server/tests/api/check-params/video-blacklist.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import { expect } from 'chai'
   4 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
   5 import { HttpStatusCode, VideoBlacklistType } from '@shared/models'
   6 import {
   7   BlacklistCommand,
   8   cleanupTests,
   9   createMultipleServers,
  10   doubleFollow,
  11   makePostBodyRequest,
  12   makePutBodyRequest,
  13   PeerTubeServer,
  14   setAccessTokensToServers,
  15   waitJobs
  16 } from '@shared/server-commands'
  17
  18 describe('Test video blacklist API validators', function () {
  19   let servers: PeerTubeServer[]
  20   let notBlacklistedVideoId: string
  21   let remoteVideoUUID: string
  22   let userAccessToken1 = ''
  23   let userAccessToken2 = ''
  24   let command: BlacklistCommand
  25
  26   // ---------------------------------------------------------------
  27
  28   before(async function () {
  29     this.timeout(120000)
  30
  31     servers = await createMultipleServers(2)
  32
  33     await setAccessTokensToServers(servers)
  34     await doubleFollow(servers[0], servers[1])
  35
  36     {
  37       const username = 'user1'
  38       const password = 'my super password'
  39       await servers[0].users.create({ username, password })
  40       userAccessToken1 = await servers[0].login.getAccessToken({ username, password })
  41     }
  42
  43     {
  44       const username = 'user2'
  45       const password = 'my super password'
  46       await servers[0].users.create({ username, password })
  47       userAccessToken2 = await servers[0].login.getAccessToken({ username, password })
  48     }
  49
  50     {
  51       servers[0].store.videoCreated = await servers[0].videos.upload({ token: userAccessToken1 })
  52     }
  53
  54     {
  55       const { uuid } = await servers[0].videos.upload()
  56       notBlacklistedVideoId = uuid
  57     }
  58
  59     {
  60       const { uuid } = await servers[1].videos.upload()
  61       remoteVideoUUID = uuid
  62     }
  63
  64     await waitJobs(servers)
  65
  66     command = servers[0].blacklist
  67   })
  68
  69   describe('When adding a video in blacklist', function () {
  70     const basePath = '/api/v1/videos/'
  71
  72     it('Should fail with nothing', async function () {
  73       const path = basePath + servers[0].store.videoCreated + '/blacklist'
  74       const fields = {}
  75       await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
  76     })
  77
  78     it('Should fail with a wrong video', async function () {
  79       const wrongPath = '/api/v1/videos/blabla/blacklist'
  80       const fields = {}
  81       await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
  82     })
  83
  84     it('Should fail with a non authenticated user', async function () {
  85       const path = basePath + servers[0].store.videoCreated + '/blacklist'
  86       const fields = {}
  87       await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
  88     })
  89
  90     it('Should fail with a non admin user', async function () {
  91       const path = basePath + servers[0].store.videoCreated + '/blacklist'
  92       const fields = {}
  93       await makePostBodyRequest({
  94         url: servers[0].url,
  95         path,
  96         token: userAccessToken2,
  97         fields,
  98         expectedStatus: HttpStatusCode.FORBIDDEN_403
  99       })
 100     })
 101
 102     it('Should fail with an invalid reason', async function () {
 103       const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
 104       const fields = { reason: 'a'.repeat(305) }
 105
 106       await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
 107     })
 108
 109     it('Should fail to unfederate a remote video', async function () {
 110       const path = basePath + remoteVideoUUID + '/blacklist'
 111       const fields = { unfederate: true }
 112
 113       await makePostBodyRequest({
 114         url: servers[0].url,
 115         path,
 116         token: servers[0].accessToken,
 117         fields,
 118         expectedStatus: HttpStatusCode.CONFLICT_409
 119       })
 120     })
 121
 122     it('Should succeed with the correct params', async function () {
 123       const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
 124       const fields = {}
 125
 126       await makePostBodyRequest({
 127         url: servers[0].url,
 128         path,
 129         token: servers[0].accessToken,
 130         fields,
 131         expectedStatus: HttpStatusCode.NO_CONTENT_204
 132       })
 133     })
 134   })
 135
 136   describe('When updating a video in blacklist', function () {
 137     const basePath = '/api/v1/videos/'
 138
 139     it('Should fail with a wrong video', async function () {
 140       const wrongPath = '/api/v1/videos/blabla/blacklist'
 141       const fields = {}
 142       await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
 143     })
 144
 145     it('Should fail with a video not blacklisted', async function () {
 146       const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
 147       const fields = {}
 148       await makePutBodyRequest({
 149         url: servers[0].url,
 150         path,
 151         token: servers[0].accessToken,
 152         fields,
 153         expectedStatus: HttpStatusCode.NOT_FOUND_404
 154       })
 155     })
 156
 157     it('Should fail with a non authenticated user', async function () {
 158       const path = basePath + servers[0].store.videoCreated + '/blacklist'
 159       const fields = {}
 160       await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 161     })
 162
 163     it('Should fail with a non admin user', async function () {
 164       const path = basePath + servers[0].store.videoCreated + '/blacklist'
 165       const fields = {}
 166       await makePutBodyRequest({
 167         url: servers[0].url,
 168         path,
 169         token: userAccessToken2,
 170         fields,
 171         expectedStatus: HttpStatusCode.FORBIDDEN_403
 172       })
 173     })
 174
 175     it('Should fail with an invalid reason', async function () {
 176       const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
 177       const fields = { reason: 'a'.repeat(305) }
 178
 179       await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
 180     })
 181
 182     it('Should succeed with the correct params', async function () {
 183       const path = basePath + servers[0].store.videoCreated.shortUUID + '/blacklist'
 184       const fields = { reason: 'hello' }
 185
 186       await makePutBodyRequest({
 187         url: servers[0].url,
 188         path,
 189         token: servers[0].accessToken,
 190         fields,
 191         expectedStatus: HttpStatusCode.NO_CONTENT_204
 192       })
 193     })
 194   })
 195
 196   describe('When getting blacklisted video', function () {
 197
 198     it('Should fail with a non authenticated user', async function () {
 199       await servers[0].videos.get({ id: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 200     })
 201
 202     it('Should fail with another user', async function () {
 203       await servers[0].videos.getWithToken({
 204         token: userAccessToken2,
 205         id: servers[0].store.videoCreated.uuid,
 206         expectedStatus: HttpStatusCode.FORBIDDEN_403
 207       })
 208     })
 209
 210     it('Should succeed with the owner authenticated user', async function () {
 211       const video = await servers[0].videos.getWithToken({ token: userAccessToken1, id: servers[0].store.videoCreated.uuid })
 212       expect(video.blacklisted).to.be.true
 213     })
 214
 215     it('Should succeed with an admin', async function () {
 216       const video = servers[0].store.videoCreated
 217
 218       for (const id of [ video.id, video.uuid, video.shortUUID ]) {
 219         const video = await servers[0].videos.getWithToken({ id, expectedStatus: HttpStatusCode.OK_200 })
 220         expect(video.blacklisted).to.be.true
 221       }
 222     })
 223   })
 224
 225   describe('When removing a video in blacklist', function () {
 226
 227     it('Should fail with a non authenticated user', async function () {
 228       await command.remove({
 229         token: 'fake token',
 230         videoId: servers[0].store.videoCreated.uuid,
 231         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 232       })
 233     })
 234
 235     it('Should fail with a non admin user', async function () {
 236       await command.remove({
 237         token: userAccessToken2,
 238         videoId: servers[0].store.videoCreated.uuid,
 239         expectedStatus: HttpStatusCode.FORBIDDEN_403
 240       })
 241     })
 242
 243     it('Should fail with an incorrect id', async function () {
 244       await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 245     })
 246
 247     it('Should fail with a not blacklisted video', async function () {
 248       // The video was not added to the blacklist so it should fail
 249       await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 250     })
 251
 252     it('Should succeed with the correct params', async function () {
 253       await command.remove({ videoId: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 254     })
 255   })
 256
 257   describe('When listing videos in blacklist', function () {
 258     const basePath = '/api/v1/videos/blacklist/'
 259
 260     it('Should fail with a non authenticated user', async function () {
 261       await servers[0].blacklist.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 262     })
 263
 264     it('Should fail with a non admin user', async function () {
 265       await servers[0].blacklist.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 266     })
 267
 268     it('Should fail with a bad start pagination', async function () {
 269       await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
 270     })
 271
 272     it('Should fail with a bad count pagination', async function () {
 273       await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
 274     })
 275
 276     it('Should fail with an incorrect sort', async function () {
 277       await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
 278     })
 279
 280     it('Should fail with an invalid type', async function () {
 281       await servers[0].blacklist.list({ type: 0, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 282     })
 283
 284     it('Should succeed with the correct parameters', async function () {
 285       await servers[0].blacklist.list({ type: VideoBlacklistType.MANUAL })
 286     })
 287   })
 288
 289   after(async function () {
 290     await cleanupTests(servers)
 291   })
 292 })