server/tests/api/videos/video-privacy.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import { wait } from '@shared/core-utils'
   6 import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
   7 import { cleanupTests, createSingleServer, doubleFollow, PeerTubeServer, setAccessTokensToServers, waitJobs } from '@shared/server-commands'
   8
   9 const expect = chai.expect
  10
  11 describe('Test video privacy', function () {
  12   const servers: PeerTubeServer[] = []
  13   let anotherUserToken: string
  14
  15   let privateVideoId: number
  16   let privateVideoUUID: string
  17
  18   let internalVideoId: number
  19   let internalVideoUUID: string
  20
  21   let unlistedVideo: VideoCreateResult
  22   let nonFederatedUnlistedVideoUUID: string
  23
  24   let now: number
  25
  26   const dontFederateUnlistedConfig = {
  27     federation: {
  28       videos: {
  29         federate_unlisted: false
  30       }
  31     }
  32   }
  33
  34   before(async function () {
  35     this.timeout(50000)
  36
  37     // Run servers
  38     servers.push(await createSingleServer(1, dontFederateUnlistedConfig))
  39     servers.push(await createSingleServer(2))
  40
  41     // Get the access tokens
  42     await setAccessTokensToServers(servers)
  43
  44     // Server 1 and server 2 follow each other
  45     await doubleFollow(servers[0], servers[1])
  46   })
  47
  48   describe('Private and internal videos', function () {
  49
  50     it('Should upload a private and internal videos on server 1', async function () {
  51       this.timeout(10000)
  52
  53       for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
  54         const attributes = { privacy }
  55         await servers[0].videos.upload({ attributes })
  56       }
  57
  58       await waitJobs(servers)
  59     })
  60
  61     it('Should not have these private and internal videos on server 2', async function () {
  62       const { total, data } = await servers[1].videos.list()
  63
  64       expect(total).to.equal(0)
  65       expect(data).to.have.lengthOf(0)
  66     })
  67
  68     it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
  69       const { total, data } = await servers[0].videos.list()
  70
  71       expect(total).to.equal(0)
  72       expect(data).to.have.lengthOf(0)
  73     })
  74
  75     it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
  76       const { total, data } = await servers[0].videos.listWithToken()
  77
  78       expect(total).to.equal(1)
  79       expect(data).to.have.lengthOf(1)
  80
  81       expect(data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
  82     })
  83
  84     it('Should list my (private and internal) videos', async function () {
  85       const { total, data } = await servers[0].videos.listMyVideos()
  86
  87       expect(total).to.equal(2)
  88       expect(data).to.have.lengthOf(2)
  89
  90       const privateVideo = data.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
  91       privateVideoId = privateVideo.id
  92       privateVideoUUID = privateVideo.uuid
  93
  94       const internalVideo = data.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
  95       internalVideoId = internalVideo.id
  96       internalVideoUUID = internalVideo.uuid
  97     })
  98
  99     it('Should not be able to watch the private/internal video with non authenticated user', async function () {
 100       await servers[0].videos.get({ id: privateVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 101       await servers[0].videos.get({ id: internalVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 102     })
 103
 104     it('Should not be able to watch the private video with another user', async function () {
 105       this.timeout(10000)
 106
 107       const user = {
 108         username: 'hello',
 109         password: 'super password'
 110       }
 111       await servers[0].users.create({ username: user.username, password: user.password })
 112
 113       anotherUserToken = await servers[0].login.getAccessToken(user)
 114
 115       await servers[0].videos.getWithToken({
 116         token: anotherUserToken,
 117         id: privateVideoUUID,
 118         expectedStatus: HttpStatusCode.FORBIDDEN_403
 119       })
 120     })
 121
 122     it('Should be able to watch the internal video with another user', async function () {
 123       await servers[0].videos.getWithToken({ token: anotherUserToken, id: internalVideoUUID })
 124     })
 125
 126     it('Should be able to watch the private video with the correct user', async function () {
 127       await servers[0].videos.getWithToken({ id: privateVideoUUID })
 128     })
 129   })
 130
 131   describe('Unlisted videos', function () {
 132
 133     it('Should upload an unlisted video on server 2', async function () {
 134       this.timeout(60000)
 135
 136       const attributes = {
 137         name: 'unlisted video',
 138         privacy: VideoPrivacy.UNLISTED
 139       }
 140       await servers[1].videos.upload({ attributes })
 141
 142       // Server 2 has transcoding enabled
 143       await waitJobs(servers)
 144     })
 145
 146     it('Should not have this unlisted video listed on server 1 and 2', async function () {
 147       for (const server of servers) {
 148         const { total, data } = await server.videos.list()
 149
 150         expect(total).to.equal(0)
 151         expect(data).to.have.lengthOf(0)
 152       }
 153     })
 154
 155     it('Should list my (unlisted) videos', async function () {
 156       const { total, data } = await servers[1].videos.listMyVideos()
 157
 158       expect(total).to.equal(1)
 159       expect(data).to.have.lengthOf(1)
 160
 161       unlistedVideo = data[0]
 162     })
 163
 164     it('Should not be able to get this unlisted video using its id', async function () {
 165       await servers[1].videos.get({ id: unlistedVideo.id, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 166     })
 167
 168     it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
 169       for (const server of servers) {
 170         for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
 171           const video = await server.videos.get({ id })
 172
 173           expect(video.name).to.equal('unlisted video')
 174         }
 175       }
 176     })
 177
 178     it('Should upload a non-federating unlisted video to server 1', async function () {
 179       this.timeout(30000)
 180
 181       const attributes = {
 182         name: 'unlisted video',
 183         privacy: VideoPrivacy.UNLISTED
 184       }
 185       await servers[0].videos.upload({ attributes })
 186
 187       await waitJobs(servers)
 188     })
 189
 190     it('Should list my new unlisted video', async function () {
 191       const { total, data } = await servers[0].videos.listMyVideos()
 192
 193       expect(total).to.equal(3)
 194       expect(data).to.have.lengthOf(3)
 195
 196       nonFederatedUnlistedVideoUUID = data[0].uuid
 197     })
 198
 199     it('Should be able to get non-federated unlisted video from origin', async function () {
 200       const video = await servers[0].videos.get({ id: nonFederatedUnlistedVideoUUID })
 201
 202       expect(video.name).to.equal('unlisted video')
 203     })
 204
 205     it('Should not be able to get non-federated unlisted video from federated server', async function () {
 206       await servers[1].videos.get({ id: nonFederatedUnlistedVideoUUID, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 207     })
 208   })
 209
 210   describe('Privacy update', function () {
 211
 212     it('Should update the private and internal videos to public on server 1', async function () {
 213       this.timeout(100000)
 214
 215       now = Date.now()
 216
 217       {
 218         const attributes = {
 219           name: 'private video becomes public',
 220           privacy: VideoPrivacy.PUBLIC
 221         }
 222
 223         await servers[0].videos.update({ id: privateVideoId, attributes })
 224       }
 225
 226       {
 227         const attributes = {
 228           name: 'internal video becomes public',
 229           privacy: VideoPrivacy.PUBLIC
 230         }
 231         await servers[0].videos.update({ id: internalVideoId, attributes })
 232       }
 233
 234       await wait(10000)
 235       await waitJobs(servers)
 236     })
 237
 238     it('Should have this new public video listed on server 1 and 2', async function () {
 239       for (const server of servers) {
 240         const { total, data } = await server.videos.list()
 241         expect(total).to.equal(2)
 242         expect(data).to.have.lengthOf(2)
 243
 244         const privateVideo = data.find(v => v.name === 'private video becomes public')
 245         const internalVideo = data.find(v => v.name === 'internal video becomes public')
 246
 247         expect(privateVideo).to.not.be.undefined
 248         expect(internalVideo).to.not.be.undefined
 249
 250         expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
 251         // We don't change the publish date of internal videos
 252         expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
 253
 254         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 255         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 256       }
 257     })
 258
 259     it('Should set these videos as private and internal', async function () {
 260       this.timeout(10000)
 261
 262       await servers[0].videos.update({ id: internalVideoId, attributes: { privacy: VideoPrivacy.PRIVATE } })
 263       await servers[0].videos.update({ id: privateVideoId, attributes: { privacy: VideoPrivacy.INTERNAL } })
 264
 265       await waitJobs(servers)
 266
 267       for (const server of servers) {
 268         const { total, data } = await server.videos.list()
 269
 270         expect(total).to.equal(0)
 271         expect(data).to.have.lengthOf(0)
 272       }
 273
 274       {
 275         const { total, data } = await servers[0].videos.listMyVideos()
 276         expect(total).to.equal(3)
 277         expect(data).to.have.lengthOf(3)
 278
 279         const privateVideo = data.find(v => v.name === 'private video becomes public')
 280         const internalVideo = data.find(v => v.name === 'internal video becomes public')
 281
 282         expect(privateVideo).to.not.be.undefined
 283         expect(internalVideo).to.not.be.undefined
 284
 285         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
 286         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
 287       }
 288     })
 289   })
 290
 291   after(async function () {
 292     await cleanupTests(servers)
 293   })
 294 })