X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fusers%2Ftwo-factor.ts;h=0dcab9e17cd9c4ab0d3adcb98db3a67a966fc78d;hb=2166c058f34dff6f91566930d12448805d829de7;hp=450aac4dc8a8253b8e0275f2df15b7dfaf55255b;hpb=56f47830758ff8e92abcfcc5f35d474ab12fe215;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/users/two-factor.ts b/server/tests/api/users/two-factor.ts index 450aac4dc..0dcab9e17 100644 --- a/server/tests/api/users/two-factor.ts +++ b/server/tests/api/users/two-factor.ts @@ -7,13 +7,14 @@ import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServ async function login (options: { server: PeerTubeServer - password?: string + username: string + password: string otpToken?: string expectedStatus?: HttpStatusCode }) { - const { server, password = server.store.user.password, otpToken, expectedStatus } = options + const { server, username, password, otpToken, expectedStatus } = options - const user = { username: server.store.user.username, password } + const user = { username, password } const { res, body: { access_token: token } } = await server.login.loginAndGetResponse({ user, otpToken, expectedStatus }) return { res, token } @@ -21,23 +22,28 @@ async function login (options: { describe('Test users', function () { let server: PeerTubeServer - let rootId: number let otpSecret: string let requestToken: string + const userUsername = 'user1' + let userId: number + let userPassword: string + let userToken: string + before(async function () { this.timeout(30000) server = await createSingleServer(1) await setAccessTokensToServers([ server ]) - - const { id } = await server.users.getMyInfo() - rootId = id + const res = await server.users.generate(userUsername) + userId = res.userId + userPassword = res.password + userToken = res.token }) it('Should not add the header on login if two factor is not enabled', async function () { - const { res, token } = await login({ server }) + const { res, token } = await login({ server, username: userUsername, password: userPassword }) expect(res.header['x-peertube-otp']).to.not.exist @@ -45,10 +51,7 @@ describe('Test users', function () { }) it('Should request two factor and get the secret and uri', async function () { - const { otpRequest } = await server.twoFactor.request({ - userId: rootId, - currentPassword: server.store.user.password - }) + const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword }) expect(otpRequest.requestToken).to.exist @@ -64,27 +67,33 @@ describe('Test users', function () { }) it('Should not have two factor confirmed yet', async function () { - const { twoFactorEnabled } = await server.users.getMyInfo() + const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) expect(twoFactorEnabled).to.be.false }) it('Should confirm two factor', async function () { await server.twoFactor.confirmRequest({ - userId: rootId, + userId, + token: userToken, otpToken: TwoFactorCommand.buildOTP({ secret: otpSecret }).generate(), requestToken }) }) it('Should not add the header on login if two factor is enabled and password is incorrect', async function () { - const { res, token } = await login({ server, password: 'fake', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) + const { res, token } = await login({ server, username: userUsername, password: 'fake', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) expect(res.header['x-peertube-otp']).to.not.exist expect(token).to.not.exist }) it('Should add the header on login if two factor is enabled and password is correct', async function () { - const { res, token } = await login({ server, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) + const { res, token } = await login({ + server, + username: userUsername, + password: userPassword, + expectedStatus: HttpStatusCode.UNAUTHORIZED_401 + }) expect(res.header['x-peertube-otp']).to.exist expect(token).to.not.exist @@ -95,14 +104,26 @@ describe('Test users', function () { it('Should not login with correct password and incorrect otp secret', async function () { const otp = TwoFactorCommand.buildOTP({ secret: 'a'.repeat(32) }) - const { res, token } = await login({ server, otpToken: otp.generate(), expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) + const { res, token } = await login({ + server, + username: userUsername, + password: userPassword, + otpToken: otp.generate(), + expectedStatus: HttpStatusCode.BAD_REQUEST_400 + }) expect(res.header['x-peertube-otp']).to.not.exist expect(token).to.not.exist }) it('Should not login with correct password and incorrect otp code', async function () { - const { res, token } = await login({ server, otpToken: '123456', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) + const { res, token } = await login({ + server, + username: userUsername, + password: userPassword, + otpToken: '123456', + expectedStatus: HttpStatusCode.BAD_REQUEST_400 + }) expect(res.header['x-peertube-otp']).to.not.exist expect(token).to.not.exist @@ -111,7 +132,13 @@ describe('Test users', function () { it('Should not login with incorrect password and correct otp code', async function () { const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate() - const { res, token } = await login({ server, password: 'fake', otpToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) + const { res, token } = await login({ + server, + username: userUsername, + password: 'fake', + otpToken, + expectedStatus: HttpStatusCode.BAD_REQUEST_400 + }) expect(res.header['x-peertube-otp']).to.not.exist expect(token).to.not.exist @@ -120,7 +147,7 @@ describe('Test users', function () { it('Should correctly login with correct password and otp code', async function () { const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate() - const { res, token } = await login({ server, otpToken }) + const { res, token } = await login({ server, username: userUsername, password: userPassword, otpToken }) expect(res.header['x-peertube-otp']).to.not.exist expect(token).to.exist @@ -129,21 +156,41 @@ describe('Test users', function () { }) it('Should have two factor enabled when getting my info', async function () { - const { twoFactorEnabled } = await server.users.getMyInfo() + const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) expect(twoFactorEnabled).to.be.true }) it('Should disable two factor and be able to login without otp token', async function () { - await server.twoFactor.disable({ userId: rootId, currentPassword: server.store.user.password }) + await server.twoFactor.disable({ userId, token: userToken, currentPassword: userPassword }) - const { res, token } = await login({ server }) + const { res, token } = await login({ server, username: userUsername, password: userPassword }) expect(res.header['x-peertube-otp']).to.not.exist await server.users.getMyInfo({ token }) }) it('Should have two factor disabled when getting my info', async function () { - const { twoFactorEnabled } = await server.users.getMyInfo() + const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) + expect(twoFactorEnabled).to.be.false + }) + + it('Should enable two factor auth without password from an admin', async function () { + const { otpRequest } = await server.twoFactor.request({ userId }) + + await server.twoFactor.confirmRequest({ + userId, + otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate(), + requestToken: otpRequest.requestToken + }) + + const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) + expect(twoFactorEnabled).to.be.true + }) + + it('Should disable two factor auth without password from an admin', async function () { + await server.twoFactor.disable({ userId }) + + const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) expect(twoFactorEnabled).to.be.false })