X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fplugins%2Fexternal-auth.ts;h=5addb45c7826be08d5c2b2cf34556792ab481c6b;hb=a60696ab185406700a5277edae54016b0add7b89;hp=a72b2829b5e535d167c268c9af116234842747f9;hpb=9107d791e2eef9a1b24b0499dac8b9dbba8a792f;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/plugins/external-auth.ts b/server/tests/plugins/external-auth.ts index a72b2829b..5addb45c7 100644 --- a/server/tests/plugins/external-auth.ts +++ b/server/tests/plugins/external-auth.ts @@ -16,9 +16,13 @@ import { setAccessTokensToServers, uninstallPlugin, updateMyUser, - wait + wait, + userLogin, + updatePluginSettings, + createUser } from '../../../shared/extra-utils' import { cleanupTests, flushAndRunServer, ServerInfo, waitUntilLog } from '../../../shared/extra-utils/server/servers' +import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' async function loginExternal (options: { server: ServerInfo @@ -26,7 +30,8 @@ async function loginExternal (options: { authName: string username: string query?: any - statusCodeExpected?: number + statusCodeExpected?: HttpStatusCode + statusCodeExpectedStep2?: HttpStatusCode }) { const res = await getExternalAuth({ url: options.server.url, @@ -34,10 +39,10 @@ async function loginExternal (options: { npmVersion: '0.0.1', authName: options.authName, query: options.query, - statusCodeExpected: options.statusCodeExpected || 302 + statusCodeExpected: options.statusCodeExpected || HttpStatusCode.FOUND_302 }) - if (res.status !== 302) return + if (res.status !== HttpStatusCode.FOUND_302) return const location = res.header.location const { externalAuthToken } = decodeQueryString(location) @@ -45,7 +50,8 @@ async function loginExternal (options: { const resLogin = await loginUsingExternalToken( options.server, options.username, - externalAuthToken as string + externalAuthToken as string, + options.statusCodeExpectedStep2 ) return resLogin.body @@ -68,7 +74,7 @@ describe('Test external auth plugins', function () { server = await flushAndRunServer(1) await setAccessTokensToServers([ server ]) - for (const suffix of [ 'one', 'two' ]) { + for (const suffix of [ 'one', 'two', 'three' ]) { await installPlugin({ url: server.url, accessToken: server.accessToken, @@ -83,7 +89,7 @@ describe('Test external auth plugins', function () { const config: ServerConfig = res.body const auths = config.plugin.registeredExternalAuths - expect(auths).to.have.lengthOf(3) + expect(auths).to.have.lengthOf(8) const auth2 = auths.find((a) => a.authName === 'external-auth-2') expect(auth2).to.exist @@ -100,7 +106,7 @@ describe('Test external auth plugins', function () { query: { username: 'cyan' }, - statusCodeExpected: 302 + statusCodeExpected: HttpStatusCode.FOUND_302 }) const location = res.header.location @@ -115,13 +121,13 @@ describe('Test external auth plugins', function () { }) it('Should reject auto external login with a missing or invalid token', async function () { - await loginUsingExternalToken(server, 'cyan', '', 400) - await loginUsingExternalToken(server, 'cyan', 'blabla', 400) + await loginUsingExternalToken(server, 'cyan', '', HttpStatusCode.BAD_REQUEST_400) + await loginUsingExternalToken(server, 'cyan', 'blabla', HttpStatusCode.BAD_REQUEST_400) }) it('Should reject auto external login with a missing or invalid username', async function () { - await loginUsingExternalToken(server, '', externalAuthToken, 400) - await loginUsingExternalToken(server, '', externalAuthToken, 400) + await loginUsingExternalToken(server, '', externalAuthToken, HttpStatusCode.BAD_REQUEST_400) + await loginUsingExternalToken(server, '', externalAuthToken, HttpStatusCode.BAD_REQUEST_400) }) it('Should reject auto external login with an expired token', async function () { @@ -129,9 +135,9 @@ describe('Test external auth plugins', function () { await wait(5000) - await loginUsingExternalToken(server, 'cyan', externalAuthToken, 400) + await loginUsingExternalToken(server, 'cyan', externalAuthToken, HttpStatusCode.BAD_REQUEST_400) - await waitUntilLog(server, 'expired external auth token') + await waitUntilLog(server, 'expired external auth token', 2) }) it('Should auto login Cyan, create the user and use the token', async function () { @@ -197,7 +203,7 @@ describe('Test external auth plugins', function () { } { - await refreshToken(server, kefkaRefreshToken, 400) + await refreshToken(server, kefkaRefreshToken, HttpStatusCode.BAD_REQUEST_400) } }) @@ -223,7 +229,7 @@ describe('Test external auth plugins', function () { it('Should have logged out Cyan', async function () { await waitUntilLog(server, 'On logout cyan') - await getMyUserInformation(server.url, cyanAccessToken, 401) + await getMyUserInformation(server.url, cyanAccessToken, HttpStatusCode.UNAUTHORIZED_401) }) it('Should login Cyan and keep the old existing profile', async function () { @@ -250,12 +256,56 @@ describe('Test external auth plugins', function () { expect(body.role).to.equal(UserRole.USER) }) + it('Should not update an external auth email', async function () { + await updateMyUser({ + url: server.url, + accessToken: cyanAccessToken, + email: 'toto@example.com', + currentPassword: 'toto', + statusCodeExpected: HttpStatusCode.BAD_REQUEST_400 + }) + }) + it('Should reject token of Kefka by the plugin hook', async function () { this.timeout(10000) await wait(5000) - await getMyUserInformation(server.url, kefkaAccessToken, 401) + await getMyUserInformation(server.url, kefkaAccessToken, HttpStatusCode.UNAUTHORIZED_401) + }) + + it('Should unregister external-auth-2 and do not login existing Kefka', async function () { + await updatePluginSettings({ + url: server.url, + accessToken: server.accessToken, + npmName: 'peertube-plugin-test-external-auth-one', + settings: { disableKefka: true } + }) + + await userLogin(server, { username: 'kefka', password: 'fake' }, HttpStatusCode.BAD_REQUEST_400) + + await loginExternal({ + server, + npmName: 'test-external-auth-one', + authName: 'external-auth-2', + query: { + username: 'kefka' + }, + username: 'kefka', + statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + }) + }) + + it('Should have disabled this auth', async function () { + const res = await getConfig(server.url) + + const config: ServerConfig = res.body + + const auths = config.plugin.registeredExternalAuths + expect(auths).to.have.lengthOf(7) + + const auth1 = auths.find(a => a.authName === 'external-auth-2') + expect(auth1).to.not.exist }) it('Should uninstall the plugin one and do not login Cyan', async function () { @@ -273,7 +323,46 @@ describe('Test external auth plugins', function () { username: 'cyan' }, username: 'cyan', - statusCodeExpected: 404 + statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + }) + + await userLogin(server, { username: 'cyan', password: null }, HttpStatusCode.BAD_REQUEST_400) + await userLogin(server, { username: 'cyan', password: '' }, HttpStatusCode.BAD_REQUEST_400) + await userLogin(server, { username: 'cyan', password: 'fake' }, HttpStatusCode.BAD_REQUEST_400) + }) + + it('Should not login kefka with another plugin', async function () { + await loginExternal({ + server, + npmName: 'test-external-auth-two', + authName: 'external-auth-4', + username: 'kefka2', + statusCodeExpectedStep2: HttpStatusCode.BAD_REQUEST_400 + }) + + await loginExternal({ + server, + npmName: 'test-external-auth-two', + authName: 'external-auth-4', + username: 'kefka', + statusCodeExpectedStep2: HttpStatusCode.BAD_REQUEST_400 + }) + }) + + it('Should not login an existing user', async function () { + await createUser({ + url: server.url, + accessToken: server.accessToken, + username: 'existing_user', + password: 'super_password' + }) + + await loginExternal({ + server, + npmName: 'test-external-auth-two', + authName: 'external-auth-6', + username: 'existing_user', + statusCodeExpectedStep2: HttpStatusCode.BAD_REQUEST_400 }) }) @@ -283,7 +372,7 @@ describe('Test external auth plugins', function () { const config: ServerConfig = res.body const auths = config.plugin.registeredExternalAuths - expect(auths).to.have.lengthOf(1) + expect(auths).to.have.lengthOf(6) const auth2 = auths.find((a) => a.authName === 'external-auth-2') expect(auth2).to.not.exist @@ -292,4 +381,30 @@ describe('Test external auth plugins', function () { after(async function () { await cleanupTests([ server ]) }) + + it('Should forward the redirectUrl if the plugin returns one', async function () { + const resLogin = await loginExternal({ + server, + npmName: 'test-external-auth-three', + authName: 'external-auth-7', + username: 'cid' + }) + + const resLogout = await logout(server.url, resLogin.access_token) + + expect(resLogout.body.redirectUrl).to.equal('https://example.com/redirectUrl') + }) + + it('Should call the plugin\'s onLogout method with the request', async function () { + const resLogin = await loginExternal({ + server, + npmName: 'test-external-auth-three', + authName: 'external-auth-8', + username: 'cid' + }) + + const resLogout = await logout(server.url, resLogin.access_token) + + expect(resLogout.body.redirectUrl).to.equal('https://example.com/redirectUrl?access_token=' + resLogin.access_token) + }) })