From b65f5367baf799b425be0bcfb9220922751bb6eb Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 29 Dec 2022 14:18:07 +0100 Subject: Add ability to customize token lifetime --- server/tests/api/users/users.ts | 184 ++-------------------------------------- 1 file changed, 6 insertions(+), 178 deletions(-) (limited to 'server/tests/api/users/users.ts') diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts index 421b3ce16..93e2e489a 100644 --- a/server/tests/api/users/users.ts +++ b/server/tests/api/users/users.ts @@ -2,15 +2,8 @@ import { expect } from 'chai' import { testImage } from '@server/tests/shared' -import { AbuseState, HttpStatusCode, OAuth2ErrorCode, UserAdminFlag, UserRole, VideoPlaylistType } from '@shared/models' -import { - cleanupTests, - createSingleServer, - killallServers, - makePutBodyRequest, - PeerTubeServer, - setAccessTokensToServers -} from '@shared/server-commands' +import { AbuseState, HttpStatusCode, UserAdminFlag, UserRole, VideoPlaylistType } from '@shared/models' +import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands' describe('Test users', function () { let server: PeerTubeServer @@ -39,166 +32,6 @@ describe('Test users', function () { await server.plugins.install({ npmName: 'peertube-theme-background-red' }) }) - describe('OAuth client', function () { - it('Should create a new client') - - it('Should return the first client') - - it('Should remove the last client') - - it('Should not login with an invalid client id', async function () { - const client = { id: 'client', secret: server.store.client.secret } - const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) - - expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT) - expect(body.error).to.contain('client is invalid') - expect(body.type.startsWith('https://')).to.be.true - expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT) - }) - - it('Should not login with an invalid client secret', async function () { - const client = { id: server.store.client.id, secret: 'coucou' } - const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) - - expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT) - expect(body.error).to.contain('client is invalid') - expect(body.type.startsWith('https://')).to.be.true - expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT) - }) - }) - - describe('Login', function () { - - it('Should not login with an invalid username', async function () { - const user = { username: 'captain crochet', password: server.store.user.password } - const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) - - expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT) - expect(body.error).to.contain('credentials are invalid') - expect(body.type.startsWith('https://')).to.be.true - expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT) - }) - - it('Should not login with an invalid password', async function () { - const user = { username: server.store.user.username, password: 'mew_three' } - const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) - - expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT) - expect(body.error).to.contain('credentials are invalid') - expect(body.type.startsWith('https://')).to.be.true - expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT) - }) - - it('Should not be able to upload a video', async function () { - token = 'my_super_token' - - await server.videos.upload({ token, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) - }) - - it('Should not be able to follow', async function () { - token = 'my_super_token' - - await server.follows.follow({ - hosts: [ 'http://example.com' ], - token, - expectedStatus: HttpStatusCode.UNAUTHORIZED_401 - }) - }) - - it('Should not be able to unfollow') - - it('Should be able to login', async function () { - const body = await server.login.login({ expectedStatus: HttpStatusCode.OK_200 }) - - token = body.access_token - }) - - it('Should be able to login with an insensitive username', async function () { - const user = { username: 'RoOt', password: server.store.user.password } - await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 }) - - const user2 = { username: 'rOoT', password: server.store.user.password } - await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 }) - - const user3 = { username: 'ROOt', password: server.store.user.password } - await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 }) - }) - }) - - describe('Logout', function () { - it('Should logout (revoke token)', async function () { - await server.login.logout({ token: server.accessToken }) - }) - - it('Should not be able to get the user information', async function () { - await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) - }) - - it('Should not be able to upload a video', async function () { - await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) - }) - - it('Should not be able to rate a video', async function () { - const path = '/api/v1/videos/' - const data = { - rating: 'likes' - } - - const options = { - url: server.url, - path: path + videoId, - token: 'wrong token', - fields: data, - expectedStatus: HttpStatusCode.UNAUTHORIZED_401 - } - await makePutBodyRequest(options) - }) - - it('Should be able to login again', async function () { - const body = await server.login.login() - server.accessToken = body.access_token - server.refreshToken = body.refresh_token - }) - - it('Should be able to get my user information again', async function () { - await server.users.getMyInfo() - }) - - it('Should have an expired access token', async function () { - this.timeout(60000) - - await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString()) - await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString()) - - await killallServers([ server ]) - await server.run() - - await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 }) - }) - - it('Should not be able to refresh an access token with an expired refresh token', async function () { - await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 }) - }) - - it('Should refresh the token', async function () { - this.timeout(50000) - - const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString() - await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate) - - await killallServers([ server ]) - await server.run() - - const res = await server.login.refreshToken({ refreshToken: server.refreshToken }) - server.accessToken = res.body.access_token - server.refreshToken = res.body.refresh_token - }) - - it('Should be able to get my user information again', async function () { - await server.users.getMyInfo() - }) - }) - describe('Creating a user', function () { it('Should be able to create a new user', async function () { @@ -512,6 +345,7 @@ describe('Test users', function () { }) describe('Updating another user', function () { + it('Should be able to update another user', async function () { await server.users.update({ userId, @@ -562,13 +396,6 @@ describe('Test users', function () { }) }) - describe('Video blacklists', function () { - - it('Should be able to list my video blacklist', async function () { - await server.blacklist.list({ token: userToken }) - }) - }) - describe('Remove a user', function () { before(async function () { @@ -653,8 +480,9 @@ describe('Test users', function () { }) describe('User blocking', function () { - let user16Id - let user16AccessToken + let user16Id: number + let user16AccessToken: string + const user16 = { username: 'user_16', password: 'my super password' -- cgit v1.2.3