From f43db2f46ee50bacb402a6ef42d768694c2bc9a8 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 12 Mar 2021 15:20:46 +0100 Subject: Refactor auth flow Reimplement some node-oauth2-server methods to remove hacky code needed by our external login workflow --- server/tests/api/check-params/users.ts | 2 +- server/tests/api/users/users.ts | 51 ++++++++++++++++++++++++++++++---- server/tests/plugins/external-auth.ts | 2 +- 3 files changed, 48 insertions(+), 7 deletions(-) (limited to 'server/tests') diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 0a13f5b67..2b03fde2d 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -241,7 +241,7 @@ describe('Test users API validators', function () { }) it('Should succeed with no password on a server with smtp enabled', async function () { - this.timeout(10000) + this.timeout(20000) killallServers([ server ]) diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts index 62a59033f..cea98aac7 100644 --- a/server/tests/api/users/users.ts +++ b/server/tests/api/users/users.ts @@ -4,10 +4,12 @@ import 'mocha' import * as chai from 'chai' import { AbuseState, AbuseUpdate, MyUser, User, UserRole, Video, VideoPlaylistType } from '@shared/models' import { CustomConfig } from '@shared/models/server' +import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' import { addVideoCommentThread, blockUser, cleanupTests, + closeAllSequelize, createUser, deleteMe, flushAndRunServer, @@ -24,6 +26,7 @@ import { getVideoChannel, getVideosList, installPlugin, + killallServers, login, makePutBodyRequest, rateVideo, @@ -31,7 +34,9 @@ import { removeUser, removeVideo, reportAbuse, + reRunServer, ServerInfo, + setTokenField, testImage, unblockUser, updateAbuse, @@ -44,10 +49,9 @@ import { waitJobs } from '../../../../shared/extra-utils' import { follow } from '../../../../shared/extra-utils/server/follows' -import { logout, serverLogin, setAccessTokensToServers } from '../../../../shared/extra-utils/users/login' +import { logout, refreshToken, setAccessTokensToServers } from '../../../../shared/extra-utils/users/login' import { getMyVideos } from '../../../../shared/extra-utils/videos/videos' import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' -import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' const expect = chai.expect @@ -89,6 +93,7 @@ describe('Test users', function () { const client = { id: 'client', secret: server.client.secret } const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal('invalid_client') expect(res.body.error).to.contain('client is invalid') }) @@ -96,6 +101,7 @@ describe('Test users', function () { const client = { id: server.client.id, secret: 'coucou' } const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal('invalid_client') expect(res.body.error).to.contain('client is invalid') }) }) @@ -106,6 +112,7 @@ describe('Test users', function () { const user = { username: 'captain crochet', password: server.user.password } const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal('invalid_grant') expect(res.body.error).to.contain('credentials are invalid') }) @@ -113,6 +120,7 @@ describe('Test users', function () { const user = { username: server.user.username, password: 'mew_three' } const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400) + expect(res.body.code).to.equal('invalid_grant') expect(res.body.error).to.contain('credentials are invalid') }) @@ -245,12 +253,44 @@ describe('Test users', function () { }) it('Should be able to login again', async function () { - server.accessToken = await serverLogin(server) + const res = await login(server.url, server.client, server.user) + server.accessToken = res.body.access_token + server.refreshToken = res.body.refresh_token + }) + + it('Should be able to get my user information again', async function () { + await getMyUserInformation(server.url, server.accessToken) + }) + + it('Should have an expired access token', async function () { + this.timeout(15000) + + await setTokenField(server.internalServerNumber, server.accessToken, 'accessTokenExpiresAt', new Date().toISOString()) + await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString()) + + killallServers([ server ]) + await reRunServer(server) + + await getMyUserInformation(server.url, server.accessToken, 401) + }) + + it('Should not be able to refresh an access token with an expired refresh token', async function () { + await refreshToken(server, server.refreshToken, 400) }) - it('Should have an expired access token') + it('Should refresh the token', async function () { + this.timeout(15000) + + const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString() + await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', futureDate) - it('Should refresh the token') + killallServers([ server ]) + await reRunServer(server) + + const res = await refreshToken(server, server.refreshToken) + server.accessToken = res.body.access_token + server.refreshToken = res.body.refresh_token + }) it('Should be able to get my user information again', async function () { await getMyUserInformation(server.url, server.accessToken) @@ -976,6 +1016,7 @@ describe('Test users', function () { }) after(async function () { + await closeAllSequelize([ server ]) await cleanupTests([ server ]) }) }) diff --git a/server/tests/plugins/external-auth.ts b/server/tests/plugins/external-auth.ts index a1b5e8f5d..5addb45c7 100644 --- a/server/tests/plugins/external-auth.ts +++ b/server/tests/plugins/external-auth.ts @@ -137,7 +137,7 @@ describe('Test external auth plugins', function () { await loginUsingExternalToken(server, 'cyan', externalAuthToken, HttpStatusCode.BAD_REQUEST_400) - await waitUntilLog(server, 'expired external auth token') + await waitUntilLog(server, 'expired external auth token', 2) }) it('Should auto login Cyan, create the user and use the token', async function () { -- cgit v1.2.3