server/tests/plugins/id-and-pass-auth.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { cleanupTests, flushAndRunServer, ServerInfo, waitUntilLog } from '../../../shared/extra-utils/server/servers'
   5 import {
   6   getMyUserInformation,
   7   getPluginTestPath,
   8   installPlugin,
   9   logout,
  10   setAccessTokensToServers,
  11   uninstallPlugin,
  12   updateMyUser,
  13   userLogin,
  14   wait,
  15   login, refreshToken, getConfig, updatePluginSettings
  16 } from '../../../shared/extra-utils'
  17 import { User, UserRole, ServerConfig } from '@shared/models'
  18 import { expect } from 'chai'
  19
  20 describe('Test id and pass auth plugins', function () {
  21   let server: ServerInfo
  22
  23   let crashAccessToken: string
  24   let crashRefreshToken: string
  25
  26   let lagunaAccessToken: string
  27   let lagunaRefreshToken: string
  28
  29   before(async function () {
  30     this.timeout(30000)
  31
  32     server = await flushAndRunServer(1)
  33     await setAccessTokensToServers([ server ])
  34
  35     for (const suffix of [ 'one', 'two', 'three' ]) {
  36       await installPlugin({
  37         url: server.url,
  38         accessToken: server.accessToken,
  39         path: getPluginTestPath('-id-pass-auth-' + suffix)
  40       })
  41     }
  42   })
  43
  44   it('Should display the correct configuration', async function () {
  45     const res = await getConfig(server.url)
  46
  47     const config: ServerConfig = res.body
  48
  49     const auths = config.plugin.registeredIdAndPassAuths
  50     expect(auths).to.have.lengthOf(8)
  51
  52     const crashAuth = auths.find(a => a.authName === 'crash-auth')
  53     expect(crashAuth).to.exist
  54     expect(crashAuth.npmName).to.equal('peertube-plugin-test-id-pass-auth-one')
  55     expect(crashAuth.weight).to.equal(50)
  56   })
  57
  58   it('Should not login', async function () {
  59     await userLogin(server, { username: 'toto', password: 'password' }, 400)
  60   })
  61
  62   it('Should login Spyro, create the user and use the token', async function () {
  63     const accessToken = await userLogin(server, { username: 'spyro', password: 'spyro password' })
  64
  65     const res = await getMyUserInformation(server.url, accessToken)
  66
  67     const body: User = res.body
  68     expect(body.username).to.equal('spyro')
  69     expect(body.account.displayName).to.equal('Spyro the Dragon')
  70     expect(body.role).to.equal(UserRole.USER)
  71   })
  72
  73   it('Should login Crash, create the user and use the token', async function () {
  74     {
  75       const res = await login(server.url, server.client, { username: 'crash', password: 'crash password' })
  76       crashAccessToken = res.body.access_token
  77       crashRefreshToken = res.body.refresh_token
  78     }
  79
  80     {
  81       const res = await getMyUserInformation(server.url, crashAccessToken)
  82
  83       const body: User = res.body
  84       expect(body.username).to.equal('crash')
  85       expect(body.account.displayName).to.equal('Crash Bandicoot')
  86       expect(body.role).to.equal(UserRole.MODERATOR)
  87     }
  88   })
  89
  90   it('Should login the first Laguna, create the user and use the token', async function () {
  91     {
  92       const res = await login(server.url, server.client, { username: 'laguna', password: 'laguna password' })
  93       lagunaAccessToken = res.body.access_token
  94       lagunaRefreshToken = res.body.refresh_token
  95     }
  96
  97     {
  98       const res = await getMyUserInformation(server.url, lagunaAccessToken)
  99
 100       const body: User = res.body
 101       expect(body.username).to.equal('laguna')
 102       expect(body.account.displayName).to.equal('laguna')
 103       expect(body.role).to.equal(UserRole.USER)
 104     }
 105   })
 106
 107   it('Should refresh crash token, but not laguna token', async function () {
 108     {
 109       const resRefresh = await refreshToken(server, crashRefreshToken)
 110       crashAccessToken = resRefresh.body.access_token
 111       crashRefreshToken = resRefresh.body.refresh_token
 112
 113       const res = await getMyUserInformation(server.url, crashAccessToken)
 114       const user: User = res.body
 115       expect(user.username).to.equal('crash')
 116     }
 117
 118     {
 119       await refreshToken(server, lagunaRefreshToken, 400)
 120     }
 121   })
 122
 123   it('Should update Crash profile', async function () {
 124     await updateMyUser({
 125       url: server.url,
 126       accessToken: crashAccessToken,
 127       displayName: 'Beautiful Crash',
 128       description: 'Mutant eastern barred bandicoot'
 129     })
 130
 131     const res = await getMyUserInformation(server.url, crashAccessToken)
 132
 133     const body: User = res.body
 134     expect(body.account.displayName).to.equal('Beautiful Crash')
 135     expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
 136   })
 137
 138   it('Should logout Crash', async function () {
 139     await logout(server.url, crashAccessToken)
 140   })
 141
 142   it('Should have logged out Crash', async function () {
 143     await waitUntilLog(server, 'On logout for auth 1 - 2')
 144
 145     await getMyUserInformation(server.url, crashAccessToken, 401)
 146   })
 147
 148   it('Should login Crash and keep the old existing profile', async function () {
 149     crashAccessToken = await userLogin(server, { username: 'crash', password: 'crash password' })
 150
 151     const res = await getMyUserInformation(server.url, crashAccessToken)
 152
 153     const body: User = res.body
 154     expect(body.username).to.equal('crash')
 155     expect(body.account.displayName).to.equal('Beautiful Crash')
 156     expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
 157     expect(body.role).to.equal(UserRole.MODERATOR)
 158   })
 159
 160   it('Should reject token of laguna by the plugin hook', async function () {
 161     this.timeout(10000)
 162
 163     await wait(5000)
 164
 165     await getMyUserInformation(server.url, lagunaAccessToken, 401)
 166   })
 167
 168   it('Should reject an invalid username, email, role or display name', async function () {
 169     await userLogin(server, { username: 'ward', password: 'ward password' }, 400)
 170     await waitUntilLog(server, 'valid username')
 171
 172     await userLogin(server, { username: 'kiros', password: 'kiros password' }, 400)
 173     await waitUntilLog(server, 'valid display name')
 174
 175     await userLogin(server, { username: 'raine', password: 'raine password' }, 400)
 176     await waitUntilLog(server, 'valid role')
 177
 178     await userLogin(server, { username: 'ellone', password: 'elonne password' }, 400)
 179     await waitUntilLog(server, 'valid email')
 180   })
 181
 182   it('Should unregister spyro-auth and do not login existing Spyro', async function () {
 183     await updatePluginSettings({
 184       url: server.url,
 185       accessToken: server.accessToken,
 186       npmName: 'peertube-plugin-test-id-pass-auth-one',
 187       settings: { disableSpyro: true }
 188     })
 189
 190     await userLogin(server, { username: 'spyro', password: 'spyro password' }, 400)
 191     await userLogin(server, { username: 'spyro', password: 'fake' }, 400)
 192   })
 193
 194   it('Should have disabled this auth', async function () {
 195     const res = await getConfig(server.url)
 196
 197     const config: ServerConfig = res.body
 198
 199     const auths = config.plugin.registeredIdAndPassAuths
 200     expect(auths).to.have.lengthOf(7)
 201
 202     const spyroAuth = auths.find(a => a.authName === 'spyro-auth')
 203     expect(spyroAuth).to.not.exist
 204   })
 205
 206   it('Should uninstall the plugin one and do not login existing Crash', async function () {
 207     await uninstallPlugin({
 208       url: server.url,
 209       accessToken: server.accessToken,
 210       npmName: 'peertube-plugin-test-id-pass-auth-one'
 211     })
 212
 213     await userLogin(server, { username: 'crash', password: 'crash password' }, 400)
 214   })
 215
 216   it('Should display the correct configuration', async function () {
 217     const res = await getConfig(server.url)
 218
 219     const config: ServerConfig = res.body
 220
 221     const auths = config.plugin.registeredIdAndPassAuths
 222     expect(auths).to.have.lengthOf(6)
 223
 224     const crashAuth = auths.find(a => a.authName === 'crash-auth')
 225     expect(crashAuth).to.not.exist
 226   })
 227
 228   after(async function () {
 229     await cleanupTests([ server ])
 230   })
 231 })