aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api/check-params
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-01-10 16:07:21 +0100
committerChocobozzz <me@florianbigard.com>2022-01-10 16:15:09 +0100
commit84c8d9866890f479faf0168c29be5eb7816ccc8e (patch)
tree573184b0aeed9a81f6381fdeaf59f3f1c52da83d /server/tests/api/check-params
parent795212f7acc690c88c86d0fab8772f6564d59cb8 (diff)
downloadPeerTube-release/4.0.0.tar.gz
PeerTube-release/4.0.0.tar.zst
PeerTube-release/4.0.0.zip
Don't display comments of private/internal videosrelease/4.0.0
Diffstat (limited to 'server/tests/api/check-params')
-rw-r--r--server/tests/api/check-params/video-comments.ts63
1 files changed, 62 insertions, 1 deletions
diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts
index 2d9ee1e0d..8d63fe70c 100644
--- a/server/tests/api/check-params/video-comments.ts
+++ b/server/tests/api/check-params/video-comments.ts
@@ -14,7 +14,7 @@ import {
14 PeerTubeServer, 14 PeerTubeServer,
15 setAccessTokensToServers 15 setAccessTokensToServers
16} from '@shared/extra-utils' 16} from '@shared/extra-utils'
17import { HttpStatusCode, VideoCreateResult } from '@shared/models' 17import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
18 18
19const expect = chai.expect 19const expect = chai.expect
20 20
@@ -26,6 +26,8 @@ describe('Test video comments API validator', function () {
26 let userAccessToken: string 26 let userAccessToken: string
27 let userAccessToken2: string 27 let userAccessToken2: string
28 let commentId: number 28 let commentId: number
29 let privateCommentId: number
30 let privateVideo: VideoCreateResult
29 31
30 // --------------------------------------------------------------- 32 // ---------------------------------------------------------------
31 33
@@ -42,12 +44,21 @@ describe('Test video comments API validator', function () {
42 } 44 }
43 45
44 { 46 {
47 privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
48 }
49
50 {
45 const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' }) 51 const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
46 commentId = created.id 52 commentId = created.id
47 pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId 53 pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
48 } 54 }
49 55
50 { 56 {
57 const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
58 privateCommentId = created.id
59 }
60
61 {
51 const user = { username: 'user1', password: 'my super password' } 62 const user = { username: 'user1', password: 'my super password' }
52 await server.users.create({ username: user.username, password: user.password }) 63 await server.users.create({ username: user.username, password: user.password })
53 userAccessToken = await server.login.getAccessToken(user) 64 userAccessToken = await server.login.getAccessToken(user)
@@ -80,6 +91,32 @@ describe('Test video comments API validator', function () {
80 expectedStatus: HttpStatusCode.NOT_FOUND_404 91 expectedStatus: HttpStatusCode.NOT_FOUND_404
81 }) 92 })
82 }) 93 })
94
95 it('Should fail with a private video without token', async function () {
96 await makeGetRequest({
97 url: server.url,
98 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
99 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
100 })
101 })
102
103 it('Should fail with another user token', async function () {
104 await makeGetRequest({
105 url: server.url,
106 token: userAccessToken,
107 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
108 expectedStatus: HttpStatusCode.FORBIDDEN_403
109 })
110 })
111
112 it('Should succeed with the correct params', async function () {
113 await makeGetRequest({
114 url: server.url,
115 token: server.accessToken,
116 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
117 expectedStatus: HttpStatusCode.OK_200
118 })
119 })
83 }) 120 })
84 121
85 describe('When listing comments of a thread', function () { 122 describe('When listing comments of a thread', function () {
@@ -99,9 +136,33 @@ describe('Test video comments API validator', function () {
99 }) 136 })
100 }) 137 })
101 138
139 it('Should fail with a private video without token', async function () {
140 await makeGetRequest({
141 url: server.url,
142 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
143 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
144 })
145 })
146
147 it('Should fail with another user token', async function () {
148 await makeGetRequest({
149 url: server.url,
150 token: userAccessToken,
151 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
152 expectedStatus: HttpStatusCode.FORBIDDEN_403
153 })
154 })
155
102 it('Should success with the correct params', async function () { 156 it('Should success with the correct params', async function () {
103 await makeGetRequest({ 157 await makeGetRequest({
104 url: server.url, 158 url: server.url,
159 token: server.accessToken,
160 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
161 expectedStatus: HttpStatusCode.OK_200
162 })
163
164 await makeGetRequest({
165 url: server.url,
105 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId, 166 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
106 expectedStatus: HttpStatusCode.OK_200 167 expectedStatus: HttpStatusCode.OK_200
107 }) 168 })