PeerTube/server/tests/api/check-params/abuses.ts

440 lines
16 KiB
TypeScript
Raw Normal View History

2020-07-07 10:57:04 +02:00
/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
import 'mocha'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
import { AbuseCreate, AbuseState, HttpStatusCode } from '@shared/models'
2020-07-07 10:57:04 +02:00
import {
2021-07-06 12:01:59 +02:00
AbusesCommand,
2020-07-07 10:57:04 +02:00
cleanupTests,
2021-07-16 09:47:51 +02:00
createSingleServer,
2021-07-16 14:27:30 +02:00
doubleFollow,
2020-07-07 10:57:04 +02:00
makeGetRequest,
makePostBodyRequest,
2021-07-16 09:47:51 +02:00
PeerTubeServer,
2020-07-07 10:57:04 +02:00
setAccessTokensToServers,
waitJobs
} from '@shared/server-commands'
2020-07-07 10:57:04 +02:00
2020-07-08 15:51:46 +02:00
describe('Test abuses API validators', function () {
2020-07-07 10:57:04 +02:00
const basePath = '/api/v1/abuses/'
2021-07-16 09:47:51 +02:00
let server: PeerTubeServer
2021-07-06 12:01:59 +02:00
let userToken = ''
let userToken2 = ''
2020-07-07 10:57:04 +02:00
let abuseId: number
2020-07-24 15:05:51 +02:00
let messageId: number
2020-07-07 10:57:04 +02:00
2021-07-06 12:01:59 +02:00
let command: AbusesCommand
2020-07-07 10:57:04 +02:00
// ---------------------------------------------------------------
before(async function () {
this.timeout(30000)
2021-07-16 09:47:51 +02:00
server = await createSingleServer(1)
2020-07-07 10:57:04 +02:00
await setAccessTokensToServers([ server ])
2021-07-16 09:04:35 +02:00
userToken = await server.users.generateUserAndToken('user_1')
userToken2 = await server.users.generateUserAndToken('user_2')
2020-07-24 15:05:51 +02:00
2021-07-22 14:28:03 +02:00
server.store.videoCreated = await server.videos.upload()
2021-07-06 12:01:59 +02:00
2021-07-16 09:04:35 +02:00
command = server.abuses
2020-07-07 10:57:04 +02:00
})
2020-07-24 15:05:51 +02:00
describe('When listing abuses for admins', function () {
2020-07-07 10:57:04 +02:00
const path = basePath
it('Should fail with a bad start pagination', async function () {
await checkBadStartPagination(server.url, path, server.accessToken)
})
it('Should fail with a bad count pagination', async function () {
await checkBadCountPagination(server.url, path, server.accessToken)
})
it('Should fail with an incorrect sort', async function () {
await checkBadSortPagination(server.url, path, server.accessToken)
})
it('Should fail with a non authenticated user', async function () {
await makeGetRequest({
url: server.url,
path,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2020-07-07 10:57:04 +02:00
})
})
it('Should fail with a non admin user', async function () {
await makeGetRequest({
url: server.url,
path,
2021-07-06 12:01:59 +02:00
token: userToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.FORBIDDEN_403
2020-07-07 10:57:04 +02:00
})
})
it('Should fail with a bad id filter', async function () {
await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { id: 'toto' } })
})
it('Should fail with a bad filter', async function () {
await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'toto' } })
await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { filter: 'videos' } })
})
it('Should fail with bad predefined reason', async function () {
await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { predefinedReason: 'violentOrRepulsives' } })
})
it('Should fail with a bad state filter', async function () {
await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 'toto' } })
await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { state: 0 } })
})
it('Should fail with a bad videoIs filter', async function () {
await makeGetRequest({ url: server.url, path, token: server.accessToken, query: { videoIs: 'toto' } })
})
it('Should succeed with the correct params', async function () {
const query = {
id: 13,
predefinedReason: 'violentOrRepulsive',
filter: 'comment',
state: 2,
videoIs: 'deleted'
}
2021-07-16 10:42:24 +02:00
await makeGetRequest({ url: server.url, path, token: server.accessToken, query, expectedStatus: HttpStatusCode.OK_200 })
2020-07-07 10:57:04 +02:00
})
})
2020-07-24 15:05:51 +02:00
describe('When listing abuses for users', function () {
const path = '/api/v1/users/me/abuses'
it('Should fail with a bad start pagination', async function () {
2021-07-06 12:01:59 +02:00
await checkBadStartPagination(server.url, path, userToken)
2020-07-24 15:05:51 +02:00
})
it('Should fail with a bad count pagination', async function () {
2021-07-06 12:01:59 +02:00
await checkBadCountPagination(server.url, path, userToken)
2020-07-24 15:05:51 +02:00
})
it('Should fail with an incorrect sort', async function () {
2021-07-06 12:01:59 +02:00
await checkBadSortPagination(server.url, path, userToken)
2020-07-24 15:05:51 +02:00
})
it('Should fail with a non authenticated user', async function () {
await makeGetRequest({
url: server.url,
path,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2020-07-24 15:05:51 +02:00
})
})
it('Should fail with a bad id filter', async function () {
2021-07-06 12:01:59 +02:00
await makeGetRequest({ url: server.url, path, token: userToken, query: { id: 'toto' } })
2020-07-24 15:05:51 +02:00
})
it('Should fail with a bad state filter', async function () {
2021-07-06 12:01:59 +02:00
await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 'toto' } })
await makeGetRequest({ url: server.url, path, token: userToken, query: { state: 0 } })
2020-07-24 15:05:51 +02:00
})
it('Should succeed with the correct params', async function () {
const query = {
id: 13,
state: 2
}
2021-07-16 10:42:24 +02:00
await makeGetRequest({ url: server.url, path, token: userToken, query, expectedStatus: HttpStatusCode.OK_200 })
2020-07-24 15:05:51 +02:00
})
})
2020-07-07 10:57:04 +02:00
describe('When reporting an abuse', function () {
const path = basePath
it('Should fail with nothing', async function () {
const fields = {}
2021-07-06 12:01:59 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
2020-07-07 10:57:04 +02:00
})
it('Should fail with a wrong video', async function () {
const fields = { video: { id: 'blabla' }, reason: 'my super reason' }
2022-07-13 11:58:01 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
2020-07-07 10:57:04 +02:00
})
it('Should fail with an unknown video', async function () {
const fields = { video: { id: 42 }, reason: 'my super reason' }
await makePostBodyRequest({
url: server.url,
path,
2021-07-06 12:01:59 +02:00
token: userToken,
fields,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
2020-07-07 10:57:04 +02:00
})
it('Should fail with a wrong comment', async function () {
const fields = { comment: { id: 'blabla' }, reason: 'my super reason' }
2022-07-13 11:58:01 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
2020-07-07 10:57:04 +02:00
})
it('Should fail with an unknown comment', async function () {
const fields = { comment: { id: 42 }, reason: 'my super reason' }
await makePostBodyRequest({
url: server.url,
path,
2021-07-06 12:01:59 +02:00
token: userToken,
fields,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
2020-07-07 10:57:04 +02:00
})
it('Should fail with a wrong account', async function () {
const fields = { account: { id: 'blabla' }, reason: 'my super reason' }
2022-07-13 11:58:01 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
2020-07-07 10:57:04 +02:00
})
it('Should fail with an unknown account', async function () {
const fields = { account: { id: 42 }, reason: 'my super reason' }
await makePostBodyRequest({
url: server.url,
path,
2021-07-06 12:01:59 +02:00
token: userToken,
fields,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
2020-07-07 10:57:04 +02:00
})
it('Should fail with not account, comment or video', async function () {
const fields = { reason: 'my super reason' }
await makePostBodyRequest({
url: server.url,
path,
2021-07-06 12:01:59 +02:00
token: userToken,
fields,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
2020-07-07 10:57:04 +02:00
})
it('Should fail with a non authenticated user', async function () {
2021-07-22 14:28:03 +02:00
const fields = { video: { id: server.store.videoCreated.id }, reason: 'my super reason' }
2020-07-07 10:57:04 +02:00
2021-07-16 10:42:24 +02:00
await makePostBodyRequest({ url: server.url, path, token: 'hello', fields, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
2020-07-07 10:57:04 +02:00
})
it('Should fail with a reason too short', async function () {
2021-07-22 14:28:03 +02:00
const fields = { video: { id: server.store.videoCreated.id }, reason: 'h' }
2020-07-07 10:57:04 +02:00
2021-07-06 12:01:59 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
2020-07-07 10:57:04 +02:00
})
it('Should fail with a too big reason', async function () {
2021-07-22 14:28:03 +02:00
const fields = { video: { id: server.store.videoCreated.id }, reason: 'super'.repeat(605) }
2020-07-07 10:57:04 +02:00
2021-07-06 12:01:59 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
2020-07-07 10:57:04 +02:00
})
it('Should succeed with the correct parameters (basic)', async function () {
2021-07-22 14:28:03 +02:00
const fields: AbuseCreate = { video: { id: server.store.videoCreated.shortUUID }, reason: 'my super reason' }
2020-07-07 10:57:04 +02:00
const res = await makePostBodyRequest({
url: server.url,
path,
2021-07-06 12:01:59 +02:00
token: userToken,
fields,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.OK_200
})
2020-07-07 10:57:04 +02:00
abuseId = res.body.abuse.id
})
it('Should fail with a wrong predefined reason', async function () {
2021-07-22 14:28:03 +02:00
const fields = { video: server.store.videoCreated, reason: 'my super reason', predefinedReasons: [ 'wrongPredefinedReason' ] }
2020-07-07 10:57:04 +02:00
2021-07-06 12:01:59 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
2020-07-07 10:57:04 +02:00
})
it('Should fail with negative timestamps', async function () {
2021-07-22 14:28:03 +02:00
const fields = { video: { id: server.store.videoCreated.id, startAt: -1 }, reason: 'my super reason' }
2020-07-07 10:57:04 +02:00
2021-07-06 12:01:59 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
2020-07-07 10:57:04 +02:00
})
it('Should fail mith misordered startAt/endAt', async function () {
2021-07-22 14:28:03 +02:00
const fields = { video: { id: server.store.videoCreated.id, startAt: 5, endAt: 1 }, reason: 'my super reason' }
2020-07-07 10:57:04 +02:00
2021-07-06 12:01:59 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields })
2020-07-07 10:57:04 +02:00
})
it('Should succeed with the correct parameters (advanced)', async function () {
2020-07-07 10:57:04 +02:00
const fields: AbuseCreate = {
video: {
2021-07-22 14:28:03 +02:00
id: server.store.videoCreated.id,
2020-07-07 10:57:04 +02:00
startAt: 1,
endAt: 5
},
reason: 'my super reason',
predefinedReasons: [ 'serverRules' ]
}
2021-07-16 10:42:24 +02:00
await makePostBodyRequest({ url: server.url, path, token: userToken, fields, expectedStatus: HttpStatusCode.OK_200 })
2020-07-07 10:57:04 +02:00
})
})
describe('When updating an abuse', function () {
it('Should fail with a non authenticated user', async function () {
2021-07-06 12:01:59 +02:00
await command.update({ token: 'blabla', abuseId, body: {}, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
2020-07-07 10:57:04 +02:00
})
it('Should fail with a non admin user', async function () {
2021-07-06 12:01:59 +02:00
await command.update({ token: userToken, abuseId, body: {}, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
2020-07-07 10:57:04 +02:00
})
it('Should fail with a bad abuse id', async function () {
2021-07-06 12:01:59 +02:00
await command.update({ abuseId: 45, body: {}, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
2020-07-07 10:57:04 +02:00
})
it('Should fail with a bad state', async function () {
const body = { state: 5 }
2021-07-06 12:01:59 +02:00
await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
2020-07-07 10:57:04 +02:00
})
it('Should fail with a bad moderation comment', async function () {
const body = { moderationComment: 'b'.repeat(3001) }
2021-07-06 12:01:59 +02:00
await command.update({ abuseId, body, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
2020-07-07 10:57:04 +02:00
})
it('Should succeed with the correct params', async function () {
const body = { state: AbuseState.ACCEPTED }
2021-07-06 12:01:59 +02:00
await command.update({ abuseId, body })
2020-07-07 10:57:04 +02:00
})
})
2020-07-24 15:05:51 +02:00
describe('When creating an abuse message', function () {
const message = 'my super message'
it('Should fail with an invalid abuse id', async function () {
2021-07-06 12:01:59 +02:00
await command.addMessage({ token: userToken2, abuseId: 888, message, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
2020-07-24 15:05:51 +02:00
})
it('Should fail with a non authenticated user', async function () {
2021-07-06 12:01:59 +02:00
await command.addMessage({ token: 'fake_token', abuseId, message, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
2020-07-24 15:05:51 +02:00
})
it('Should fail with an invalid logged in user', async function () {
2021-07-06 12:01:59 +02:00
await command.addMessage({ token: userToken2, abuseId, message, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
2020-07-24 15:05:51 +02:00
})
it('Should fail with an invalid message', async function () {
2021-07-06 12:01:59 +02:00
await command.addMessage({ token: userToken, abuseId, message: 'a'.repeat(5000), expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
2020-07-24 15:05:51 +02:00
})
it('Should succeed with the correct params', async function () {
2021-07-06 12:01:59 +02:00
const res = await command.addMessage({ token: userToken, abuseId, message })
2020-07-24 15:05:51 +02:00
messageId = res.body.abuseMessage.id
})
})
describe('When listing abuse messages', function () {
2020-07-24 15:05:51 +02:00
it('Should fail with an invalid abuse id', async function () {
2021-07-06 12:01:59 +02:00
await command.listMessages({ token: userToken, abuseId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
2020-07-24 15:05:51 +02:00
})
it('Should fail with a non authenticated user', async function () {
2021-07-06 12:01:59 +02:00
await command.listMessages({ token: 'fake_token', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
2020-07-24 15:05:51 +02:00
})
it('Should fail with an invalid logged in user', async function () {
2021-07-06 12:01:59 +02:00
await command.listMessages({ token: userToken2, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
2020-07-24 15:05:51 +02:00
})
it('Should succeed with the correct params', async function () {
2021-07-06 12:01:59 +02:00
await command.listMessages({ token: userToken, abuseId })
2020-07-24 15:05:51 +02:00
})
})
describe('When deleting an abuse message', function () {
it('Should fail with an invalid abuse id', async function () {
2021-07-06 12:01:59 +02:00
await command.deleteMessage({ token: userToken, abuseId: 888, messageId, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
2020-07-24 15:05:51 +02:00
})
it('Should fail with an invalid message id', async function () {
2021-07-06 12:01:59 +02:00
await command.deleteMessage({ token: userToken, abuseId, messageId: 888, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
2020-07-24 15:05:51 +02:00
})
it('Should fail with a non authenticated user', async function () {
2021-07-06 12:01:59 +02:00
await command.deleteMessage({ token: 'fake_token', abuseId, messageId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
2020-07-24 15:05:51 +02:00
})
it('Should fail with an invalid logged in user', async function () {
2021-07-06 12:01:59 +02:00
await command.deleteMessage({ token: userToken2, abuseId, messageId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
2020-07-24 15:05:51 +02:00
})
it('Should succeed with the correct params', async function () {
2021-07-06 12:01:59 +02:00
await command.deleteMessage({ token: userToken, abuseId, messageId })
2020-07-24 15:05:51 +02:00
})
})
2020-07-07 10:57:04 +02:00
describe('When deleting a video abuse', function () {
it('Should fail with a non authenticated user', async function () {
2021-07-06 12:01:59 +02:00
await command.delete({ token: 'blabla', abuseId, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
2020-07-07 10:57:04 +02:00
})
it('Should fail with a non admin user', async function () {
2021-07-06 12:01:59 +02:00
await command.delete({ token: userToken, abuseId, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
2020-07-07 10:57:04 +02:00
})
it('Should fail with a bad abuse id', async function () {
2021-07-06 12:01:59 +02:00
await command.delete({ abuseId: 45, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
2020-07-07 10:57:04 +02:00
})
it('Should succeed with the correct params', async function () {
2021-07-06 12:01:59 +02:00
await command.delete({ abuseId })
2020-07-07 10:57:04 +02:00
})
})
describe('When trying to manage messages of a remote abuse', function () {
let remoteAbuseId: number
2021-07-16 09:47:51 +02:00
let anotherServer: PeerTubeServer
before(async function () {
2021-01-11 16:05:10 +01:00
this.timeout(50000)
2021-07-16 09:47:51 +02:00
anotherServer = await createSingleServer(2)
await setAccessTokensToServers([ anotherServer ])
await doubleFollow(anotherServer, server)
2021-07-22 14:28:03 +02:00
const server2VideoId = await anotherServer.videos.getId({ uuid: server.store.videoCreated.uuid })
2021-07-16 09:04:35 +02:00
await anotherServer.abuses.report({ reason: 'remote server', videoId: server2VideoId })
await waitJobs([ server, anotherServer ])
2021-07-06 12:01:59 +02:00
const body = await command.getAdminList({ sort: '-createdAt' })
remoteAbuseId = body.data[0].id
})
it('Should fail when listing abuse messages of a remote abuse', async function () {
2021-07-06 12:01:59 +02:00
await command.listMessages({ abuseId: remoteAbuseId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
})
it('Should fail when creating abuse message of a remote abuse', async function () {
2021-07-06 12:01:59 +02:00
await command.addMessage({ abuseId: remoteAbuseId, message: 'message', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
})
2020-08-06 16:14:58 +02:00
after(async function () {
await cleanupTests([ anotherServer ])
})
})
2020-07-07 10:57:04 +02:00
after(async function () {
await cleanupTests([ server ])
})
})