diff options
Diffstat (limited to 'server/tests/api/check-params')
-rw-r--r-- | server/tests/api/check-params/video-captions.ts | 28 | ||||
-rw-r--r-- | server/tests/api/check-params/video-imports.ts | 28 |
2 files changed, 55 insertions, 1 deletions
diff --git a/server/tests/api/check-params/video-captions.ts b/server/tests/api/check-params/video-captions.ts index 8a8840793..9881df80c 100644 --- a/server/tests/api/check-params/video-captions.ts +++ b/server/tests/api/check-params/video-captions.ts | |||
@@ -2,7 +2,7 @@ | |||
2 | 2 | ||
3 | import 'mocha' | 3 | import 'mocha' |
4 | import { buildAbsoluteFixturePath } from '@shared/core-utils' | 4 | import { buildAbsoluteFixturePath } from '@shared/core-utils' |
5 | import { HttpStatusCode, VideoCreateResult } from '@shared/models' | 5 | import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models' |
6 | import { | 6 | import { |
7 | cleanupTests, | 7 | cleanupTests, |
8 | createSingleServer, | 8 | createSingleServer, |
@@ -19,6 +19,7 @@ describe('Test video captions API validator', function () { | |||
19 | let server: PeerTubeServer | 19 | let server: PeerTubeServer |
20 | let userAccessToken: string | 20 | let userAccessToken: string |
21 | let video: VideoCreateResult | 21 | let video: VideoCreateResult |
22 | let privateVideo: VideoCreateResult | ||
22 | 23 | ||
23 | // --------------------------------------------------------------- | 24 | // --------------------------------------------------------------- |
24 | 25 | ||
@@ -30,6 +31,7 @@ describe('Test video captions API validator', function () { | |||
30 | await setAccessTokensToServers([ server ]) | 31 | await setAccessTokensToServers([ server ]) |
31 | 32 | ||
32 | video = await server.videos.upload() | 33 | video = await server.videos.upload() |
34 | privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } }) | ||
33 | 35 | ||
34 | { | 36 | { |
35 | const user = { | 37 | const user = { |
@@ -204,8 +206,32 @@ describe('Test video captions API validator', function () { | |||
204 | }) | 206 | }) |
205 | }) | 207 | }) |
206 | 208 | ||
209 | it('Should fail with a private video without token', async function () { | ||
210 | await makeGetRequest({ | ||
211 | url: server.url, | ||
212 | path: path + privateVideo.shortUUID + '/captions', | ||
213 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
214 | }) | ||
215 | }) | ||
216 | |||
217 | it('Should fail with another user token', async function () { | ||
218 | await makeGetRequest({ | ||
219 | url: server.url, | ||
220 | token: userAccessToken, | ||
221 | path: path + privateVideo.shortUUID + '/captions', | ||
222 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
223 | }) | ||
224 | }) | ||
225 | |||
207 | it('Should success with the correct parameters', async function () { | 226 | it('Should success with the correct parameters', async function () { |
208 | await makeGetRequest({ url: server.url, path: path + video.shortUUID + '/captions', expectedStatus: HttpStatusCode.OK_200 }) | 227 | await makeGetRequest({ url: server.url, path: path + video.shortUUID + '/captions', expectedStatus: HttpStatusCode.OK_200 }) |
228 | |||
229 | await makeGetRequest({ | ||
230 | url: server.url, | ||
231 | path: path + privateVideo.shortUUID + '/captions', | ||
232 | token: server.accessToken, | ||
233 | expectedStatus: HttpStatusCode.OK_200 | ||
234 | }) | ||
209 | }) | 235 | }) |
210 | }) | 236 | }) |
211 | 237 | ||
diff --git a/server/tests/api/check-params/video-imports.ts b/server/tests/api/check-params/video-imports.ts index ddea68db4..da05793a0 100644 --- a/server/tests/api/check-params/video-imports.ts +++ b/server/tests/api/check-params/video-imports.ts | |||
@@ -105,6 +105,34 @@ describe('Test video imports API validator', function () { | |||
105 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 105 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
106 | }) | 106 | }) |
107 | 107 | ||
108 | it('Should fail with localhost', async function () { | ||
109 | const fields = { ...baseCorrectParams, targetUrl: 'http://localhost:8000' } | ||
110 | |||
111 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
112 | }) | ||
113 | |||
114 | it('Should fail with a private IP target urls', async function () { | ||
115 | const targetUrls = [ | ||
116 | 'http://127.0.0.1:8000', | ||
117 | 'http://127.0.0.1', | ||
118 | 'http://127.0.0.1/hello', | ||
119 | 'https://192.168.1.42', | ||
120 | 'http://192.168.1.42' | ||
121 | ] | ||
122 | |||
123 | for (const targetUrl of targetUrls) { | ||
124 | const fields = { ...baseCorrectParams, targetUrl } | ||
125 | |||
126 | await makePostBodyRequest({ | ||
127 | url: server.url, | ||
128 | path, | ||
129 | token: server.accessToken, | ||
130 | fields, | ||
131 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
132 | }) | ||
133 | } | ||
134 | }) | ||
135 | |||
108 | it('Should fail with a long name', async function () { | 136 | it('Should fail with a long name', async function () { |
109 | const fields = { ...baseCorrectParams, name: 'super'.repeat(65) } | 137 | const fields = { ...baseCorrectParams, name: 'super'.repeat(65) } |
110 | 138 | ||