[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / video-comments.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import * as chai from 'chai'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
import {
  cleanupTests,
  createSingleServer,
  makeDeleteRequest,
  makeGetRequest,
  makePostBodyRequest,
  PeerTubeServer,
  setAccessTokensToServers
} from '@shared/server-commands'

const expect = chai.expect

describe('Test video comments API validator', function () {
  let pathThread: string
  let pathComment: string

  let server: PeerTubeServer

  let video: VideoCreateResult

  let userAccessToken: string
  let userAccessToken2: string

  let commentId: number
  let privateCommentId: number
  let privateVideo: VideoCreateResult

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(30000)

    server = await createSingleServer(1)

    await setAccessTokensToServers([ server ])

    {
      video = await server.videos.upload({ attributes: {} })
      pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
    }

    {
      privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
    }

    {
      const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
      commentId = created.id
      pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
    }

    {
      const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
      privateCommentId = created.id
    }

    {
      const user = { username: 'user1', password: 'my super password' }
      await server.users.create({ username: user.username, password: user.password })
      userAccessToken = await server.login.getAccessToken(user)
    }

    {
      const user = { username: 'user2', password: 'my super password' }
      await server.users.create({ username: user.username, password: user.password })
      userAccessToken2 = await server.login.getAccessToken(user)
    }
  })

  describe('When listing video comment threads', function () {
    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(server.url, pathThread, server.accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(server.url, pathThread, server.accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(server.url, pathThread, server.accessToken)
    })

    it('Should fail with an incorrect video', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video without token', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with another user token', async function () {
      await makeGetRequest({
        url: server.url,
        token: userAccessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
        token: server.accessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When listing comments of a thread', function () {
    it('Should fail with an incorrect video', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with an incorrect thread id', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video without token', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with another user token', async function () {
      await makeGetRequest({
        url: server.url,
        token: userAccessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should success with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
        token: server.accessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
        expectedStatus: HttpStatusCode.OK_200
      })

      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When adding a video thread', function () {

    it('Should fail with a non authenticated user', async function () {
      const fields = {
        text: 'text'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathThread,
        token: 'none',
        fields,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with nothing', async function () {
      const fields = {}
      await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
    })

    it('Should fail with a short comment', async function () {
      const fields = {
        text: ''
      }
      await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
    })

    it('Should fail with a long comment', async function () {
      const fields = {
        text: 'h'.repeat(10001)
      }
      await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect video', async function () {
      const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video of another user', async function () {
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        token: userAccessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the correct parameters', async function () {
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path: pathThread,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When adding a comment to a thread', function () {

    it('Should fail with a non authenticated user', async function () {
      const fields = {
        text: 'text'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathComment,
        token: 'none',
        fields,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with nothing', async function () {
      const fields = {}
      await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
    })

    it('Should fail with a short comment', async function () {
      const fields = {
        text: ''
      }
      await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
    })

    it('Should fail with a long comment', async function () {
      const fields = {
        text: 'h'.repeat(10001)
      }
      await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect video', async function () {
      const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video of another user', async function () {
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId,
        token: userAccessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an incorrect comment', async function () {
      const path = '/api/v1/videos/' + video.uuid + '/comments/124'
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should succeed with the correct parameters', async function () {
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathComment,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When removing video comments', function () {
    it('Should fail with a non authenticated user', async function () {
      await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with another user', async function () {
      await makeDeleteRequest({
        url: server.url,
        path: pathComment,
        token: userAccessToken,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an incorrect video', async function () {
      const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
      await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should fail with an incorrect comment', async function () {
      const path = '/api/v1/videos/' + video.uuid + '/comments/124'
      await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should succeed with the same user', async function () {
      let commentToDelete: number

      {
        const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
        commentToDelete = created.id
      }

      const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete

      await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
      await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })

    it('Should succeed with the owner of the video', async function () {
      let commentToDelete: number
      let anotherVideoUUID: string

      {
        const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
        anotherVideoUUID = uuid
      }

      {
        const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
        commentToDelete = created.id
      }

      const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete

      await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
      await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })

    it('Should succeed with the correct parameters', async function () {
      await makeDeleteRequest({
        url: server.url,
        path: pathComment,
        token: server.accessToken,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When a video has comments disabled', function () {
    before(async function () {
      video = await server.videos.upload({ attributes: { commentsEnabled: false } })
      pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
    })

    it('Should return an empty thread list', async function () {
      const res = await makeGetRequest({
        url: server.url,
        path: pathThread,
        expectedStatus: HttpStatusCode.OK_200
      })
      expect(res.body.total).to.equal(0)
      expect(res.body.data).to.have.lengthOf(0)
    })

    it('Should return an thread comments list')

    it('Should return conflict on thread add', async function () {
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathThread,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should return conflict on comment thread add')
  })

  describe('When listing admin comments threads', function () {
    const path = '/api/v1/videos/comments'

    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(server.url, path, server.accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(server.url, path, server.accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(server.url, path, server.accessToken)
    })

    it('Should fail with a non authenticated user', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with a non admin user', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        token: userAccessToken,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        token: server.accessToken,
        query: {
          isLocal: false,
          search: 'toto',
          searchAccount: 'toto',
          searchVideo: 'toto'
        },
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  after(async function () {
    await cleanupTests([ server ])
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
e2e22e40	2
d4a8e7a6	3	import * as chai from 'chai'
c55e3d72	4	import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
33181473	5	import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
11ba2ab3	6	import {
7c3b7976	7	cleanupTests,
254d3579	8	createSingleServer,
42e1ec25 C	9	makeDeleteRequest,
	10	makeGetRequest,
	11	makePostBodyRequest,
254d3579	12	PeerTubeServer,
d23dd9fb	13	setAccessTokensToServers
bf54587a	14	} from '@shared/server-commands'
e2e22e40	15
47564bbe C	16	const expect = chai.expect
47564bbe C	17
e2e22e40 C	18	describe('Test video comments API validator', function () {
	19	let pathThread: string
	20	let pathComment: string
6ea9295b	21
254d3579	22	let server: PeerTubeServer
6ea9295b	23
d4a8e7a6	24	let video: VideoCreateResult
6ea9295b	25
4cb6d457	26	let userAccessToken: string
fde37dc9	27	let userAccessToken2: string
6ea9295b	28
e2e22e40	29	let commentId: number
84c8d986 C	30	let privateCommentId: number
84c8d986 C	31	let privateVideo: VideoCreateResult
e2e22e40 C	32
	33	// ---------------------------------------------------------------
	34
	35	before(async function () {
e212f887	36	this.timeout(30000)
e2e22e40	37
254d3579	38	server = await createSingleServer(1)
e2e22e40 C	39
	40	await setAccessTokensToServers([ server ])
	41
e2e22e40	42	{
08642a76	43	video = await server.videos.upload({ attributes: {} })
d4a8e7a6	44	pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
e2e22e40 C	45	}
e2e22e40 C	46
84c8d986 C	47	{
	48	privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
	49	}
	50
e2e22e40	51	{
89d241a7	52	const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
12edc149	53	commentId = created.id
d4a8e7a6	54	pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
e2e22e40	55	}
4cb6d457	56
84c8d986 C	57	{
	58	const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
	59	privateCommentId = created.id
	60	}
	61
4cb6d457	62	{
fde37dc9	63	const user = { username: 'user1', password: 'my super password' }
89d241a7 C	64	await server.users.create({ username: user.username, password: user.password })
89d241a7 C	65	userAccessToken = await server.login.getAccessToken(user)
4cb6d457	66	}
fde37dc9 C	67
	68	{
	69	const user = { username: 'user2', password: 'my super password' }
89d241a7 C	70	await server.users.create({ username: user.username, password: user.password })
89d241a7 C	71	userAccessToken2 = await server.login.getAccessToken(user)
fde37dc9	72	}
e2e22e40 C	73	})
	74
	75	describe('When listing video comment threads', function () {
	76	it('Should fail with a bad start pagination', async function () {
11ba2ab3	77	await checkBadStartPagination(server.url, pathThread, server.accessToken)
e2e22e40 C	78	})
	79
	80	it('Should fail with a bad count pagination', async function () {
11ba2ab3	81	await checkBadCountPagination(server.url, pathThread, server.accessToken)
e2e22e40 C	82	})
	83
	84	it('Should fail with an incorrect sort', async function () {
11ba2ab3	85	await checkBadSortPagination(server.url, pathThread, server.accessToken)
e2e22e40 C	86	})
	87
	88	it('Should fail with an incorrect video', async function () {
11ba2ab3 C	89	await makeGetRequest({
	90	url: server.url,
	91	path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
c0e8b12e	92	expectedStatus: HttpStatusCode.NOT_FOUND_404
11ba2ab3	93	})
e2e22e40	94	})
84c8d986 C	95
	96	it('Should fail with a private video without token', async function () {
	97	await makeGetRequest({
	98	url: server.url,
	99	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	100	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	101	})
	102	})
	103
	104	it('Should fail with another user token', async function () {
	105	await makeGetRequest({
	106	url: server.url,
	107	token: userAccessToken,
	108	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	109	expectedStatus: HttpStatusCode.FORBIDDEN_403
	110	})
	111	})
	112
	113	it('Should succeed with the correct params', async function () {
	114	await makeGetRequest({
	115	url: server.url,
	116	token: server.accessToken,
	117	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	118	expectedStatus: HttpStatusCode.OK_200
	119	})
	120	})
e2e22e40 C	121	})
	122
	123	describe('When listing comments of a thread', function () {
	124	it('Should fail with an incorrect video', async function () {
11ba2ab3 C	125	await makeGetRequest({
	126	url: server.url,
	127	path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
c0e8b12e	128	expectedStatus: HttpStatusCode.NOT_FOUND_404
11ba2ab3	129	})
e2e22e40 C	130	})
	131
	132	it('Should fail with an incorrect thread id', async function () {
11ba2ab3 C	133	await makeGetRequest({
11ba2ab3 C	134	url: server.url,
d4a8e7a6	135	path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
c0e8b12e	136	expectedStatus: HttpStatusCode.NOT_FOUND_404
11ba2ab3	137	})
e2e22e40 C	138	})
e2e22e40 C	139
84c8d986 C	140	it('Should fail with a private video without token', async function () {
	141	await makeGetRequest({
	142	url: server.url,
	143	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
	144	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	145	})
	146	})
	147
	148	it('Should fail with another user token', async function () {
	149	await makeGetRequest({
	150	url: server.url,
	151	token: userAccessToken,
	152	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
	153	expectedStatus: HttpStatusCode.FORBIDDEN_403
	154	})
	155	})
	156
e2e22e40	157	it('Should success with the correct params', async function () {
84c8d986 C	158	await makeGetRequest({
	159	url: server.url,
	160	token: server.accessToken,
	161	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
	162	expectedStatus: HttpStatusCode.OK_200
	163	})
	164
11ba2ab3 C	165	await makeGetRequest({
11ba2ab3 C	166	url: server.url,
d4a8e7a6	167	path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
c0e8b12e	168	expectedStatus: HttpStatusCode.OK_200
11ba2ab3	169	})
e2e22e40 C	170	})
	171	})
	172
	173	describe('When adding a video thread', function () {
	174
	175	it('Should fail with a non authenticated user', async function () {
	176	const fields = {
	177	text: 'text'
	178	}
2d53be02 RK	179	await makePostBodyRequest({
	180	url: server.url,
	181	path: pathThread,
	182	token: 'none',
	183	fields,
c0e8b12e	184	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02	185	})
e2e22e40 C	186	})
	187
	188	it('Should fail with nothing', async function () {
	189	const fields = {}
	190	await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
	191	})
	192
	193	it('Should fail with a short comment', async function () {
	194	const fields = {
53eb90c0	195	text: ''
e2e22e40 C	196	}
	197	await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
	198	})
	199
	200	it('Should fail with a long comment', async function () {
	201	const fields = {
298b3fd3	202	text: 'h'.repeat(10001)
e2e22e40 C	203	}
	204	await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
	205	})
	206
	207	it('Should fail with an incorrect video', async function () {
	208	const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
6ea9295b C	209	const fields = { text: 'super comment' }
6ea9295b C	210
2d53be02 RK	211	await makePostBodyRequest({
	212	url: server.url,
	213	path,
	214	token: server.accessToken,
	215	fields,
c0e8b12e	216	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	217	})
e2e22e40 C	218	})
e2e22e40 C	219
6ea9295b C	220	it('Should fail with a private video of another user', async function () {
	221	const fields = { text: 'super comment' }
	222
	223	await makePostBodyRequest({
	224	url: server.url,
	225	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	226	token: userAccessToken,
	227	fields,
	228	expectedStatus: HttpStatusCode.FORBIDDEN_403
	229	})
	230	})
	231
e2e22e40	232	it('Should succeed with the correct parameters', async function () {
6ea9295b C	233	const fields = { text: 'super comment' }
6ea9295b C	234
2d53be02 RK	235	await makePostBodyRequest({
	236	url: server.url,
	237	path: pathThread,
	238	token: server.accessToken,
	239	fields,
c0e8b12e	240	expectedStatus: HttpStatusCode.OK_200
2d53be02	241	})
e2e22e40 C	242	})
	243	})
	244
	245	describe('When adding a comment to a thread', function () {
6ea9295b	246
e2e22e40 C	247	it('Should fail with a non authenticated user', async function () {
	248	const fields = {
	249	text: 'text'
	250	}
2d53be02 RK	251	await makePostBodyRequest({
	252	url: server.url,
	253	path: pathComment,
	254	token: 'none',
	255	fields,
c0e8b12e	256	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02	257	})
e2e22e40 C	258	})
	259
	260	it('Should fail with nothing', async function () {
	261	const fields = {}
	262	await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
	263	})
	264
	265	it('Should fail with a short comment', async function () {
	266	const fields = {
53eb90c0	267	text: ''
e2e22e40 C	268	}
	269	await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
	270	})
	271
	272	it('Should fail with a long comment', async function () {
	273	const fields = {
298b3fd3	274	text: 'h'.repeat(10001)
e2e22e40 C	275	}
	276	await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
	277	})
	278
	279	it('Should fail with an incorrect video', async function () {
	280	const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
	281	const fields = {
	282	text: 'super comment'
	283	}
2d53be02 RK	284	await makePostBodyRequest({
	285	url: server.url,
	286	path,
	287	token: server.accessToken,
	288	fields,
c0e8b12e	289	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	290	})
e2e22e40 C	291	})
e2e22e40 C	292
6ea9295b C	293	it('Should fail with a private video of another user', async function () {
	294	const fields = { text: 'super comment' }
	295
	296	await makePostBodyRequest({
	297	url: server.url,
	298	path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId,
	299	token: userAccessToken,
	300	fields,
	301	expectedStatus: HttpStatusCode.FORBIDDEN_403
	302	})
	303	})
	304
e2e22e40	305	it('Should fail with an incorrect comment', async function () {
d4a8e7a6	306	const path = '/api/v1/videos/' + video.uuid + '/comments/124'
e2e22e40 C	307	const fields = {
	308	text: 'super comment'
	309	}
2d53be02 RK	310	await makePostBodyRequest({
	311	url: server.url,
	312	path,
	313	token: server.accessToken,
	314	fields,
c0e8b12e	315	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	316	})
e2e22e40 C	317	})
	318
	319	it('Should succeed with the correct parameters', async function () {
	320	const fields = {
	321	text: 'super comment'
	322	}
2d53be02 RK	323	await makePostBodyRequest({
	324	url: server.url,
	325	path: pathComment,
	326	token: server.accessToken,
	327	fields,
c0e8b12e	328	expectedStatus: HttpStatusCode.OK_200
2d53be02	329	})
e2e22e40 C	330	})
	331	})
	332
4cb6d457 C	333	describe('When removing video comments', function () {
4cb6d457 C	334	it('Should fail with a non authenticated user', async function () {
c0e8b12e	335	await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
4cb6d457 C	336	})
	337
	338	it('Should fail with another user', async function () {
2d53be02 RK	339	await makeDeleteRequest({
	340	url: server.url,
	341	path: pathComment,
	342	token: userAccessToken,
c0e8b12e	343	expectedStatus: HttpStatusCode.FORBIDDEN_403
2d53be02	344	})
4cb6d457 C	345	})
	346
	347	it('Should fail with an incorrect video', async function () {
	348	const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
c0e8b12e	349	await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
4cb6d457 C	350	})
	351
	352	it('Should fail with an incorrect comment', async function () {
d4a8e7a6	353	const path = '/api/v1/videos/' + video.uuid + '/comments/124'
c0e8b12e	354	await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
4cb6d457 C	355	})
4cb6d457 C	356
fde37dc9 C	357	it('Should succeed with the same user', async function () {
	358	let commentToDelete: number
	359
	360	{
89d241a7	361	const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
12edc149	362	commentToDelete = created.id
fde37dc9 C	363	}
fde37dc9 C	364
d4a8e7a6	365	const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
fde37dc9	366
c0e8b12e C	367	await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
c0e8b12e C	368	await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
fde37dc9 C	369	})
	370
	371	it('Should succeed with the owner of the video', async function () {
	372	let commentToDelete: number
	373	let anotherVideoUUID: string
	374
	375	{
89d241a7	376	const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
d23dd9fb	377	anotherVideoUUID = uuid
fde37dc9 C	378	}
	379
	380	{
89d241a7	381	const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
12edc149	382	commentToDelete = created.id
fde37dc9 C	383	}
	384
	385	const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
	386
c0e8b12e C	387	await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
c0e8b12e C	388	await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
fde37dc9 C	389	})
fde37dc9 C	390
4cb6d457	391	it('Should succeed with the correct parameters', async function () {
2d53be02 RK	392	await makeDeleteRequest({
	393	url: server.url,
	394	path: pathComment,
	395	token: server.accessToken,
c0e8b12e	396	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	397	})
4cb6d457 C	398	})
	399	})
	400
47564bbe C	401	describe('When a video has comments disabled', function () {
47564bbe C	402	before(async function () {
89d241a7	403	video = await server.videos.upload({ attributes: { commentsEnabled: false } })
d4a8e7a6	404	pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
47564bbe C	405	})
	406
	407	it('Should return an empty thread list', async function () {
	408	const res = await makeGetRequest({
	409	url: server.url,
	410	path: pathThread,
c0e8b12e	411	expectedStatus: HttpStatusCode.OK_200
47564bbe C	412	})
	413	expect(res.body.total).to.equal(0)
	414	expect(res.body.data).to.have.lengthOf(0)
	415	})
	416
	417	it('Should return an thread comments list')
	418
	419	it('Should return conflict on thread add', async function () {
	420	const fields = {
	421	text: 'super comment'
	422	}
2d53be02 RK	423	await makePostBodyRequest({
	424	url: server.url,
	425	path: pathThread,
	426	token: server.accessToken,
	427	fields,
c0e8b12e	428	expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02	429	})
47564bbe C	430	})
	431
	432	it('Should return conflict on comment thread add')
	433	})
	434
f1273314 C	435	describe('When listing admin comments threads', function () {
	436	const path = '/api/v1/videos/comments'
	437
	438	it('Should fail with a bad start pagination', async function () {
	439	await checkBadStartPagination(server.url, path, server.accessToken)
	440	})
	441
	442	it('Should fail with a bad count pagination', async function () {
	443	await checkBadCountPagination(server.url, path, server.accessToken)
	444	})
	445
	446	it('Should fail with an incorrect sort', async function () {
	447	await checkBadSortPagination(server.url, path, server.accessToken)
	448	})
	449
	450	it('Should fail with a non authenticated user', async function () {
	451	await makeGetRequest({
	452	url: server.url,
	453	path,
c0e8b12e	454	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
f1273314 C	455	})
	456	})
	457
	458	it('Should fail with a non admin user', async function () {
	459	await makeGetRequest({
	460	url: server.url,
	461	path,
	462	token: userAccessToken,
c0e8b12e	463	expectedStatus: HttpStatusCode.FORBIDDEN_403
f1273314 C	464	})
	465	})
	466
	467	it('Should succeed with the correct params', async function () {
	468	await makeGetRequest({
	469	url: server.url,
	470	path,
	471	token: server.accessToken,
	472	query: {
	473	isLocal: false,
	474	search: 'toto',
	475	searchAccount: 'toto',
	476	searchVideo: 'toto'
	477	},
c0e8b12e	478	expectedStatus: HttpStatusCode.OK_200
f1273314 C	479	})
	480	})
	481	})
	482
7c3b7976 C	483	after(async function () {
7c3b7976 C	484	await cleanupTests([ server ])
e2e22e40 C	485	})
e2e22e40 C	486	})