server/tests/api/videos/video-privacy.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
   6 import { Video, VideoCreateResult } from '@shared/models'
   7 import {
   8   cleanupTests,
   9   flushAndRunServer,
  10   getVideosList,
  11   getVideosListWithToken,
  12   ServerInfo,
  13   setAccessTokensToServers,
  14   uploadVideo
  15 } from '../../../../shared/extra-utils/index'
  16 import { doubleFollow } from '../../../../shared/extra-utils/server/follows'
  17 import { waitJobs } from '../../../../shared/extra-utils/server/jobs'
  18 import { userLogin } from '../../../../shared/extra-utils/users/login'
  19 import { createUser } from '../../../../shared/extra-utils/users/users'
  20 import { getMyVideos, getVideo, getVideoWithToken, updateVideo } from '../../../../shared/extra-utils/videos/videos'
  21 import { VideoPrivacy } from '../../../../shared/models/videos/video-privacy.enum'
  22
  23 const expect = chai.expect
  24
  25 describe('Test video privacy', function () {
  26   const servers: ServerInfo[] = []
  27   let anotherUserToken: string
  28
  29   let privateVideoId: number
  30   let privateVideoUUID: string
  31
  32   let internalVideoId: number
  33   let internalVideoUUID: string
  34
  35   let unlistedVideo: VideoCreateResult
  36   let nonFederatedUnlistedVideoUUID: string
  37
  38   let now: number
  39
  40   const dontFederateUnlistedConfig = {
  41     federation: {
  42       videos: {
  43         federate_unlisted: false
  44       }
  45     }
  46   }
  47
  48   before(async function () {
  49     this.timeout(50000)
  50
  51     // Run servers
  52     servers.push(await flushAndRunServer(1, dontFederateUnlistedConfig))
  53     servers.push(await flushAndRunServer(2))
  54
  55     // Get the access tokens
  56     await setAccessTokensToServers(servers)
  57
  58     // Server 1 and server 2 follow each other
  59     await doubleFollow(servers[0], servers[1])
  60   })
  61
  62   describe('Private and internal videos', function () {
  63
  64     it('Should upload a private and internal videos on server 1', async function () {
  65       this.timeout(10000)
  66
  67       for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
  68         const attributes = { privacy }
  69         await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
  70       }
  71
  72       await waitJobs(servers)
  73     })
  74
  75     it('Should not have these private and internal videos on server 2', async function () {
  76       const res = await getVideosList(servers[1].url)
  77
  78       expect(res.body.total).to.equal(0)
  79       expect(res.body.data).to.have.lengthOf(0)
  80     })
  81
  82     it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
  83       const res = await getVideosList(servers[0].url)
  84
  85       expect(res.body.total).to.equal(0)
  86       expect(res.body.data).to.have.lengthOf(0)
  87     })
  88
  89     it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
  90       const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
  91
  92       expect(res.body.total).to.equal(1)
  93       expect(res.body.data).to.have.lengthOf(1)
  94
  95       expect(res.body.data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
  96     })
  97
  98     it('Should list my (private and internal) videos', async function () {
  99       const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 10)
 100
 101       expect(res.body.total).to.equal(2)
 102       expect(res.body.data).to.have.lengthOf(2)
 103
 104       const videos: Video[] = res.body.data
 105
 106       const privateVideo = videos.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
 107       privateVideoId = privateVideo.id
 108       privateVideoUUID = privateVideo.uuid
 109
 110       const internalVideo = videos.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
 111       internalVideoId = internalVideo.id
 112       internalVideoUUID = internalVideo.uuid
 113     })
 114
 115     it('Should not be able to watch the private/internal video with non authenticated user', async function () {
 116       await getVideo(servers[0].url, privateVideoUUID, HttpStatusCode.UNAUTHORIZED_401)
 117       await getVideo(servers[0].url, internalVideoUUID, HttpStatusCode.UNAUTHORIZED_401)
 118     })
 119
 120     it('Should not be able to watch the private video with another user', async function () {
 121       this.timeout(10000)
 122
 123       const user = {
 124         username: 'hello',
 125         password: 'super password'
 126       }
 127       await createUser({ url: servers[0].url, accessToken: servers[0].accessToken, username: user.username, password: user.password })
 128
 129       anotherUserToken = await userLogin(servers[0], user)
 130       await getVideoWithToken(servers[0].url, anotherUserToken, privateVideoUUID, HttpStatusCode.FORBIDDEN_403)
 131     })
 132
 133     it('Should be able to watch the internal video with another user', async function () {
 134       await getVideoWithToken(servers[0].url, anotherUserToken, internalVideoUUID, HttpStatusCode.OK_200)
 135     })
 136
 137     it('Should be able to watch the private video with the correct user', async function () {
 138       await getVideoWithToken(servers[0].url, servers[0].accessToken, privateVideoUUID, HttpStatusCode.OK_200)
 139     })
 140   })
 141
 142   describe('Unlisted videos', function () {
 143
 144     it('Should upload an unlisted video on server 2', async function () {
 145       this.timeout(60000)
 146
 147       const attributes = {
 148         name: 'unlisted video',
 149         privacy: VideoPrivacy.UNLISTED
 150       }
 151       await uploadVideo(servers[1].url, servers[1].accessToken, attributes)
 152
 153       // Server 2 has transcoding enabled
 154       await waitJobs(servers)
 155     })
 156
 157     it('Should not have this unlisted video listed on server 1 and 2', async function () {
 158       for (const server of servers) {
 159         const res = await getVideosList(server.url)
 160
 161         expect(res.body.total).to.equal(0)
 162         expect(res.body.data).to.have.lengthOf(0)
 163       }
 164     })
 165
 166     it('Should list my (unlisted) videos', async function () {
 167       const res = await getMyVideos(servers[1].url, servers[1].accessToken, 0, 1)
 168
 169       expect(res.body.total).to.equal(1)
 170       expect(res.body.data).to.have.lengthOf(1)
 171
 172       unlistedVideo = res.body.data[0]
 173     })
 174
 175     it('Should not be able to get this unlisted video using its id', async function () {
 176       await getVideo(servers[1].url, unlistedVideo.id, 404)
 177     })
 178
 179     it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
 180       for (const server of servers) {
 181         for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
 182           const res = await getVideo(server.url, id)
 183
 184           expect(res.body.name).to.equal('unlisted video')
 185         }
 186       }
 187     })
 188
 189     it('Should upload a non-federating unlisted video to server 1', async function () {
 190       this.timeout(30000)
 191
 192       const attributes = {
 193         name: 'unlisted video',
 194         privacy: VideoPrivacy.UNLISTED
 195       }
 196       await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
 197
 198       await waitJobs(servers)
 199     })
 200
 201     it('Should list my new unlisted video', async function () {
 202       const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 3)
 203
 204       expect(res.body.total).to.equal(3)
 205       expect(res.body.data).to.have.lengthOf(3)
 206
 207       nonFederatedUnlistedVideoUUID = res.body.data[0].uuid
 208     })
 209
 210     it('Should be able to get non-federated unlisted video from origin', async function () {
 211       const res = await getVideo(servers[0].url, nonFederatedUnlistedVideoUUID)
 212
 213       expect(res.body.name).to.equal('unlisted video')
 214     })
 215
 216     it('Should not be able to get non-federated unlisted video from federated server', async function () {
 217       await getVideo(servers[1].url, nonFederatedUnlistedVideoUUID, HttpStatusCode.NOT_FOUND_404)
 218     })
 219   })
 220
 221   describe('Privacy update', function () {
 222
 223     it('Should update the private and internal videos to public on server 1', async function () {
 224       this.timeout(10000)
 225
 226       now = Date.now()
 227
 228       {
 229         const attribute = {
 230           name: 'private video becomes public',
 231           privacy: VideoPrivacy.PUBLIC
 232         }
 233
 234         await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, attribute)
 235       }
 236
 237       {
 238         const attribute = {
 239           name: 'internal video becomes public',
 240           privacy: VideoPrivacy.PUBLIC
 241         }
 242         await updateVideo(servers[0].url, servers[0].accessToken, internalVideoId, attribute)
 243       }
 244
 245       await waitJobs(servers)
 246     })
 247
 248     it('Should have this new public video listed on server 1 and 2', async function () {
 249       for (const server of servers) {
 250         const res = await getVideosList(server.url)
 251         expect(res.body.total).to.equal(2)
 252         expect(res.body.data).to.have.lengthOf(2)
 253
 254         const videos: Video[] = res.body.data
 255         const privateVideo = videos.find(v => v.name === 'private video becomes public')
 256         const internalVideo = videos.find(v => v.name === 'internal video becomes public')
 257
 258         expect(privateVideo).to.not.be.undefined
 259         expect(internalVideo).to.not.be.undefined
 260
 261         expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
 262         // We don't change the publish date of internal videos
 263         expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
 264
 265         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 266         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 267       }
 268     })
 269
 270     it('Should set these videos as private and internal', async function () {
 271       this.timeout(10000)
 272
 273       await updateVideo(servers[0].url, servers[0].accessToken, internalVideoId, { privacy: VideoPrivacy.PRIVATE })
 274       await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, { privacy: VideoPrivacy.INTERNAL })
 275
 276       await waitJobs(servers)
 277
 278       for (const server of servers) {
 279         const res = await getVideosList(server.url)
 280
 281         expect(res.body.total).to.equal(0)
 282         expect(res.body.data).to.have.lengthOf(0)
 283       }
 284
 285       {
 286         const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 5)
 287         const videos = res.body.data
 288
 289         expect(res.body.total).to.equal(3)
 290         expect(videos).to.have.lengthOf(3)
 291
 292         const privateVideo = videos.find(v => v.name === 'private video becomes public')
 293         const internalVideo = videos.find(v => v.name === 'internal video becomes public')
 294
 295         expect(privateVideo).to.not.be.undefined
 296         expect(internalVideo).to.not.be.undefined
 297
 298         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
 299         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
 300       }
 301     })
 302   })
 303
 304   after(async function () {
 305     await cleanupTests(servers)
 306   })
 307 })