server/tests/api/users/oauth.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import { expect } from 'chai'
   4 import { wait } from '@shared/core-utils'
   5 import { HttpStatusCode, OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models'
   6 import { cleanupTests, createSingleServer, killallServers, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
   7
   8 describe('Test oauth', function () {
   9   let server: PeerTubeServer
  10
  11   before(async function () {
  12     this.timeout(30000)
  13
  14     server = await createSingleServer(1, {
  15       rates_limit: {
  16         login: {
  17           max: 30
  18         }
  19       }
  20     })
  21
  22     await setAccessTokensToServers([ server ])
  23   })
  24
  25   describe('OAuth client', function () {
  26
  27     function expectInvalidClient (body: PeerTubeProblemDocument) {
  28       expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
  29       expect(body.error).to.contain('client is invalid')
  30       expect(body.type.startsWith('https://')).to.be.true
  31       expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
  32     }
  33
  34     it('Should create a new client')
  35
  36     it('Should return the first client')
  37
  38     it('Should remove the last client')
  39
  40     it('Should not login with an invalid client id', async function () {
  41       const client = { id: 'client', secret: server.store.client.secret }
  42       const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  43
  44       expectInvalidClient(body)
  45     })
  46
  47     it('Should not login with an invalid client secret', async function () {
  48       const client = { id: server.store.client.id, secret: 'coucou' }
  49       const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  50
  51       expectInvalidClient(body)
  52     })
  53   })
  54
  55   describe('Login', function () {
  56
  57     function expectInvalidCredentials (body: PeerTubeProblemDocument) {
  58       expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
  59       expect(body.error).to.contain('credentials are invalid')
  60       expect(body.type.startsWith('https://')).to.be.true
  61       expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
  62     }
  63
  64     it('Should not login with an invalid username', async function () {
  65       const user = { username: 'captain crochet', password: server.store.user.password }
  66       const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  67
  68       expectInvalidCredentials(body)
  69     })
  70
  71     it('Should not login with an invalid password', async function () {
  72       const user = { username: server.store.user.username, password: 'mew_three' }
  73       const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  74
  75       expectInvalidCredentials(body)
  76     })
  77
  78     it('Should be able to login', async function () {
  79       await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
  80     })
  81
  82     it('Should be able to login with an insensitive username', async function () {
  83       const user = { username: 'RoOt', password: server.store.user.password }
  84       await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
  85
  86       const user2 = { username: 'rOoT', password: server.store.user.password }
  87       await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
  88
  89       const user3 = { username: 'ROOt', password: server.store.user.password }
  90       await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
  91     })
  92   })
  93
  94   describe('Logout', function () {
  95
  96     it('Should logout (revoke token)', async function () {
  97       await server.login.logout({ token: server.accessToken })
  98     })
  99
 100     it('Should not be able to get the user information', async function () {
 101       await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 102     })
 103
 104     it('Should not be able to upload a video', async function () {
 105       await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 106     })
 107
 108     it('Should be able to login again', async function () {
 109       const body = await server.login.login()
 110       server.accessToken = body.access_token
 111       server.refreshToken = body.refresh_token
 112     })
 113
 114     it('Should be able to get my user information again', async function () {
 115       await server.users.getMyInfo()
 116     })
 117
 118     it('Should have an expired access token', async function () {
 119       this.timeout(60000)
 120
 121       await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
 122       await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
 123
 124       await killallServers([ server ])
 125       await server.run()
 126
 127       await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 128     })
 129
 130     it('Should not be able to refresh an access token with an expired refresh token', async function () {
 131       await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 132     })
 133
 134     it('Should refresh the token', async function () {
 135       this.timeout(50000)
 136
 137       const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
 138       await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
 139
 140       await killallServers([ server ])
 141       await server.run()
 142
 143       const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
 144       server.accessToken = res.body.access_token
 145       server.refreshToken = res.body.refresh_token
 146     })
 147
 148     it('Should be able to get my user information again', async function () {
 149       await server.users.getMyInfo()
 150     })
 151   })
 152
 153   describe('Custom token lifetime', function () {
 154     before(async function () {
 155       this.timeout(120_000)
 156
 157       await server.kill()
 158       await server.run({
 159         oauth2: {
 160           token_lifetime: {
 161             access_token: '2 seconds',
 162             refresh_token: '2 seconds'
 163           }
 164         }
 165       })
 166     })
 167
 168     it('Should have a very short access token lifetime', async function () {
 169       this.timeout(50000)
 170
 171       const { access_token: accessToken } = await server.login.login()
 172       await server.users.getMyInfo({ token: accessToken })
 173
 174       await wait(3000)
 175       await server.users.getMyInfo({ token: accessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 176     })
 177
 178     it('Should have a very short refresh token lifetime', async function () {
 179       this.timeout(50000)
 180
 181       const { refresh_token: refreshToken } = await server.login.login()
 182       await server.login.refreshToken({ refreshToken })
 183
 184       await wait(3000)
 185       await server.login.refreshToken({ refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 186     })
 187   })
 188
 189   after(async function () {
 190     await cleanupTests([ server ])
 191   })
 192 })