1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
4 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
5 import { HttpStatusCode } from '@shared/models'
14 setAccessTokensToServers
15 } from '@shared/server-commands'
17 describe('Test blocklist API validators', function () {
18 let servers: PeerTubeServer[]
19 let server: PeerTubeServer
20 let userAccessToken: string
22 before(async function () {
25 servers = await createMultipleServers(2)
26 await setAccessTokensToServers(servers)
30 const user = { username: 'user1', password: 'password' }
31 await server.users.create({ username: user.username, password: user.password })
33 userAccessToken = await server.login.getAccessToken(user)
35 await doubleFollow(servers[0], servers[1])
38 // ---------------------------------------------------------------
40 describe('When managing user blocklist', function () {
42 describe('When managing user accounts blocklist', function () {
43 const path = '/api/v1/users/me/blocklist/accounts'
45 describe('When listing blocked accounts', function () {
46 it('Should fail with an unauthenticated user', async function () {
47 await makeGetRequest({
50 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
54 it('Should fail with a bad start pagination', async function () {
55 await checkBadStartPagination(server.url, path, server.accessToken)
58 it('Should fail with a bad count pagination', async function () {
59 await checkBadCountPagination(server.url, path, server.accessToken)
62 it('Should fail with an incorrect sort', async function () {
63 await checkBadSortPagination(server.url, path, server.accessToken)
67 describe('When blocking an account', function () {
68 it('Should fail with an unauthenticated user', async function () {
69 await makePostBodyRequest({
72 fields: { accountName: 'user1' },
73 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
77 it('Should fail with an unknown account', async function () {
78 await makePostBodyRequest({
80 token: server.accessToken,
82 fields: { accountName: 'user2' },
83 expectedStatus: HttpStatusCode.NOT_FOUND_404
87 it('Should fail to block ourselves', async function () {
88 await makePostBodyRequest({
90 token: server.accessToken,
92 fields: { accountName: 'root' },
93 expectedStatus: HttpStatusCode.CONFLICT_409
97 it('Should succeed with the correct params', async function () {
98 await makePostBodyRequest({
100 token: server.accessToken,
102 fields: { accountName: 'user1' },
103 expectedStatus: HttpStatusCode.NO_CONTENT_204
108 describe('When unblocking an account', function () {
109 it('Should fail with an unauthenticated user', async function () {
110 await makeDeleteRequest({
112 path: path + '/user1',
113 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
117 it('Should fail with an unknown account block', async function () {
118 await makeDeleteRequest({
120 path: path + '/user2',
121 token: server.accessToken,
122 expectedStatus: HttpStatusCode.NOT_FOUND_404
126 it('Should succeed with the correct params', async function () {
127 await makeDeleteRequest({
129 path: path + '/user1',
130 token: server.accessToken,
131 expectedStatus: HttpStatusCode.NO_CONTENT_204
137 describe('When managing user servers blocklist', function () {
138 const path = '/api/v1/users/me/blocklist/servers'
140 describe('When listing blocked servers', function () {
141 it('Should fail with an unauthenticated user', async function () {
142 await makeGetRequest({
145 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
149 it('Should fail with a bad start pagination', async function () {
150 await checkBadStartPagination(server.url, path, server.accessToken)
153 it('Should fail with a bad count pagination', async function () {
154 await checkBadCountPagination(server.url, path, server.accessToken)
157 it('Should fail with an incorrect sort', async function () {
158 await checkBadSortPagination(server.url, path, server.accessToken)
162 describe('When blocking a server', function () {
163 it('Should fail with an unauthenticated user', async function () {
164 await makePostBodyRequest({
167 fields: { host: 'localhost:9002' },
168 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
172 it('Should succeed with an unknown server', async function () {
173 await makePostBodyRequest({
175 token: server.accessToken,
177 fields: { host: 'localhost:9003' },
178 expectedStatus: HttpStatusCode.NO_CONTENT_204
182 it('Should fail with our own server', async function () {
183 await makePostBodyRequest({
185 token: server.accessToken,
187 fields: { host: 'localhost:' + server.port },
188 expectedStatus: HttpStatusCode.CONFLICT_409
192 it('Should succeed with the correct params', async function () {
193 await makePostBodyRequest({
195 token: server.accessToken,
197 fields: { host: 'localhost:' + servers[1].port },
198 expectedStatus: HttpStatusCode.NO_CONTENT_204
203 describe('When unblocking a server', function () {
204 it('Should fail with an unauthenticated user', async function () {
205 await makeDeleteRequest({
207 path: path + '/localhost:' + servers[1].port,
208 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
212 it('Should fail with an unknown server block', async function () {
213 await makeDeleteRequest({
215 path: path + '/localhost:9004',
216 token: server.accessToken,
217 expectedStatus: HttpStatusCode.NOT_FOUND_404
221 it('Should succeed with the correct params', async function () {
222 await makeDeleteRequest({
224 path: path + '/localhost:' + servers[1].port,
225 token: server.accessToken,
226 expectedStatus: HttpStatusCode.NO_CONTENT_204
233 describe('When managing server blocklist', function () {
235 describe('When managing server accounts blocklist', function () {
236 const path = '/api/v1/server/blocklist/accounts'
238 describe('When listing blocked accounts', function () {
239 it('Should fail with an unauthenticated user', async function () {
240 await makeGetRequest({
243 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
247 it('Should fail with a user without the appropriate rights', async function () {
248 await makeGetRequest({
250 token: userAccessToken,
252 expectedStatus: HttpStatusCode.FORBIDDEN_403
256 it('Should fail with a bad start pagination', async function () {
257 await checkBadStartPagination(server.url, path, server.accessToken)
260 it('Should fail with a bad count pagination', async function () {
261 await checkBadCountPagination(server.url, path, server.accessToken)
264 it('Should fail with an incorrect sort', async function () {
265 await checkBadSortPagination(server.url, path, server.accessToken)
269 describe('When blocking an account', function () {
270 it('Should fail with an unauthenticated user', async function () {
271 await makePostBodyRequest({
274 fields: { accountName: 'user1' },
275 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
279 it('Should fail with a user without the appropriate rights', async function () {
280 await makePostBodyRequest({
282 token: userAccessToken,
284 fields: { accountName: 'user1' },
285 expectedStatus: HttpStatusCode.FORBIDDEN_403
289 it('Should fail with an unknown account', async function () {
290 await makePostBodyRequest({
292 token: server.accessToken,
294 fields: { accountName: 'user2' },
295 expectedStatus: HttpStatusCode.NOT_FOUND_404
299 it('Should fail to block ourselves', async function () {
300 await makePostBodyRequest({
302 token: server.accessToken,
304 fields: { accountName: 'root' },
305 expectedStatus: HttpStatusCode.CONFLICT_409
309 it('Should succeed with the correct params', async function () {
310 await makePostBodyRequest({
312 token: server.accessToken,
314 fields: { accountName: 'user1' },
315 expectedStatus: HttpStatusCode.NO_CONTENT_204
320 describe('When unblocking an account', function () {
321 it('Should fail with an unauthenticated user', async function () {
322 await makeDeleteRequest({
324 path: path + '/user1',
325 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
329 it('Should fail with a user without the appropriate rights', async function () {
330 await makeDeleteRequest({
332 path: path + '/user1',
333 token: userAccessToken,
334 expectedStatus: HttpStatusCode.FORBIDDEN_403
338 it('Should fail with an unknown account block', async function () {
339 await makeDeleteRequest({
341 path: path + '/user2',
342 token: server.accessToken,
343 expectedStatus: HttpStatusCode.NOT_FOUND_404
347 it('Should succeed with the correct params', async function () {
348 await makeDeleteRequest({
350 path: path + '/user1',
351 token: server.accessToken,
352 expectedStatus: HttpStatusCode.NO_CONTENT_204
358 describe('When managing server servers blocklist', function () {
359 const path = '/api/v1/server/blocklist/servers'
361 describe('When listing blocked servers', function () {
362 it('Should fail with an unauthenticated user', async function () {
363 await makeGetRequest({
366 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
370 it('Should fail with a user without the appropriate rights', async function () {
371 await makeGetRequest({
373 token: userAccessToken,
375 expectedStatus: HttpStatusCode.FORBIDDEN_403
379 it('Should fail with a bad start pagination', async function () {
380 await checkBadStartPagination(server.url, path, server.accessToken)
383 it('Should fail with a bad count pagination', async function () {
384 await checkBadCountPagination(server.url, path, server.accessToken)
387 it('Should fail with an incorrect sort', async function () {
388 await checkBadSortPagination(server.url, path, server.accessToken)
392 describe('When blocking a server', function () {
393 it('Should fail with an unauthenticated user', async function () {
394 await makePostBodyRequest({
397 fields: { host: 'localhost:' + servers[1].port },
398 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
402 it('Should fail with a user without the appropriate rights', async function () {
403 await makePostBodyRequest({
405 token: userAccessToken,
407 fields: { host: 'localhost:' + servers[1].port },
408 expectedStatus: HttpStatusCode.FORBIDDEN_403
412 it('Should succeed with an unknown server', async function () {
413 await makePostBodyRequest({
415 token: server.accessToken,
417 fields: { host: 'localhost:9003' },
418 expectedStatus: HttpStatusCode.NO_CONTENT_204
422 it('Should fail with our own server', async function () {
423 await makePostBodyRequest({
425 token: server.accessToken,
427 fields: { host: 'localhost:' + server.port },
428 expectedStatus: HttpStatusCode.CONFLICT_409
432 it('Should succeed with the correct params', async function () {
433 await makePostBodyRequest({
435 token: server.accessToken,
437 fields: { host: 'localhost:' + servers[1].port },
438 expectedStatus: HttpStatusCode.NO_CONTENT_204
443 describe('When unblocking a server', function () {
444 it('Should fail with an unauthenticated user', async function () {
445 await makeDeleteRequest({
447 path: path + '/localhost:' + servers[1].port,
448 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
452 it('Should fail with a user without the appropriate rights', async function () {
453 await makeDeleteRequest({
455 path: path + '/localhost:' + servers[1].port,
456 token: userAccessToken,
457 expectedStatus: HttpStatusCode.FORBIDDEN_403
461 it('Should fail with an unknown server block', async function () {
462 await makeDeleteRequest({
464 path: path + '/localhost:9004',
465 token: server.accessToken,
466 expectedStatus: HttpStatusCode.NOT_FOUND_404
470 it('Should succeed with the correct params', async function () {
471 await makeDeleteRequest({
473 path: path + '/localhost:' + servers[1].port,
474 token: server.accessToken,
475 expectedStatus: HttpStatusCode.NO_CONTENT_204
482 describe('When getting blocklist status', function () {
483 const path = '/api/v1/blocklist/status'
485 it('Should fail with a bad token', async function () {
486 await makeGetRequest({
490 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
494 it('Should fail with a bad accounts field', async function () {
495 await makeGetRequest({
501 expectedStatus: HttpStatusCode.BAD_REQUEST_400
504 await makeGetRequest({
510 expectedStatus: HttpStatusCode.BAD_REQUEST_400
514 it('Should fail with a bad hosts field', async function () {
515 await makeGetRequest({
521 expectedStatus: HttpStatusCode.BAD_REQUEST_400
524 await makeGetRequest({
530 expectedStatus: HttpStatusCode.BAD_REQUEST_400
534 it('Should succeed with the correct parameters', async function () {
535 await makeGetRequest({
539 expectedStatus: HttpStatusCode.OK_200
542 await makeGetRequest({
546 hosts: [ 'example.com' ],
547 accounts: [ 'john@example.com' ]
549 expectedStatus: HttpStatusCode.OK_200
554 after(async function () {
555 await cleanupTests(servers)