X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fplugins%2Fexternal-auth.ts;h=e600f958f89bb68657713cadbf64f17387d2abc0;hb=60b880acdfa85eab5c9ec09ba1283f82ae58ec85;hp=e421fd2245d0ecc692c1b2889e5126abc57861b8;hpb=41d1d075011174e73dccb74006181a92a618d7b4;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/plugins/external-auth.ts b/server/tests/plugins/external-auth.ts index e421fd224..e600f958f 100644 --- a/server/tests/plugins/external-auth.ts +++ b/server/tests/plugins/external-auth.ts @@ -1,37 +1,32 @@ /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ -import 'mocha' import { expect } from 'chai' -import { HttpStatusCode } from '@shared/core-utils' +import { wait } from '@shared/core-utils' +import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models' import { cleanupTests, - createUser, + createSingleServer, decodeQueryString, - flushAndRunServer, - getMyUserInformation, + PeerTubeServer, PluginsCommand, - ServerInfo, - setAccessTokensToServers, - updateMyUser, - wait -} from '@shared/extra-utils' -import { User, UserRole } from '@shared/models' + setAccessTokensToServers +} from '@shared/server-commands' async function loginExternal (options: { - server: ServerInfo + server: PeerTubeServer npmName: string authName: string username: string query?: any - statusCodeExpected?: HttpStatusCode - statusCodeExpectedStep2?: HttpStatusCode + expectedStatus?: HttpStatusCode + expectedStatusStep2?: HttpStatusCode }) { - const res = await options.server.pluginsCommand.getExternalAuth({ + const res = await options.server.plugins.getExternalAuth({ npmName: options.npmName, npmVersion: '0.0.1', authName: options.authName, query: options.query, - expectedStatus: options.statusCodeExpected || HttpStatusCode.FOUND_302 + expectedStatus: options.expectedStatus || HttpStatusCode.FOUND_302 }) if (res.status !== HttpStatusCode.FOUND_302) return @@ -39,42 +34,50 @@ async function loginExternal (options: { const location = res.header.location const { externalAuthToken } = decodeQueryString(location) - const resLogin = await options.server.loginCommand.loginUsingExternalToken({ + const resLogin = await options.server.login.loginUsingExternalToken({ username: options.username, externalAuthToken: externalAuthToken as string, - expectedStatus: options.statusCodeExpectedStep2 + expectedStatus: options.expectedStatusStep2 }) return resLogin.body } describe('Test external auth plugins', function () { - let server: ServerInfo + let server: PeerTubeServer let cyanAccessToken: string let cyanRefreshToken: string let kefkaAccessToken: string let kefkaRefreshToken: string + let kefkaId: number let externalAuthToken: string before(async function () { this.timeout(30000) - server = await flushAndRunServer(1) + server = await createSingleServer(1, { + rates_limit: { + login: { + max: 30 + } + } + }) + await setAccessTokensToServers([ server ]) for (const suffix of [ 'one', 'two', 'three' ]) { - await server.pluginsCommand.install({ path: PluginsCommand.getPluginTestPath('-external-auth-' + suffix) }) + await server.plugins.install({ path: PluginsCommand.getPluginTestPath('-external-auth-' + suffix) }) } }) it('Should display the correct configuration', async function () { - const config = await server.configCommand.getConfig() + const config = await server.config.getConfig() const auths = config.plugin.registeredExternalAuths - expect(auths).to.have.lengthOf(8) + expect(auths).to.have.lengthOf(9) const auth2 = auths.find((a) => a.authName === 'external-auth-2') expect(auth2).to.exist @@ -83,7 +86,7 @@ describe('Test external auth plugins', function () { }) it('Should redirect for a Cyan login', async function () { - const res = await server.pluginsCommand.getExternalAuth({ + const res = await server.plugins.getExternalAuth({ npmName: 'test-external-auth-one', npmVersion: '0.0.1', authName: 'external-auth-1', @@ -105,14 +108,14 @@ describe('Test external auth plugins', function () { }) it('Should reject auto external login with a missing or invalid token', async function () { - const command = server.loginCommand + const command = server.login await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: '', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) }) it('Should reject auto external login with a missing or invalid username', async function () { - const command = server.loginCommand + const command = server.login await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) @@ -123,13 +126,13 @@ describe('Test external auth plugins', function () { await wait(5000) - await server.loginCommand.loginUsingExternalToken({ + await server.login.loginUsingExternalToken({ username: 'cyan', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) - await server.serversCommand.waitUntilLog('expired external auth token', 2) + await server.servers.waitUntilLog('expired external auth token', 4) }) it('Should auto login Cyan, create the user and use the token', async function () { @@ -149,13 +152,14 @@ describe('Test external auth plugins', function () { } { - const res = await getMyUserInformation(server.url, cyanAccessToken) - - const body: User = res.body + const body = await server.users.getMyInfo({ token: cyanAccessToken }) expect(body.username).to.equal('cyan') expect(body.account.displayName).to.equal('cyan') expect(body.email).to.equal('cyan@example.com') - expect(body.role).to.equal(UserRole.USER) + expect(body.role.id).to.equal(UserRole.USER) + expect(body.adminFlags).to.equal(UserAdminFlag.NONE) + expect(body.videoQuota).to.equal(5242880) + expect(body.videoQuotaDaily).to.equal(-1) } }) @@ -173,55 +177,54 @@ describe('Test external auth plugins', function () { } { - const res = await getMyUserInformation(server.url, kefkaAccessToken) - - const body: User = res.body + const body = await server.users.getMyInfo({ token: kefkaAccessToken }) expect(body.username).to.equal('kefka') expect(body.account.displayName).to.equal('Kefka Palazzo') expect(body.email).to.equal('kefka@example.com') - expect(body.role).to.equal(UserRole.ADMINISTRATOR) + expect(body.role.id).to.equal(UserRole.ADMINISTRATOR) + expect(body.adminFlags).to.equal(UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST) + expect(body.videoQuota).to.equal(42000) + expect(body.videoQuotaDaily).to.equal(42100) + + kefkaId = body.id } }) it('Should refresh Cyan token, but not Kefka token', async function () { { - const resRefresh = await server.loginCommand.refreshToken({ refreshToken: cyanRefreshToken }) + const resRefresh = await server.login.refreshToken({ refreshToken: cyanRefreshToken }) cyanAccessToken = resRefresh.body.access_token cyanRefreshToken = resRefresh.body.refresh_token - const res = await getMyUserInformation(server.url, cyanAccessToken) - const user: User = res.body - expect(user.username).to.equal('cyan') + const body = await server.users.getMyInfo({ token: cyanAccessToken }) + expect(body.username).to.equal('cyan') } { - await server.loginCommand.refreshToken({ refreshToken: kefkaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) + await server.login.refreshToken({ refreshToken: kefkaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) } }) it('Should update Cyan profile', async function () { - await updateMyUser({ - url: server.url, - accessToken: cyanAccessToken, + await server.users.updateMe({ + token: cyanAccessToken, displayName: 'Cyan Garamonde', description: 'Retainer to the king of Doma' }) - const res = await getMyUserInformation(server.url, cyanAccessToken) - - const body: User = res.body + const body = await server.users.getMyInfo({ token: cyanAccessToken }) expect(body.account.displayName).to.equal('Cyan Garamonde') expect(body.account.description).to.equal('Retainer to the king of Doma') }) it('Should logout Cyan', async function () { - await server.loginCommand.logout({ token: cyanAccessToken }) + await server.login.logout({ token: cyanAccessToken }) }) it('Should have logged out Cyan', async function () { - await server.serversCommand.waitUntilLog('On logout cyan') + await server.servers.waitUntilLog('On logout cyan') - await getMyUserInformation(server.url, cyanAccessToken, HttpStatusCode.UNAUTHORIZED_401) + await server.users.getMyInfo({ token: cyanAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) }) it('Should login Cyan and keep the old existing profile', async function () { @@ -239,22 +242,50 @@ describe('Test external auth plugins', function () { cyanAccessToken = res.access_token } - const res = await getMyUserInformation(server.url, cyanAccessToken) - - const body: User = res.body + const body = await server.users.getMyInfo({ token: cyanAccessToken }) expect(body.username).to.equal('cyan') expect(body.account.displayName).to.equal('Cyan Garamonde') expect(body.account.description).to.equal('Retainer to the king of Doma') - expect(body.role).to.equal(UserRole.USER) + expect(body.role.id).to.equal(UserRole.USER) + }) + + it('Should login Kefka and update the profile', async function () { + { + await server.users.update({ userId: kefkaId, videoQuota: 43000, videoQuotaDaily: 43100 }) + await server.users.updateMe({ token: kefkaAccessToken, displayName: 'kefka updated' }) + + const body = await server.users.getMyInfo({ token: kefkaAccessToken }) + expect(body.username).to.equal('kefka') + expect(body.account.displayName).to.equal('kefka updated') + expect(body.videoQuota).to.equal(43000) + expect(body.videoQuotaDaily).to.equal(43100) + } + + { + const res = await loginExternal({ + server, + npmName: 'test-external-auth-one', + authName: 'external-auth-2', + username: 'kefka' + }) + + kefkaAccessToken = res.access_token + kefkaRefreshToken = res.refresh_token + + const body = await server.users.getMyInfo({ token: kefkaAccessToken }) + expect(body.username).to.equal('kefka') + expect(body.account.displayName).to.equal('Kefka Palazzo') + expect(body.videoQuota).to.equal(42000) + expect(body.videoQuotaDaily).to.equal(43100) + } }) it('Should not update an external auth email', async function () { - await updateMyUser({ - url: server.url, - accessToken: cyanAccessToken, + await server.users.updateMe({ + token: cyanAccessToken, email: 'toto@example.com', currentPassword: 'toto', - statusCodeExpected: HttpStatusCode.BAD_REQUEST_400 + expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) }) @@ -263,16 +294,16 @@ describe('Test external auth plugins', function () { await wait(5000) - await getMyUserInformation(server.url, kefkaAccessToken, HttpStatusCode.UNAUTHORIZED_401) + await server.users.getMyInfo({ token: kefkaAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) }) it('Should unregister external-auth-2 and do not login existing Kefka', async function () { - await server.pluginsCommand.updateSettings({ + await server.plugins.updateSettings({ npmName: 'peertube-plugin-test-external-auth-one', settings: { disableKefka: true } }) - await server.loginCommand.login({ user: { username: 'kefka', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) + await server.login.login({ user: { username: 'kefka', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) await loginExternal({ server, @@ -282,22 +313,22 @@ describe('Test external auth plugins', function () { username: 'kefka' }, username: 'kefka', - statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + expectedStatus: HttpStatusCode.NOT_FOUND_404 }) }) it('Should have disabled this auth', async function () { - const config = await server.configCommand.getConfig() + const config = await server.config.getConfig() const auths = config.plugin.registeredExternalAuths - expect(auths).to.have.lengthOf(7) + expect(auths).to.have.lengthOf(8) const auth1 = auths.find(a => a.authName === 'external-auth-2') expect(auth1).to.not.exist }) it('Should uninstall the plugin one and do not login Cyan', async function () { - await server.pluginsCommand.uninstall({ npmName: 'peertube-plugin-test-external-auth-one' }) + await server.plugins.uninstall({ npmName: 'peertube-plugin-test-external-auth-one' }) await loginExternal({ server, @@ -307,12 +338,12 @@ describe('Test external auth plugins', function () { username: 'cyan' }, username: 'cyan', - statusCodeExpected: HttpStatusCode.NOT_FOUND_404 + expectedStatus: HttpStatusCode.NOT_FOUND_404 }) - await server.loginCommand.login({ user: { username: 'cyan', password: null }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) - await server.loginCommand.login({ user: { username: 'cyan', password: '' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) - await server.loginCommand.login({ user: { username: 'cyan', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) + await server.login.login({ user: { username: 'cyan', password: null }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) + await server.login.login({ user: { username: 'cyan', password: '' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) + await server.login.login({ user: { username: 'cyan', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) }) it('Should not login kefka with another plugin', async function () { @@ -321,7 +352,7 @@ describe('Test external auth plugins', function () { npmName: 'test-external-auth-two', authName: 'external-auth-4', username: 'kefka2', - statusCodeExpectedStep2: HttpStatusCode.BAD_REQUEST_400 + expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400 }) await loginExternal({ @@ -329,32 +360,49 @@ describe('Test external auth plugins', function () { npmName: 'test-external-auth-two', authName: 'external-auth-4', username: 'kefka', - statusCodeExpectedStep2: HttpStatusCode.BAD_REQUEST_400 + expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400 }) }) - it('Should not login an existing user', async function () { - await createUser({ - url: server.url, - accessToken: server.accessToken, - username: 'existing_user', - password: 'super_password' - }) + it('Should not login an existing user email', async function () { + await server.users.create({ username: 'existing_user', password: 'super_password' }) await loginExternal({ server, npmName: 'test-external-auth-two', authName: 'external-auth-6', username: 'existing_user', - statusCodeExpectedStep2: HttpStatusCode.BAD_REQUEST_400 + expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400 }) }) + it('Should be able to login an existing user username and channel', async function () { + await server.users.create({ username: 'existing_user2' }) + await server.users.create({ username: 'existing_user2-1_channel' }) + + // Test twice to ensure we don't generate a username on every login + for (let i = 0; i < 2; i++) { + const res = await loginExternal({ + server, + npmName: 'test-external-auth-two', + authName: 'external-auth-7', + username: 'existing_user2' + }) + + const token = res.access_token + + const myInfo = await server.users.getMyInfo({ token }) + expect(myInfo.username).to.equal('existing_user2-1') + + expect(myInfo.videoChannels[0].name).to.equal('existing_user2-1_channel-1') + } + }) + it('Should display the correct configuration', async function () { - const config = await server.configCommand.getConfig() + const config = await server.config.getConfig() const auths = config.plugin.registeredExternalAuths - expect(auths).to.have.lengthOf(6) + expect(auths).to.have.lengthOf(7) const auth2 = auths.find((a) => a.authName === 'external-auth-2') expect(auth2).to.not.exist @@ -372,7 +420,7 @@ describe('Test external auth plugins', function () { username: 'cid' }) - const { redirectUrl } = await server.loginCommand.logout({ token: resLogin.access_token }) + const { redirectUrl } = await server.login.logout({ token: resLogin.access_token }) expect(redirectUrl).to.equal('https://example.com/redirectUrl') }) @@ -384,7 +432,7 @@ describe('Test external auth plugins', function () { username: 'cid' }) - const { redirectUrl } = await server.loginCommand.logout({ token: resLogin.access_token }) + const { redirectUrl } = await server.login.logout({ token: resLogin.access_token }) expect(redirectUrl).to.equal('https://example.com/redirectUrl?access_token=' + resLogin.access_token) }) })