1 files changed, 436 insertions, 0 deletions
diff --git a/packages/tests/src/plugins/external-auth.ts b/packages/tests/src/plugins/external-auth.ts
new file mode 100644
index 000000000..c7fe22185
--- /dev/null
+++ b/packages/tests/src/plugins/external-auth.ts
@@ -0,0 +1,436 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import { expect } from 'chai'
+import { wait } from '@peertube/peertube-core-utils'
+import { HttpStatusCode, HttpStatusCodeType, UserAdminFlag, UserRole } from '@peertube/peertube-models'
+import {
+  cleanupTests,
+  createSingleServer,
+  decodeQueryString,
+  PeerTubeServer,
+  PluginsCommand,
+  setAccessTokensToServers
+} from '@peertube/peertube-server-commands'
+async function loginExternal (options: {
+  server: PeerTubeServer
+  npmName: string
+  authName: string
+  username: string
+  query?: any
+  expectedStatus?: HttpStatusCodeType
+  expectedStatusStep2?: HttpStatusCodeType
+}) {
+  const res = await options.server.plugins.getExternalAuth({
+    npmName: options.npmName,
+    npmVersion: '0.0.1',
+    authName: options.authName,
+    query: options.query,
+    expectedStatus: options.expectedStatus || HttpStatusCode.FOUND_302
+  })
+  if (res.status !== HttpStatusCode.FOUND_302) return
+  const location = res.header.location
+  const { externalAuthToken } = decodeQueryString(location)
+  const resLogin = await options.server.login.loginUsingExternalToken({
+    username: options.username,
+    externalAuthToken: externalAuthToken as string,
+    expectedStatus: options.expectedStatusStep2
+  })
+  return resLogin.body
+}
+describe('Test external auth plugins', function () {
+  let server: PeerTubeServer
+  let cyanAccessToken: string
+  let cyanRefreshToken: string
+  let kefkaAccessToken: string
+  let kefkaRefreshToken: string
+  let kefkaId: number
+  let externalAuthToken: string
+  before(async function () {
+    this.timeout(30000)
+    server = await createSingleServer(1, {
+      rates_limit: {
+        login: {
+          max: 30
+        }
+      }
+    })
+    await setAccessTokensToServers([ server ])
+    for (const suffix of [ 'one', 'two', 'three' ]) {
+      await server.plugins.install({ path: PluginsCommand.getPluginTestPath('-external-auth-' + suffix) })
+    }
+  })
+  it('Should display the correct configuration', async function () {
+    const config = await server.config.getConfig()
+    const auths = config.plugin.registeredExternalAuths
+    expect(auths).to.have.lengthOf(9)
+    const auth2 = auths.find((a) => a.authName === 'external-auth-2')
+    expect(auth2).to.exist
+    expect(auth2.authDisplayName).to.equal('External Auth 2')
+    expect(auth2.npmName).to.equal('peertube-plugin-test-external-auth-one')
+  })
+  it('Should redirect for a Cyan login', async function () {
+    const res = await server.plugins.getExternalAuth({
+      npmName: 'test-external-auth-one',
+      npmVersion: '0.0.1',
+      authName: 'external-auth-1',
+      query: {
+        username: 'cyan'
+      },
+      expectedStatus: HttpStatusCode.FOUND_302
+    })
+    const location = res.header.location
+    expect(location.startsWith('/login?')).to.be.true
+    const searchParams = decodeQueryString(location)
+    expect(searchParams.externalAuthToken).to.exist
+    expect(searchParams.username).to.equal('cyan')
+    externalAuthToken = searchParams.externalAuthToken as string
+  })
+  it('Should reject auto external login with a missing or invalid token', async function () {
+    const command = server.login
+    await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: '', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+  })
+  it('Should reject auto external login with a missing or invalid username', async function () {
+    const command = server.login
+    await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+  })
+  it('Should reject auto external login with an expired token', async function () {
+    this.timeout(15000)
+    await wait(5000)
+    await server.login.loginUsingExternalToken({
+      username: 'cyan',
+      externalAuthToken,
+      expectedStatus: HttpStatusCode.BAD_REQUEST_400
+    })
+    await server.servers.waitUntilLog('expired external auth token', 4)
+  })
+  it('Should auto login Cyan, create the user and use the token', async function () {
+    {
+      const res = await loginExternal({
+        server,
+        npmName: 'test-external-auth-one',
+        authName: 'external-auth-1',
+        query: {
+          username: 'cyan'
+        },
+        username: 'cyan'
+      })
+      cyanAccessToken = res.access_token
+      cyanRefreshToken = res.refresh_token
+    }
+    {
+      const body = await server.users.getMyInfo({ token: cyanAccessToken })
+      expect(body.username).to.equal('cyan')
+      expect(body.account.displayName).to.equal('cyan')
+      expect(body.email).to.equal('cyan@example.com')
+      expect(body.role.id).to.equal(UserRole.USER)
+      expect(body.adminFlags).to.equal(UserAdminFlag.NONE)
+      expect(body.videoQuota).to.equal(5242880)
+      expect(body.videoQuotaDaily).to.equal(-1)
+    }
+  })
+  it('Should auto login Kefka, create the user and use the token', async function () {
+    {
+      const res = await loginExternal({
+        server,
+        npmName: 'test-external-auth-one',
+        authName: 'external-auth-2',
+        username: 'kefka'
+      })
+      kefkaAccessToken = res.access_token
+      kefkaRefreshToken = res.refresh_token
+    }
+    {
+      const body = await server.users.getMyInfo({ token: kefkaAccessToken })
+      expect(body.username).to.equal('kefka')
+      expect(body.account.displayName).to.equal('Kefka Palazzo')
+      expect(body.email).to.equal('kefka@example.com')
+      expect(body.role.id).to.equal(UserRole.ADMINISTRATOR)
+      expect(body.adminFlags).to.equal(UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST)
+      expect(body.videoQuota).to.equal(42000)
+      expect(body.videoQuotaDaily).to.equal(42100)
+      kefkaId = body.id
+    }
+  })
+  it('Should refresh Cyan token, but not Kefka token', async function () {
+    {
+      const resRefresh = await server.login.refreshToken({ refreshToken: cyanRefreshToken })
+      cyanAccessToken = resRefresh.body.access_token
+      cyanRefreshToken = resRefresh.body.refresh_token
+      const body = await server.users.getMyInfo({ token: cyanAccessToken })
+      expect(body.username).to.equal('cyan')
+    }
+    {
+      await server.login.refreshToken({ refreshToken: kefkaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    }
+  })
+  it('Should update Cyan profile', async function () {
+    await server.users.updateMe({
+      token: cyanAccessToken,
+      displayName: 'Cyan Garamonde',
+      description: 'Retainer to the king of Doma'
+    })
+    const body = await server.users.getMyInfo({ token: cyanAccessToken })
+    expect(body.account.displayName).to.equal('Cyan Garamonde')
+    expect(body.account.description).to.equal('Retainer to the king of Doma')
+  })
+  it('Should logout Cyan', async function () {
+    await server.login.logout({ token: cyanAccessToken })
+  })
+  it('Should have logged out Cyan', async function () {
+    await server.servers.waitUntilLog('On logout cyan')
+    await server.users.getMyInfo({ token: cyanAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+  })
+  it('Should login Cyan and keep the old existing profile', async function () {
+    {
+      const res = await loginExternal({
+        server,
+        npmName: 'test-external-auth-one',
+        authName: 'external-auth-1',
+        query: {
+          username: 'cyan'
+        },
+        username: 'cyan'
+      })
+      cyanAccessToken = res.access_token
+    }
+    const body = await server.users.getMyInfo({ token: cyanAccessToken })
+    expect(body.username).to.equal('cyan')
+    expect(body.account.displayName).to.equal('Cyan Garamonde')
+    expect(body.account.description).to.equal('Retainer to the king of Doma')
+    expect(body.role.id).to.equal(UserRole.USER)
+  })
+  it('Should login Kefka and update the profile', async function () {
+    {
+      await server.users.update({ userId: kefkaId, videoQuota: 43000, videoQuotaDaily: 43100 })
+      await server.users.updateMe({ token: kefkaAccessToken, displayName: 'kefka updated' })
+      const body = await server.users.getMyInfo({ token: kefkaAccessToken })
+      expect(body.username).to.equal('kefka')
+      expect(body.account.displayName).to.equal('kefka updated')
+      expect(body.videoQuota).to.equal(43000)
+      expect(body.videoQuotaDaily).to.equal(43100)
+    }
+    {
+      const res = await loginExternal({
+        server,
+        npmName: 'test-external-auth-one',
+        authName: 'external-auth-2',
+        username: 'kefka'
+      })
+      kefkaAccessToken = res.access_token
+      kefkaRefreshToken = res.refresh_token
+      const body = await server.users.getMyInfo({ token: kefkaAccessToken })
+      expect(body.username).to.equal('kefka')
+      expect(body.account.displayName).to.equal('Kefka Palazzo')
+      expect(body.videoQuota).to.equal(42000)
+      expect(body.videoQuotaDaily).to.equal(43100)
+    }
+  })
+  it('Should not update an external auth email', async function () {
+    await server.users.updateMe({
+      token: cyanAccessToken,
+      email: 'toto@example.com',
+      currentPassword: 'toto',
+      expectedStatus: HttpStatusCode.BAD_REQUEST_400
+    })
+  })
+  it('Should reject token of Kefka by the plugin hook', async function () {
+    await wait(5000)
+    await server.users.getMyInfo({ token: kefkaAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+  })
+  it('Should unregister external-auth-2 and do not login existing Kefka', async function () {
+    await server.plugins.updateSettings({
+      npmName: 'peertube-plugin-test-external-auth-one',
+      settings: { disableKefka: true }
+    })
+    await server.login.login({ user: { username: 'kefka', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    await loginExternal({
+      server,
+      npmName: 'test-external-auth-one',
+      authName: 'external-auth-2',
+      query: {
+        username: 'kefka'
+      },
+      username: 'kefka',
+      expectedStatus: HttpStatusCode.NOT_FOUND_404
+    })
+  })
+  it('Should have disabled this auth', async function () {
+    const config = await server.config.getConfig()
+    const auths = config.plugin.registeredExternalAuths
+    expect(auths).to.have.lengthOf(8)
+    const auth1 = auths.find(a => a.authName === 'external-auth-2')
+    expect(auth1).to.not.exist
+  })
+  it('Should uninstall the plugin one and do not login Cyan', async function () {
+    await server.plugins.uninstall({ npmName: 'peertube-plugin-test-external-auth-one' })
+    await loginExternal({
+      server,
+      npmName: 'test-external-auth-one',
+      authName: 'external-auth-1',
+      query: {
+        username: 'cyan'
+      },
+      username: 'cyan',
+      expectedStatus: HttpStatusCode.NOT_FOUND_404
+    })
+    await server.login.login({ user: { username: 'cyan', password: null }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    await server.login.login({ user: { username: 'cyan', password: '' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    await server.login.login({ user: { username: 'cyan', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+  })
+  it('Should not login kefka with another plugin', async function () {
+    await loginExternal({
+      server,
+      npmName: 'test-external-auth-two',
+      authName: 'external-auth-4',
+      username: 'kefka2',
+      expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
+    })
+    await loginExternal({
+      server,
+      npmName: 'test-external-auth-two',
+      authName: 'external-auth-4',
+      username: 'kefka',
+      expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
+    })
+  })
+  it('Should not login an existing user email', async function () {
+    await server.users.create({ username: 'existing_user', password: 'super_password' })
+    await loginExternal({
+      server,
+      npmName: 'test-external-auth-two',
+      authName: 'external-auth-6',
+      username: 'existing_user',
+      expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
+    })
+  })
+  it('Should be able to login an existing user username and channel', async function () {
+    await server.users.create({ username: 'existing_user2' })
+    await server.users.create({ username: 'existing_user2-1_channel' })
+    // Test twice to ensure we don't generate a username on every login
+    for (let i = 0; i < 2; i++) {
+      const res = await loginExternal({
+        server,
+        npmName: 'test-external-auth-two',
+        authName: 'external-auth-7',
+        username: 'existing_user2'
+      })
+      const token = res.access_token
+      const myInfo = await server.users.getMyInfo({ token })
+      expect(myInfo.username).to.equal('existing_user2-1')
+      expect(myInfo.videoChannels[0].name).to.equal('existing_user2-1_channel-1')
+    }
+  })
+  it('Should display the correct configuration', async function () {
+    const config = await server.config.getConfig()
+    const auths = config.plugin.registeredExternalAuths
+    expect(auths).to.have.lengthOf(7)
+    const auth2 = auths.find((a) => a.authName === 'external-auth-2')
+    expect(auth2).to.not.exist
+  })
+  after(async function () {
+    await cleanupTests([ server ])
+  })
+  it('Should forward the redirectUrl if the plugin returns one', async function () {
+    const resLogin = await loginExternal({
+      server,
+      npmName: 'test-external-auth-three',
+      authName: 'external-auth-7',
+      username: 'cid'
+    })
+    const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
+    expect(redirectUrl).to.equal('https://example.com/redirectUrl')
+  })
+  it('Should call the plugin\'s onLogout method with the request', async function () {
+    const resLogin = await loginExternal({
+      server,
+      npmName: 'test-external-auth-three',
+      authName: 'external-auth-8',
+      username: 'cid'
+    })
+    const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
+    expect(redirectUrl).to.equal('https://example.com/redirectUrl?access_token=' + resLogin.access_token)
+  })
+})

diff --git a/packages/tests/src/plugins/external-auth.ts b/packages/tests/src/plugins/external-auth.ts new file mode 100644 index 000000000..c7fe22185 --- /dev/null +++ b/packages/tests/src/plugins/external-auth.ts
@@ -0,0 +1,436 @@
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import { expect } from 'chai'
	4	import { wait } from '@peertube/peertube-core-utils'
	5	import { HttpStatusCode, HttpStatusCodeType, UserAdminFlag, UserRole } from '@peertube/peertube-models'
	6	import {
	7	cleanupTests,
	8	createSingleServer,
	9	decodeQueryString,
	10	PeerTubeServer,
	11	PluginsCommand,
	12	setAccessTokensToServers
	13	} from '@peertube/peertube-server-commands'
	14
	15	async function loginExternal (options: {
	16	server: PeerTubeServer
	17	npmName: string
	18	authName: string
	19	username: string
	20	query?: any
	21	expectedStatus?: HttpStatusCodeType
	22	expectedStatusStep2?: HttpStatusCodeType
	23	}) {
	24	const res = await options.server.plugins.getExternalAuth({
	25	npmName: options.npmName,
	26	npmVersion: '0.0.1',
	27	authName: options.authName,
	28	query: options.query,
	29	expectedStatus: options.expectedStatus \|\| HttpStatusCode.FOUND_302
	30	})
	31
	32	if (res.status !== HttpStatusCode.FOUND_302) return
	33
	34	const location = res.header.location
	35	const { externalAuthToken } = decodeQueryString(location)
	36
	37	const resLogin = await options.server.login.loginUsingExternalToken({
	38	username: options.username,
	39	externalAuthToken: externalAuthToken as string,
	40	expectedStatus: options.expectedStatusStep2
	41	})
	42
	43	return resLogin.body
	44	}
	45
	46	describe('Test external auth plugins', function () {
	47	let server: PeerTubeServer
	48
	49	let cyanAccessToken: string
	50	let cyanRefreshToken: string
	51
	52	let kefkaAccessToken: string
	53	let kefkaRefreshToken: string
	54	let kefkaId: number
	55
	56	let externalAuthToken: string
	57
	58	before(async function () {
	59	this.timeout(30000)
	60
	61	server = await createSingleServer(1, {
	62	rates_limit: {
	63	login: {
	64	max: 30
	65	}
	66	}
	67	})
	68
	69	await setAccessTokensToServers([ server ])
	70
	71	for (const suffix of [ 'one', 'two', 'three' ]) {
	72	await server.plugins.install({ path: PluginsCommand.getPluginTestPath('-external-auth-' + suffix) })
	73	}
	74	})
	75
	76	it('Should display the correct configuration', async function () {
	77	const config = await server.config.getConfig()
	78
	79	const auths = config.plugin.registeredExternalAuths
	80	expect(auths).to.have.lengthOf(9)
	81
	82	const auth2 = auths.find((a) => a.authName === 'external-auth-2')
	83	expect(auth2).to.exist
	84	expect(auth2.authDisplayName).to.equal('External Auth 2')
	85	expect(auth2.npmName).to.equal('peertube-plugin-test-external-auth-one')
	86	})
	87
	88	it('Should redirect for a Cyan login', async function () {
	89	const res = await server.plugins.getExternalAuth({
	90	npmName: 'test-external-auth-one',
	91	npmVersion: '0.0.1',
	92	authName: 'external-auth-1',
	93	query: {
	94	username: 'cyan'
	95	},
	96	expectedStatus: HttpStatusCode.FOUND_302
	97	})
	98
	99	const location = res.header.location
	100	expect(location.startsWith('/login?')).to.be.true
	101
	102	const searchParams = decodeQueryString(location)
	103
	104	expect(searchParams.externalAuthToken).to.exist
	105	expect(searchParams.username).to.equal('cyan')
	106
	107	externalAuthToken = searchParams.externalAuthToken as string
	108	})
	109
	110	it('Should reject auto external login with a missing or invalid token', async function () {
	111	const command = server.login
	112
	113	await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: '', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	114	await command.loginUsingExternalToken({ username: 'cyan', externalAuthToken: 'blabla', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	115	})
	116
	117	it('Should reject auto external login with a missing or invalid username', async function () {
	118	const command = server.login
	119
	120	await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	121	await command.loginUsingExternalToken({ username: '', externalAuthToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	122	})
	123
	124	it('Should reject auto external login with an expired token', async function () {
	125	this.timeout(15000)
	126
	127	await wait(5000)
	128
	129	await server.login.loginUsingExternalToken({
	130	username: 'cyan',
	131	externalAuthToken,
	132	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	133	})
	134
	135	await server.servers.waitUntilLog('expired external auth token', 4)
	136	})
	137
	138	it('Should auto login Cyan, create the user and use the token', async function () {
	139	{
	140	const res = await loginExternal({
	141	server,
	142	npmName: 'test-external-auth-one',
	143	authName: 'external-auth-1',
	144	query: {
	145	username: 'cyan'
	146	},
	147	username: 'cyan'
	148	})
	149
	150	cyanAccessToken = res.access_token
	151	cyanRefreshToken = res.refresh_token
	152	}
	153
	154	{
	155	const body = await server.users.getMyInfo({ token: cyanAccessToken })
	156	expect(body.username).to.equal('cyan')
	157	expect(body.account.displayName).to.equal('cyan')
	158	expect(body.email).to.equal('cyan@example.com')
	159	expect(body.role.id).to.equal(UserRole.USER)
	160	expect(body.adminFlags).to.equal(UserAdminFlag.NONE)
	161	expect(body.videoQuota).to.equal(5242880)
	162	expect(body.videoQuotaDaily).to.equal(-1)
	163	}
	164	})
	165
	166	it('Should auto login Kefka, create the user and use the token', async function () {
	167	{
	168	const res = await loginExternal({
	169	server,
	170	npmName: 'test-external-auth-one',
	171	authName: 'external-auth-2',
	172	username: 'kefka'
	173	})
	174
	175	kefkaAccessToken = res.access_token
	176	kefkaRefreshToken = res.refresh_token
	177	}
	178
	179	{
	180	const body = await server.users.getMyInfo({ token: kefkaAccessToken })
	181	expect(body.username).to.equal('kefka')
	182	expect(body.account.displayName).to.equal('Kefka Palazzo')
	183	expect(body.email).to.equal('kefka@example.com')
	184	expect(body.role.id).to.equal(UserRole.ADMINISTRATOR)
	185	expect(body.adminFlags).to.equal(UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST)
	186	expect(body.videoQuota).to.equal(42000)
	187	expect(body.videoQuotaDaily).to.equal(42100)
	188
	189	kefkaId = body.id
	190	}
	191	})
	192
	193	it('Should refresh Cyan token, but not Kefka token', async function () {
	194	{
	195	const resRefresh = await server.login.refreshToken({ refreshToken: cyanRefreshToken })
	196	cyanAccessToken = resRefresh.body.access_token
	197	cyanRefreshToken = resRefresh.body.refresh_token
	198
	199	const body = await server.users.getMyInfo({ token: cyanAccessToken })
	200	expect(body.username).to.equal('cyan')
	201	}
	202
	203	{
	204	await server.login.refreshToken({ refreshToken: kefkaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	205	}
	206	})
	207
	208	it('Should update Cyan profile', async function () {
	209	await server.users.updateMe({
	210	token: cyanAccessToken,
	211	displayName: 'Cyan Garamonde',
	212	description: 'Retainer to the king of Doma'
	213	})
	214
	215	const body = await server.users.getMyInfo({ token: cyanAccessToken })
	216	expect(body.account.displayName).to.equal('Cyan Garamonde')
	217	expect(body.account.description).to.equal('Retainer to the king of Doma')
	218	})
	219
	220	it('Should logout Cyan', async function () {
	221	await server.login.logout({ token: cyanAccessToken })
	222	})
	223
	224	it('Should have logged out Cyan', async function () {
	225	await server.servers.waitUntilLog('On logout cyan')
	226
	227	await server.users.getMyInfo({ token: cyanAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	228	})
	229
	230	it('Should login Cyan and keep the old existing profile', async function () {
	231	{
	232	const res = await loginExternal({
	233	server,
	234	npmName: 'test-external-auth-one',
	235	authName: 'external-auth-1',
	236	query: {
	237	username: 'cyan'
	238	},
	239	username: 'cyan'
	240	})
	241
	242	cyanAccessToken = res.access_token
	243	}
	244
	245	const body = await server.users.getMyInfo({ token: cyanAccessToken })
	246	expect(body.username).to.equal('cyan')
	247	expect(body.account.displayName).to.equal('Cyan Garamonde')
	248	expect(body.account.description).to.equal('Retainer to the king of Doma')
	249	expect(body.role.id).to.equal(UserRole.USER)
	250	})
	251
	252	it('Should login Kefka and update the profile', async function () {
	253	{
	254	await server.users.update({ userId: kefkaId, videoQuota: 43000, videoQuotaDaily: 43100 })
	255	await server.users.updateMe({ token: kefkaAccessToken, displayName: 'kefka updated' })
	256
	257	const body = await server.users.getMyInfo({ token: kefkaAccessToken })
	258	expect(body.username).to.equal('kefka')
	259	expect(body.account.displayName).to.equal('kefka updated')
	260	expect(body.videoQuota).to.equal(43000)
	261	expect(body.videoQuotaDaily).to.equal(43100)
	262	}
	263
	264	{
	265	const res = await loginExternal({
	266	server,
	267	npmName: 'test-external-auth-one',
	268	authName: 'external-auth-2',
	269	username: 'kefka'
	270	})
	271
	272	kefkaAccessToken = res.access_token
	273	kefkaRefreshToken = res.refresh_token
	274
	275	const body = await server.users.getMyInfo({ token: kefkaAccessToken })
	276	expect(body.username).to.equal('kefka')
	277	expect(body.account.displayName).to.equal('Kefka Palazzo')
	278	expect(body.videoQuota).to.equal(42000)
	279	expect(body.videoQuotaDaily).to.equal(43100)
	280	}
	281	})
	282
	283	it('Should not update an external auth email', async function () {
	284	await server.users.updateMe({
	285	token: cyanAccessToken,
	286	email: 'toto@example.com',
	287	currentPassword: 'toto',
	288	expectedStatus: HttpStatusCode.BAD_REQUEST_400
	289	})
	290	})
	291
	292	it('Should reject token of Kefka by the plugin hook', async function () {
	293	await wait(5000)
	294
	295	await server.users.getMyInfo({ token: kefkaAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	296	})
	297
	298	it('Should unregister external-auth-2 and do not login existing Kefka', async function () {
	299	await server.plugins.updateSettings({
	300	npmName: 'peertube-plugin-test-external-auth-one',
	301	settings: { disableKefka: true }
	302	})
	303
	304	await server.login.login({ user: { username: 'kefka', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	305
	306	await loginExternal({
	307	server,
	308	npmName: 'test-external-auth-one',
	309	authName: 'external-auth-2',
	310	query: {
	311	username: 'kefka'
	312	},
	313	username: 'kefka',
	314	expectedStatus: HttpStatusCode.NOT_FOUND_404
	315	})
	316	})
	317
	318	it('Should have disabled this auth', async function () {
	319	const config = await server.config.getConfig()
	320
	321	const auths = config.plugin.registeredExternalAuths
	322	expect(auths).to.have.lengthOf(8)
	323
	324	const auth1 = auths.find(a => a.authName === 'external-auth-2')
	325	expect(auth1).to.not.exist
	326	})
	327
	328	it('Should uninstall the plugin one and do not login Cyan', async function () {
	329	await server.plugins.uninstall({ npmName: 'peertube-plugin-test-external-auth-one' })
	330
	331	await loginExternal({
	332	server,
	333	npmName: 'test-external-auth-one',
	334	authName: 'external-auth-1',
	335	query: {
	336	username: 'cyan'
	337	},
	338	username: 'cyan',
	339	expectedStatus: HttpStatusCode.NOT_FOUND_404
	340	})
	341
	342	await server.login.login({ user: { username: 'cyan', password: null }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	343	await server.login.login({ user: { username: 'cyan', password: '' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	344	await server.login.login({ user: { username: 'cyan', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	345	})
	346
	347	it('Should not login kefka with another plugin', async function () {
	348	await loginExternal({
	349	server,
	350	npmName: 'test-external-auth-two',
	351	authName: 'external-auth-4',
	352	username: 'kefka2',
	353	expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
	354	})
	355
	356	await loginExternal({
	357	server,
	358	npmName: 'test-external-auth-two',
	359	authName: 'external-auth-4',
	360	username: 'kefka',
	361	expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
	362	})
	363	})
	364
	365	it('Should not login an existing user email', async function () {
	366	await server.users.create({ username: 'existing_user', password: 'super_password' })
	367
	368	await loginExternal({
	369	server,
	370	npmName: 'test-external-auth-two',
	371	authName: 'external-auth-6',
	372	username: 'existing_user',
	373	expectedStatusStep2: HttpStatusCode.BAD_REQUEST_400
	374	})
	375	})
	376
	377	it('Should be able to login an existing user username and channel', async function () {
	378	await server.users.create({ username: 'existing_user2' })
	379	await server.users.create({ username: 'existing_user2-1_channel' })
	380
	381	// Test twice to ensure we don't generate a username on every login
	382	for (let i = 0; i < 2; i++) {
	383	const res = await loginExternal({
	384	server,
	385	npmName: 'test-external-auth-two',
	386	authName: 'external-auth-7',
	387	username: 'existing_user2'
	388	})
	389
	390	const token = res.access_token
	391
	392	const myInfo = await server.users.getMyInfo({ token })
	393	expect(myInfo.username).to.equal('existing_user2-1')
	394
	395	expect(myInfo.videoChannels[0].name).to.equal('existing_user2-1_channel-1')
	396	}
	397	})
	398
	399	it('Should display the correct configuration', async function () {
	400	const config = await server.config.getConfig()
	401
	402	const auths = config.plugin.registeredExternalAuths
	403	expect(auths).to.have.lengthOf(7)
	404
	405	const auth2 = auths.find((a) => a.authName === 'external-auth-2')
	406	expect(auth2).to.not.exist
	407	})
	408
	409	after(async function () {
	410	await cleanupTests([ server ])
	411	})
	412
	413	it('Should forward the redirectUrl if the plugin returns one', async function () {
	414	const resLogin = await loginExternal({
	415	server,
	416	npmName: 'test-external-auth-three',
	417	authName: 'external-auth-7',
	418	username: 'cid'
	419	})
	420
	421	const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
	422	expect(redirectUrl).to.equal('https://example.com/redirectUrl')
	423	})
	424
	425	it('Should call the plugin\'s onLogout method with the request', async function () {
	426	const resLogin = await loginExternal({
	427	server,
	428	npmName: 'test-external-auth-three',
	429	authName: 'external-auth-8',
	430	username: 'cid'
	431	})
	432
	433	const { redirectUrl } = await server.login.logout({ token: resLogin.access_token })
	434	expect(redirectUrl).to.equal('https://example.com/redirectUrl?access_token=' + resLogin.access_token)
	435	})
	436	})