import 'mocha'
import { expect } from 'chai'
-import { ServerConfig, User, UserRole } from '@shared/models'
import {
+ cleanupTests,
+ createSingleServer,
decodeQueryString,
- getConfig,
- getExternalAuth,
- getMyUserInformation,
- getPluginTestPath,
- installPlugin,
- loginUsingExternalToken,
- logout,
- refreshToken,
+ PeerTubeServer,
+ PluginsCommand,
setAccessTokensToServers,
- uninstallPlugin,
- updateMyUser,
- wait,
- userLogin,
- updatePluginSettings
-} from '../../../shared/extra-utils'
-import { cleanupTests, flushAndRunServer, ServerInfo, waitUntilLog } from '../../../shared/extra-utils/server/servers'
+ wait
+} from '@shared/extra-utils'
+import { HttpStatusCode, UserRole } from '@shared/models'
async function loginExternal (options: {
- server: ServerInfo
+ server: PeerTubeServer
npmName: string
authName: string
username: string
query?: any
- statusCodeExpected?: number
+ expectedStatus?: HttpStatusCode
+ expectedStatusStep2?: HttpStatusCode
}) {
- const res = await getExternalAuth({
- url: options.server.url,
+ const res = await options.server.plugins.getExternalAuth({
npmName: options.npmName,
npmVersion: '0.0.1',
authName: options.authName,
query: options.query,
- statusCodeExpected: options.statusCodeExpected || 302
+ expectedStatus: options.expectedStatus || HttpStatusCode.FOUND_302
})
- if (res.status !== 302) return
+ if (res.status !== HttpStatusCode.FOUND_302) return
const location = res.header.location
const { externalAuthToken } = decodeQueryString(location)
- const resLogin = await loginUsingExternalToken(
- options.server,
- options.username,
- externalAuthToken as string
- )
+ const resLogin = await options.server.login.loginUsingExternalToken({
+ username: options.username,
+ externalAuthToken: externalAuthToken as string,
+ expectedStatus: options.expectedStatusStep2
+ })
return resLogin.body
}
describe('Test external auth plugins', function () {
- let server: ServerInfo
+ let server: PeerTubeServer
let cyanAccessToken: string
let cyanRefreshToken: string
before(async function () {
this.timeout(30000)
- server = await flushAndRunServer(1)
+ server = await createSingleServer(1)
await setAccessTokensToServers([ server ])
- for (const suffix of [ 'one', 'two' ]) {
- await installPlugin({
- url: server.url,
- accessToken: server.accessToken,
- path: getPluginTestPath('-external-auth-' + suffix)
- })
+ for (const suffix of [ 'one', 'two', 'three' ]) {
+ await server.plugins.install({ path: PluginsCommand.getPluginTestPath('-external-auth-' + suffix) })
}
})
it('Should display the correct configuration', async function () {
- const res = await getConfig(server.url)
-
- const config: ServerConfig = res.body
+ const config = await server.config.getConfig()
const auths = config.plugin.registeredExternalAuths
- expect(auths).to.have.lengthOf(3)
+ expect(auths).to.have.lengthOf(8)
const auth2 = auths.find((a) => a.authName === 'external-auth-2')
expect(auth2).to.exist
})
it('Should redirect for a Cyan login', async function () {
- const res = await getExternalAuth({
- url: server.url,
+ const res = await server.plugins.getExternalAuth({
npmName: 'test-external-auth-one',
npmVersion: '0.0.1',
authName: 'external-auth-1',
query: {
username: 'cyan'
},
- statusCodeExpected: 302
+ expectedStatus: HttpStatusCode.FOUND_302
})
const location = res.header.location
})
it('Should reject auto external login with a missing or invalid token', async function () {
- await loginUsingExternalToken(server, 'cyan', '', 400)
- await loginUsingExternalToken(server, 'cyan', 'blabla', 400)
+ const command = server.login
+
+ await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: '', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+ await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
})
it('Should reject auto external login with a missing or invalid username', async function () {
- await loginUsingExternalToken(server, '', externalAuthToken, 400)
- await loginUsingExternalToken(server, '', externalAuthToken, 400)
+ const command = server.login
+
+ await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+ await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
})
it('Should reject auto external login with an expired token', async function () {
await wait(5000)
- await loginUsingExternalToken(server, 'cyan', externalAuthToken, 400)
+ await server.login.loginUsingExternalToken({
+ username: 'cyan',
+ externalAuthToken,
+ expectedStatus: HttpStatusCode.BAD_REQUEST_400
+ })
- await waitUntilLog(server, 'expired external auth token')
+ await server.servers.waitUntilLog('expired external auth token', 2)
})
it('Should auto login Cyan, create the user and use the token', async function () {
}
{
- const res = await getMyUserInformation(server.url, cyanAccessToken)
-
- const body: User = res.body
+ const body = await server.users.getMyInfo({ token: cyanAccessToken })
expect(body.username).to.equal('cyan')
expect(body.account.displayName).to.equal('cyan')
expect(body.email).to.equal('cyan@example.com')
}
{
- const res = await getMyUserInformation(server.url, kefkaAccessToken)
-
- const body: User = res.body
+ const body = await server.users.getMyInfo({ token: kefkaAccessToken })
expect(body.username).to.equal('kefka')
expect(body.account.displayName).to.equal('Kefka Palazzo')
expect(body.email).to.equal('kefka@example.com')
it('Should refresh Cyan token, but not Kefka token', async function () {
{
- const resRefresh = await refreshToken(server, cyanRefreshToken)
+ const resRefresh = await server.login.refreshToken({ refreshToken: cyanRefreshToken })
cyanAccessToken = resRefresh.body.access_token
cyanRefreshToken = resRefresh.body.refresh_token
- const res = await getMyUserInformation(server.url, cyanAccessToken)
- const user: User = res.body
- expect(user.username).to.equal('cyan')
+ const body = await server.users.getMyInfo({ token: cyanAccessToken })
+ expect(body.username).to.equal('cyan')
}
{
- await refreshToken(server, kefkaRefreshToken, 400)
+ await server.login.refreshToken({ refreshToken: kefkaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
}
})
it('Should update Cyan profile', async function () {
- await updateMyUser({
- url: server.url,
- accessToken: cyanAccessToken,
+ await server.users.updateMe({
+ token: cyanAccessToken,
displayName: 'Cyan Garamonde',
description: 'Retainer to the king of Doma'
})
- const res = await getMyUserInformation(server.url, cyanAccessToken)
-
- const body: User = res.body
+ const body = await server.users.getMyInfo({ token: cyanAccessToken })
expect(body.account.displayName).to.equal('Cyan Garamonde')
expect(body.account.description).to.equal('Retainer to the king of Doma')
})
it('Should logout Cyan', async function () {
- await logout(server.url, cyanAccessToken)
+ await server.login.logout({ token: cyanAccessToken })
})
it('Should have logged out Cyan', async function () {
- await waitUntilLog(server, 'On logout cyan')
+ await server.servers.waitUntilLog('On logout cyan')
- await getMyUserInformation(server.url, cyanAccessToken, 401)
+ await server.users.getMyInfo({ token: cyanAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
})
it('Should login Cyan and keep the old existing profile', async function () {
cyanAccessToken = res.access_token
}
- const res = await getMyUserInformation(server.url, cyanAccessToken)
-
- const body: User = res.body
+ const body = await server.users.getMyInfo({ token: cyanAccessToken })
expect(body.username).to.equal('cyan')
expect(body.account.displayName).to.equal('Cyan Garamonde')
expect(body.account.description).to.equal('Retainer to the king of Doma')
expect(body.role).to.equal(UserRole.USER)
})
+ it('Should not update an external auth email', async function () {
+ await server.users.updateMe({
+ token: cyanAccessToken,
+ email: 'toto@example.com',
+ currentPassword: 'toto',
+ expectedStatus: HttpStatusCode.BAD_REQUEST_400
+ })
+ })
+
it('Should reject token of Kefka by the plugin hook', async function () {
this.timeout(10000)
await wait(5000)
- await getMyUserInformation(server.url, kefkaAccessToken, 401)
+ await server.users.getMyInfo({ token: kefkaAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
})
it('Should unregister external-auth-2 and do not login existing Kefka', async function () {
- await updatePluginSettings({
- url: server.url,
- accessToken: server.accessToken,
+ await server.plugins.updateSettings({
npmName: 'peertube-plugin-test-external-auth-one',
settings: { disableKefka: true }
})
- await userLogin(server, { username: 'kefka', password: 'fake' }, 400)
+ await server.login.login({ user: { username: 'kefka', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
await loginExternal({
server,
username: 'kefka'
},
username: 'kefka',
- statusCodeExpected: 404
+ expectedStatus: HttpStatusCode.NOT_FOUND_404
})
})
it('Should have disabled this auth', async function () {
- const res = await getConfig(server.url)
-
- const config: ServerConfig = res.body
+ const config = await server.config.getConfig()
const auths = config.plugin.registeredExternalAuths
- expect(auths).to.have.lengthOf(2)
+ expect(auths).to.have.lengthOf(7)
const auth1 = auths.find(a => a.authName === 'external-auth-2')
expect(auth1).to.not.exist
})
it('Should uninstall the plugin one and do not login Cyan', async function () {
- await uninstallPlugin({
- url: server.url,
- accessToken: server.accessToken,
- npmName: 'peertube-plugin-test-external-auth-one'
- })
+ await server.plugins.uninstall({ npmName: 'peertube-plugin-test-external-auth-one' })
await loginExternal({
server,
username: 'cyan'
},
username: 'cyan',
- statusCodeExpected: 404
+ expectedStatus: HttpStatusCode.NOT_FOUND_404
})
+
+ await server.login.login({ user: { username: 'cyan', password: null }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+ await server.login.login({ user: { username: 'cyan', password: '' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+ await server.login.login({ user: { username: 'cyan', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
})
- it('Should display the correct configuration', async function () {
- const res = await getConfig(server.url)
+ it('Should not login kefka with another plugin', async function () {
+ await loginExternal({
+ server,
+ npmName: 'test-external-auth-two',
+ authName: 'external-auth-4',
+ username: 'kefka2',
+ expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
+ })
- const config: ServerConfig = res.body
+ await loginExternal({
+ server,
+ npmName: 'test-external-auth-two',
+ authName: 'external-auth-4',
+ username: 'kefka',
+ expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
+ })
+ })
+
+ it('Should not login an existing user', async function () {
+ await server.users.create({ username: 'existing_user', password: 'super_password' })
+
+ await loginExternal({
+ server,
+ npmName: 'test-external-auth-two',
+ authName: 'external-auth-6',
+ username: 'existing_user',
+ expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
+ })
+ })
+
+ it('Should display the correct configuration', async function () {
+ const config = await server.config.getConfig()
const auths = config.plugin.registeredExternalAuths
- expect(auths).to.have.lengthOf(1)
+ expect(auths).to.have.lengthOf(6)
const auth2 = auths.find((a) => a.authName === 'external-auth-2')
expect(auth2).to.not.exist
after(async function () {
await cleanupTests([ server ])
})
+
+ it('Should forward the redirectUrl if the plugin returns one', async function () {
+ const resLogin = await loginExternal({
+ server,
+ npmName: 'test-external-auth-three',
+ authName: 'external-auth-7',
+ username: 'cid'
+ })
+
+ const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
+ expect(redirectUrl).to.equal('https://example.com/redirectUrl')
+ })
+
+ it('Should call the plugin\'s onLogout method with the request', async function () {
+ const resLogin = await loginExternal({
+ server,
+ npmName: 'test-external-auth-three',
+ authName: 'external-auth-8',
+ username: 'cid'
+ })
+
+ const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
+ expect(redirectUrl).to.equal('https://example.com/redirectUrl?access_token=' + resLogin.access_token)
+ })
})