server/tests/api/check-params/video-blacklist.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { expect } from 'chai'
   5 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
   6 import { HttpStatusCode, VideoBlacklistType } from '@shared/models'
   7 import {
   8   BlacklistCommand,
   9   cleanupTests,
  10   createMultipleServers,
  11   doubleFollow,
  12   makePostBodyRequest,
  13   makePutBodyRequest,
  14   PeerTubeServer,
  15   setAccessTokensToServers,
  16   waitJobs
  17 } from '@shared/server-commands'
  18
  19 describe('Test video blacklist API validators', function () {
  20   let servers: PeerTubeServer[]
  21   let notBlacklistedVideoId: string
  22   let remoteVideoUUID: string
  23   let userAccessToken1 = ''
  24   let userAccessToken2 = ''
  25   let command: BlacklistCommand
  26
  27   // ---------------------------------------------------------------
  28
  29   before(async function () {
  30     this.timeout(120000)
  31
  32     servers = await createMultipleServers(2)
  33
  34     await setAccessTokensToServers(servers)
  35     await doubleFollow(servers[0], servers[1])
  36
  37     {
  38       const username = 'user1'
  39       const password = 'my super password'
  40       await servers[0].users.create({ username: username, password: password })
  41       userAccessToken1 = await servers[0].login.getAccessToken({ username, password })
  42     }
  43
  44     {
  45       const username = 'user2'
  46       const password = 'my super password'
  47       await servers[0].users.create({ username: username, password: password })
  48       userAccessToken2 = await servers[0].login.getAccessToken({ username, password })
  49     }
  50
  51     {
  52       servers[0].store.videoCreated = await servers[0].videos.upload({ token: userAccessToken1 })
  53     }
  54
  55     {
  56       const { uuid } = await servers[0].videos.upload()
  57       notBlacklistedVideoId = uuid
  58     }
  59
  60     {
  61       const { uuid } = await servers[1].videos.upload()
  62       remoteVideoUUID = uuid
  63     }
  64
  65     await waitJobs(servers)
  66
  67     command = servers[0].blacklist
  68   })
  69
  70   describe('When adding a video in blacklist', function () {
  71     const basePath = '/api/v1/videos/'
  72
  73     it('Should fail with nothing', async function () {
  74       const path = basePath + servers[0].store.videoCreated + '/blacklist'
  75       const fields = {}
  76       await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
  77     })
  78
  79     it('Should fail with a wrong video', async function () {
  80       const wrongPath = '/api/v1/videos/blabla/blacklist'
  81       const fields = {}
  82       await makePostBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
  83     })
  84
  85     it('Should fail with a non authenticated user', async function () {
  86       const path = basePath + servers[0].store.videoCreated + '/blacklist'
  87       const fields = {}
  88       await makePostBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
  89     })
  90
  91     it('Should fail with a non admin user', async function () {
  92       const path = basePath + servers[0].store.videoCreated + '/blacklist'
  93       const fields = {}
  94       await makePostBodyRequest({
  95         url: servers[0].url,
  96         path,
  97         token: userAccessToken2,
  98         fields,
  99         expectedStatus: HttpStatusCode.FORBIDDEN_403
 100       })
 101     })
 102
 103     it('Should fail with an invalid reason', async function () {
 104       const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
 105       const fields = { reason: 'a'.repeat(305) }
 106
 107       await makePostBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
 108     })
 109
 110     it('Should fail to unfederate a remote video', async function () {
 111       const path = basePath + remoteVideoUUID + '/blacklist'
 112       const fields = { unfederate: true }
 113
 114       await makePostBodyRequest({
 115         url: servers[0].url,
 116         path,
 117         token: servers[0].accessToken,
 118         fields,
 119         expectedStatus: HttpStatusCode.CONFLICT_409
 120       })
 121     })
 122
 123     it('Should succeed with the correct params', async function () {
 124       const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
 125       const fields = {}
 126
 127       await makePostBodyRequest({
 128         url: servers[0].url,
 129         path,
 130         token: servers[0].accessToken,
 131         fields,
 132         expectedStatus: HttpStatusCode.NO_CONTENT_204
 133       })
 134     })
 135   })
 136
 137   describe('When updating a video in blacklist', function () {
 138     const basePath = '/api/v1/videos/'
 139
 140     it('Should fail with a wrong video', async function () {
 141       const wrongPath = '/api/v1/videos/blabla/blacklist'
 142       const fields = {}
 143       await makePutBodyRequest({ url: servers[0].url, path: wrongPath, token: servers[0].accessToken, fields })
 144     })
 145
 146     it('Should fail with a video not blacklisted', async function () {
 147       const path = '/api/v1/videos/' + notBlacklistedVideoId + '/blacklist'
 148       const fields = {}
 149       await makePutBodyRequest({
 150         url: servers[0].url,
 151         path,
 152         token: servers[0].accessToken,
 153         fields,
 154         expectedStatus: HttpStatusCode.NOT_FOUND_404
 155       })
 156     })
 157
 158     it('Should fail with a non authenticated user', async function () {
 159       const path = basePath + servers[0].store.videoCreated + '/blacklist'
 160       const fields = {}
 161       await makePutBodyRequest({ url: servers[0].url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 162     })
 163
 164     it('Should fail with a non admin user', async function () {
 165       const path = basePath + servers[0].store.videoCreated + '/blacklist'
 166       const fields = {}
 167       await makePutBodyRequest({
 168         url: servers[0].url,
 169         path,
 170         token: userAccessToken2,
 171         fields,
 172         expectedStatus: HttpStatusCode.FORBIDDEN_403
 173       })
 174     })
 175
 176     it('Should fail with an invalid reason', async function () {
 177       const path = basePath + servers[0].store.videoCreated.uuid + '/blacklist'
 178       const fields = { reason: 'a'.repeat(305) }
 179
 180       await makePutBodyRequest({ url: servers[0].url, path, token: servers[0].accessToken, fields })
 181     })
 182
 183     it('Should succeed with the correct params', async function () {
 184       const path = basePath + servers[0].store.videoCreated.shortUUID + '/blacklist'
 185       const fields = { reason: 'hello' }
 186
 187       await makePutBodyRequest({
 188         url: servers[0].url,
 189         path,
 190         token: servers[0].accessToken,
 191         fields,
 192         expectedStatus: HttpStatusCode.NO_CONTENT_204
 193       })
 194     })
 195   })
 196
 197   describe('When getting blacklisted video', function () {
 198
 199     it('Should fail with a non authenticated user', async function () {
 200       await servers[0].videos.get({ id: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 201     })
 202
 203     it('Should fail with another user', async function () {
 204       await servers[0].videos.getWithToken({
 205         token: userAccessToken2,
 206         id: servers[0].store.videoCreated.uuid,
 207         expectedStatus: HttpStatusCode.FORBIDDEN_403
 208       })
 209     })
 210
 211     it('Should succeed with the owner authenticated user', async function () {
 212       const video = await servers[0].videos.getWithToken({ token: userAccessToken1, id: servers[0].store.videoCreated.uuid })
 213       expect(video.blacklisted).to.be.true
 214     })
 215
 216     it('Should succeed with an admin', async function () {
 217       const video = servers[0].store.videoCreated
 218
 219       for (const id of [ video.id, video.uuid, video.shortUUID ]) {
 220         const video = await servers[0].videos.getWithToken({ id, expectedStatus: HttpStatusCode.OK_200 })
 221         expect(video.blacklisted).to.be.true
 222       }
 223     })
 224   })
 225
 226   describe('When removing a video in blacklist', function () {
 227
 228     it('Should fail with a non authenticated user', async function () {
 229       await command.remove({
 230         token: 'fake token',
 231         videoId: servers[0].store.videoCreated.uuid,
 232         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 233       })
 234     })
 235
 236     it('Should fail with a non admin user', async function () {
 237       await command.remove({
 238         token: userAccessToken2,
 239         videoId: servers[0].store.videoCreated.uuid,
 240         expectedStatus: HttpStatusCode.FORBIDDEN_403
 241       })
 242     })
 243
 244     it('Should fail with an incorrect id', async function () {
 245       await command.remove({ videoId: 'hello', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 246     })
 247
 248     it('Should fail with a not blacklisted video', async function () {
 249       // The video was not added to the blacklist so it should fail
 250       await command.remove({ videoId: notBlacklistedVideoId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 251     })
 252
 253     it('Should succeed with the correct params', async function () {
 254       await command.remove({ videoId: servers[0].store.videoCreated.uuid, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 255     })
 256   })
 257
 258   describe('When listing videos in blacklist', function () {
 259     const basePath = '/api/v1/videos/blacklist/'
 260
 261     it('Should fail with a non authenticated user', async function () {
 262       await servers[0].blacklist.list({ token: 'fake token', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 263     })
 264
 265     it('Should fail with a non admin user', async function () {
 266       await servers[0].blacklist.list({ token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 267     })
 268
 269     it('Should fail with a bad start pagination', async function () {
 270       await checkBadStartPagination(servers[0].url, basePath, servers[0].accessToken)
 271     })
 272
 273     it('Should fail with a bad count pagination', async function () {
 274       await checkBadCountPagination(servers[0].url, basePath, servers[0].accessToken)
 275     })
 276
 277     it('Should fail with an incorrect sort', async function () {
 278       await checkBadSortPagination(servers[0].url, basePath, servers[0].accessToken)
 279     })
 280
 281     it('Should fail with an invalid type', async function () {
 282       await servers[0].blacklist.list({ type: 0, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 283     })
 284
 285     it('Should succeed with the correct parameters', async function () {
 286       await servers[0].blacklist.list({ type: VideoBlacklistType.MANUAL })
 287     })
 288   })
 289
 290   after(async function () {
 291     await cleanupTests(servers)
 292   })
 293 })