aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api
diff options
context:
space:
mode:
Diffstat (limited to 'server/tests/api')
-rw-r--r--server/tests/api/check-params/video-comments.ts63
1 files changed, 62 insertions, 1 deletions
diff --git a/server/tests/api/check-params/video-comments.ts b/server/tests/api/check-params/video-comments.ts
index 63c3582e9..829f3c8b1 100644
--- a/server/tests/api/check-params/video-comments.ts
+++ b/server/tests/api/check-params/video-comments.ts
@@ -3,7 +3,7 @@
3import 'mocha' 3import 'mocha'
4import * as chai from 'chai' 4import * as chai from 'chai'
5import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared' 5import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '@server/tests/shared'
6import { HttpStatusCode, VideoCreateResult } from '@shared/models' 6import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
7import { 7import {
8 cleanupTests, 8 cleanupTests,
9 createSingleServer, 9 createSingleServer,
@@ -24,6 +24,8 @@ describe('Test video comments API validator', function () {
24 let userAccessToken: string 24 let userAccessToken: string
25 let userAccessToken2: string 25 let userAccessToken2: string
26 let commentId: number 26 let commentId: number
27 let privateCommentId: number
28 let privateVideo: VideoCreateResult
27 29
28 // --------------------------------------------------------------- 30 // ---------------------------------------------------------------
29 31
@@ -40,12 +42,21 @@ describe('Test video comments API validator', function () {
40 } 42 }
41 43
42 { 44 {
45 privateVideo = await server.videos.upload({ attributes: { privacy: VideoPrivacy.PRIVATE } })
46 }
47
48 {
43 const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' }) 49 const created = await server.comments.createThread({ videoId: video.uuid, text: 'coucou' })
44 commentId = created.id 50 commentId = created.id
45 pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId 51 pathComment = '/api/v1/videos/' + video.uuid + '/comments/' + commentId
46 } 52 }
47 53
48 { 54 {
55 const created = await server.comments.createThread({ videoId: privateVideo.uuid, text: 'coucou' })
56 privateCommentId = created.id
57 }
58
59 {
49 const user = { username: 'user1', password: 'my super password' } 60 const user = { username: 'user1', password: 'my super password' }
50 await server.users.create({ username: user.username, password: user.password }) 61 await server.users.create({ username: user.username, password: user.password })
51 userAccessToken = await server.login.getAccessToken(user) 62 userAccessToken = await server.login.getAccessToken(user)
@@ -78,6 +89,32 @@ describe('Test video comments API validator', function () {
78 expectedStatus: HttpStatusCode.NOT_FOUND_404 89 expectedStatus: HttpStatusCode.NOT_FOUND_404
79 }) 90 })
80 }) 91 })
92
93 it('Should fail with a private video without token', async function () {
94 await makeGetRequest({
95 url: server.url,
96 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
97 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
98 })
99 })
100
101 it('Should fail with another user token', async function () {
102 await makeGetRequest({
103 url: server.url,
104 token: userAccessToken,
105 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
106 expectedStatus: HttpStatusCode.FORBIDDEN_403
107 })
108 })
109
110 it('Should succeed with the correct params', async function () {
111 await makeGetRequest({
112 url: server.url,
113 token: server.accessToken,
114 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads',
115 expectedStatus: HttpStatusCode.OK_200
116 })
117 })
81 }) 118 })
82 119
83 describe('When listing comments of a thread', function () { 120 describe('When listing comments of a thread', function () {
@@ -97,9 +134,33 @@ describe('Test video comments API validator', function () {
97 }) 134 })
98 }) 135 })
99 136
137 it('Should fail with a private video without token', async function () {
138 await makeGetRequest({
139 url: server.url,
140 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
141 expectedStatus: HttpStatusCode.UNAUTHORIZED_401
142 })
143 })
144
145 it('Should fail with another user token', async function () {
146 await makeGetRequest({
147 url: server.url,
148 token: userAccessToken,
149 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
150 expectedStatus: HttpStatusCode.FORBIDDEN_403
151 })
152 })
153
100 it('Should success with the correct params', async function () { 154 it('Should success with the correct params', async function () {
101 await makeGetRequest({ 155 await makeGetRequest({
102 url: server.url, 156 url: server.url,
157 token: server.accessToken,
158 path: '/api/v1/videos/' + privateVideo.shortUUID + '/comment-threads/' + privateCommentId,
159 expectedStatus: HttpStatusCode.OK_200
160 })
161
162 await makeGetRequest({
163 url: server.url,
103 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId, 164 path: '/api/v1/videos/' + video.shortUUID + '/comment-threads/' + commentId,
104 expectedStatus: HttpStatusCode.OK_200 165 expectedStatus: HttpStatusCode.OK_200
105 }) 166 })