]>
Commit | Line | Data |
---|---|---|
b65f5367 C |
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ |
2 | ||
3 | import { expect } from 'chai' | |
4 | import { wait } from '@shared/core-utils' | |
5 | import { HttpStatusCode, OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models' | |
6 | import { cleanupTests, createSingleServer, killallServers, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands' | |
7 | ||
8 | describe('Test oauth', function () { | |
9 | let server: PeerTubeServer | |
10 | ||
11 | before(async function () { | |
12 | this.timeout(30000) | |
13 | ||
14 | server = await createSingleServer(1, { | |
15 | rates_limit: { | |
16 | login: { | |
17 | max: 30 | |
18 | } | |
19 | } | |
20 | }) | |
21 | ||
22 | await setAccessTokensToServers([ server ]) | |
23 | }) | |
24 | ||
25 | describe('OAuth client', function () { | |
26 | ||
27 | function expectInvalidClient (body: PeerTubeProblemDocument) { | |
28 | expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT) | |
29 | expect(body.error).to.contain('client is invalid') | |
30 | expect(body.type.startsWith('https://')).to.be.true | |
31 | expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT) | |
32 | } | |
33 | ||
34 | it('Should create a new client') | |
35 | ||
36 | it('Should return the first client') | |
37 | ||
38 | it('Should remove the last client') | |
39 | ||
40 | it('Should not login with an invalid client id', async function () { | |
41 | const client = { id: 'client', secret: server.store.client.secret } | |
42 | const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
43 | ||
44 | expectInvalidClient(body) | |
45 | }) | |
46 | ||
47 | it('Should not login with an invalid client secret', async function () { | |
48 | const client = { id: server.store.client.id, secret: 'coucou' } | |
49 | const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
50 | ||
51 | expectInvalidClient(body) | |
52 | }) | |
53 | }) | |
54 | ||
55 | describe('Login', function () { | |
56 | ||
57 | function expectInvalidCredentials (body: PeerTubeProblemDocument) { | |
58 | expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT) | |
59 | expect(body.error).to.contain('credentials are invalid') | |
60 | expect(body.type.startsWith('https://')).to.be.true | |
61 | expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT) | |
62 | } | |
63 | ||
64 | it('Should not login with an invalid username', async function () { | |
65 | const user = { username: 'captain crochet', password: server.store.user.password } | |
66 | const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
67 | ||
68 | expectInvalidCredentials(body) | |
69 | }) | |
70 | ||
71 | it('Should not login with an invalid password', async function () { | |
72 | const user = { username: server.store.user.username, password: 'mew_three' } | |
73 | const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
74 | ||
75 | expectInvalidCredentials(body) | |
76 | }) | |
77 | ||
78 | it('Should be able to login', async function () { | |
79 | await server.login.login({ expectedStatus: HttpStatusCode.OK_200 }) | |
80 | }) | |
81 | ||
82 | it('Should be able to login with an insensitive username', async function () { | |
83 | const user = { username: 'RoOt', password: server.store.user.password } | |
84 | await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 }) | |
85 | ||
86 | const user2 = { username: 'rOoT', password: server.store.user.password } | |
87 | await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 }) | |
88 | ||
89 | const user3 = { username: 'ROOt', password: server.store.user.password } | |
90 | await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 }) | |
91 | }) | |
92 | }) | |
93 | ||
94 | describe('Logout', function () { | |
95 | ||
96 | it('Should logout (revoke token)', async function () { | |
97 | await server.login.logout({ token: server.accessToken }) | |
98 | }) | |
99 | ||
100 | it('Should not be able to get the user information', async function () { | |
101 | await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
102 | }) | |
103 | ||
104 | it('Should not be able to upload a video', async function () { | |
105 | await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
106 | }) | |
107 | ||
108 | it('Should be able to login again', async function () { | |
109 | const body = await server.login.login() | |
110 | server.accessToken = body.access_token | |
111 | server.refreshToken = body.refresh_token | |
112 | }) | |
113 | ||
114 | it('Should be able to get my user information again', async function () { | |
115 | await server.users.getMyInfo() | |
116 | }) | |
117 | ||
118 | it('Should have an expired access token', async function () { | |
119 | this.timeout(60000) | |
120 | ||
121 | await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString()) | |
122 | await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString()) | |
123 | ||
124 | await killallServers([ server ]) | |
125 | await server.run() | |
126 | ||
127 | await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
128 | }) | |
129 | ||
130 | it('Should not be able to refresh an access token with an expired refresh token', async function () { | |
131 | await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
132 | }) | |
133 | ||
134 | it('Should refresh the token', async function () { | |
135 | this.timeout(50000) | |
136 | ||
137 | const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString() | |
138 | await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate) | |
139 | ||
140 | await killallServers([ server ]) | |
141 | await server.run() | |
142 | ||
143 | const res = await server.login.refreshToken({ refreshToken: server.refreshToken }) | |
144 | server.accessToken = res.body.access_token | |
145 | server.refreshToken = res.body.refresh_token | |
146 | }) | |
147 | ||
148 | it('Should be able to get my user information again', async function () { | |
149 | await server.users.getMyInfo() | |
150 | }) | |
151 | }) | |
152 | ||
153 | describe('Custom token lifetime', function () { | |
154 | before(async function () { | |
155 | this.timeout(120_000) | |
156 | ||
157 | await server.kill() | |
158 | await server.run({ | |
159 | oauth2: { | |
160 | token_lifetime: { | |
161 | access_token: '2 seconds', | |
162 | refresh_token: '2 seconds' | |
163 | } | |
164 | } | |
165 | }) | |
166 | }) | |
167 | ||
168 | it('Should have a very short access token lifetime', async function () { | |
169 | this.timeout(50000) | |
170 | ||
171 | const { access_token: accessToken } = await server.login.login() | |
172 | await server.users.getMyInfo({ token: accessToken }) | |
173 | ||
174 | await wait(3000) | |
175 | await server.users.getMyInfo({ token: accessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | |
176 | }) | |
177 | ||
178 | it('Should have a very short refresh token lifetime', async function () { | |
179 | this.timeout(50000) | |
180 | ||
181 | const { refresh_token: refreshToken } = await server.login.login() | |
182 | await server.login.refreshToken({ refreshToken }) | |
183 | ||
184 | await wait(3000) | |
185 | await server.login.refreshToken({ refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
186 | }) | |
187 | }) | |
188 | ||
189 | after(async function () { | |
190 | await cleanupTests([ server ]) | |
191 | }) | |
192 | }) |