server/tests/api/check-params/abuses.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import {
   5   AbusesCommand,
   6   checkBadCountPagination,
   7   checkBadSortPagination,
   8   checkBadStartPagination,
   9   cleanupTests,
  10   createSingleServer,
  11   doubleFollow,
  12   makeGetRequest,
  13   makePostBodyRequest,
  14   PeerTubeServer,
  15   setAccessTokensToServers,
  16   waitJobs
  17 } from '@shared/extra-utils'
  18 import { AbuseCreate, AbuseState, HttpStatusCode } from '@shared/models'
  19
  20 describe('Test abuses API validators', function () {
  21   const basePath = '/api/v1/abuses/'
  22
  23   let server: PeerTubeServer
  24
  25   let userToken = ''
  26   let userToken2 = ''
  27   let abuseId: number
  28   let messageId: number
  29
  30   let command: AbusesCommand
  31
  32   // ---------------------------------------------------------------
  33
  34   before(async function () {
  35     this.timeout(30000)
  36
  37     server = await createSingleServer(1)
  38
  39     await setAccessTokensToServers([ server ])
  40
  41     userToken = await server.users.generateUserAndToken('user_1')
  42     userToken2 = await server.users.generateUserAndToken('user_2')
  43
  44     server.store.videoCreated = await server.videos.upload()
  45
  46     command = server.abuses
  47   })
  48
  49   describe('When listing abuses for admins', function () {
  50     const path = basePath
  51
  52     it('Should fail with a bad start pagination', async function () {
  53       await checkBadStartPagination(server.url, path, server.accessToken)
  54     })
  55
  56     it('Should fail with a bad count pagination', async function () {
  57       await checkBadCountPagination(server.url, path, server.accessToken)
  58     })
  59
  60     it('Should fail with an incorrect sort', async function () {
  61       await checkBadSortPagination(server.url, path, server.accessToken)
  62     })
  63
  64     it('Should fail with a non authenticated user', async function () {
  65       await makeGetRequest({
  66         url: server.url,
  67         path,
  68         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
  69       })
  70     })
  71
  72     it('Should fail with a non admin user', async function () {
  73       await makeGetRequest({
  74         url: server.url,
  75         path,
  76         token: userToken,
  77         expectedStatus: HttpStatusCode.FORBIDDEN_403
  78       })
  79     })
  80
  81     it('Should fail with a bad id filter', async function () {
  82       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } })
  83     })
  84
  85     it('Should fail with a bad filter', async function () {
  86       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } })
  87       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } })
  88     })
  89
  90     it('Should fail with bad predefined reason', async function () {
  91       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } })
  92     })
  93
  94     it('Should fail with a bad state filter', async function () {
  95       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } })
  96       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } })
  97     })
  98
  99     it('Should fail with a bad videoIs filter', async function () {
 100       await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } })
 101     })
 102
 103     it('Should succeed with the correct params', async function () {
 104       const query = {
 105         id: 13,
 106         predefinedReason: 'violentOrRepulsive',
 107         filter: 'comment',
 108         state: 2,
 109         videoIs: 'deleted'
 110       }
 111
 112       await makeGetRequest({ url: server.url, path, token: server.accessToken, query, expectedStatus: HttpStatusCode.OK_200 })
 113     })
 114   })
 115
 116   describe('When listing abuses for users', function () {
 117     const path = '/api/v1/users/me/abuses'
 118
 119     it('Should fail with a bad start pagination', async function () {
 120       await checkBadStartPagination(server.url, path, userToken)
 121     })
 122
 123     it('Should fail with a bad count pagination', async function () {
 124       await checkBadCountPagination(server.url, path, userToken)
 125     })
 126
 127     it('Should fail with an incorrect sort', async function () {
 128       await checkBadSortPagination(server.url, path, userToken)
 129     })
 130
 131     it('Should fail with a non authenticated user', async function () {
 132       await makeGetRequest({
 133         url: server.url,
 134         path,
 135         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 136       })
 137     })
 138
 139     it('Should fail with a bad id filter', async function () {
 140       await makeGetRequest({ url: server.url, path, token: userToken, query: { id: 'toto' } })
 141     })
 142
 143     it('Should fail with a bad state filter', async function () {
 144       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 'toto' } })
 145       await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 0 } })
 146     })
 147
 148     it('Should succeed with the correct params', async function () {
 149       const query = {
 150         id: 13,
 151         state: 2
 152       }
 153
 154       await makeGetRequest({ url: server.url, path, token: userToken, query, expectedStatus: HttpStatusCode.OK_200 })
 155     })
 156   })
 157
 158   describe('When reporting an abuse', function () {
 159     const path = basePath
 160
 161     it('Should fail with nothing', async function () {
 162       const fields = {}
 163       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 164     })
 165
 166     it('Should fail with a wrong video', async function () {
 167       const fields = { video: { id: 'blabla' }, reason: 'my super reason' }
 168       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 169     })
 170
 171     it('Should fail with an unknown video', async function () {
 172       const fields = { video: { id: 42 }, reason: 'my super reason' }
 173       await makePostBodyRequest({
 174         url: server.url,
 175         path,
 176         token: userToken,
 177         fields,
 178         expectedStatus: HttpStatusCode.NOT_FOUND_404
 179       })
 180     })
 181
 182     it('Should fail with a wrong comment', async function () {
 183       const fields = { comment: { id: 'blabla' }, reason: 'my super reason' }
 184       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 185     })
 186
 187     it('Should fail with an unknown comment', async function () {
 188       const fields = { comment: { id: 42 }, reason: 'my super reason' }
 189       await makePostBodyRequest({
 190         url: server.url,
 191         path,
 192         token: userToken,
 193         fields,
 194         expectedStatus: HttpStatusCode.NOT_FOUND_404
 195       })
 196     })
 197
 198     it('Should fail with a wrong account', async function () {
 199       const fields = { account: { id: 'blabla' }, reason: 'my super reason' }
 200       await makePostBodyRequest({ url: server.url, path: path, token: userToken, fields })
 201     })
 202
 203     it('Should fail with an unknown account', async function () {
 204       const fields = { account: { id: 42 }, reason: 'my super reason' }
 205       await makePostBodyRequest({
 206         url: server.url,
 207         path,
 208         token: userToken,
 209         fields,
 210         expectedStatus: HttpStatusCode.NOT_FOUND_404
 211       })
 212     })
 213
 214     it('Should fail with not account, comment or video', async function () {
 215       const fields = { reason: 'my super reason' }
 216       await makePostBodyRequest({
 217         url: server.url,
 218         path,
 219         token: userToken,
 220         fields,
 221         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 222       })
 223     })
 224
 225     it('Should fail with a non authenticated user', async function () {
 226       const fields = { video: { id: server.store.videoCreated.id }, reason: 'my super reason' }
 227
 228       await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 229     })
 230
 231     it('Should fail with a reason too short', async function () {
 232       const fields = { video: { id: server.store.videoCreated.id }, reason: 'h' }
 233
 234       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 235     })
 236
 237     it('Should fail with a too big reason', async function () {
 238       const fields = { video: { id: server.store.videoCreated.id }, reason: 'super'.repeat(605) }
 239
 240       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 241     })
 242
 243     it('Should succeed with the correct parameters (basic)', async function () {
 244       const fields: AbuseCreate = { video: { id: server.store.videoCreated.shortUUID }, reason: 'my super reason' }
 245
 246       const res = await makePostBodyRequest({
 247         url: server.url,
 248         path,
 249         token: userToken,
 250         fields,
 251         expectedStatus: HttpStatusCode.OK_200
 252       })
 253       abuseId = res.body.abuse.id
 254     })
 255
 256     it('Should fail with a wrong predefined reason', async function () {
 257       const fields = { video: server.store.videoCreated, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] }
 258
 259       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 260     })
 261
 262     it('Should fail with negative timestamps', async function () {
 263       const fields = { video: { id: server.store.videoCreated.id, startAt: -1 }, reason: 'my super reason' }
 264
 265       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 266     })
 267
 268     it('Should fail mith misordered startAt/endAt', async function () {
 269       const fields = { video: { id: server.store.videoCreated.id, startAt: 5, endAt: 1 }, reason: 'my super reason' }
 270
 271       await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
 272     })
 273
 274     it('Should succeed with the corret parameters (advanced)', async function () {
 275       const fields: AbuseCreate = {
 276         video: {
 277           id: server.store.videoCreated.id,
 278           startAt: 1,
 279           endAt: 5
 280         },
 281         reason: 'my super reason',
 282         predefinedReasons: [ 'serverRules' ]
 283       }
 284
 285       await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.OK_200 })
 286     })
 287   })
 288
 289   describe('When updating an abuse', function () {
 290
 291     it('Should fail with a non authenticated user', async function () {
 292       await command.update({ token: 'blabla', abuseId, body: {}, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 293     })
 294
 295     it('Should fail with a non admin user', async function () {
 296       await command.update({ token: userToken, abuseId, body: {}, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 297     })
 298
 299     it('Should fail with a bad abuse id', async function () {
 300       await command.update({ abuseId: 45, body: {}, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 301     })
 302
 303     it('Should fail with a bad state', async function () {
 304       const body = { state: 5 }
 305       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 306     })
 307
 308     it('Should fail with a bad moderation comment', async function () {
 309       const body = { moderationComment: 'b'.repeat(3001) }
 310       await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 311     })
 312
 313     it('Should succeed with the correct params', async function () {
 314       const body = { state: AbuseState.ACCEPTED }
 315       await command.update({ abuseId, body })
 316     })
 317   })
 318
 319   describe('When creating an abuse message', function () {
 320     const message = 'my super message'
 321
 322     it('Should fail with an invalid abuse id', async function () {
 323       await command.addMessage({ token: userToken2, abuseId: 888, message, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 324     })
 325
 326     it('Should fail with a non authenticated user', async function () {
 327       await command.addMessage({ token: 'fake_token', abuseId, message, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 328     })
 329
 330     it('Should fail with an invalid logged in user', async function () {
 331       await command.addMessage({ token: userToken2, abuseId, message, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 332     })
 333
 334     it('Should fail with an invalid message', async function () {
 335       await command.addMessage({ token: userToken, abuseId, message: 'a'.repeat(5000), expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 336     })
 337
 338     it('Should suceed with the correct params', async function () {
 339       const res = await command.addMessage({ token: userToken, abuseId, message })
 340       messageId = res.body.abuseMessage.id
 341     })
 342   })
 343
 344   describe('When listing abuse messages', function () {
 345
 346     it('Should fail with an invalid abuse id', async function () {
 347       await command.listMessages({ token: userToken, abuseId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 348     })
 349
 350     it('Should fail with a non authenticated user', async function () {
 351       await command.listMessages({ token: 'fake_token', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 352     })
 353
 354     it('Should fail with an invalid logged in user', async function () {
 355       await command.listMessages({ token: userToken2, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 356     })
 357
 358     it('Should succeed with the correct params', async function () {
 359       await command.listMessages({ token: userToken, abuseId })
 360     })
 361   })
 362
 363   describe('When deleting an abuse message', function () {
 364     it('Should fail with an invalid abuse id', async function () {
 365       await command.deleteMessage({ token: userToken, abuseId: 888, messageId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 366     })
 367
 368     it('Should fail with an invalid message id', async function () {
 369       await command.deleteMessage({ token: userToken, abuseId, messageId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 370     })
 371
 372     it('Should fail with a non authenticated user', async function () {
 373       await command.deleteMessage({ token: 'fake_token', abuseId, messageId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 374     })
 375
 376     it('Should fail with an invalid logged in user', async function () {
 377       await command.deleteMessage({ token: userToken2, abuseId, messageId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 378     })
 379
 380     it('Should succeed with the correct params', async function () {
 381       await command.deleteMessage({ token: userToken, abuseId, messageId })
 382     })
 383   })
 384
 385   describe('When deleting a video abuse', function () {
 386
 387     it('Should fail with a non authenticated user', async function () {
 388       await command.delete({ token: 'blabla', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 389     })
 390
 391     it('Should fail with a non admin user', async function () {
 392       await command.delete({ token: userToken, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 393     })
 394
 395     it('Should fail with a bad abuse id', async function () {
 396       await command.delete({ abuseId: 45, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 397     })
 398
 399     it('Should succeed with the correct params', async function () {
 400       await command.delete({ abuseId })
 401     })
 402   })
 403
 404   describe('When trying to manage messages of a remote abuse', function () {
 405     let remoteAbuseId: number
 406     let anotherServer: PeerTubeServer
 407
 408     before(async function () {
 409       this.timeout(50000)
 410
 411       anotherServer = await createSingleServer(2)
 412       await setAccessTokensToServers([ anotherServer ])
 413
 414       await doubleFollow(anotherServer, server)
 415
 416       const server2VideoId = await anotherServer.videos.getId({ uuid: server.store.videoCreated.uuid })
 417       await anotherServer.abuses.report({ reason: 'remote server', videoId: server2VideoId })
 418
 419       await waitJobs([ server, anotherServer ])
 420
 421       const body = await command.getAdminList({ sort: '-createdAt' })
 422       remoteAbuseId = body.data[0].id
 423     })
 424
 425     it('Should fail when listing abuse messages of a remote abuse', async function () {
 426       await command.listMessages({ abuseId: remoteAbuseId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 427     })
 428
 429     it('Should fail when creating abuse message of a remote abuse', async function () {
 430       await command.addMessage({ abuseId: remoteAbuseId, message: 'message', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 431     })
 432
 433     after(async function () {
 434       await cleanupTests([ anotherServer ])
 435     })
 436   })
 437
 438   after(async function () {
 439     await cleanupTests([ server ])
 440   })
 441 })