server/tests/plugins/id-and-pass-auth.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { expect } from 'chai'
   5 import {
   6   cleanupTests,
   7   flushAndRunServer,
   8   getMyUserInformation,
   9   getUsersList,
  10   login,
  11   logout,
  12   PluginsCommand,
  13   refreshToken,
  14   ServerInfo,
  15   setAccessTokensToServers,
  16   updateMyUser,
  17   userLogin,
  18   wait
  19 } from '@shared/extra-utils'
  20 import { User, UserRole } from '@shared/models'
  21
  22 describe('Test id and pass auth plugins', function () {
  23   let server: ServerInfo
  24
  25   let crashAccessToken: string
  26   let crashRefreshToken: string
  27
  28   let lagunaAccessToken: string
  29   let lagunaRefreshToken: string
  30
  31   before(async function () {
  32     this.timeout(30000)
  33
  34     server = await flushAndRunServer(1)
  35     await setAccessTokensToServers([ server ])
  36
  37     for (const suffix of [ 'one', 'two', 'three' ]) {
  38       await server.pluginsCommand.install({ path: PluginsCommand.getPluginTestPath('-id-pass-auth-' + suffix) })
  39     }
  40   })
  41
  42   it('Should display the correct configuration', async function () {
  43     const config = await server.configCommand.getConfig()
  44
  45     const auths = config.plugin.registeredIdAndPassAuths
  46     expect(auths).to.have.lengthOf(8)
  47
  48     const crashAuth = auths.find(a => a.authName === 'crash-auth')
  49     expect(crashAuth).to.exist
  50     expect(crashAuth.npmName).to.equal('peertube-plugin-test-id-pass-auth-one')
  51     expect(crashAuth.weight).to.equal(50)
  52   })
  53
  54   it('Should not login', async function () {
  55     await userLogin(server, { username: 'toto', password: 'password' }, 400)
  56   })
  57
  58   it('Should login Spyro, create the user and use the token', async function () {
  59     const accessToken = await userLogin(server, { username: 'spyro', password: 'spyro password' })
  60
  61     const res = await getMyUserInformation(server.url, accessToken)
  62
  63     const body: User = res.body
  64     expect(body.username).to.equal('spyro')
  65     expect(body.account.displayName).to.equal('Spyro the Dragon')
  66     expect(body.role).to.equal(UserRole.USER)
  67   })
  68
  69   it('Should login Crash, create the user and use the token', async function () {
  70     {
  71       const res = await login(server.url, server.client, { username: 'crash', password: 'crash password' })
  72       crashAccessToken = res.body.access_token
  73       crashRefreshToken = res.body.refresh_token
  74     }
  75
  76     {
  77       const res = await getMyUserInformation(server.url, crashAccessToken)
  78
  79       const body: User = res.body
  80       expect(body.username).to.equal('crash')
  81       expect(body.account.displayName).to.equal('Crash Bandicoot')
  82       expect(body.role).to.equal(UserRole.MODERATOR)
  83     }
  84   })
  85
  86   it('Should login the first Laguna, create the user and use the token', async function () {
  87     {
  88       const res = await login(server.url, server.client, { username: 'laguna', password: 'laguna password' })
  89       lagunaAccessToken = res.body.access_token
  90       lagunaRefreshToken = res.body.refresh_token
  91     }
  92
  93     {
  94       const res = await getMyUserInformation(server.url, lagunaAccessToken)
  95
  96       const body: User = res.body
  97       expect(body.username).to.equal('laguna')
  98       expect(body.account.displayName).to.equal('laguna')
  99       expect(body.role).to.equal(UserRole.USER)
 100     }
 101   })
 102
 103   it('Should refresh crash token, but not laguna token', async function () {
 104     {
 105       const resRefresh = await refreshToken(server, crashRefreshToken)
 106       crashAccessToken = resRefresh.body.access_token
 107       crashRefreshToken = resRefresh.body.refresh_token
 108
 109       const res = await getMyUserInformation(server.url, crashAccessToken)
 110       const user: User = res.body
 111       expect(user.username).to.equal('crash')
 112     }
 113
 114     {
 115       await refreshToken(server, lagunaRefreshToken, 400)
 116     }
 117   })
 118
 119   it('Should update Crash profile', async function () {
 120     await updateMyUser({
 121       url: server.url,
 122       accessToken: crashAccessToken,
 123       displayName: 'Beautiful Crash',
 124       description: 'Mutant eastern barred bandicoot'
 125     })
 126
 127     const res = await getMyUserInformation(server.url, crashAccessToken)
 128
 129     const body: User = res.body
 130     expect(body.account.displayName).to.equal('Beautiful Crash')
 131     expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
 132   })
 133
 134   it('Should logout Crash', async function () {
 135     await logout(server.url, crashAccessToken)
 136   })
 137
 138   it('Should have logged out Crash', async function () {
 139     await server.serversCommand.waitUntilLog('On logout for auth 1 - 2')
 140
 141     await getMyUserInformation(server.url, crashAccessToken, 401)
 142   })
 143
 144   it('Should login Crash and keep the old existing profile', async function () {
 145     crashAccessToken = await userLogin(server, { username: 'crash', password: 'crash password' })
 146
 147     const res = await getMyUserInformation(server.url, crashAccessToken)
 148
 149     const body: User = res.body
 150     expect(body.username).to.equal('crash')
 151     expect(body.account.displayName).to.equal('Beautiful Crash')
 152     expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
 153     expect(body.role).to.equal(UserRole.MODERATOR)
 154   })
 155
 156   it('Should reject token of laguna by the plugin hook', async function () {
 157     this.timeout(10000)
 158
 159     await wait(5000)
 160
 161     await getMyUserInformation(server.url, lagunaAccessToken, 401)
 162   })
 163
 164   it('Should reject an invalid username, email, role or display name', async function () {
 165     await userLogin(server, { username: 'ward', password: 'ward password' }, 400)
 166     await server.serversCommand.waitUntilLog('valid username')
 167
 168     await userLogin(server, { username: 'kiros', password: 'kiros password' }, 400)
 169     await server.serversCommand.waitUntilLog('valid display name')
 170
 171     await userLogin(server, { username: 'raine', password: 'raine password' }, 400)
 172     await server.serversCommand.waitUntilLog('valid role')
 173
 174     await userLogin(server, { username: 'ellone', password: 'elonne password' }, 400)
 175     await server.serversCommand.waitUntilLog('valid email')
 176   })
 177
 178   it('Should unregister spyro-auth and do not login existing Spyro', async function () {
 179     await server.pluginsCommand.updateSettings({
 180       npmName: 'peertube-plugin-test-id-pass-auth-one',
 181       settings: { disableSpyro: true }
 182     })
 183
 184     await userLogin(server, { username: 'spyro', password: 'spyro password' }, 400)
 185     await userLogin(server, { username: 'spyro', password: 'fake' }, 400)
 186   })
 187
 188   it('Should have disabled this auth', async function () {
 189     const config = await server.configCommand.getConfig()
 190
 191     const auths = config.plugin.registeredIdAndPassAuths
 192     expect(auths).to.have.lengthOf(7)
 193
 194     const spyroAuth = auths.find(a => a.authName === 'spyro-auth')
 195     expect(spyroAuth).to.not.exist
 196   })
 197
 198   it('Should uninstall the plugin one and do not login existing Crash', async function () {
 199     await server.pluginsCommand.uninstall({ npmName: 'peertube-plugin-test-id-pass-auth-one' })
 200
 201     await userLogin(server, { username: 'crash', password: 'crash password' }, 400)
 202   })
 203
 204   it('Should display the correct configuration', async function () {
 205     const config = await server.configCommand.getConfig()
 206
 207     const auths = config.plugin.registeredIdAndPassAuths
 208     expect(auths).to.have.lengthOf(6)
 209
 210     const crashAuth = auths.find(a => a.authName === 'crash-auth')
 211     expect(crashAuth).to.not.exist
 212   })
 213
 214   it('Should display plugin auth information in users list', async function () {
 215     const res = await getUsersList(server.url, server.accessToken)
 216
 217     const users: User[] = res.body.data
 218
 219     const root = users.find(u => u.username === 'root')
 220     const crash = users.find(u => u.username === 'crash')
 221     const laguna = users.find(u => u.username === 'laguna')
 222
 223     expect(root.pluginAuth).to.be.null
 224     expect(crash.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-one')
 225     expect(laguna.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-two')
 226   })
 227
 228   after(async function () {
 229     await cleanupTests([ server ])
 230   })
 231 })