[github/Chocobozzz/PeerTube.git] / server / tests / plugins / external-auth.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import { expect } from 'chai'
import { wait } from '@shared/core-utils'
import { HttpStatusCode, UserRole } from '@shared/models'
import {
  cleanupTests,
  createSingleServer,
  decodeQueryString,
  PeerTubeServer,
  PluginsCommand,
  setAccessTokensToServers
} from '@shared/server-commands'

async function loginExternal (options: {
  server: PeerTubeServer
  npmName: string
  authName: string
  username: string
  query?: any
  expectedStatus?: HttpStatusCode
  expectedStatusStep2?: HttpStatusCode
}) {
  const res = await options.server.plugins.getExternalAuth({
    npmName: options.npmName,
    npmVersion: '0.0.1',
    authName: options.authName,
    query: options.query,
    expectedStatus: options.expectedStatus || HttpStatusCode.FOUND_302
  })

  if (res.status !== HttpStatusCode.FOUND_302) return

  const location = res.header.location
  const { externalAuthToken } = decodeQueryString(location)

  const resLogin = await options.server.login.loginUsingExternalToken({
    username: options.username,
    externalAuthToken: externalAuthToken as string,
    expectedStatus: options.expectedStatusStep2
  })

  return resLogin.body
}

describe('Test external auth plugins', function () {
  let server: PeerTubeServer

  let cyanAccessToken: string
  let cyanRefreshToken: string

  let kefkaAccessToken: string
  let kefkaRefreshToken: string

  let externalAuthToken: string

  before(async function () {
    this.timeout(30000)

    server = await createSingleServer(1, {
      rates_limit: {
        login: {
          max: 30
        }
      }
    })

    await setAccessTokensToServers([ server ])

    for (const suffix of [ 'one', 'two', 'three' ]) {
      await server.plugins.install({ path: PluginsCommand.getPluginTestPath('-external-auth-' + suffix) })
    }
  })

  it('Should display the correct configuration', async function () {
    const config = await server.config.getConfig()

    const auths = config.plugin.registeredExternalAuths
    expect(auths).to.have.lengthOf(9)

    const auth2 = auths.find((a) => a.authName === 'external-auth-2')
    expect(auth2).to.exist
    expect(auth2.authDisplayName).to.equal('External Auth 2')
    expect(auth2.npmName).to.equal('peertube-plugin-test-external-auth-one')
  })

  it('Should redirect for a Cyan login', async function () {
    const res = await server.plugins.getExternalAuth({
      npmName: 'test-external-auth-one',
      npmVersion: '0.0.1',
      authName: 'external-auth-1',
      query: {
        username: 'cyan'
      },
      expectedStatus: HttpStatusCode.FOUND_302
    })

    const location = res.header.location
    expect(location.startsWith('/login?')).to.be.true

    const searchParams = decodeQueryString(location)

    expect(searchParams.externalAuthToken).to.exist
    expect(searchParams.username).to.equal('cyan')

    externalAuthToken = searchParams.externalAuthToken as string
  })

  it('Should reject auto external login with a missing or invalid token', async function () {
    const command = server.login

    await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: '', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  })

  it('Should reject auto external login with a missing or invalid username', async function () {
    const command = server.login

    await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  })

  it('Should reject auto external login with an expired token', async function () {
    this.timeout(15000)

    await wait(5000)

    await server.login.loginUsingExternalToken({
      username: 'cyan',
      externalAuthToken,
      expectedStatus: HttpStatusCode.BAD_REQUEST_400
    })

    await server.servers.waitUntilLog('expired external auth token', 4)
  })

  it('Should auto login Cyan, create the user and use the token', async function () {
    {
      const res = await loginExternal({
        server,
        npmName: 'test-external-auth-one',
        authName: 'external-auth-1',
        query: {
          username: 'cyan'
        },
        username: 'cyan'
      })

      cyanAccessToken = res.access_token
      cyanRefreshToken = res.refresh_token
    }

    {
      const body = await server.users.getMyInfo({ token: cyanAccessToken })
      expect(body.username).to.equal('cyan')
      expect(body.account.displayName).to.equal('cyan')
      expect(body.email).to.equal('cyan@example.com')
      expect(body.role.id).to.equal(UserRole.USER)
    }
  })

  it('Should auto login Kefka, create the user and use the token', async function () {
    {
      const res = await loginExternal({
        server,
        npmName: 'test-external-auth-one',
        authName: 'external-auth-2',
        username: 'kefka'
      })

      kefkaAccessToken = res.access_token
      kefkaRefreshToken = res.refresh_token
    }

    {
      const body = await server.users.getMyInfo({ token: kefkaAccessToken })
      expect(body.username).to.equal('kefka')
      expect(body.account.displayName).to.equal('Kefka Palazzo')
      expect(body.email).to.equal('kefka@example.com')
      expect(body.role.id).to.equal(UserRole.ADMINISTRATOR)
    }
  })

  it('Should refresh Cyan token, but not Kefka token', async function () {
    {
      const resRefresh = await server.login.refreshToken({ refreshToken: cyanRefreshToken })
      cyanAccessToken = resRefresh.body.access_token
      cyanRefreshToken = resRefresh.body.refresh_token

      const body = await server.users.getMyInfo({ token: cyanAccessToken })
      expect(body.username).to.equal('cyan')
    }

    {
      await server.login.refreshToken({ refreshToken: kefkaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    }
  })

  it('Should update Cyan profile', async function () {
    await server.users.updateMe({
      token: cyanAccessToken,
      displayName: 'Cyan Garamonde',
      description: 'Retainer to the king of Doma'
    })

    const body = await server.users.getMyInfo({ token: cyanAccessToken })
    expect(body.account.displayName).to.equal('Cyan Garamonde')
    expect(body.account.description).to.equal('Retainer to the king of Doma')
  })

  it('Should logout Cyan', async function () {
    await server.login.logout({ token: cyanAccessToken })
  })

  it('Should have logged out Cyan', async function () {
    await server.servers.waitUntilLog('On logout cyan')

    await server.users.getMyInfo({ token: cyanAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
  })

  it('Should login Cyan and keep the old existing profile', async function () {
    {
      const res = await loginExternal({
        server,
        npmName: 'test-external-auth-one',
        authName: 'external-auth-1',
        query: {
          username: 'cyan'
        },
        username: 'cyan'
      })

      cyanAccessToken = res.access_token
    }

    const body = await server.users.getMyInfo({ token: cyanAccessToken })
    expect(body.username).to.equal('cyan')
    expect(body.account.displayName).to.equal('Cyan Garamonde')
    expect(body.account.description).to.equal('Retainer to the king of Doma')
    expect(body.role.id).to.equal(UserRole.USER)
  })

  it('Should not update an external auth email', async function () {
    await server.users.updateMe({
      token: cyanAccessToken,
      email: 'toto@example.com',
      currentPassword: 'toto',
      expectedStatus: HttpStatusCode.BAD_REQUEST_400
    })
  })

  it('Should reject token of Kefka by the plugin hook', async function () {
    this.timeout(10000)

    await wait(5000)

    await server.users.getMyInfo({ token: kefkaAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
  })

  it('Should unregister external-auth-2 and do not login existing Kefka', async function () {
    await server.plugins.updateSettings({
      npmName: 'peertube-plugin-test-external-auth-one',
      settings: { disableKefka: true }
    })

    await server.login.login({ user: { username: 'kefka', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })

    await loginExternal({
      server,
      npmName: 'test-external-auth-one',
      authName: 'external-auth-2',
      query: {
        username: 'kefka'
      },
      username: 'kefka',
      expectedStatus: HttpStatusCode.NOT_FOUND_404
    })
  })

  it('Should have disabled this auth', async function () {
    const config = await server.config.getConfig()

    const auths = config.plugin.registeredExternalAuths
    expect(auths).to.have.lengthOf(8)

    const auth1 = auths.find(a => a.authName === 'external-auth-2')
    expect(auth1).to.not.exist
  })

  it('Should uninstall the plugin one and do not login Cyan', async function () {
    await server.plugins.uninstall({ npmName: 'peertube-plugin-test-external-auth-one' })

    await loginExternal({
      server,
      npmName: 'test-external-auth-one',
      authName: 'external-auth-1',
      query: {
        username: 'cyan'
      },
      username: 'cyan',
      expectedStatus: HttpStatusCode.NOT_FOUND_404
    })

    await server.login.login({ user: { username: 'cyan', password: null }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    await server.login.login({ user: { username: 'cyan', password: '' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    await server.login.login({ user: { username: 'cyan', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  })

  it('Should not login kefka with another plugin', async function () {
    await loginExternal({
      server,
      npmName: 'test-external-auth-two',
      authName: 'external-auth-4',
      username: 'kefka2',
      expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
    })

    await loginExternal({
      server,
      npmName: 'test-external-auth-two',
      authName: 'external-auth-4',
      username: 'kefka',
      expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
    })
  })

  it('Should not login an existing user email', async function () {
    await server.users.create({ username: 'existing_user', password: 'super_password' })

    await loginExternal({
      server,
      npmName: 'test-external-auth-two',
      authName: 'external-auth-6',
      username: 'existing_user',
      expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
    })
  })

  it('Should be able to login an existing user username and channel', async function () {
    await server.users.create({ username: 'existing_user2' })
    await server.users.create({ username: 'existing_user2-1_channel' })

    // Test twice to ensure we don't generate a username on every login
    for (let i = 0; i < 2; i++) {
      const res = await loginExternal({
        server,
        npmName: 'test-external-auth-two',
        authName: 'external-auth-7',
        username: 'existing_user2'
      })

      const token = res.access_token

      const myInfo = await server.users.getMyInfo({ token })
      expect(myInfo.username).to.equal('existing_user2-1')

      expect(myInfo.videoChannels[0].name).to.equal('existing_user2-1_channel-1')
    }
  })

  it('Should display the correct configuration', async function () {
    const config = await server.config.getConfig()

    const auths = config.plugin.registeredExternalAuths
    expect(auths).to.have.lengthOf(7)

    const auth2 = auths.find((a) => a.authName === 'external-auth-2')
    expect(auth2).to.not.exist
  })

  after(async function () {
    await cleanupTests([ server ])
  })

  it('Should forward the redirectUrl if the plugin returns one', async function () {
    const resLogin = await loginExternal({
      server,
      npmName: 'test-external-auth-three',
      authName: 'external-auth-7',
      username: 'cid'
    })

    const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
    expect(redirectUrl).to.equal('https://example.com/redirectUrl')
  })

  it('Should call the plugin\'s onLogout method with the request', async function () {
    const resLogin = await loginExternal({
      server,
      npmName: 'test-external-auth-three',
      authName: 'external-auth-8',
      username: 'cid'
    })

    const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
    expect(redirectUrl).to.equal('https://example.com/redirectUrl?access_token=' + resLogin.access_token)
  })
})
Commit	Line	Data
9107d791 C	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
9107d791 C	2
9107d791	3	import { expect } from 'chai'
c55e3d72 C	4	import { wait } from '@shared/core-utils'
c55e3d72 C	5	import { HttpStatusCode, UserRole } from '@shared/models'
9107d791	6	import {
ae2abfd3	7	cleanupTests,
254d3579	8	createSingleServer,
4c7e60bc	9	decodeQueryString,
254d3579	10	PeerTubeServer,
4c7e60bc	11	PluginsCommand,
c55e3d72	12	setAccessTokensToServers
bf54587a	13	} from '@shared/server-commands'
9107d791 C	14
9107d791 C	15	async function loginExternal (options: {
254d3579	16	server: PeerTubeServer
9107d791 C	17	npmName: string
	18	authName: string
	19	username: string
	20	query?: any
c0e8b12e C	21	expectedStatus?: HttpStatusCode
c0e8b12e C	22	expectedStatusStep2?: HttpStatusCode
9107d791	23	}) {
89d241a7	24	const res = await options.server.plugins.getExternalAuth({
9107d791 C	25	npmName: options.npmName,
	26	npmVersion: '0.0.1',
	27	authName: options.authName,
	28	query: options.query,
c0e8b12e	29	expectedStatus: options.expectedStatus \|\| HttpStatusCode.FOUND_302
9107d791 C	30	})
9107d791 C	31
2d53be02	32	if (res.status !== HttpStatusCode.FOUND_302) return
9107d791 C	33
	34	const location = res.header.location
	35	const { externalAuthToken } = decodeQueryString(location)
	36
89d241a7	37	const resLogin = await options.server.login.loginUsingExternalToken({
41d1d075 C	38	username: options.username,
41d1d075 C	39	externalAuthToken: externalAuthToken as string,
c0e8b12e	40	expectedStatus: options.expectedStatusStep2
41d1d075	41	})
9107d791 C	42
	43	return resLogin.body
	44	}
	45
	46	describe('Test external auth plugins', function () {
254d3579	47	let server: PeerTubeServer
9107d791 C	48
	49	let cyanAccessToken: string
	50	let cyanRefreshToken: string
	51
	52	let kefkaAccessToken: string
	53	let kefkaRefreshToken: string
	54
	55	let externalAuthToken: string
	56
	57	before(async function () {
	58	this.timeout(30000)
	59
0b6f5316 C	60	server = await createSingleServer(1, {
	61	rates_limit: {
	62	login: {
	63	max: 30
	64	}
	65	}
	66	})
	67
9107d791 C	68	await setAccessTokensToServers([ server ])
9107d791 C	69
74fd2643	70	for (const suffix of [ 'one', 'two', 'three' ]) {
89d241a7	71	await server.plugins.install({ path: PluginsCommand.getPluginTestPath('-external-auth-' + suffix) })
9107d791 C	72	}
	73	})
	74
	75	it('Should display the correct configuration', async function () {
89d241a7	76	const config = await server.config.getConfig()
9107d791 C	77
9107d791 C	78	const auths = config.plugin.registeredExternalAuths
0b6f5316	79	expect(auths).to.have.lengthOf(9)
9107d791 C	80
	81	const auth2 = auths.find((a) => a.authName === 'external-auth-2')
	82	expect(auth2).to.exist
	83	expect(auth2.authDisplayName).to.equal('External Auth 2')
	84	expect(auth2.npmName).to.equal('peertube-plugin-test-external-auth-one')
	85	})
	86
	87	it('Should redirect for a Cyan login', async function () {
89d241a7	88	const res = await server.plugins.getExternalAuth({
9107d791 C	89	npmName: 'test-external-auth-one',
	90	npmVersion: '0.0.1',
	91	authName: 'external-auth-1',
	92	query: {
	93	username: 'cyan'
	94	},
ae2abfd3	95	expectedStatus: HttpStatusCode.FOUND_302
9107d791 C	96	})
	97
	98	const location = res.header.location
	99	expect(location.startsWith('/login?')).to.be.true
	100
	101	const searchParams = decodeQueryString(location)
	102
	103	expect(searchParams.externalAuthToken).to.exist
	104	expect(searchParams.username).to.equal('cyan')
	105
	106	externalAuthToken = searchParams.externalAuthToken as string
	107	})
	108
	109	it('Should reject auto external login with a missing or invalid token', async function () {
89d241a7	110	const command = server.login
41d1d075 C	111
	112	await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: '', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	113	await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
9107d791 C	114	})
	115
	116	it('Should reject auto external login with a missing or invalid username', async function () {
89d241a7	117	const command = server.login
41d1d075 C	118
	119	await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	120	await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
9107d791 C	121	})
	122
	123	it('Should reject auto external login with an expired token', async function () {
	124	this.timeout(15000)
	125
	126	await wait(5000)
	127
89d241a7	128	await server.login.loginUsingExternalToken({
41d1d075 C	129	username: 'cyan',
	130	externalAuthToken,
	131	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	132	})
9107d791	133
65058050	134	await server.servers.waitUntilLog('expired external auth token', 4)
9107d791 C	135	})
	136
	137	it('Should auto login Cyan, create the user and use the token', async function () {
	138	{
	139	const res = await loginExternal({
	140	server,
	141	npmName: 'test-external-auth-one',
	142	authName: 'external-auth-1',
	143	query: {
	144	username: 'cyan'
	145	},
	146	username: 'cyan'
	147	})
	148
	149	cyanAccessToken = res.access_token
	150	cyanRefreshToken = res.refresh_token
	151	}
	152
	153	{
89d241a7	154	const body = await server.users.getMyInfo({ token: cyanAccessToken })
9107d791 C	155	expect(body.username).to.equal('cyan')
	156	expect(body.account.displayName).to.equal('cyan')
	157	expect(body.email).to.equal('cyan@example.com')
9e5cf66b	158	expect(body.role.id).to.equal(UserRole.USER)
9107d791 C	159	}
	160	})
	161
	162	it('Should auto login Kefka, create the user and use the token', async function () {
	163	{
	164	const res = await loginExternal({
	165	server,
	166	npmName: 'test-external-auth-one',
	167	authName: 'external-auth-2',
	168	username: 'kefka'
	169	})
	170
	171	kefkaAccessToken = res.access_token
	172	kefkaRefreshToken = res.refresh_token
	173	}
	174
	175	{
89d241a7	176	const body = await server.users.getMyInfo({ token: kefkaAccessToken })
9107d791 C	177	expect(body.username).to.equal('kefka')
	178	expect(body.account.displayName).to.equal('Kefka Palazzo')
	179	expect(body.email).to.equal('kefka@example.com')
9e5cf66b	180	expect(body.role.id).to.equal(UserRole.ADMINISTRATOR)
9107d791 C	181	}
	182	})
	183
	184	it('Should refresh Cyan token, but not Kefka token', async function () {
	185	{
89d241a7	186	const resRefresh = await server.login.refreshToken({ refreshToken: cyanRefreshToken })
9107d791 C	187	cyanAccessToken = resRefresh.body.access_token
	188	cyanRefreshToken = resRefresh.body.refresh_token
	189
89d241a7	190	const body = await server.users.getMyInfo({ token: cyanAccessToken })
7926c5f9	191	expect(body.username).to.equal('cyan')
9107d791 C	192	}
	193
	194	{
89d241a7	195	await server.login.refreshToken({ refreshToken: kefkaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
9107d791 C	196	}
	197	})
	198
	199	it('Should update Cyan profile', async function () {
89d241a7	200	await server.users.updateMe({
7926c5f9	201	token: cyanAccessToken,
9107d791 C	202	displayName: 'Cyan Garamonde',
	203	description: 'Retainer to the king of Doma'
	204	})
	205
89d241a7	206	const body = await server.users.getMyInfo({ token: cyanAccessToken })
9107d791 C	207	expect(body.account.displayName).to.equal('Cyan Garamonde')
	208	expect(body.account.description).to.equal('Retainer to the king of Doma')
	209	})
	210
	211	it('Should logout Cyan', async function () {
89d241a7	212	await server.login.logout({ token: cyanAccessToken })
9107d791 C	213	})
	214
	215	it('Should have logged out Cyan', async function () {
89d241a7	216	await server.servers.waitUntilLog('On logout cyan')
9107d791	217
89d241a7	218	await server.users.getMyInfo({ token: cyanAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
9107d791 C	219	})
	220
	221	it('Should login Cyan and keep the old existing profile', async function () {
	222	{
	223	const res = await loginExternal({
	224	server,
	225	npmName: 'test-external-auth-one',
	226	authName: 'external-auth-1',
	227	query: {
	228	username: 'cyan'
	229	},
	230	username: 'cyan'
	231	})
	232
	233	cyanAccessToken = res.access_token
	234	}
	235
89d241a7	236	const body = await server.users.getMyInfo({ token: cyanAccessToken })
9107d791 C	237	expect(body.username).to.equal('cyan')
	238	expect(body.account.displayName).to.equal('Cyan Garamonde')
	239	expect(body.account.description).to.equal('Retainer to the king of Doma')
9e5cf66b	240	expect(body.role.id).to.equal(UserRole.USER)
9107d791 C	241	})
9107d791 C	242
9a7fd960	243	it('Should not update an external auth email', async function () {
89d241a7	244	await server.users.updateMe({
7926c5f9	245	token: cyanAccessToken,
9a7fd960 C	246	email: 'toto@example.com',
9a7fd960 C	247	currentPassword: 'toto',
7926c5f9	248	expectedStatus: HttpStatusCode.BAD_REQUEST_400
9a7fd960 C	249	})
	250	})
	251
9107d791 C	252	it('Should reject token of Kefka by the plugin hook', async function () {
	253	this.timeout(10000)
	254
	255	await wait(5000)
	256
89d241a7	257	await server.users.getMyInfo({ token: kefkaAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
9107d791 C	258	})
9107d791 C	259
a4995eb7	260	it('Should unregister external-auth-2 and do not login existing Kefka', async function () {
89d241a7	261	await server.plugins.updateSettings({
a4995eb7 C	262	npmName: 'peertube-plugin-test-external-auth-one',
	263	settings: { disableKefka: true }
	264	})
	265
89d241a7	266	await server.login.login({ user: { username: 'kefka', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
a4995eb7 C	267
	268	await loginExternal({
	269	server,
	270	npmName: 'test-external-auth-one',
	271	authName: 'external-auth-2',
	272	query: {
	273	username: 'kefka'
	274	},
	275	username: 'kefka',
c0e8b12e	276	expectedStatus: HttpStatusCode.NOT_FOUND_404
a4995eb7 C	277	})
	278	})
	279
	280	it('Should have disabled this auth', async function () {
89d241a7	281	const config = await server.config.getConfig()
a4995eb7 C	282
a4995eb7 C	283	const auths = config.plugin.registeredExternalAuths
0b6f5316	284	expect(auths).to.have.lengthOf(8)
a4995eb7 C	285
	286	const auth1 = auths.find(a => a.authName === 'external-auth-2')
	287	expect(auth1).to.not.exist
	288	})
	289
9107d791	290	it('Should uninstall the plugin one and do not login Cyan', async function () {
89d241a7	291	await server.plugins.uninstall({ npmName: 'peertube-plugin-test-external-auth-one' })
9107d791 C	292
	293	await loginExternal({
	294	server,
	295	npmName: 'test-external-auth-one',
	296	authName: 'external-auth-1',
	297	query: {
	298	username: 'cyan'
	299	},
	300	username: 'cyan',
c0e8b12e	301	expectedStatus: HttpStatusCode.NOT_FOUND_404
9107d791	302	})
d253bfaa	303
89d241a7 C	304	await server.login.login({ user: { username: 'cyan', password: null }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	305	await server.login.login({ user: { username: 'cyan', password: '' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	306	await server.login.login({ user: { username: 'cyan', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
d253bfaa C	307	})
	308
	309	it('Should not login kefka with another plugin', async function () {
	310	await loginExternal({
	311	server,
	312	npmName: 'test-external-auth-two',
	313	authName: 'external-auth-4',
	314	username: 'kefka2',
c0e8b12e	315	expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
d253bfaa C	316	})
	317
	318	await loginExternal({
	319	server,
	320	npmName: 'test-external-auth-two',
	321	authName: 'external-auth-4',
	322	username: 'kefka',
c0e8b12e	323	expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
d253bfaa C	324	})
	325	})
	326
0b6f5316	327	it('Should not login an existing user email', async function () {
89d241a7	328	await server.users.create({ username: 'existing_user', password: 'super_password' })
d253bfaa C	329
	330	await loginExternal({
	331	server,
	332	npmName: 'test-external-auth-two',
	333	authName: 'external-auth-6',
	334	username: 'existing_user',
c0e8b12e	335	expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
d253bfaa	336	})
9107d791 C	337	})
9107d791 C	338
0b6f5316 C	339	it('Should be able to login an existing user username and channel', async function () {
	340	await server.users.create({ username: 'existing_user2' })
	341	await server.users.create({ username: 'existing_user2-1_channel' })
	342
	343	// Test twice to ensure we don't generate a username on every login
	344	for (let i = 0; i < 2; i++) {
	345	const res = await loginExternal({
	346	server,
	347	npmName: 'test-external-auth-two',
	348	authName: 'external-auth-7',
	349	username: 'existing_user2'
	350	})
	351
	352	const token = res.access_token
	353
	354	const myInfo = await server.users.getMyInfo({ token })
	355	expect(myInfo.username).to.equal('existing_user2-1')
	356
	357	expect(myInfo.videoChannels[0].name).to.equal('existing_user2-1_channel-1')
	358	}
	359	})
	360
9107d791	361	it('Should display the correct configuration', async function () {
89d241a7	362	const config = await server.config.getConfig()
9107d791 C	363
9107d791 C	364	const auths = config.plugin.registeredExternalAuths
0b6f5316	365	expect(auths).to.have.lengthOf(7)
9107d791 C	366
	367	const auth2 = auths.find((a) => a.authName === 'external-auth-2')
	368	expect(auth2).to.not.exist
	369	})
	370
	371	after(async function () {
	372	await cleanupTests([ server ])
	373	})
74fd2643 C	374
	375	it('Should forward the redirectUrl if the plugin returns one', async function () {
	376	const resLogin = await loginExternal({
	377	server,
	378	npmName: 'test-external-auth-three',
	379	authName: 'external-auth-7',
	380	username: 'cid'
	381	})
	382
89d241a7	383	const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
41d1d075	384	expect(redirectUrl).to.equal('https://example.com/redirectUrl')
74fd2643 C	385	})
	386
	387	it('Should call the plugin\'s onLogout method with the request', async function () {
	388	const resLogin = await loginExternal({
	389	server,
	390	npmName: 'test-external-auth-three',
	391	authName: 'external-auth-8',
	392	username: 'cid'
	393	})
	394
89d241a7	395	const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
41d1d075	396	expect(redirectUrl).to.equal('https://example.com/redirectUrl?access_token=' + resLogin.access_token)
74fd2643	397	})
9107d791	398	})