diff options
Diffstat (limited to 'server/tests/api')
-rw-r--r-- | server/tests/api/check-params/video-comments.ts | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts index 2d9ee1e0d..8d63fe70c 100644 --- a/server/tests/api/check-params/video-comments.ts +++ b/server/tests/api/check-params/video-comments.ts | |||
@@ -14,7 +14,7 @@ import { | |||
14 | PeerTubeServer, | 14 | PeerTubeServer, |
15 | setAccessTokensToServers | 15 | setAccessTokensToServers |
16 | } from '@shared/extra-utils' | 16 | } from '@shared/extra-utils' |
17 | import { HttpStatusCode, VideoCreateResult } from '@shared/models' | 17 | import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models' |
18 | 18 | ||
19 | const expect = chai.expect | 19 | const expect = chai.expect |
20 | 20 | ||
@@ -26,6 +26,8 @@ describe('Test video comments API validator', function () { | |||
26 | let userAccessToken: string | 26 | let userAccessToken: string |
27 | let userAccessToken2: string | 27 | let userAccessToken2: string |
28 | let commentId: number | 28 | let commentId: number |
29 | let privateCommentId: number | ||
30 | let privateVideo: VideoCreateResult | ||
29 | 31 | ||
30 | // --------------------------------------------------------------- | 32 | // --------------------------------------------------------------- |
31 | 33 | ||
@@ -42,12 +44,21 @@ describe('Test video comments API validator', function () { | |||
42 | } | 44 | } |
43 | 45 | ||
44 | { | 46 | { |
47 | privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } }) | ||
48 | } | ||
49 | |||
50 | { | ||
45 | const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' }) | 51 | const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' }) |
46 | commentId = created.id | 52 | commentId = created.id |
47 | pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId | 53 | pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId |
48 | } | 54 | } |
49 | 55 | ||
50 | { | 56 | { |
57 | const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' }) | ||
58 | privateCommentId = created.id | ||
59 | } | ||
60 | |||
61 | { | ||
51 | const user = { username: 'user1', password: 'my super password' } | 62 | const user = { username: 'user1', password: 'my super password' } |
52 | await server.users.create({ username: user.username, password: user.password }) | 63 | await server.users.create({ username: user.username, password: user.password }) |
53 | userAccessToken = await server.login.getAccessToken(user) | 64 | userAccessToken = await server.login.getAccessToken(user) |
@@ -80,6 +91,32 @@ describe('Test video comments API validator', function () { | |||
80 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | 91 | expectedStatus: HttpStatusCode.NOT_FOUND_404 |
81 | }) | 92 | }) |
82 | }) | 93 | }) |
94 | |||
95 | it('Should fail with a private video without token', async function () { | ||
96 | await makeGetRequest({ | ||
97 | url: server.url, | ||
98 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', | ||
99 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
100 | }) | ||
101 | }) | ||
102 | |||
103 | it('Should fail with another user token', async function () { | ||
104 | await makeGetRequest({ | ||
105 | url: server.url, | ||
106 | token: userAccessToken, | ||
107 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', | ||
108 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
109 | }) | ||
110 | }) | ||
111 | |||
112 | it('Should succeed with the correct params', async function () { | ||
113 | await makeGetRequest({ | ||
114 | url: server.url, | ||
115 | token: server.accessToken, | ||
116 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads', | ||
117 | expectedStatus: HttpStatusCode.OK_200 | ||
118 | }) | ||
119 | }) | ||
83 | }) | 120 | }) |
84 | 121 | ||
85 | describe('When listing comments of a thread', function () { | 122 | describe('When listing comments of a thread', function () { |
@@ -99,9 +136,33 @@ describe('Test video comments API validator', function () { | |||
99 | }) | 136 | }) |
100 | }) | 137 | }) |
101 | 138 | ||
139 | it('Should fail with a private video without token', async function () { | ||
140 | await makeGetRequest({ | ||
141 | url: server.url, | ||
142 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId, | ||
143 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
144 | }) | ||
145 | }) | ||
146 | |||
147 | it('Should fail with another user token', async function () { | ||
148 | await makeGetRequest({ | ||
149 | url: server.url, | ||
150 | token: userAccessToken, | ||
151 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId, | ||
152 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
153 | }) | ||
154 | }) | ||
155 | |||
102 | it('Should success with the correct params', async function () { | 156 | it('Should success with the correct params', async function () { |
103 | await makeGetRequest({ | 157 | await makeGetRequest({ |
104 | url: server.url, | 158 | url: server.url, |
159 | token: server.accessToken, | ||
160 | path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId, | ||
161 | expectedStatus: HttpStatusCode.OK_200 | ||
162 | }) | ||
163 | |||
164 | await makeGetRequest({ | ||
165 | url: server.url, | ||
105 | path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId, | 166 | path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId, |
106 | expectedStatus: HttpStatusCode.OK_200 | 167 | expectedStatus: HttpStatusCode.OK_200 |
107 | }) | 168 | }) |