-/* tslint:disable:no-unused-expression */
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
-import * as chai from 'chai'
import 'mocha'
+import * as chai from 'chai'
+import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
+import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
import {
- createUser,
- flushAndRunServer,
- killallServers,
+ cleanupTests,
+ createSingleServer,
makeDeleteRequest,
makeGetRequest,
makePostBodyRequest,
- ServerInfo,
- setAccessTokensToServers,
- uploadVideo,
- userLogin
-} from '../../../../shared/extra-utils'
-import {
- checkBadCountPagination,
- checkBadSortPagination,
- checkBadStartPagination
-} from '../../../../shared/extra-utils/requests/check-api-params'
-import { addVideoCommentThread } from '../../../../shared/extra-utils/videos/video-comments'
+ PeerTubeServer,
+ setAccessTokensToServers
+} from '@shared/server-commands'
const expect = chai.expect
describe('Test video comments API validator', function () {
let pathThread: string
let pathComment: string
- let server: ServerInfo
- let videoUUID: string
+
+ let server: PeerTubeServer
+
+ let video: VideoCreateResult
+
let userAccessToken: string
+ let userAccessToken2: string
+
let commentId: number
+ let privateCommentId: number
+ let privateVideo: VideoCreateResult
// ---------------------------------------------------------------
before(async function () {
this.timeout(30000)
- server = await flushAndRunServer(1)
+ server = await createSingleServer(1)
await setAccessTokensToServers([ server ])
{
- const res = await uploadVideo(server.url, server.accessToken, {})
- videoUUID = res.body.video.uuid
- pathThread = '/api/v1/videos/' + videoUUID + '/comment-threads'
+ video = await server.videos.upload({ attributes: {} })
+ pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
}
{
- const res = await addVideoCommentThread(server.url, server.accessToken, videoUUID, 'coucou')
- commentId = res.body.comment.id
- pathComment = '/api/v1/videos/' + videoUUID + '/comments/' + commentId
+ privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
}
{
- const user = {
- username: 'user1',
- password: 'my super password'
- }
- await createUser({ url: server.url, accessToken: server.accessToken, username: user.username, password: user.password })
- userAccessToken = await userLogin(server, user)
+ const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
+ commentId = created.id
+ pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
+ }
+
+ {
+ const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
+ privateCommentId = created.id
+ }
+
+ {
+ const user = { username: 'user1', password: 'my super password' }
+ await server.users.create({ username: user.username, password: user.password })
+ userAccessToken = await server.login.getAccessToken(user)
+ }
+
+ {
+ const user = { username: 'user2', password: 'my super password' }
+ await server.users.create({ username: user.username, password: user.password })
+ userAccessToken2 = await server.login.getAccessToken(user)
}
})
await makeGetRequest({
url: server.url,
path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads',
- statusCodeExpected: 404
+ expectedStatus: HttpStatusCode.NOT_FOUND_404
+ })
+ })
+
+ it('Should fail with a private video without token', async function () {
+ await makeGetRequest({
+ url: server.url,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+ expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+ })
+ })
+
+ it('Should fail with another user token', async function () {
+ await makeGetRequest({
+ url: server.url,
+ token: userAccessToken,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+ expectedStatus: HttpStatusCode.FORBIDDEN_403
+ })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ await makeGetRequest({
+ url: server.url,
+ token: server.accessToken,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+ expectedStatus: HttpStatusCode.OK_200
})
})
})
await makeGetRequest({
url: server.url,
path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId,
- statusCodeExpected: 404
+ expectedStatus: HttpStatusCode.NOT_FOUND_404
})
})
it('Should fail with an incorrect thread id', async function () {
await makeGetRequest({
url: server.url,
- path: '/api/v1/videos/' + videoUUID + '/comment-threads/156',
- statusCodeExpected: 404
+ path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156',
+ expectedStatus: HttpStatusCode.NOT_FOUND_404
+ })
+ })
+
+ it('Should fail with a private video without token', async function () {
+ await makeGetRequest({
+ url: server.url,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
+ expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+ })
+ })
+
+ it('Should fail with another user token', async function () {
+ await makeGetRequest({
+ url: server.url,
+ token: userAccessToken,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
+ expectedStatus: HttpStatusCode.FORBIDDEN_403
})
})
it('Should success with the correct params', async function () {
await makeGetRequest({
url: server.url,
- path: '/api/v1/videos/' + videoUUID + '/comment-threads/' + commentId,
- statusCodeExpected: 200
+ token: server.accessToken,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
+ expectedStatus: HttpStatusCode.OK_200
+ })
+
+ await makeGetRequest({
+ url: server.url,
+ path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
+ expectedStatus: HttpStatusCode.OK_200
})
})
})
const fields = {
text: 'text'
}
- await makePostBodyRequest({ url: server.url, path: pathThread, token: 'none', fields, statusCodeExpected: 401 })
+ await makePostBodyRequest({
+ url: server.url,
+ path: pathThread,
+ token: 'none',
+ fields,
+ expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+ })
})
it('Should fail with nothing', async function () {
it('Should fail with a long comment', async function () {
const fields = {
- text: 'h'.repeat(3001)
+ text: 'h'.repeat(10001)
}
await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields })
})
it('Should fail with an incorrect video', async function () {
const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
- const fields = {
- text: 'super comment'
- }
- await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 404 })
+ const fields = { text: 'super comment' }
+
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ fields,
+ expectedStatus: HttpStatusCode.NOT_FOUND_404
+ })
+ })
+
+ it('Should fail with a private video of another user', async function () {
+ const fields = { text: 'super comment' }
+
+ await makePostBodyRequest({
+ url: server.url,
+ path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
+ token: userAccessToken,
+ fields,
+ expectedStatus: HttpStatusCode.FORBIDDEN_403
+ })
})
it('Should succeed with the correct parameters', async function () {
- const fields = {
- text: 'super comment'
- }
- await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields, statusCodeExpected: 200 })
+ const fields = { text: 'super comment' }
+
+ await makePostBodyRequest({
+ url: server.url,
+ path: pathThread,
+ token: server.accessToken,
+ fields,
+ expectedStatus: HttpStatusCode.OK_200
+ })
})
})
describe('When adding a comment to a thread', function () {
+
it('Should fail with a non authenticated user', async function () {
const fields = {
text: 'text'
}
- await makePostBodyRequest({ url: server.url, path: pathComment, token: 'none', fields, statusCodeExpected: 401 })
+ await makePostBodyRequest({
+ url: server.url,
+ path: pathComment,
+ token: 'none',
+ fields,
+ expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+ })
})
it('Should fail with nothing', async function () {
it('Should fail with a long comment', async function () {
const fields = {
- text: 'h'.repeat(3001)
+ text: 'h'.repeat(10001)
}
await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields })
})
const fields = {
text: 'super comment'
}
- await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 404 })
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ fields,
+ expectedStatus: HttpStatusCode.NOT_FOUND_404
+ })
+ })
+
+ it('Should fail with a private video of another user', async function () {
+ const fields = { text: 'super comment' }
+
+ await makePostBodyRequest({
+ url: server.url,
+ path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId,
+ token: userAccessToken,
+ fields,
+ expectedStatus: HttpStatusCode.FORBIDDEN_403
+ })
})
it('Should fail with an incorrect comment', async function () {
- const path = '/api/v1/videos/' + videoUUID + '/comments/124'
+ const path = '/api/v1/videos/' + video.uuid + '/comments/124'
const fields = {
text: 'super comment'
}
- await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 404 })
+ await makePostBodyRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ fields,
+ expectedStatus: HttpStatusCode.NOT_FOUND_404
+ })
})
it('Should succeed with the correct parameters', async function () {
const fields = {
text: 'super comment'
}
- await makePostBodyRequest({ url: server.url, path: pathComment, token: server.accessToken, fields, statusCodeExpected: 200 })
+ await makePostBodyRequest({
+ url: server.url,
+ path: pathComment,
+ token: server.accessToken,
+ fields,
+ expectedStatus: HttpStatusCode.OK_200
+ })
})
})
describe('When removing video comments', function () {
it('Should fail with a non authenticated user', async function () {
- await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', statusCodeExpected: 401 })
+ await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
})
it('Should fail with another user', async function () {
- await makeDeleteRequest({ url: server.url, path: pathComment, token: userAccessToken, statusCodeExpected: 403 })
+ await makeDeleteRequest({
+ url: server.url,
+ path: pathComment,
+ token: userAccessToken,
+ expectedStatus: HttpStatusCode.FORBIDDEN_403
+ })
})
it('Should fail with an incorrect video', async function () {
const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId
- await makeDeleteRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: 404 })
+ await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
})
it('Should fail with an incorrect comment', async function () {
- const path = '/api/v1/videos/' + videoUUID + '/comments/124'
- await makeDeleteRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: 404 })
+ const path = '/api/v1/videos/' + video.uuid + '/comments/124'
+ await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
+ })
+
+ it('Should succeed with the same user', async function () {
+ let commentToDelete: number
+
+ {
+ const created = await server.comments.createThread({ videoId: video.uuid, token: userAccessToken, text: 'hello' })
+ commentToDelete = created.id
+ }
+
+ const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete
+
+ await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+ await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
+ })
+
+ it('Should succeed with the owner of the video', async function () {
+ let commentToDelete: number
+ let anotherVideoUUID: string
+
+ {
+ const { uuid } = await server.videos.upload({ token: userAccessToken, attributes: { name: 'video' } })
+ anotherVideoUUID = uuid
+ }
+
+ {
+ const created = await server.comments.createThread({ videoId: anotherVideoUUID, text: 'hello' })
+ commentToDelete = created.id
+ }
+
+ const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete
+
+ await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+ await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 })
})
it('Should succeed with the correct parameters', async function () {
- await makeDeleteRequest({ url: server.url, path: pathComment, token: server.accessToken, statusCodeExpected: 204 })
+ await makeDeleteRequest({
+ url: server.url,
+ path: pathComment,
+ token: server.accessToken,
+ expectedStatus: HttpStatusCode.NO_CONTENT_204
+ })
})
})
describe('When a video has comments disabled', function () {
before(async function () {
- const res = await uploadVideo(server.url, server.accessToken, { commentsEnabled: false })
- videoUUID = res.body.video.uuid
- pathThread = '/api/v1/videos/' + videoUUID + '/comment-threads'
+ video = await server.videos.upload({ attributes: { commentsEnabled: false } })
+ pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads'
})
it('Should return an empty thread list', async function () {
const res = await makeGetRequest({
url: server.url,
path: pathThread,
- statusCodeExpected: 200
+ expectedStatus: HttpStatusCode.OK_200
})
expect(res.body.total).to.equal(0)
expect(res.body.data).to.have.lengthOf(0)
const fields = {
text: 'super comment'
}
- await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields, statusCodeExpected: 409 })
+ await makePostBodyRequest({
+ url: server.url,
+ path: pathThread,
+ token: server.accessToken,
+ fields,
+ expectedStatus: HttpStatusCode.CONFLICT_409
+ })
})
it('Should return conflict on comment thread add')
})
- after(function () {
- killallServers([ server ])
+ describe('When listing admin comments threads', function () {
+ const path = '/api/v1/videos/comments'
+
+ it('Should fail with a bad start pagination', async function () {
+ await checkBadStartPagination(server.url, path, server.accessToken)
+ })
+
+ it('Should fail with a bad count pagination', async function () {
+ await checkBadCountPagination(server.url, path, server.accessToken)
+ })
+
+ it('Should fail with an incorrect sort', async function () {
+ await checkBadSortPagination(server.url, path, server.accessToken)
+ })
+
+ it('Should fail with a non authenticated user', async function () {
+ await makeGetRequest({
+ url: server.url,
+ path,
+ expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+ })
+ })
+
+ it('Should fail with a non admin user', async function () {
+ await makeGetRequest({
+ url: server.url,
+ path,
+ token: userAccessToken,
+ expectedStatus: HttpStatusCode.FORBIDDEN_403
+ })
+ })
+
+ it('Should succeed with the correct params', async function () {
+ await makeGetRequest({
+ url: server.url,
+ path,
+ token: server.accessToken,
+ query: {
+ isLocal: false,
+ search: 'toto',
+ searchAccount: 'toto',
+ searchVideo: 'toto'
+ },
+ expectedStatus: HttpStatusCode.OK_200
+ })
+ })
+ })
+
+ after(async function () {
+ await cleanupTests([ server ])
})
})
projects / github / Chocobozzz / PeerTube.git / blobdiff