server/tests/api/videos/video-privacy.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import { cleanupTests, createSingleServer, doubleFollow, PeerTubeServer, setAccessTokensToServers, waitJobs } from '@shared/extra-utils'
   6 import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
   7
   8 const expect = chai.expect
   9
  10 describe('Test video privacy', function () {
  11   const servers: PeerTubeServer[] = []
  12   let anotherUserToken: string
  13
  14   let privateVideoId: number
  15   let privateVideoUUID: string
  16
  17   let internalVideoId: number
  18   let internalVideoUUID: string
  19
  20   let unlistedVideo: VideoCreateResult
  21   let nonFederatedUnlistedVideoUUID: string
  22
  23   let now: number
  24
  25   const dontFederateUnlistedConfig = {
  26     federation: {
  27       videos: {
  28         federate_unlisted: false
  29       }
  30     }
  31   }
  32
  33   before(async function () {
  34     this.timeout(50000)
  35
  36     // Run servers
  37     servers.push(await createSingleServer(1, dontFederateUnlistedConfig))
  38     servers.push(await createSingleServer(2))
  39
  40     // Get the access tokens
  41     await setAccessTokensToServers(servers)
  42
  43     // Server 1 and server 2 follow each other
  44     await doubleFollow(servers[0], servers[1])
  45   })
  46
  47   describe('Private and internal videos', function () {
  48
  49     it('Should upload a private and internal videos on server 1', async function () {
  50       this.timeout(10000)
  51
  52       for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
  53         const attributes = { privacy }
  54         await servers[0].videos.upload({ attributes })
  55       }
  56
  57       await waitJobs(servers)
  58     })
  59
  60     it('Should not have these private and internal videos on server 2', async function () {
  61       const { total, data } = await servers[1].videos.list()
  62
  63       expect(total).to.equal(0)
  64       expect(data).to.have.lengthOf(0)
  65     })
  66
  67     it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
  68       const { total, data } = await servers[0].videos.list()
  69
  70       expect(total).to.equal(0)
  71       expect(data).to.have.lengthOf(0)
  72     })
  73
  74     it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
  75       const { total, data } = await servers[0].videos.listWithToken()
  76
  77       expect(total).to.equal(1)
  78       expect(data).to.have.lengthOf(1)
  79
  80       expect(data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
  81     })
  82
  83     it('Should list my (private and internal) videos', async function () {
  84       const { total, data } = await servers[0].videos.listMyVideos()
  85
  86       expect(total).to.equal(2)
  87       expect(data).to.have.lengthOf(2)
  88
  89       const privateVideo = data.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
  90       privateVideoId = privateVideo.id
  91       privateVideoUUID = privateVideo.uuid
  92
  93       const internalVideo = data.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
  94       internalVideoId = internalVideo.id
  95       internalVideoUUID = internalVideo.uuid
  96     })
  97
  98     it('Should not be able to watch the private/internal video with non authenticated user', async function () {
  99       await servers[0].videos.get({ id: privateVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 100       await servers[0].videos.get({ id: internalVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 101     })
 102
 103     it('Should not be able to watch the private video with another user', async function () {
 104       this.timeout(10000)
 105
 106       const user = {
 107         username: 'hello',
 108         password: 'super password'
 109       }
 110       await servers[0].users.create({ username: user.username, password: user.password })
 111
 112       anotherUserToken = await servers[0].login.getAccessToken(user)
 113
 114       await servers[0].videos.getWithToken({
 115         token: anotherUserToken,
 116         id: privateVideoUUID,
 117         expectedStatus: HttpStatusCode.FORBIDDEN_403
 118       })
 119     })
 120
 121     it('Should be able to watch the internal video with another user', async function () {
 122       await servers[0].videos.getWithToken({ token: anotherUserToken, id: internalVideoUUID })
 123     })
 124
 125     it('Should be able to watch the private video with the correct user', async function () {
 126       await servers[0].videos.getWithToken({ id: privateVideoUUID })
 127     })
 128   })
 129
 130   describe('Unlisted videos', function () {
 131
 132     it('Should upload an unlisted video on server 2', async function () {
 133       this.timeout(60000)
 134
 135       const attributes = {
 136         name: 'unlisted video',
 137         privacy: VideoPrivacy.UNLISTED
 138       }
 139       await servers[1].videos.upload({ attributes })
 140
 141       // Server 2 has transcoding enabled
 142       await waitJobs(servers)
 143     })
 144
 145     it('Should not have this unlisted video listed on server 1 and 2', async function () {
 146       for (const server of servers) {
 147         const { total, data } = await server.videos.list()
 148
 149         expect(total).to.equal(0)
 150         expect(data).to.have.lengthOf(0)
 151       }
 152     })
 153
 154     it('Should list my (unlisted) videos', async function () {
 155       const { total, data } = await servers[1].videos.listMyVideos()
 156
 157       expect(total).to.equal(1)
 158       expect(data).to.have.lengthOf(1)
 159
 160       unlistedVideo = data[0]
 161     })
 162
 163     it('Should not be able to get this unlisted video using its id', async function () {
 164       await servers[1].videos.get({ id: unlistedVideo.id, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 165     })
 166
 167     it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
 168       for (const server of servers) {
 169         for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
 170           const video = await server.videos.get({ id })
 171
 172           expect(video.name).to.equal('unlisted video')
 173         }
 174       }
 175     })
 176
 177     it('Should upload a non-federating unlisted video to server 1', async function () {
 178       this.timeout(30000)
 179
 180       const attributes = {
 181         name: 'unlisted video',
 182         privacy: VideoPrivacy.UNLISTED
 183       }
 184       await servers[0].videos.upload({ attributes })
 185
 186       await waitJobs(servers)
 187     })
 188
 189     it('Should list my new unlisted video', async function () {
 190       const { total, data } = await servers[0].videos.listMyVideos()
 191
 192       expect(total).to.equal(3)
 193       expect(data).to.have.lengthOf(3)
 194
 195       nonFederatedUnlistedVideoUUID = data[0].uuid
 196     })
 197
 198     it('Should be able to get non-federated unlisted video from origin', async function () {
 199       const video = await servers[0].videos.get({ id: nonFederatedUnlistedVideoUUID })
 200
 201       expect(video.name).to.equal('unlisted video')
 202     })
 203
 204     it('Should not be able to get non-federated unlisted video from federated server', async function () {
 205       await servers[1].videos.get({ id: nonFederatedUnlistedVideoUUID, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 206     })
 207   })
 208
 209   describe('Privacy update', function () {
 210
 211     it('Should update the private and internal videos to public on server 1', async function () {
 212       this.timeout(10000)
 213
 214       now = Date.now()
 215
 216       {
 217         const attributes = {
 218           name: 'private video becomes public',
 219           privacy: VideoPrivacy.PUBLIC
 220         }
 221
 222         await servers[0].videos.update({ id: privateVideoId, attributes })
 223       }
 224
 225       {
 226         const attributes = {
 227           name: 'internal video becomes public',
 228           privacy: VideoPrivacy.PUBLIC
 229         }
 230         await servers[0].videos.update({ id: internalVideoId, attributes })
 231       }
 232
 233       await waitJobs(servers)
 234     })
 235
 236     it('Should have this new public video listed on server 1 and 2', async function () {
 237       for (const server of servers) {
 238         const { total, data } = await server.videos.list()
 239         expect(total).to.equal(2)
 240         expect(data).to.have.lengthOf(2)
 241
 242         const privateVideo = data.find(v => v.name === 'private video becomes public')
 243         const internalVideo = data.find(v => v.name === 'internal video becomes public')
 244
 245         expect(privateVideo).to.not.be.undefined
 246         expect(internalVideo).to.not.be.undefined
 247
 248         expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
 249         // We don't change the publish date of internal videos
 250         expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
 251
 252         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 253         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
 254       }
 255     })
 256
 257     it('Should set these videos as private and internal', async function () {
 258       this.timeout(10000)
 259
 260       await servers[0].videos.update({ id: internalVideoId, attributes: { privacy: VideoPrivacy.PRIVATE } })
 261       await servers[0].videos.update({ id: privateVideoId, attributes: { privacy: VideoPrivacy.INTERNAL } })
 262
 263       await waitJobs(servers)
 264
 265       for (const server of servers) {
 266         const { total, data } = await server.videos.list()
 267
 268         expect(total).to.equal(0)
 269         expect(data).to.have.lengthOf(0)
 270       }
 271
 272       {
 273         const { total, data } = await servers[0].videos.listMyVideos()
 274         expect(total).to.equal(3)
 275         expect(data).to.have.lengthOf(3)
 276
 277         const privateVideo = data.find(v => v.name === 'private video becomes public')
 278         const internalVideo = data.find(v => v.name === 'internal video becomes public')
 279
 280         expect(privateVideo).to.not.be.undefined
 281         expect(internalVideo).to.not.be.undefined
 282
 283         expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
 284         expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
 285       }
 286     })
 287   })
 288
 289   after(async function () {
 290     await cleanupTests(servers)
 291   })
 292 })