diff options
Diffstat (limited to 'server/tests')
-rw-r--r-- | server/tests/api/check-params/two-factor.ts | 29 | ||||
-rw-r--r-- | server/tests/api/users/two-factor.ts | 95 |
2 files changed, 92 insertions, 32 deletions
diff --git a/server/tests/api/check-params/two-factor.ts b/server/tests/api/check-params/two-factor.ts index e7ca5490c..f8365f1b5 100644 --- a/server/tests/api/check-params/two-factor.ts +++ b/server/tests/api/check-params/two-factor.ts | |||
@@ -86,6 +86,15 @@ describe('Test two factor API validators', function () { | |||
86 | }) | 86 | }) |
87 | }) | 87 | }) |
88 | 88 | ||
89 | it('Should succeed to request two factor without a password when targeting a remote user with an admin account', async function () { | ||
90 | await server.twoFactor.request({ userId }) | ||
91 | }) | ||
92 | |||
93 | it('Should fail to request two factor without a password when targeting myself with an admin account', async function () { | ||
94 | await server.twoFactor.request({ userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | ||
95 | await server.twoFactor.request({ userId: rootId, currentPassword: 'bad', expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | ||
96 | }) | ||
97 | |||
89 | it('Should succeed to request my two factor auth', async function () { | 98 | it('Should succeed to request my two factor auth', async function () { |
90 | { | 99 | { |
91 | const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword }) | 100 | const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword }) |
@@ -234,7 +243,7 @@ describe('Test two factor API validators', function () { | |||
234 | }) | 243 | }) |
235 | }) | 244 | }) |
236 | 245 | ||
237 | it('Should fail to disabled two factor with an incorrect password', async function () { | 246 | it('Should fail to disable two factor with an incorrect password', async function () { |
238 | await server.twoFactor.disable({ | 247 | await server.twoFactor.disable({ |
239 | userId, | 248 | userId, |
240 | token: userToken, | 249 | token: userToken, |
@@ -243,16 +252,20 @@ describe('Test two factor API validators', function () { | |||
243 | }) | 252 | }) |
244 | }) | 253 | }) |
245 | 254 | ||
255 | it('Should succeed to disable two factor without a password when targeting a remote user with an admin account', async function () { | ||
256 | await server.twoFactor.disable({ userId }) | ||
257 | await server.twoFactor.requestAndConfirm({ userId }) | ||
258 | }) | ||
259 | |||
260 | it('Should fail to disable two factor without a password when targeting myself with an admin account', async function () { | ||
261 | await server.twoFactor.disable({ userId: rootId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | ||
262 | await server.twoFactor.disable({ userId: rootId, currentPassword: 'bad', expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | ||
263 | }) | ||
264 | |||
246 | it('Should succeed to disable another user two factor with the appropriate rights', async function () { | 265 | it('Should succeed to disable another user two factor with the appropriate rights', async function () { |
247 | await server.twoFactor.disable({ userId, currentPassword: rootPassword }) | 266 | await server.twoFactor.disable({ userId, currentPassword: rootPassword }) |
248 | 267 | ||
249 | // Reinit | 268 | await server.twoFactor.requestAndConfirm({ userId }) |
250 | const { otpRequest } = await server.twoFactor.request({ userId, currentPassword: rootPassword }) | ||
251 | await server.twoFactor.confirmRequest({ | ||
252 | userId, | ||
253 | requestToken: otpRequest.requestToken, | ||
254 | otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate() | ||
255 | }) | ||
256 | }) | 269 | }) |
257 | 270 | ||
258 | it('Should succeed to update my two factor auth', async function () { | 271 | it('Should succeed to update my two factor auth', async function () { |
diff --git a/server/tests/api/users/two-factor.ts b/server/tests/api/users/two-factor.ts index 450aac4dc..0dcab9e17 100644 --- a/server/tests/api/users/two-factor.ts +++ b/server/tests/api/users/two-factor.ts | |||
@@ -7,13 +7,14 @@ import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServ | |||
7 | 7 | ||
8 | async function login (options: { | 8 | async function login (options: { |
9 | server: PeerTubeServer | 9 | server: PeerTubeServer |
10 | password?: string | 10 | username: string |
11 | password: string | ||
11 | otpToken?: string | 12 | otpToken?: string |
12 | expectedStatus?: HttpStatusCode | 13 | expectedStatus?: HttpStatusCode |
13 | }) { | 14 | }) { |
14 | const { server, password = server.store.user.password, otpToken, expectedStatus } = options | 15 | const { server, username, password, otpToken, expectedStatus } = options |
15 | 16 | ||
16 | const user = { username: server.store.user.username, password } | 17 | const user = { username, password } |
17 | const { res, body: { access_token: token } } = await server.login.loginAndGetResponse({ user, otpToken, expectedStatus }) | 18 | const { res, body: { access_token: token } } = await server.login.loginAndGetResponse({ user, otpToken, expectedStatus }) |
18 | 19 | ||
19 | return { res, token } | 20 | return { res, token } |
@@ -21,23 +22,28 @@ async function login (options: { | |||
21 | 22 | ||
22 | describe('Test users', function () { | 23 | describe('Test users', function () { |
23 | let server: PeerTubeServer | 24 | let server: PeerTubeServer |
24 | let rootId: number | ||
25 | let otpSecret: string | 25 | let otpSecret: string |
26 | let requestToken: string | 26 | let requestToken: string |
27 | 27 | ||
28 | const userUsername = 'user1' | ||
29 | let userId: number | ||
30 | let userPassword: string | ||
31 | let userToken: string | ||
32 | |||
28 | before(async function () { | 33 | before(async function () { |
29 | this.timeout(30000) | 34 | this.timeout(30000) |
30 | 35 | ||
31 | server = await createSingleServer(1) | 36 | server = await createSingleServer(1) |
32 | 37 | ||
33 | await setAccessTokensToServers([ server ]) | 38 | await setAccessTokensToServers([ server ]) |
34 | 39 | const res = await server.users.generate(userUsername) | |
35 | const { id } = await server.users.getMyInfo() | 40 | userId = res.userId |
36 | rootId = id | 41 | userPassword = res.password |
42 | userToken = res.token | ||
37 | }) | 43 | }) |
38 | 44 | ||
39 | it('Should not add the header on login if two factor is not enabled', async function () { | 45 | it('Should not add the header on login if two factor is not enabled', async function () { |
40 | const { res, token } = await login({ server }) | 46 | const { res, token } = await login({ server, username: userUsername, password: userPassword }) |
41 | 47 | ||
42 | expect(res.header['x-peertube-otp']).to.not.exist | 48 | expect(res.header['x-peertube-otp']).to.not.exist |
43 | 49 | ||
@@ -45,10 +51,7 @@ describe('Test users', function () { | |||
45 | }) | 51 | }) |
46 | 52 | ||
47 | it('Should request two factor and get the secret and uri', async function () { | 53 | it('Should request two factor and get the secret and uri', async function () { |
48 | const { otpRequest } = await server.twoFactor.request({ | 54 | const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword }) |
49 | userId: rootId, | ||
50 | currentPassword: server.store.user.password | ||
51 | }) | ||
52 | 55 | ||
53 | expect(otpRequest.requestToken).to.exist | 56 | expect(otpRequest.requestToken).to.exist |
54 | 57 | ||
@@ -64,27 +67,33 @@ describe('Test users', function () { | |||
64 | }) | 67 | }) |
65 | 68 | ||
66 | it('Should not have two factor confirmed yet', async function () { | 69 | it('Should not have two factor confirmed yet', async function () { |
67 | const { twoFactorEnabled } = await server.users.getMyInfo() | 70 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) |
68 | expect(twoFactorEnabled).to.be.false | 71 | expect(twoFactorEnabled).to.be.false |
69 | }) | 72 | }) |
70 | 73 | ||
71 | it('Should confirm two factor', async function () { | 74 | it('Should confirm two factor', async function () { |
72 | await server.twoFactor.confirmRequest({ | 75 | await server.twoFactor.confirmRequest({ |
73 | userId: rootId, | 76 | userId, |
77 | token: userToken, | ||
74 | otpToken: TwoFactorCommand.buildOTP({ secret: otpSecret }).generate(), | 78 | otpToken: TwoFactorCommand.buildOTP({ secret: otpSecret }).generate(), |
75 | requestToken | 79 | requestToken |
76 | }) | 80 | }) |
77 | }) | 81 | }) |
78 | 82 | ||
79 | it('Should not add the header on login if two factor is enabled and password is incorrect', async function () { | 83 | it('Should not add the header on login if two factor is enabled and password is incorrect', async function () { |
80 | const { res, token } = await login({ server, password: 'fake', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | 84 | const { res, token } = await login({ server, username: userUsername, password: 'fake', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) |
81 | 85 | ||
82 | expect(res.header['x-peertube-otp']).to.not.exist | 86 | expect(res.header['x-peertube-otp']).to.not.exist |
83 | expect(token).to.not.exist | 87 | expect(token).to.not.exist |
84 | }) | 88 | }) |
85 | 89 | ||
86 | it('Should add the header on login if two factor is enabled and password is correct', async function () { | 90 | it('Should add the header on login if two factor is enabled and password is correct', async function () { |
87 | const { res, token } = await login({ server, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) | 91 | const { res, token } = await login({ |
92 | server, | ||
93 | username: userUsername, | ||
94 | password: userPassword, | ||
95 | expectedStatus: HttpStatusCode.UNAUTHORIZED_401 | ||
96 | }) | ||
88 | 97 | ||
89 | expect(res.header['x-peertube-otp']).to.exist | 98 | expect(res.header['x-peertube-otp']).to.exist |
90 | expect(token).to.not.exist | 99 | expect(token).to.not.exist |
@@ -95,14 +104,26 @@ describe('Test users', function () { | |||
95 | it('Should not login with correct password and incorrect otp secret', async function () { | 104 | it('Should not login with correct password and incorrect otp secret', async function () { |
96 | const otp = TwoFactorCommand.buildOTP({ secret: 'a'.repeat(32) }) | 105 | const otp = TwoFactorCommand.buildOTP({ secret: 'a'.repeat(32) }) |
97 | 106 | ||
98 | const { res, token } = await login({ server, otpToken: otp.generate(), expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | 107 | const { res, token } = await login({ |
108 | server, | ||
109 | username: userUsername, | ||
110 | password: userPassword, | ||
111 | otpToken: otp.generate(), | ||
112 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | ||
113 | }) | ||
99 | 114 | ||
100 | expect(res.header['x-peertube-otp']).to.not.exist | 115 | expect(res.header['x-peertube-otp']).to.not.exist |
101 | expect(token).to.not.exist | 116 | expect(token).to.not.exist |
102 | }) | 117 | }) |
103 | 118 | ||
104 | it('Should not login with correct password and incorrect otp code', async function () { | 119 | it('Should not login with correct password and incorrect otp code', async function () { |
105 | const { res, token } = await login({ server, otpToken: '123456', expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | 120 | const { res, token } = await login({ |
121 | server, | ||
122 | username: userUsername, | ||
123 | password: userPassword, | ||
124 | otpToken: '123456', | ||
125 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | ||
126 | }) | ||
106 | 127 | ||
107 | expect(res.header['x-peertube-otp']).to.not.exist | 128 | expect(res.header['x-peertube-otp']).to.not.exist |
108 | expect(token).to.not.exist | 129 | expect(token).to.not.exist |
@@ -111,7 +132,13 @@ describe('Test users', function () { | |||
111 | it('Should not login with incorrect password and correct otp code', async function () { | 132 | it('Should not login with incorrect password and correct otp code', async function () { |
112 | const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate() | 133 | const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate() |
113 | 134 | ||
114 | const { res, token } = await login({ server, password: 'fake', otpToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) | 135 | const { res, token } = await login({ |
136 | server, | ||
137 | username: userUsername, | ||
138 | password: 'fake', | ||
139 | otpToken, | ||
140 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | ||
141 | }) | ||
115 | 142 | ||
116 | expect(res.header['x-peertube-otp']).to.not.exist | 143 | expect(res.header['x-peertube-otp']).to.not.exist |
117 | expect(token).to.not.exist | 144 | expect(token).to.not.exist |
@@ -120,7 +147,7 @@ describe('Test users', function () { | |||
120 | it('Should correctly login with correct password and otp code', async function () { | 147 | it('Should correctly login with correct password and otp code', async function () { |
121 | const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate() | 148 | const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate() |
122 | 149 | ||
123 | const { res, token } = await login({ server, otpToken }) | 150 | const { res, token } = await login({ server, username: userUsername, password: userPassword, otpToken }) |
124 | 151 | ||
125 | expect(res.header['x-peertube-otp']).to.not.exist | 152 | expect(res.header['x-peertube-otp']).to.not.exist |
126 | expect(token).to.exist | 153 | expect(token).to.exist |
@@ -129,21 +156,41 @@ describe('Test users', function () { | |||
129 | }) | 156 | }) |
130 | 157 | ||
131 | it('Should have two factor enabled when getting my info', async function () { | 158 | it('Should have two factor enabled when getting my info', async function () { |
132 | const { twoFactorEnabled } = await server.users.getMyInfo() | 159 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) |
133 | expect(twoFactorEnabled).to.be.true | 160 | expect(twoFactorEnabled).to.be.true |
134 | }) | 161 | }) |
135 | 162 | ||
136 | it('Should disable two factor and be able to login without otp token', async function () { | 163 | it('Should disable two factor and be able to login without otp token', async function () { |
137 | await server.twoFactor.disable({ userId: rootId, currentPassword: server.store.user.password }) | 164 | await server.twoFactor.disable({ userId, token: userToken, currentPassword: userPassword }) |
138 | 165 | ||
139 | const { res, token } = await login({ server }) | 166 | const { res, token } = await login({ server, username: userUsername, password: userPassword }) |
140 | expect(res.header['x-peertube-otp']).to.not.exist | 167 | expect(res.header['x-peertube-otp']).to.not.exist |
141 | 168 | ||
142 | await server.users.getMyInfo({ token }) | 169 | await server.users.getMyInfo({ token }) |
143 | }) | 170 | }) |
144 | 171 | ||
145 | it('Should have two factor disabled when getting my info', async function () { | 172 | it('Should have two factor disabled when getting my info', async function () { |
146 | const { twoFactorEnabled } = await server.users.getMyInfo() | 173 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) |
174 | expect(twoFactorEnabled).to.be.false | ||
175 | }) | ||
176 | |||
177 | it('Should enable two factor auth without password from an admin', async function () { | ||
178 | const { otpRequest } = await server.twoFactor.request({ userId }) | ||
179 | |||
180 | await server.twoFactor.confirmRequest({ | ||
181 | userId, | ||
182 | otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate(), | ||
183 | requestToken: otpRequest.requestToken | ||
184 | }) | ||
185 | |||
186 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) | ||
187 | expect(twoFactorEnabled).to.be.true | ||
188 | }) | ||
189 | |||
190 | it('Should disable two factor auth without password from an admin', async function () { | ||
191 | await server.twoFactor.disable({ userId }) | ||
192 | |||
193 | const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken }) | ||
147 | expect(twoFactorEnabled).to.be.false | 194 | expect(twoFactorEnabled).to.be.false |
148 | }) | 195 | }) |
149 | 196 | ||