1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
4 import { expect } from 'chai'
5 import { HttpStatusCode } from '@shared/core-utils'
13 setAccessTokensToServers,
16 } from '@shared/extra-utils'
17 import { User, UserRole } from '@shared/models'
19 describe('Test id and pass auth plugins', function () {
20 let server: ServerInfo
22 let crashAccessToken: string
23 let crashRefreshToken: string
25 let lagunaAccessToken: string
26 let lagunaRefreshToken: string
28 before(async function () {
31 server = await flushAndRunServer(1)
32 await setAccessTokensToServers([ server ])
34 for (const suffix of [ 'one', 'two', 'three' ]) {
35 await server.pluginsCommand.install({ path: PluginsCommand.getPluginTestPath('-id-pass-auth-' + suffix) })
39 it('Should display the correct configuration', async function () {
40 const config = await server.configCommand.getConfig()
42 const auths = config.plugin.registeredIdAndPassAuths
43 expect(auths).to.have.lengthOf(8)
45 const crashAuth = auths.find(a => a.authName === 'crash-auth')
46 expect(crashAuth).to.exist
47 expect(crashAuth.npmName).to.equal('peertube-plugin-test-id-pass-auth-one')
48 expect(crashAuth.weight).to.equal(50)
51 it('Should not login', async function () {
52 await server.loginCommand.login({ user: { username: 'toto', password: 'password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
55 it('Should login Spyro, create the user and use the token', async function () {
56 const accessToken = await server.loginCommand.getAccessToken({ username: 'spyro', password: 'spyro password' })
58 const res = await getMyUserInformation(server.url, accessToken)
60 const body: User = res.body
61 expect(body.username).to.equal('spyro')
62 expect(body.account.displayName).to.equal('Spyro the Dragon')
63 expect(body.role).to.equal(UserRole.USER)
66 it('Should login Crash, create the user and use the token', async function () {
68 const body = await server.loginCommand.login({ user: { username: 'crash', password: 'crash password' } })
69 crashAccessToken = body.access_token
70 crashRefreshToken = body.refresh_token
74 const res = await getMyUserInformation(server.url, crashAccessToken)
76 const body: User = res.body
77 expect(body.username).to.equal('crash')
78 expect(body.account.displayName).to.equal('Crash Bandicoot')
79 expect(body.role).to.equal(UserRole.MODERATOR)
83 it('Should login the first Laguna, create the user and use the token', async function () {
85 const body = await server.loginCommand.login({ user: { username: 'laguna', password: 'laguna password' } })
86 lagunaAccessToken = body.access_token
87 lagunaRefreshToken = body.refresh_token
91 const res = await getMyUserInformation(server.url, lagunaAccessToken)
93 const body: User = res.body
94 expect(body.username).to.equal('laguna')
95 expect(body.account.displayName).to.equal('laguna')
96 expect(body.role).to.equal(UserRole.USER)
100 it('Should refresh crash token, but not laguna token', async function () {
102 const resRefresh = await server.loginCommand.refreshToken({ refreshToken: crashRefreshToken })
103 crashAccessToken = resRefresh.body.access_token
104 crashRefreshToken = resRefresh.body.refresh_token
106 const res = await getMyUserInformation(server.url, crashAccessToken)
107 const user: User = res.body
108 expect(user.username).to.equal('crash')
112 await server.loginCommand.refreshToken({ refreshToken: lagunaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
116 it('Should update Crash profile', async function () {
119 accessToken: crashAccessToken,
120 displayName: 'Beautiful Crash',
121 description: 'Mutant eastern barred bandicoot'
124 const res = await getMyUserInformation(server.url, crashAccessToken)
126 const body: User = res.body
127 expect(body.account.displayName).to.equal('Beautiful Crash')
128 expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
131 it('Should logout Crash', async function () {
132 await server.loginCommand.logout({ token: crashAccessToken })
135 it('Should have logged out Crash', async function () {
136 await server.serversCommand.waitUntilLog('On logout for auth 1 - 2')
138 await getMyUserInformation(server.url, crashAccessToken, 401)
141 it('Should login Crash and keep the old existing profile', async function () {
142 crashAccessToken = await server.loginCommand.getAccessToken({ username: 'crash', password: 'crash password' })
144 const res = await getMyUserInformation(server.url, crashAccessToken)
146 const body: User = res.body
147 expect(body.username).to.equal('crash')
148 expect(body.account.displayName).to.equal('Beautiful Crash')
149 expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
150 expect(body.role).to.equal(UserRole.MODERATOR)
153 it('Should reject token of laguna by the plugin hook', async function () {
158 await getMyUserInformation(server.url, lagunaAccessToken, 401)
161 it('Should reject an invalid username, email, role or display name', async function () {
162 const command = server.loginCommand
164 await command.login({ user: { username: 'ward', password: 'ward password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
165 await server.serversCommand.waitUntilLog('valid username')
167 await command.login({ user: { username: 'kiros', password: 'kiros password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
168 await server.serversCommand.waitUntilLog('valid display name')
170 await command.login({ user: { username: 'raine', password: 'raine password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
171 await server.serversCommand.waitUntilLog('valid role')
173 await command.login({ user: { username: 'ellone', password: 'elonne password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
174 await server.serversCommand.waitUntilLog('valid email')
177 it('Should unregister spyro-auth and do not login existing Spyro', async function () {
178 await server.pluginsCommand.updateSettings({
179 npmName: 'peertube-plugin-test-id-pass-auth-one',
180 settings: { disableSpyro: true }
183 const command = server.loginCommand
184 await command.login({ user: { username: 'spyro', password: 'spyro password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
185 await command.login({ user: { username: 'spyro', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
188 it('Should have disabled this auth', async function () {
189 const config = await server.configCommand.getConfig()
191 const auths = config.plugin.registeredIdAndPassAuths
192 expect(auths).to.have.lengthOf(7)
194 const spyroAuth = auths.find(a => a.authName === 'spyro-auth')
195 expect(spyroAuth).to.not.exist
198 it('Should uninstall the plugin one and do not login existing Crash', async function () {
199 await server.pluginsCommand.uninstall({ npmName: 'peertube-plugin-test-id-pass-auth-one' })
201 await server.loginCommand.login({
202 user: { username: 'crash', password: 'crash password' },
203 expectedStatus: HttpStatusCode.BAD_REQUEST_400
207 it('Should display the correct configuration', async function () {
208 const config = await server.configCommand.getConfig()
210 const auths = config.plugin.registeredIdAndPassAuths
211 expect(auths).to.have.lengthOf(6)
213 const crashAuth = auths.find(a => a.authName === 'crash-auth')
214 expect(crashAuth).to.not.exist
217 it('Should display plugin auth information in users list', async function () {
218 const res = await getUsersList(server.url, server.accessToken)
220 const users: User[] = res.body.data
222 const root = users.find(u => u.username === 'root')
223 const crash = users.find(u => u.username === 'crash')
224 const laguna = users.find(u => u.username === 'laguna')
226 expect(root.pluginAuth).to.be.null
227 expect(crash.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-one')
228 expect(laguna.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-two')
231 after(async function () {
232 await cleanupTests([ server ])