PeerTube/server/tests/api/users/two-factor.ts

201 lines
6.6 KiB
TypeScript
Raw Normal View History

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
import { expect } from 'chai'
import { expectStartWith } from '@server/tests/shared'
import { HttpStatusCode } from '@shared/models'
import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers, TwoFactorCommand } from '@shared/server-commands'
async function login (options: {
server: PeerTubeServer
username: string
password: string
otpToken?: string
expectedStatus?: HttpStatusCode
}) {
const { server, username, password, otpToken, expectedStatus } = options
const user = { username, password }
const { res, body: { access_token: token } } = await server.login.loginAndGetResponse({ user, otpToken, expectedStatus })
return { res, token }
}
describe('Test users', function () {
let server: PeerTubeServer
let otpSecret: string
let requestToken: string
const userUsername = 'user1'
let userId: number
let userPassword: string
let userToken: string
before(async function () {
this.timeout(30000)
server = await createSingleServer(1)
await setAccessTokensToServers([ server ])
const res = await server.users.generate(userUsername)
userId = res.userId
userPassword = res.password
userToken = res.token
})
it('Should not add the header on login if two factor is not enabled', async function () {
const { res, token } = await login({ server, username: userUsername, password: userPassword })
expect(res.header['x-peertube-otp']).to.not.exist
await server.users.getMyInfo({ token })
})
it('Should request two factor and get the secret and uri', async function () {
const { otpRequest } = await server.twoFactor.request({ userId, token: userToken, currentPassword: userPassword })
expect(otpRequest.requestToken).to.exist
expect(otpRequest.secret).to.exist
expect(otpRequest.secret).to.have.lengthOf(32)
expect(otpRequest.uri).to.exist
expectStartWith(otpRequest.uri, 'otpauth://')
expect(otpRequest.uri).to.include(otpRequest.secret)
requestToken = otpRequest.requestToken
otpSecret = otpRequest.secret
})
it('Should not have two factor confirmed yet', async function () {
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.false
})
it('Should confirm two factor', async function () {
await server.twoFactor.confirmRequest({
userId,
token: userToken,
otpToken: TwoFactorCommand.buildOTP({ secret: otpSecret }).generate(),
requestToken
})
})
it('Should not add the header on login if two factor is enabled and password is incorrect', async function () {
const { res, token } = await login({ server, username: userUsername, password: 'fake', expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should add the header on login if two factor is enabled and password is correct', async function () {
const { res, token } = await login({
server,
username: userUsername,
password: userPassword,
expectedStatus: HttpStatusCode.UNAUTHORIZED_401
})
expect(res.header['x-peertube-otp']).to.exist
expect(token).to.not.exist
await server.users.getMyInfo({ token })
})
it('Should not login with correct password and incorrect otp secret', async function () {
const otp = TwoFactorCommand.buildOTP({ secret: 'a'.repeat(32) })
const { res, token } = await login({
server,
username: userUsername,
password: userPassword,
otpToken: otp.generate(),
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should not login with correct password and incorrect otp code', async function () {
const { res, token } = await login({
server,
username: userUsername,
password: userPassword,
otpToken: '123456',
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should not login with incorrect password and correct otp code', async function () {
const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate()
const { res, token } = await login({
server,
username: userUsername,
password: 'fake',
otpToken,
expectedStatus: HttpStatusCode.BAD_REQUEST_400
})
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.not.exist
})
it('Should correctly login with correct password and otp code', async function () {
const otpToken = TwoFactorCommand.buildOTP({ secret: otpSecret }).generate()
const { res, token } = await login({ server, username: userUsername, password: userPassword, otpToken })
expect(res.header['x-peertube-otp']).to.not.exist
expect(token).to.exist
await server.users.getMyInfo({ token })
})
it('Should have two factor enabled when getting my info', async function () {
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.true
})
it('Should disable two factor and be able to login without otp token', async function () {
await server.twoFactor.disable({ userId, token: userToken, currentPassword: userPassword })
const { res, token } = await login({ server, username: userUsername, password: userPassword })
expect(res.header['x-peertube-otp']).to.not.exist
await server.users.getMyInfo({ token })
})
it('Should have two factor disabled when getting my info', async function () {
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.false
})
it('Should enable two factor auth without password from an admin', async function () {
const { otpRequest } = await server.twoFactor.request({ userId })
await server.twoFactor.confirmRequest({
userId,
otpToken: TwoFactorCommand.buildOTP({ secret: otpRequest.secret }).generate(),
requestToken: otpRequest.requestToken
})
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.true
})
it('Should disable two factor auth without password from an admin', async function () {
await server.twoFactor.disable({ userId })
const { twoFactorEnabled } = await server.users.getMyInfo({ token: userToken })
expect(twoFactorEnabled).to.be.false
})
after(async function () {
await cleanupTests([ server ])
})
})