server/tests/api/check-params/blocklist.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4
   5 import {
   6   cleanupTests,
   7   createUser,
   8   doubleFollow,
   9   flushAndRunMultipleServers,
  10   makeDeleteRequest,
  11   makeGetRequest,
  12   makePostBodyRequest,
  13   ServerInfo,
  14   setAccessTokensToServers,
  15   userLogin
  16 } from '../../../../shared/extra-utils'
  17 import {
  18   checkBadCountPagination,
  19   checkBadSortPagination,
  20   checkBadStartPagination
  21 } from '../../../../shared/extra-utils/requests/check-api-params'
  22 import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
  23
  24 describe('Test blocklist API validators', function () {
  25   let servers: ServerInfo[]
  26   let server: ServerInfo
  27   let userAccessToken: string
  28
  29   before(async function () {
  30     this.timeout(60000)
  31
  32     servers = await flushAndRunMultipleServers(2)
  33     await setAccessTokensToServers(servers)
  34
  35     server = servers[0]
  36
  37     const user = { username: 'user1', password: 'password' }
  38     await createUser({ url: server.url, accessToken: server.accessToken, username: user.username, password: user.password })
  39
  40     userAccessToken = await userLogin(server, user)
  41
  42     await doubleFollow(servers[0], servers[1])
  43   })
  44
  45   // ---------------------------------------------------------------
  46
  47   describe('When managing user blocklist', function () {
  48
  49     describe('When managing user accounts blocklist', function () {
  50       const path = '/api/v1/users/me/blocklist/accounts'
  51
  52       describe('When listing blocked accounts', function () {
  53         it('Should fail with an unauthenticated user', async function () {
  54           await makeGetRequest({
  55             url: server.url,
  56             path,
  57             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
  58           })
  59         })
  60
  61         it('Should fail with a bad start pagination', async function () {
  62           await checkBadStartPagination(server.url, path, server.accessToken)
  63         })
  64
  65         it('Should fail with a bad count pagination', async function () {
  66           await checkBadCountPagination(server.url, path, server.accessToken)
  67         })
  68
  69         it('Should fail with an incorrect sort', async function () {
  70           await checkBadSortPagination(server.url, path, server.accessToken)
  71         })
  72       })
  73
  74       describe('When blocking an account', function () {
  75         it('Should fail with an unauthenticated user', async function () {
  76           await makePostBodyRequest({
  77             url: server.url,
  78             path,
  79             fields: { accountName: 'user1' },
  80             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
  81           })
  82         })
  83
  84         it('Should fail with an unknown account', async function () {
  85           await makePostBodyRequest({
  86             url: server.url,
  87             token: server.accessToken,
  88             path,
  89             fields: { accountName: 'user2' },
  90             statusCodeExpected: HttpStatusCode.NOT_FOUND_404
  91           })
  92         })
  93
  94         it('Should fail to block ourselves', async function () {
  95           await makePostBodyRequest({
  96             url: server.url,
  97             token: server.accessToken,
  98             path,
  99             fields: { accountName: 'root' },
 100             statusCodeExpected: HttpStatusCode.CONFLICT_409
 101           })
 102         })
 103
 104         it('Should succeed with the correct params', async function () {
 105           await makePostBodyRequest({
 106             url: server.url,
 107             token: server.accessToken,
 108             path,
 109             fields: { accountName: 'user1' },
 110             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 111           })
 112         })
 113       })
 114
 115       describe('When unblocking an account', function () {
 116         it('Should fail with an unauthenticated user', async function () {
 117           await makeDeleteRequest({
 118             url: server.url,
 119             path: path + '/user1',
 120             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 121           })
 122         })
 123
 124         it('Should fail with an unknown account block', async function () {
 125           await makeDeleteRequest({
 126             url: server.url,
 127             path: path + '/user2',
 128             token: server.accessToken,
 129             statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 130           })
 131         })
 132
 133         it('Should succeed with the correct params', async function () {
 134           await makeDeleteRequest({
 135             url: server.url,
 136             path: path + '/user1',
 137             token: server.accessToken,
 138             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 139           })
 140         })
 141       })
 142     })
 143
 144     describe('When managing user servers blocklist', function () {
 145       const path = '/api/v1/users/me/blocklist/servers'
 146
 147       describe('When listing blocked servers', function () {
 148         it('Should fail with an unauthenticated user', async function () {
 149           await makeGetRequest({
 150             url: server.url,
 151             path,
 152             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 153           })
 154         })
 155
 156         it('Should fail with a bad start pagination', async function () {
 157           await checkBadStartPagination(server.url, path, server.accessToken)
 158         })
 159
 160         it('Should fail with a bad count pagination', async function () {
 161           await checkBadCountPagination(server.url, path, server.accessToken)
 162         })
 163
 164         it('Should fail with an incorrect sort', async function () {
 165           await checkBadSortPagination(server.url, path, server.accessToken)
 166         })
 167       })
 168
 169       describe('When blocking a server', function () {
 170         it('Should fail with an unauthenticated user', async function () {
 171           await makePostBodyRequest({
 172             url: server.url,
 173             path,
 174             fields: { host: 'localhost:9002' },
 175             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 176           })
 177         })
 178
 179         it('Should succeed with an unknown server', async function () {
 180           await makePostBodyRequest({
 181             url: server.url,
 182             token: server.accessToken,
 183             path,
 184             fields: { host: 'localhost:9003' },
 185             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 186           })
 187         })
 188
 189         it('Should fail with our own server', async function () {
 190           await makePostBodyRequest({
 191             url: server.url,
 192             token: server.accessToken,
 193             path,
 194             fields: { host: 'localhost:' + server.port },
 195             statusCodeExpected: HttpStatusCode.CONFLICT_409
 196           })
 197         })
 198
 199         it('Should succeed with the correct params', async function () {
 200           await makePostBodyRequest({
 201             url: server.url,
 202             token: server.accessToken,
 203             path,
 204             fields: { host: 'localhost:' + servers[1].port },
 205             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 206           })
 207         })
 208       })
 209
 210       describe('When unblocking a server', function () {
 211         it('Should fail with an unauthenticated user', async function () {
 212           await makeDeleteRequest({
 213             url: server.url,
 214             path: path + '/localhost:' + servers[1].port,
 215             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 216           })
 217         })
 218
 219         it('Should fail with an unknown server block', async function () {
 220           await makeDeleteRequest({
 221             url: server.url,
 222             path: path + '/localhost:9004',
 223             token: server.accessToken,
 224             statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 225           })
 226         })
 227
 228         it('Should succeed with the correct params', async function () {
 229           await makeDeleteRequest({
 230             url: server.url,
 231             path: path + '/localhost:' + servers[1].port,
 232             token: server.accessToken,
 233             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 234           })
 235         })
 236       })
 237     })
 238   })
 239
 240   describe('When managing server blocklist', function () {
 241
 242     describe('When managing server accounts blocklist', function () {
 243       const path = '/api/v1/server/blocklist/accounts'
 244
 245       describe('When listing blocked accounts', function () {
 246         it('Should fail with an unauthenticated user', async function () {
 247           await makeGetRequest({
 248             url: server.url,
 249             path,
 250             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 251           })
 252         })
 253
 254         it('Should fail with a user without the appropriate rights', async function () {
 255           await makeGetRequest({
 256             url: server.url,
 257             token: userAccessToken,
 258             path,
 259             statusCodeExpected: HttpStatusCode.FORBIDDEN_403
 260           })
 261         })
 262
 263         it('Should fail with a bad start pagination', async function () {
 264           await checkBadStartPagination(server.url, path, server.accessToken)
 265         })
 266
 267         it('Should fail with a bad count pagination', async function () {
 268           await checkBadCountPagination(server.url, path, server.accessToken)
 269         })
 270
 271         it('Should fail with an incorrect sort', async function () {
 272           await checkBadSortPagination(server.url, path, server.accessToken)
 273         })
 274       })
 275
 276       describe('When blocking an account', function () {
 277         it('Should fail with an unauthenticated user', async function () {
 278           await makePostBodyRequest({
 279             url: server.url,
 280             path,
 281             fields: { accountName: 'user1' },
 282             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 283           })
 284         })
 285
 286         it('Should fail with a user without the appropriate rights', async function () {
 287           await makePostBodyRequest({
 288             url: server.url,
 289             token: userAccessToken,
 290             path,
 291             fields: { accountName: 'user1' },
 292             statusCodeExpected: HttpStatusCode.FORBIDDEN_403
 293           })
 294         })
 295
 296         it('Should fail with an unknown account', async function () {
 297           await makePostBodyRequest({
 298             url: server.url,
 299             token: server.accessToken,
 300             path,
 301             fields: { accountName: 'user2' },
 302             statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 303           })
 304         })
 305
 306         it('Should fail to block ourselves', async function () {
 307           await makePostBodyRequest({
 308             url: server.url,
 309             token: server.accessToken,
 310             path,
 311             fields: { accountName: 'root' },
 312             statusCodeExpected: HttpStatusCode.CONFLICT_409
 313           })
 314         })
 315
 316         it('Should succeed with the correct params', async function () {
 317           await makePostBodyRequest({
 318             url: server.url,
 319             token: server.accessToken,
 320             path,
 321             fields: { accountName: 'user1' },
 322             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 323           })
 324         })
 325       })
 326
 327       describe('When unblocking an account', function () {
 328         it('Should fail with an unauthenticated user', async function () {
 329           await makeDeleteRequest({
 330             url: server.url,
 331             path: path + '/user1',
 332             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 333           })
 334         })
 335
 336         it('Should fail with a user without the appropriate rights', async function () {
 337           await makeDeleteRequest({
 338             url: server.url,
 339             path: path + '/user1',
 340             token: userAccessToken,
 341             statusCodeExpected: HttpStatusCode.FORBIDDEN_403
 342           })
 343         })
 344
 345         it('Should fail with an unknown account block', async function () {
 346           await makeDeleteRequest({
 347             url: server.url,
 348             path: path + '/user2',
 349             token: server.accessToken,
 350             statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 351           })
 352         })
 353
 354         it('Should succeed with the correct params', async function () {
 355           await makeDeleteRequest({
 356             url: server.url,
 357             path: path + '/user1',
 358             token: server.accessToken,
 359             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 360           })
 361         })
 362       })
 363     })
 364
 365     describe('When managing server servers blocklist', function () {
 366       const path = '/api/v1/server/blocklist/servers'
 367
 368       describe('When listing blocked servers', function () {
 369         it('Should fail with an unauthenticated user', async function () {
 370           await makeGetRequest({
 371             url: server.url,
 372             path,
 373             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 374           })
 375         })
 376
 377         it('Should fail with a user without the appropriate rights', async function () {
 378           await makeGetRequest({
 379             url: server.url,
 380             token: userAccessToken,
 381             path,
 382             statusCodeExpected: HttpStatusCode.FORBIDDEN_403
 383           })
 384         })
 385
 386         it('Should fail with a bad start pagination', async function () {
 387           await checkBadStartPagination(server.url, path, server.accessToken)
 388         })
 389
 390         it('Should fail with a bad count pagination', async function () {
 391           await checkBadCountPagination(server.url, path, server.accessToken)
 392         })
 393
 394         it('Should fail with an incorrect sort', async function () {
 395           await checkBadSortPagination(server.url, path, server.accessToken)
 396         })
 397       })
 398
 399       describe('When blocking a server', function () {
 400         it('Should fail with an unauthenticated user', async function () {
 401           await makePostBodyRequest({
 402             url: server.url,
 403             path,
 404             fields: { host: 'localhost:' + servers[1].port },
 405             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 406           })
 407         })
 408
 409         it('Should fail with a user without the appropriate rights', async function () {
 410           await makePostBodyRequest({
 411             url: server.url,
 412             token: userAccessToken,
 413             path,
 414             fields: { host: 'localhost:' + servers[1].port },
 415             statusCodeExpected: HttpStatusCode.FORBIDDEN_403
 416           })
 417         })
 418
 419         it('Should succeed with an unknown server', async function () {
 420           await makePostBodyRequest({
 421             url: server.url,
 422             token: server.accessToken,
 423             path,
 424             fields: { host: 'localhost:9003' },
 425             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 426           })
 427         })
 428
 429         it('Should fail with our own server', async function () {
 430           await makePostBodyRequest({
 431             url: server.url,
 432             token: server.accessToken,
 433             path,
 434             fields: { host: 'localhost:' + server.port },
 435             statusCodeExpected: HttpStatusCode.CONFLICT_409
 436           })
 437         })
 438
 439         it('Should succeed with the correct params', async function () {
 440           await makePostBodyRequest({
 441             url: server.url,
 442             token: server.accessToken,
 443             path,
 444             fields: { host: 'localhost:' + servers[1].port },
 445             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 446           })
 447         })
 448       })
 449
 450       describe('When unblocking a server', function () {
 451         it('Should fail with an unauthenticated user', async function () {
 452           await makeDeleteRequest({
 453             url: server.url,
 454             path: path + '/localhost:' + servers[1].port,
 455             statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401
 456           })
 457         })
 458
 459         it('Should fail with a user without the appropriate rights', async function () {
 460           await makeDeleteRequest({
 461             url: server.url,
 462             path: path + '/localhost:' + servers[1].port,
 463             token: userAccessToken,
 464             statusCodeExpected: HttpStatusCode.FORBIDDEN_403
 465           })
 466         })
 467
 468         it('Should fail with an unknown server block', async function () {
 469           await makeDeleteRequest({
 470             url: server.url,
 471             path: path + '/localhost:9004',
 472             token: server.accessToken,
 473             statusCodeExpected: HttpStatusCode.NOT_FOUND_404
 474           })
 475         })
 476
 477         it('Should succeed with the correct params', async function () {
 478           await makeDeleteRequest({
 479             url: server.url,
 480             path: path + '/localhost:' + servers[1].port,
 481             token: server.accessToken,
 482             statusCodeExpected: HttpStatusCode.NO_CONTENT_204
 483           })
 484         })
 485       })
 486     })
 487   })
 488
 489   after(async function () {
 490     await cleanupTests(servers)
 491   })
 492 })