@protontech/drive-sdk 0.9.6 → 0.9.8

package/src/internal/photos/albums.ts

@@ -1,6 +1,12 @@
+import { MemberRole, NodeType, resultOk } from '../../interface';
 import { BatchLoading } from '../batchLoading';
 import { DecryptedNode } from '../nodes';
+import { ALBUM_MEDIA_TYPE } from '../nodes/mediaTypes';
+import { validateNodeName } from '../nodes/validations';
+import { splitNodeUid } from '../uids';
+import { AlbumsCryptoService } from './albumsCrypto';
 import { PhotosAPIService } from './apiService';
+import { DecryptedPhotoNode } from './interface';
 import { PhotosNodesAccess } from './nodes';
 import { PhotoSharesManager } from './shares';
 
@@ -12,10 +18,12 @@ const BATCH_LOADING_SIZE = 10;
 export class Albums {
     constructor(
         private apiService: PhotosAPIService,
+        private cryptoService: AlbumsCryptoService,
         private photoShares: PhotoSharesManager,
         private nodesService: PhotosNodesAccess,
     ) {
         this.apiService = apiService;
+        this.cryptoService = cryptoService;
         this.photoShares = photoShares;
         this.nodesService = nodesService;
     }
@@ -33,6 +41,117 @@ export class Albums {
         yield* batchLoading.loadRest();
     }
 
+    async createAlbum(name: string): Promise<DecryptedPhotoNode> {
+        validateNodeName(name);
+
+        const rootNode = await this.nodesService.getVolumeRootFolder();
+        const parentKeys = await this.nodesService.getNodeKeys(rootNode.uid);
+        if (!parentKeys.hashKey) {
+            throw new Error('Cannot create album: parent folder hash key not available');
+        }
+
+        const signingKeys = await this.nodesService.getNodeSigningKeys({ parentNodeUid: rootNode.uid });
+        const { encryptedCrypto } = await this.cryptoService.createAlbum(
+            { key: parentKeys.key, hashKey: parentKeys.hashKey },
+            signingKeys,
+            name,
+        );
+
+        const nodeUid = await this.apiService.createAlbum(rootNode.uid, {
+            encryptedName: encryptedCrypto.encryptedName,
+            hash: encryptedCrypto.hash,
+            armoredKey: encryptedCrypto.armoredKey,
+            armoredNodePassphrase: encryptedCrypto.armoredNodePassphrase,
+            armoredNodePassphraseSignature: encryptedCrypto.armoredNodePassphraseSignature,
+            signatureEmail: encryptedCrypto.signatureEmail,
+            armoredHashKey: encryptedCrypto.armoredHashKey,
+        });
+
+        await this.nodesService.notifyChildCreated(rootNode.uid);
+
+        return {
+            // Internal metadata
+            hash: encryptedCrypto.hash,
+            encryptedName: encryptedCrypto.encryptedName,
+
+            // Basic node metadata
+            uid: nodeUid,
+            parentUid: rootNode.uid,
+            type: NodeType.Album,
+            mediaType: ALBUM_MEDIA_TYPE,
+            creationTime: new Date(),
+            modificationTime: new Date(),
+
+            // Share node metadata
+            isShared: false,
+            isSharedPublicly: false,
+            directRole: MemberRole.Inherited,
+
+            // Decrypted metadata
+            isStale: false,
+            keyAuthor: resultOk(encryptedCrypto.signatureEmail),
+            nameAuthor: resultOk(encryptedCrypto.signatureEmail),
+            name: resultOk(name),
+            treeEventScopeId: splitNodeUid(nodeUid).volumeId,
+        };
+    }
+
+    async updateAlbum(
+        nodeUid: string,
+        updates: {
+            name?: string;
+            coverPhotoNodeUid?: string;
+        },
+    ): Promise<DecryptedPhotoNode> {
+        if (updates.name) {
+            validateNodeName(updates.name);
+        }
+
+        const node = await this.nodesService.getNode(nodeUid);
+        const newNode = { ...node };
+
+        let nameUpdate:
+            | {
+                  encryptedName: string;
+                  hash: string;
+                  originalHash: string;
+                  nameSignatureEmail: string;
+              }
+            | undefined;
+
+        if (updates.name) {
+            const parentKeys = await this.nodesService.getParentKeys(node);
+            const signingKeys = await this.nodesService.getNodeSigningKeys({ nodeUid, parentNodeUid: node.parentUid });
+
+            const { signatureEmail, armoredNodeName, hash } = await this.cryptoService.renameAlbum(
+                { key: parentKeys.key, hashKey: parentKeys.hashKey },
+                node.encryptedName,
+                signingKeys,
+                updates.name,
+            );
+
+            nameUpdate = {
+                encryptedName: armoredNodeName,
+                hash,
+                originalHash: node.hash || '',
+                nameSignatureEmail: signatureEmail,
+            };
+            newNode.name = resultOk(updates.name);
+            newNode.encryptedName = nameUpdate.encryptedName;
+            newNode.nameAuthor = resultOk(nameUpdate.nameSignatureEmail);
+            newNode.hash = nameUpdate.hash;
+        }
+
+        await this.apiService.updateAlbum(nodeUid, updates.coverPhotoNodeUid, nameUpdate);
+        await this.nodesService.notifyNodeChanged(nodeUid);
+        return newNode;
+    }
+
+    async deleteAlbum(nodeUid: string, options: { force?: boolean } = {}): Promise<void> {
+        await this.apiService.deleteAlbum(nodeUid, options);
+        await this.nodesService.notifyNodeDeleted(nodeUid);
+    }
+
     private async *iterateNodesAndIgnoreMissingOnes(
         nodeUids: string[],
         signal?: AbortSignal,

package/src/internal/photos/albumsCrypto.test.ts

@@ -0,0 +1,181 @@
+import { DriveCrypto, PrivateKey, SessionKey } from '../../crypto';
+import { NodeSigningKeys } from '../nodes/interface';
+import { AlbumsCryptoService } from './albumsCrypto';
+
+describe('AlbumsCryptoService', () => {
+    let driveCrypto: DriveCrypto;
+    let albumsCryptoService: AlbumsCryptoService;
+
+    beforeEach(() => {
+        jest.clearAllMocks();
+
+        // @ts-expect-error No need to implement all methods for mocking
+        driveCrypto = {};
+
+        albumsCryptoService = new AlbumsCryptoService(driveCrypto);
+    });
+
+    describe('createAlbum', () => {
+        let parentKeys: any;
+
+        beforeEach(() => {
+            parentKeys = {
+                key: 'parentKey' as any,
+                hashKey: new Uint8Array([1, 2, 3]),
+            };
+            driveCrypto.generateKey = jest.fn().mockResolvedValue({
+                encrypted: {
+                    armoredKey: 'encryptedNodeKey',
+                    armoredPassphrase: 'encryptedPassphrase',
+                    armoredPassphraseSignature: 'passphraseSignature',
+                },
+                decrypted: {
+                    key: 'nodeKey' as any,
+                    passphrase: 'nodePassphrase',
+                    passphraseSessionKey: 'passphraseSessionKey' as any,
+                },
+            });
+            driveCrypto.encryptNodeName = jest.fn().mockResolvedValue({
+                armoredNodeName: 'encryptedNodeName',
+            });
+            driveCrypto.generateLookupHash = jest.fn().mockResolvedValue('lookupHash');
+            driveCrypto.generateHashKey = jest.fn().mockResolvedValue({
+                armoredHashKey: 'encryptedHashKey',
+                hashKey: new Uint8Array([4, 5, 6]),
+            });
+        });
+
+        it('should encrypt new album with user address key', async () => {
+            const signingKeys: NodeSigningKeys = {
+                type: 'userAddress',
+                email: 'test@example.com',
+                addressId: 'addressId',
+                key: 'addressKey' as any,
+            };
+
+            const result = await albumsCryptoService.createAlbum(parentKeys, signingKeys, 'My Album');
+
+            expect(result).toEqual({
+                encryptedCrypto: {
+                    encryptedName: 'encryptedNodeName',
+                    hash: 'lookupHash',
+                    armoredKey: 'encryptedNodeKey',
+                    armoredNodePassphrase: 'encryptedPassphrase',
+                    armoredNodePassphraseSignature: 'passphraseSignature',
+                    signatureEmail: 'test@example.com',
+                    armoredHashKey: 'encryptedHashKey',
+                },
+                keys: {
+                    passphrase: 'nodePassphrase',
+                    key: 'nodeKey',
+                    passphraseSessionKey: 'passphraseSessionKey',
+                    hashKey: new Uint8Array([4, 5, 6]),
+                },
+            });
+
+            expect(driveCrypto.generateKey).toHaveBeenCalledWith([parentKeys.key], signingKeys.key);
+            expect(driveCrypto.encryptNodeName).toHaveBeenCalledWith(
+                'My Album',
+                undefined,
+                parentKeys.key,
+                signingKeys.key,
+            );
+            expect(driveCrypto.generateLookupHash).toHaveBeenCalledWith('My Album', parentKeys.hashKey);
+            expect(driveCrypto.generateHashKey).toHaveBeenCalledWith('nodeKey');
+        });
+
+        it('should throw error when creating album by anonymous user', async () => {
+            const signingKeys: NodeSigningKeys = {
+                type: 'nodeKey',
+                nodeKey: 'nodeSigningKey' as any,
+                parentNodeKey: 'parentNodeKey' as any,
+            };
+
+            await expect(albumsCryptoService.createAlbum(parentKeys, signingKeys, 'My Album')).rejects.toThrow(
+                'Creating album by anonymous user is not supported',
+            );
+        });
+    });
+
+    describe('renameAlbum', () => {
+        let parentKeys: any;
+        let nodeNameSessionKey: SessionKey;
+
+        beforeEach(() => {
+            parentKeys = {
+                key: 'parentKey' as any,
+                hashKey: new Uint8Array([1, 2, 3]),
+            };
+            nodeNameSessionKey = 'nameSessionKey' as any;
+            driveCrypto.decryptSessionKey = jest.fn().mockResolvedValue(nodeNameSessionKey);
+            driveCrypto.encryptNodeName = jest.fn().mockResolvedValue({
+                armoredNodeName: 'encryptedNewNodeName',
+            });
+            driveCrypto.generateLookupHash = jest.fn().mockResolvedValue('newHash');
+        });
+
+        it('should encrypt new album name with user address key', async () => {
+            const signingKeys: NodeSigningKeys = {
+                type: 'userAddress',
+                email: 'test@example.com',
+                addressId: 'addressId',
+                key: 'addressKey' as any,
+            };
+
+            const result = await albumsCryptoService.renameAlbum(
+                parentKeys,
+                'oldEncryptedName',
+                signingKeys,
+                'Renamed Album',
+            );
+
+            expect(result).toEqual({
+                signatureEmail: 'test@example.com',
+                armoredNodeName: 'encryptedNewNodeName',
+                hash: 'newHash',
+            });
+
+            expect(driveCrypto.decryptSessionKey).toHaveBeenCalledWith('oldEncryptedName', parentKeys.key);
+            expect(driveCrypto.encryptNodeName).toHaveBeenCalledWith(
+                'Renamed Album',
+                nodeNameSessionKey,
+                parentKeys.key,
+                signingKeys.key,
+            );
+            expect(driveCrypto.generateLookupHash).toHaveBeenCalledWith('Renamed Album', parentKeys.hashKey);
+        });
+
+        it('should throw error when renaming album by anonymous user', async () => {
+            const signingKeys: NodeSigningKeys = {
+                type: 'nodeKey',
+                nodeKey: 'nodeSigningKey' as any,
+                parentNodeKey: 'parentNodeKey' as any,
+            };
+
+            await expect(
+                albumsCryptoService.renameAlbum(parentKeys, 'oldEncryptedName', signingKeys, 'Renamed Album'),
+            ).rejects.toThrow('Renaming album by anonymous user is not supported');
+        });
+
+        it('should throw error when parent hash key is not available', async () => {
+            const parentKeysWithoutHashKey = {
+                key: 'parentKey' as any,
+            };
+            const signingKeys: NodeSigningKeys = {
+                type: 'userAddress',
+                email: 'test@example.com',
+                addressId: 'addressId',
+                key: 'addressKey' as any,
+            };
+
+            await expect(
+                albumsCryptoService.renameAlbum(
+                    parentKeysWithoutHashKey,
+                    'oldEncryptedName',
+                    signingKeys,
+                    'Renamed Album',
+                ),
+            ).rejects.toThrow('Cannot rename album: parent folder hash key not available');
+        });
+    });
+});

package/src/internal/photos/albumsCrypto.ts

@@ -0,0 +1,100 @@
+import { DriveCrypto, PrivateKey } from '../../crypto';
+import { DecryptedNodeKeys, NodeSigningKeys } from '../nodes/interface';
+
+/**
+ * Provides crypto operations for albums.
+ *
+ * Albums are special folders in the photos volume. This service reuses
+ * the drive crypto module for key and name encryption operations.
+ */
+export class AlbumsCryptoService {
+    constructor(private driveCrypto: DriveCrypto) {
+        this.driveCrypto = driveCrypto;
+    }
+
+    async createAlbum(
+        parentKeys: { key: PrivateKey; hashKey: Uint8Array },
+        signingKeys: NodeSigningKeys,
+        name: string,
+    ): Promise<{
+        encryptedCrypto: {
+            encryptedName: string;
+            hash: string;
+            armoredKey: string;
+            armoredNodePassphrase: string;
+            armoredNodePassphraseSignature: string;
+            signatureEmail: string;
+            armoredHashKey: string;
+        };
+        keys: DecryptedNodeKeys;
+    }> {
+        if (signingKeys.type !== 'userAddress') {
+            throw new Error('Creating album by anonymous user is not supported');
+        }
+        const email = signingKeys.email;
+        const nameAndPassphraseSigningKey = signingKeys.key;
+
+        const [nodeKeys, { armoredNodeName }, hash] = await Promise.all([
+            this.driveCrypto.generateKey([parentKeys.key], nameAndPassphraseSigningKey),
+            this.driveCrypto.encryptNodeName(name, undefined, parentKeys.key, nameAndPassphraseSigningKey),
+            this.driveCrypto.generateLookupHash(name, parentKeys.hashKey),
+        ]);
+
+        const { armoredHashKey, hashKey } = await this.driveCrypto.generateHashKey(nodeKeys.decrypted.key);
+
+        return {
+            encryptedCrypto: {
+                encryptedName: armoredNodeName,
+                hash,
+                armoredKey: nodeKeys.encrypted.armoredKey,
+                armoredNodePassphrase: nodeKeys.encrypted.armoredPassphrase,
+                armoredNodePassphraseSignature: nodeKeys.encrypted.armoredPassphraseSignature,
+                signatureEmail: email,
+                armoredHashKey,
+            },
+            keys: {
+                passphrase: nodeKeys.decrypted.passphrase,
+                key: nodeKeys.decrypted.key,
+                passphraseSessionKey: nodeKeys.decrypted.passphraseSessionKey,
+                hashKey,
+            },
+        };
+    }
+
+    async renameAlbum(
+        parentKeys: { key: PrivateKey; hashKey?: Uint8Array },
+        encryptedName: string,
+        signingKeys: NodeSigningKeys,
+        newName: string,
+    ): Promise<{
+        signatureEmail: string;
+        armoredNodeName: string;
+        hash: string;
+    }> {
+        if (!parentKeys.hashKey) {
+            throw new Error('Cannot rename album: parent folder hash key not available');
+        }
+        if (signingKeys.type !== 'userAddress') {
+            throw new Error('Renaming album by anonymous user is not supported');
+        }
+        const email = signingKeys.email;
+        const nameSigningKey = signingKeys.key;
+
+        const nodeNameSessionKey = await this.driveCrypto.decryptSessionKey(encryptedName, parentKeys.key);
+
+        const { armoredNodeName } = await this.driveCrypto.encryptNodeName(
+            newName,
+            nodeNameSessionKey,
+            parentKeys.key,
+            nameSigningKey,
+        );
+
+        const hash = await this.driveCrypto.generateLookupHash(newName, parentKeys.hashKey);
+
+        return {
+            signatureEmail: email,
+            armoredNodeName,
+            hash,
+        };
+    }
+}

package/src/internal/photos/apiService.ts

@@ -1,6 +1,9 @@
-import { DriveAPIService, drivePaths } from '../apiService';
+import { c } from 'ttag';
+
+import { ValidationError } from '../../errors';
+import { APICodeError, DriveAPIService, drivePaths } from '../apiService';
 import { EncryptedRootShare, EncryptedShareCrypto, ShareType } from '../shares/interface';
-import { makeNodeUid } from '../uids';
+import { makeNodeUid, splitNodeUid } from '../uids';
 
 type GetPhotoShareResponse =
     drivePaths['/drive/v2/shares/photos']['get']['responses']['200']['content']['application/json'];
@@ -18,6 +21,18 @@ type GetTimelineResponse =
 type GetAlbumsResponse =
     drivePaths['/drive/photos/volumes/{volumeID}/albums']['get']['responses']['200']['content']['application/json'];
 
+type PostCreateAlbumRequest = Extract<
+    drivePaths['/drive/photos/volumes/{volumeID}/albums']['post']['requestBody'],
+    { content: object }
+>['content']['application/json'];
+type PostCreateAlbumResponse =
+    drivePaths['/drive/photos/volumes/{volumeID}/albums']['post']['responses']['200']['content']['application/json'];
+
+type PutUpdateAlbumRequest = Extract<
+    drivePaths['/drive/photos/volumes/{volumeID}/albums/{linkID}']['put']['requestBody'],
+    { content: object }
+>['content']['application/json'];
+
 type PostPhotoDuplicateRequest = Extract<
     drivePaths['/drive/volumes/{volumeID}/photos/duplicates']['post']['requestBody'],
     { content: object }
@@ -25,6 +40,8 @@ type PostPhotoDuplicateRequest = Extract<
 type PostPhotoDuplicateResponse =
     drivePaths['/drive/volumes/{volumeID}/photos/duplicates']['post']['responses']['200']['content']['application/json'];
 
+const ALBUM_CONTAINS_PHOTOS_NOT_IN_TIMELINE_ERROR_CODE = 200302;
+
 /**
  * Provides API communication for fetching and manipulating photos and albums
  * metadata.
@@ -188,4 +205,79 @@ export class PhotosAPIService {
             };
         }).filter((duplicate) => duplicate !== undefined);
     }
+
+    async createAlbum(
+        parentNodeUid: string,
+        album: {
+            encryptedName: string;
+            hash: string;
+            armoredKey: string;
+            armoredNodePassphrase: string;
+            armoredNodePassphraseSignature: string;
+            signatureEmail: string;
+            armoredHashKey: string;
+        },
+    ): Promise<string> {
+        const { volumeId } = splitNodeUid(parentNodeUid);
+        const response = await this.apiService.post<PostCreateAlbumRequest, PostCreateAlbumResponse>(
+            `drive/photos/volumes/${volumeId}/albums`,
+            {
+                Locked: false,
+                Link: {
+                    Name: album.encryptedName,
+                    Hash: album.hash,
+                    NodeKey: album.armoredKey,
+                    NodePassphrase: album.armoredNodePassphrase,
+                    NodePassphraseSignature: album.armoredNodePassphraseSignature,
+                    SignatureEmail: album.signatureEmail,
+                    NodeHashKey: album.armoredHashKey,
+                    XAttr: null,
+                },
+            },
+        );
+
+        return makeNodeUid(volumeId, response.Album.Link.LinkID);
+    }
+
+    async updateAlbum(
+        albumNodeUid: string,
+        coverPhotoNodeUid?: string,
+        updatedName?: {
+            encryptedName: string;
+            hash: string;
+            originalHash: string;
+            nameSignatureEmail: string;
+        },
+    ): Promise<void> {
+        const { volumeId, nodeId: linkId } = splitNodeUid(albumNodeUid);
+        const coverLinkId = coverPhotoNodeUid ? splitNodeUid(coverPhotoNodeUid).nodeId : undefined;
+        await this.apiService.put<PutUpdateAlbumRequest, void>(
+            `drive/photos/volumes/${volumeId}/albums/${linkId}`,
+            {
+                CoverLinkID: coverLinkId,
+                Link: updatedName
+                    ? {
+                          Name: updatedName.encryptedName,
+                          Hash: updatedName.hash,
+                          OriginalHash: updatedName.originalHash,
+                          NameSignatureEmail: updatedName.nameSignatureEmail,
+                      }
+                    : null,
+            },
+        );
+    }
+
+    async deleteAlbum(albumNodeUid: string, options: { force?: boolean } = {}): Promise<void> {
+        const { volumeId, nodeId: linkId } = splitNodeUid(albumNodeUid);
+        try {
+            await this.apiService.delete(
+                `drive/photos/volumes/${volumeId}/albums/${linkId}?DeleteAlbumPhotos=${options.force ? 1 : 0}`,
+            );
+        } catch (error) {
+            if (error instanceof APICodeError && error.code === ALBUM_CONTAINS_PHOTOS_NOT_IN_TIMELINE_ERROR_CODE) {
+                throw new ValidationError(c('Error').t`Album contains photos not in timeline`);
+            }
+            throw error;
+        }
+    }
 }

package/src/internal/photos/index.ts

@@ -1,4 +1,3 @@
-import { DriveAPIService } from '../apiService';
 import { DriveCrypto } from '../../crypto';
 import {
     ProtonDriveAccount,
@@ -6,9 +5,12 @@ import {
     ProtonDriveEntitiesCache,
     ProtonDriveTelemetry,
 } from '../../interface';
+import { DriveAPIService } from '../apiService';
 import { NodesCryptoService } from '../nodes/cryptoService';
 import { NodesCryptoReporter } from '../nodes/cryptoReporter';
 import { NodesCryptoCache } from '../nodes/cryptoCache';
+import { NodesEventsHandler } from '../nodes/events';
+import { NodesRevisons } from '../nodes/nodesRevisions';
 import { ShareTargetType } from '../shares';
 import { SharesCache } from '../shares/cache';
 import { SharesCryptoCache } from '../shares/cryptoCache';
@@ -17,6 +19,7 @@ import { NodesService as UploadNodesService } from '../upload/interface';
 import { UploadTelemetry } from '../upload/telemetry';
 import { UploadQueue } from '../upload/queue';
 import { Albums } from './albums';
+import { AlbumsCryptoService } from './albumsCrypto';
 import { PhotosAPIService } from './apiService';
 import { SharesService } from './interface';
 import { PhotosNodesAPIService, PhotosNodesAccess, PhotosNodesCache, PhotosNodesManagement } from './nodes';
@@ -29,8 +32,6 @@ import {
     PhotoUploadManager,
     PhotoUploadMetadata,
 } from './upload';
-import { NodesRevisons } from '../nodes/nodesRevisions';
-import { NodesEventsHandler } from '../nodes/events';
 
 export type { DecryptedPhotoNode } from './interface';
 
@@ -51,6 +52,7 @@ export function initPhotosModule(
     nodesService: PhotosNodesAccess,
 ) {
     const api = new PhotosAPIService(apiService);
+    const albumsCryptoService = new AlbumsCryptoService(driveCrypto);
     const timeline = new PhotosTimeline(
         telemetry.getLogger('photos-timeline'),
         api,
@@ -58,7 +60,7 @@ export function initPhotosModule(
         photoShares,
         nodesService,
     );
-    const albums = new Albums(api, photoShares, nodesService);
+    const albums = new Albums(api, albumsCryptoService, photoShares, nodesService);
 
     return {
         timeline,

package/src/internal/photos/upload.ts

@@ -109,13 +109,14 @@ export class PhotoStreamUploader extends StreamUploader {
     }
 
     async commitFile(thumbnails: Thumbnail[]) {
-        this.verifyIntegrity(thumbnails);
+        const digests = this.digests.digests();
+        this.verifyIntegrity(thumbnails, digests);
 
         const extendedAttributes = {
             modificationTime: this.metadata.modificationTime,
             size: this.metadata.expectedSize,
             blockSizes: this.uploadedBlockSizes,
-            digests: this.digests.digests(),
+            digests,
         };
 
         await this.photoUploadManager.commitDraftPhoto(this.revisionDraft, this.manifest, extendedAttributes, this.photoMetadata);

package/src/internal/upload/streamUploader.test.ts

@@ -564,6 +564,44 @@ describe('StreamUploader', () => {
 
                 await verifyFailure('Some file bytes failed to upload', 10 * 1024 * 1024 + 1024);
             });
+
+            it('should succeed with matching expectedSha1', async () => {
+                metadata.expectedSha1 = '8c206a1a87599f532ce68675536f0b1546900d7a';
+
+                uploader = new StreamUploader(
+                    telemetry,
+                    apiService,
+                    cryptoService,
+                    uploadManager,
+                    blockVerifier,
+                    revisionDraft,
+                    metadata,
+                    onFinish,
+                    controller,
+                    abortController,
+                );
+
+                await verifySuccess();
+            });
+
+            it('should throw an error if SHA1 does not match', async () => {
+                metadata.expectedSha1 = 'wrong_sha1_hash_that_will_not_match';
+
+                uploader = new StreamUploader(
+                    telemetry,
+                    apiService,
+                    cryptoService,
+                    uploadManager,
+                    blockVerifier,
+                    revisionDraft,
+                    metadata,
+                    onFinish,
+                    controller,
+                    abortController,
+                );
+
+                await verifyFailure('File hash does not match expected hash', 10 * 1024 * 1024 + 1024);
+            });
         });
     });