X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fvideo-comments.ts;h=55019884487824479dfccc4327131e1a0ae7fbc9;hb=0a8a79552cf59c800011c9f63eaa8658230acddc;hp=92c29da0e796a1dc596e73c538a5f2dbd3627053;hpb=08642a765ea514a00f159db898edf14c376fbe6c;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts index 92c29da0e..550198844 100644 --- a/server/tests/api/check-params/video-comments.ts +++ b/server/tests/api/check-params/video-comments.ts @@ -1,12 +1,9 @@ /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ -import 'mocha' -import * as chai from 'chai' -import { HttpStatusCode } from '@shared/core-utils' +import { expect } from 'chai' +import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared' +import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models' import { - checkBadCountPagination, - checkBadSortPagination, - checkBadStartPagination, cleanupTests, createSingleServer, makeDeleteRequest, @@ -14,19 +11,22 @@ import { makePostBodyRequest, PeerTubeServer, setAccessTokensToServers -} from '@shared/extra-utils' -import { VideoCreateResult } from '@shared/models' - -const expect = chai.expect +} from '@shared/server-commands' describe('Test video comments API validator', function () { let pathThread: string let pathComment: string + let server: PeerTubeServer + let video: VideoCreateResult + let userAccessToken: string let userAccessToken2: string + let commentId: number + let privateCommentId: number + let privateVideo: VideoCreateResult // --------------------------------------------------------------- @@ -42,12 +42,21 @@ describe('Test video comments API validator', function () { pathThread = '/api/v1/videos/' + video.uuid + '/comment-threads' } + { + privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } }) + } + { const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' }) commentId = created.id pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId } + { + const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' }) + privateCommentId = created.id + } + { const user = { username: 'user1', password: 'my super password' } await server.users.create({ username: user.username, password: user.password }) @@ -78,7 +87,33 @@ describe('Test video comments API validator', function () { await makeGetRequest({ url: server.url, path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads', - statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + expectedStatus: HttpStatusCode.NOT_FOUND_404 + }) + }) + + it('Should fail with a private video without token', async function () { + await makeGetRequest({ + url: server.url, + path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', + expectedStatus: HttpStatusCode.UNAUTHORIZED_401 + }) + }) + + it('Should fail with another user token', async function () { + await makeGetRequest({ + url: server.url, + token: userAccessToken, + path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', + expectedStatus: HttpStatusCode.FORBIDDEN_403 + }) + }) + + it('Should succeed with the correct params', async function () { + await makeGetRequest({ + url: server.url, + token: server.accessToken, + path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', + expectedStatus: HttpStatusCode.OK_200 }) }) }) @@ -88,7 +123,7 @@ describe('Test video comments API validator', function () { await makeGetRequest({ url: server.url, path: '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads/' + commentId, - statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + expectedStatus: HttpStatusCode.NOT_FOUND_404 }) }) @@ -96,15 +131,39 @@ describe('Test video comments API validator', function () { await makeGetRequest({ url: server.url, path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/156', - statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + expectedStatus: HttpStatusCode.NOT_FOUND_404 + }) + }) + + it('Should fail with a private video without token', async function () { + await makeGetRequest({ + url: server.url, + path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId, + expectedStatus: HttpStatusCode.UNAUTHORIZED_401 + }) + }) + + it('Should fail with another user token', async function () { + await makeGetRequest({ + url: server.url, + token: userAccessToken, + path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId, + expectedStatus: HttpStatusCode.FORBIDDEN_403 }) }) it('Should success with the correct params', async function () { + await makeGetRequest({ + url: server.url, + token: server.accessToken, + path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId, + expectedStatus: HttpStatusCode.OK_200 + }) + await makeGetRequest({ url: server.url, path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId, - statusCodeExpected: HttpStatusCode.OK_200 + expectedStatus: HttpStatusCode.OK_200 }) }) }) @@ -120,7 +179,7 @@ describe('Test video comments API validator', function () { path: pathThread, token: 'none', fields, - statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) }) @@ -145,33 +204,44 @@ describe('Test video comments API validator', function () { it('Should fail with an incorrect video', async function () { const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads' - const fields = { - text: 'super comment' - } + const fields = { text: 'super comment' } + await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, - statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + expectedStatus: HttpStatusCode.NOT_FOUND_404 + }) + }) + + it('Should fail with a private video of another user', async function () { + const fields = { text: 'super comment' } + + await makePostBodyRequest({ + url: server.url, + path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', + token: userAccessToken, + fields, + expectedStatus: HttpStatusCode.FORBIDDEN_403 }) }) it('Should succeed with the correct parameters', async function () { - const fields = { - text: 'super comment' - } + const fields = { text: 'super comment' } + await makePostBodyRequest({ url: server.url, path: pathThread, token: server.accessToken, fields, - statusCodeExpected: HttpStatusCode.OK_200 + expectedStatus: HttpStatusCode.OK_200 }) }) }) describe('When adding a comment to a thread', function () { + it('Should fail with a non authenticated user', async function () { const fields = { text: 'text' @@ -181,7 +251,7 @@ describe('Test video comments API validator', function () { path: pathComment, token: 'none', fields, - statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) }) @@ -214,7 +284,19 @@ describe('Test video comments API validator', function () { path, token: server.accessToken, fields, - statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + expectedStatus: HttpStatusCode.NOT_FOUND_404 + }) + }) + + it('Should fail with a private video of another user', async function () { + const fields = { text: 'super comment' } + + await makePostBodyRequest({ + url: server.url, + path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId, + token: userAccessToken, + fields, + expectedStatus: HttpStatusCode.FORBIDDEN_403 }) }) @@ -228,7 +310,7 @@ describe('Test video comments API validator', function () { path, token: server.accessToken, fields, - statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + expectedStatus: HttpStatusCode.NOT_FOUND_404 }) }) @@ -241,14 +323,14 @@ describe('Test video comments API validator', function () { path: pathComment, token: server.accessToken, fields, - statusCodeExpected: HttpStatusCode.OK_200 + expectedStatus: HttpStatusCode.OK_200 }) }) }) describe('When removing video comments', function () { it('Should fail with a non authenticated user', async function () { - await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 }) + await makeDeleteRequest({ url: server.url, path: pathComment, token: 'none', expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) }) it('Should fail with another user', async function () { @@ -256,18 +338,18 @@ describe('Test video comments API validator', function () { url: server.url, path: pathComment, token: userAccessToken, - statusCodeExpected: HttpStatusCode.FORBIDDEN_403 + expectedStatus: HttpStatusCode.FORBIDDEN_403 }) }) it('Should fail with an incorrect video', async function () { const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comments/' + commentId - await makeDeleteRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.NOT_FOUND_404 }) + await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 }) }) it('Should fail with an incorrect comment', async function () { const path = '/api/v1/videos/' + video.uuid + '/comments/124' - await makeDeleteRequest({ url: server.url, path, token: server.accessToken, statusCodeExpected: HttpStatusCode.NOT_FOUND_404 }) + await makeDeleteRequest({ url: server.url, path, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 }) }) it('Should succeed with the same user', async function () { @@ -280,8 +362,8 @@ describe('Test video comments API validator', function () { const path = '/api/v1/videos/' + video.uuid + '/comments/' + commentToDelete - await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) - await makeDeleteRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.NO_CONTENT_204 }) + await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) + await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 }) }) it('Should succeed with the owner of the video', async function () { @@ -300,8 +382,8 @@ describe('Test video comments API validator', function () { const path = '/api/v1/videos/' + anotherVideoUUID + '/comments/' + commentToDelete - await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, statusCodeExpected: HttpStatusCode.FORBIDDEN_403 }) - await makeDeleteRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: HttpStatusCode.NO_CONTENT_204 }) + await makeDeleteRequest({ url: server.url, path, token: userAccessToken2, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) + await makeDeleteRequest({ url: server.url, path, token: userAccessToken, expectedStatus: HttpStatusCode.NO_CONTENT_204 }) }) it('Should succeed with the correct parameters', async function () { @@ -309,7 +391,7 @@ describe('Test video comments API validator', function () { url: server.url, path: pathComment, token: server.accessToken, - statusCodeExpected: HttpStatusCode.NO_CONTENT_204 + expectedStatus: HttpStatusCode.NO_CONTENT_204 }) }) }) @@ -324,7 +406,7 @@ describe('Test video comments API validator', function () { const res = await makeGetRequest({ url: server.url, path: pathThread, - statusCodeExpected: HttpStatusCode.OK_200 + expectedStatus: HttpStatusCode.OK_200 }) expect(res.body.total).to.equal(0) expect(res.body.data).to.have.lengthOf(0) @@ -341,7 +423,7 @@ describe('Test video comments API validator', function () { path: pathThread, token: server.accessToken, fields, - statusCodeExpected: HttpStatusCode.CONFLICT_409 + expectedStatus: HttpStatusCode.CONFLICT_409 }) }) @@ -367,7 +449,7 @@ describe('Test video comments API validator', function () { await makeGetRequest({ url: server.url, path, - statusCodeExpected: HttpStatusCode.UNAUTHORIZED_401 + expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) }) @@ -376,7 +458,7 @@ describe('Test video comments API validator', function () { url: server.url, path, token: userAccessToken, - statusCodeExpected: HttpStatusCode.FORBIDDEN_403 + expectedStatus: HttpStatusCode.FORBIDDEN_403 }) }) @@ -391,7 +473,7 @@ describe('Test video comments API validator', function () { searchAccount: 'toto', searchVideo: 'toto' }, - statusCodeExpected: HttpStatusCode.OK_200 + expectedStatus: HttpStatusCode.OK_200 }) }) })