server/tests/api/check-params/video-comments.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import * as chai from 'chai'
   5 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
   6 import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
   7 import {
   8   cleanupTests,
   9   createSingleServer,
  10   makeDeleteRequest,
  11   makeGetRequest,
  12   makePostBodyRequest,
  13   PeerTubeServer,
  14   setAccessTokensToServers
  15 } from '@shared/server-commands'
  16
  17 const expect = chai.expect
  18
  19 describe('Test video comments API validator', function () {
  20   let pathThread: string
  21   let pathComment: string
  22   let server: PeerTubeServer
  23   let video: VideoCreateResult
  24   let userAccessToken: string
  25   let userAccessToken2: string
  26   let commentId: number
  27   let privateCommentId: number
  28   let privateVideo: VideoCreateResult
  29
  30   // ---------------------------------------------------------------
  31
  32   before(async function () {
  33     this.timeout(30000)
  34
  35     server = await createSingleServer(1)
  36
  37     await setAccessTokensToServers([ server ])
  38
  39     {
  40       video = await server.videos.upload({ attributes: {} })
  41       pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
  42     }
  43
  44     {
  45       privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
  46     }
  47
  48     {
  49       const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
  50       commentId = created.id
  51       pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
  52     }
  53
  54     {
  55       const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
  56       privateCommentId = created.id
  57     }
  58
  59     {
  60       const user = { username: 'user1', password: 'my super password' }
  61       await server.users.create({ username: user.username, password: user.password })
  62       userAccessToken = await server.login.getAccessToken(user)
  63     }
  64
  65     {
  66       const user = { username: 'user2', password: 'my super password' }
  67       await server.users.create({ username: user.username, password: user.password })
  68       userAccessToken2 = await server.login.getAccessToken(user)
  69     }
  70   })
  71
  72   describe('When listing video comment threads', function () {
  73     it('Should fail with a bad start pagination', async function () {
  74       await checkBadStartPagination(server.url, pathThread, server.accessToken)
  75     })
  76
  77     it('Should fail with a bad count pagination', async function () {
  78       await checkBadCountPagination(server.url, pathThread, server.accessToken)
  79     })
  80
  81     it('Should fail with an incorrect sort', async function () {
  82       await checkBadSortPagination(server.url, pathThread, server.accessToken)
  83     })
  84
  85     it('Should fail with an incorrect video', async function () {
  86       await makeGetRequest({
  87         url: server.url,
  88         path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
  89         expectedStatus: HttpStatusCode.NOT_FOUND_404
  90       })
  91     })
  92
  93     it('Should fail with a private video without token', async function () {
  94       await makeGetRequest({
  95         url: server.url,
  96         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
  97         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
  98       })
  99     })
 100
 101     it('Should fail with another user token', async function () {
 102       await makeGetRequest({
 103         url: server.url,
 104         token: userAccessToken,
 105         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
 106         expectedStatus: HttpStatusCode.FORBIDDEN_403
 107       })
 108     })
 109
 110     it('Should succeed with the correct params', async function () {
 111       await makeGetRequest({
 112         url: server.url,
 113         token: server.accessToken,
 114         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
 115         expectedStatus: HttpStatusCode.OK_200
 116       })
 117     })
 118   })
 119
 120   describe('When listing comments of a thread', function () {
 121     it('Should fail with an incorrect video', async function () {
 122       await makeGetRequest({
 123         url: server.url,
 124         path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
 125         expectedStatus: HttpStatusCode.NOT_FOUND_404
 126       })
 127     })
 128
 129     it('Should fail with an incorrect thread id', async function () {
 130       await makeGetRequest({
 131         url: server.url,
 132         path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
 133         expectedStatus: HttpStatusCode.NOT_FOUND_404
 134       })
 135     })
 136
 137     it('Should fail with a private video without token', async function () {
 138       await makeGetRequest({
 139         url: server.url,
 140         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
 141         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 142       })
 143     })
 144
 145     it('Should fail with another user token', async function () {
 146       await makeGetRequest({
 147         url: server.url,
 148         token: userAccessToken,
 149         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
 150         expectedStatus: HttpStatusCode.FORBIDDEN_403
 151       })
 152     })
 153
 154     it('Should success with the correct params', async function () {
 155       await makeGetRequest({
 156         url: server.url,
 157         token: server.accessToken,
 158         path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
 159         expectedStatus: HttpStatusCode.OK_200
 160       })
 161
 162       await makeGetRequest({
 163         url: server.url,
 164         path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
 165         expectedStatus: HttpStatusCode.OK_200
 166       })
 167     })
 168   })
 169
 170   describe('When adding a video thread', function () {
 171
 172     it('Should fail with a non authenticated user', async function () {
 173       const fields = {
 174         text: 'text'
 175       }
 176       await makePostBodyRequest({
 177         url: server.url,
 178         path: pathThread,
 179         token: 'none',
 180         fields,
 181         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 182       })
 183     })
 184
 185     it('Should fail with nothing', async function () {
 186       const fields = {}
 187       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 188     })
 189
 190     it('Should fail with a short comment', async function () {
 191       const fields = {
 192         text: ''
 193       }
 194       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 195     })
 196
 197     it('Should fail with a long comment', async function () {
 198       const fields = {
 199         text: 'h'.repeat(10001)
 200       }
 201       await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
 202     })
 203
 204     it('Should fail with an incorrect video', async function () {
 205       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
 206       const fields = {
 207         text: 'super comment'
 208       }
 209       await makePostBodyRequest({
 210         url: server.url,
 211         path,
 212         token: server.accessToken,
 213         fields,
 214         expectedStatus: HttpStatusCode.NOT_FOUND_404
 215       })
 216     })
 217
 218     it('Should succeed with the correct parameters', async function () {
 219       const fields = {
 220         text: 'super comment'
 221       }
 222       await makePostBodyRequest({
 223         url: server.url,
 224         path: pathThread,
 225         token: server.accessToken,
 226         fields,
 227         expectedStatus: HttpStatusCode.OK_200
 228       })
 229     })
 230   })
 231
 232   describe('When adding a comment to a thread', function () {
 233     it('Should fail with a non authenticated user', async function () {
 234       const fields = {
 235         text: 'text'
 236       }
 237       await makePostBodyRequest({
 238         url: server.url,
 239         path: pathComment,
 240         token: 'none',
 241         fields,
 242         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 243       })
 244     })
 245
 246     it('Should fail with nothing', async function () {
 247       const fields = {}
 248       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 249     })
 250
 251     it('Should fail with a short comment', async function () {
 252       const fields = {
 253         text: ''
 254       }
 255       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 256     })
 257
 258     it('Should fail with a long comment', async function () {
 259       const fields = {
 260         text: 'h'.repeat(10001)
 261       }
 262       await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
 263     })
 264
 265     it('Should fail with an incorrect video', async function () {
 266       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
 267       const fields = {
 268         text: 'super comment'
 269       }
 270       await makePostBodyRequest({
 271         url: server.url,
 272         path,
 273         token: server.accessToken,
 274         fields,
 275         expectedStatus: HttpStatusCode.NOT_FOUND_404
 276       })
 277     })
 278
 279     it('Should fail with an incorrect comment', async function () {
 280       const path = '/api/v1/videos/' + video.uuid + '/comments/124'
 281       const fields = {
 282         text: 'super comment'
 283       }
 284       await makePostBodyRequest({
 285         url: server.url,
 286         path,
 287         token: server.accessToken,
 288         fields,
 289         expectedStatus: HttpStatusCode.NOT_FOUND_404
 290       })
 291     })
 292
 293     it('Should succeed with the correct parameters', async function () {
 294       const fields = {
 295         text: 'super comment'
 296       }
 297       await makePostBodyRequest({
 298         url: server.url,
 299         path: pathComment,
 300         token: server.accessToken,
 301         fields,
 302         expectedStatus: HttpStatusCode.OK_200
 303       })
 304     })
 305   })
 306
 307   describe('When removing video comments', function () {
 308     it('Should fail with a non authenticated user', async function () {
 309       await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 310     })
 311
 312     it('Should fail with another user', async function () {
 313       await makeDeleteRequest({
 314         url: server.url,
 315         path: pathComment,
 316         token: userAccessToken,
 317         expectedStatus: HttpStatusCode.FORBIDDEN_403
 318       })
 319     })
 320
 321     it('Should fail with an incorrect video', async function () {
 322       const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
 323       await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 324     })
 325
 326     it('Should fail with an incorrect comment', async function () {
 327       const path = '/api/v1/videos/' + video.uuid + '/comments/124'
 328       await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
 329     })
 330
 331     it('Should succeed with the same user', async function () {
 332       let commentToDelete: number
 333
 334       {
 335         const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
 336         commentToDelete = created.id
 337       }
 338
 339       const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
 340
 341       await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 342       await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 343     })
 344
 345     it('Should succeed with the owner of the video', async function () {
 346       let commentToDelete: number
 347       let anotherVideoUUID: string
 348
 349       {
 350         const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
 351         anotherVideoUUID = uuid
 352       }
 353
 354       {
 355         const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
 356         commentToDelete = created.id
 357       }
 358
 359       const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
 360
 361       await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 362       await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
 363     })
 364
 365     it('Should succeed with the correct parameters', async function () {
 366       await makeDeleteRequest({
 367         url: server.url,
 368         path: pathComment,
 369         token: server.accessToken,
 370         expectedStatus: HttpStatusCode.NO_CONTENT_204
 371       })
 372     })
 373   })
 374
 375   describe('When a video has comments disabled', function () {
 376     before(async function () {
 377       video = await server.videos.upload({ attributes: { commentsEnabled: false } })
 378       pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
 379     })
 380
 381     it('Should return an empty thread list', async function () {
 382       const res = await makeGetRequest({
 383         url: server.url,
 384         path: pathThread,
 385         expectedStatus: HttpStatusCode.OK_200
 386       })
 387       expect(res.body.total).to.equal(0)
 388       expect(res.body.data).to.have.lengthOf(0)
 389     })
 390
 391     it('Should return an thread comments list')
 392
 393     it('Should return conflict on thread add', async function () {
 394       const fields = {
 395         text: 'super comment'
 396       }
 397       await makePostBodyRequest({
 398         url: server.url,
 399         path: pathThread,
 400         token: server.accessToken,
 401         fields,
 402         expectedStatus: HttpStatusCode.CONFLICT_409
 403       })
 404     })
 405
 406     it('Should return conflict on comment thread add')
 407   })
 408
 409   describe('When listing admin comments threads', function () {
 410     const path = '/api/v1/videos/comments'
 411
 412     it('Should fail with a bad start pagination', async function () {
 413       await checkBadStartPagination(server.url, path, server.accessToken)
 414     })
 415
 416     it('Should fail with a bad count pagination', async function () {
 417       await checkBadCountPagination(server.url, path, server.accessToken)
 418     })
 419
 420     it('Should fail with an incorrect sort', async function () {
 421       await checkBadSortPagination(server.url, path, server.accessToken)
 422     })
 423
 424     it('Should fail with a non authenticated user', async function () {
 425       await makeGetRequest({
 426         url: server.url,
 427         path,
 428         expectedStatus: HttpStatusCode.UNAUTHORIZED_401
 429       })
 430     })
 431
 432     it('Should fail with a non admin user', async function () {
 433       await makeGetRequest({
 434         url: server.url,
 435         path,
 436         token: userAccessToken,
 437         expectedStatus: HttpStatusCode.FORBIDDEN_403
 438       })
 439     })
 440
 441     it('Should succeed with the correct params', async function () {
 442       await makeGetRequest({
 443         url: server.url,
 444         path,
 445         token: server.accessToken,
 446         query: {
 447           isLocal: false,
 448           search: 'toto',
 449           searchAccount: 'toto',
 450           searchVideo: 'toto'
 451         },
 452         expectedStatus: HttpStatusCode.OK_200
 453       })
 454     })
 455   })
 456
 457   after(async function () {
 458     await cleanupTests([ server ])
 459   })
 460 })