repeat(5000), expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 347     })
 348
 349     it('Should suceed with the correct params', async function () {
 350       const res = await command.addMessage({ token: userToken, abuseId, message })
 351       messageId = res.body.abuseMessage.id
 352     })
 353   })
 354
 355   describe('When listing abuse messages', function () {
 356
 357     it('Should fail with an invalid abuse id', async function () {
 358       await command.listMessages({ token: userToken, abuseId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 359     })
 360
 361     it('Should fail with a non authenticated user', async function () {
 362       await command.listMessages({ token: 'fake_token', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 363     })
 364
 365     it('Should fail with an invalid logged in user', async function () {
 366       await command.listMessages({ token: userToken2, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 367     })
 368
 369     it('Should succeed with the correct params', async function () {
 370       await command.listMessages({ token: userToken, abuseId })
 371     })
 372   })
 373
 374   describe('When deleting an abuse message', function () {
 375     it('Should fail with an invalid abuse id', async function () {
 376       await command.deleteMessage({ token: userToken, abuseId: 888, messageId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 377     })
 378
 379     it('Should fail with an invalid message id', async function () {
 380       await command.deleteMessage({ token: userToken, abuseId, messageId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 381     })
 382
 383     it('Should fail with a non authenticated user', async function () {
 384       await command.deleteMessage({ token: 'fake_token', abuseId, messageId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 385     })
 386
 387     it('Should fail with an invalid logged in user', async function () {
 388       await command.deleteMessage({ token: userToken2, abuseId, messageId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 389     })
 390
 391     it('Should succeed with the correct params', async function () {
 392       await command.deleteMessage({ token: userToken, abuseId, messageId })
 393     })
 394   })
 395
 396   describe('When deleting a video abuse', function () {
 397
 398     it('Should fail with a non authenticated user', async function () {
 399       await command.delete({ token: 'blabla', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 400     })
 401
 402     it('Should fail with a non admin user', async function () {
 403       await command.delete({ token: userToken, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 404     })
 405
 406     it('Should fail with a bad abuse id', async function () {
 407       await command.delete({ abuseId: 45, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 408     })
 409
 410     it('Should succeed with the correct params', async function () {
 411       await command.delete({ abuseId })
 412     })
 413   })
 414
 415   describe('When trying to manage messages of a remote abuse', function () {
 416     let remoteAbuseId: number
 417     let anotherServer: ServerInfo
 418
 419     before(async function () {
 420       this.timeout(50000)
 421
 422       anotherServer = await flushAndRunServer(2)
 423       await setAccessTokensToServers([ anotherServer ])
 424
 425       await doubleFollow(anotherServer, server)
 426
 427       const server2VideoId = await getVideoIdFromUUID(anotherServer.url, server.video.uuid)
 428       await anotherServer.abusesCommand.report({ reason: 'remote server', videoId: server2VideoId })
 429
 430       await waitJobs([ server, anotherServer ])
 431
 432       const body = await command.getAdminList({ sort: '-createdAt' })
 433       remoteAbuseId = body.data[0].id
 434     })
 435
 436     it('Should fail when listing abuse messages of a remote abuse', async function () {
 437       await command.listMessages({ abuseId: remoteAbuseId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 438     })
 439
 440     it('Should fail when creating abuse message of a remote abuse', async function () {
 441       await command.addMessage({ abuseId: remoteAbuseId, message: 'message', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 442     })
 443
 444     after(async function () {
 445       await cleanupTests([ anotherServer ])
 446     })
 447   })
 448
 449   after(async function () {
 450     await cleanupTests([ server ])
 451   })
 452 })