1 files changed, 294 insertions, 0 deletions
diff --git a/packages/tests/src/api/videos/video-privacy.ts b/packages/tests/src/api/videos/video-privacy.ts
new file mode 100644
index 000000000..9171463a4
--- /dev/null
+++ b/packages/tests/src/api/videos/video-privacy.ts
@@ -0,0 +1,294 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import { expect } from 'chai'
+import { wait } from '@peertube/peertube-core-utils'
+import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@peertube/peertube-models'
+import {
+  cleanupTests,
+  createSingleServer,
+  doubleFollow,
+  PeerTubeServer,
+  setAccessTokensToServers,
+  waitJobs
+} from '@peertube/peertube-server-commands'
+describe('Test video privacy', function () {
+  const servers: PeerTubeServer[] = []
+  let anotherUserToken: string
+  let privateVideoId: number
+  let privateVideoUUID: string
+  let internalVideoId: number
+  let internalVideoUUID: string
+  let unlistedVideo: VideoCreateResult
+  let nonFederatedUnlistedVideoUUID: string
+  let now: number
+  const dontFederateUnlistedConfig = {
+    federation: {
+      videos: {
+        federate_unlisted: false
+      }
+    }
+  }
+  before(async function () {
+    this.timeout(50000)
+    // Run servers
+    servers.push(await createSingleServer(1, dontFederateUnlistedConfig))
+    servers.push(await createSingleServer(2))
+    // Get the access tokens
+    await setAccessTokensToServers(servers)
+    // Server 1 and server 2 follow each other
+    await doubleFollow(servers[0], servers[1])
+  })
+  describe('Private and internal videos', function () {
+    it('Should upload a private and internal videos on server 1', async function () {
+      this.timeout(50000)
+      for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
+        const attributes = { privacy }
+        await servers[0].videos.upload({ attributes })
+      }
+      await waitJobs(servers)
+    })
+    it('Should not have these private and internal videos on server 2', async function () {
+      const { total, data } = await servers[1].videos.list()
+      expect(total).to.equal(0)
+      expect(data).to.have.lengthOf(0)
+    })
+    it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
+      const { total, data } = await servers[0].videos.list()
+      expect(total).to.equal(0)
+      expect(data).to.have.lengthOf(0)
+    })
+    it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
+      const { total, data } = await servers[0].videos.listWithToken()
+      expect(total).to.equal(1)
+      expect(data).to.have.lengthOf(1)
+      expect(data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
+    })
+    it('Should list my (private and internal) videos', async function () {
+      const { total, data } = await servers[0].videos.listMyVideos()
+      expect(total).to.equal(2)
+      expect(data).to.have.lengthOf(2)
+      const privateVideo = data.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
+      privateVideoId = privateVideo.id
+      privateVideoUUID = privateVideo.uuid
+      const internalVideo = data.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
+      internalVideoId = internalVideo.id
+      internalVideoUUID = internalVideo.uuid
+    })
+    it('Should not be able to watch the private/internal video with non authenticated user', async function () {
+      await servers[0].videos.get({ id: privateVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+      await servers[0].videos.get({ id: internalVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+    it('Should not be able to watch the private video with another user', async function () {
+      const user = {
+        username: 'hello',
+        password: 'super password'
+      }
+      await servers[0].users.create({ username: user.username, password: user.password })
+      anotherUserToken = await servers[0].login.getAccessToken(user)
+      await servers[0].videos.getWithToken({
+        token: anotherUserToken,
+        id: privateVideoUUID,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
+    it('Should be able to watch the internal video with another user', async function () {
+      await servers[0].videos.getWithToken({ token: anotherUserToken, id: internalVideoUUID })
+    })
+    it('Should be able to watch the private video with the correct user', async function () {
+      await servers[0].videos.getWithToken({ id: privateVideoUUID })
+    })
+  })
+  describe('Unlisted videos', function () {
+    it('Should upload an unlisted video on server 2', async function () {
+      this.timeout(120000)
+      const attributes = {
+        name: 'unlisted video',
+        privacy: VideoPrivacy.UNLISTED
+      }
+      await servers[1].videos.upload({ attributes })
+      // Server 2 has transcoding enabled
+      await waitJobs(servers)
+    })
+    it('Should not have this unlisted video listed on server 1 and 2', async function () {
+      for (const server of servers) {
+        const { total, data } = await server.videos.list()
+        expect(total).to.equal(0)
+        expect(data).to.have.lengthOf(0)
+      }
+    })
+    it('Should list my (unlisted) videos', async function () {
+      const { total, data } = await servers[1].videos.listMyVideos()
+      expect(total).to.equal(1)
+      expect(data).to.have.lengthOf(1)
+      unlistedVideo = data[0]
+    })
+    it('Should not be able to get this unlisted video using its id', async function () {
+      await servers[1].videos.get({ id: unlistedVideo.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+    it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
+      for (const server of servers) {
+        for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
+          const video = await server.videos.get({ id })
+          expect(video.name).to.equal('unlisted video')
+        }
+      }
+    })
+    it('Should upload a non-federating unlisted video to server 1', async function () {
+      this.timeout(30000)
+      const attributes = {
+        name: 'unlisted video',
+        privacy: VideoPrivacy.UNLISTED
+      }
+      await servers[0].videos.upload({ attributes })
+      await waitJobs(servers)
+    })
+    it('Should list my new unlisted video', async function () {
+      const { total, data } = await servers[0].videos.listMyVideos()
+      expect(total).to.equal(3)
+      expect(data).to.have.lengthOf(3)
+      nonFederatedUnlistedVideoUUID = data[0].uuid
+    })
+    it('Should be able to get non-federated unlisted video from origin', async function () {
+      const video = await servers[0].videos.get({ id: nonFederatedUnlistedVideoUUID })
+      expect(video.name).to.equal('unlisted video')
+    })
+    it('Should not be able to get non-federated unlisted video from federated server', async function () {
+      await servers[1].videos.get({ id: nonFederatedUnlistedVideoUUID, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
+    })
+  })
+  describe('Privacy update', function () {
+    it('Should update the private and internal videos to public on server 1', async function () {
+      this.timeout(100000)
+      now = Date.now()
+      {
+        const attributes = {
+          name: 'private video becomes public',
+          privacy: VideoPrivacy.PUBLIC
+        }
+        await servers[0].videos.update({ id: privateVideoId, attributes })
+      }
+      {
+        const attributes = {
+          name: 'internal video becomes public',
+          privacy: VideoPrivacy.PUBLIC
+        }
+        await servers[0].videos.update({ id: internalVideoId, attributes })
+      }
+      await wait(10000)
+      await waitJobs(servers)
+    })
+    it('Should have this new public video listed on server 1 and 2', async function () {
+      for (const server of servers) {
+        const { total, data } = await server.videos.list()
+        expect(total).to.equal(2)
+        expect(data).to.have.lengthOf(2)
+        const privateVideo = data.find(v => v.name === 'private video becomes public')
+        const internalVideo = data.find(v => v.name === 'internal video becomes public')
+        expect(privateVideo).to.not.be.undefined
+        expect(internalVideo).to.not.be.undefined
+        expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
+        // We don't change the publish date of internal videos
+        expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
+        expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
+        expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
+      }
+    })
+    it('Should set these videos as private and internal', async function () {
+      await servers[0].videos.update({ id: internalVideoId, attributes: { privacy: VideoPrivacy.PRIVATE } })
+      await servers[0].videos.update({ id: privateVideoId, attributes: { privacy: VideoPrivacy.INTERNAL } })
+      await waitJobs(servers)
+      for (const server of servers) {
+        const { total, data } = await server.videos.list()
+        expect(total).to.equal(0)
+        expect(data).to.have.lengthOf(0)
+      }
+      {
+        const { total, data } = await servers[0].videos.listMyVideos()
+        expect(total).to.equal(3)
+        expect(data).to.have.lengthOf(3)
+        const privateVideo = data.find(v => v.name === 'private video becomes public')
+        const internalVideo = data.find(v => v.name === 'internal video becomes public')
+        expect(privateVideo).to.not.be.undefined
+        expect(internalVideo).to.not.be.undefined
+        expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
+        expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
+      }
+    })
+  })
+  after(async function () {
+    await cleanupTests(servers)
+  })
+})

diff --git a/packages/tests/src/api/videos/video-privacy.ts b/packages/tests/src/api/videos/video-privacy.ts new file mode 100644 index 000000000..9171463a4 --- /dev/null +++ b/packages/tests/src/api/videos/video-privacy.ts
@@ -0,0 +1,294 @@
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import { expect } from 'chai'
	4	import { wait } from '@peertube/peertube-core-utils'
	5	import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@peertube/peertube-models'
	6	import {
	7	cleanupTests,
	8	createSingleServer,
	9	doubleFollow,
	10	PeerTubeServer,
	11	setAccessTokensToServers,
	12	waitJobs
	13	} from '@peertube/peertube-server-commands'
	14
	15	describe('Test video privacy', function () {
	16	const servers: PeerTubeServer[] = []
	17	let anotherUserToken: string
	18
	19	let privateVideoId: number
	20	let privateVideoUUID: string
	21
	22	let internalVideoId: number
	23	let internalVideoUUID: string
	24
	25	let unlistedVideo: VideoCreateResult
	26	let nonFederatedUnlistedVideoUUID: string
	27
	28	let now: number
	29
	30	const dontFederateUnlistedConfig = {
	31	federation: {
	32	videos: {
	33	federate_unlisted: false
	34	}
	35	}
	36	}
	37
	38	before(async function () {
	39	this.timeout(50000)
	40
	41	// Run servers
	42	servers.push(await createSingleServer(1, dontFederateUnlistedConfig))
	43	servers.push(await createSingleServer(2))
	44
	45	// Get the access tokens
	46	await setAccessTokensToServers(servers)
	47
	48	// Server 1 and server 2 follow each other
	49	await doubleFollow(servers[0], servers[1])
	50	})
	51
	52	describe('Private and internal videos', function () {
	53
	54	it('Should upload a private and internal videos on server 1', async function () {
	55	this.timeout(50000)
	56
	57	for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
	58	const attributes = { privacy }
	59	await servers[0].videos.upload({ attributes })
	60	}
	61
	62	await waitJobs(servers)
	63	})
	64
	65	it('Should not have these private and internal videos on server 2', async function () {
	66	const { total, data } = await servers[1].videos.list()
	67
	68	expect(total).to.equal(0)
	69	expect(data).to.have.lengthOf(0)
	70	})
	71
	72	it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
	73	const { total, data } = await servers[0].videos.list()
	74
	75	expect(total).to.equal(0)
	76	expect(data).to.have.lengthOf(0)
	77	})
	78
	79	it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
	80	const { total, data } = await servers[0].videos.listWithToken()
	81
	82	expect(total).to.equal(1)
	83	expect(data).to.have.lengthOf(1)
	84
	85	expect(data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
	86	})
	87
	88	it('Should list my (private and internal) videos', async function () {
	89	const { total, data } = await servers[0].videos.listMyVideos()
	90
	91	expect(total).to.equal(2)
	92	expect(data).to.have.lengthOf(2)
	93
	94	const privateVideo = data.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
	95	privateVideoId = privateVideo.id
	96	privateVideoUUID = privateVideo.uuid
	97
	98	const internalVideo = data.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
	99	internalVideoId = internalVideo.id
	100	internalVideoUUID = internalVideo.uuid
	101	})
	102
	103	it('Should not be able to watch the private/internal video with non authenticated user', async function () {
	104	await servers[0].videos.get({ id: privateVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	105	await servers[0].videos.get({ id: internalVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	106	})
	107
	108	it('Should not be able to watch the private video with another user', async function () {
	109	const user = {
	110	username: 'hello',
	111	password: 'super password'
	112	}
	113	await servers[0].users.create({ username: user.username, password: user.password })
	114
	115	anotherUserToken = await servers[0].login.getAccessToken(user)
	116
	117	await servers[0].videos.getWithToken({
	118	token: anotherUserToken,
	119	id: privateVideoUUID,
	120	expectedStatus: HttpStatusCode.FORBIDDEN_403
	121	})
	122	})
	123
	124	it('Should be able to watch the internal video with another user', async function () {
	125	await servers[0].videos.getWithToken({ token: anotherUserToken, id: internalVideoUUID })
	126	})
	127
	128	it('Should be able to watch the private video with the correct user', async function () {
	129	await servers[0].videos.getWithToken({ id: privateVideoUUID })
	130	})
	131	})
	132
	133	describe('Unlisted videos', function () {
	134
	135	it('Should upload an unlisted video on server 2', async function () {
	136	this.timeout(120000)
	137
	138	const attributes = {
	139	name: 'unlisted video',
	140	privacy: VideoPrivacy.UNLISTED
	141	}
	142	await servers[1].videos.upload({ attributes })
	143
	144	// Server 2 has transcoding enabled
	145	await waitJobs(servers)
	146	})
	147
	148	it('Should not have this unlisted video listed on server 1 and 2', async function () {
	149	for (const server of servers) {
	150	const { total, data } = await server.videos.list()
	151
	152	expect(total).to.equal(0)
	153	expect(data).to.have.lengthOf(0)
	154	}
	155	})
	156
	157	it('Should list my (unlisted) videos', async function () {
	158	const { total, data } = await servers[1].videos.listMyVideos()
	159
	160	expect(total).to.equal(1)
	161	expect(data).to.have.lengthOf(1)
	162
	163	unlistedVideo = data[0]
	164	})
	165
	166	it('Should not be able to get this unlisted video using its id', async function () {
	167	await servers[1].videos.get({ id: unlistedVideo.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	168	})
	169
	170	it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
	171	for (const server of servers) {
	172	for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
	173	const video = await server.videos.get({ id })
	174
	175	expect(video.name).to.equal('unlisted video')
	176	}
	177	}
	178	})
	179
	180	it('Should upload a non-federating unlisted video to server 1', async function () {
	181	this.timeout(30000)
	182
	183	const attributes = {
	184	name: 'unlisted video',
	185	privacy: VideoPrivacy.UNLISTED
	186	}
	187	await servers[0].videos.upload({ attributes })
	188
	189	await waitJobs(servers)
	190	})
	191
	192	it('Should list my new unlisted video', async function () {
	193	const { total, data } = await servers[0].videos.listMyVideos()
	194
	195	expect(total).to.equal(3)
	196	expect(data).to.have.lengthOf(3)
	197
	198	nonFederatedUnlistedVideoUUID = data[0].uuid
	199	})
	200
	201	it('Should be able to get non-federated unlisted video from origin', async function () {
	202	const video = await servers[0].videos.get({ id: nonFederatedUnlistedVideoUUID })
	203
	204	expect(video.name).to.equal('unlisted video')
	205	})
	206
	207	it('Should not be able to get non-federated unlisted video from federated server', async function () {
	208	await servers[1].videos.get({ id: nonFederatedUnlistedVideoUUID, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
	209	})
	210	})
	211
	212	describe('Privacy update', function () {
	213
	214	it('Should update the private and internal videos to public on server 1', async function () {
	215	this.timeout(100000)
	216
	217	now = Date.now()
	218
	219	{
	220	const attributes = {
	221	name: 'private video becomes public',
	222	privacy: VideoPrivacy.PUBLIC
	223	}
	224
	225	await servers[0].videos.update({ id: privateVideoId, attributes })
	226	}
	227
	228	{
	229	const attributes = {
	230	name: 'internal video becomes public',
	231	privacy: VideoPrivacy.PUBLIC
	232	}
	233	await servers[0].videos.update({ id: internalVideoId, attributes })
	234	}
	235
	236	await wait(10000)
	237	await waitJobs(servers)
	238	})
	239
	240	it('Should have this new public video listed on server 1 and 2', async function () {
	241	for (const server of servers) {
	242	const { total, data } = await server.videos.list()
	243	expect(total).to.equal(2)
	244	expect(data).to.have.lengthOf(2)
	245
	246	const privateVideo = data.find(v => v.name === 'private video becomes public')
	247	const internalVideo = data.find(v => v.name === 'internal video becomes public')
	248
	249	expect(privateVideo).to.not.be.undefined
	250	expect(internalVideo).to.not.be.undefined
	251
	252	expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
	253	// We don't change the publish date of internal videos
	254	expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
	255
	256	expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
	257	expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
	258	}
	259	})
	260
	261	it('Should set these videos as private and internal', async function () {
	262	await servers[0].videos.update({ id: internalVideoId, attributes: { privacy: VideoPrivacy.PRIVATE } })
	263	await servers[0].videos.update({ id: privateVideoId, attributes: { privacy: VideoPrivacy.INTERNAL } })
	264
	265	await waitJobs(servers)
	266
	267	for (const server of servers) {
	268	const { total, data } = await server.videos.list()
	269
	270	expect(total).to.equal(0)
	271	expect(data).to.have.lengthOf(0)
	272	}
	273
	274	{
	275	const { total, data } = await servers[0].videos.listMyVideos()
	276	expect(total).to.equal(3)
	277	expect(data).to.have.lengthOf(3)
	278
	279	const privateVideo = data.find(v => v.name === 'private video becomes public')
	280	const internalVideo = data.find(v => v.name === 'internal video becomes public')
	281
	282	expect(privateVideo).to.not.be.undefined
	283	expect(internalVideo).to.not.be.undefined
	284
	285	expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
	286	expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
	287	}
	288	})
	289	})
	290
	291	after(async function () {
	292	await cleanupTests(servers)
	293	})
	294	})