Home Explore Help
Sign In
OWEALs
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube.git
2
1
Fork 0
Files Issues 2 Wiki
Tree: b211106695
Branches Tags
PeerTube
/
server
/
tests
/
plugins
/
id-and-pass-auth.ts

id-and-pass-auth.ts 8.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215 
  1. /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
    2. 

  2. 

  3. import 'mocha'
    4. 

  4. import { expect } from 'chai'
    5. 

  5. import { wait } from '@shared/core-utils'
    6. 

  6. import { HttpStatusCode, UserRole } from '@shared/models'
    7. 

  7. import { cleanupTests, createSingleServer, PeerTubeServer, PluginsCommand, setAccessTokensToServers } from '@shared/server-commands'
    8. 

  8. 

  9. describe('Test id and pass auth plugins', function () {
    10. 

  10.   let server: PeerTubeServer
    11. 

  11. 

  12.   let crashAccessToken: string
    13. 

  13.   let crashRefreshToken: string
    14. 

  14. 

  15.   let lagunaAccessToken: string
    16. 

  16.   let lagunaRefreshToken: string
    17. 

  17. 

  18.   before(async function () {
    19. 

  19.     this.timeout(30000)
    20. 

  20. 

  21.     server = await createSingleServer(1)
    22. 

  22.     await setAccessTokensToServers([ server ])
    23. 

  23. 

  24.     for (const suffix of [ 'one', 'two', 'three' ]) {
    25. 

  25.       await server.plugins.install({ path: PluginsCommand.getPluginTestPath('-id-pass-auth-' + suffix) })
    26. 

  26.     }
    27. 

  27.   })
    28. 

  28. 

  29.   it('Should display the correct configuration', async function () {
    30. 

  30.     const config = await server.config.getConfig()
    31. 

  31. 

  32.     const auths = config.plugin.registeredIdAndPassAuths
    33. 

  33.     expect(auths).to.have.lengthOf(8)
    34. 

  34. 

  35.     const crashAuth = auths.find(a => a.authName === 'crash-auth')
    36. 

  36.     expect(crashAuth).to.exist
    37. 

  37.     expect(crashAuth.npmName).to.equal('peertube-plugin-test-id-pass-auth-one')
    38. 

  38.     expect(crashAuth.weight).to.equal(50)
    39. 

  39.   })
    40. 

  40. 

  41.   it('Should not login', async function () {
    42. 

  42.     await server.login.login({ user: { username: 'toto', password: 'password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    43. 

  43.   })
    44. 

  44. 

  45.   it('Should login Spyro, create the user and use the token', async function () {
    46. 

  46.     const accessToken = await server.login.getAccessToken({ username: 'spyro', password: 'spyro password' })
    47. 

  47. 

  48.     const body = await server.users.getMyInfo({ token: accessToken })
    49. 

  49. 

  50.     expect(body.username).to.equal('spyro')
    51. 

  51.     expect(body.account.displayName).to.equal('Spyro the Dragon')
    52. 

  52.     expect(body.role).to.equal(UserRole.USER)
    53. 

  53.   })
    54. 

  54. 

  55.   it('Should login Crash, create the user and use the token', async function () {
    56. 

  56.     {
    57. 

  57.       const body = await server.login.login({ user: { username: 'crash', password: 'crash password' } })
    58. 

  58.       crashAccessToken = body.access_token
    59. 

  59.       crashRefreshToken = body.refresh_token
    60. 

  60.     }
    61. 

  61. 

  62.     {
    63. 

  63.       const body = await server.users.getMyInfo({ token: crashAccessToken })
    64. 

  64. 

  65.       expect(body.username).to.equal('crash')
    66. 

  66.       expect(body.account.displayName).to.equal('Crash Bandicoot')
    67. 

  67.       expect(body.role).to.equal(UserRole.MODERATOR)
    68. 

  68.     }
    69. 

  69.   })
    70. 

  70. 

  71.   it('Should login the first Laguna, create the user and use the token', async function () {
    72. 

  72.     {
    73. 

  73.       const body = await server.login.login({ user: { username: 'laguna', password: 'laguna password' } })
    74. 

  74.       lagunaAccessToken = body.access_token
    75. 

  75.       lagunaRefreshToken = body.refresh_token
    76. 

  76.     }
    77. 

  77. 

  78.     {
    79. 

  79.       const body = await server.users.getMyInfo({ token: lagunaAccessToken })
    80. 

  80. 

  81.       expect(body.username).to.equal('laguna')
    82. 

  82.       expect(body.account.displayName).to.equal('laguna')
    83. 

  83.       expect(body.role).to.equal(UserRole.USER)
    84. 

  84.     }
    85. 

  85.   })
    86. 

  86. 

  87.   it('Should refresh crash token, but not laguna token', async function () {
    88. 

  88.     {
    89. 

  89.       const resRefresh = await server.login.refreshToken({ refreshToken: crashRefreshToken })
    90. 

  90.       crashAccessToken = resRefresh.body.access_token
    91. 

  91.       crashRefreshToken = resRefresh.body.refresh_token
    92. 

  92. 

  93.       const body = await server.users.getMyInfo({ token: crashAccessToken })
    94. 

  94.       expect(body.username).to.equal('crash')
    95. 

  95.     }
    96. 

  96. 

  97.     {
    98. 

  98.       await server.login.refreshToken({ refreshToken: lagunaRefreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    99. 

  99.     }
    100. 

  100.   })
    101. 

  101. 

  102.   it('Should update Crash profile', async function () {
    103. 

  103.     await server.users.updateMe({
    104. 

  104.       token: crashAccessToken,
    105. 

  105.       displayName: 'Beautiful Crash',
    106. 

  106.       description: 'Mutant eastern barred bandicoot'
    107. 

  107.     })
    108. 

  108. 

  109.     const body = await server.users.getMyInfo({ token: crashAccessToken })
    110. 

  110. 

  111.     expect(body.account.displayName).to.equal('Beautiful Crash')
    112. 

  112.     expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
    113. 

  113.   })
    114. 

  114. 

  115.   it('Should logout Crash', async function () {
    116. 

  116.     await server.login.logout({ token: crashAccessToken })
    117. 

  117.   })
    118. 

  118. 

  119.   it('Should have logged out Crash', async function () {
    120. 

  120.     await server.servers.waitUntilLog('On logout for auth 1 - 2')
    121. 

  121. 

  122.     await server.users.getMyInfo({ token: crashAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    123. 

  123.   })
    124. 

  124. 

  125.   it('Should login Crash and keep the old existing profile', async function () {
    126. 

  126.     crashAccessToken = await server.login.getAccessToken({ username: 'crash', password: 'crash password' })
    127. 

  127. 

  128.     const body = await server.users.getMyInfo({ token: crashAccessToken })
    129. 

  129. 

  130.     expect(body.username).to.equal('crash')
    131. 

  131.     expect(body.account.displayName).to.equal('Beautiful Crash')
    132. 

  132.     expect(body.account.description).to.equal('Mutant eastern barred bandicoot')
    133. 

  133.     expect(body.role).to.equal(UserRole.MODERATOR)
    134. 

  134.   })
    135. 

  135. 

  136.   it('Should reject token of laguna by the plugin hook', async function () {
    137. 

  137.     this.timeout(10000)
    138. 

  138. 

  139.     await wait(5000)
    140. 

  140. 

  141.     await server.users.getMyInfo({ token: lagunaAccessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    142. 

  142.   })
    143. 

  143. 

  144.   it('Should reject an invalid username, email, role or display name', async function () {
    145. 

  145.     const command = server.login
    146. 

  146. 

  147.     await command.login({ user: { username: 'ward', password: 'ward password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    148. 

  148.     await server.servers.waitUntilLog('valid username')
    149. 

  149. 

  150.     await command.login({ user: { username: 'kiros', password: 'kiros password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    151. 

  151.     await server.servers.waitUntilLog('valid display name')
    152. 

  152. 

  153.     await command.login({ user: { username: 'raine', password: 'raine password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    154. 

  154.     await server.servers.waitUntilLog('valid role')
    155. 

  155. 

  156.     await command.login({ user: { username: 'ellone', password: 'elonne password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    157. 

  157.     await server.servers.waitUntilLog('valid email')
    158. 

  158.   })
    159. 

  159. 

  160.   it('Should unregister spyro-auth and do not login existing Spyro', async function () {
    161. 

  161.     await server.plugins.updateSettings({
    162. 

  162.       npmName: 'peertube-plugin-test-id-pass-auth-one',
    163. 

  163.       settings: { disableSpyro: true }
    164. 

  164.     })
    165. 

  165. 

  166.     const command = server.login
    167. 

  167.     await command.login({ user: { username: 'spyro', password: 'spyro password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    168. 

  168.     await command.login({ user: { username: 'spyro', password: 'fake' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
    169. 

  169.   })
    170. 

  170. 

  171.   it('Should have disabled this auth', async function () {
    172. 

  172.     const config = await server.config.getConfig()
    173. 

  173. 

  174.     const auths = config.plugin.registeredIdAndPassAuths
    175. 

  175.     expect(auths).to.have.lengthOf(7)
    176. 

  176. 

  177.     const spyroAuth = auths.find(a => a.authName === 'spyro-auth')
    178. 

  178.     expect(spyroAuth).to.not.exist
    179. 

  179.   })
    180. 

  180. 

  181.   it('Should uninstall the plugin one and do not login existing Crash', async function () {
    182. 

  182.     await server.plugins.uninstall({ npmName: 'peertube-plugin-test-id-pass-auth-one' })
    183. 

  183. 

  184.     await server.login.login({
    185. 

  185.       user: { username: 'crash', password: 'crash password' },
    186. 

  186.       expectedStatus: HttpStatusCode.BAD_REQUEST_400
    187. 

  187.     })
    188. 

  188.   })
    189. 

  189. 

  190.   it('Should display the correct configuration', async function () {
    191. 

  191.     const config = await server.config.getConfig()
    192. 

  192. 

  193.     const auths = config.plugin.registeredIdAndPassAuths
    194. 

  194.     expect(auths).to.have.lengthOf(6)
    195. 

  195. 

  196.     const crashAuth = auths.find(a => a.authName === 'crash-auth')
    197. 

  197.     expect(crashAuth).to.not.exist
    198. 

  198.   })
    199. 

  199. 

  200.   it('Should display plugin auth information in users list', async function () {
    201. 

  201.     const { data } = await server.users.list()
    202. 

  202. 

  203.     const root = data.find(u => u.username === 'root')
    204. 

  204.     const crash = data.find(u => u.username === 'crash')
    205. 

  205.     const laguna = data.find(u => u.username === 'laguna')
    206. 

  206. 

  207.     expect(root.pluginAuth).to.be.null
    208. 

  208.     expect(crash.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-one')
    209. 

  209.     expect(laguna.pluginAuth).to.equal('peertube-plugin-test-id-pass-auth-two')
    210. 

  210.   })
    211. 

  211. 

  212.   after(async function () {
    213. 

  213.     await cleanupTests([ server ])
    214. 

  214.   })
    215. 

  215. })
    216.