aboutsummaryrefslogblamecommitdiffhomepage
path: root/server/tests/api/check-params/blocklist.ts
blob: 169b591a35670b2b14d7d36fdfd54db8aa850d53 (plain) (tree)
1
2
3
4
5
6
7
8
                                                                                              
 

                                                                                                               
        
               
                        
               


                      
                 
                          
                                

                                                       

                               
                             



                            
                                            




                                                            
                                                                                   
 
                                                             
 





                                                                    

                                                                   
                                                        





                                                                          
                                                           





















                                                                             
                                                           








                                                                     
                                                        


            





                                                                
                                                       


            





                                                                        
                                                         








                                                                          
                                                           







                                                                           
                                                        







                                                                        
                                                         












                                                                          
                                                           




















                                                                             
                                               
                                                           


            
                                                                       



                                      
                                               
                                                         


            




                                                                 
                                          
                                                       


            




                                                                        
                                              
                                                         







                                                                          
                                               
                                                           





                                                                          
                                           
                                      
                                                        





                                                                        
                                               
                                      
                                                         





            









                                                                          
                                                           







                                                                                        
                                                        





















                                                                             
                                                           








                                                                                        
                                                        








                                                                     
                                                        








                                                                
                                                       








                                                                        
                                                         








                                                                          
                                                           







                                                                                        
                                                        







                                                                           
                                                        







                                                                        
                                                         












                                                                          
                                                           







                                                                                        
                                                        




















                                                                             
                                              
                                                           







                                                                                        
                                              
                                                        


            
                                                                       



                                      
                                               
                                                         







                                                                 
                                          
                                                       







                                                                        
                                              
                                                         







                                                                          
                                               
                                                           





                                                                                        
                                               
                                   
                                                        





                                                                          
                                           
                                      
                                                        





                                                                        
                                               
                                      
                                                         





            







































































                                                                        

                               

    
/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
import { HttpStatusCode } from '@shared/models'
import {
  cleanupTests,
  createMultipleServers,
  doubleFollow,
  makeDeleteRequest,
  makeGetRequest,
  makePostBodyRequest,
  PeerTubeServer,
  setAccessTokensToServers
} from '@shared/server-commands'

describe('Test blocklist API validators', function () {
  let servers: PeerTubeServer[]
  let server: PeerTubeServer
  let userAccessToken: string

  before(async function () {
    this.timeout(60000)

    servers = await createMultipleServers(2)
    await setAccessTokensToServers(servers)

    server = servers[0]

    const user = { username: 'user1', password: 'password' }
    await server.users.create({ username: user.username, password: user.password })

    userAccessToken = await server.login.getAccessToken(user)

    await doubleFollow(servers[0], servers[1])
  })

  // ---------------------------------------------------------------

  describe('When managing user blocklist', function () {

    describe('When managing user accounts blocklist', function () {
      const path = '/api/v1/users/me/blocklist/accounts'

      describe('When listing blocked accounts', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makeGetRequest({
            url: server.url,
            path,
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with a bad start pagination', async function () {
          await checkBadStartPagination(server.url, path, server.accessToken)
        })

        it('Should fail with a bad count pagination', async function () {
          await checkBadCountPagination(server.url, path, server.accessToken)
        })

        it('Should fail with an incorrect sort', async function () {
          await checkBadSortPagination(server.url, path, server.accessToken)
        })
      })

      describe('When blocking an account', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makePostBodyRequest({
            url: server.url,
            path,
            fields: { accountName: 'user1' },
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with an unknown account', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { accountName: 'user2' },
            expectedStatus: HttpStatusCode.NOT_FOUND_404
          })
        })

        it('Should fail to block ourselves', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { accountName: 'root' },
            expectedStatus: HttpStatusCode.CONFLICT_409
          })
        })

        it('Should succeed with the correct params', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { accountName: 'user1' },
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })
      })

      describe('When unblocking an account', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/user1',
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with an unknown account block', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/user2',
            token: server.accessToken,
            expectedStatus: HttpStatusCode.NOT_FOUND_404
          })
        })

        it('Should succeed with the correct params', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/user1',
            token: server.accessToken,
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })
      })
    })

    describe('When managing user servers blocklist', function () {
      const path = '/api/v1/users/me/blocklist/servers'

      describe('When listing blocked servers', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makeGetRequest({
            url: server.url,
            path,
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with a bad start pagination', async function () {
          await checkBadStartPagination(server.url, path, server.accessToken)
        })

        it('Should fail with a bad count pagination', async function () {
          await checkBadCountPagination(server.url, path, server.accessToken)
        })

        it('Should fail with an incorrect sort', async function () {
          await checkBadSortPagination(server.url, path, server.accessToken)
        })
      })

      describe('When blocking a server', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makePostBodyRequest({
            url: server.url,
            path,
            fields: { host: '127.0.0.1:9002' },
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should succeed with an unknown server', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { host: '127.0.0.1:9003' },
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })

        it('Should fail with our own server', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { host: server.host },
            expectedStatus: HttpStatusCode.CONFLICT_409
          })
        })

        it('Should succeed with the correct params', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { host: servers[1].host },
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })
      })

      describe('When unblocking a server', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/' + servers[1].host,
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with an unknown server block', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/127.0.0.1:9004',
            token: server.accessToken,
            expectedStatus: HttpStatusCode.NOT_FOUND_404
          })
        })

        it('Should succeed with the correct params', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/' + servers[1].host,
            token: server.accessToken,
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })
      })
    })
  })

  describe('When managing server blocklist', function () {

    describe('When managing server accounts blocklist', function () {
      const path = '/api/v1/server/blocklist/accounts'

      describe('When listing blocked accounts', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makeGetRequest({
            url: server.url,
            path,
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with a user without the appropriate rights', async function () {
          await makeGetRequest({
            url: server.url,
            token: userAccessToken,
            path,
            expectedStatus: HttpStatusCode.FORBIDDEN_403
          })
        })

        it('Should fail with a bad start pagination', async function () {
          await checkBadStartPagination(server.url, path, server.accessToken)
        })

        it('Should fail with a bad count pagination', async function () {
          await checkBadCountPagination(server.url, path, server.accessToken)
        })

        it('Should fail with an incorrect sort', async function () {
          await checkBadSortPagination(server.url, path, server.accessToken)
        })
      })

      describe('When blocking an account', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makePostBodyRequest({
            url: server.url,
            path,
            fields: { accountName: 'user1' },
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with a user without the appropriate rights', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: userAccessToken,
            path,
            fields: { accountName: 'user1' },
            expectedStatus: HttpStatusCode.FORBIDDEN_403
          })
        })

        it('Should fail with an unknown account', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { accountName: 'user2' },
            expectedStatus: HttpStatusCode.NOT_FOUND_404
          })
        })

        it('Should fail to block ourselves', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { accountName: 'root' },
            expectedStatus: HttpStatusCode.CONFLICT_409
          })
        })

        it('Should succeed with the correct params', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { accountName: 'user1' },
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })
      })

      describe('When unblocking an account', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/user1',
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with a user without the appropriate rights', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/user1',
            token: userAccessToken,
            expectedStatus: HttpStatusCode.FORBIDDEN_403
          })
        })

        it('Should fail with an unknown account block', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/user2',
            token: server.accessToken,
            expectedStatus: HttpStatusCode.NOT_FOUND_404
          })
        })

        it('Should succeed with the correct params', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/user1',
            token: server.accessToken,
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })
      })
    })

    describe('When managing server servers blocklist', function () {
      const path = '/api/v1/server/blocklist/servers'

      describe('When listing blocked servers', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makeGetRequest({
            url: server.url,
            path,
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with a user without the appropriate rights', async function () {
          await makeGetRequest({
            url: server.url,
            token: userAccessToken,
            path,
            expectedStatus: HttpStatusCode.FORBIDDEN_403
          })
        })

        it('Should fail with a bad start pagination', async function () {
          await checkBadStartPagination(server.url, path, server.accessToken)
        })

        it('Should fail with a bad count pagination', async function () {
          await checkBadCountPagination(server.url, path, server.accessToken)
        })

        it('Should fail with an incorrect sort', async function () {
          await checkBadSortPagination(server.url, path, server.accessToken)
        })
      })

      describe('When blocking a server', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makePostBodyRequest({
            url: server.url,
            path,
            fields: { host: servers[1].host },
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with a user without the appropriate rights', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: userAccessToken,
            path,
            fields: { host: servers[1].host },
            expectedStatus: HttpStatusCode.FORBIDDEN_403
          })
        })

        it('Should succeed with an unknown server', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { host: '127.0.0.1:9003' },
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })

        it('Should fail with our own server', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { host: server.host },
            expectedStatus: HttpStatusCode.CONFLICT_409
          })
        })

        it('Should succeed with the correct params', async function () {
          await makePostBodyRequest({
            url: server.url,
            token: server.accessToken,
            path,
            fields: { host: servers[1].host },
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })
      })

      describe('When unblocking a server', function () {
        it('Should fail with an unauthenticated user', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/' + servers[1].host,
            expectedStatus: HttpStatusCode.UNAUTHORIZED_401
          })
        })

        it('Should fail with a user without the appropriate rights', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/' + servers[1].host,
            token: userAccessToken,
            expectedStatus: HttpStatusCode.FORBIDDEN_403
          })
        })

        it('Should fail with an unknown server block', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/127.0.0.1:9004',
            token: server.accessToken,
            expectedStatus: HttpStatusCode.NOT_FOUND_404
          })
        })

        it('Should succeed with the correct params', async function () {
          await makeDeleteRequest({
            url: server.url,
            path: path + '/' + servers[1].host,
            token: server.accessToken,
            expectedStatus: HttpStatusCode.NO_CONTENT_204
          })
        })
      })
    })
  })

  describe('When getting blocklist status', function () {
    const path = '/api/v1/blocklist/status'

    it('Should fail with a bad token', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        token: 'false',
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with a bad accounts field', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        query: {
          accounts: 1
        },
        expectedStatus: HttpStatusCode.BAD_REQUEST_400
      })

      await makeGetRequest({
        url: server.url,
        path,
        query: {
          accounts: [ 1 ]
        },
        expectedStatus: HttpStatusCode.BAD_REQUEST_400
      })
    })

    it('Should fail with a bad hosts field', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        query: {
          hosts: 1
        },
        expectedStatus: HttpStatusCode.BAD_REQUEST_400
      })

      await makeGetRequest({
        url: server.url,
        path,
        query: {
          hosts: [ 1 ]
        },
        expectedStatus: HttpStatusCode.BAD_REQUEST_400
      })
    })

    it('Should succeed with the correct parameters', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        query: {},
        expectedStatus: HttpStatusCode.OK_200
      })

      await makeGetRequest({
        url: server.url,
        path,
        query: {
          hosts: [ 'example.com' ],
          accounts: [ 'john@example.com' ]
        },
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  after(async function () {
    await cleanupTests(servers)
  })
})