1 files changed, 192 insertions, 0 deletions
diff --git a/server/tests/api/users/oauth.ts b/server/tests/api/users/oauth.ts
new file mode 100644
index 000000000..6a3da5ea2
--- /dev/null
+++ b/server/tests/api/users/oauth.ts
@@ -0,0 +1,192 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import { expect } from 'chai'
+import { wait } from '@shared/core-utils'
+import { HttpStatusCode, OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models'
+import { cleanupTests, createSingleServer, killallServers, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
+describe('Test oauth', function () {
+  let server: PeerTubeServer
+  before(async function () {
+    this.timeout(30000)
+    server = await createSingleServer(1, {
+      rates_limit: {
+        login: {
+          max: 30
+        }
+      }
+    })
+    await setAccessTokensToServers([ server ])
+  })
+  describe('OAuth client', function () {
+    function expectInvalidClient (body: PeerTubeProblemDocument) {
+      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
+      expect(body.error).to.contain('client is invalid')
+      expect(body.type.startsWith('https://')).to.be.true
+      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
+    }
+    it('Should create a new client')
+    it('Should return the first client')
+    it('Should remove the last client')
+    it('Should not login with an invalid client id', async function () {
+      const client = { id: 'client', secret: server.store.client.secret }
+      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      expectInvalidClient(body)
+    })
+    it('Should not login with an invalid client secret', async function () {
+      const client = { id: server.store.client.id, secret: 'coucou' }
+      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      expectInvalidClient(body)
+    })
+  })
+  describe('Login', function () {
+    function expectInvalidCredentials (body: PeerTubeProblemDocument) {
+      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
+      expect(body.error).to.contain('credentials are invalid')
+      expect(body.type.startsWith('https://')).to.be.true
+      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
+    }
+    it('Should not login with an invalid username', async function () {
+      const user = { username: 'captain crochet', password: server.store.user.password }
+      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      expectInvalidCredentials(body)
+    })
+    it('Should not login with an invalid password', async function () {
+      const user = { username: server.store.user.username, password: 'mew_three' }
+      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      expectInvalidCredentials(body)
+    })
+    it('Should be able to login', async function () {
+      await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
+    })
+    it('Should be able to login with an insensitive username', async function () {
+      const user = { username: 'RoOt', password: server.store.user.password }
+      await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
+      const user2 = { username: 'rOoT', password: server.store.user.password }
+      await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
+      const user3 = { username: 'ROOt', password: server.store.user.password }
+      await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
+    })
+  })
+  describe('Logout', function () {
+    it('Should logout (revoke token)', async function () {
+      await server.login.logout({ token: server.accessToken })
+    })
+    it('Should not be able to get the user information', async function () {
+      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+    it('Should not be able to upload a video', async function () {
+      await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+    it('Should be able to login again', async function () {
+      const body = await server.login.login()
+      server.accessToken = body.access_token
+      server.refreshToken = body.refresh_token
+    })
+    it('Should be able to get my user information again', async function () {
+      await server.users.getMyInfo()
+    })
+    it('Should have an expired access token', async function () {
+      this.timeout(60000)
+      await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
+      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
+      await killallServers([ server ])
+      await server.run()
+      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+    it('Should not be able to refresh an access token with an expired refresh token', async function () {
+      await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    })
+    it('Should refresh the token', async function () {
+      this.timeout(50000)
+      const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
+      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
+      await killallServers([ server ])
+      await server.run()
+      const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
+      server.accessToken = res.body.access_token
+      server.refreshToken = res.body.refresh_token
+    })
+    it('Should be able to get my user information again', async function () {
+      await server.users.getMyInfo()
+    })
+  })
+  describe('Custom token lifetime', function () {
+    before(async function () {
+      this.timeout(120_000)
+      await server.kill()
+      await server.run({
+        oauth2: {
+          token_lifetime: {
+            access_token: '2 seconds',
+            refresh_token: '2 seconds'
+          }
+        }
+      })
+    })
+    it('Should have a very short access token lifetime', async function () {
+      this.timeout(50000)
+      const { access_token: accessToken } = await server.login.login()
+      await server.users.getMyInfo({ token: accessToken })
+      await wait(3000)
+      await server.users.getMyInfo({ token: accessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+    it('Should have a very short refresh token lifetime', async function () {
+      this.timeout(50000)
+      const { refresh_token: refreshToken } = await server.login.login()
+      await server.login.refreshToken({ refreshToken })
+      await wait(3000)
+      await server.login.refreshToken({ refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    })
+  })
+  after(async function () {
+    await cleanupTests([ server ])
+  })
+})

diff --git a/server/tests/api/users/oauth.ts b/server/tests/api/users/oauth.ts new file mode 100644 index 000000000..6a3da5ea2 --- /dev/null +++ b/server/tests/api/users/oauth.ts
@@ -0,0 +1,192 @@
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import { expect } from 'chai'
	4	import { wait } from '@shared/core-utils'
	5	import { HttpStatusCode, OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models'
	6	import { cleanupTests, createSingleServer, killallServers, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
	7
	8	describe('Test oauth', function () {
	9	let server: PeerTubeServer
	10
	11	before(async function () {
	12	this.timeout(30000)
	13
	14	server = await createSingleServer(1, {
	15	rates_limit: {
	16	login: {
	17	max: 30
	18	}
	19	}
	20	})
	21
	22	await setAccessTokensToServers([ server ])
	23	})
	24
	25	describe('OAuth client', function () {
	26
	27	function expectInvalidClient (body: PeerTubeProblemDocument) {
	28	expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
	29	expect(body.error).to.contain('client is invalid')
	30	expect(body.type.startsWith('https://')).to.be.true
	31	expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
	32	}
	33
	34	it('Should create a new client')
	35
	36	it('Should return the first client')
	37
	38	it('Should remove the last client')
	39
	40	it('Should not login with an invalid client id', async function () {
	41	const client = { id: 'client', secret: server.store.client.secret }
	42	const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	43
	44	expectInvalidClient(body)
	45	})
	46
	47	it('Should not login with an invalid client secret', async function () {
	48	const client = { id: server.store.client.id, secret: 'coucou' }
	49	const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	50
	51	expectInvalidClient(body)
	52	})
	53	})
	54
	55	describe('Login', function () {
	56
	57	function expectInvalidCredentials (body: PeerTubeProblemDocument) {
	58	expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
	59	expect(body.error).to.contain('credentials are invalid')
	60	expect(body.type.startsWith('https://')).to.be.true
	61	expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
	62	}
	63
	64	it('Should not login with an invalid username', async function () {
	65	const user = { username: 'captain crochet', password: server.store.user.password }
	66	const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	67
	68	expectInvalidCredentials(body)
	69	})
	70
	71	it('Should not login with an invalid password', async function () {
	72	const user = { username: server.store.user.username, password: 'mew_three' }
	73	const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	74
	75	expectInvalidCredentials(body)
	76	})
	77
	78	it('Should be able to login', async function () {
	79	await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
	80	})
	81
	82	it('Should be able to login with an insensitive username', async function () {
	83	const user = { username: 'RoOt', password: server.store.user.password }
	84	await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
	85
	86	const user2 = { username: 'rOoT', password: server.store.user.password }
	87	await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
	88
	89	const user3 = { username: 'ROOt', password: server.store.user.password }
	90	await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
	91	})
	92	})
	93
	94	describe('Logout', function () {
	95
	96	it('Should logout (revoke token)', async function () {
	97	await server.login.logout({ token: server.accessToken })
	98	})
	99
	100	it('Should not be able to get the user information', async function () {
	101	await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	102	})
	103
	104	it('Should not be able to upload a video', async function () {
	105	await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	106	})
	107
	108	it('Should be able to login again', async function () {
	109	const body = await server.login.login()
	110	server.accessToken = body.access_token
	111	server.refreshToken = body.refresh_token
	112	})
	113
	114	it('Should be able to get my user information again', async function () {
	115	await server.users.getMyInfo()
	116	})
	117
	118	it('Should have an expired access token', async function () {
	119	this.timeout(60000)
	120
	121	await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
	122	await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
	123
	124	await killallServers([ server ])
	125	await server.run()
	126
	127	await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	128	})
	129
	130	it('Should not be able to refresh an access token with an expired refresh token', async function () {
	131	await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	132	})
	133
	134	it('Should refresh the token', async function () {
	135	this.timeout(50000)
	136
	137	const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
	138	await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
	139
	140	await killallServers([ server ])
	141	await server.run()
	142
	143	const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
	144	server.accessToken = res.body.access_token
	145	server.refreshToken = res.body.refresh_token
	146	})
	147
	148	it('Should be able to get my user information again', async function () {
	149	await server.users.getMyInfo()
	150	})
	151	})
	152
	153	describe('Custom token lifetime', function () {
	154	before(async function () {
	155	this.timeout(120_000)
	156
	157	await server.kill()
	158	await server.run({
	159	oauth2: {
	160	token_lifetime: {
	161	access_token: '2 seconds',
	162	refresh_token: '2 seconds'
	163	}
	164	}
	165	})
	166	})
	167
	168	it('Should have a very short access token lifetime', async function () {
	169	this.timeout(50000)
	170
	171	const { access_token: accessToken } = await server.login.login()
	172	await server.users.getMyInfo({ token: accessToken })
	173
	174	await wait(3000)
	175	await server.users.getMyInfo({ token: accessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	176	})
	177
	178	it('Should have a very short refresh token lifetime', async function () {
	179	this.timeout(50000)
	180
	181	const { refresh_token: refreshToken } = await server.login.login()
	182	await server.login.refreshToken({ refreshToken })
	183
	184	await wait(3000)
	185	await server.login.refreshToken({ refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
	186	})
	187	})
	188
	189	after(async function () {
	190	await cleanupTests([ server ])
	191	})
	192	})