aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-02-22 14:16:34 +0100
committerChocobozzz <me@florianbigard.com>2022-02-22 14:16:51 +0100
commit6ea9295b8f5dd7cc254202a79aad61c666cc4259 (patch)
tree0345d57eb47c5b5cd0046fee1456b0dc440ae470 /server/tests
parentfdd5da058aeffb161202124a129789a3c2bb234c (diff)
downloadPeerTube-6ea9295b8f5dd7cc254202a79aad61c666cc4259.tar.gz
PeerTube-6ea9295b8f5dd7cc254202a79aad61c666cc4259.tar.zst
PeerTube-6ea9295b8f5dd7cc254202a79aad61c666cc4259.zip
Check video privacy when creating comments/rates
Diffstat (limited to 'server/tests')
-rw-r--r--server/tests/api/check-params/video-comments.ts39
-rw-r--r--server/tests/api/check-params/videos.ts18
2 files changed, 51 insertions, 6 deletions
diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts
index 829f3c8b1..624d657d3 100644
--- a/server/tests/api/check-params/video-comments.ts
+++ b/server/tests/api/check-params/video-comments.ts
@@ -19,10 +19,14 @@ const expect = chai.expect
19describe('Test video comments API validator', function () { 19describe('Test video comments API validator', function () {
20 let pathThread: string 20 let pathThread: string
21 let pathComment: string 21 let pathComment: string
22
22 let server: PeerTubeServer 23 let server: PeerTubeServer
24
23 let video: VideoCreateResult 25 let video: VideoCreateResult
26
24 let userAccessToken: string 27 let userAccessToken: string
25 let userAccessToken2: string 28 let userAccessToken2: string
29
26 let commentId: number 30 let commentId: number
27 let privateCommentId: number 31 let privateCommentId: number
28 let privateVideo: VideoCreateResult 32 let privateVideo: VideoCreateResult
@@ -203,9 +207,8 @@ describe('Test video comments API validator', function () {
203 207
204 it('Should fail with an incorrect video', async function () { 208 it('Should fail with an incorrect video', async function () {
205 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads' 209 const path = '/api/v1/videos/ba708d62-e3d7-45d9-9d73-41b9097cc02d/comment-threads'
206 const fields = { 210 const fields = { text: 'super comment' }
207 text: 'super comment' 211
208 }
209 await makePostBodyRequest({ 212 await makePostBodyRequest({
210 url: server.url, 213 url: server.url,
211 path, 214 path,
@@ -215,10 +218,21 @@ describe('Test video comments API validator', function () {
215 }) 218 })
216 }) 219 })
217 220
221 it('Should fail with a private video of another user', async function () {
222 const fields = { text: 'super comment' }
223
224 await makePostBodyRequest({
225 url: server.url,
226 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
227 token: userAccessToken,
228 fields,
229 expectedStatus: HttpStatusCode.FORBIDDEN_403
230 })
231 })
232
218 it('Should succeed with the correct parameters', async function () { 233 it('Should succeed with the correct parameters', async function () {
219 const fields = { 234 const fields = { text: 'super comment' }
220 text: 'super comment' 235
221 }
222 await makePostBodyRequest({ 236 await makePostBodyRequest({
223 url: server.url, 237 url: server.url,
224 path: pathThread, 238 path: pathThread,
@@ -230,6 +244,7 @@ describe('Test video comments API validator', function () {
230 }) 244 })
231 245
232 describe('When adding a comment to a thread', function () { 246 describe('When adding a comment to a thread', function () {
247
233 it('Should fail with a non authenticated user', async function () { 248 it('Should fail with a non authenticated user', async function () {
234 const fields = { 249 const fields = {
235 text: 'text' 250 text: 'text'
@@ -276,6 +291,18 @@ describe('Test video comments API validator', function () {
276 }) 291 })
277 }) 292 })
278 293
294 it('Should fail with a private video of another user', async function () {
295 const fields = { text: 'super comment' }
296
297 await makePostBodyRequest({
298 url: server.url,
299 path: '/api/v1/videos/' + privateVideo.uuid + '/comments/' + privateCommentId,
300 token: userAccessToken,
301 fields,
302 expectedStatus: HttpStatusCode.FORBIDDEN_403
303 })
304 })
305
279 it('Should fail with an incorrect comment', async function () { 306 it('Should fail with an incorrect comment', async function () {
280 const path = '/api/v1/videos/' + video.uuid + '/comments/124' 307 const path = '/api/v1/videos/' + video.uuid + '/comments/124'
281 const fields = { 308 const fields = {
diff --git a/server/tests/api/check-params/videos.ts b/server/tests/api/check-params/videos.ts
index 4cc70f5cc..41064d2ff 100644
--- a/server/tests/api/check-params/videos.ts
+++ b/server/tests/api/check-params/videos.ts
@@ -28,6 +28,7 @@ describe('Test videos API validator', function () {
28 let channelId: number 28 let channelId: number
29 let channelName: string 29 let channelName: string
30 let video: VideoCreateResult 30 let video: VideoCreateResult
31 let privateVideo: VideoCreateResult
31 32
32 // --------------------------------------------------------------- 33 // ---------------------------------------------------------------
33 34
@@ -49,6 +50,10 @@ describe('Test videos API validator', function () {
49 channelName = body.videoChannels[0].name 50 channelName = body.videoChannels[0].name
50 accountName = body.account.name + '@' + body.account.host 51 accountName = body.account.name + '@' + body.account.host
51 } 52 }
53
54 {
55 privateVideo = await server.videos.quickUpload({ name: 'private video', privacy: VideoPrivacy.PRIVATE })
56 }
52 }) 57 })
53 58
54 describe('When listing videos', function () { 59 describe('When listing videos', function () {
@@ -783,6 +788,19 @@ describe('Test videos API validator', function () {
783 await makePutBodyRequest({ url: server.url, path: path + videoId + '/rate', token: server.accessToken, fields }) 788 await makePutBodyRequest({ url: server.url, path: path + videoId + '/rate', token: server.accessToken, fields })
784 }) 789 })
785 790
791 it('Should fail with a private video of another user', async function () {
792 const fields = {
793 rating: 'like'
794 }
795 await makePutBodyRequest({
796 url: server.url,
797 path: path + privateVideo.uuid + '/rate',
798 token: userAccessToken,
799 fields,
800 expectedStatus: HttpStatusCode.FORBIDDEN_403
801 })
802 })
803
786 it('Should succeed with the correct parameters', async function () { 804 it('Should succeed with the correct parameters', async function () {
787 const fields = { 805 const fields = {
788 rating: 'like' 806 rating: 'like'