1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
import { expect } from 'chai'
import { expectStartWith } from '@server/tests/shared'
import { HttpStatusCode } from '@shared/models'
import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers, TwoFactorCommand } from '@shared/server-commands'
async function login (options: {
server: PeerTubeServer
password?: string
otpToken?: string
expectedStatus?: HttpStatusCode
}) {
const { server, password = server.store.user.password, otpToken, expectedStatus } = options
const user = { username: server.store.user.username, password }
const { res, body: { access_token: token } } = await server.login.loginAndGetResponse({ user, otpToken, expectedStatus })
return { res, token }
}
describe('Test users', function () {
let server: PeerTubeServer
let rootId: number
let otpSecret: string
let requestToken: string
before(async function () {
this.timeout(30000)
server = await createSingleServer(1)
await setAccessTokensToServers([ server ])
const { id } = await server.users.getMyInfo()
rootId = id
})
it('Should not add the header on login if two factor is not enabled', async function () {
const { res, token } = await login({ server })
expect(res.header['x-peertube-otp']).to.not.exist
await server.users.getMyInfo({ token })
})
it('Should request two factor and get the secret and uri', async function () {
const { otpRequest } = await server.twoFactor.request({
userId: rootId,
currentPassword: server.store.user.password
})
expect(otpRequest.requestToken).to.exist
expect(otpRequest.secret).to.exist
expect(otpRequest.secret).to.have.lengthOf(32)
expect(otpRequest.uri).to.exist
expectStartWith(otpRequest.uri, 'otpauth://')
expect(otpRequest.uri).to.include(otpRequest.secret)
requestToken = otpRequest.requestToken
otpSecret = otpRequest.secret
})
it('Should not have two factor confirmed yet', async function () {
const { twoFactorEnabled } = await server.users.getMyInfo()
expect(twoFactorEnabled).to.be.false
})
it('Should confirm two factor', async function () {
await server.twoFactor.confirmRequest({
userId: rootId,
otpToken: TwoFactorCommand.buildOTP({ secret: otpSecret }).generate(),
requestToken
})
})
it('Should not add the header on login if two factor is enabled and password is incorrect', async function () {
const { res, token } = await login({ server, password: 'fake', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should add the header on login if two factor is enabled and password is correct', async function () {
const { res, token } = await login({ server, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
expect(res.header['x-peertube-otp']).to.exist
expect(token).to.not.exist
await server.users.getMyInfo({ token })
})
it('Should not login with correct password and incorrect otp secret', async function () {
const otp = TwoFactorCommand.buildOTP({ secret: 'a'.repeat(32) })
const { res, token } = await login({ server, otpToken: otp.generate(), expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should not login with correct password and incorrect otp code', async function () {
const { res, token } = await login({ server, otpToken: '123456', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should not login with incorrect password and correct otp code', async function () {
const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate()
const { res, token } = await login({ server, password: 'fake', otpToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should correctly login with correct password and otp code', async function () {
const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate()
const { res, token } = await login({ server, otpToken })
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.exist
await server.users.getMyInfo({ token })
})
it('Should have two factor enabled when getting my info', async function () {
const { twoFactorEnabled } = await server.users.getMyInfo()
expect(twoFactorEnabled).to.be.true
})
it('Should disable two factor and be able to login without otp token', async function () {
await server.twoFactor.disable({ userId: rootId, currentPassword: server.store.user.password })
const { res, token } = await login({ server })
expect(res.header['x-peertube-otp']).to.not.exist
await server.users.getMyInfo({ token })
})
it('Should have two factor disabled when getting my info', async function () {
const { twoFactorEnabled } = await server.users.getMyInfo()
expect(twoFactorEnabled).to.be.false
})
after(async function () {
await cleanupTests([ server ])
})
})
|
