mirror of https://github.com/Chocobozzz/PeerTube
				
				
				
			
		
			
				
	
	
		
			558 lines
		
	
	
		
			17 KiB
		
	
	
	
		
			TypeScript
		
	
	
			
		
		
	
	
			558 lines
		
	
	
		
			17 KiB
		
	
	
	
		
			TypeScript
		
	
	
| /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
 | |
| 
 | |
| import 'mocha'
 | |
| import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
 | |
| import { HttpStatusCode } from '@shared/models'
 | |
| import {
 | |
|   cleanupTests,
 | |
|   createMultipleServers,
 | |
|   doubleFollow,
 | |
|   makeDeleteRequest,
 | |
|   makeGetRequest,
 | |
|   makePostBodyRequest,
 | |
|   PeerTubeServer,
 | |
|   setAccessTokensToServers
 | |
| } from '@shared/server-commands'
 | |
| 
 | |
| describe('Test blocklist API validators', function () {
 | |
|   let servers: PeerTubeServer[]
 | |
|   let server: PeerTubeServer
 | |
|   let userAccessToken: string
 | |
| 
 | |
|   before(async function () {
 | |
|     this.timeout(60000)
 | |
| 
 | |
|     servers = await createMultipleServers(2)
 | |
|     await setAccessTokensToServers(servers)
 | |
| 
 | |
|     server = servers[0]
 | |
| 
 | |
|     const user = { username: 'user1', password: 'password' }
 | |
|     await server.users.create({ username: user.username, password: user.password })
 | |
| 
 | |
|     userAccessToken = await server.login.getAccessToken(user)
 | |
| 
 | |
|     await doubleFollow(servers[0], servers[1])
 | |
|   })
 | |
| 
 | |
|   // ---------------------------------------------------------------
 | |
| 
 | |
|   describe('When managing user blocklist', function () {
 | |
| 
 | |
|     describe('When managing user accounts blocklist', function () {
 | |
|       const path = '/api/v1/users/me/blocklist/accounts'
 | |
| 
 | |
|       describe('When listing blocked accounts', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makeGetRequest({
 | |
|             url: server.url,
 | |
|             path,
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a bad start pagination', async function () {
 | |
|           await checkBadStartPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a bad count pagination', async function () {
 | |
|           await checkBadCountPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an incorrect sort', async function () {
 | |
|           await checkBadSortPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
|       })
 | |
| 
 | |
|       describe('When blocking an account', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             path,
 | |
|             fields: { accountName: 'user1' },
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an unknown account', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { accountName: 'user2' },
 | |
|             expectedStatus: HttpStatusCode.NOT_FOUND_404
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail to block ourselves', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { accountName: 'root' },
 | |
|             expectedStatus: HttpStatusCode.CONFLICT_409
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with the correct params', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { accountName: 'user1' },
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
|       })
 | |
| 
 | |
|       describe('When unblocking an account', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/user1',
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an unknown account block', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/user2',
 | |
|             token: server.accessToken,
 | |
|             expectedStatus: HttpStatusCode.NOT_FOUND_404
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with the correct params', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/user1',
 | |
|             token: server.accessToken,
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
|       })
 | |
|     })
 | |
| 
 | |
|     describe('When managing user servers blocklist', function () {
 | |
|       const path = '/api/v1/users/me/blocklist/servers'
 | |
| 
 | |
|       describe('When listing blocked servers', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makeGetRequest({
 | |
|             url: server.url,
 | |
|             path,
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a bad start pagination', async function () {
 | |
|           await checkBadStartPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a bad count pagination', async function () {
 | |
|           await checkBadCountPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an incorrect sort', async function () {
 | |
|           await checkBadSortPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
|       })
 | |
| 
 | |
|       describe('When blocking a server', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             path,
 | |
|             fields: { host: 'localhost:9002' },
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with an unknown server', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { host: 'localhost:9003' },
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with our own server', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { host: 'localhost:' + server.port },
 | |
|             expectedStatus: HttpStatusCode.CONFLICT_409
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with the correct params', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { host: 'localhost:' + servers[1].port },
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
|       })
 | |
| 
 | |
|       describe('When unblocking a server', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/localhost:' + servers[1].port,
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an unknown server block', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/localhost:9004',
 | |
|             token: server.accessToken,
 | |
|             expectedStatus: HttpStatusCode.NOT_FOUND_404
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with the correct params', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/localhost:' + servers[1].port,
 | |
|             token: server.accessToken,
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
|       })
 | |
|     })
 | |
|   })
 | |
| 
 | |
|   describe('When managing server blocklist', function () {
 | |
| 
 | |
|     describe('When managing server accounts blocklist', function () {
 | |
|       const path = '/api/v1/server/blocklist/accounts'
 | |
| 
 | |
|       describe('When listing blocked accounts', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makeGetRequest({
 | |
|             url: server.url,
 | |
|             path,
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a user without the appropriate rights', async function () {
 | |
|           await makeGetRequest({
 | |
|             url: server.url,
 | |
|             token: userAccessToken,
 | |
|             path,
 | |
|             expectedStatus: HttpStatusCode.FORBIDDEN_403
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a bad start pagination', async function () {
 | |
|           await checkBadStartPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a bad count pagination', async function () {
 | |
|           await checkBadCountPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an incorrect sort', async function () {
 | |
|           await checkBadSortPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
|       })
 | |
| 
 | |
|       describe('When blocking an account', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             path,
 | |
|             fields: { accountName: 'user1' },
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a user without the appropriate rights', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: userAccessToken,
 | |
|             path,
 | |
|             fields: { accountName: 'user1' },
 | |
|             expectedStatus: HttpStatusCode.FORBIDDEN_403
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an unknown account', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { accountName: 'user2' },
 | |
|             expectedStatus: HttpStatusCode.NOT_FOUND_404
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail to block ourselves', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { accountName: 'root' },
 | |
|             expectedStatus: HttpStatusCode.CONFLICT_409
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with the correct params', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { accountName: 'user1' },
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
|       })
 | |
| 
 | |
|       describe('When unblocking an account', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/user1',
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a user without the appropriate rights', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/user1',
 | |
|             token: userAccessToken,
 | |
|             expectedStatus: HttpStatusCode.FORBIDDEN_403
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an unknown account block', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/user2',
 | |
|             token: server.accessToken,
 | |
|             expectedStatus: HttpStatusCode.NOT_FOUND_404
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with the correct params', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/user1',
 | |
|             token: server.accessToken,
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
|       })
 | |
|     })
 | |
| 
 | |
|     describe('When managing server servers blocklist', function () {
 | |
|       const path = '/api/v1/server/blocklist/servers'
 | |
| 
 | |
|       describe('When listing blocked servers', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makeGetRequest({
 | |
|             url: server.url,
 | |
|             path,
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a user without the appropriate rights', async function () {
 | |
|           await makeGetRequest({
 | |
|             url: server.url,
 | |
|             token: userAccessToken,
 | |
|             path,
 | |
|             expectedStatus: HttpStatusCode.FORBIDDEN_403
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a bad start pagination', async function () {
 | |
|           await checkBadStartPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a bad count pagination', async function () {
 | |
|           await checkBadCountPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an incorrect sort', async function () {
 | |
|           await checkBadSortPagination(server.url, path, server.accessToken)
 | |
|         })
 | |
|       })
 | |
| 
 | |
|       describe('When blocking a server', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             path,
 | |
|             fields: { host: 'localhost:' + servers[1].port },
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a user without the appropriate rights', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: userAccessToken,
 | |
|             path,
 | |
|             fields: { host: 'localhost:' + servers[1].port },
 | |
|             expectedStatus: HttpStatusCode.FORBIDDEN_403
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with an unknown server', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { host: 'localhost:9003' },
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with our own server', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { host: 'localhost:' + server.port },
 | |
|             expectedStatus: HttpStatusCode.CONFLICT_409
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with the correct params', async function () {
 | |
|           await makePostBodyRequest({
 | |
|             url: server.url,
 | |
|             token: server.accessToken,
 | |
|             path,
 | |
|             fields: { host: 'localhost:' + servers[1].port },
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
|       })
 | |
| 
 | |
|       describe('When unblocking a server', function () {
 | |
|         it('Should fail with an unauthenticated user', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/localhost:' + servers[1].port,
 | |
|             expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with a user without the appropriate rights', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/localhost:' + servers[1].port,
 | |
|             token: userAccessToken,
 | |
|             expectedStatus: HttpStatusCode.FORBIDDEN_403
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should fail with an unknown server block', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/localhost:9004',
 | |
|             token: server.accessToken,
 | |
|             expectedStatus: HttpStatusCode.NOT_FOUND_404
 | |
|           })
 | |
|         })
 | |
| 
 | |
|         it('Should succeed with the correct params', async function () {
 | |
|           await makeDeleteRequest({
 | |
|             url: server.url,
 | |
|             path: path + '/localhost:' + servers[1].port,
 | |
|             token: server.accessToken,
 | |
|             expectedStatus: HttpStatusCode.NO_CONTENT_204
 | |
|           })
 | |
|         })
 | |
|       })
 | |
|     })
 | |
|   })
 | |
| 
 | |
|   describe('When getting blocklist status', function () {
 | |
|     const path = '/api/v1/blocklist/status'
 | |
| 
 | |
|     it('Should fail with a bad token', async function () {
 | |
|       await makeGetRequest({
 | |
|         url: server.url,
 | |
|         path,
 | |
|         token: 'false',
 | |
|         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 | |
|       })
 | |
|     })
 | |
| 
 | |
|     it('Should fail with a bad accounts field', async function () {
 | |
|       await makeGetRequest({
 | |
|         url: server.url,
 | |
|         path,
 | |
|         query: {
 | |
|           accounts: 1
 | |
|         },
 | |
|         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 | |
|       })
 | |
| 
 | |
|       await makeGetRequest({
 | |
|         url: server.url,
 | |
|         path,
 | |
|         query: {
 | |
|           accounts: [ 1 ]
 | |
|         },
 | |
|         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 | |
|       })
 | |
|     })
 | |
| 
 | |
|     it('Should fail with a bad hosts field', async function () {
 | |
|       await makeGetRequest({
 | |
|         url: server.url,
 | |
|         path,
 | |
|         query: {
 | |
|           hosts: 1
 | |
|         },
 | |
|         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 | |
|       })
 | |
| 
 | |
|       await makeGetRequest({
 | |
|         url: server.url,
 | |
|         path,
 | |
|         query: {
 | |
|           hosts: [ 1 ]
 | |
|         },
 | |
|         expectedStatus: HttpStatusCode.BAD_REQUEST_400
 | |
|       })
 | |
|     })
 | |
| 
 | |
|     it('Should succeed with the correct parameters', async function () {
 | |
|       await makeGetRequest({
 | |
|         url: server.url,
 | |
|         path,
 | |
|         query: {},
 | |
|         expectedStatus: HttpStatusCode.OK_200
 | |
|       })
 | |
| 
 | |
|       await makeGetRequest({
 | |
|         url: server.url,
 | |
|         path,
 | |
|         query: {
 | |
|           hosts: [ 'example.com' ],
 | |
|           accounts: [ 'john@example.com' ]
 | |
|         },
 | |
|         expectedStatus: HttpStatusCode.OK_200
 | |
|       })
 | |
|     })
 | |
|   })
 | |
| 
 | |
|   after(async function () {
 | |
|     await cleanupTests(servers)
 | |
|   })
 | |
| })
 |