packages/tests/src/api/check-params/video-token.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import { HttpStatusCode, VideoPrivacy } from '@peertube/peertube-models'
import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@peertube/peertube-server-commands'

describe('Test video tokens', function () {
  let server: PeerTubeServer
  let privateVideoId: string
  let passwordProtectedVideoId: string
  let userToken: string

  const videoPassword = 'password'

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(300_000)

    server = await createSingleServer(1)
    await setAccessTokensToServers([ server ])
    {
      const { uuid } = await server.videos.quickUpload({ name: 'private video', privacy: VideoPrivacy.PRIVATE })
      privateVideoId = uuid
    }
    {
      const { uuid } = await server.videos.quickUpload({
        name: 'password protected video',
        privacy: VideoPrivacy.PASSWORD_PROTECTED,
        videoPasswords: [ videoPassword ]
      })
      passwordProtectedVideoId = uuid
    }
    userToken = await server.users.generateUserAndToken('user1')
  })

  it('Should not generate tokens on private video for unauthenticated user', async function () {
    await server.videoToken.create({ videoId: privateVideoId, token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
  })

  it('Should not generate tokens of unknown video', async function () {
    await server.videoToken.create({ videoId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
  })

  it('Should not generate tokens with incorrect password', async function () {
    await server.videoToken.create({
      videoId: passwordProtectedVideoId,
      token: null,
      expectedStatus: HttpStatusCode.FORBIDDEN_403,
      videoPassword: 'incorrectPassword'
    })
  })

  it('Should not generate tokens of a non owned video', async function () {
    await server.videoToken.create({ videoId: privateVideoId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
  })

  it('Should generate token', async function () {
    await server.videoToken.create({ videoId: privateVideoId })
  })

  it('Should generate token on password protected video', async function () {
    await server.videoToken.create({ videoId: passwordProtectedVideoId, videoPassword, token: null })
    await server.videoToken.create({ videoId: passwordProtectedVideoId, videoPassword, token: userToken })
    await server.videoToken.create({ videoId: passwordProtectedVideoId, videoPassword })
  })

  after(async function () {
    await cleanupTests([ server ])
  })
})