PeerTube/server/tests/api/check-params/blocklist.ts

558 lines
17 KiB
TypeScript
Raw Normal View History

2020-01-31 16:56:52 +01:00
/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
import 'mocha'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
import { HttpStatusCode } from '@shared/models'
import {
2019-04-24 11:54:23 +02:00
cleanupTests,
2021-07-16 09:47:51 +02:00
createMultipleServers,
2021-07-16 10:42:24 +02:00
doubleFollow,
makeDeleteRequest,
makeGetRequest,
makePostBodyRequest,
2021-07-16 09:47:51 +02:00
PeerTubeServer,
2021-07-13 11:05:15 +02:00
setAccessTokensToServers
} from '@shared/server-commands'
describe('Test blocklist API validators', function () {
2021-07-16 09:47:51 +02:00
let servers: PeerTubeServer[]
let server: PeerTubeServer
let userAccessToken: string
before(async function () {
this.timeout(60000)
2021-07-16 09:47:51 +02:00
servers = await createMultipleServers(2)
await setAccessTokensToServers(servers)
server = servers[0]
const user = { username: 'user1', password: 'password' }
2021-07-16 09:04:35 +02:00
await server.users.create({ username: user.username, password: user.password })
2021-07-16 09:04:35 +02:00
userAccessToken = await server.login.getAccessToken(user)
await doubleFollow(servers[0], servers[1])
})
// ---------------------------------------------------------------
describe('When managing user blocklist', function () {
describe('When managing user accounts blocklist', function () {
const path = '/api/v1/users/me/blocklist/accounts'
describe('When listing blocked accounts', function () {
it('Should fail with an unauthenticated user', async function () {
await makeGetRequest({
url: server.url,
path,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with a bad start pagination', async function () {
await checkBadStartPagination(server.url, path, server.accessToken)
})
it('Should fail with a bad count pagination', async function () {
await checkBadCountPagination(server.url, path, server.accessToken)
})
it('Should fail with an incorrect sort', async function () {
await checkBadSortPagination(server.url, path, server.accessToken)
})
})
describe('When blocking an account', function () {
it('Should fail with an unauthenticated user', async function () {
await makePostBodyRequest({
url: server.url,
path,
fields: { accountName: 'user1' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with an unknown account', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { accountName: 'user2' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
})
it('Should fail to block ourselves', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { accountName: 'root' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.CONFLICT_409
})
})
it('Should succeed with the correct params', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { accountName: 'user1' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
})
describe('When unblocking an account', function () {
it('Should fail with an unauthenticated user', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user1',
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with an unknown account block', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user2',
token: server.accessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
})
it('Should succeed with the correct params', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user1',
token: server.accessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
})
})
describe('When managing user servers blocklist', function () {
const path = '/api/v1/users/me/blocklist/servers'
describe('When listing blocked servers', function () {
it('Should fail with an unauthenticated user', async function () {
await makeGetRequest({
url: server.url,
path,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with a bad start pagination', async function () {
await checkBadStartPagination(server.url, path, server.accessToken)
})
it('Should fail with a bad count pagination', async function () {
await checkBadCountPagination(server.url, path, server.accessToken)
})
it('Should fail with an incorrect sort', async function () {
await checkBadSortPagination(server.url, path, server.accessToken)
})
})
describe('When blocking a server', function () {
it('Should fail with an unauthenticated user', async function () {
await makePostBodyRequest({
url: server.url,
path,
fields: { host: 'localhost:9002' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should succeed with an unknown server', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { host: 'localhost:9003' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
it('Should fail with our own server', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
2019-04-24 11:54:23 +02:00
fields: { host: 'localhost:' + server.port },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.CONFLICT_409
})
})
it('Should succeed with the correct params', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
2019-04-24 11:54:23 +02:00
fields: { host: 'localhost:' + servers[1].port },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
})
describe('When unblocking a server', function () {
it('Should fail with an unauthenticated user', async function () {
await makeDeleteRequest({
url: server.url,
2019-04-24 11:54:23 +02:00
path: path + '/localhost:' + servers[1].port,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with an unknown server block', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/localhost:9004',
token: server.accessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
})
it('Should succeed with the correct params', async function () {
await makeDeleteRequest({
url: server.url,
2019-04-24 11:54:23 +02:00
path: path + '/localhost:' + servers[1].port,
token: server.accessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
})
})
})
describe('When managing server blocklist', function () {
describe('When managing server accounts blocklist', function () {
const path = '/api/v1/server/blocklist/accounts'
describe('When listing blocked accounts', function () {
it('Should fail with an unauthenticated user', async function () {
await makeGetRequest({
url: server.url,
path,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makeGetRequest({
url: server.url,
token: userAccessToken,
path,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.FORBIDDEN_403
})
})
it('Should fail with a bad start pagination', async function () {
await checkBadStartPagination(server.url, path, server.accessToken)
})
it('Should fail with a bad count pagination', async function () {
await checkBadCountPagination(server.url, path, server.accessToken)
})
it('Should fail with an incorrect sort', async function () {
await checkBadSortPagination(server.url, path, server.accessToken)
})
})
describe('When blocking an account', function () {
it('Should fail with an unauthenticated user', async function () {
await makePostBodyRequest({
url: server.url,
path,
fields: { accountName: 'user1' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makePostBodyRequest({
url: server.url,
token: userAccessToken,
path,
fields: { accountName: 'user1' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.FORBIDDEN_403
})
})
it('Should fail with an unknown account', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { accountName: 'user2' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
})
it('Should fail to block ourselves', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { accountName: 'root' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.CONFLICT_409
})
})
it('Should succeed with the correct params', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { accountName: 'user1' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
})
describe('When unblocking an account', function () {
it('Should fail with an unauthenticated user', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user1',
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user1',
token: userAccessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.FORBIDDEN_403
})
})
it('Should fail with an unknown account block', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user2',
token: server.accessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
})
it('Should succeed with the correct params', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/user1',
token: server.accessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
})
})
describe('When managing server servers blocklist', function () {
const path = '/api/v1/server/blocklist/servers'
describe('When listing blocked servers', function () {
it('Should fail with an unauthenticated user', async function () {
await makeGetRequest({
url: server.url,
path,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makeGetRequest({
url: server.url,
token: userAccessToken,
path,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.FORBIDDEN_403
})
})
it('Should fail with a bad start pagination', async function () {
await checkBadStartPagination(server.url, path, server.accessToken)
})
it('Should fail with a bad count pagination', async function () {
await checkBadCountPagination(server.url, path, server.accessToken)
})
it('Should fail with an incorrect sort', async function () {
await checkBadSortPagination(server.url, path, server.accessToken)
})
})
describe('When blocking a server', function () {
it('Should fail with an unauthenticated user', async function () {
await makePostBodyRequest({
url: server.url,
path,
2019-04-24 11:54:23 +02:00
fields: { host: 'localhost:' + servers[1].port },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makePostBodyRequest({
url: server.url,
token: userAccessToken,
path,
2019-04-24 11:54:23 +02:00
fields: { host: 'localhost:' + servers[1].port },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.FORBIDDEN_403
})
})
it('Should succeed with an unknown server', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
fields: { host: 'localhost:9003' },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
it('Should fail with our own server', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
2019-04-24 11:54:23 +02:00
fields: { host: 'localhost:' + server.port },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.CONFLICT_409
})
})
it('Should succeed with the correct params', async function () {
await makePostBodyRequest({
url: server.url,
token: server.accessToken,
path,
2019-04-24 11:54:23 +02:00
fields: { host: 'localhost:' + servers[1].port },
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
})
describe('When unblocking a server', function () {
it('Should fail with an unauthenticated user', async function () {
await makeDeleteRequest({
url: server.url,
2019-04-24 11:54:23 +02:00
path: path + '/localhost:' + servers[1].port,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with a user without the appropriate rights', async function () {
await makeDeleteRequest({
url: server.url,
2019-04-24 11:54:23 +02:00
path: path + '/localhost:' + servers[1].port,
token: userAccessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.FORBIDDEN_403
})
})
it('Should fail with an unknown server block', async function () {
await makeDeleteRequest({
url: server.url,
path: path + '/localhost:9004',
token: server.accessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NOT_FOUND_404
})
})
it('Should succeed with the correct params', async function () {
await makeDeleteRequest({
url: server.url,
2019-04-24 11:54:23 +02:00
path: path + '/localhost:' + servers[1].port,
token: server.accessToken,
2021-07-16 10:42:24 +02:00
expectedStatus: HttpStatusCode.NO_CONTENT_204
})
})
})
})
})
describe('When getting blocklist status', function () {
const path = '/api/v1/blocklist/status'
it('Should fail with a bad token', async function () {
await makeGetRequest({
url: server.url,
path,
token: 'false',
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
})
it('Should fail with a bad accounts field', async function () {
await makeGetRequest({
url: server.url,
path,
query: {
accounts: 1
},
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
await makeGetRequest({
url: server.url,
path,
query: {
accounts: [ 1 ]
},
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
})
it('Should fail with a bad hosts field', async function () {
await makeGetRequest({
url: server.url,
path,
query: {
hosts: 1
},
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
await makeGetRequest({
url: server.url,
path,
query: {
hosts: [ 1 ]
},
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
})
it('Should succeed with the correct parameters', async function () {
await makeGetRequest({
url: server.url,
path,
query: {},
expectedStatus: HttpStatusCode.OK_200
})
await makeGetRequest({
url: server.url,
path,
query: {
hosts: [ 'example.com' ],
accounts: [ 'john@example.com' ]
},
expectedStatus: HttpStatusCode.OK_200
})
})
})
2019-04-24 11:54:23 +02:00
after(async function () {
await cleanupTests(servers)
})
})