200 lines
6.6 KiB
TypeScript
200 lines
6.6 KiB
TypeScript
/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
|
|
|
|
import { expect } from 'chai'
|
|
import { expectStartWith } from '@server/tests/shared'
|
|
import { HttpStatusCode } from '@shared/models'
|
|
import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers, TwoFactorCommand } from '@shared/server-commands'
|
|
|
|
async function login (options: {
|
|
server: PeerTubeServer
|
|
username: string
|
|
password: string
|
|
otpToken?: string
|
|
expectedStatus?: HttpStatusCode
|
|
}) {
|
|
const { server, username, password, otpToken, expectedStatus } = options
|
|
|
|
const user = { username, password }
|
|
const { res, body: { access_token: token } } = await server.login.loginAndGetResponse({ user, otpToken, expectedStatus })
|
|
|
|
return { res, token }
|
|
}
|
|
|
|
describe('Test users', function () {
|
|
let server: PeerTubeServer
|
|
let otpSecret: string
|
|
let requestToken: string
|
|
|
|
const userUsername = 'user1'
|
|
let userId: number
|
|
let userPassword: string
|
|
let userToken: string
|
|
|
|
before(async function () {
|
|
this.timeout(30000)
|
|
|
|
server = await createSingleServer(1)
|
|
|
|
await setAccessTokensToServers([ server ])
|
|
const res = await server.users.generate(userUsername)
|
|
userId = res.userId
|
|
userPassword = res.password
|
|
userToken = res.token
|
|
})
|
|
|
|
it('Should not add the header on login if two factor is not enabled', async function () {
|
|
const { res, token } = await login({ server, username: userUsername, password: userPassword })
|
|
|
|
expect(res.header['x-peertube-otp']).to.not.exist
|
|
|
|
await server.users.getMyInfo({ token })
|
|
})
|
|
|
|
it('Should request two factor and get the secret and uri', async function () {
|
|
const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword })
|
|
|
|
expect(otpRequest.requestToken).to.exist
|
|
|
|
expect(otpRequest.secret).to.exist
|
|
expect(otpRequest.secret).to.have.lengthOf(32)
|
|
|
|
expect(otpRequest.uri).to.exist
|
|
expectStartWith(otpRequest.uri, 'otpauth://')
|
|
expect(otpRequest.uri).to.include(otpRequest.secret)
|
|
|
|
requestToken = otpRequest.requestToken
|
|
otpSecret = otpRequest.secret
|
|
})
|
|
|
|
it('Should not have two factor confirmed yet', async function () {
|
|
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
|
|
expect(twoFactorEnabled).to.be.false
|
|
})
|
|
|
|
it('Should confirm two factor', async function () {
|
|
await server.twoFactor.confirmRequest({
|
|
userId,
|
|
token: userToken,
|
|
otpToken: TwoFactorCommand.buildOTP({ secret: otpSecret }).generate(),
|
|
requestToken
|
|
})
|
|
})
|
|
|
|
it('Should not add the header on login if two factor is enabled and password is incorrect', async function () {
|
|
const { res, token } = await login({ server, username: userUsername, password: 'fake', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
|
|
|
|
expect(res.header['x-peertube-otp']).to.not.exist
|
|
expect(token).to.not.exist
|
|
})
|
|
|
|
it('Should add the header on login if two factor is enabled and password is correct', async function () {
|
|
const { res, token } = await login({
|
|
server,
|
|
username: userUsername,
|
|
password: userPassword,
|
|
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
|
|
})
|
|
|
|
expect(res.header['x-peertube-otp']).to.exist
|
|
expect(token).to.not.exist
|
|
|
|
await server.users.getMyInfo({ token })
|
|
})
|
|
|
|
it('Should not login with correct password and incorrect otp secret', async function () {
|
|
const otp = TwoFactorCommand.buildOTP({ secret: 'a'.repeat(32) })
|
|
|
|
const { res, token } = await login({
|
|
server,
|
|
username: userUsername,
|
|
password: userPassword,
|
|
otpToken: otp.generate(),
|
|
expectedStatus: HttpStatusCode.BAD_REQUEST_400
|
|
})
|
|
|
|
expect(res.header['x-peertube-otp']).to.not.exist
|
|
expect(token).to.not.exist
|
|
})
|
|
|
|
it('Should not login with correct password and incorrect otp code', async function () {
|
|
const { res, token } = await login({
|
|
server,
|
|
username: userUsername,
|
|
password: userPassword,
|
|
otpToken: '123456',
|
|
expectedStatus: HttpStatusCode.BAD_REQUEST_400
|
|
})
|
|
|
|
expect(res.header['x-peertube-otp']).to.not.exist
|
|
expect(token).to.not.exist
|
|
})
|
|
|
|
it('Should not login with incorrect password and correct otp code', async function () {
|
|
const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate()
|
|
|
|
const { res, token } = await login({
|
|
server,
|
|
username: userUsername,
|
|
password: 'fake',
|
|
otpToken,
|
|
expectedStatus: HttpStatusCode.BAD_REQUEST_400
|
|
})
|
|
|
|
expect(res.header['x-peertube-otp']).to.not.exist
|
|
expect(token).to.not.exist
|
|
})
|
|
|
|
it('Should correctly login with correct password and otp code', async function () {
|
|
const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate()
|
|
|
|
const { res, token } = await login({ server, username: userUsername, password: userPassword, otpToken })
|
|
|
|
expect(res.header['x-peertube-otp']).to.not.exist
|
|
expect(token).to.exist
|
|
|
|
await server.users.getMyInfo({ token })
|
|
})
|
|
|
|
it('Should have two factor enabled when getting my info', async function () {
|
|
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
|
|
expect(twoFactorEnabled).to.be.true
|
|
})
|
|
|
|
it('Should disable two factor and be able to login without otp token', async function () {
|
|
await server.twoFactor.disable({ userId, token: userToken, currentPassword: userPassword })
|
|
|
|
const { res, token } = await login({ server, username: userUsername, password: userPassword })
|
|
expect(res.header['x-peertube-otp']).to.not.exist
|
|
|
|
await server.users.getMyInfo({ token })
|
|
})
|
|
|
|
it('Should have two factor disabled when getting my info', async function () {
|
|
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
|
|
expect(twoFactorEnabled).to.be.false
|
|
})
|
|
|
|
it('Should enable two factor auth without password from an admin', async function () {
|
|
const { otpRequest } = await server.twoFactor.request({ userId })
|
|
|
|
await server.twoFactor.confirmRequest({
|
|
userId,
|
|
otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate(),
|
|
requestToken: otpRequest.requestToken
|
|
})
|
|
|
|
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
|
|
expect(twoFactorEnabled).to.be.true
|
|
})
|
|
|
|
it('Should disable two factor auth without password from an admin', async function () {
|
|
await server.twoFactor.disable({ userId })
|
|
|
|
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
|
|
expect(twoFactorEnabled).to.be.false
|
|
})
|
|
|
|
after(async function () {
|
|
await cleanupTests([ server ])
|
|
})
|
|
})
|