server/tests/plugins/id-and-pass-auth.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { expect } from 'chai'
   5 import {
   6   cleanupTests,
   7   flushAndRunServer,
   8   getMyUserInformation,
   9   getUsersList,
  10   login,
  11   logout,
  12   PluginsCommand,
  13   refreshToken,
  14   ServerInfo,
  15   setAccessTokensToServers,
  16   updateMyUser,
  17   userLogin,
  18   wait,
  19   waitUntilLog
  20 } from '@shared/extra-utils'
  21 import { User, UserRole } from '@shared/models'
  22
  23 describe('Test id and pass auth plugins', function () {
  24   let server: ServerInfo
  25
  26   let crashAccessToken: string
  27   let crashRefreshToken: string
  28
  29   let lagunaAccessToken: string
  30   let lagunaRefreshToken: string
  31
  32   before(async function () {
  33     this.timeout(30000)
  34
  35     server = await flushAndRunServer(1)
  36     await setAccessTokensToServers([ server ])
  37
  38     for (const suffix of [ 'one', 'two', 'three' ]) {
  39       await server.pluginsCommand.install({ path: PluginsCommand.getPluginTestPath('-id-pass-auth-' + suffix) })
  40     }
  41   })
  42
  43   it('Should display the correct configuration', async function () {
  44     const config = await server.configCommand.getConfig()
  45
  46     const auths = config.plugin.registeredIdAndPassAuths
  47     expect(auths).to.have.lengthOf(8)
  48
  49     const crashAuth = auths.find(a => a.authName === 'crash-auth')
  50     expect(crashAuth).to.exist
  51     expect(crashAuth.npmName).to.equal('peertube-plugin-test-id-pass-auth-one')
  52     expect(crashAuth.weight).to.equal(50)
  53   })
  54
  55   it('Should not login', async function () {
  56     await userLogin(server, { username: 'toto', password: 'password' }, 400)
  57   })
  58
  59   it('Should login Spyro, create the user and use the token', async function () {
  60     const accessToken = await userLogin(server, { username: 'spyro', password: 'spyro password' })
  61
  62     const res = await getMyUserInformation(server.url, accessToken)
  63
  64     const body: User = res.body
  65     expect(body.username).to.equal('spyro')
  66     expect(body.account.displayName).to.equal('Spyro the Dragon')
  67     expect(body.role).to.equal(UserRole.USER)
  68   })
  69
  70   it('Should login Crash, create the user and use the token', async function () {
  71     {
  72       const res = await login(server.url, server.client, { username: 'crash', password: 'crash password' })
  73       crashAccessToken = res.body.access_token
  74       crashRefreshToken = res.body.refresh_token
  75     }
  76
  77     {
  78       const res = await getMyUserInformation(server.url, crashAccessToken)
  79
  80       const body: User = res.body
  81       expect(body.username).to.equal('crash')
  82       expect(body.account.displayName).to.equal('Crash Bandicoot')
  83       expect(body.role).to.equal(UserRole.MODERATOR)
  84     }
  85   })
  86
  87   it('Should login the first Laguna, create the user and use the token', async function () {
  88     {
  89       const res = await login(server.url, server.client, { username: 'laguna', password: 'laguna password' })
  90       lagunaAccessToken = res.body.access_token
  91       lagunaRefreshToken = res.body.refresh_token
  92     }
  93
  94     {
  95       const res = await getMyUserInformation(server.url, lagunaAccessToken)
  96
  97       const body: User = res.body
  98       expect(body.username).to.equal('laguna')
  99       expect(body.account.displayName).to.equal('laguna')
 100       expect(body.role).to.equal(UserRole.USER)
 101     }
 102   })
 103
 104   it('Should refresh crash token, but not laguna token', async function () {
 105     {
 106       const resRefresh = await refreshToken(server, crashRefreshToken)
 107       crashAccessToken = resRefresh.body.access_token
 108       crashRefreshToken = resRefresh.body.refresh_token
 109
 110       const res = await getMyUserInformation(server.url, crashAccessToken)
 111       const user: User = res.body
 112       expect(user.username).to.equal('crash')
 113     }
 114
 115     {
 116       await refreshToken(server, lagunaRefreshToken, 400)
 117     }
 118   })
 119
 120   it('Should update Crash profile', async function () {
 121     await updateMyUser({
 122       url: server.url,
 123       accessToken: crashAccessToken,
 124       displayName: 'Beautiful Crash',
 125       description: 'Mutant eastern barred bandicoot'
 126     })
 127
 128     const res = await getMyUserInformation(server.url, crashAccessToken)
 129
 130     const body: User = res.body
 131     expect(body.account.displayName).to.equal('Beautiful Crash')
 132     expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
 133   })
 134
 135   it('Should logout Crash', async function () {
 136     await logout(server.url, crashAccessToken)
 137   })
 138
 139   it('Should have logged out Crash', async function () {
 140     await waitUntilLog(server, 'On logout for auth 1 - 2')
 141
 142     await getMyUserInformation(server.url, crashAccessToken, 401)
 143   })
 144
 145   it('Should login Crash and keep the old existing profile', async function () {
 146     crashAccessToken = await userLogin(server, { username: 'crash', password: 'crash password' })
 147
 148     const res = await getMyUserInformation(server.url, crashAccessToken)
 149
 150     const body: User = res.body
 151     expect(body.username).to.equal('crash')
 152     expect(body.account.displayName).to.equal('Beautiful Crash')
 153     expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
 154     expect(body.role).to.equal(UserRole.MODERATOR)
 155   })
 156
 157   it('Should reject token of laguna by the plugin hook', async function () {
 158     this.timeout(10000)
 159
 160     await wait(5000)
 161
 162     await getMyUserInformation(server.url, lagunaAccessToken, 401)
 163   })
 164
 165   it('Should reject an invalid username, email, role or display name', async function () {
 166     await userLogin(server, { username: 'ward', password: 'ward password' }, 400)
 167     await waitUntilLog(server, 'valid username')
 168
 169     await userLogin(server, { username: 'kiros', password: 'kiros password' }, 400)
 170     await waitUntilLog(server, 'valid display name')
 171
 172     await userLogin(server, { username: 'raine', password: 'raine password' }, 400)
 173     await waitUntilLog(server, 'valid role')
 174
 175     await userLogin(server, { username: 'ellone', password: 'elonne password' }, 400)
 176     await waitUntilLog(server, 'valid email')
 177   })
 178
 179   it('Should unregister spyro-auth and do not login existing Spyro', async function () {
 180     await server.pluginsCommand.updateSettings({
 181       npmName: 'peertube-plugin-test-id-pass-auth-one',
 182       settings: { disableSpyro: true }
 183     })
 184
 185     await userLogin(server, { username: 'spyro', password: 'spyro password' }, 400)
 186     await userLogin(server, { username: 'spyro', password: 'fake' }, 400)
 187   })
 188
 189   it('Should have disabled this auth', async function () {
 190     const config = await server.configCommand.getConfig()
 191
 192     const auths = config.plugin.registeredIdAndPassAuths
 193     expect(auths).to.have.lengthOf(7)
 194
 195     const spyroAuth = auths.find(a => a.authName === 'spyro-auth')
 196     expect(spyroAuth).to.not.exist
 197   })
 198
 199   it('Should uninstall the plugin one and do not login existing Crash', async function () {
 200     await server.pluginsCommand.uninstall({ npmName: 'peertube-plugin-test-id-pass-auth-one' })
 201
 202     await userLogin(server, { username: 'crash', password: 'crash password' }, 400)
 203   })
 204
 205   it('Should display the correct configuration', async function () {
 206     const config = await server.configCommand.getConfig()
 207
 208     const auths = config.plugin.registeredIdAndPassAuths
 209     expect(auths).to.have.lengthOf(6)
 210
 211     const crashAuth = auths.find(a => a.authName === 'crash-auth')
 212     expect(crashAuth).to.not.exist
 213   })
 214
 215   it('Should display plugin auth information in users list', async function () {
 216     const res = await getUsersList(server.url, server.accessToken)
 217
 218     const users: User[] = res.body.data
 219
 220     const root = users.find(u => u.username === 'root')
 221     const crash = users.find(u => u.username === 'crash')
 222     const laguna = users.find(u => u.username === 'laguna')
 223
 224     expect(root.pluginAuth).to.be.null
 225     expect(crash.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-one')
 226     expect(laguna.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-two')
 227   })
 228
 229   after(async function () {
 230     await cleanupTests([ server ])
 231   })
 232 })