server/tests/api/videos/video-privacy.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import {
   6   cleanupTests,
   7   createSingleServer,
   8   doubleFollow,
   9   PeerTubeServer,
  10   setAccessTokensToServers,
  11   wait,
  12   waitJobs
  13 } from '@shared/extra-utils'
  14 import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
  15
  16 const expect = chai.expect
  17
  18 describe('Test video privacy', function () {
  19   const servers: PeerTubeServer[] = []
  20   let anotherUserToken: string
  21
  22   let privateVideoId: number
  23   let privateVideoUUID: string
  24
  25   let internalVideoId: number
  26   let internalVideoUUID: string
  27
  28   let unlistedVideo: VideoCreateResult
  29   let nonFederatedUnlistedVideoUUID: string
  30
  31   let now: number
  32
  33   const dontFederateUnlistedConfig = {
  34     federation: {
  35       videos: {
  36         federate_unlisted: false
  37       }
  38     }
  39   }
  40
  41   before(async function () {
  42     this.timeout(50000)
  43
  44     // Run servers
  45     servers.push(await createSingleServer(1, dontFederateUnlistedConfig))
  46     servers.push(await createSingleServer(2))
  47
  48     // Get the access tokens
  49     await setAccessTokensToServers(servers)
  50
  51     // Server 1 and server 2 follow each other
  52     await doubleFollow(servers[0], servers[1])
  53   })
  54
  55   describe('Private and internal videos', function () {
  56
  57     it('Should upload a private and internal videos on server 1', async function () {
  58       this.timeout(10000)
  59
  60       for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
  61         const attributes = { privacy }
  62         await servers[0].videos.upload({ attributes })
  63       }
  64
  65       await waitJobs(servers)
  66     })
  67
  68     it('Should not have these private and internal videos on server 2', async function () {
  69       const { total, data } = await servers[1].videos.list()
  70
  71       expect(total).to.equal(0)
  72       expect(data).to.have.lengthOf(0)
  73     })
  74
  75     it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
  76       const { total, data } = await servers[0].videos.list()
  77
  78       expect(total).to.equal(0)
  79       expect(data).to.have.lengthOf(0)
  80     })
  81
  82     it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
  83       const { total, data } = await servers[0].videos.listWithToken()
  84
  85       expect(total).to.equal(1)
  86       expect(data).to.have.lengthOf(1)
  87
  88       expect(data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
  89     })
  90
  91     it('Should list my (private and internal) videos', async function () {
  92       const { total, data } = await servers[0].videos.listMyVideos()
  93
  94       expect(total).to.equal(2)
  95       expect(data).to.have.lengthOf(2)
  96
  97       const privateVideo = data.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
  98       privateVideoId = privateVideo.id
  99       privateVideoUUID = privateVideo.uuid
 100
 101       const internalVideo = data.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
 102       internalVideoId = internalVideo.id
 103       internalVideoUUID = internalVideo.uuid
 104     })
 105
 106     it('Should not be able to watch the private/internal video with non authenticated user', async function () {
 107       await servers[0].videos.get({ id: privateVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 108       await servers[0].videos.get({ id: internalVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 109     })
 110
 111     it('Should not be able to watch the private video with another user', async function () {
 112       this.timeout(10000)
 113
 114       const user = {
 115         username: 'hello',
 116         password: 'super password'
 117       }
 118       await servers[0].users.create({ username: user.username, password: user.password })
 119
 120       anotherUserToken = await servers[0].login.getAccessToken(user)
 121
 122       await servers[0].videos.getWithToken({
 123         token: anotherUserToken,
 124         id: privateVideoUUID,
 125         expectedStatus: HttpStatusCode.FORBIDDEN_403
 126       })
 127     })
 128
 129     it('Should be able to watch the internal video with another user', async function () {
 130       await servers[0].videos.getWithToken({ token: anotherUserToken, id: internalVideoUUID })
 131     })
 132
 133     it('Should be able to watch the private video with the correct user', async function () {
 134       await servers[0].videos.getWithToken({ id: privateVideoUUID })
 135     })
 136   })
 137
 138   describe('Unlisted videos', function () {
 139
 140     it('Should upload an unlisted video on server 2', async function () {
 141       this.timeout(60000)
 142
 143       const attributes = {
 144         name: 'unlisted video',
 145         privacy: VideoPrivacy.UNLISTED
 146       }
 147       await servers[1].videos.upload({ attributes })
 148
 149       // Server 2 has transcoding enabled
 150       await waitJobs(servers)
 151     })
 152
 153     it('Should not have this unlisted video listed on server 1 and 2', async function () {
 154       for (const server of servers) {
 155         const { total, data } = await server.videos.list()
 156
 157         expect(total).to.equal(0)
 158         expect(data).to.have.lengthOf(0)
 159       }
 160     })
 161
 162     it('Should list my (unlisted) videos', async function () {
 163       const { total, data } = await servers[1].videos.listMyVideos()
 164
 165       expect(total).to.equal(1)
 166       expect(data).to.have.lengthOf(1)
 167
 168       unlistedVideo = data[0]
 169     })
 170
 171     it('Should not be able to get this unlisted video using its id', async function () {
 172       await servers[1].videos.get({ id: unlistedVideo.id, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 173     })
 174
 175     it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
 176       for (const server of servers) {
 177         for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
 178           const video = await server.videos.get({ id })
 179
 180           expect(video.name).to.equal('unlisted video')
 181         }
 182       }
 183     })
 184
 185     it('Should upload a non-federating unlisted video to server 1', async function () {
 186       this.timeout(30000)
 187
 188       const attributes = {
 189         name: 'unlisted video',
 190         privacy: VideoPrivacy.UNLISTED
 191       }
 192       await servers[0].videos.upload({ attributes })
 193
 194       await waitJobs(servers)
 195     })
 196
 197     it('Should list my new unlisted video', async function () {
 198       const { total, data } = await servers[0].videos.listMyVideos()
 199
 200       expect(total).to.equal(3)
 201       expect(data).to.have.lengthOf(3)
 202
 203       nonFederatedUnlistedVideoUUID = data[0].uuid
 204     })
 205
 206     it('Should be able to get non-federated unlisted video from origin', async function () {
 207       const video = await servers[0].videos.get({ id: nonFederatedUnlistedVideoUUID })
 208
 209       expect(video.name).to.equal('unlisted video')
 210     })
 211
 212     it('Should not be able to get non-federated unlisted video from federated server', async function () {
 213       await servers[1].videos.get({ id: nonFederatedUnlistedVideoUUID, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 214     })
 215   })
 216
 217   describe('Privacy update', function () {
 218
 219     it('Should update the private and internal videos to public on server 1', async function () {
 220       this.timeout(100000)
 221
 222       now = Date.now()
 223
 224       {
 225         const attributes = {
 226           name: 'private video becomes public',
 227           privacy: VideoPrivacy.PUBLIC
 228         }
 229
 230         await servers[0].videos.update({ id: privateVideoId, attributes })
 231       }
 232
 233       {
 234         const attributes = {
 235           name: 'internal video becomes public',
 236           privacy: VideoPrivacy.PUBLIC
 237         }
 238         await servers[0].videos.update({ id: internalVideoId, attributes })
 239       }
 240
 241       await wait(10000)
 242       await waitJobs(servers)
 243     })
 244
 245     it('Should have this new public video listed on server 1 and 2', async function () {
 246       for (const server of servers) {
 247         const { total, data } = await server.videos.list()
 248         expect(total).to.equal(2)
 249         expect(data).to.have.lengthOf(2)
 250
 251         const privateVideo = data.find(v => v.name === 'private video becomes public')
 252         const internalVideo = data.find(v => v.name === 'internal video becomes public')
 253
 254         expect(privateVideo).to.not.be.undefined
 255         expect(internalVideo).to.not.be.undefined
 256
 257         expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
 258         // We don't change the publish date of internal videos
 259         expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
 260
 261         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 262         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 263       }
 264     })
 265
 266     it('Should set these videos as private and internal', async function () {
 267       this.timeout(10000)
 268
 269       await servers[0].videos.update({ id: internalVideoId, attributes: { privacy: VideoPrivacy.PRIVATE } })
 270       await servers[0].videos.update({ id: privateVideoId, attributes: { privacy: VideoPrivacy.INTERNAL } })
 271
 272       await waitJobs(servers)
 273
 274       for (const server of servers) {
 275         const { total, data } = await server.videos.list()
 276
 277         expect(total).to.equal(0)
 278         expect(data).to.have.lengthOf(0)
 279       }
 280
 281       {
 282         const { total, data } = await servers[0].videos.listMyVideos()
 283         expect(total).to.equal(3)
 284         expect(data).to.have.lengthOf(3)
 285
 286         const privateVideo = data.find(v => v.name === 'private video becomes public')
 287         const internalVideo = data.find(v => v.name === 'internal video becomes public')
 288
 289         expect(privateVideo).to.not.be.undefined
 290         expect(internalVideo).to.not.be.undefined
 291
 292         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
 293         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
 294       }
 295     })
 296   })
 297
 298   after(async function () {
 299     await cleanupTests(servers)
 300   })
 301 })