server/tests/api/check-params/video-comments.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import {
   6   checkBadCountPagination,
   7   checkBadSortPagination,
   8   checkBadStartPagination,
   9   cleanupTests,
  10   createSingleServer,
  11   makeDeleteRequest,
  12   makeGetRequest,
  13   makePostBodyRequest,
  14   PeerTubeServer,
  15   setAccessTokensToServers
  16 } from '@shared/extra-utils'
  17 import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
  18
  19 const expect = chai.expect
  20
  21 describe('Test video comments API validator', function () {
  22   let pathThread: string
  23   let pathComment: string
  24   let server: PeerTubeServer
  25   let video: VideoCreateResult
  26   let userAccessToken: string
  27   let userAccessToken2: string
  28   let commentId: number
  29   let privateCommentId: number
  30   let privateVideo: VideoCreateResult
  31
  32   // ---------------------------------------------------------------
  33
  34   before(async function () {
  35     this.timeout(30000)
  36
  37     server = await createSingleServer(1)
  38
  39     await setAccessTokensToServers([ server ])
  40
  41     {
  42       video = await server.videos.upload({ attributes: {} })
  43       pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
  44     }
  45
  46     {
  47       privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
  48     }
  49
  50     {
  51       const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
  52       commentId = created.id
  53       pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
  54     }
  55
  56     {
  57       const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
  58       privateCommentId = created.id
  59     }
  60
  61     {
  62       const user = { username: 'user1', password: 'my super password' }
  63       await server.users.create({ username: user.username, password: user.password })
  64       userAccessToken = await server.login.getAccessToken(user)
  65     }
  66
  67     {
  68       const user = { username: 'user2', password: 'my super password' }
  69       await server.users.create({ username: user.username, password: user.password })
  70       userAccessToken2 = await server.login.getAccessToken(user)
  71     }
  72   })
  73
  74   describe('When listing video comment threads', function () {
  75     it('Should fail with a bad start pagination', async function () {
  76       await checkBadStartPagination(server.url, pathThread, server.accessToken)
  77     })
  78
  79     it('Should fail with a bad count pagination', async function () {
  80       await checkBadCountPagination(server.url, pathThread, server.accessToken)
  81     })
  82
  83     it('Should fail with an incorrect sort', async function () {
  84       await checkBadSortPagination(server.url, pathThread, server.accessToken)
  85     })
  86
  87     it('Should fail with an incorrect video', async function () {
  88       await makeGetRequest({
  89         url: server.url,
  90         path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
  91         expectedStatus: HttpStatusCode.NOT_FOUND_404
  92       })
  93     })
  94
  95     it('Should fail with a private video without token', async function () {
  96       await makeGetRequest({
  97         url: server.url,
  98         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
  99         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 100       })
 101     })
 102
 103     it('Should fail with another user token', async function () {
 104       await makeGetRequest({
 105         url: server.url,
 106         token: userAccessToken,
 107         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
 108         expectedStatus: HttpStatusCode.FORBIDDEN_403
 109       })
 110     })
 111
 112     it('Should succeed with the correct params', async function () {
 113       await makeGetRequest({
 114         url: server.url,
 115         token: server.accessToken,
 116         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
 117         expectedStatus: HttpStatusCode.OK_200
 118       })
 119     })
 120   })
 121
 122   describe('When listing comments of a thread', function () {
 123     it('Should fail with an incorrect video', async function () {
 124       await makeGetRequest({
 125         url: server.url,
 126         path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
 127         expectedStatus: HttpStatusCode.NOT_FOUND_404
 128       })
 129     })
 130
 131     it('Should fail with an incorrect thread id', async function () {
 132       await makeGetRequest({
 133         url: server.url,
 134         path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
 135         expectedStatus: HttpStatusCode.NOT_FOUND_404
 136       })
 137     })
 138
 139     it('Should fail with a private video without token', async function () {
 140       await makeGetRequest({
 141         url: server.url,
 142         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
 143         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 144       })
 145     })
 146
 147     it('Should fail with another user token', async function () {
 148       await makeGetRequest({
 149         url: server.url,
 150         token: userAccessToken,
 151         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
 152         expectedStatus: HttpStatusCode.FORBIDDEN_403
 153       })
 154     })
 155
 156     it('Should success with the correct params', async function () {
 157       await makeGetRequest({
 158         url: server.url,
 159         token: server.accessToken,
 160         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
 161         expectedStatus: HttpStatusCode.OK_200
 162       })
 163
 164       await makeGetRequest({
 165         url: server.url,
 166         path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
 167         expectedStatus: HttpStatusCode.OK_200
 168       })
 169     })
 170   })
 171
 172   describe('When adding a video thread', function () {
 173
 174     it('Should fail with a non authenticated user', async function () {
 175       const fields = {
 176         text: 'text'
 177       }
 178       await makePostBodyRequest({
 179         url: server.url,
 180         path: pathThread,
 181         token: 'none',
 182         fields,
 183         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 184       })
 185     })
 186
 187     it('Should fail with nothing', async function () {
 188       const fields = {}
 189       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 190     })
 191
 192     it('Should fail with a short comment', async function () {
 193       const fields = {
 194         text: ''
 195       }
 196       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 197     })
 198
 199     it('Should fail with a long comment', async function () {
 200       const fields = {
 201         text: 'h'.repeat(10001)
 202       }
 203       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 204     })
 205
 206     it('Should fail with an incorrect video', async function () {
 207       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
 208       const fields = {
 209         text: 'super comment'
 210       }
 211       await makePostBodyRequest({
 212         url: server.url,
 213         path,
 214         token: server.accessToken,
 215         fields,
 216         expectedStatus: HttpStatusCode.NOT_FOUND_404
 217       })
 218     })
 219
 220     it('Should succeed with the correct parameters', async function () {
 221       const fields = {
 222         text: 'super comment'
 223       }
 224       await makePostBodyRequest({
 225         url: server.url,
 226         path: pathThread,
 227         token: server.accessToken,
 228         fields,
 229         expectedStatus: HttpStatusCode.OK_200
 230       })
 231     })
 232   })
 233
 234   describe('When adding a comment to a thread', function () {
 235     it('Should fail with a non authenticated user', async function () {
 236       const fields = {
 237         text: 'text'
 238       }
 239       await makePostBodyRequest({
 240         url: server.url,
 241         path: pathComment,
 242         token: 'none',
 243         fields,
 244         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 245       })
 246     })
 247
 248     it('Should fail with nothing', async function () {
 249       const fields = {}
 250       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 251     })
 252
 253     it('Should fail with a short comment', async function () {
 254       const fields = {
 255         text: ''
 256       }
 257       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 258     })
 259
 260     it('Should fail with a long comment', async function () {
 261       const fields = {
 262         text: 'h'.repeat(10001)
 263       }
 264       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 265     })
 266
 267     it('Should fail with an incorrect video', async function () {
 268       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
 269       const fields = {
 270         text: 'super comment'
 271       }
 272       await makePostBodyRequest({
 273         url: server.url,
 274         path,
 275         token: server.accessToken,
 276         fields,
 277         expectedStatus: HttpStatusCode.NOT_FOUND_404
 278       })
 279     })
 280
 281     it('Should fail with an incorrect comment', async function () {
 282       const path = '/api/v1/videos/' + video.uuid + '/comments/124'
 283       const fields = {
 284         text: 'super comment'
 285       }
 286       await makePostBodyRequest({
 287         url: server.url,
 288         path,
 289         token: server.accessToken,
 290         fields,
 291         expectedStatus: HttpStatusCode.NOT_FOUND_404
 292       })
 293     })
 294
 295     it('Should succeed with the correct parameters', async function () {
 296       const fields = {
 297         text: 'super comment'
 298       }
 299       await makePostBodyRequest({
 300         url: server.url,
 301         path: pathComment,
 302         token: server.accessToken,
 303         fields,
 304         expectedStatus: HttpStatusCode.OK_200
 305       })
 306     })
 307   })
 308
 309   describe('When removing video comments', function () {
 310     it('Should fail with a non authenticated user', async function () {
 311       await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 312     })
 313
 314     it('Should fail with another user', async function () {
 315       await makeDeleteRequest({
 316         url: server.url,
 317         path: pathComment,
 318         token: userAccessToken,
 319         expectedStatus: HttpStatusCode.FORBIDDEN_403
 320       })
 321     })
 322
 323     it('Should fail with an incorrect video', async function () {
 324       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
 325       await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 326     })
 327
 328     it('Should fail with an incorrect comment', async function () {
 329       const path = '/api/v1/videos/' + video.uuid + '/comments/124'
 330       await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 331     })
 332
 333     it('Should succeed with the same user', async function () {
 334       let commentToDelete: number
 335
 336       {
 337         const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
 338         commentToDelete = created.id
 339       }
 340
 341       const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
 342
 343       await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 344       await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 345     })
 346
 347     it('Should succeed with the owner of the video', async function () {
 348       let commentToDelete: number
 349       let anotherVideoUUID: string
 350
 351       {
 352         const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
 353         anotherVideoUUID = uuid
 354       }
 355
 356       {
 357         const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
 358         commentToDelete = created.id
 359       }
 360
 361       const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
 362
 363       await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 364       await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 365     })
 366
 367     it('Should succeed with the correct parameters', async function () {
 368       await makeDeleteRequest({
 369         url: server.url,
 370         path: pathComment,
 371         token: server.accessToken,
 372         expectedStatus: HttpStatusCode.NO_CONTENT_204
 373       })
 374     })
 375   })
 376
 377   describe('When a video has comments disabled', function () {
 378     before(async function () {
 379       video = await server.videos.upload({ attributes: { commentsEnabled: false } })
 380       pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
 381     })
 382
 383     it('Should return an empty thread list', async function () {
 384       const res = await makeGetRequest({
 385         url: server.url,
 386         path: pathThread,
 387         expectedStatus: HttpStatusCode.OK_200
 388       })
 389       expect(res.body.total).to.equal(0)
 390       expect(res.body.data).to.have.lengthOf(0)
 391     })
 392
 393     it('Should return an thread comments list')
 394
 395     it('Should return conflict on thread add', async function () {
 396       const fields = {
 397         text: 'super comment'
 398       }
 399       await makePostBodyRequest({
 400         url: server.url,
 401         path: pathThread,
 402         token: server.accessToken,
 403         fields,
 404         expectedStatus: HttpStatusCode.CONFLICT_409
 405       })
 406     })
 407
 408     it('Should return conflict on comment thread add')
 409   })
 410
 411   describe('When listing admin comments threads', function () {
 412     const path = '/api/v1/videos/comments'
 413
 414     it('Should fail with a bad start pagination', async function () {
 415       await checkBadStartPagination(server.url, path, server.accessToken)
 416     })
 417
 418     it('Should fail with a bad count pagination', async function () {
 419       await checkBadCountPagination(server.url, path, server.accessToken)
 420     })
 421
 422     it('Should fail with an incorrect sort', async function () {
 423       await checkBadSortPagination(server.url, path, server.accessToken)
 424     })
 425
 426     it('Should fail with a non authenticated user', async function () {
 427       await makeGetRequest({
 428         url: server.url,
 429         path,
 430         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 431       })
 432     })
 433
 434     it('Should fail with a non admin user', async function () {
 435       await makeGetRequest({
 436         url: server.url,
 437         path,
 438         token: userAccessToken,
 439         expectedStatus: HttpStatusCode.FORBIDDEN_403
 440       })
 441     })
 442
 443     it('Should succeed with the correct params', async function () {
 444       await makeGetRequest({
 445         url: server.url,
 446         path,
 447         token: server.accessToken,
 448         query: {
 449           isLocal: false,
 450           search: 'toto',
 451           searchAccount: 'toto',
 452           searchVideo: 'toto'
 453         },
 454         expectedStatus: HttpStatusCode.OK_200
 455       })
 456     })
 457   })
 458
 459   after(async function () {
 460     await cleanupTests([ server ])
 461   })
 462 })