X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Ftwo-factor.ts;h=f8365f1b567b5103630ab88cf7bef68d140b7356;hb=63fa260a81a8930c157b73c897fe8696a8cc90d4;hp=e7ca5490cee906fe924e56ccdd2acf3a7f2c26c9;hpb=56f47830758ff8e92abcfcc5f35d474ab12fe215;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/tests/api/check-params/two-factor.ts b/server/tests/api/check-params/two-factor.ts
index e7ca5490c..f8365f1b5 100644
--- a/server/tests/api/check-params/two-factor.ts
+++ b/server/tests/api/check-params/two-factor.ts
@@ -86,6 +86,15 @@ describe('Test two factor API validators', function () {
       })
     })
 
+    it('Should succeed to request two factor without a password when targeting a remote user with an admin account', async function () {
+      await server.twoFactor.request({ userId })
+    })
+
+    it('Should fail to request two factor without a password when targeting myself with an admin account', async function () {
+      await server.twoFactor.request({ userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      await server.twoFactor.request({ userId: rootId, currentPassword: 'bad', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    })
+
     it('Should succeed to request my two factor auth', async function () {
       {
         const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword })
@@ -234,7 +243,7 @@ describe('Test two factor API validators', function () {
       })
     })
 
-    it('Should fail to disabled two factor with an incorrect password', async function () {
+    it('Should fail to disable two factor with an incorrect password', async function () {
       await server.twoFactor.disable({
         userId,
         token: userToken,
@@ -243,16 +252,20 @@ describe('Test two factor API validators', function () {
       })
     })
 
+    it('Should succeed to disable two factor without a password when targeting a remote user with an admin account', async function () {
+      await server.twoFactor.disable({ userId })
+      await server.twoFactor.requestAndConfirm({ userId })
+    })
+
+    it('Should fail to disable two factor without a password when targeting myself with an admin account', async function () {
+      await server.twoFactor.disable({ userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      await server.twoFactor.disable({ userId: rootId, currentPassword: 'bad', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    })
+
     it('Should succeed to disable another user two factor with the appropriate rights', async function () {
       await server.twoFactor.disable({ userId, currentPassword: rootPassword })
 
-      // Reinit
-      const { otpRequest } = await server.twoFactor.request({ userId, currentPassword: rootPassword })
-      await server.twoFactor.confirmRequest({
-        userId,
-        requestToken: otpRequest.requestToken,
-        otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate()
-      })
+      await server.twoFactor.requestAndConfirm({ userId })
     })
 
     it('Should succeed to update my two factor auth', async function () {