]>
Commit | Line | Data |
---|---|---|
56f47830 C |
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ |
2 | ||
3 | import { HttpStatusCode } from '@shared/models' | |
4 | import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers, TwoFactorCommand } from '@shared/server-commands' | |
5 | ||
6 | describe('Test two factor API validators', function () { | |
7 | let server: PeerTubeServer | |
8 | ||
9 | let rootId: number | |
10 | let rootPassword: string | |
11 | let rootRequestToken: string | |
12 | let rootOTPToken: string | |
13 | ||
14 | let userId: number | |
15 | let userToken = '' | |
16 | let userPassword: string | |
17 | let userRequestToken: string | |
18 | let userOTPToken: string | |
19 | ||
20 | // --------------------------------------------------------------- | |
21 | ||
22 | before(async function () { | |
23 | this.timeout(30000) | |
24 | ||
25 | { | |
26 | server = await createSingleServer(1) | |
27 | await setAccessTokensToServers([ server ]) | |
28 | } | |
29 | ||
30 | { | |
31 | const result = await server.users.generate('user1') | |
32 | userToken = result.token | |
33 | userId = result.userId | |
34 | userPassword = result.password | |
35 | } | |
36 | ||
37 | { | |
38 | const { id } = await server.users.getMyInfo() | |
39 | rootId = id | |
40 | rootPassword = server.store.user.password | |
41 | } | |
42 | }) | |
43 | ||
44 | describe('When requesting two factor', function () { | |
45 | ||
46 | it('Should fail with an unknown user id', async function () { | |
47 | await server.twoFactor.request({ userId: 42, currentPassword: rootPassword, expectedStatus: HttpStatusCode.NOT_FOUND_404 }) | |
48 | }) | |
49 | ||
50 | it('Should fail with an invalid user id', async function () { | |
51 | await server.twoFactor.request({ | |
52 | userId: 'invalid' as any, | |
53 | currentPassword: rootPassword, | |
54 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
55 | }) | |
56 | }) | |
57 | ||
58 | it('Should fail to request another user two factor without the appropriate rights', async function () { | |
59 | await server.twoFactor.request({ | |
60 | userId: rootId, | |
61 | token: userToken, | |
62 | currentPassword: userPassword, | |
63 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
64 | }) | |
65 | }) | |
66 | ||
67 | it('Should succeed to request another user two factor with the appropriate rights', async function () { | |
68 | await server.twoFactor.request({ userId, currentPassword: rootPassword }) | |
69 | }) | |
70 | ||
71 | it('Should fail to request two factor without a password', async function () { | |
72 | await server.twoFactor.request({ | |
73 | userId, | |
74 | token: userToken, | |
75 | currentPassword: undefined, | |
76 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
77 | }) | |
78 | }) | |
79 | ||
80 | it('Should fail to request two factor with an incorrect password', async function () { | |
81 | await server.twoFactor.request({ | |
82 | userId, | |
83 | token: userToken, | |
84 | currentPassword: rootPassword, | |
85 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
86 | }) | |
87 | }) | |
88 | ||
2166c058 C |
89 | it('Should succeed to request two factor without a password when targeting a remote user with an admin account', async function () { |
90 | await server.twoFactor.request({ userId }) | |
91 | }) | |
92 | ||
93 | it('Should fail to request two factor without a password when targeting myself with an admin account', async function () { | |
94 | await server.twoFactor.request({ userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
95 | await server.twoFactor.request({ userId: rootId, currentPassword: 'bad', expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
96 | }) | |
97 | ||
56f47830 C |
98 | it('Should succeed to request my two factor auth', async function () { |
99 | { | |
100 | const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword }) | |
101 | userRequestToken = otpRequest.requestToken | |
102 | userOTPToken = TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate() | |
103 | } | |
104 | ||
105 | { | |
106 | const { otpRequest } = await server.twoFactor.request({ userId: rootId, currentPassword: rootPassword }) | |
107 | rootRequestToken = otpRequest.requestToken | |
108 | rootOTPToken = TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate() | |
109 | } | |
110 | }) | |
111 | }) | |
112 | ||
113 | describe('When confirming two factor request', function () { | |
114 | ||
115 | it('Should fail with an unknown user id', async function () { | |
116 | await server.twoFactor.confirmRequest({ | |
117 | userId: 42, | |
118 | requestToken: rootRequestToken, | |
119 | otpToken: rootOTPToken, | |
120 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
121 | }) | |
122 | }) | |
123 | ||
124 | it('Should fail with an invalid user id', async function () { | |
125 | await server.twoFactor.confirmRequest({ | |
126 | userId: 'invalid' as any, | |
127 | requestToken: rootRequestToken, | |
128 | otpToken: rootOTPToken, | |
129 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
130 | }) | |
131 | }) | |
132 | ||
133 | it('Should fail to confirm another user two factor request without the appropriate rights', async function () { | |
134 | await server.twoFactor.confirmRequest({ | |
135 | userId: rootId, | |
136 | token: userToken, | |
137 | requestToken: rootRequestToken, | |
138 | otpToken: rootOTPToken, | |
139 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
140 | }) | |
141 | }) | |
142 | ||
143 | it('Should fail without request token', async function () { | |
144 | await server.twoFactor.confirmRequest({ | |
145 | userId, | |
146 | requestToken: undefined, | |
147 | otpToken: userOTPToken, | |
148 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
149 | }) | |
150 | }) | |
151 | ||
152 | it('Should fail with an invalid request token', async function () { | |
153 | await server.twoFactor.confirmRequest({ | |
154 | userId, | |
155 | requestToken: 'toto', | |
156 | otpToken: userOTPToken, | |
157 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
158 | }) | |
159 | }) | |
160 | ||
161 | it('Should fail with request token of another user', async function () { | |
162 | await server.twoFactor.confirmRequest({ | |
163 | userId, | |
164 | requestToken: rootRequestToken, | |
165 | otpToken: userOTPToken, | |
166 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
167 | }) | |
168 | }) | |
169 | ||
170 | it('Should fail without an otp token', async function () { | |
171 | await server.twoFactor.confirmRequest({ | |
172 | userId, | |
173 | requestToken: userRequestToken, | |
174 | otpToken: undefined, | |
175 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
176 | }) | |
177 | }) | |
178 | ||
179 | it('Should fail with a bad otp token', async function () { | |
180 | await server.twoFactor.confirmRequest({ | |
181 | userId, | |
182 | requestToken: userRequestToken, | |
183 | otpToken: '123456', | |
184 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
185 | }) | |
186 | }) | |
187 | ||
188 | it('Should succeed to confirm another user two factor request with the appropriate rights', async function () { | |
189 | await server.twoFactor.confirmRequest({ | |
190 | userId, | |
191 | requestToken: userRequestToken, | |
192 | otpToken: userOTPToken | |
193 | }) | |
194 | ||
195 | // Reinit | |
196 | await server.twoFactor.disable({ userId, currentPassword: rootPassword }) | |
197 | }) | |
198 | ||
199 | it('Should succeed to confirm my two factor request', async function () { | |
200 | await server.twoFactor.confirmRequest({ | |
201 | userId, | |
202 | token: userToken, | |
203 | requestToken: userRequestToken, | |
204 | otpToken: userOTPToken | |
205 | }) | |
206 | }) | |
207 | ||
208 | it('Should fail to confirm again two factor request', async function () { | |
209 | await server.twoFactor.confirmRequest({ | |
210 | userId, | |
211 | token: userToken, | |
212 | requestToken: userRequestToken, | |
213 | otpToken: userOTPToken, | |
214 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
215 | }) | |
216 | }) | |
217 | }) | |
218 | ||
219 | describe('When disabling two factor', function () { | |
220 | ||
221 | it('Should fail with an unknown user id', async function () { | |
222 | await server.twoFactor.disable({ | |
223 | userId: 42, | |
224 | currentPassword: rootPassword, | |
225 | expectedStatus: HttpStatusCode.NOT_FOUND_404 | |
226 | }) | |
227 | }) | |
228 | ||
229 | it('Should fail with an invalid user id', async function () { | |
230 | await server.twoFactor.disable({ | |
231 | userId: 'invalid' as any, | |
232 | currentPassword: rootPassword, | |
233 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
234 | }) | |
235 | }) | |
236 | ||
237 | it('Should fail to disable another user two factor without the appropriate rights', async function () { | |
238 | await server.twoFactor.disable({ | |
239 | userId: rootId, | |
240 | token: userToken, | |
241 | currentPassword: userPassword, | |
242 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
243 | }) | |
244 | }) | |
245 | ||
2166c058 | 246 | it('Should fail to disable two factor with an incorrect password', async function () { |
56f47830 C |
247 | await server.twoFactor.disable({ |
248 | userId, | |
249 | token: userToken, | |
250 | currentPassword: rootPassword, | |
251 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | |
252 | }) | |
253 | }) | |
254 | ||
2166c058 C |
255 | it('Should succeed to disable two factor without a password when targeting a remote user with an admin account', async function () { |
256 | await server.twoFactor.disable({ userId }) | |
257 | await server.twoFactor.requestAndConfirm({ userId }) | |
258 | }) | |
259 | ||
260 | it('Should fail to disable two factor without a password when targeting myself with an admin account', async function () { | |
261 | await server.twoFactor.disable({ userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
262 | await server.twoFactor.disable({ userId: rootId, currentPassword: 'bad', expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | |
263 | }) | |
264 | ||
56f47830 C |
265 | it('Should succeed to disable another user two factor with the appropriate rights', async function () { |
266 | await server.twoFactor.disable({ userId, currentPassword: rootPassword }) | |
267 | ||
2166c058 | 268 | await server.twoFactor.requestAndConfirm({ userId }) |
56f47830 C |
269 | }) |
270 | ||
271 | it('Should succeed to update my two factor auth', async function () { | |
272 | await server.twoFactor.disable({ userId, token: userToken, currentPassword: userPassword }) | |
273 | }) | |
274 | ||
275 | it('Should fail to disable again two factor', async function () { | |
276 | await server.twoFactor.disable({ | |
277 | userId, | |
278 | token: userToken, | |
279 | currentPassword: userPassword, | |
280 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
281 | }) | |
282 | }) | |
283 | }) | |
284 | ||
285 | after(async function () { | |
286 | await cleanupTests([ server ]) | |
287 | }) | |
288 | }) |