server/tests/api/check-params/video-blacklist.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { expect } from 'chai'
   5 import {
   6   BlacklistCommand,
   7   checkBadCountPagination,
   8   checkBadSortPagination,
   9   checkBadStartPagination,
  10   cleanupTests,
  11   createMultipleServers,
  12   doubleFollow,
  13   makePostBodyRequest,
  14   makePutBodyRequest,
  15   PeerTubeServer,
  16   setAccessTokensToServers,
  17   waitJobs
  18 } from '@shared/extra-utils'
  19 import { HttpStatusCode, VideoBlacklistType } from '@shared/models'
  20
  21 describe('Test video blacklist API validators', function () {
  22   let servers: PeerTubeServer[]
  23   let notBlacklistedVideoId: string
  24   let remoteVideoUUID: string
  25   let userAccessToken1 = ''
  26   let userAccessToken2 = ''
  27   let command: BlacklistCommand
  28
  29   // ---------------------------------------------------------------
  30
  31   before(async function () {
  32     this.timeout(120000)
  33
  34     servers = await createMultipleServers(2)
  35
  36     await setAccessTokensToServers(servers)
  37     await doubleFollow(servers[0], servers[1])
  38
  39     {
  40       const username = 'user1'
  41       const password = 'my super password'
  42       await servers[0].users.create({ username: username, password: password })
  43       userAccessToken1 = await servers[0].login.getAccessToken({ username, password })
  44     }
  45
  46     {
  47       const username = 'user2'
  48       const password = 'my super password'
  49       await servers[0].users.create({ username: username, password: password })
  50       userAccessToken2 = await servers[0].login.getAccessToken({ username, password })
  51     }
  52
  53     {
  54       servers[0].store.videoCreated = await servers[0].videos.upload({ token: userAccessToken1 })
  55     }
  56
  57     {
  58       const { uuid } = await servers[0].videos.upload()
  59       notBlacklistedVideoId = uuid
  60     }
  61
  62     {
  63       const { uuid } = await servers[1].videos.upload()
  64       remoteVideoUUID = uuid
  65     }
  66
  67     await waitJobs(servers)
  68
  69     command = servers[0].blacklist
  70   })
  71
  72   describe('When adding a video in blacklist', function () {
  73     const basePath = '/api/v1/videos/'
  74
  75     it('Should fail with nothing', async function () {
  76       const path = basePath + servers[0].store.videoCreated + '/blacklist'
  77       const fields = {}
  78       await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
  79     })
  80
  81     it('Should fail with a wrong video', async function () {
  82       const wrongPath = '/api/v1/videos/blabla/blacklist'
  83       const fields = {}
  84       await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
  85     })
  86
  87     it('Should fail with a non authenticated user', async function () {
  88       const path = basePath + servers[0].store.videoCreated + '/blacklist'
  89       const fields = {}
  90       await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
  91     })
  92
  93     it('Should fail with a non admin user', async function () {
  94       const path = basePath + servers[0].store.videoCreated + '/blacklist'
  95       const fields = {}
  96       await makePostBodyRequest({
  97         url: servers[0].url,
  98         path,
  99         token: userAccessToken2,
 100         fields,
 101         expectedStatus: HttpStatusCode.FORBIDDEN_403
 102       })
 103     })
 104
 105     it('Should fail with an invalid reason', async function () {
 106       const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
 107       const fields = { reason: 'a'.repeat(305) }
 108
 109       await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
 110     })
 111
 112     it('Should fail to unfederate a remote video', async function () {
 113       const path = basePath + remoteVideoUUID + '/blacklist'
 114       const fields = { unfederate: true }
 115
 116       await makePostBodyRequest({
 117         url: servers[0].url,
 118         path,
 119         token: servers[0].accessToken,
 120         fields,
 121         expectedStatus: HttpStatusCode.CONFLICT_409
 122       })
 123     })
 124
 125     it('Should succeed with the correct params', async function () {
 126       const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
 127       const fields = {}
 128
 129       await makePostBodyRequest({
 130         url: servers[0].url,
 131         path,
 132         token: servers[0].accessToken,
 133         fields,
 134         expectedStatus: HttpStatusCode.NO_CONTENT_204
 135       })
 136     })
 137   })
 138
 139   describe('When updating a video in blacklist', function () {
 140     const basePath = '/api/v1/videos/'
 141
 142     it('Should fail with a wrong video', async function () {
 143       const wrongPath = '/api/v1/videos/blabla/blacklist'
 144       const fields = {}
 145       await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
 146     })
 147
 148     it('Should fail with a video not blacklisted', async function () {
 149       const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
 150       const fields = {}
 151       await makePutBodyRequest({
 152         url: servers[0].url,
 153         path,
 154         token: servers[0].accessToken,
 155         fields,
 156         expectedStatus: HttpStatusCode.NOT_FOUND_404
 157       })
 158     })
 159
 160     it('Should fail with a non authenticated user', async function () {
 161       const path = basePath + servers[0].store.videoCreated + '/blacklist'
 162       const fields = {}
 163       await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 164     })
 165
 166     it('Should fail with a non admin user', async function () {
 167       const path = basePath + servers[0].store.videoCreated + '/blacklist'
 168       const fields = {}
 169       await makePutBodyRequest({
 170         url: servers[0].url,
 171         path,
 172         token: userAccessToken2,
 173         fields,
 174         expectedStatus: HttpStatusCode.FORBIDDEN_403
 175       })
 176     })
 177
 178     it('Should fail with an invalid reason', async function () {
 179       const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
 180       const fields = { reason: 'a'.repeat(305) }
 181
 182       await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
 183     })
 184
 185     it('Should succeed with the correct params', async function () {
 186       const path = basePath + servers[0].store.videoCreated.shortUUID + '/blacklist'
 187       const fields = { reason: 'hello' }
 188
 189       await makePutBodyRequest({
 190         url: servers[0].url,
 191         path,
 192         token: servers[0].accessToken,
 193         fields,
 194         expectedStatus: HttpStatusCode.NO_CONTENT_204
 195       })
 196     })
 197   })
 198
 199   describe('When getting blacklisted video', function () {
 200
 201     it('Should fail with a non authenticated user', async function () {
 202       await servers[0].videos.get({ id: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 203     })
 204
 205     it('Should fail with another user', async function () {
 206       await servers[0].videos.getWithToken({
 207         token: userAccessToken2,
 208         id: servers[0].store.videoCreated.uuid,
 209         expectedStatus: HttpStatusCode.FORBIDDEN_403
 210       })
 211     })
 212
 213     it('Should succeed with the owner authenticated user', async function () {
 214       const video = await servers[0].videos.getWithToken({ token: userAccessToken1, id: servers[0].store.videoCreated.uuid })
 215       expect(video.blacklisted).to.be.true
 216     })
 217
 218     it('Should succeed with an admin', async function () {
 219       const video = servers[0].store.videoCreated
 220
 221       for (const id of [ video.id, video.uuid, video.shortUUID ]) {
 222         const video = await servers[0].videos.getWithToken({ id, expectedStatus: HttpStatusCode.OK_200 })
 223         expect(video.blacklisted).to.be.true
 224       }
 225     })
 226   })
 227
 228   describe('When removing a video in blacklist', function () {
 229
 230     it('Should fail with a non authenticated user', async function () {
 231       await command.remove({
 232         token: 'fake token',
 233         videoId: servers[0].store.videoCreated.uuid,
 234         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 235       })
 236     })
 237
 238     it('Should fail with a non admin user', async function () {
 239       await command.remove({
 240         token: userAccessToken2,
 241         videoId: servers[0].store.videoCreated.uuid,
 242         expectedStatus: HttpStatusCode.FORBIDDEN_403
 243       })
 244     })
 245
 246     it('Should fail with an incorrect id', async function () {
 247       await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 248     })
 249
 250     it('Should fail with a not blacklisted video', async function () {
 251       // The video was not added to the blacklist so it should fail
 252       await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 253     })
 254
 255     it('Should succeed with the correct params', async function () {
 256       await command.remove({ videoId: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 257     })
 258   })
 259
 260   describe('When listing videos in blacklist', function () {
 261     const basePath = '/api/v1/videos/blacklist/'
 262
 263     it('Should fail with a non authenticated user', async function () {
 264       await servers[0].blacklist.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 265     })
 266
 267     it('Should fail with a non admin user', async function () {
 268       await servers[0].blacklist.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 269     })
 270
 271     it('Should fail with a bad start pagination', async function () {
 272       await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
 273     })
 274
 275     it('Should fail with a bad count pagination', async function () {
 276       await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
 277     })
 278
 279     it('Should fail with an incorrect sort', async function () {
 280       await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
 281     })
 282
 283     it('Should fail with an invalid type', async function () {
 284       await servers[0].blacklist.list({ type: 0, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 285     })
 286
 287     it('Should succeed with the correct parameters', async function () {
 288       await servers[0].blacklist.list({ type: VideoBlacklistType.MANUAL })
 289     })
 290   })
 291
 292   after(async function () {
 293     await cleanupTests(servers)
 294   })
 295 })