server/tests/api/check-params/video-comments.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
   6 import { HttpStatusCode, VideoCreateResult } from '@shared/models'
   7 import {
   8   cleanupTests,
   9   createSingleServer,
  10   makeDeleteRequest,
  11   makeGetRequest,
  12   makePostBodyRequest,
  13   PeerTubeServer,
  14   setAccessTokensToServers
  15 } from '@shared/server-commands'
  16
  17 const expect = chai.expect
  18
  19 describe('Test video comments API validator', function () {
  20   let pathThread: string
  21   let pathComment: string
  22   let server: PeerTubeServer
  23   let video: VideoCreateResult
  24   let userAccessToken: string
  25   let userAccessToken2: string
  26   let commentId: number
  27
  28   // ---------------------------------------------------------------
  29
  30   before(async function () {
  31     this.timeout(30000)
  32
  33     server = await createSingleServer(1)
  34
  35     await setAccessTokensToServers([ server ])
  36
  37     {
  38       video = await server.videos.upload({ attributes: {} })
  39       pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
  40     }
  41
  42     {
  43       const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
  44       commentId = created.id
  45       pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
  46     }
  47
  48     {
  49       const user = { username: 'user1', password: 'my super password' }
  50       await server.users.create({ username: user.username, password: user.password })
  51       userAccessToken = await server.login.getAccessToken(user)
  52     }
  53
  54     {
  55       const user = { username: 'user2', password: 'my super password' }
  56       await server.users.create({ username: user.username, password: user.password })
  57       userAccessToken2 = await server.login.getAccessToken(user)
  58     }
  59   })
  60
  61   describe('When listing video comment threads', function () {
  62     it('Should fail with a bad start pagination', async function () {
  63       await checkBadStartPagination(server.url, pathThread, server.accessToken)
  64     })
  65
  66     it('Should fail with a bad count pagination', async function () {
  67       await checkBadCountPagination(server.url, pathThread, server.accessToken)
  68     })
  69
  70     it('Should fail with an incorrect sort', async function () {
  71       await checkBadSortPagination(server.url, pathThread, server.accessToken)
  72     })
  73
  74     it('Should fail with an incorrect video', async function () {
  75       await makeGetRequest({
  76         url: server.url,
  77         path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
  78         expectedStatus: HttpStatusCode.NOT_FOUND_404
  79       })
  80     })
  81   })
  82
  83   describe('When listing comments of a thread', function () {
  84     it('Should fail with an incorrect video', async function () {
  85       await makeGetRequest({
  86         url: server.url,
  87         path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
  88         expectedStatus: HttpStatusCode.NOT_FOUND_404
  89       })
  90     })
  91
  92     it('Should fail with an incorrect thread id', async function () {
  93       await makeGetRequest({
  94         url: server.url,
  95         path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
  96         expectedStatus: HttpStatusCode.NOT_FOUND_404
  97       })
  98     })
  99
 100     it('Should success with the correct params', async function () {
 101       await makeGetRequest({
 102         url: server.url,
 103         path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
 104         expectedStatus: HttpStatusCode.OK_200
 105       })
 106     })
 107   })
 108
 109   describe('When adding a video thread', function () {
 110
 111     it('Should fail with a non authenticated user', async function () {
 112       const fields = {
 113         text: 'text'
 114       }
 115       await makePostBodyRequest({
 116         url: server.url,
 117         path: pathThread,
 118         token: 'none',
 119         fields,
 120         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 121       })
 122     })
 123
 124     it('Should fail with nothing', async function () {
 125       const fields = {}
 126       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 127     })
 128
 129     it('Should fail with a short comment', async function () {
 130       const fields = {
 131         text: ''
 132       }
 133       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 134     })
 135
 136     it('Should fail with a long comment', async function () {
 137       const fields = {
 138         text: 'h'.repeat(10001)
 139       }
 140       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 141     })
 142
 143     it('Should fail with an incorrect video', async function () {
 144       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
 145       const fields = {
 146         text: 'super comment'
 147       }
 148       await makePostBodyRequest({
 149         url: server.url,
 150         path,
 151         token: server.accessToken,
 152         fields,
 153         expectedStatus: HttpStatusCode.NOT_FOUND_404
 154       })
 155     })
 156
 157     it('Should succeed with the correct parameters', async function () {
 158       const fields = {
 159         text: 'super comment'
 160       }
 161       await makePostBodyRequest({
 162         url: server.url,
 163         path: pathThread,
 164         token: server.accessToken,
 165         fields,
 166         expectedStatus: HttpStatusCode.OK_200
 167       })
 168     })
 169   })
 170
 171   describe('When adding a comment to a thread', function () {
 172     it('Should fail with a non authenticated user', async function () {
 173       const fields = {
 174         text: 'text'
 175       }
 176       await makePostBodyRequest({
 177         url: server.url,
 178         path: pathComment,
 179         token: 'none',
 180         fields,
 181         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 182       })
 183     })
 184
 185     it('Should fail with nothing', async function () {
 186       const fields = {}
 187       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 188     })
 189
 190     it('Should fail with a short comment', async function () {
 191       const fields = {
 192         text: ''
 193       }
 194       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 195     })
 196
 197     it('Should fail with a long comment', async function () {
 198       const fields = {
 199         text: 'h'.repeat(10001)
 200       }
 201       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 202     })
 203
 204     it('Should fail with an incorrect video', async function () {
 205       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
 206       const fields = {
 207         text: 'super comment'
 208       }
 209       await makePostBodyRequest({
 210         url: server.url,
 211         path,
 212         token: server.accessToken,
 213         fields,
 214         expectedStatus: HttpStatusCode.NOT_FOUND_404
 215       })
 216     })
 217
 218     it('Should fail with an incorrect comment', async function () {
 219       const path = '/api/v1/videos/' + video.uuid + '/comments/124'
 220       const fields = {
 221         text: 'super comment'
 222       }
 223       await makePostBodyRequest({
 224         url: server.url,
 225         path,
 226         token: server.accessToken,
 227         fields,
 228         expectedStatus: HttpStatusCode.NOT_FOUND_404
 229       })
 230     })
 231
 232     it('Should succeed with the correct parameters', async function () {
 233       const fields = {
 234         text: 'super comment'
 235       }
 236       await makePostBodyRequest({
 237         url: server.url,
 238         path: pathComment,
 239         token: server.accessToken,
 240         fields,
 241         expectedStatus: HttpStatusCode.OK_200
 242       })
 243     })
 244   })
 245
 246   describe('When removing video comments', function () {
 247     it('Should fail with a non authenticated user', async function () {
 248       await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 249     })
 250
 251     it('Should fail with another user', async function () {
 252       await makeDeleteRequest({
 253         url: server.url,
 254         path: pathComment,
 255         token: userAccessToken,
 256         expectedStatus: HttpStatusCode.FORBIDDEN_403
 257       })
 258     })
 259
 260     it('Should fail with an incorrect video', async function () {
 261       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
 262       await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 263     })
 264
 265     it('Should fail with an incorrect comment', async function () {
 266       const path = '/api/v1/videos/' + video.uuid + '/comments/124'
 267       await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 268     })
 269
 270     it('Should succeed with the same user', async function () {
 271       let commentToDelete: number
 272
 273       {
 274         const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
 275         commentToDelete = created.id
 276       }
 277
 278       const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
 279
 280       await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 281       await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 282     })
 283
 284     it('Should succeed with the owner of the video', async function () {
 285       let commentToDelete: number
 286       let anotherVideoUUID: string
 287
 288       {
 289         const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
 290         anotherVideoUUID = uuid
 291       }
 292
 293       {
 294         const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
 295         commentToDelete = created.id
 296       }
 297
 298       const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
 299
 300       await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 301       await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 302     })
 303
 304     it('Should succeed with the correct parameters', async function () {
 305       await makeDeleteRequest({
 306         url: server.url,
 307         path: pathComment,
 308         token: server.accessToken,
 309         expectedStatus: HttpStatusCode.NO_CONTENT_204
 310       })
 311     })
 312   })
 313
 314   describe('When a video has comments disabled', function () {
 315     before(async function () {
 316       video = await server.videos.upload({ attributes: { commentsEnabled: false } })
 317       pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
 318     })
 319
 320     it('Should return an empty thread list', async function () {
 321       const res = await makeGetRequest({
 322         url: server.url,
 323         path: pathThread,
 324         expectedStatus: HttpStatusCode.OK_200
 325       })
 326       expect(res.body.total).to.equal(0)
 327       expect(res.body.data).to.have.lengthOf(0)
 328     })
 329
 330     it('Should return an thread comments list')
 331
 332     it('Should return conflict on thread add', async function () {
 333       const fields = {
 334         text: 'super comment'
 335       }
 336       await makePostBodyRequest({
 337         url: server.url,
 338         path: pathThread,
 339         token: server.accessToken,
 340         fields,
 341         expectedStatus: HttpStatusCode.CONFLICT_409
 342       })
 343     })
 344
 345     it('Should return conflict on comment thread add')
 346   })
 347
 348   describe('When listing admin comments threads', function () {
 349     const path = '/api/v1/videos/comments'
 350
 351     it('Should fail with a bad start pagination', async function () {
 352       await checkBadStartPagination(server.url, path, server.accessToken)
 353     })
 354
 355     it('Should fail with a bad count pagination', async function () {
 356       await checkBadCountPagination(server.url, path, server.accessToken)
 357     })
 358
 359     it('Should fail with an incorrect sort', async function () {
 360       await checkBadSortPagination(server.url, path, server.accessToken)
 361     })
 362
 363     it('Should fail with a non authenticated user', async function () {
 364       await makeGetRequest({
 365         url: server.url,
 366         path,
 367         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 368       })
 369     })
 370
 371     it('Should fail with a non admin user', async function () {
 372       await makeGetRequest({
 373         url: server.url,
 374         path,
 375         token: userAccessToken,
 376         expectedStatus: HttpStatusCode.FORBIDDEN_403
 377       })
 378     })
 379
 380     it('Should succeed with the correct params', async function () {
 381       await makeGetRequest({
 382         url: server.url,
 383         path,
 384         token: server.accessToken,
 385         query: {
 386           isLocal: false,
 387           search: 'toto',
 388           searchAccount: 'toto',
 389           searchVideo: 'toto'
 390         },
 391         expectedStatus: HttpStatusCode.OK_200
 392       })
 393     })
 394   })
 395
 396   after(async function () {
 397     await cleanupTests([ server ])
 398   })
 399 })