aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api/check-params
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-01-06 13:27:29 +0100
committerChocobozzz <me@florianbigard.com>2022-01-06 13:27:29 +0100
commit795212f7acc690c88c86d0fab8772f6564d59cb8 (patch)
tree3a0203fc1957fd8cf8876774051137a0b04236fc /server/tests/api/check-params
parent7b54a81cccf6b4c12269e9d6897d608b1a99537a (diff)
downloadPeerTube-795212f7acc690c88c86d0fab8772f6564d59cb8.tar.gz
PeerTube-795212f7acc690c88c86d0fab8772f6564d59cb8.tar.zst
PeerTube-795212f7acc690c88c86d0fab8772f6564d59cb8.zip
Prevent caption listing of private videos
Diffstat (limited to 'server/tests/api/check-params')
-rw-r--r--server/tests/api/check-params/video-captions.ts28
1 files changed, 27 insertions, 1 deletions
diff --git a/server/tests/api/check-params/video-captions.ts b/server/tests/api/check-params/video-captions.ts
index 90f429314..84c6c1355 100644
--- a/server/tests/api/check-params/video-captions.ts
+++ b/server/tests/api/check-params/video-captions.ts
@@ -11,7 +11,7 @@ import {
11 PeerTubeServer, 11 PeerTubeServer,
12 setAccessTokensToServers 12 setAccessTokensToServers
13} from '@shared/extra-utils' 13} from '@shared/extra-utils'
14import { HttpStatusCode, VideoCreateResult } from '@shared/models' 14import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
15 15
16describe('Test video captions API validator', function () { 16describe('Test video captions API validator', function () {
17 const path = '/api/v1/videos/' 17 const path = '/api/v1/videos/'
@@ -19,6 +19,7 @@ describe('Test video captions API validator', function () {
19 let server: PeerTubeServer 19 let server: PeerTubeServer
20 let userAccessToken: string 20 let userAccessToken: string
21 let video: VideoCreateResult 21 let video: VideoCreateResult
22 let privateVideo: VideoCreateResult
22 23
23 // --------------------------------------------------------------- 24 // ---------------------------------------------------------------
24 25
@@ -30,6 +31,7 @@ describe('Test video captions API validator', function () {
30 await setAccessTokensToServers([ server ]) 31 await setAccessTokensToServers([ server ])
31 32
32 video = await server.videos.upload() 33 video = await server.videos.upload()
34 privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
33 35
34 { 36 {
35 const user = { 37 const user = {
@@ -204,8 +206,32 @@ describe('Test video captions API validator', function () {
204 }) 206 })
205 }) 207 })
206 208
209 it('Should fail with a private video without token', async function () {
210 await makeGetRequest({
211 url: server.url,
212 path: path + privateVideo.shortUUID + '/captions',
213 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
214 })
215 })
216
217 it('Should fail with another user token', async function () {
218 await makeGetRequest({
219 url: server.url,
220 token: userAccessToken,
221 path: path + privateVideo.shortUUID + '/captions',
222 expectedStatus: HttpStatusCode.FORBIDDEN_403
223 })
224 })
225
207 it('Should success with the correct parameters', async function () { 226 it('Should success with the correct parameters', async function () {
208 await makeGetRequest({ url: server.url, path: path + video.shortUUID + '/captions', expectedStatus: HttpStatusCode.OK_200 }) 227 await makeGetRequest({ url: server.url, path: path + video.shortUUID + '/captions', expectedStatus: HttpStatusCode.OK_200 })
228
229 await makeGetRequest({
230 url: server.url,
231 path: path + privateVideo.shortUUID + '/captions',
232 token: server.accessToken,
233 expectedStatus: HttpStatusCode.OK_200
234 })
209 }) 235 })
210 }) 236 })
211 237