1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
4 import * as chai from 'chai'
6 checkBadCountPagination,
7 checkBadSortPagination,
8 checkBadStartPagination,
15 setAccessTokensToServers
16 } from '@shared/extra-utils'
17 import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
19 const expect = chai.expect
21 describe('Test video comments API validator', function () {
22 let pathThread: string
23 let pathComment: string
24 let server: PeerTubeServer
25 let video: VideoCreateResult
26 let userAccessToken: string
27 let userAccessToken2: string
29 let privateCommentId: number
30 let privateVideo: VideoCreateResult
32 // ---------------------------------------------------------------
34 before(async function () {
37 server = await createSingleServer(1)
39 await setAccessTokensToServers([ server ])
42 video = await server.videos.upload({ attributes: {} })
43 pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
47 privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
51 const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
52 commentId = created.id
53 pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
57 const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
58 privateCommentId = created.id
62 const user = { username: 'user1', password: 'my super password' }
63 await server.users.create({ username: user.username, password: user.password })
64 userAccessToken = await server.login.getAccessToken(user)
68 const user = { username: 'user2', password: 'my super password' }
69 await server.users.create({ username: user.username, password: user.password })
70 userAccessToken2 = await server.login.getAccessToken(user)
74 describe('When listing video comment threads', function () {
75 it('Should fail with a bad start pagination', async function () {
76 await checkBadStartPagination(server.url, pathThread, server.accessToken)
79 it('Should fail with a bad count pagination', async function () {
80 await checkBadCountPagination(server.url, pathThread, server.accessToken)
83 it('Should fail with an incorrect sort', async function () {
84 await checkBadSortPagination(server.url, pathThread, server.accessToken)
87 it('Should fail with an incorrect video', async function () {
88 await makeGetRequest({
90 path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
91 expectedStatus: HttpStatusCode.NOT_FOUND_404
95 it('Should fail with a private video without token', async function () {
96 await makeGetRequest({
98 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
99 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
103 it('Should fail with another user token', async function () {
104 await makeGetRequest({
106 token: userAccessToken,
107 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
108 expectedStatus: HttpStatusCode.FORBIDDEN_403
112 it('Should succeed with the correct params', async function () {
113 await makeGetRequest({
115 token: server.accessToken,
116 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
117 expectedStatus: HttpStatusCode.OK_200
122 describe('When listing comments of a thread', function () {
123 it('Should fail with an incorrect video', async function () {
124 await makeGetRequest({
126 path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
127 expectedStatus: HttpStatusCode.NOT_FOUND_404
131 it('Should fail with an incorrect thread id', async function () {
132 await makeGetRequest({
134 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
135 expectedStatus: HttpStatusCode.NOT_FOUND_404
139 it('Should fail with a private video without token', async function () {
140 await makeGetRequest({
142 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
143 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
147 it('Should fail with another user token', async function () {
148 await makeGetRequest({
150 token: userAccessToken,
151 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
152 expectedStatus: HttpStatusCode.FORBIDDEN_403
156 it('Should success with the correct params', async function () {
157 await makeGetRequest({
159 token: server.accessToken,
160 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
161 expectedStatus: HttpStatusCode.OK_200
164 await makeGetRequest({
166 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
167 expectedStatus: HttpStatusCode.OK_200
172 describe('When adding a video thread', function () {
174 it('Should fail with a non authenticated user', async function () {
178 await makePostBodyRequest({
183 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
187 it('Should fail with nothing', async function () {
189 await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
192 it('Should fail with a short comment', async function () {
196 await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
199 it('Should fail with a long comment', async function () {
201 text: 'h'.repeat(10001)
203 await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
206 it('Should fail with an incorrect video', async function () {
207 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
209 text: 'super comment'
211 await makePostBodyRequest({
214 token: server.accessToken,
216 expectedStatus: HttpStatusCode.NOT_FOUND_404
220 it('Should succeed with the correct parameters', async function () {
222 text: 'super comment'
224 await makePostBodyRequest({
227 token: server.accessToken,
229 expectedStatus: HttpStatusCode.OK_200
234 describe('When adding a comment to a thread', function () {
235 it('Should fail with a non authenticated user', async function () {
239 await makePostBodyRequest({
244 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
248 it('Should fail with nothing', async function () {
250 await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
253 it('Should fail with a short comment', async function () {
257 await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
260 it('Should fail with a long comment', async function () {
262 text: 'h'.repeat(10001)
264 await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
267 it('Should fail with an incorrect video', async function () {
268 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
270 text: 'super comment'
272 await makePostBodyRequest({
275 token: server.accessToken,
277 expectedStatus: HttpStatusCode.NOT_FOUND_404
281 it('Should fail with an incorrect comment', async function () {
282 const path = '/api/v1/videos/' + video.uuid + '/comments/124'
284 text: 'super comment'
286 await makePostBodyRequest({
289 token: server.accessToken,
291 expectedStatus: HttpStatusCode.NOT_FOUND_404
295 it('Should succeed with the correct parameters', async function () {
297 text: 'super comment'
299 await makePostBodyRequest({
302 token: server.accessToken,
304 expectedStatus: HttpStatusCode.OK_200
309 describe('When removing video comments', function () {
310 it('Should fail with a non authenticated user', async function () {
311 await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
314 it('Should fail with another user', async function () {
315 await makeDeleteRequest({
318 token: userAccessToken,
319 expectedStatus: HttpStatusCode.FORBIDDEN_403
323 it('Should fail with an incorrect video', async function () {
324 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
325 await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
328 it('Should fail with an incorrect comment', async function () {
329 const path = '/api/v1/videos/' + video.uuid + '/comments/124'
330 await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
333 it('Should succeed with the same user', async function () {
334 let commentToDelete: number
337 const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
338 commentToDelete = created.id
341 const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
343 await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
344 await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
347 it('Should succeed with the owner of the video', async function () {
348 let commentToDelete: number
349 let anotherVideoUUID: string
352 const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
353 anotherVideoUUID = uuid
357 const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
358 commentToDelete = created.id
361 const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
363 await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
364 await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
367 it('Should succeed with the correct parameters', async function () {
368 await makeDeleteRequest({
371 token: server.accessToken,
372 expectedStatus: HttpStatusCode.NO_CONTENT_204
377 describe('When a video has comments disabled', function () {
378 before(async function () {
379 video = await server.videos.upload({ attributes: { commentsEnabled: false } })
380 pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
383 it('Should return an empty thread list', async function () {
384 const res = await makeGetRequest({
387 expectedStatus: HttpStatusCode.OK_200
389 expect(res.body.total).to.equal(0)
390 expect(res.body.data).to.have.lengthOf(0)
393 it('Should return an thread comments list')
395 it('Should return conflict on thread add', async function () {
397 text: 'super comment'
399 await makePostBodyRequest({
402 token: server.accessToken,
404 expectedStatus: HttpStatusCode.CONFLICT_409
408 it('Should return conflict on comment thread add')
411 describe('When listing admin comments threads', function () {
412 const path = '/api/v1/videos/comments'
414 it('Should fail with a bad start pagination', async function () {
415 await checkBadStartPagination(server.url, path, server.accessToken)
418 it('Should fail with a bad count pagination', async function () {
419 await checkBadCountPagination(server.url, path, server.accessToken)
422 it('Should fail with an incorrect sort', async function () {
423 await checkBadSortPagination(server.url, path, server.accessToken)
426 it('Should fail with a non authenticated user', async function () {
427 await makeGetRequest({
430 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
434 it('Should fail with a non admin user', async function () {
435 await makeGetRequest({
438 token: userAccessToken,
439 expectedStatus: HttpStatusCode.FORBIDDEN_403
443 it('Should succeed with the correct params', async function () {
444 await makeGetRequest({
447 token: server.accessToken,
451 searchAccount: 'toto',
454 expectedStatus: HttpStatusCode.OK_200
459 after(async function () {
460 await cleanupTests([ server ])