server/tests/api/videos/video-privacy.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import { HttpStatusCode } from '@shared/core-utils'
   6 import {
   7   cleanupTests,
   8   createUser,
   9   doubleFollow,
  10   flushAndRunServer,
  11   getMyVideos,
  12   getVideo,
  13   getVideosList,
  14   getVideosListWithToken,
  15   getVideoWithToken,
  16   ServerInfo,
  17   setAccessTokensToServers,
  18   updateVideo,
  19   uploadVideo,
  20   waitJobs
  21 } from '@shared/extra-utils'
  22 import { Video, VideoCreateResult, VideoPrivacy } from '@shared/models'
  23
  24 const expect = chai.expect
  25
  26 describe('Test video privacy', function () {
  27   const servers: ServerInfo[] = []
  28   let anotherUserToken: string
  29
  30   let privateVideoId: number
  31   let privateVideoUUID: string
  32
  33   let internalVideoId: number
  34   let internalVideoUUID: string
  35
  36   let unlistedVideo: VideoCreateResult
  37   let nonFederatedUnlistedVideoUUID: string
  38
  39   let now: number
  40
  41   const dontFederateUnlistedConfig = {
  42     federation: {
  43       videos: {
  44         federate_unlisted: false
  45       }
  46     }
  47   }
  48
  49   before(async function () {
  50     this.timeout(50000)
  51
  52     // Run servers
  53     servers.push(await flushAndRunServer(1, dontFederateUnlistedConfig))
  54     servers.push(await flushAndRunServer(2))
  55
  56     // Get the access tokens
  57     await setAccessTokensToServers(servers)
  58
  59     // Server 1 and server 2 follow each other
  60     await doubleFollow(servers[0], servers[1])
  61   })
  62
  63   describe('Private and internal videos', function () {
  64
  65     it('Should upload a private and internal videos on server 1', async function () {
  66       this.timeout(10000)
  67
  68       for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
  69         const attributes = { privacy }
  70         await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
  71       }
  72
  73       await waitJobs(servers)
  74     })
  75
  76     it('Should not have these private and internal videos on server 2', async function () {
  77       const res = await getVideosList(servers[1].url)
  78
  79       expect(res.body.total).to.equal(0)
  80       expect(res.body.data).to.have.lengthOf(0)
  81     })
  82
  83     it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
  84       const res = await getVideosList(servers[0].url)
  85
  86       expect(res.body.total).to.equal(0)
  87       expect(res.body.data).to.have.lengthOf(0)
  88     })
  89
  90     it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
  91       const res = await getVideosListWithToken(servers[0].url, servers[0].accessToken)
  92
  93       expect(res.body.total).to.equal(1)
  94       expect(res.body.data).to.have.lengthOf(1)
  95
  96       expect(res.body.data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
  97     })
  98
  99     it('Should list my (private and internal) videos', async function () {
 100       const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 10)
 101
 102       expect(res.body.total).to.equal(2)
 103       expect(res.body.data).to.have.lengthOf(2)
 104
 105       const videos: Video[] = res.body.data
 106
 107       const privateVideo = videos.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
 108       privateVideoId = privateVideo.id
 109       privateVideoUUID = privateVideo.uuid
 110
 111       const internalVideo = videos.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
 112       internalVideoId = internalVideo.id
 113       internalVideoUUID = internalVideo.uuid
 114     })
 115
 116     it('Should not be able to watch the private/internal video with non authenticated user', async function () {
 117       await getVideo(servers[0].url, privateVideoUUID, HttpStatusCode.UNAUTHORIZED_401)
 118       await getVideo(servers[0].url, internalVideoUUID, HttpStatusCode.UNAUTHORIZED_401)
 119     })
 120
 121     it('Should not be able to watch the private video with another user', async function () {
 122       this.timeout(10000)
 123
 124       const user = {
 125         username: 'hello',
 126         password: 'super password'
 127       }
 128       await createUser({ url: servers[0].url, accessToken: servers[0].accessToken, username: user.username, password: user.password })
 129
 130       anotherUserToken = await servers[0].loginCommand.getAccessToken(user)
 131       await getVideoWithToken(servers[0].url, anotherUserToken, privateVideoUUID, HttpStatusCode.FORBIDDEN_403)
 132     })
 133
 134     it('Should be able to watch the internal video with another user', async function () {
 135       await getVideoWithToken(servers[0].url, anotherUserToken, internalVideoUUID, HttpStatusCode.OK_200)
 136     })
 137
 138     it('Should be able to watch the private video with the correct user', async function () {
 139       await getVideoWithToken(servers[0].url, servers[0].accessToken, privateVideoUUID, HttpStatusCode.OK_200)
 140     })
 141   })
 142
 143   describe('Unlisted videos', function () {
 144
 145     it('Should upload an unlisted video on server 2', async function () {
 146       this.timeout(60000)
 147
 148       const attributes = {
 149         name: 'unlisted video',
 150         privacy: VideoPrivacy.UNLISTED
 151       }
 152       await uploadVideo(servers[1].url, servers[1].accessToken, attributes)
 153
 154       // Server 2 has transcoding enabled
 155       await waitJobs(servers)
 156     })
 157
 158     it('Should not have this unlisted video listed on server 1 and 2', async function () {
 159       for (const server of servers) {
 160         const res = await getVideosList(server.url)
 161
 162         expect(res.body.total).to.equal(0)
 163         expect(res.body.data).to.have.lengthOf(0)
 164       }
 165     })
 166
 167     it('Should list my (unlisted) videos', async function () {
 168       const res = await getMyVideos(servers[1].url, servers[1].accessToken, 0, 1)
 169
 170       expect(res.body.total).to.equal(1)
 171       expect(res.body.data).to.have.lengthOf(1)
 172
 173       unlistedVideo = res.body.data[0]
 174     })
 175
 176     it('Should not be able to get this unlisted video using its id', async function () {
 177       await getVideo(servers[1].url, unlistedVideo.id, 404)
 178     })
 179
 180     it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
 181       for (const server of servers) {
 182         for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
 183           const res = await getVideo(server.url, id)
 184
 185           expect(res.body.name).to.equal('unlisted video')
 186         }
 187       }
 188     })
 189
 190     it('Should upload a non-federating unlisted video to server 1', async function () {
 191       this.timeout(30000)
 192
 193       const attributes = {
 194         name: 'unlisted video',
 195         privacy: VideoPrivacy.UNLISTED
 196       }
 197       await uploadVideo(servers[0].url, servers[0].accessToken, attributes)
 198
 199       await waitJobs(servers)
 200     })
 201
 202     it('Should list my new unlisted video', async function () {
 203       const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 3)
 204
 205       expect(res.body.total).to.equal(3)
 206       expect(res.body.data).to.have.lengthOf(3)
 207
 208       nonFederatedUnlistedVideoUUID = res.body.data[0].uuid
 209     })
 210
 211     it('Should be able to get non-federated unlisted video from origin', async function () {
 212       const res = await getVideo(servers[0].url, nonFederatedUnlistedVideoUUID)
 213
 214       expect(res.body.name).to.equal('unlisted video')
 215     })
 216
 217     it('Should not be able to get non-federated unlisted video from federated server', async function () {
 218       await getVideo(servers[1].url, nonFederatedUnlistedVideoUUID, HttpStatusCode.NOT_FOUND_404)
 219     })
 220   })
 221
 222   describe('Privacy update', function () {
 223
 224     it('Should update the private and internal videos to public on server 1', async function () {
 225       this.timeout(10000)
 226
 227       now = Date.now()
 228
 229       {
 230         const attribute = {
 231           name: 'private video becomes public',
 232           privacy: VideoPrivacy.PUBLIC
 233         }
 234
 235         await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, attribute)
 236       }
 237
 238       {
 239         const attribute = {
 240           name: 'internal video becomes public',
 241           privacy: VideoPrivacy.PUBLIC
 242         }
 243         await updateVideo(servers[0].url, servers[0].accessToken, internalVideoId, attribute)
 244       }
 245
 246       await waitJobs(servers)
 247     })
 248
 249     it('Should have this new public video listed on server 1 and 2', async function () {
 250       for (const server of servers) {
 251         const res = await getVideosList(server.url)
 252         expect(res.body.total).to.equal(2)
 253         expect(res.body.data).to.have.lengthOf(2)
 254
 255         const videos: Video[] = res.body.data
 256         const privateVideo = videos.find(v => v.name === 'private video becomes public')
 257         const internalVideo = videos.find(v => v.name === 'internal video becomes public')
 258
 259         expect(privateVideo).to.not.be.undefined
 260         expect(internalVideo).to.not.be.undefined
 261
 262         expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
 263         // We don't change the publish date of internal videos
 264         expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
 265
 266         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 267         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 268       }
 269     })
 270
 271     it('Should set these videos as private and internal', async function () {
 272       this.timeout(10000)
 273
 274       await updateVideo(servers[0].url, servers[0].accessToken, internalVideoId, { privacy: VideoPrivacy.PRIVATE })
 275       await updateVideo(servers[0].url, servers[0].accessToken, privateVideoId, { privacy: VideoPrivacy.INTERNAL })
 276
 277       await waitJobs(servers)
 278
 279       for (const server of servers) {
 280         const res = await getVideosList(server.url)
 281
 282         expect(res.body.total).to.equal(0)
 283         expect(res.body.data).to.have.lengthOf(0)
 284       }
 285
 286       {
 287         const res = await getMyVideos(servers[0].url, servers[0].accessToken, 0, 5)
 288         const videos = res.body.data
 289
 290         expect(res.body.total).to.equal(3)
 291         expect(videos).to.have.lengthOf(3)
 292
 293         const privateVideo = videos.find(v => v.name === 'private video becomes public')
 294         const internalVideo = videos.find(v => v.name === 'internal video becomes public')
 295
 296         expect(privateVideo).to.not.be.undefined
 297         expect(internalVideo).to.not.be.undefined
 298
 299         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
 300         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
 301       }
 302     })
 303   })
 304
 305   after(async function () {
 306     await cleanupTests(servers)
 307   })
 308 })