Prevent caption listing of private videos

author: Chocobozzz <me@florianbigard.com> 2022-01-06 13:27:29 +0100
committer: Chocobozzz <me@florianbigard.com> 2022-01-06 13:27:29 +0100
commit: 795212f7acc690c88c86d0fab8772f6564d59cb8 (patch)
tree: 3a0203fc1957fd8cf8876774051137a0b04236fc /server/tests/api/check-params
parent: 7b54a81cccf6b4c12269e9d6897d608b1a99537a (diff)
download: PeerTube-795212f7acc690c88c86d0fab8772f6564d59cb8.tar.gz
PeerTube-795212f7acc690c88c86d0fab8772f6564d59cb8.tar.zst
PeerTube-795212f7acc690c88c86d0fab8772f6564d59cb8.zip
1 files changed, 27 insertions, 1 deletions
diff --git a/server/tests/api/check-params/video-captions.ts b/server/tests/api/check-params/video-captions.ts
index 90f429314..84c6c1355 100644
--- a/server/tests/api/check-params/video-captions.ts
+++ b/server/tests/api/check-params/video-captions.ts
@@ -11,7 +11,7 @@ import {
  PeerTubeServer,
  setAccessTokensToServers
 } from '@shared/extra-utils'
-import { HttpStatusCode, VideoCreateResult } from '@shared/models'
+import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
 describe('Test video captions API validator', function () {
  const path = '/api/v1/videos/'
@@ -19,6 +19,7 @@ describe('Test video captions API validator', function () {
  let server: PeerTubeServer
  let userAccessToken: string
  let video: VideoCreateResult
+  let privateVideo: VideoCreateResult
  // ---------------------------------------------------------------
@@ -30,6 +31,7 @@ describe('Test video captions API validator', function () {
    await setAccessTokensToServers([ server ])
    video = await server.videos.upload()
+    privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
    {
      const user = {
@@ -204,8 +206,32 @@ describe('Test video captions API validator', function () {
      })
    })
+    it('Should fail with a private video without token', async function () {
+      await makeGetRequest({
+        url: server.url,
+        path: path + privateVideo.shortUUID + '/captions',
+        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
+      })
+    })
+    it('Should fail with another user token', async function () {
+      await makeGetRequest({
+        url: server.url,
+        token: userAccessToken,
+        path: path + privateVideo.shortUUID + '/captions',
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
    it('Should success with the correct parameters', async function () {
      await makeGetRequest({ url: server.url, path: path + video.shortUUID + '/captions', expectedStatus: HttpStatusCode.OK_200 })
+      await makeGetRequest({
+        url: server.url,
+        path: path + privateVideo.shortUUID + '/captions',
+        token: server.accessToken,
+        expectedStatus: HttpStatusCode.OK_200
+      })
    })
  })
author	Chocobozzz <me@florianbigard.com>	2022-01-06 13:27:29 +0100
committer	Chocobozzz <me@florianbigard.com>	2022-01-06 13:27:29 +0100
commit	795212f7acc690c88c86d0fab8772f6564d59cb8 (patch)
tree	3a0203fc1957fd8cf8876774051137a0b04236fc /server/tests/api/check-params
parent	7b54a81cccf6b4c12269e9d6897d608b1a99537a (diff)
download	PeerTube-795212f7acc690c88c86d0fab8772f6564d59cb8.tar.gz PeerTube-795212f7acc690c88c86d0fab8772f6564d59cb8.tar.zst PeerTube-795212f7acc690c88c86d0fab8772f6564d59cb8.zip