[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / video-comments.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import { expect } from 'chai'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
import {
  cleanupTests,
  createSingleServer,
  makeDeleteRequest,
  makeGetRequest,
  makePostBodyRequest,
  PeerTubeServer,
  setAccessTokensToServers
} from '@shared/server-commands'

describe('Test video comments API validator', function () {
  let pathThread: string
  let pathComment: string

  let server: PeerTubeServer

  let video: VideoCreateResult

  let userAccessToken: string
  let userAccessToken2: string

  let commentId: number
  let privateCommentId: number
  let privateVideo: VideoCreateResult

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(120000)

    server = await createSingleServer(1)

    await setAccessTokensToServers([ server ])

    {
      video = await server.videos.upload({ attributes: {} })
      pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
    }

    {
      privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
    }

    {
      const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
      commentId = created.id
      pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
    }

    {
      const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
      privateCommentId = created.id
    }

    {
      const user = { username: 'user1', password: 'my super password' }
      await server.users.create({ username: user.username, password: user.password })
      userAccessToken = await server.login.getAccessToken(user)
    }

    {
      const user = { username: 'user2', password: 'my super password' }
      await server.users.create({ username: user.username, password: user.password })
      userAccessToken2 = await server.login.getAccessToken(user)
    }
  })

  describe('When listing video comment threads', function () {
    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(server.url, pathThread, server.accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(server.url, pathThread, server.accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(server.url, pathThread, server.accessToken)
    })

    it('Should fail with an incorrect video', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video without token', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with another user token', async function () {
      await makeGetRequest({
        url: server.url,
        token: userAccessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
        token: server.accessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When listing comments of a thread', function () {
    it('Should fail with an incorrect video', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with an incorrect thread id', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video without token', async function () {
      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with another user token', async function () {
      await makeGetRequest({
        url: server.url,
        token: userAccessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should success with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
        token: server.accessToken,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
        expectedStatus: HttpStatusCode.OK_200
      })

      await makeGetRequest({
        url: server.url,
        path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When adding a video thread', function () {

    it('Should fail with a non authenticated user', async function () {
      const fields = {
        text: 'text'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathThread,
        token: 'none',
        fields,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with nothing', async function () {
      const fields = {}
      await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
    })

    it('Should fail with a short comment', async function () {
      const fields = {
        text: ''
      }
      await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
    })

    it('Should fail with a long comment', async function () {
      const fields = {
        text: 'h'.repeat(10001)
      }
      await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect video', async function () {
      const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video of another user', async function () {
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
        token: userAccessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the correct parameters', async function () {
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path: pathThread,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When adding a comment to a thread', function () {

    it('Should fail with a non authenticated user', async function () {
      const fields = {
        text: 'text'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathComment,
        token: 'none',
        fields,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with nothing', async function () {
      const fields = {}
      await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
    })

    it('Should fail with a short comment', async function () {
      const fields = {
        text: ''
      }
      await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
    })

    it('Should fail with a long comment', async function () {
      const fields = {
        text: 'h'.repeat(10001)
      }
      await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
    })

    it('Should fail with an incorrect video', async function () {
      const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should fail with a private video of another user', async function () {
      const fields = { text: 'super comment' }

      await makePostBodyRequest({
        url: server.url,
        path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId,
        token: userAccessToken,
        fields,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an incorrect comment', async function () {
      const path = '/api/v1/videos/' + video.uuid + '/comments/124'
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.NOT_FOUND_404
      })
    })

    it('Should succeed with the correct parameters', async function () {
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathComment,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  describe('When removing video comments', function () {
    it('Should fail with a non authenticated user', async function () {
      await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should fail with another user', async function () {
      await makeDeleteRequest({
        url: server.url,
        path: pathComment,
        token: userAccessToken,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should fail with an incorrect video', async function () {
      const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
      await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should fail with an incorrect comment', async function () {
      const path = '/api/v1/videos/' + video.uuid + '/comments/124'
      await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })

    it('Should succeed with the same user', async function () {
      let commentToDelete: number

      {
        const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
        commentToDelete = created.id
      }

      const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete

      await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
      await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })

    it('Should succeed with the owner of the video', async function () {
      let commentToDelete: number
      let anotherVideoUUID: string

      {
        const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
        anotherVideoUUID = uuid
      }

      {
        const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
        commentToDelete = created.id
      }

      const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete

      await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
      await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
    })

    it('Should succeed with the correct parameters', async function () {
      await makeDeleteRequest({
        url: server.url,
        path: pathComment,
        token: server.accessToken,
        expectedStatus: HttpStatusCode.NO_CONTENT_204
      })
    })
  })

  describe('When a video has comments disabled', function () {
    before(async function () {
      video = await server.videos.upload({ attributes: { commentsEnabled: false } })
      pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
    })

    it('Should return an empty thread list', async function () {
      const res = await makeGetRequest({
        url: server.url,
        path: pathThread,
        expectedStatus: HttpStatusCode.OK_200
      })
      expect(res.body.total).to.equal(0)
      expect(res.body.data).to.have.lengthOf(0)
    })

    it('Should return an thread comments list')

    it('Should return conflict on thread add', async function () {
      const fields = {
        text: 'super comment'
      }
      await makePostBodyRequest({
        url: server.url,
        path: pathThread,
        token: server.accessToken,
        fields,
        expectedStatus: HttpStatusCode.CONFLICT_409
      })
    })

    it('Should return conflict on comment thread add')
  })

  describe('When listing admin comments threads', function () {
    const path = '/api/v1/videos/comments'

    it('Should fail with a bad start pagination', async function () {
      await checkBadStartPagination(server.url, path, server.accessToken)
    })

    it('Should fail with a bad count pagination', async function () {
      await checkBadCountPagination(server.url, path, server.accessToken)
    })

    it('Should fail with an incorrect sort', async function () {
      await checkBadSortPagination(server.url, path, server.accessToken)
    })

    it('Should fail with a non authenticated user', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
      })
    })

    it('Should fail with a non admin user', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        token: userAccessToken,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should succeed with the correct params', async function () {
      await makeGetRequest({
        url: server.url,
        path,
        token: server.accessToken,
        query: {
          isLocal: false,
          search: 'toto',
          searchAccount: 'toto',
          searchVideo: 'toto'
        },
        expectedStatus: HttpStatusCode.OK_200
      })
    })
  })

  after(async function () {
    await cleanupTests([ server ])
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
e2e22e40	2
86347717	3	import { expect } from 'chai'
c55e3d72	4	import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
33181473	5	import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
11ba2ab3	6	import {
7c3b7976	7	cleanupTests,
254d3579	8	createSingleServer,
42e1ec25 C	9	makeDeleteRequest,
	10	makeGetRequest,
	11	makePostBodyRequest,
254d3579	12	PeerTubeServer,
d23dd9fb	13	setAccessTokensToServers
bf54587a	14	} from '@shared/server-commands'
e2e22e40 C	15
	16	describe('Test video comments API validator', function () {
	17	let pathThread: string
	18	let pathComment: string
6ea9295b	19
254d3579	20	let server: PeerTubeServer
6ea9295b	21
d4a8e7a6	22	let video: VideoCreateResult
6ea9295b	23
4cb6d457	24	let userAccessToken: string
fde37dc9	25	let userAccessToken2: string
6ea9295b	26
e2e22e40	27	let commentId: number
84c8d986 C	28	let privateCommentId: number
84c8d986 C	29	let privateVideo: VideoCreateResult
e2e22e40 C	30
	31	// ---------------------------------------------------------------
	32
	33	before(async function () {
01283e20	34	this.timeout(120000)
e2e22e40	35
254d3579	36	server = await createSingleServer(1)
e2e22e40 C	37
	38	await setAccessTokensToServers([ server ])
	39
e2e22e40	40	{
08642a76	41	video = await server.videos.upload({ attributes: {} })
d4a8e7a6	42	pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
e2e22e40 C	43	}
e2e22e40 C	44
84c8d986 C	45	{
	46	privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
	47	}
	48
e2e22e40	49	{
89d241a7	50	const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
12edc149	51	commentId = created.id
d4a8e7a6	52	pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
e2e22e40	53	}
4cb6d457	54
84c8d986 C	55	{
	56	const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
	57	privateCommentId = created.id
	58	}
	59
4cb6d457	60	{
fde37dc9	61	const user = { username: 'user1', password: 'my super password' }
89d241a7 C	62	await server.users.create({ username: user.username, password: user.password })
89d241a7 C	63	userAccessToken = await server.login.getAccessToken(user)
4cb6d457	64	}
fde37dc9 C	65
	66	{
	67	const user = { username: 'user2', password: 'my super password' }
89d241a7 C	68	await server.users.create({ username: user.username, password: user.password })
89d241a7 C	69	userAccessToken2 = await server.login.getAccessToken(user)
fde37dc9	70	}
e2e22e40 C	71	})
	72
	73	describe('When listing video comment threads', function () {
	74	it('Should fail with a bad start pagination', async function () {
11ba2ab3	75	await checkBadStartPagination(server.url, pathThread, server.accessToken)
e2e22e40 C	76	})
	77
	78	it('Should fail with a bad count pagination', async function () {
11ba2ab3	79	await checkBadCountPagination(server.url, pathThread, server.accessToken)
e2e22e40 C	80	})
	81
	82	it('Should fail with an incorrect sort', async function () {
11ba2ab3	83	await checkBadSortPagination(server.url, pathThread, server.accessToken)
e2e22e40 C	84	})
	85
	86	it('Should fail with an incorrect video', async function () {
11ba2ab3 C	87	await makeGetRequest({
	88	url: server.url,
	89	path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
c0e8b12e	90	expectedStatus: HttpStatusCode.NOT_FOUND_404
11ba2ab3	91	})
e2e22e40	92	})
84c8d986 C	93
	94	it('Should fail with a private video without token', async function () {
	95	await makeGetRequest({
	96	url: server.url,
	97	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	98	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	99	})
	100	})
	101
	102	it('Should fail with another user token', async function () {
	103	await makeGetRequest({
	104	url: server.url,
	105	token: userAccessToken,
	106	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	107	expectedStatus: HttpStatusCode.FORBIDDEN_403
	108	})
	109	})
	110
	111	it('Should succeed with the correct params', async function () {
	112	await makeGetRequest({
	113	url: server.url,
	114	token: server.accessToken,
	115	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	116	expectedStatus: HttpStatusCode.OK_200
	117	})
	118	})
e2e22e40 C	119	})
	120
	121	describe('When listing comments of a thread', function () {
	122	it('Should fail with an incorrect video', async function () {
11ba2ab3 C	123	await makeGetRequest({
	124	url: server.url,
	125	path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
c0e8b12e	126	expectedStatus: HttpStatusCode.NOT_FOUND_404
11ba2ab3	127	})
e2e22e40 C	128	})
	129
	130	it('Should fail with an incorrect thread id', async function () {
11ba2ab3 C	131	await makeGetRequest({
11ba2ab3 C	132	url: server.url,
d4a8e7a6	133	path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
c0e8b12e	134	expectedStatus: HttpStatusCode.NOT_FOUND_404
11ba2ab3	135	})
e2e22e40 C	136	})
e2e22e40 C	137
84c8d986 C	138	it('Should fail with a private video without token', async function () {
	139	await makeGetRequest({
	140	url: server.url,
	141	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
	142	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
	143	})
	144	})
	145
	146	it('Should fail with another user token', async function () {
	147	await makeGetRequest({
	148	url: server.url,
	149	token: userAccessToken,
	150	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
	151	expectedStatus: HttpStatusCode.FORBIDDEN_403
	152	})
	153	})
	154
e2e22e40	155	it('Should success with the correct params', async function () {
84c8d986 C	156	await makeGetRequest({
	157	url: server.url,
	158	token: server.accessToken,
	159	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
	160	expectedStatus: HttpStatusCode.OK_200
	161	})
	162
11ba2ab3 C	163	await makeGetRequest({
11ba2ab3 C	164	url: server.url,
d4a8e7a6	165	path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
c0e8b12e	166	expectedStatus: HttpStatusCode.OK_200
11ba2ab3	167	})
e2e22e40 C	168	})
	169	})
	170
	171	describe('When adding a video thread', function () {
	172
	173	it('Should fail with a non authenticated user', async function () {
	174	const fields = {
	175	text: 'text'
	176	}
2d53be02 RK	177	await makePostBodyRequest({
	178	url: server.url,
	179	path: pathThread,
	180	token: 'none',
	181	fields,
c0e8b12e	182	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02	183	})
e2e22e40 C	184	})
	185
	186	it('Should fail with nothing', async function () {
	187	const fields = {}
	188	await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
	189	})
	190
	191	it('Should fail with a short comment', async function () {
	192	const fields = {
53eb90c0	193	text: ''
e2e22e40 C	194	}
	195	await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
	196	})
	197
	198	it('Should fail with a long comment', async function () {
	199	const fields = {
298b3fd3	200	text: 'h'.repeat(10001)
e2e22e40 C	201	}
	202	await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
	203	})
	204
	205	it('Should fail with an incorrect video', async function () {
	206	const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
6ea9295b C	207	const fields = { text: 'super comment' }
6ea9295b C	208
2d53be02 RK	209	await makePostBodyRequest({
	210	url: server.url,
	211	path,
	212	token: server.accessToken,
	213	fields,
c0e8b12e	214	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	215	})
e2e22e40 C	216	})
e2e22e40 C	217
6ea9295b C	218	it('Should fail with a private video of another user', async function () {
	219	const fields = { text: 'super comment' }
	220
	221	await makePostBodyRequest({
	222	url: server.url,
	223	path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
	224	token: userAccessToken,
	225	fields,
	226	expectedStatus: HttpStatusCode.FORBIDDEN_403
	227	})
	228	})
	229
e2e22e40	230	it('Should succeed with the correct parameters', async function () {
6ea9295b C	231	const fields = { text: 'super comment' }
6ea9295b C	232
2d53be02 RK	233	await makePostBodyRequest({
	234	url: server.url,
	235	path: pathThread,
	236	token: server.accessToken,
	237	fields,
c0e8b12e	238	expectedStatus: HttpStatusCode.OK_200
2d53be02	239	})
e2e22e40 C	240	})
	241	})
	242
	243	describe('When adding a comment to a thread', function () {
6ea9295b	244
e2e22e40 C	245	it('Should fail with a non authenticated user', async function () {
	246	const fields = {
	247	text: 'text'
	248	}
2d53be02 RK	249	await makePostBodyRequest({
	250	url: server.url,
	251	path: pathComment,
	252	token: 'none',
	253	fields,
c0e8b12e	254	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
2d53be02	255	})
e2e22e40 C	256	})
	257
	258	it('Should fail with nothing', async function () {
	259	const fields = {}
	260	await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
	261	})
	262
	263	it('Should fail with a short comment', async function () {
	264	const fields = {
53eb90c0	265	text: ''
e2e22e40 C	266	}
	267	await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
	268	})
	269
	270	it('Should fail with a long comment', async function () {
	271	const fields = {
298b3fd3	272	text: 'h'.repeat(10001)
e2e22e40 C	273	}
	274	await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
	275	})
	276
	277	it('Should fail with an incorrect video', async function () {
	278	const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
	279	const fields = {
	280	text: 'super comment'
	281	}
2d53be02 RK	282	await makePostBodyRequest({
	283	url: server.url,
	284	path,
	285	token: server.accessToken,
	286	fields,
c0e8b12e	287	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	288	})
e2e22e40 C	289	})
e2e22e40 C	290
6ea9295b C	291	it('Should fail with a private video of another user', async function () {
	292	const fields = { text: 'super comment' }
	293
	294	await makePostBodyRequest({
	295	url: server.url,
	296	path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId,
	297	token: userAccessToken,
	298	fields,
	299	expectedStatus: HttpStatusCode.FORBIDDEN_403
	300	})
	301	})
	302
e2e22e40	303	it('Should fail with an incorrect comment', async function () {
d4a8e7a6	304	const path = '/api/v1/videos/' + video.uuid + '/comments/124'
e2e22e40 C	305	const fields = {
	306	text: 'super comment'
	307	}
2d53be02 RK	308	await makePostBodyRequest({
	309	url: server.url,
	310	path,
	311	token: server.accessToken,
	312	fields,
c0e8b12e	313	expectedStatus: HttpStatusCode.NOT_FOUND_404
2d53be02	314	})
e2e22e40 C	315	})
	316
	317	it('Should succeed with the correct parameters', async function () {
	318	const fields = {
	319	text: 'super comment'
	320	}
2d53be02 RK	321	await makePostBodyRequest({
	322	url: server.url,
	323	path: pathComment,
	324	token: server.accessToken,
	325	fields,
c0e8b12e	326	expectedStatus: HttpStatusCode.OK_200
2d53be02	327	})
e2e22e40 C	328	})
	329	})
	330
4cb6d457 C	331	describe('When removing video comments', function () {
4cb6d457 C	332	it('Should fail with a non authenticated user', async function () {
c0e8b12e	333	await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
4cb6d457 C	334	})
	335
	336	it('Should fail with another user', async function () {
2d53be02 RK	337	await makeDeleteRequest({
	338	url: server.url,
	339	path: pathComment,
	340	token: userAccessToken,
c0e8b12e	341	expectedStatus: HttpStatusCode.FORBIDDEN_403
2d53be02	342	})
4cb6d457 C	343	})
	344
	345	it('Should fail with an incorrect video', async function () {
	346	const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
c0e8b12e	347	await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
4cb6d457 C	348	})
	349
	350	it('Should fail with an incorrect comment', async function () {
d4a8e7a6	351	const path = '/api/v1/videos/' + video.uuid + '/comments/124'
c0e8b12e	352	await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
4cb6d457 C	353	})
4cb6d457 C	354
fde37dc9 C	355	it('Should succeed with the same user', async function () {
	356	let commentToDelete: number
	357
	358	{
89d241a7	359	const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
12edc149	360	commentToDelete = created.id
fde37dc9 C	361	}
fde37dc9 C	362
d4a8e7a6	363	const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
fde37dc9	364
c0e8b12e C	365	await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
c0e8b12e C	366	await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
fde37dc9 C	367	})
	368
	369	it('Should succeed with the owner of the video', async function () {
	370	let commentToDelete: number
	371	let anotherVideoUUID: string
	372
	373	{
89d241a7	374	const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
d23dd9fb	375	anotherVideoUUID = uuid
fde37dc9 C	376	}
	377
	378	{
89d241a7	379	const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
12edc149	380	commentToDelete = created.id
fde37dc9 C	381	}
	382
	383	const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
	384
c0e8b12e C	385	await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
c0e8b12e C	386	await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
fde37dc9 C	387	})
fde37dc9 C	388
4cb6d457	389	it('Should succeed with the correct parameters', async function () {
2d53be02 RK	390	await makeDeleteRequest({
	391	url: server.url,
	392	path: pathComment,
	393	token: server.accessToken,
c0e8b12e	394	expectedStatus: HttpStatusCode.NO_CONTENT_204
2d53be02	395	})
4cb6d457 C	396	})
	397	})
	398
47564bbe C	399	describe('When a video has comments disabled', function () {
47564bbe C	400	before(async function () {
89d241a7	401	video = await server.videos.upload({ attributes: { commentsEnabled: false } })
d4a8e7a6	402	pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
47564bbe C	403	})
	404
	405	it('Should return an empty thread list', async function () {
	406	const res = await makeGetRequest({
	407	url: server.url,
	408	path: pathThread,
c0e8b12e	409	expectedStatus: HttpStatusCode.OK_200
47564bbe C	410	})
	411	expect(res.body.total).to.equal(0)
	412	expect(res.body.data).to.have.lengthOf(0)
	413	})
	414
	415	it('Should return an thread comments list')
	416
	417	it('Should return conflict on thread add', async function () {
	418	const fields = {
	419	text: 'super comment'
	420	}
2d53be02 RK	421	await makePostBodyRequest({
	422	url: server.url,
	423	path: pathThread,
	424	token: server.accessToken,
	425	fields,
c0e8b12e	426	expectedStatus: HttpStatusCode.CONFLICT_409
2d53be02	427	})
47564bbe C	428	})
	429
	430	it('Should return conflict on comment thread add')
	431	})
	432
f1273314 C	433	describe('When listing admin comments threads', function () {
	434	const path = '/api/v1/videos/comments'
	435
	436	it('Should fail with a bad start pagination', async function () {
	437	await checkBadStartPagination(server.url, path, server.accessToken)
	438	})
	439
	440	it('Should fail with a bad count pagination', async function () {
	441	await checkBadCountPagination(server.url, path, server.accessToken)
	442	})
	443
	444	it('Should fail with an incorrect sort', async function () {
	445	await checkBadSortPagination(server.url, path, server.accessToken)
	446	})
	447
	448	it('Should fail with a non authenticated user', async function () {
	449	await makeGetRequest({
	450	url: server.url,
	451	path,
c0e8b12e	452	expectedStatus: HttpStatusCode.UNAUTHORIZED_401
f1273314 C	453	})
	454	})
	455
	456	it('Should fail with a non admin user', async function () {
	457	await makeGetRequest({
	458	url: server.url,
	459	path,
	460	token: userAccessToken,
c0e8b12e	461	expectedStatus: HttpStatusCode.FORBIDDEN_403
f1273314 C	462	})
	463	})
	464
	465	it('Should succeed with the correct params', async function () {
	466	await makeGetRequest({
	467	url: server.url,
	468	path,
	469	token: server.accessToken,
	470	query: {
	471	isLocal: false,
	472	search: 'toto',
	473	searchAccount: 'toto',
	474	searchVideo: 'toto'
	475	},
c0e8b12e	476	expectedStatus: HttpStatusCode.OK_200
f1273314 C	477	})
	478	})
	479	})
	480
7c3b7976 C	481	after(async function () {
7c3b7976 C	482	await cleanupTests([ server ])
e2e22e40 C	483	})
e2e22e40 C	484	})