[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / video-comments.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import * as chai from 'chai'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
import {
  cleanupTests,
  createSingleServer,
  makeDeleteRequest,
  makeGetRequest,
  makePostBodyRequest,
  PeerTubeServer,
  setAccessTokensToServers
} from '@shared/server-commands'

const expect = chai.expect

describe('Test video comments API validator', function () {
  let pathThread: string
  let pathComment: string

  let server: PeerTubeServer

  let video: VideoCreateResult

  let userAccessToken: string
  let userAccessToken2: string

  let commentId: number
  let privateCommentId: number
  let privateVideo: VideoCreateResult

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(30000)

    server = await createSingleServer(1)

    await setAccessTokensToServers([ server ])

    {
      video = await server.videos.upload({ attributes: {} })
      pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
    }

    {
      privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
    }

    {
      const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
      commentId = created.id
      pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
    }

    {
      const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
      privateCommentId = created.id
    }

    {
      const user = { username: 'user1', password: 'my super password' }
      await server.users.create({ username: user.username, password: user.password })
      userAccessToken = await server.login.getAccessToken(user)
    }

    {
      const user = { username: 'user2', password: 'my super password' }
      await server.users.create({ username: user.username, password: user.password })
      userAccessToken2 = await server.login.getAccessToken(user)
    }
  })

  describe('When listing video comment threads', function () {
    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(server.url, pathThread, server.accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(server.url, pathThread, server.accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(server.url, pathThread, server.accessToken)
    })

    it('Should fail with an incorrect video', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video without token', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with another user token', async function () {
      await makeGetRequest({
        url: server.url,
        token: userAccessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
        token: server.accessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When listing comments of a thread', function () {
    it('Should fail with an incorrect video', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with an incorrect thread id', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video without token', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with another user token', async function () {
      await makeGetRequest({
        url: server.url,
        token: userAccessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should success with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
        token: server.accessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
        expectedStatus: HttpStatusCode.OK_200
      })

      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When adding a video thread', function () {

    it('Should fail with a non authenticated user', async function () {
      const fields = {
        text: 'text'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathThread,
        token: 'none',
        fields,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with nothing', async function () {
      const fields = {}
      await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
    })

    it('Should fail with a short comment', async function () {
      const fields = {
        text: ''
      }
      await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
    })

    it('Should fail with a long comment', async function () {
      const fields = {
        text: 'h'.repeat(10001)
      }
      await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect video', async function () {
      const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video of another user', async function () {
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        token: userAccessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the correct parameters', async function () {
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path: pathThread,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When adding a comment to a thread', function () {

    it('Should fail with a non authenticated user', async function () {
      const fields = {
        text: 'text'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathComment,
        token: 'none',
        fields,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with nothing', async function () {
      const fields = {}
      await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
    })

    it('Should fail with a short comment', async function () {
      const fields = {
        text: ''
      }
      await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
    })

    it('Should fail with a long comment', async function () {
      const fields = {
        text: 'h'.repeat(10001)
      }
      await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect video', async function () {
      const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video of another user', async function () {
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId,
        token: userAccessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an incorrect comment', async function () {
      const path = '/api/v1/videos/' + video.uuid + '/comments/124'
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should succeed with the correct parameters', async function () {
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathComment,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When removing video comments', function () {
    it('Should fail with a non authenticated user', async function () {
      await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with another user', async function () {
      await makeDeleteRequest({
        url: server.url,
        path: pathComment,
        token: userAccessToken,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an incorrect video', async function () {
      const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
      await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should fail with an incorrect comment', async function () {
      const path = '/api/v1/videos/' + video.uuid + '/comments/124'
      await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should succeed with the same user', async function () {
      let commentToDelete: number

      {
        const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
        commentToDelete = created.id
      }

      const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete

      await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
      await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })

    it('Should succeed with the owner of the video', async function () {
      let commentToDelete: number
      let anotherVideoUUID: string

      {
        const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
        anotherVideoUUID = uuid
      }

      {
        const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
        commentToDelete = created.id
      }

      const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete

      await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
      await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })

    it('Should succeed with the correct parameters', async function () {
      await makeDeleteRequest({
        url: server.url,
        path: pathComment,
        token: server.accessToken,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When a video has comments disabled', function () {
    before(async function () {
      video = await server.videos.upload({ attributes: { commentsEnabled: false } })
      pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
    })

    it('Should return an empty thread list', async function () {
      const res = await makeGetRequest({
        url: server.url,
        path: pathThread,
        expectedStatus: HttpStatusCode.OK_200
      })
      expect(res.body.total).to.equal(0)
      expect(res.body.data).to.have.lengthOf(0)
    })

    it('Should return an thread comments list')

    it('Should return conflict on thread add', async function () {
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathThread,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should return conflict on comment thread add')
  })

  describe('When listing admin comments threads', function () {
    const path = '/api/v1/videos/comments'

    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(server.url, path, server.accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(server.url, path, server.accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(server.url, path, server.accessToken)
    })

    it('Should fail with a non authenticated user', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with a non admin user', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        token: userAccessToken,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        token: server.accessToken,
        query: {
          isLocal: false,
          search: 'toto',
          searchAccount: 'toto',
          searchVideo: 'toto'
        },
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  after(async function () {
    await cleanupTests([ server ])
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
e2e22e40 C	2
e2e22e40 C	3	import 'mocha'
d4a8e7a6	4	import * as chai from 'chai'
c55e3d72	5	import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
33181473	6	import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
11ba2ab3	7	import {
7c3b7976	8	cleanupTests,
254d3579	9	createSingleServer,
42e1ec25 C	10	makeDeleteRequest,
	11	makeGetRequest,
	12	makePostBodyRequest,
254d3579	13	PeerTubeServer,
d23dd9fb	14	setAccessTokensToServers
bf54587a	15	} from '@shared/server-commands'
e2e22e40	16
47564bbe C	17	const expect = chai.expect
47564bbe C	18
e2e22e40 C	19	describe('Test video comments API validator', function () {
	20	let pathThread: string
	21	let pathComment: string
6ea9295b	22
254d3579	23	let server: PeerTubeServer
6ea9295b	24
d4a8e7a6	25	let video: VideoCreateResult
6ea9295b	26
4cb6d457	27	let userAccessToken: string
fde37dc9	28	let userAccessToken2: string
6ea9295b	29
e2e22e40	30	let commentId: number
84c8d986 C	31	let privateCommentId: number
84c8d986 C	32	let privateVideo: VideoCreateResult
e2e22e40 C	33
	34	// ---------------------------------------------------------------
	35
	36	before(async function () {
e212f887	37	this.timeout(30000)
e2e22e40	38
254d3579	39	server = await createSingleServer(1)
e2e22e40 C	40
	41	await setAccessTokensToServers([ server ])
	42
e2e22e40	43	{
08642a76	44	video = await server.videos.upload({ attributes: {} })
d4a8e7a6	45	pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
e2e22e40 C	46	}
e2e22e40 C	47
84c8d986 C	48	{
	49	privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
	50	}
	51
e2e22e40	52	{
89d241a7	53	const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
12edc149	54	commentId = created.id
d4a8e7a6	55	pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
e2e22e40	56	}
4cb6d457	57
84c8d986 C	58	{
	59	const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
	60	privateCommentId = created.id
	61	}
	62
4cb6d457	63	{
fde37dc9	64	const user = { username: 'user1', password: 'my super password' }
89d241a7 C	65	await server.users.create({ username: user.username, password: user.password })
89d241a7 C	66	userAccessToken = await server.login.getAccessToken(user)
4cb6d457	67	}
fde37dc9 C	68
	69	{
	70	const user = { username: 'user2', password: 'my super password' }
89d241a7 C	71	await server.users.create({ username: user.username, password: user.password })
89d241a7 C	72	userAccessToken2 = await server.login.getAccessToken(user)
fde37dc9	73	}
e2e22e40 C	74	})
	75
	76	describe('When listing video comment threads', function () {
	77	it('Should fail with a bad start pagination', async function () {
11ba2ab3	78	await checkBadStartPagination(server.url, pathThread, server.accessToken)
e2e22e40 C	79	})
	80
	81	it('Should fail with a bad count pagination', async function () {
11ba2ab3	82	await checkBadCountPagination(server.url, pathThread, server.accessToken)
e2e22e40 C	83	})
	84
	85	it('Should fail with an incorrect sort', async function () {
11ba2ab3	86	await checkBadSortPagination(server.url, pathThread, server.accessToken)
e2e22e40 C	87	})
	88
	89	it('Should fail with an incorrect video', async function () {
11ba2ab3 C	90	await makeGetRequest({
	91	url: server.url,
	92	path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
c0e8b12e	93	expectedStatus: HttpStatusCode.NOT_FOUND_404
11ba2ab3	94	})
e2e22e40	95	})
84c8d986 C	96
	97	it('Should fail with a private video without token', async function () {
	98	await makeGetRequest({
	99	url: server.url,
	100	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	101	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	102	})
	103	})
	104
	105	it('Should fail with another user token', async function () {
	106	await makeGetRequest({
	107	url: server.url,
	108	token: userAccessToken,
	109	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	110	expectedStatus: HttpStatusCode.FORBIDDEN_403
	111	})
	112	})
	113
	114	it('Should succeed with the correct params', async function () {
	115	await makeGetRequest({
	116	url: server.url,
	117	token: server.accessToken,
	118	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	119	expectedStatus: HttpStatusCode.OK_200
	120	})
	121	})
e2e22e40 C	122	})
	123
	124	describe('When listing comments of a thread', function () {
	125	it('Should fail with an incorrect video', async function () {
11ba2ab3 C	126	await makeGetRequest({
	127	url: server.url,
	128	path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
c0e8b12e	129	expectedStatus: HttpStatusCode.NOT_FOUND_404
11ba2ab3	130	})
e2e22e40 C	131	})
	132
	133	it('Should fail with an incorrect thread id', async function () {
11ba2ab3 C	134	await makeGetRequest({
11ba2ab3 C	135	url: server.url,
d4a8e7a6	136	path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
c0e8b12e	137	expectedStatus: HttpStatusCode.NOT_FOUND_404
11ba2ab3	138	})
e2e22e40 C	139	})
e2e22e40 C	140
84c8d986 C	141	it('Should fail with a private video without token', async function () {
	142	await makeGetRequest({
	143	url: server.url,
	144	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
	145	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	146	})
	147	})
	148
	149	it('Should fail with another user token', async function () {
	150	await makeGetRequest({
	151	url: server.url,
	152	token: userAccessToken,
	153	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
	154	expectedStatus: HttpStatusCode.FORBIDDEN_403
	155	})
	156	})
	157
e2e22e40	158	it('Should success with the correct params', async function () {
84c8d986 C	159	await makeGetRequest({
	160	url: server.url,
	161	token: server.accessToken,
	162	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
	163	expectedStatus: HttpStatusCode.OK_200
	164	})
	165
11ba2ab3 C	166	await makeGetRequest({
11ba2ab3 C	167	url: server.url,
d4a8e7a6	168	path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
c0e8b12e	169	expectedStatus: HttpStatusCode.OK_200
11ba2ab3	170	})
e2e22e40 C	171	})
	172	})
	173
	174	describe('When adding a video thread', function () {
	175
	176	it('Should fail with a non authenticated user', async function () {
	177	const fields = {
	178	text: 'text'
	179	}
2d53be02 RK	180	await makePostBodyRequest({
	181	url: server.url,
	182	path: pathThread,
	183	token: 'none',
	184	fields,
c0e8b12e	185	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02	186	})
e2e22e40 C	187	})
	188
	189	it('Should fail with nothing', async function () {
	190	const fields = {}
	191	await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
	192	})
	193
	194	it('Should fail with a short comment', async function () {
	195	const fields = {
53eb90c0	196	text: ''
e2e22e40 C	197	}
	198	await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
	199	})
	200
	201	it('Should fail with a long comment', async function () {
	202	const fields = {
298b3fd3	203	text: 'h'.repeat(10001)
e2e22e40 C	204	}
	205	await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
	206	})
	207
	208	it('Should fail with an incorrect video', async function () {
	209	const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
6ea9295b C	210	const fields = { text: 'super comment' }
6ea9295b C	211
2d53be02 RK	212	await makePostBodyRequest({
	213	url: server.url,
	214	path,
	215	token: server.accessToken,
	216	fields,
c0e8b12e	217	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	218	})
e2e22e40 C	219	})
e2e22e40 C	220
6ea9295b C	221	it('Should fail with a private video of another user', async function () {
	222	const fields = { text: 'super comment' }
	223
	224	await makePostBodyRequest({
	225	url: server.url,
	226	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	227	token: userAccessToken,
	228	fields,
	229	expectedStatus: HttpStatusCode.FORBIDDEN_403
	230	})
	231	})
	232
e2e22e40	233	it('Should succeed with the correct parameters', async function () {
6ea9295b C	234	const fields = { text: 'super comment' }
6ea9295b C	235
2d53be02 RK	236	await makePostBodyRequest({
	237	url: server.url,
	238	path: pathThread,
	239	token: server.accessToken,
	240	fields,
c0e8b12e	241	expectedStatus: HttpStatusCode.OK_200
2d53be02	242	})
e2e22e40 C	243	})
	244	})
	245
	246	describe('When adding a comment to a thread', function () {
6ea9295b	247
e2e22e40 C	248	it('Should fail with a non authenticated user', async function () {
	249	const fields = {
	250	text: 'text'
	251	}
2d53be02 RK	252	await makePostBodyRequest({
	253	url: server.url,
	254	path: pathComment,
	255	token: 'none',
	256	fields,
c0e8b12e	257	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02	258	})
e2e22e40 C	259	})
	260
	261	it('Should fail with nothing', async function () {
	262	const fields = {}
	263	await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
	264	})
	265
	266	it('Should fail with a short comment', async function () {
	267	const fields = {
53eb90c0	268	text: ''
e2e22e40 C	269	}
	270	await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
	271	})
	272
	273	it('Should fail with a long comment', async function () {
	274	const fields = {
298b3fd3	275	text: 'h'.repeat(10001)
e2e22e40 C	276	}
	277	await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
	278	})
	279
	280	it('Should fail with an incorrect video', async function () {
	281	const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
	282	const fields = {
	283	text: 'super comment'
	284	}
2d53be02 RK	285	await makePostBodyRequest({
	286	url: server.url,
	287	path,
	288	token: server.accessToken,
	289	fields,
c0e8b12e	290	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	291	})
e2e22e40 C	292	})
e2e22e40 C	293
6ea9295b C	294	it('Should fail with a private video of another user', async function () {
	295	const fields = { text: 'super comment' }
	296
	297	await makePostBodyRequest({
	298	url: server.url,
	299	path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId,
	300	token: userAccessToken,
	301	fields,
	302	expectedStatus: HttpStatusCode.FORBIDDEN_403
	303	})
	304	})
	305
e2e22e40	306	it('Should fail with an incorrect comment', async function () {
d4a8e7a6	307	const path = '/api/v1/videos/' + video.uuid + '/comments/124'
e2e22e40 C	308	const fields = {
	309	text: 'super comment'
	310	}
2d53be02 RK	311	await makePostBodyRequest({
	312	url: server.url,
	313	path,
	314	token: server.accessToken,
	315	fields,
c0e8b12e	316	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	317	})
e2e22e40 C	318	})
	319
	320	it('Should succeed with the correct parameters', async function () {
	321	const fields = {
	322	text: 'super comment'
	323	}
2d53be02 RK	324	await makePostBodyRequest({
	325	url: server.url,
	326	path: pathComment,
	327	token: server.accessToken,
	328	fields,
c0e8b12e	329	expectedStatus: HttpStatusCode.OK_200
2d53be02	330	})
e2e22e40 C	331	})
	332	})
	333
4cb6d457 C	334	describe('When removing video comments', function () {
4cb6d457 C	335	it('Should fail with a non authenticated user', async function () {
c0e8b12e	336	await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
4cb6d457 C	337	})
	338
	339	it('Should fail with another user', async function () {
2d53be02 RK	340	await makeDeleteRequest({
	341	url: server.url,
	342	path: pathComment,
	343	token: userAccessToken,
c0e8b12e	344	expectedStatus: HttpStatusCode.FORBIDDEN_403
2d53be02	345	})
4cb6d457 C	346	})
	347
	348	it('Should fail with an incorrect video', async function () {
	349	const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
c0e8b12e	350	await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
4cb6d457 C	351	})
	352
	353	it('Should fail with an incorrect comment', async function () {
d4a8e7a6	354	const path = '/api/v1/videos/' + video.uuid + '/comments/124'
c0e8b12e	355	await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
4cb6d457 C	356	})
4cb6d457 C	357
fde37dc9 C	358	it('Should succeed with the same user', async function () {
	359	let commentToDelete: number
	360
	361	{
89d241a7	362	const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
12edc149	363	commentToDelete = created.id
fde37dc9 C	364	}
fde37dc9 C	365
d4a8e7a6	366	const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
fde37dc9	367
c0e8b12e C	368	await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
c0e8b12e C	369	await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
fde37dc9 C	370	})
	371
	372	it('Should succeed with the owner of the video', async function () {
	373	let commentToDelete: number
	374	let anotherVideoUUID: string
	375
	376	{
89d241a7	377	const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
d23dd9fb	378	anotherVideoUUID = uuid
fde37dc9 C	379	}
	380
	381	{
89d241a7	382	const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
12edc149	383	commentToDelete = created.id
fde37dc9 C	384	}
	385
	386	const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
	387
c0e8b12e C	388	await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
c0e8b12e C	389	await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
fde37dc9 C	390	})
fde37dc9 C	391
4cb6d457	392	it('Should succeed with the correct parameters', async function () {
2d53be02 RK	393	await makeDeleteRequest({
	394	url: server.url,
	395	path: pathComment,
	396	token: server.accessToken,
c0e8b12e	397	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	398	})
4cb6d457 C	399	})
	400	})
	401
47564bbe C	402	describe('When a video has comments disabled', function () {
47564bbe C	403	before(async function () {
89d241a7	404	video = await server.videos.upload({ attributes: { commentsEnabled: false } })
d4a8e7a6	405	pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
47564bbe C	406	})
	407
	408	it('Should return an empty thread list', async function () {
	409	const res = await makeGetRequest({
	410	url: server.url,
	411	path: pathThread,
c0e8b12e	412	expectedStatus: HttpStatusCode.OK_200
47564bbe C	413	})
	414	expect(res.body.total).to.equal(0)
	415	expect(res.body.data).to.have.lengthOf(0)
	416	})
	417
	418	it('Should return an thread comments list')
	419
	420	it('Should return conflict on thread add', async function () {
	421	const fields = {
	422	text: 'super comment'
	423	}
2d53be02 RK	424	await makePostBodyRequest({
	425	url: server.url,
	426	path: pathThread,
	427	token: server.accessToken,
	428	fields,
c0e8b12e	429	expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02	430	})
47564bbe C	431	})
	432
	433	it('Should return conflict on comment thread add')
	434	})
	435
f1273314 C	436	describe('When listing admin comments threads', function () {
	437	const path = '/api/v1/videos/comments'
	438
	439	it('Should fail with a bad start pagination', async function () {
	440	await checkBadStartPagination(server.url, path, server.accessToken)
	441	})
	442
	443	it('Should fail with a bad count pagination', async function () {
	444	await checkBadCountPagination(server.url, path, server.accessToken)
	445	})
	446
	447	it('Should fail with an incorrect sort', async function () {
	448	await checkBadSortPagination(server.url, path, server.accessToken)
	449	})
	450
	451	it('Should fail with a non authenticated user', async function () {
	452	await makeGetRequest({
	453	url: server.url,
	454	path,
c0e8b12e	455	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
f1273314 C	456	})
	457	})
	458
	459	it('Should fail with a non admin user', async function () {
	460	await makeGetRequest({
	461	url: server.url,
	462	path,
	463	token: userAccessToken,
c0e8b12e	464	expectedStatus: HttpStatusCode.FORBIDDEN_403
f1273314 C	465	})
	466	})
	467
	468	it('Should succeed with the correct params', async function () {
	469	await makeGetRequest({
	470	url: server.url,
	471	path,
	472	token: server.accessToken,
	473	query: {
	474	isLocal: false,
	475	search: 'toto',
	476	searchAccount: 'toto',
	477	searchVideo: 'toto'
	478	},
c0e8b12e	479	expectedStatus: HttpStatusCode.OK_200
f1273314 C	480	})
	481	})
	482	})
	483
7c3b7976 C	484	after(async function () {
7c3b7976 C	485	await cleanupTests([ server ])
e2e22e40 C	486	})
e2e22e40 C	487	})