]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import { expect } from 'chai' | |
4 | import { expectStartWith } from '@server/tests/shared' | |
5 | import { HttpStatusCode } from '@shared/models' | |
6 | import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers, TwoFactorCommand } from '@shared/server-commands' | |
7 | ||
8 | async function login (options: { | |
9 | server: PeerTubeServer | |
10 | username: string | |
11 | password: string | |
12 | otpToken?: string | |
13 | expectedStatus?: HttpStatusCode | |
14 | }) { | |
15 | const { server, username, password, otpToken, expectedStatus } = options | |
16 | ||
17 | const user = { username, password } | |
18 | const { res, body: { access_token: token } } = await server.login.loginAndGetResponse({ user, otpToken, expectedStatus }) | |
19 | ||
20 | return { res, token } | |
21 | } | |
22 | ||
23 | describe('Test users', function () { | |
24 | let server: PeerTubeServer | |
25 | let otpSecret: string | |
26 | let requestToken: string | |
27 | ||
28 | const userUsername = 'user1' | |
29 | let userId: number | |
30 | let userPassword: string | |
31 | let userToken: string | |
32 | ||
33 | before(async function () { | |
34 | this.timeout(30000) | |
35 | ||
36 | server = await createSingleServer(1) | |
37 | ||
38 | await setAccessTokensToServers([ server ]) | |
39 | const res = await server.users.generate(userUsername) | |
40 | userId = res.userId | |
41 | userPassword = res.password | |
42 | userToken = res.token | |
43 | }) | |
44 | ||
45 | it('Should not add the header on login if two factor is not enabled', async function () { | |
46 | const { res, token } = await login({ server, username: userUsername, password: userPassword }) | |
47 | ||
48 | expect(res.header['x-peertube-otp']).to.not.exist | |
49 | ||
50 | await server.users.getMyInfo({ token }) | |
51 | }) | |
52 | ||
53 | it('Should request two factor and get the secret and uri', async function () { | |
54 | const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword }) | |
55 | ||
56 | expect(otpRequest.requestToken).to.exist | |
57 | ||
58 | expect(otpRequest.secret).to.exist | |
59 | expect(otpRequest.secret).to.have.lengthOf(32) | |
60 | ||
61 | expect(otpRequest.uri).to.exist | |
62 | expectStartWith(otpRequest.uri, 'otpauth://') | |
63 | expect(otpRequest.uri).to.include(otpRequest.secret) | |
64 | ||
65 | requestToken = otpRequest.requestToken | |
66 | otpSecret = otpRequest.secret | |
67 | }) | |
68 | ||
69 | it('Should not have two factor confirmed yet', async function () { | |
70 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) | |
71 | expect(twoFactorEnabled).to.be.false | |
72 | }) | |
73 | ||
74 | it('Should confirm two factor', async function () { | |
75 | await server.twoFactor.confirmRequest({ | |
76 | userId, | |
77 | token: userToken, | |
78 | otpToken: TwoFactorCommand.buildOTP({ secret: otpSecret }).generate(), | |
79 | requestToken | |
80 | }) | |
81 | }) | |
82 | ||
83 | it('Should not add the header on login if two factor is enabled and password is incorrect', async function () { | |
84 | const { res, token } = await login({ server, username: userUsername, password: 'fake', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | |
85 | ||
86 | expect(res.header['x-peertube-otp']).to.not.exist | |
87 | expect(token).to.not.exist | |
88 | }) | |
89 | ||
90 | it('Should add the header on login if two factor is enabled and password is correct', async function () { | |
91 | const { res, token } = await login({ | |
92 | server, | |
93 | username: userUsername, | |
94 | password: userPassword, | |
95 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | |
96 | }) | |
97 | ||
98 | expect(res.header['x-peertube-otp']).to.exist | |
99 | expect(token).to.not.exist | |
100 | ||
101 | await server.users.getMyInfo({ token }) | |
102 | }) | |
103 | ||
104 | it('Should not login with correct password and incorrect otp secret', async function () { | |
105 | const otp = TwoFactorCommand.buildOTP({ secret: 'a'.repeat(32) }) | |
106 | ||
107 | const { res, token } = await login({ | |
108 | server, | |
109 | username: userUsername, | |
110 | password: userPassword, | |
111 | otpToken: otp.generate(), | |
112 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
113 | }) | |
114 | ||
115 | expect(res.header['x-peertube-otp']).to.not.exist | |
116 | expect(token).to.not.exist | |
117 | }) | |
118 | ||
119 | it('Should not login with correct password and incorrect otp code', async function () { | |
120 | const { res, token } = await login({ | |
121 | server, | |
122 | username: userUsername, | |
123 | password: userPassword, | |
124 | otpToken: '123456', | |
125 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
126 | }) | |
127 | ||
128 | expect(res.header['x-peertube-otp']).to.not.exist | |
129 | expect(token).to.not.exist | |
130 | }) | |
131 | ||
132 | it('Should not login with incorrect password and correct otp code', async function () { | |
133 | const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate() | |
134 | ||
135 | const { res, token } = await login({ | |
136 | server, | |
137 | username: userUsername, | |
138 | password: 'fake', | |
139 | otpToken, | |
140 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | |
141 | }) | |
142 | ||
143 | expect(res.header['x-peertube-otp']).to.not.exist | |
144 | expect(token).to.not.exist | |
145 | }) | |
146 | ||
147 | it('Should correctly login with correct password and otp code', async function () { | |
148 | const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate() | |
149 | ||
150 | const { res, token } = await login({ server, username: userUsername, password: userPassword, otpToken }) | |
151 | ||
152 | expect(res.header['x-peertube-otp']).to.not.exist | |
153 | expect(token).to.exist | |
154 | ||
155 | await server.users.getMyInfo({ token }) | |
156 | }) | |
157 | ||
158 | it('Should have two factor enabled when getting my info', async function () { | |
159 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) | |
160 | expect(twoFactorEnabled).to.be.true | |
161 | }) | |
162 | ||
163 | it('Should disable two factor and be able to login without otp token', async function () { | |
164 | await server.twoFactor.disable({ userId, token: userToken, currentPassword: userPassword }) | |
165 | ||
166 | const { res, token } = await login({ server, username: userUsername, password: userPassword }) | |
167 | expect(res.header['x-peertube-otp']).to.not.exist | |
168 | ||
169 | await server.users.getMyInfo({ token }) | |
170 | }) | |
171 | ||
172 | it('Should have two factor disabled when getting my info', async function () { | |
173 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) | |
174 | expect(twoFactorEnabled).to.be.false | |
175 | }) | |
176 | ||
177 | it('Should enable two factor auth without password from an admin', async function () { | |
178 | const { otpRequest } = await server.twoFactor.request({ userId }) | |
179 | ||
180 | await server.twoFactor.confirmRequest({ | |
181 | userId, | |
182 | otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate(), | |
183 | requestToken: otpRequest.requestToken | |
184 | }) | |
185 | ||
186 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) | |
187 | expect(twoFactorEnabled).to.be.true | |
188 | }) | |
189 | ||
190 | it('Should disable two factor auth without password from an admin', async function () { | |
191 | await server.twoFactor.disable({ userId }) | |
192 | ||
193 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) | |
194 | expect(twoFactorEnabled).to.be.false | |
195 | }) | |
196 | ||
197 | after(async function () { | |
198 | await cleanupTests([ server ]) | |
199 | }) | |
200 | }) |