1 files changed, 35 insertions, 9 deletions
diff --git a/server/tests/api/check-params/video-token.ts b/server/tests/api/check-params/video-token.ts
index 7acb9d580..7cb3e84a2 100644
--- a/server/tests/api/check-params/video-token.ts
+++ b/server/tests/api/check-params/video-token.ts
@@ -5,9 +5,12 @@ import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServ
 describe('Test video tokens', function () {
  let server: PeerTubeServer
-  let videoId: string
+  let privateVideoId: string
+  let passwordProtectedVideoId: string
  let userToken: string
+  const videoPassword = 'password'
  // ---------------------------------------------------------------
  before(async function () {
@@ -15,27 +18,50 @@ describe('Test video tokens', function () {
    server = await createSingleServer(1)
    await setAccessTokensToServers([ server ])
+    {
-    const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
+      const { uuid } = await server.videos.quickUpload({ name: 'private video', privacy: VideoPrivacy.PRIVATE })
-    videoId = uuid
+      privateVideoId = uuid
+    }
+    {
+      const { uuid } = await server.videos.quickUpload({
+        name: 'password protected video',
+        privacy: VideoPrivacy.PASSWORD_PROTECTED,
+        videoPasswords: [ videoPassword ]
+      })
+      passwordProtectedVideoId = uuid
+    }
    userToken = await server.users.generateUserAndToken('user1')
  })
-  it('Should not generate tokens for unauthenticated user', async function () {
+  it('Should not generate tokens on private video for unauthenticated user', async function () {
-    await server.videoToken.create({ videoId, token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    await server.videoToken.create({ videoId: privateVideoId, token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
  })
  it('Should not generate tokens of unknown video', async function () {
    await server.videoToken.create({ videoId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
  })
+  it('Should not generate tokens with incorrect password', async function () {
+    await server.videoToken.create({
+      videoId: passwordProtectedVideoId,
+      token: null,
+      expectedStatus: HttpStatusCode.FORBIDDEN_403,
+      videoPassword: 'incorrectPassword'
+    })
+  })
  it('Should not generate tokens of a non owned video', async function () {
-    await server.videoToken.create({ videoId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    await server.videoToken.create({ videoId: privateVideoId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
  })
  it('Should generate token', async function () {
-    await server.videoToken.create({ videoId })
+    await server.videoToken.create({ videoId: privateVideoId })
+  })
+  it('Should generate token on password protected video', async function () {
+    await server.videoToken.create({ videoId: passwordProtectedVideoId, videoPassword, token: null })
+    await server.videoToken.create({ videoId: passwordProtectedVideoId, videoPassword, token: userToken })
+    await server.videoToken.create({ videoId: passwordProtectedVideoId, videoPassword })
  })
  after(async function () {

diff --git a/server/tests/api/check-params/video-token.ts b/server/tests/api/check-params/video-token.ts index 7acb9d580..7cb3e84a2 100644 --- a/server/tests/api/check-params/video-token.ts +++ b/server/tests/api/check-params/video-token.ts
@@ -5,9 +5,12 @@ import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServ
5		5
6	describe('Test video tokens', function () {	6	describe('Test video tokens', function () {
7	let server: PeerTubeServer	7	let server: PeerTubeServer
8	let videoId: string	8	let privateVideoId: string
		9	let passwordProtectedVideoId: string
9	let userToken: string	10	let userToken: string
10		11
		12	const videoPassword = 'password'
		13
11	// ---------------------------------------------------------------	14	// ---------------------------------------------------------------
12		15
13	before(async function () {	16	before(async function () {
@@ -15,27 +18,50 @@ describe('Test video tokens', function () {
15		18
16	server = await createSingleServer(1)	19	server = await createSingleServer(1)
17	await setAccessTokensToServers([ server ])	20	await setAccessTokensToServers([ server ])
18		21	{
19	const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })	22	const { uuid } = await server.videos.quickUpload({ name: 'private video', privacy: VideoPrivacy.PRIVATE })
20	videoId = uuid	23	privateVideoId = uuid
21		24	}
		25	{
		26	const { uuid } = await server.videos.quickUpload({
		27	name: 'password protected video',
		28	privacy: VideoPrivacy.PASSWORD_PROTECTED,
		29	videoPasswords: [ videoPassword ]
		30	})
		31	passwordProtectedVideoId = uuid
		32	}
22	userToken = await server.users.generateUserAndToken('user1')	33	userToken = await server.users.generateUserAndToken('user1')
23	})	34	})
24		35
25	it('Should not generate tokens for unauthenticated user', async function () {	36	it('Should not generate tokens on private video for unauthenticated user', async function () {
26	await server.videoToken.create({ videoId, token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })	37	await server.videoToken.create({ videoId: privateVideoId, token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
27	})	38	})
28		39
29	it('Should not generate tokens of unknown video', async function () {	40	it('Should not generate tokens of unknown video', async function () {
30	await server.videoToken.create({ videoId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })	41	await server.videoToken.create({ videoId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
31	})	42	})
32		43
		44	it('Should not generate tokens with incorrect password', async function () {
		45	await server.videoToken.create({
		46	videoId: passwordProtectedVideoId,
		47	token: null,
		48	expectedStatus: HttpStatusCode.FORBIDDEN_403,
		49	videoPassword: 'incorrectPassword'
		50	})
		51	})
		52
33	it('Should not generate tokens of a non owned video', async function () {	53	it('Should not generate tokens of a non owned video', async function () {
34	await server.videoToken.create({ videoId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })	54	await server.videoToken.create({ videoId: privateVideoId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
35	})	55	})
36		56
37	it('Should generate token', async function () {	57	it('Should generate token', async function () {
38	await server.videoToken.create({ videoId })	58	await server.videoToken.create({ videoId: privateVideoId })
		59	})
		60
		61	it('Should generate token on password protected video', async function () {
		62	await server.videoToken.create({ videoId: passwordProtectedVideoId, videoPassword, token: null })
		63	await server.videoToken.create({ videoId: passwordProtectedVideoId, videoPassword, token: userToken })
		64	await server.videoToken.create({ videoId: passwordProtectedVideoId, videoPassword })
39	})	65	})
40		66
41	after(async function () {	67	after(async function () {