/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ import 'mocha' import { expect } from 'chai' import { HttpStatusCode } from '@shared/core-utils' import { cleanupTests, flushAndRunServer, getMyUserInformation, getUsersList, PluginsCommand, ServerInfo, setAccessTokensToServers, updateMyUser, wait } from '@shared/extra-utils' import { User, UserRole } from '@shared/models' describe('Test id and pass auth plugins', function () { let server: ServerInfo let crashAccessToken: string let crashRefreshToken: string let lagunaAccessToken: string let lagunaRefreshToken: string before(async function () { this.timeout(30000) server = await flushAndRunServer(1) await setAccessTokensToServers([ server ]) for (const suffix of [ 'one', 'two', 'three' ]) { await server.pluginsCommand.install({ path: PluginsCommand.getPluginTestPath('-id-pass-auth-' + suffix) }) } }) it('Should display the correct configuration', async function () { const config = await server.configCommand.getConfig() const auths = config.plugin.registeredIdAndPassAuths expect(auths).to.have.lengthOf(8) const crashAuth = auths.find(a => a.authName === 'crash-auth') expect(crashAuth).to.exist expect(crashAuth.npmName).to.equal('peertube-plugin-test-id-pass-auth-one') expect(crashAuth.weight).to.equal(50) }) it('Should not login', async function () { await server.loginCommand.login({ user: { username: 'toto', password: 'password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) }) it('Should login Spyro, create the user and use the token', async function () { const accessToken = await server.loginCommand.getAccessToken({ username: 'spyro', password: 'spyro password' }) const res = await getMyUserInformation(server.url, accessToken) const body: User = res.body expect(body.username).to.equal('spyro') expect(body.account.displayName).to.equal('Spyro the Dragon') expect(body.role).to.equal(UserRole.USER) }) it('Should login Crash, create the user and use the token', async function () { { const body = await server.loginCommand.login({ user: { username: 'crash', password: 'crash password' } }) crashAccessToken = body.access_token crashRefreshToken = body.refresh_token } { const res = await getMyUserInformation(server.url, crashAccessToken) const body: User = res.body expect(body.username).to.equal('crash') expect(body.account.displayName).to.equal('Crash Bandicoot') expect(body.role).to.equal(UserRole.MODERATOR) } }) it('Should login the first Laguna, create the user and use the token', async function () { { const body = await server.loginCommand.login({ user: { username: 'laguna', password: 'laguna password' } }) lagunaAccessToken = body.access_token lagunaRefreshToken = body.refresh_token } { const res = await getMyUserInformation(server.url, lagunaAccessToken) const body: User = res.body expect(body.username).to.equal('laguna') expect(body.account.displayName).to.equal('laguna') expect(body.role).to.equal(UserRole.USER) } }) it('Should refresh crash token, but not laguna token', async function () { { const resRefresh = await server.loginCommand.refreshToken({ refreshToken: crashRefreshToken }) crashAccessToken = resRefresh.body.access_token crashRefreshToken = resRefresh.body.refresh_token const res = await getMyUserInformation(server.url, crashAccessToken) const user: User = res.body expect(user.username).to.equal('crash') } { await server.loginCommand.refreshToken({ refreshToken: lagunaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) } }) it('Should update Crash profile', async function () { await updateMyUser({ url: server.url, accessToken: crashAccessToken, displayName: 'Beautiful Crash', description: 'Mutant eastern barred bandicoot' }) const res = await getMyUserInformation(server.url, crashAccessToken) const body: User = res.body expect(body.account.displayName).to.equal('Beautiful Crash') expect(body.account.description).to.equal('Mutant eastern barred bandicoot') }) it('Should logout Crash', async function () { await server.loginCommand.logout({ token: crashAccessToken }) }) it('Should have logged out Crash', async function () { await server.serversCommand.waitUntilLog('On logout for auth 1 - 2') await getMyUserInformation(server.url, crashAccessToken, 401) }) it('Should login Crash and keep the old existing profile', async function () { crashAccessToken = await server.loginCommand.getAccessToken({ username: 'crash', password: 'crash password' }) const res = await getMyUserInformation(server.url, crashAccessToken) const body: User = res.body expect(body.username).to.equal('crash') expect(body.account.displayName).to.equal('Beautiful Crash') expect(body.account.description).to.equal('Mutant eastern barred bandicoot') expect(body.role).to.equal(UserRole.MODERATOR) }) it('Should reject token of laguna by the plugin hook', async function () { this.timeout(10000) await wait(5000) await getMyUserInformation(server.url, lagunaAccessToken, 401) }) it('Should reject an invalid username, email, role or display name', async function () { const command = server.loginCommand await command.login({ user: { username: 'ward', password: 'ward password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) await server.serversCommand.waitUntilLog('valid username') await command.login({ user: { username: 'kiros', password: 'kiros password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) await server.serversCommand.waitUntilLog('valid display name') await command.login({ user: { username: 'raine', password: 'raine password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) await server.serversCommand.waitUntilLog('valid role') await command.login({ user: { username: 'ellone', password: 'elonne password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) await server.serversCommand.waitUntilLog('valid email') }) it('Should unregister spyro-auth and do not login existing Spyro', async function () { await server.pluginsCommand.updateSettings({ npmName: 'peertube-plugin-test-id-pass-auth-one', settings: { disableSpyro: true } }) const command = server.loginCommand await command.login({ user: { username: 'spyro', password: 'spyro password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) await command.login({ user: { username: 'spyro', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) }) it('Should have disabled this auth', async function () { const config = await server.configCommand.getConfig() const auths = config.plugin.registeredIdAndPassAuths expect(auths).to.have.lengthOf(7) const spyroAuth = auths.find(a => a.authName === 'spyro-auth') expect(spyroAuth).to.not.exist }) it('Should uninstall the plugin one and do not login existing Crash', async function () { await server.pluginsCommand.uninstall({ npmName: 'peertube-plugin-test-id-pass-auth-one' }) await server.loginCommand.login({ user: { username: 'crash', password: 'crash password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) }) it('Should display the correct configuration', async function () { const config = await server.configCommand.getConfig() const auths = config.plugin.registeredIdAndPassAuths expect(auths).to.have.lengthOf(6) const crashAuth = auths.find(a => a.authName === 'crash-auth') expect(crashAuth).to.not.exist }) it('Should display plugin auth information in users list', async function () { const res = await getUsersList(server.url, server.accessToken) const users: User[] = res.body.data const root = users.find(u => u.username === 'root') const crash = users.find(u => u.username === 'crash') const laguna = users.find(u => u.username === 'laguna') expect(root.pluginAuth).to.be.null expect(crash.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-one') expect(laguna.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-two') }) after(async function () { await cleanupTests([ server ]) }) })