Allow admins to disable two factor auth

author: Chocobozzz <me@florianbigard.com> 2022-10-07 14:23:42 +0200
committer: Chocobozzz <me@florianbigard.com> 2022-10-07 14:28:35 +0200
commit: 2166c058f34dff6f91566930d12448805d829de7 (patch)
tree: 2b9100b8eccbac287d1105c765901f966a354986 /server/tests/api/check-params/two-factor.ts
parent: d12b40fb96d56786a96c06a621f3d8e0a0d24f4a (diff)
download: PeerTube-2166c058f34dff6f91566930d12448805d829de7.tar.gz
PeerTube-2166c058f34dff6f91566930d12448805d829de7.tar.zst
PeerTube-2166c058f34dff6f91566930d12448805d829de7.zip
1 files changed, 21 insertions, 8 deletions
diff --git a/server/tests/api/check-params/two-factor.ts b/server/tests/api/check-params/two-factor.ts
index e7ca5490c..f8365f1b5 100644
--- a/server/tests/api/check-params/two-factor.ts
+++ b/server/tests/api/check-params/two-factor.ts
@@ -86,6 +86,15 @@ describe('Test two factor API validators', function () {
      })
    })
+    it('Should succeed to request two factor without a password when targeting a remote user with an admin account', async function () {
+      await server.twoFactor.request({ userId })
+    })
+    it('Should fail to request two factor without a password when targeting myself with an admin account', async function () {
+      await server.twoFactor.request({ userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      await server.twoFactor.request({ userId: rootId, currentPassword: 'bad', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    })
    it('Should succeed to request my two factor auth', async function () {
      {
        const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword })
@@ -234,7 +243,7 @@ describe('Test two factor API validators', function () {
      })
    })
-    it('Should fail to disabled two factor with an incorrect password', async function () {
+    it('Should fail to disable two factor with an incorrect password', async function () {
      await server.twoFactor.disable({
        userId,
        token: userToken,
@@ -243,16 +252,20 @@ describe('Test two factor API validators', function () {
      })
    })
+    it('Should succeed to disable two factor without a password when targeting a remote user with an admin account', async function () {
+      await server.twoFactor.disable({ userId })
+      await server.twoFactor.requestAndConfirm({ userId })
+    })
+    it('Should fail to disable two factor without a password when targeting myself with an admin account', async function () {
+      await server.twoFactor.disable({ userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      await server.twoFactor.disable({ userId: rootId, currentPassword: 'bad', expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+    })
    it('Should succeed to disable another user two factor with the appropriate rights', async function () {
      await server.twoFactor.disable({ userId, currentPassword: rootPassword })
-      // Reinit
+      await server.twoFactor.requestAndConfirm({ userId })
-      const { otpRequest } = await server.twoFactor.request({ userId, currentPassword: rootPassword })
-      await server.twoFactor.confirmRequest({
-        userId,
-        requestToken: otpRequest.requestToken,
-        otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate()
-      })
    })
    it('Should succeed to update my two factor auth', async function () {
author	Chocobozzz <me@florianbigard.com>	2022-10-07 14:23:42 +0200
committer	Chocobozzz <me@florianbigard.com>	2022-10-07 14:28:35 +0200
commit	2166c058f34dff6f91566930d12448805d829de7 (patch)
tree	2b9100b8eccbac287d1105c765901f966a354986 /server/tests/api/check-params/two-factor.ts
parent	d12b40fb96d56786a96c06a621f3d8e0a0d24f4a (diff)
download	PeerTube-2166c058f34dff6f91566930d12448805d829de7.tar.gz PeerTube-2166c058f34dff6f91566930d12448805d829de7.tar.zst PeerTube-2166c058f34dff6f91566930d12448805d829de7.zip