1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
4 import * as chai from 'chai'
5 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
6 import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
14 setAccessTokensToServers
15 } from '@shared/server-commands'
17 const expect = chai.expect
19 describe('Test video comments API validator', function () {
20 let pathThread: string
21 let pathComment: string
22 let server: PeerTubeServer
23 let video: VideoCreateResult
24 let userAccessToken: string
25 let userAccessToken2: string
27 let privateCommentId: number
28 let privateVideo: VideoCreateResult
30 // ---------------------------------------------------------------
32 before(async function () {
35 server = await createSingleServer(1)
37 await setAccessTokensToServers([ server ])
40 video = await server.videos.upload({ attributes: {} })
41 pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
45 privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
49 const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
50 commentId = created.id
51 pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
55 const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
56 privateCommentId = created.id
60 const user = { username: 'user1', password: 'my super password' }
61 await server.users.create({ username: user.username, password: user.password })
62 userAccessToken = await server.login.getAccessToken(user)
66 const user = { username: 'user2', password: 'my super password' }
67 await server.users.create({ username: user.username, password: user.password })
68 userAccessToken2 = await server.login.getAccessToken(user)
72 describe('When listing video comment threads', function () {
73 it('Should fail with a bad start pagination', async function () {
74 await checkBadStartPagination(server.url, pathThread, server.accessToken)
77 it('Should fail with a bad count pagination', async function () {
78 await checkBadCountPagination(server.url, pathThread, server.accessToken)
81 it('Should fail with an incorrect sort', async function () {
82 await checkBadSortPagination(server.url, pathThread, server.accessToken)
85 it('Should fail with an incorrect video', async function () {
86 await makeGetRequest({
88 path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
89 expectedStatus: HttpStatusCode.NOT_FOUND_404
93 it('Should fail with a private video without token', async function () {
94 await makeGetRequest({
96 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
97 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
101 it('Should fail with another user token', async function () {
102 await makeGetRequest({
104 token: userAccessToken,
105 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
106 expectedStatus: HttpStatusCode.FORBIDDEN_403
110 it('Should succeed with the correct params', async function () {
111 await makeGetRequest({
113 token: server.accessToken,
114 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
115 expectedStatus: HttpStatusCode.OK_200
120 describe('When listing comments of a thread', function () {
121 it('Should fail with an incorrect video', async function () {
122 await makeGetRequest({
124 path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
125 expectedStatus: HttpStatusCode.NOT_FOUND_404
129 it('Should fail with an incorrect thread id', async function () {
130 await makeGetRequest({
132 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
133 expectedStatus: HttpStatusCode.NOT_FOUND_404
137 it('Should fail with a private video without token', async function () {
138 await makeGetRequest({
140 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
141 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
145 it('Should fail with another user token', async function () {
146 await makeGetRequest({
148 token: userAccessToken,
149 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
150 expectedStatus: HttpStatusCode.FORBIDDEN_403
154 it('Should success with the correct params', async function () {
155 await makeGetRequest({
157 token: server.accessToken,
158 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
159 expectedStatus: HttpStatusCode.OK_200
162 await makeGetRequest({
164 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
165 expectedStatus: HttpStatusCode.OK_200
170 describe('When adding a video thread', function () {
172 it('Should fail with a non authenticated user', async function () {
176 await makePostBodyRequest({
181 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
185 it('Should fail with nothing', async function () {
187 await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
190 it('Should fail with a short comment', async function () {
194 await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
197 it('Should fail with a long comment', async function () {
199 text: 'h'.repeat(10001)
201 await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
204 it('Should fail with an incorrect video', async function () {
205 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
207 text: 'super comment'
209 await makePostBodyRequest({
212 token: server.accessToken,
214 expectedStatus: HttpStatusCode.NOT_FOUND_404
218 it('Should succeed with the correct parameters', async function () {
220 text: 'super comment'
222 await makePostBodyRequest({
225 token: server.accessToken,
227 expectedStatus: HttpStatusCode.OK_200
232 describe('When adding a comment to a thread', function () {
233 it('Should fail with a non authenticated user', async function () {
237 await makePostBodyRequest({
242 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
246 it('Should fail with nothing', async function () {
248 await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
251 it('Should fail with a short comment', async function () {
255 await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
258 it('Should fail with a long comment', async function () {
260 text: 'h'.repeat(10001)
262 await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
265 it('Should fail with an incorrect video', async function () {
266 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
268 text: 'super comment'
270 await makePostBodyRequest({
273 token: server.accessToken,
275 expectedStatus: HttpStatusCode.NOT_FOUND_404
279 it('Should fail with an incorrect comment', async function () {
280 const path = '/api/v1/videos/' + video.uuid + '/comments/124'
282 text: 'super comment'
284 await makePostBodyRequest({
287 token: server.accessToken,
289 expectedStatus: HttpStatusCode.NOT_FOUND_404
293 it('Should succeed with the correct parameters', async function () {
295 text: 'super comment'
297 await makePostBodyRequest({
300 token: server.accessToken,
302 expectedStatus: HttpStatusCode.OK_200
307 describe('When removing video comments', function () {
308 it('Should fail with a non authenticated user', async function () {
309 await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
312 it('Should fail with another user', async function () {
313 await makeDeleteRequest({
316 token: userAccessToken,
317 expectedStatus: HttpStatusCode.FORBIDDEN_403
321 it('Should fail with an incorrect video', async function () {
322 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
323 await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
326 it('Should fail with an incorrect comment', async function () {
327 const path = '/api/v1/videos/' + video.uuid + '/comments/124'
328 await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
331 it('Should succeed with the same user', async function () {
332 let commentToDelete: number
335 const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
336 commentToDelete = created.id
339 const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
341 await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
342 await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
345 it('Should succeed with the owner of the video', async function () {
346 let commentToDelete: number
347 let anotherVideoUUID: string
350 const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
351 anotherVideoUUID = uuid
355 const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
356 commentToDelete = created.id
359 const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
361 await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
362 await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
365 it('Should succeed with the correct parameters', async function () {
366 await makeDeleteRequest({
369 token: server.accessToken,
370 expectedStatus: HttpStatusCode.NO_CONTENT_204
375 describe('When a video has comments disabled', function () {
376 before(async function () {
377 video = await server.videos.upload({ attributes: { commentsEnabled: false } })
378 pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
381 it('Should return an empty thread list', async function () {
382 const res = await makeGetRequest({
385 expectedStatus: HttpStatusCode.OK_200
387 expect(res.body.total).to.equal(0)
388 expect(res.body.data).to.have.lengthOf(0)
391 it('Should return an thread comments list')
393 it('Should return conflict on thread add', async function () {
395 text: 'super comment'
397 await makePostBodyRequest({
400 token: server.accessToken,
402 expectedStatus: HttpStatusCode.CONFLICT_409
406 it('Should return conflict on comment thread add')
409 describe('When listing admin comments threads', function () {
410 const path = '/api/v1/videos/comments'
412 it('Should fail with a bad start pagination', async function () {
413 await checkBadStartPagination(server.url, path, server.accessToken)
416 it('Should fail with a bad count pagination', async function () {
417 await checkBadCountPagination(server.url, path, server.accessToken)
420 it('Should fail with an incorrect sort', async function () {
421 await checkBadSortPagination(server.url, path, server.accessToken)
424 it('Should fail with a non authenticated user', async function () {
425 await makeGetRequest({
428 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
432 it('Should fail with a non admin user', async function () {
433 await makeGetRequest({
436 token: userAccessToken,
437 expectedStatus: HttpStatusCode.FORBIDDEN_403
441 it('Should succeed with the correct params', async function () {
442 await makeGetRequest({
445 token: server.accessToken,
449 searchAccount: 'toto',
452 expectedStatus: HttpStatusCode.OK_200
457 after(async function () {
458 await cleanupTests([ server ])