1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
import { expect } from 'chai'
import { HttpStatusCode, HttpStatusCodeType } from '@peertube/peertube-models'
import { expectStartWith } from '@tests/shared/checks.js'
import {
cleanupTests,
createSingleServer,
PeerTubeServer,
setAccessTokensToServers,
TwoFactorCommand
} from '@peertube/peertube-server-commands'
async function login (options: {
server: PeerTubeServer
username: string
password: string
otpToken?: string
expectedStatus?: HttpStatusCodeType
}) {
const { server, username, password, otpToken, expectedStatus } = options
const user = { username, password }
const { res, body: { access_token: token } } = await server.login.loginAndGetResponse({ user, otpToken, expectedStatus })
return { res, token }
}
describe('Test users', function () {
let server: PeerTubeServer
let otpSecret: string
let requestToken: string
const userUsername = 'user1'
let userId: number
let userPassword: string
let userToken: string
before(async function () {
this.timeout(30000)
server = await createSingleServer(1)
await setAccessTokensToServers([ server ])
const res = await server.users.generate(userUsername)
userId = res.userId
userPassword = res.password
userToken = res.token
})
it('Should not add the header on login if two factor is not enabled', async function () {
const { res, token } = await login({ server, username: userUsername, password: userPassword })
expect(res.header['x-peertube-otp']).to.not.exist
await server.users.getMyInfo({ token })
})
it('Should request two factor and get the secret and uri', async function () {
const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword })
expect(otpRequest.requestToken).to.exist
expect(otpRequest.secret).to.exist
expect(otpRequest.secret).to.have.lengthOf(32)
expect(otpRequest.uri).to.exist
expectStartWith(otpRequest.uri, 'otpauth://')
expect(otpRequest.uri).to.include(otpRequest.secret)
requestToken = otpRequest.requestToken
otpSecret = otpRequest.secret
})
it('Should not have two factor confirmed yet', async function () {
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.false
})
it('Should confirm two factor', async function () {
await server.twoFactor.confirmRequest({
userId,
token: userToken,
otpToken: TwoFactorCommand.buildOTP({ secret: otpSecret }).generate(),
requestToken
})
})
it('Should not add the header on login if two factor is enabled and password is incorrect', async function () {
const { res, token } = await login({ server, username: userUsername, password: 'fake', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should add the header on login if two factor is enabled and password is correct', async function () {
const { res, token } = await login({
server,
username: userUsername,
password: userPassword,
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
expect(res.header['x-peertube-otp']).to.exist
expect(token).to.not.exist
await server.users.getMyInfo({ token })
})
it('Should not login with correct password and incorrect otp secret', async function () {
const otp = TwoFactorCommand.buildOTP({ secret: 'a'.repeat(32) })
const { res, token } = await login({
server,
username: userUsername,
password: userPassword,
otpToken: otp.generate(),
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should not login with correct password and incorrect otp code', async function () {
const { res, token } = await login({
server,
username: userUsername,
password: userPassword,
otpToken: '123456',
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should not login with incorrect password and correct otp code', async function () {
const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate()
const { res, token } = await login({
server,
username: userUsername,
password: 'fake',
otpToken,
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should correctly login with correct password and otp code', async function () {
const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate()
const { res, token } = await login({ server, username: userUsername, password: userPassword, otpToken })
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.exist
await server.users.getMyInfo({ token })
})
it('Should have two factor enabled when getting my info', async function () {
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.true
})
it('Should disable two factor and be able to login without otp token', async function () {
await server.twoFactor.disable({ userId, token: userToken, currentPassword: userPassword })
const { res, token } = await login({ server, username: userUsername, password: userPassword })
expect(res.header['x-peertube-otp']).to.not.exist
await server.users.getMyInfo({ token })
})
it('Should have two factor disabled when getting my info', async function () {
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.false
})
it('Should enable two factor auth without password from an admin', async function () {
const { otpRequest } = await server.twoFactor.request({ userId })
await server.twoFactor.confirmRequest({
userId,
otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate(),
requestToken: otpRequest.requestToken
})
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.true
})
it('Should disable two factor auth without password from an admin', async function () {
await server.twoFactor.disable({ userId })
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.false
})
after(async function () {
await cleanupTests([ server ])
})
})
|