diff options
author | Chocobozzz <me@florianbigard.com> | 2022-09-16 10:58:13 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-09-16 10:58:13 +0200 |
commit | 8a6828b1664ce3fc535d23c54ed22bab35588d06 (patch) | |
tree | 281eae2418ab610fc66e22f7444d6e1a229cd44b /server | |
parent | 3afe0ec3b32d2bd9183541ecbf40278710f8707d (diff) | |
download | PeerTube-8a6828b1664ce3fc535d23c54ed22bab35588d06.tar.gz PeerTube-8a6828b1664ce3fc535d23c54ed22bab35588d06.tar.zst PeerTube-8a6828b1664ce3fc535d23c54ed22bab35588d06.zip |
Check channel sync id is owned by channel
Diffstat (limited to 'server')
-rw-r--r-- | server/middlewares/validators/videos/video-channels.ts | 7 | ||||
-rw-r--r-- | server/tests/api/check-params/channel-import-videos.ts | 34 |
2 files changed, 39 insertions, 2 deletions
diff --git a/server/middlewares/validators/videos/video-channels.ts b/server/middlewares/validators/videos/video-channels.ts index 8338b24fc..ca6b57003 100644 --- a/server/middlewares/validators/videos/video-channels.ts +++ b/server/middlewares/validators/videos/video-channels.ts | |||
@@ -166,6 +166,13 @@ export const videoChannelImportVideosValidator = [ | |||
166 | 166 | ||
167 | if (body.videoChannelSyncId && !await doesVideoChannelSyncIdExist(body.videoChannelSyncId, res)) return | 167 | if (body.videoChannelSyncId && !await doesVideoChannelSyncIdExist(body.videoChannelSyncId, res)) return |
168 | 168 | ||
169 | if (res.locals.videoChannelSync && res.locals.videoChannelSync.videoChannelId !== res.locals.videoChannel.id) { | ||
170 | return res.fail({ | ||
171 | status: HttpStatusCode.FORBIDDEN_403, | ||
172 | message: 'This channel sync is not owned by this channel' | ||
173 | }) | ||
174 | } | ||
175 | |||
169 | return next() | 176 | return next() |
170 | } | 177 | } |
171 | ] | 178 | ] |
diff --git a/server/tests/api/check-params/channel-import-videos.ts b/server/tests/api/check-params/channel-import-videos.ts index 0ec5fc2b9..2de13b629 100644 --- a/server/tests/api/check-params/channel-import-videos.ts +++ b/server/tests/api/check-params/channel-import-videos.ts | |||
@@ -17,22 +17,27 @@ describe('Test videos import in a channel API validator', function () { | |||
17 | const userInfo = { | 17 | const userInfo = { |
18 | accessToken: '', | 18 | accessToken: '', |
19 | channelName: 'fake_channel', | 19 | channelName: 'fake_channel', |
20 | channelId: -1, | ||
20 | id: -1, | 21 | id: -1, |
21 | videoQuota: -1, | 22 | videoQuota: -1, |
22 | videoQuotaDaily: -1 | 23 | videoQuotaDaily: -1, |
24 | channelSyncId: -1 | ||
23 | } | 25 | } |
24 | let command: ChannelsCommand | 26 | let command: ChannelsCommand |
25 | 27 | ||
26 | // --------------------------------------------------------------- | 28 | // --------------------------------------------------------------- |
27 | 29 | ||
28 | before(async function () { | 30 | before(async function () { |
29 | this.timeout(30000) | 31 | this.timeout(120000) |
30 | 32 | ||
31 | server = await createSingleServer(1) | 33 | server = await createSingleServer(1) |
32 | 34 | ||
33 | await setAccessTokensToServers([ server ]) | 35 | await setAccessTokensToServers([ server ]) |
34 | await setDefaultVideoChannel([ server ]) | 36 | await setDefaultVideoChannel([ server ]) |
35 | 37 | ||
38 | await server.config.enableImports() | ||
39 | await server.config.enableChannelSync() | ||
40 | |||
36 | const userCreds = { | 41 | const userCreds = { |
37 | username: 'fake', | 42 | username: 'fake', |
38 | password: 'fake_password' | 43 | password: 'fake_password' |
@@ -42,12 +47,27 @@ describe('Test videos import in a channel API validator', function () { | |||
42 | const user = await server.users.create({ username: userCreds.username, password: userCreds.password }) | 47 | const user = await server.users.create({ username: userCreds.username, password: userCreds.password }) |
43 | userInfo.id = user.id | 48 | userInfo.id = user.id |
44 | userInfo.accessToken = await server.login.getAccessToken(userCreds) | 49 | userInfo.accessToken = await server.login.getAccessToken(userCreds) |
50 | |||
51 | const info = await server.users.getMyInfo({ token: userInfo.accessToken }) | ||
52 | userInfo.channelId = info.videoChannels[0].id | ||
53 | } | ||
54 | |||
55 | { | ||
56 | const { videoChannelSync } = await server.channelSyncs.create({ | ||
57 | token: userInfo.accessToken, | ||
58 | attributes: { | ||
59 | externalChannelUrl: FIXTURE_URLS.youtubeChannel, | ||
60 | videoChannelId: userInfo.channelId | ||
61 | } | ||
62 | }) | ||
63 | userInfo.channelSyncId = videoChannelSync.id | ||
45 | } | 64 | } |
46 | 65 | ||
47 | command = server.channels | 66 | command = server.channels |
48 | }) | 67 | }) |
49 | 68 | ||
50 | it('Should fail when HTTP upload is disabled', async function () { | 69 | it('Should fail when HTTP upload is disabled', async function () { |
70 | await server.config.disableChannelSync() | ||
51 | await server.config.disableImports() | 71 | await server.config.disableImports() |
52 | 72 | ||
53 | await command.importVideos({ | 73 | await command.importVideos({ |
@@ -98,6 +118,16 @@ describe('Test videos import in a channel API validator', function () { | |||
98 | }) | 118 | }) |
99 | }) | 119 | }) |
100 | 120 | ||
121 | it('Should fail with a sync id of another channel', async function () { | ||
122 | await command.importVideos({ | ||
123 | channelName: server.store.channel.name, | ||
124 | externalChannelUrl: FIXTURE_URLS.youtubeChannel, | ||
125 | videoChannelSyncId: userInfo.channelSyncId, | ||
126 | token: server.accessToken, | ||
127 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
128 | }) | ||
129 | }) | ||
130 | |||
101 | it('Should fail with no authentication', async function () { | 131 | it('Should fail with no authentication', async function () { |
102 | await command.importVideos({ | 132 | await command.importVideos({ |
103 | channelName: server.store.channel.name, | 133 | channelName: server.store.channel.name, |