diff options
Diffstat (limited to 'server/tests/api/check-params')
-rw-r--r-- | server/tests/api/check-params/video-comments.ts | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts index 63c3582e9..829f3c8b1 100644 --- a/server/tests/api/check-params/video-comments.ts +++ b/server/tests/api/check-params/video-comments.ts | |||
@@ -3,7 +3,7 @@ | |||
3 | import 'mocha' | 3 | import 'mocha' |
4 | import * as chai from 'chai' | 4 | import * as chai from 'chai' |
5 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared' | 5 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared' |
6 | import { HttpStatusCode, VideoCreateResult } from '@shared/models' | 6 | import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models' |
7 | import { | 7 | import { |
8 | cleanupTests, | 8 | cleanupTests, |
9 | createSingleServer, | 9 | createSingleServer, |
@@ -24,6 +24,8 @@ describe('Test video comments API validator', function () { | |||
24 | let userAccessToken: string | 24 | let userAccessToken: string |
25 | let userAccessToken2: string | 25 | let userAccessToken2: string |
26 | let commentId: number | 26 | let commentId: number |
27 | let privateCommentId: number | ||
28 | let privateVideo: VideoCreateResult | ||
27 | 29 | ||
28 | // --------------------------------------------------------------- | 30 | // --------------------------------------------------------------- |
29 | 31 | ||
@@ -40,12 +42,21 @@ describe('Test video comments API validator', function () { | |||
40 | } | 42 | } |
41 | 43 | ||
42 | { | 44 | { |
45 | privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } }) | ||
46 | } | ||
47 | |||
48 | { | ||
43 | const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' }) | 49 | const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' }) |
44 | commentId = created.id | 50 | commentId = created.id |
45 | pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId | 51 | pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId |
46 | } | 52 | } |
47 | 53 | ||
48 | { | 54 | { |
55 | const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' }) | ||
56 | privateCommentId = created.id | ||
57 | } | ||
58 | |||
59 | { | ||
49 | const user = { username: 'user1', password: 'my super password' } | 60 | const user = { username: 'user1', password: 'my super password' } |
50 | await server.users.create({ username: user.username, password: user.password }) | 61 | await server.users.create({ username: user.username, password: user.password }) |
51 | userAccessToken = await server.login.getAccessToken(user) | 62 | userAccessToken = await server.login.getAccessToken(user) |
@@ -78,6 +89,32 @@ describe('Test video comments API validator', function () { | |||
78 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | 89 | expectedStatus: HttpStatusCode.NOT_FOUND_404 |
79 | }) | 90 | }) |
80 | }) | 91 | }) |
92 | |||
93 | it('Should fail with a private video without token', async function () { | ||
94 | await makeGetRequest({ | ||
95 | url: server.url, | ||
96 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', | ||
97 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
98 | }) | ||
99 | }) | ||
100 | |||
101 | it('Should fail with another user token', async function () { | ||
102 | await makeGetRequest({ | ||
103 | url: server.url, | ||
104 | token: userAccessToken, | ||
105 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', | ||
106 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
107 | }) | ||
108 | }) | ||
109 | |||
110 | it('Should succeed with the correct params', async function () { | ||
111 | await makeGetRequest({ | ||
112 | url: server.url, | ||
113 | token: server.accessToken, | ||
114 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', | ||
115 | expectedStatus: HttpStatusCode.OK_200 | ||
116 | }) | ||
117 | }) | ||
81 | }) | 118 | }) |
82 | 119 | ||
83 | describe('When listing comments of a thread', function () { | 120 | describe('When listing comments of a thread', function () { |
@@ -97,9 +134,33 @@ describe('Test video comments API validator', function () { | |||
97 | }) | 134 | }) |
98 | }) | 135 | }) |
99 | 136 | ||
137 | it('Should fail with a private video without token', async function () { | ||
138 | await makeGetRequest({ | ||
139 | url: server.url, | ||
140 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId, | ||
141 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
142 | }) | ||
143 | }) | ||
144 | |||
145 | it('Should fail with another user token', async function () { | ||
146 | await makeGetRequest({ | ||
147 | url: server.url, | ||
148 | token: userAccessToken, | ||
149 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId, | ||
150 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
151 | }) | ||
152 | }) | ||
153 | |||
100 | it('Should success with the correct params', async function () { | 154 | it('Should success with the correct params', async function () { |
101 | await makeGetRequest({ | 155 | await makeGetRequest({ |
102 | url: server.url, | 156 | url: server.url, |
157 | token: server.accessToken, | ||
158 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId, | ||
159 | expectedStatus: HttpStatusCode.OK_200 | ||
160 | }) | ||
161 | |||
162 | await makeGetRequest({ | ||
163 | url: server.url, | ||
103 | path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId, | 164 | path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId, |
104 | expectedStatus: HttpStatusCode.OK_200 | 165 | expectedStatus: HttpStatusCode.OK_200 |
105 | }) | 166 | }) |