server/tests/api/check-params/video-comments.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import {
   6   checkBadCountPagination,
   7   checkBadSortPagination,
   8   checkBadStartPagination,
   9   cleanupTests,
  10   createSingleServer,
  11   makeDeleteRequest,
  12   makeGetRequest,
  13   makePostBodyRequest,
  14   PeerTubeServer,
  15   setAccessTokensToServers
  16 } from '@shared/extra-utils'
  17 import { HttpStatusCode, VideoCreateResult } from '@shared/models'
  18
  19 const expect = chai.expect
  20
  21 describe('Test video comments API validator', function () {
  22   let pathThread: string
  23   let pathComment: string
  24   let server: PeerTubeServer
  25   let video: VideoCreateResult
  26   let userAccessToken: string
  27   let userAccessToken2: string
  28   let commentId: number
  29
  30   // ---------------------------------------------------------------
  31
  32   before(async function () {
  33     this.timeout(30000)
  34
  35     server = await createSingleServer(1)
  36
  37     await setAccessTokensToServers([ server ])
  38
  39     {
  40       video = await server.videos.upload({ attributes: {} })
  41       pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
  42     }
  43
  44     {
  45       const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
  46       commentId = created.id
  47       pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
  48     }
  49
  50     {
  51       const user = { username: 'user1', password: 'my super password' }
  52       await server.users.create({ username: user.username, password: user.password })
  53       userAccessToken = await server.login.getAccessToken(user)
  54     }
  55
  56     {
  57       const user = { username: 'user2', password: 'my super password' }
  58       await server.users.create({ username: user.username, password: user.password })
  59       userAccessToken2 = await server.login.getAccessToken(user)
  60     }
  61   })
  62
  63   describe('When listing video comment threads', function () {
  64     it('Should fail with a bad start pagination', async function () {
  65       await checkBadStartPagination(server.url, pathThread, server.accessToken)
  66     })
  67
  68     it('Should fail with a bad count pagination', async function () {
  69       await checkBadCountPagination(server.url, pathThread, server.accessToken)
  70     })
  71
  72     it('Should fail with an incorrect sort', async function () {
  73       await checkBadSortPagination(server.url, pathThread, server.accessToken)
  74     })
  75
  76     it('Should fail with an incorrect video', async function () {
  77       await makeGetRequest({
  78         url: server.url,
  79         path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
  80         expectedStatus: HttpStatusCode.NOT_FOUND_404
  81       })
  82     })
  83   })
  84
  85   describe('When listing comments of a thread', function () {
  86     it('Should fail with an incorrect video', async function () {
  87       await makeGetRequest({
  88         url: server.url,
  89         path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
  90         expectedStatus: HttpStatusCode.NOT_FOUND_404
  91       })
  92     })
  93
  94     it('Should fail with an incorrect thread id', async function () {
  95       await makeGetRequest({
  96         url: server.url,
  97         path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
  98         expectedStatus: HttpStatusCode.NOT_FOUND_404
  99       })
 100     })
 101
 102     it('Should success with the correct params', async function () {
 103       await makeGetRequest({
 104         url: server.url,
 105         path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
 106         expectedStatus: HttpStatusCode.OK_200
 107       })
 108     })
 109   })
 110
 111   describe('When adding a video thread', function () {
 112
 113     it('Should fail with a non authenticated user', async function () {
 114       const fields = {
 115         text: 'text'
 116       }
 117       await makePostBodyRequest({
 118         url: server.url,
 119         path: pathThread,
 120         token: 'none',
 121         fields,
 122         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 123       })
 124     })
 125
 126     it('Should fail with nothing', async function () {
 127       const fields = {}
 128       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 129     })
 130
 131     it('Should fail with a short comment', async function () {
 132       const fields = {
 133         text: ''
 134       }
 135       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 136     })
 137
 138     it('Should fail with a long comment', async function () {
 139       const fields = {
 140         text: 'h'.repeat(10001)
 141       }
 142       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 143     })
 144
 145     it('Should fail with an incorrect video', async function () {
 146       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
 147       const fields = {
 148         text: 'super comment'
 149       }
 150       await makePostBodyRequest({
 151         url: server.url,
 152         path,
 153         token: server.accessToken,
 154         fields,
 155         expectedStatus: HttpStatusCode.NOT_FOUND_404
 156       })
 157     })
 158
 159     it('Should succeed with the correct parameters', async function () {
 160       const fields = {
 161         text: 'super comment'
 162       }
 163       await makePostBodyRequest({
 164         url: server.url,
 165         path: pathThread,
 166         token: server.accessToken,
 167         fields,
 168         expectedStatus: HttpStatusCode.OK_200
 169       })
 170     })
 171   })
 172
 173   describe('When adding a comment to a thread', function () {
 174     it('Should fail with a non authenticated user', async function () {
 175       const fields = {
 176         text: 'text'
 177       }
 178       await makePostBodyRequest({
 179         url: server.url,
 180         path: pathComment,
 181         token: 'none',
 182         fields,
 183         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 184       })
 185     })
 186
 187     it('Should fail with nothing', async function () {
 188       const fields = {}
 189       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 190     })
 191
 192     it('Should fail with a short comment', async function () {
 193       const fields = {
 194         text: ''
 195       }
 196       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 197     })
 198
 199     it('Should fail with a long comment', async function () {
 200       const fields = {
 201         text: 'h'.repeat(10001)
 202       }
 203       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 204     })
 205
 206     it('Should fail with an incorrect video', async function () {
 207       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
 208       const fields = {
 209         text: 'super comment'
 210       }
 211       await makePostBodyRequest({
 212         url: server.url,
 213         path,
 214         token: server.accessToken,
 215         fields,
 216         expectedStatus: HttpStatusCode.NOT_FOUND_404
 217       })
 218     })
 219
 220     it('Should fail with an incorrect comment', async function () {
 221       const path = '/api/v1/videos/' + video.uuid + '/comments/124'
 222       const fields = {
 223         text: 'super comment'
 224       }
 225       await makePostBodyRequest({
 226         url: server.url,
 227         path,
 228         token: server.accessToken,
 229         fields,
 230         expectedStatus: HttpStatusCode.NOT_FOUND_404
 231       })
 232     })
 233
 234     it('Should succeed with the correct parameters', async function () {
 235       const fields = {
 236         text: 'super comment'
 237       }
 238       await makePostBodyRequest({
 239         url: server.url,
 240         path: pathComment,
 241         token: server.accessToken,
 242         fields,
 243         expectedStatus: HttpStatusCode.OK_200
 244       })
 245     })
 246   })
 247
 248   describe('When removing video comments', function () {
 249     it('Should fail with a non authenticated user', async function () {
 250       await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 251     })
 252
 253     it('Should fail with another user', async function () {
 254       await makeDeleteRequest({
 255         url: server.url,
 256         path: pathComment,
 257         token: userAccessToken,
 258         expectedStatus: HttpStatusCode.FORBIDDEN_403
 259       })
 260     })
 261
 262     it('Should fail with an incorrect video', async function () {
 263       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
 264       await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 265     })
 266
 267     it('Should fail with an incorrect comment', async function () {
 268       const path = '/api/v1/videos/' + video.uuid + '/comments/124'
 269       await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 270     })
 271
 272     it('Should succeed with the same user', async function () {
 273       let commentToDelete: number
 274
 275       {
 276         const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
 277         commentToDelete = created.id
 278       }
 279
 280       const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
 281
 282       await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 283       await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 284     })
 285
 286     it('Should succeed with the owner of the video', async function () {
 287       let commentToDelete: number
 288       let anotherVideoUUID: string
 289
 290       {
 291         const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
 292         anotherVideoUUID = uuid
 293       }
 294
 295       {
 296         const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
 297         commentToDelete = created.id
 298       }
 299
 300       const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
 301
 302       await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 303       await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 304     })
 305
 306     it('Should succeed with the correct parameters', async function () {
 307       await makeDeleteRequest({
 308         url: server.url,
 309         path: pathComment,
 310         token: server.accessToken,
 311         expectedStatus: HttpStatusCode.NO_CONTENT_204
 312       })
 313     })
 314   })
 315
 316   describe('When a video has comments disabled', function () {
 317     before(async function () {
 318       video = await server.videos.upload({ attributes: { commentsEnabled: false } })
 319       pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
 320     })
 321
 322     it('Should return an empty thread list', async function () {
 323       const res = await makeGetRequest({
 324         url: server.url,
 325         path: pathThread,
 326         expectedStatus: HttpStatusCode.OK_200
 327       })
 328       expect(res.body.total).to.equal(0)
 329       expect(res.body.data).to.have.lengthOf(0)
 330     })
 331
 332     it('Should return an thread comments list')
 333
 334     it('Should return conflict on thread add', async function () {
 335       const fields = {
 336         text: 'super comment'
 337       }
 338       await makePostBodyRequest({
 339         url: server.url,
 340         path: pathThread,
 341         token: server.accessToken,
 342         fields,
 343         expectedStatus: HttpStatusCode.CONFLICT_409
 344       })
 345     })
 346
 347     it('Should return conflict on comment thread add')
 348   })
 349
 350   describe('When listing admin comments threads', function () {
 351     const path = '/api/v1/videos/comments'
 352
 353     it('Should fail with a bad start pagination', async function () {
 354       await checkBadStartPagination(server.url, path, server.accessToken)
 355     })
 356
 357     it('Should fail with a bad count pagination', async function () {
 358       await checkBadCountPagination(server.url, path, server.accessToken)
 359     })
 360
 361     it('Should fail with an incorrect sort', async function () {
 362       await checkBadSortPagination(server.url, path, server.accessToken)
 363     })
 364
 365     it('Should fail with a non authenticated user', async function () {
 366       await makeGetRequest({
 367         url: server.url,
 368         path,
 369         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 370       })
 371     })
 372
 373     it('Should fail with a non admin user', async function () {
 374       await makeGetRequest({
 375         url: server.url,
 376         path,
 377         token: userAccessToken,
 378         expectedStatus: HttpStatusCode.FORBIDDEN_403
 379       })
 380     })
 381
 382     it('Should succeed with the correct params', async function () {
 383       await makeGetRequest({
 384         url: server.url,
 385         path,
 386         token: server.accessToken,
 387         query: {
 388           isLocal: false,
 389           search: 'toto',
 390           searchAccount: 'toto',
 391           searchVideo: 'toto'
 392         },
 393         expectedStatus: HttpStatusCode.OK_200
 394       })
 395     })
 396   })
 397
 398   after(async function () {
 399     await cleanupTests([ server ])
 400   })
 401 })