]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/tests/plugins/id-and-pass-auth.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'release/5.0.0' into develop
[github/Chocobozzz/PeerTube.git] / server / tests / plugins / id-and-pass-auth.ts
1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2
3 import { expect } from 'chai'
4 import { wait } from '@shared/core-utils'
5 import { HttpStatusCode, UserRole } from '@shared/models'
6 import { cleanupTests, createSingleServer, PeerTubeServer, PluginsCommand, setAccessTokensToServers } from '@shared/server-commands'
7
8 describe('Test id and pass auth plugins', function () {
9 let server: PeerTubeServer
10
11 let crashAccessToken: string
12 let crashRefreshToken: string
13
14 let lagunaAccessToken: string
15 let lagunaRefreshToken: string
16 let lagunaId: number
17
18 before(async function () {
19 this.timeout(30000)
20
21 server = await createSingleServer(1)
22 await setAccessTokensToServers([ server ])
23
24 for (const suffix of [ 'one', 'two', 'three' ]) {
25 await server.plugins.install({ path: PluginsCommand.getPluginTestPath('-id-pass-auth-' + suffix) })
26 }
27 })
28
29 it('Should display the correct configuration', async function () {
30 const config = await server.config.getConfig()
31
32 const auths = config.plugin.registeredIdAndPassAuths
33 expect(auths).to.have.lengthOf(8)
34
35 const crashAuth = auths.find(a => a.authName === 'crash-auth')
36 expect(crashAuth).to.exist
37 expect(crashAuth.npmName).to.equal('peertube-plugin-test-id-pass-auth-one')
38 expect(crashAuth.weight).to.equal(50)
39 })
40
41 it('Should not login', async function () {
42 await server.login.login({ user: { username: 'toto', password: 'password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
43 })
44
45 it('Should login Spyro, create the user and use the token', async function () {
46 const accessToken = await server.login.getAccessToken({ username: 'spyro', password: 'spyro password' })
47
48 const body = await server.users.getMyInfo({ token: accessToken })
49
50 expect(body.username).to.equal('spyro')
51 expect(body.account.displayName).to.equal('Spyro the Dragon')
52 expect(body.role.id).to.equal(UserRole.USER)
53 })
54
55 it('Should login Crash, create the user and use the token', async function () {
56 {
57 const body = await server.login.login({ user: { username: 'crash', password: 'crash password' } })
58 crashAccessToken = body.access_token
59 crashRefreshToken = body.refresh_token
60 }
61
62 {
63 const body = await server.users.getMyInfo({ token: crashAccessToken })
64
65 expect(body.username).to.equal('crash')
66 expect(body.account.displayName).to.equal('Crash Bandicoot')
67 expect(body.role.id).to.equal(UserRole.MODERATOR)
68 }
69 })
70
71 it('Should login the first Laguna, create the user and use the token', async function () {
72 {
73 const body = await server.login.login({ user: { username: 'laguna', password: 'laguna password' } })
74 lagunaAccessToken = body.access_token
75 lagunaRefreshToken = body.refresh_token
76 }
77
78 {
79 const body = await server.users.getMyInfo({ token: lagunaAccessToken })
80
81 expect(body.username).to.equal('laguna')
82 expect(body.account.displayName).to.equal('Laguna Loire')
83 expect(body.role.id).to.equal(UserRole.USER)
84
85 lagunaId = body.id
86 }
87 })
88
89 it('Should refresh crash token, but not laguna token', async function () {
90 {
91 const resRefresh = await server.login.refreshToken({ refreshToken: crashRefreshToken })
92 crashAccessToken = resRefresh.body.access_token
93 crashRefreshToken = resRefresh.body.refresh_token
94
95 const body = await server.users.getMyInfo({ token: crashAccessToken })
96 expect(body.username).to.equal('crash')
97 }
98
99 {
100 await server.login.refreshToken({ refreshToken: lagunaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
101 }
102 })
103
104 it('Should update Crash profile', async function () {
105 await server.users.updateMe({
106 token: crashAccessToken,
107 displayName: 'Beautiful Crash',
108 description: 'Mutant eastern barred bandicoot'
109 })
110
111 const body = await server.users.getMyInfo({ token: crashAccessToken })
112
113 expect(body.account.displayName).to.equal('Beautiful Crash')
114 expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
115 })
116
117 it('Should logout Crash', async function () {
118 await server.login.logout({ token: crashAccessToken })
119 })
120
121 it('Should have logged out Crash', async function () {
122 await server.servers.waitUntilLog('On logout for auth 1 - 2')
123
124 await server.users.getMyInfo({ token: crashAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
125 })
126
127 it('Should login Crash and keep the old existing profile', async function () {
128 crashAccessToken = await server.login.getAccessToken({ username: 'crash', password: 'crash password' })
129
130 const body = await server.users.getMyInfo({ token: crashAccessToken })
131
132 expect(body.username).to.equal('crash')
133 expect(body.account.displayName).to.equal('Beautiful Crash')
134 expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
135 expect(body.role.id).to.equal(UserRole.MODERATOR)
136 })
137
138 it('Should login Laguna and update the profile', async function () {
139 {
140 await server.users.update({ userId: lagunaId, videoQuota: 43000, videoQuotaDaily: 43100 })
141 await server.users.updateMe({ token: lagunaAccessToken, displayName: 'laguna updated' })
142
143 const body = await server.users.getMyInfo({ token: lagunaAccessToken })
144 expect(body.username).to.equal('laguna')
145 expect(body.account.displayName).to.equal('laguna updated')
146 expect(body.videoQuota).to.equal(43000)
147 expect(body.videoQuotaDaily).to.equal(43100)
148 }
149
150 {
151 const body = await server.login.login({ user: { username: 'laguna', password: 'laguna password' } })
152 lagunaAccessToken = body.access_token
153 lagunaRefreshToken = body.refresh_token
154 }
155
156 {
157 const body = await server.users.getMyInfo({ token: lagunaAccessToken })
158 expect(body.username).to.equal('laguna')
159 expect(body.account.displayName).to.equal('Laguna Loire')
160 expect(body.videoQuota).to.equal(42000)
161 expect(body.videoQuotaDaily).to.equal(43100)
162 }
163 })
164
165 it('Should reject token of laguna by the plugin hook', async function () {
166 this.timeout(10000)
167
168 await wait(5000)
169
170 await server.users.getMyInfo({ token: lagunaAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
171 })
172
173 it('Should reject an invalid username, email, role or display name', async function () {
174 const command = server.login
175
176 await command.login({ user: { username: 'ward', password: 'ward password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
177 await server.servers.waitUntilLog('valid username')
178
179 await command.login({ user: { username: 'kiros', password: 'kiros password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
180 await server.servers.waitUntilLog('valid displayName')
181
182 await command.login({ user: { username: 'raine', password: 'raine password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
183 await server.servers.waitUntilLog('valid role')
184
185 await command.login({ user: { username: 'ellone', password: 'elonne password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
186 await server.servers.waitUntilLog('valid email')
187 })
188
189 it('Should unregister spyro-auth and do not login existing Spyro', async function () {
190 await server.plugins.updateSettings({
191 npmName: 'peertube-plugin-test-id-pass-auth-one',
192 settings: { disableSpyro: true }
193 })
194
195 const command = server.login
196 await command.login({ user: { username: 'spyro', password: 'spyro password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
197 await command.login({ user: { username: 'spyro', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
198 })
199
200 it('Should have disabled this auth', async function () {
201 const config = await server.config.getConfig()
202
203 const auths = config.plugin.registeredIdAndPassAuths
204 expect(auths).to.have.lengthOf(7)
205
206 const spyroAuth = auths.find(a => a.authName === 'spyro-auth')
207 expect(spyroAuth).to.not.exist
208 })
209
210 it('Should uninstall the plugin one and do not login existing Crash', async function () {
211 await server.plugins.uninstall({ npmName: 'peertube-plugin-test-id-pass-auth-one' })
212
213 await server.login.login({
214 user: { username: 'crash', password: 'crash password' },
215 expectedStatus: HttpStatusCode.BAD_REQUEST_400
216 })
217 })
218
219 it('Should display the correct configuration', async function () {
220 const config = await server.config.getConfig()
221
222 const auths = config.plugin.registeredIdAndPassAuths
223 expect(auths).to.have.lengthOf(6)
224
225 const crashAuth = auths.find(a => a.authName === 'crash-auth')
226 expect(crashAuth).to.not.exist
227 })
228
229 it('Should display plugin auth information in users list', async function () {
230 const { data } = await server.users.list()
231
232 const root = data.find(u => u.username === 'root')
233 const crash = data.find(u => u.username === 'crash')
234 const laguna = data.find(u => u.username === 'laguna')
235
236 expect(root.pluginAuth).to.be.null
237 expect(crash.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-one')
238 expect(laguna.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-two')
239 })
240
241 after(async function () {
242 await cleanupTests([ server ])
243 })
244 })
ActivityPub-federated video streaming platform using P2P directly in your web browser