From 57f6896f67cfc570cf3605dd94b0778101b2d9b9 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 7 Jul 2020 10:57:04 +0200 Subject: Implement abuses check params --- server/tests/api/check-params/abuses.ts | 271 ++++++++++++++++++++++++++ server/tests/api/check-params/index.ts | 1 + server/tests/api/check-params/video-abuses.ts | 6 - 3 files changed, 272 insertions(+), 6 deletions(-) create mode 100644 server/tests/api/check-params/abuses.ts (limited to 'server/tests/api/check-params') diff --git a/server/tests/api/check-params/abuses.ts b/server/tests/api/check-params/abuses.ts new file mode 100644 index 000000000..ba7c0833f --- /dev/null +++ b/server/tests/api/check-params/abuses.ts @@ -0,0 +1,271 @@ +/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ + +import 'mocha' +import { AbuseCreate, AbuseState } from '@shared/models' +import { + cleanupTests, + createUser, + deleteAbuse, + flushAndRunServer, + makeGetRequest, + makePostBodyRequest, + ServerInfo, + setAccessTokensToServers, + updateAbuse, + uploadVideo, + userLogin +} from '../../../../shared/extra-utils' +import { + checkBadCountPagination, + checkBadSortPagination, + checkBadStartPagination +} from '../../../../shared/extra-utils/requests/check-api-params' + +// FIXME: deprecated in 2.3. Remove this controller + +describe('Test video abuses API validators', function () { + const basePath = '/api/v1/abuses/' + + let server: ServerInfo + let userAccessToken = '' + let abuseId: number + + // --------------------------------------------------------------- + + before(async function () { + this.timeout(30000) + + server = await flushAndRunServer(1) + + await setAccessTokensToServers([ server ]) + + const username = 'user1' + const password = 'my super password' + await createUser({ url: server.url, accessToken: server.accessToken, username: username, password: password }) + userAccessToken = await userLogin(server, { username, password }) + + const res = await uploadVideo(server.url, server.accessToken, {}) + server.video = res.body.video + }) + + describe('When listing abuses', function () { + const path = basePath + + it('Should fail with a bad start pagination', async function () { + await checkBadStartPagination(server.url, path, server.accessToken) + }) + + it('Should fail with a bad count pagination', async function () { + await checkBadCountPagination(server.url, path, server.accessToken) + }) + + it('Should fail with an incorrect sort', async function () { + await checkBadSortPagination(server.url, path, server.accessToken) + }) + + it('Should fail with a non authenticated user', async function () { + await makeGetRequest({ + url: server.url, + path, + statusCodeExpected: 401 + }) + }) + + it('Should fail with a non admin user', async function () { + await makeGetRequest({ + url: server.url, + path, + token: userAccessToken, + statusCodeExpected: 403 + }) + }) + + it('Should fail with a bad id filter', async function () { + await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } }) + }) + + it('Should fail with a bad filter', async function () { + await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } }) + await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } }) + }) + + it('Should fail with bad predefined reason', async function () { + await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } }) + }) + + it('Should fail with a bad state filter', async function () { + await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } }) + await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } }) + }) + + it('Should fail with a bad videoIs filter', async function () { + await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } }) + }) + + it('Should succeed with the correct params', async function () { + const query = { + id: 13, + predefinedReason: 'violentOrRepulsive', + filter: 'comment', + state: 2, + videoIs: 'deleted' + } + + await makeGetRequest({ url: server.url, path, token: server.accessToken, query, statusCodeExpected: 200 }) + }) + }) + + describe('When reporting an abuse', function () { + const path = basePath + + it('Should fail with nothing', async function () { + const fields = {} + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with a wrong video', async function () { + const fields = { video: { id: 'blabla' }, reason: 'my super reason' } + await makePostBodyRequest({ url: server.url, path: path, token: server.accessToken, fields }) + }) + + it('Should fail with an unknown video', async function () { + const fields = { video: { id: 42 }, reason: 'my super reason' } + await makePostBodyRequest({ url: server.url, path: path, token: server.accessToken, fields, statusCodeExpected: 404 }) + }) + + it('Should fail with a wrong comment', async function () { + const fields = { comment: { id: 'blabla' }, reason: 'my super reason' } + await makePostBodyRequest({ url: server.url, path: path, token: server.accessToken, fields }) + }) + + it('Should fail with an unknown comment', async function () { + const fields = { comment: { id: 42 }, reason: 'my super reason' } + await makePostBodyRequest({ url: server.url, path: path, token: server.accessToken, fields, statusCodeExpected: 404 }) + }) + + it('Should fail with a wrong account', async function () { + const fields = { account: { id: 'blabla' }, reason: 'my super reason' } + await makePostBodyRequest({ url: server.url, path: path, token: server.accessToken, fields }) + }) + + it('Should fail with an unknown account', async function () { + const fields = { account: { id: 42 }, reason: 'my super reason' } + await makePostBodyRequest({ url: server.url, path: path, token: server.accessToken, fields, statusCodeExpected: 404 }) + }) + + it('Should fail with not account, comment or video', async function () { + const fields = { reason: 'my super reason' } + await makePostBodyRequest({ url: server.url, path: path, token: server.accessToken, fields, statusCodeExpected: 400 }) + }) + + it('Should fail with a non authenticated user', async function () { + const fields = { video: { id: server.video.id }, reason: 'my super reason' } + + await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, statusCodeExpected: 401 }) + }) + + it('Should fail with a reason too short', async function () { + const fields = { video: { id: server.video.id }, reason: 'h' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with a too big reason', async function () { + const fields = { video: { id: server.video.id }, reason: 'super'.repeat(605) } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should succeed with the correct parameters (basic)', async function () { + const fields: AbuseCreate = { video: { id: server.video.id }, reason: 'my super reason' } + + const res = await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 200 }) + abuseId = res.body.abuse.id + }) + + it('Should fail with a wrong predefined reason', async function () { + const fields = { video: { id: server.video.id }, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail with negative timestamps', async function () { + const fields = { video: { id: server.video.id, startAt: -1 }, reason: 'my super reason' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should fail mith misordered startAt/endAt', async function () { + const fields = { video: { id: server.video.id, startAt: 5, endAt: 1 }, reason: 'my super reason' } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) + }) + + it('Should succeed with the corret parameters (advanced)', async function () { + const fields: AbuseCreate = { + video: { + id: server.video.id, + startAt: 1, + endAt: 5 + }, + reason: 'my super reason', + predefinedReasons: [ 'serverRules' ] + } + + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 200 }) + }) + }) + + describe('When updating an abuse', function () { + + it('Should fail with a non authenticated user', async function () { + await updateAbuse(server.url, 'blabla', abuseId, {}, 401) + }) + + it('Should fail with a non admin user', async function () { + await updateAbuse(server.url, userAccessToken, abuseId, {}, 403) + }) + + it('Should fail with a bad abuse id', async function () { + await updateAbuse(server.url, server.accessToken, 45, {}, 404) + }) + + it('Should fail with a bad state', async function () { + const body = { state: 5 } + await updateAbuse(server.url, server.accessToken, abuseId, body, 400) + }) + + it('Should fail with a bad moderation comment', async function () { + const body = { moderationComment: 'b'.repeat(3001) } + await updateAbuse(server.url, server.accessToken, abuseId, body, 400) + }) + + it('Should succeed with the correct params', async function () { + const body = { state: AbuseState.ACCEPTED } + await updateAbuse(server.url, server.accessToken, abuseId, body) + }) + }) + + describe('When deleting a video abuse', function () { + + it('Should fail with a non authenticated user', async function () { + await deleteAbuse(server.url, 'blabla', abuseId, 401) + }) + + it('Should fail with a non admin user', async function () { + await deleteAbuse(server.url, userAccessToken, abuseId, 403) + }) + + it('Should fail with a bad abuse id', async function () { + await deleteAbuse(server.url, server.accessToken, 45, 404) + }) + + it('Should succeed with the correct params', async function () { + await deleteAbuse(server.url, server.accessToken, abuseId) + }) + }) + + after(async function () { + await cleanupTests([ server ]) + }) +}) diff --git a/server/tests/api/check-params/index.ts b/server/tests/api/check-params/index.ts index 93ffd98b1..0ee1f27aa 100644 --- a/server/tests/api/check-params/index.ts +++ b/server/tests/api/check-params/index.ts @@ -1,3 +1,4 @@ +import './abuses' import './accounts' import './blocklist' import './bulk' diff --git a/server/tests/api/check-params/video-abuses.ts b/server/tests/api/check-params/video-abuses.ts index f122baef4..3b361ca79 100644 --- a/server/tests/api/check-params/video-abuses.ts +++ b/server/tests/api/check-params/video-abuses.ts @@ -152,12 +152,6 @@ describe('Test video abuses API validators', function () { await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) }) - it('Should fail mith misordered startAt/endAt', async function () { - const fields = { reason: 'my super reason', startAt: 5, endAt: 1 } - - await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) - }) - it('Should succeed with the corret parameters (advanced)', async function () { const fields: VideoAbuseCreate = { reason: 'my super reason', predefinedReasons: [ 'serverRules' ], startAt: 1, endAt: 5 } -- cgit v1.2.3