1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
3 import { expect } from 'chai'
4 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
5 import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
13 setAccessTokensToServers
14 } from '@shared/server-commands'
16 describe('Test video comments API validator', function () {
17 let pathThread: string
18 let pathComment: string
20 let server: PeerTubeServer
22 let video: VideoCreateResult
24 let userAccessToken: string
25 let userAccessToken2: string
28 let privateCommentId: number
29 let privateVideo: VideoCreateResult
31 // ---------------------------------------------------------------
33 before(async function () {
36 server = await createSingleServer(1)
38 await setAccessTokensToServers([ server ])
41 video = await server.videos.upload({ attributes: {} })
42 pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
46 privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
50 const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
51 commentId = created.id
52 pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
56 const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
57 privateCommentId = created.id
61 const user = { username: 'user1', password: 'my super password' }
62 await server.users.create({ username: user.username, password: user.password })
63 userAccessToken = await server.login.getAccessToken(user)
67 const user = { username: 'user2', password: 'my super password' }
68 await server.users.create({ username: user.username, password: user.password })
69 userAccessToken2 = await server.login.getAccessToken(user)
73 describe('When listing video comment threads', function () {
74 it('Should fail with a bad start pagination', async function () {
75 await checkBadStartPagination(server.url, pathThread, server.accessToken)
78 it('Should fail with a bad count pagination', async function () {
79 await checkBadCountPagination(server.url, pathThread, server.accessToken)
82 it('Should fail with an incorrect sort', async function () {
83 await checkBadSortPagination(server.url, pathThread, server.accessToken)
86 it('Should fail with an incorrect video', async function () {
87 await makeGetRequest({
89 path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
90 expectedStatus: HttpStatusCode.NOT_FOUND_404
94 it('Should fail with a private video without token', async function () {
95 await makeGetRequest({
97 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
98 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
102 it('Should fail with another user token', async function () {
103 await makeGetRequest({
105 token: userAccessToken,
106 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
107 expectedStatus: HttpStatusCode.FORBIDDEN_403
111 it('Should succeed with the correct params', async function () {
112 await makeGetRequest({
114 token: server.accessToken,
115 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
116 expectedStatus: HttpStatusCode.OK_200
121 describe('When listing comments of a thread', function () {
122 it('Should fail with an incorrect video', async function () {
123 await makeGetRequest({
125 path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
126 expectedStatus: HttpStatusCode.NOT_FOUND_404
130 it('Should fail with an incorrect thread id', async function () {
131 await makeGetRequest({
133 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
134 expectedStatus: HttpStatusCode.NOT_FOUND_404
138 it('Should fail with a private video without token', async function () {
139 await makeGetRequest({
141 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
142 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
146 it('Should fail with another user token', async function () {
147 await makeGetRequest({
149 token: userAccessToken,
150 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
151 expectedStatus: HttpStatusCode.FORBIDDEN_403
155 it('Should success with the correct params', async function () {
156 await makeGetRequest({
158 token: server.accessToken,
159 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
160 expectedStatus: HttpStatusCode.OK_200
163 await makeGetRequest({
165 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
166 expectedStatus: HttpStatusCode.OK_200
171 describe('When adding a video thread', function () {
173 it('Should fail with a non authenticated user', async function () {
177 await makePostBodyRequest({
182 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
186 it('Should fail with nothing', async function () {
188 await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
191 it('Should fail with a short comment', async function () {
195 await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
198 it('Should fail with a long comment', async function () {
200 text: 'h'.repeat(10001)
202 await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
205 it('Should fail with an incorrect video', async function () {
206 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
207 const fields = { text: 'super comment' }
209 await makePostBodyRequest({
212 token: server.accessToken,
214 expectedStatus: HttpStatusCode.NOT_FOUND_404
218 it('Should fail with a private video of another user', async function () {
219 const fields = { text: 'super comment' }
221 await makePostBodyRequest({
223 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
224 token: userAccessToken,
226 expectedStatus: HttpStatusCode.FORBIDDEN_403
230 it('Should succeed with the correct parameters', async function () {
231 const fields = { text: 'super comment' }
233 await makePostBodyRequest({
236 token: server.accessToken,
238 expectedStatus: HttpStatusCode.OK_200
243 describe('When adding a comment to a thread', function () {
245 it('Should fail with a non authenticated user', async function () {
249 await makePostBodyRequest({
254 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
258 it('Should fail with nothing', async function () {
260 await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
263 it('Should fail with a short comment', async function () {
267 await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
270 it('Should fail with a long comment', async function () {
272 text: 'h'.repeat(10001)
274 await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
277 it('Should fail with an incorrect video', async function () {
278 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
280 text: 'super comment'
282 await makePostBodyRequest({
285 token: server.accessToken,
287 expectedStatus: HttpStatusCode.NOT_FOUND_404
291 it('Should fail with a private video of another user', async function () {
292 const fields = { text: 'super comment' }
294 await makePostBodyRequest({
296 path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId,
297 token: userAccessToken,
299 expectedStatus: HttpStatusCode.FORBIDDEN_403
303 it('Should fail with an incorrect comment', async function () {
304 const path = '/api/v1/videos/' + video.uuid + '/comments/124'
306 text: 'super comment'
308 await makePostBodyRequest({
311 token: server.accessToken,
313 expectedStatus: HttpStatusCode.NOT_FOUND_404
317 it('Should succeed with the correct parameters', async function () {
319 text: 'super comment'
321 await makePostBodyRequest({
324 token: server.accessToken,
326 expectedStatus: HttpStatusCode.OK_200
331 describe('When removing video comments', function () {
332 it('Should fail with a non authenticated user', async function () {
333 await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
336 it('Should fail with another user', async function () {
337 await makeDeleteRequest({
340 token: userAccessToken,
341 expectedStatus: HttpStatusCode.FORBIDDEN_403
345 it('Should fail with an incorrect video', async function () {
346 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
347 await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
350 it('Should fail with an incorrect comment', async function () {
351 const path = '/api/v1/videos/' + video.uuid + '/comments/124'
352 await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
355 it('Should succeed with the same user', async function () {
356 let commentToDelete: number
359 const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
360 commentToDelete = created.id
363 const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
365 await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
366 await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
369 it('Should succeed with the owner of the video', async function () {
370 let commentToDelete: number
371 let anotherVideoUUID: string
374 const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
375 anotherVideoUUID = uuid
379 const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
380 commentToDelete = created.id
383 const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
385 await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
386 await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
389 it('Should succeed with the correct parameters', async function () {
390 await makeDeleteRequest({
393 token: server.accessToken,
394 expectedStatus: HttpStatusCode.NO_CONTENT_204
399 describe('When a video has comments disabled', function () {
400 before(async function () {
401 video = await server.videos.upload({ attributes: { commentsEnabled: false } })
402 pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
405 it('Should return an empty thread list', async function () {
406 const res = await makeGetRequest({
409 expectedStatus: HttpStatusCode.OK_200
411 expect(res.body.total).to.equal(0)
412 expect(res.body.data).to.have.lengthOf(0)
415 it('Should return an thread comments list')
417 it('Should return conflict on thread add', async function () {
419 text: 'super comment'
421 await makePostBodyRequest({
424 token: server.accessToken,
426 expectedStatus: HttpStatusCode.CONFLICT_409
430 it('Should return conflict on comment thread add')
433 describe('When listing admin comments threads', function () {
434 const path = '/api/v1/videos/comments'
436 it('Should fail with a bad start pagination', async function () {
437 await checkBadStartPagination(server.url, path, server.accessToken)
440 it('Should fail with a bad count pagination', async function () {
441 await checkBadCountPagination(server.url, path, server.accessToken)
444 it('Should fail with an incorrect sort', async function () {
445 await checkBadSortPagination(server.url, path, server.accessToken)
448 it('Should fail with a non authenticated user', async function () {
449 await makeGetRequest({
452 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
456 it('Should fail with a non admin user', async function () {
457 await makeGetRequest({
460 token: userAccessToken,
461 expectedStatus: HttpStatusCode.FORBIDDEN_403
465 it('Should succeed with the correct params', async function () {
466 await makeGetRequest({
469 token: server.accessToken,
473 searchAccount: 'toto',
476 expectedStatus: HttpStatusCode.OK_200
481 after(async function () {
482 await cleanupTests([ server ])