test: Refactor tests and requests helper to reflect backend changes
This commit is contained in:
juancarmore
parent
610c5276b0
commit
130b84ba69
@ -11,9 +11,7 @@ import {
|
||||
LIVEKIT_API_SECRET,
|
||||
MEET_ADMIN_SECRET,
|
||||
MEET_ADMIN_USER,
|
||||
MEET_API_KEY,
|
||||
MEET_SECRET,
|
||||
MEET_USER
|
||||
MEET_API_KEY
|
||||
} from '../../src/environment.js';
|
||||
import { createApp, registerDependencies } from '../../src/server.js';
|
||||
import { RecordingService, RoomService } from '../../src/services/index.js';
|
||||
@ -23,15 +21,10 @@ import {
|
||||
MeetRecordingAccess,
|
||||
MeetRoom,
|
||||
MeetRoomOptions,
|
||||
UserRole,
|
||||
WebhookPreferences
|
||||
} from '../../src/typings/ce/index.js';
|
||||
|
||||
const CREDENTIALS = {
|
||||
user: {
|
||||
username: MEET_USER,
|
||||
password: MEET_SECRET
|
||||
},
|
||||
admin: {
|
||||
username: MEET_ADMIN_USER,
|
||||
password: MEET_ADMIN_SECRET
|
||||
@ -58,7 +51,7 @@ export const startTestServer = (): Express => {
|
||||
export const getAppearancePreferences = async () => {
|
||||
checkAppIsRunning();
|
||||
|
||||
const adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
const adminCookie = await loginUser();
|
||||
const response = await request(app)
|
||||
.get(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/appearance`)
|
||||
.set('Cookie', adminCookie)
|
||||
@ -69,7 +62,7 @@ export const getAppearancePreferences = async () => {
|
||||
export const updateAppearancePreferences = async (preferences: any) => {
|
||||
checkAppIsRunning();
|
||||
|
||||
const adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
const adminCookie = await loginUser();
|
||||
const response = await request(app)
|
||||
.put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/appearance`)
|
||||
.set('Cookie', adminCookie)
|
||||
@ -80,7 +73,7 @@ export const updateAppearancePreferences = async (preferences: any) => {
|
||||
export const getWebbhookPreferences = async () => {
|
||||
checkAppIsRunning();
|
||||
|
||||
const adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
const adminCookie = await loginUser();
|
||||
const response = await request(app)
|
||||
.get(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/webhooks`)
|
||||
.set('Cookie', adminCookie)
|
||||
@ -91,7 +84,7 @@ export const getWebbhookPreferences = async () => {
|
||||
export const updateWebbhookPreferences = async (preferences: WebhookPreferences) => {
|
||||
checkAppIsRunning();
|
||||
|
||||
const adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
const adminCookie = await loginUser();
|
||||
const response = await request(app)
|
||||
.put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/webhooks`)
|
||||
.set('Cookie', adminCookie)
|
||||
@ -103,7 +96,7 @@ export const updateWebbhookPreferences = async (preferences: WebhookPreferences)
|
||||
export const getSecurityPreferences = async () => {
|
||||
checkAppIsRunning();
|
||||
|
||||
const adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
const adminCookie = await loginUser();
|
||||
const response = await request(app)
|
||||
.get(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/security`)
|
||||
.set('Cookie', adminCookie)
|
||||
@ -114,7 +107,7 @@ export const getSecurityPreferences = async () => {
|
||||
export const updateSecurityPreferences = async (preferences: any) => {
|
||||
checkAppIsRunning();
|
||||
|
||||
const adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
const adminCookie = await loginUser();
|
||||
const response = await request(app)
|
||||
.put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/security`)
|
||||
.set('Cookie', adminCookie)
|
||||
@ -122,36 +115,27 @@ export const updateSecurityPreferences = async (preferences: any) => {
|
||||
return response;
|
||||
};
|
||||
|
||||
export const changeSecurityPreferences = async ({
|
||||
usersCanCreateRooms = true,
|
||||
authRequired = true,
|
||||
authMode = AuthMode.NONE
|
||||
}) => {
|
||||
export const changeSecurityPreferences = async (authMode: AuthMode) => {
|
||||
const response = await updateSecurityPreferences({
|
||||
roomCreationPolicy: {
|
||||
allowRoomCreation: usersCanCreateRooms,
|
||||
requireAuthentication: authRequired
|
||||
},
|
||||
authentication: {
|
||||
authMode: authMode,
|
||||
method: {
|
||||
authMethod: {
|
||||
type: AuthType.SINGLE_USER
|
||||
}
|
||||
},
|
||||
authModeToAccessRoom: authMode
|
||||
}
|
||||
});
|
||||
expect(response.status).toBe(200);
|
||||
};
|
||||
|
||||
/**
|
||||
* Logs in a user as a specific role (admin or user) and returns the access token cookie
|
||||
* Logs in a user and returns the access token cookie
|
||||
*/
|
||||
export const loginUserAsRole = async (role: UserRole): Promise<string> => {
|
||||
export const loginUser = async (): Promise<string> => {
|
||||
checkAppIsRunning();
|
||||
|
||||
const credentials = role === UserRole.ADMIN ? CREDENTIALS.admin : CREDENTIALS.user;
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth/login`)
|
||||
.send(credentials)
|
||||
.send(CREDENTIALS.admin)
|
||||
.expect(200);
|
||||
|
||||
const cookies = response.headers['set-cookie'] as unknown as string[];
|
||||
@ -201,7 +185,7 @@ export const getRoom = async (roomId: string, fields?: string) => {
|
||||
export const updateRoomPreferences = async (roomId: string, preferences: any) => {
|
||||
checkAppIsRunning();
|
||||
|
||||
const adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
const adminCookie = await loginUser();
|
||||
return await request(app)
|
||||
.put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/rooms/${roomId}`)
|
||||
.set('Cookie', adminCookie)
|
||||
@ -311,9 +295,7 @@ export const generateParticipantToken = async (participantOptions: any) => {
|
||||
checkAppIsRunning();
|
||||
|
||||
// Disable authentication to generate the token
|
||||
await changeSecurityPreferences({
|
||||
authMode: AuthMode.NONE
|
||||
});
|
||||
await changeSecurityPreferences(AuthMode.NONE);
|
||||
|
||||
// Generate the participant token
|
||||
const response = await request(app)
|
||||
@ -350,9 +332,7 @@ export const refreshParticipantToken = async (participantOptions: any) => {
|
||||
checkAppIsRunning();
|
||||
|
||||
// Disable authentication to generate the token
|
||||
await changeSecurityPreferences({
|
||||
authMode: AuthMode.NONE
|
||||
});
|
||||
await changeSecurityPreferences(AuthMode.NONE);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/participants/token/refresh`)
|
||||
@ -420,9 +400,7 @@ export const generateRecordingToken = async (roomId: string, secret: string) =>
|
||||
checkAppIsRunning();
|
||||
|
||||
// Disable authentication to generate the token
|
||||
await changeSecurityPreferences({
|
||||
authMode: AuthMode.NONE
|
||||
});
|
||||
await changeSecurityPreferences(AuthMode.NONE);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/rooms/${roomId}/recording-token`)
|
||||
|
||||
@ -8,15 +8,11 @@ import {
|
||||
import { AuthMode, AuthType } from '../../../../src/typings/ce/index.js';
|
||||
|
||||
const defaultPreferences = {
|
||||
roomCreationPolicy: {
|
||||
allowRoomCreation: true,
|
||||
requireAuthentication: true
|
||||
},
|
||||
authentication: {
|
||||
authMode: AuthMode.NONE,
|
||||
method: {
|
||||
authMethod: {
|
||||
type: AuthType.SINGLE_USER
|
||||
}
|
||||
},
|
||||
authModeToAccessRoom: AuthMode.NONE
|
||||
}
|
||||
};
|
||||
|
||||
@ -36,15 +32,11 @@ describe('Security Preferences API Tests', () => {
|
||||
describe('Update security preferences', () => {
|
||||
it('should update security preferences with valid complete data', async () => {
|
||||
const validPreferences = {
|
||||
roomCreationPolicy: {
|
||||
allowRoomCreation: true,
|
||||
requireAuthentication: true
|
||||
},
|
||||
authentication: {
|
||||
authMode: AuthMode.ALL_USERS,
|
||||
method: {
|
||||
authMethod: {
|
||||
type: AuthType.SINGLE_USER
|
||||
}
|
||||
},
|
||||
authModeToAccessRoom: AuthMode.ALL_USERS
|
||||
}
|
||||
};
|
||||
let response = await updateSecurityPreferences(validPreferences);
|
||||
@ -56,113 +48,22 @@ describe('Security Preferences API Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body).toEqual(validPreferences);
|
||||
});
|
||||
|
||||
it('should update security preferences with valid partial data (roomCreationPolicy)', async () => {
|
||||
const validPreferences = {
|
||||
roomCreationPolicy: {
|
||||
allowRoomCreation: false
|
||||
}
|
||||
};
|
||||
let response = await updateSecurityPreferences(validPreferences);
|
||||
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body.message).toBe('Security preferences updated successfully');
|
||||
|
||||
response = await getSecurityPreferences();
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body.roomCreationPolicy.allowRoomCreation).toEqual(
|
||||
validPreferences.roomCreationPolicy.allowRoomCreation
|
||||
);
|
||||
expect(response.body.authentication).toEqual(defaultPreferences.authentication);
|
||||
});
|
||||
|
||||
it('should update security preferences with valid partial data (authentication)', async () => {
|
||||
const validPreferences = {
|
||||
authentication: {
|
||||
authMode: AuthMode.ALL_USERS,
|
||||
method: {
|
||||
type: AuthType.SINGLE_USER
|
||||
}
|
||||
}
|
||||
};
|
||||
let response = await updateSecurityPreferences(validPreferences);
|
||||
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body.message).toBe('Security preferences updated successfully');
|
||||
|
||||
response = await getSecurityPreferences();
|
||||
expect(response.status).toBe(200);
|
||||
expect(response.body.authentication).toEqual(validPreferences.authentication);
|
||||
expect(response.body.roomCreationPolicy).toEqual(defaultPreferences.roomCreationPolicy);
|
||||
});
|
||||
});
|
||||
|
||||
describe('Update security preferences validation', () => {
|
||||
it('should reject when allowRoomCreation is not a boolean', async () => {
|
||||
const response = await updateSecurityPreferences({
|
||||
roomCreationPolicy: {
|
||||
allowRoomCreation: 'invalid',
|
||||
requireAuthentication: true
|
||||
}
|
||||
});
|
||||
|
||||
expectValidationError(
|
||||
response,
|
||||
'roomCreationPolicy.allowRoomCreation',
|
||||
'Expected boolean, received string'
|
||||
);
|
||||
});
|
||||
|
||||
it('should reject when requireAuthentication is not a boolean', async () => {
|
||||
const response = await updateSecurityPreferences({
|
||||
roomCreationPolicy: {
|
||||
allowRoomCreation: true,
|
||||
requireAuthentication: 'invalid'
|
||||
}
|
||||
});
|
||||
|
||||
expectValidationError(
|
||||
response,
|
||||
'roomCreationPolicy.requireAuthentication',
|
||||
'Expected boolean, received string'
|
||||
);
|
||||
});
|
||||
|
||||
it('should reject when allowRoomCreation is not provided', async () => {
|
||||
const response = await updateSecurityPreferences({
|
||||
roomCreationPolicy: {
|
||||
requireAuthentication: true
|
||||
}
|
||||
});
|
||||
expectValidationError(response, 'roomCreationPolicy.allowRoomCreation', 'Required');
|
||||
});
|
||||
|
||||
it('should reject when allowRoomCreation is true and requireAuthentication is not provided', async () => {
|
||||
const response = await updateSecurityPreferences({
|
||||
roomCreationPolicy: {
|
||||
allowRoomCreation: true
|
||||
}
|
||||
});
|
||||
expectValidationError(
|
||||
response,
|
||||
'roomCreationPolicy.requireAuthentication',
|
||||
'requireAuthentication is required when allowRoomCreation is true'
|
||||
);
|
||||
});
|
||||
|
||||
it('should reject when authMode is not a valid enum value', async () => {
|
||||
it('should reject when authModeToAccessRoom is not a valid enum value', async () => {
|
||||
const response = await updateSecurityPreferences({
|
||||
authentication: {
|
||||
authMode: 'invalid',
|
||||
method: {
|
||||
authMethod: {
|
||||
type: AuthType.SINGLE_USER
|
||||
}
|
||||
},
|
||||
authModeToAccessRoom: 'invalid'
|
||||
}
|
||||
});
|
||||
|
||||
expectValidationError(
|
||||
response,
|
||||
'authentication.authMode',
|
||||
'authentication.authModeToAccessRoom',
|
||||
"Invalid enum value. Expected 'none' | 'moderators_only' | 'all_users', received 'invalid'"
|
||||
);
|
||||
});
|
||||
@ -170,27 +71,27 @@ describe('Security Preferences API Tests', () => {
|
||||
it('should reject when authType is not a valid enum value', async () => {
|
||||
const response = await updateSecurityPreferences({
|
||||
authentication: {
|
||||
authMode: AuthMode.NONE,
|
||||
method: {
|
||||
authMethod: {
|
||||
type: 'invalid'
|
||||
}
|
||||
},
|
||||
authModeToAccessRoom: AuthMode.ALL_USERS
|
||||
}
|
||||
});
|
||||
|
||||
expectValidationError(
|
||||
response,
|
||||
'authentication.method.type',
|
||||
'authentication.authMethod.type',
|
||||
"Invalid enum value. Expected 'single-user', received 'invalid'"
|
||||
);
|
||||
});
|
||||
|
||||
it('should reject when authMode or method are not provided', async () => {
|
||||
it('should reject when authModeToAccessRoom or authMethod are not provided', async () => {
|
||||
let response = await updateSecurityPreferences({
|
||||
authentication: {
|
||||
authMode: AuthMode.NONE
|
||||
}
|
||||
});
|
||||
expectValidationError(response, 'authentication.method', 'Required');
|
||||
expectValidationError(response, 'authentication.authMethod', 'Required');
|
||||
|
||||
response = await updateSecurityPreferences({
|
||||
authentication: {
|
||||
@ -199,15 +100,7 @@ describe('Security Preferences API Tests', () => {
|
||||
}
|
||||
}
|
||||
});
|
||||
expectValidationError(response, 'authentication.authMode', 'Required');
|
||||
});
|
||||
|
||||
it('should reject when roomCreationPolicy is not an object', async () => {
|
||||
const response = await updateSecurityPreferences({
|
||||
roomCreationPolicy: 'invalid'
|
||||
});
|
||||
|
||||
expectValidationError(response, 'roomCreationPolicy', 'Expected object, received string');
|
||||
expectValidationError(response, 'authentication.authModeToAccessRoom', 'Required');
|
||||
});
|
||||
|
||||
it('should reject when authentication is not an object', async () => {
|
||||
@ -217,12 +110,6 @@ describe('Security Preferences API Tests', () => {
|
||||
|
||||
expectValidationError(response, 'authentication', 'Expected object, received string');
|
||||
});
|
||||
|
||||
it('should reject when both roomCreationPolicy and authentication are not provided', async () => {
|
||||
const response = await updateSecurityPreferences({});
|
||||
|
||||
expectValidationError(response, '', 'At least one field must be provided for the update');
|
||||
});
|
||||
});
|
||||
|
||||
describe('Get security preferences', () => {
|
||||
|
||||
@ -3,9 +3,9 @@ import { Express } from 'express';
|
||||
import ms from 'ms';
|
||||
import request from 'supertest';
|
||||
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
|
||||
import { MeetRecordingAccess, UserRole } from '../../../../src/typings/ce/index.js';
|
||||
import { MeetRecordingAccess } from '../../../../src/typings/ce/index.js';
|
||||
import { expectValidRoom } from '../../../helpers/assertion-helpers.js';
|
||||
import { createRoom, deleteAllRooms, loginUserAsRole, startTestServer } from '../../../helpers/request-helpers.js';
|
||||
import { createRoom, deleteAllRooms, loginUser, startTestServer } from '../../../helpers/request-helpers.js';
|
||||
|
||||
const ROOMS_PATH = `${INTERNAL_CONFIG.API_BASE_PATH_V1}/rooms`;
|
||||
|
||||
@ -13,11 +13,11 @@ describe('Room API Tests', () => {
|
||||
const validAutoDeletionDate = Date.now() + ms('2h');
|
||||
|
||||
let app: Express;
|
||||
let userCookie: string;
|
||||
let adminCookie: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
app = startTestServer();
|
||||
userCookie = await loginUserAsRole(UserRole.USER);
|
||||
adminCookie = await loginUser();
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
@ -68,7 +68,7 @@ describe('Room API Tests', () => {
|
||||
roomIdPrefix: 'TestRoom'
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
// Check that the error message contains the positive number validation
|
||||
expect(response.body.error).toContain('Unprocessable Entity');
|
||||
@ -81,7 +81,7 @@ describe('Room API Tests', () => {
|
||||
roomIdPrefix: 'TestRoom'
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
expect(response.body.error).toContain('Unprocessable Entity');
|
||||
expect(JSON.stringify(response.body.details)).toContain(
|
||||
@ -95,7 +95,7 @@ describe('Room API Tests', () => {
|
||||
roomIdPrefix: 'TestRoom'
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
expect(JSON.stringify(response.body.details)).toContain('Expected number');
|
||||
});
|
||||
@ -106,7 +106,7 @@ describe('Room API Tests', () => {
|
||||
roomIdPrefix: 'TestRoom'
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
expect(JSON.stringify(response.body.details)).toContain('Expected number');
|
||||
});
|
||||
@ -117,7 +117,7 @@ describe('Room API Tests', () => {
|
||||
roomIdPrefix: 'TestRoom'
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
expect(JSON.stringify(response.body.details)).toContain('Expected number');
|
||||
});
|
||||
@ -128,7 +128,7 @@ describe('Room API Tests', () => {
|
||||
autoDeletionDate: validAutoDeletionDate
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
expect(JSON.stringify(response.body.details)).toContain('Expected string');
|
||||
});
|
||||
@ -139,7 +139,7 @@ describe('Room API Tests', () => {
|
||||
autoDeletionDate: validAutoDeletionDate
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
expect(JSON.stringify(response.body.details)).toContain('Expected string');
|
||||
});
|
||||
@ -151,7 +151,7 @@ describe('Room API Tests', () => {
|
||||
preferences: 'invalid-preferences'
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
expect(JSON.stringify(response.body.details)).toContain('Expected object');
|
||||
});
|
||||
@ -172,7 +172,7 @@ describe('Room API Tests', () => {
|
||||
}
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
expect(JSON.stringify(response.body.details)).toContain('Expected boolean');
|
||||
});
|
||||
@ -181,7 +181,7 @@ describe('Room API Tests', () => {
|
||||
// In this case, instead of sending JSON object, send an invalid JSON string.
|
||||
const response = await request(app)
|
||||
.post(ROOMS_PATH)
|
||||
.set('Cookie', userCookie)
|
||||
.set('Cookie', adminCookie)
|
||||
.set('Content-Type', 'application/json')
|
||||
.send('{"roomIdPrefix": "TestRoom",') // invalid JSON syntax
|
||||
.expect(400);
|
||||
@ -197,7 +197,7 @@ describe('Room API Tests', () => {
|
||||
autoDeletionDate: validAutoDeletionDate
|
||||
};
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422);
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
|
||||
|
||||
expect(JSON.stringify(response.body.details)).toContain('roomIdPrefix cannot exceed 50 characters');
|
||||
});
|
||||
|
||||
@ -2,9 +2,8 @@ import { beforeAll, describe, expect, it } from '@jest/globals';
|
||||
import { Express } from 'express';
|
||||
import request from 'supertest';
|
||||
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
|
||||
import { UserRole } from '../../../../src/typings/ce/index.js';
|
||||
import { expectValidationError } from '../../../helpers/assertion-helpers.js';
|
||||
import { loginUserAsRole, startTestServer } from '../../../helpers/request-helpers.js';
|
||||
import { loginUser, startTestServer } from '../../../helpers/request-helpers.js';
|
||||
|
||||
const AUTH_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth`;
|
||||
|
||||
@ -20,8 +19,8 @@ describe('Authentication API Tests', () => {
|
||||
const response = await request(app)
|
||||
.post(`${AUTH_PATH}/login`)
|
||||
.send({
|
||||
username: 'user',
|
||||
password: 'user'
|
||||
username: 'admin',
|
||||
password: 'admin'
|
||||
})
|
||||
.expect(200);
|
||||
|
||||
@ -45,7 +44,7 @@ describe('Authentication API Tests', () => {
|
||||
const response = await request(app)
|
||||
.post(`${AUTH_PATH}/login`)
|
||||
.send({
|
||||
username: 'user',
|
||||
username: 'admin',
|
||||
password: 'invalidpassword'
|
||||
})
|
||||
.expect(404);
|
||||
@ -127,8 +126,8 @@ describe('Authentication API Tests', () => {
|
||||
const loginResponse = await request(app)
|
||||
.post(`${AUTH_PATH}/login`)
|
||||
.send({
|
||||
username: 'user',
|
||||
password: 'user'
|
||||
username: 'admin',
|
||||
password: 'admin'
|
||||
})
|
||||
.expect(200);
|
||||
|
||||
@ -172,22 +171,10 @@ describe('Authentication API Tests', () => {
|
||||
});
|
||||
|
||||
describe('Profile Tests', () => {
|
||||
let userCookie: string;
|
||||
let adminCookie: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
// Get cookies for admin and user
|
||||
userCookie = await loginUserAsRole(UserRole.USER);
|
||||
adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
});
|
||||
|
||||
it('should return 200 and user profile', async () => {
|
||||
const response = await request(app).get(`${AUTH_PATH}/profile`).set('Cookie', userCookie).expect(200);
|
||||
|
||||
expect(response.body).toHaveProperty('username');
|
||||
expect(response.body.username).toBe('user');
|
||||
expect(response.body).toHaveProperty('role');
|
||||
expect(response.body.role).toContain('user');
|
||||
adminCookie = await loginUser();
|
||||
});
|
||||
|
||||
it('should return 200 and admin profile', async () => {
|
||||
@ -195,8 +182,8 @@ describe('Authentication API Tests', () => {
|
||||
|
||||
expect(response.body).toHaveProperty('username');
|
||||
expect(response.body.username).toBe('admin');
|
||||
expect(response.body).toHaveProperty('role');
|
||||
expect(response.body.role).toContain('admin');
|
||||
expect(response.body).toHaveProperty('roles');
|
||||
expect(response.body.roles).toEqual(expect.arrayContaining(['admin', 'user']));
|
||||
});
|
||||
|
||||
it('should return 401 when no access token is provided', async () => {
|
||||
|
||||
@ -3,11 +3,10 @@ import { Express } from 'express';
|
||||
import request from 'supertest';
|
||||
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
|
||||
import { MEET_API_KEY } from '../../../../src/environment.js';
|
||||
import { UserRole } from '../../../../src/typings/ce/index.js';
|
||||
import {
|
||||
deleteAllRooms,
|
||||
disconnectFakeParticipants,
|
||||
loginUserAsRole,
|
||||
loginUser,
|
||||
startTestServer
|
||||
} from '../../../helpers/request-helpers.js';
|
||||
import { RoomData, setupSingleRoom } from '../../../helpers/test-scenarios.js';
|
||||
@ -16,18 +15,12 @@ const MEETINGS_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/meetings`;
|
||||
|
||||
describe('Meeting API Security Tests', () => {
|
||||
let app: Express;
|
||||
|
||||
let userCookie: string;
|
||||
let adminCookie: string;
|
||||
|
||||
let roomData: RoomData;
|
||||
|
||||
beforeAll(async () => {
|
||||
app = startTestServer();
|
||||
|
||||
// Get cookies for admin and user
|
||||
userCookie = await loginUserAsRole(UserRole.USER);
|
||||
adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
adminCookie = await loginUser();
|
||||
});
|
||||
|
||||
beforeEach(async () => {
|
||||
@ -54,13 +47,6 @@ describe('Meeting API Security Tests', () => {
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.delete(`${MEETINGS_PATH}/${roomData.room.roomId}`)
|
||||
.set('Cookie', userCookie);
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should succeed when participant is moderator', async () => {
|
||||
const response = await request(app)
|
||||
.delete(`${MEETINGS_PATH}/${roomData.room.roomId}`)
|
||||
@ -102,13 +88,6 @@ describe('Meeting API Security Tests', () => {
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.delete(`${MEETINGS_PATH}/${roomData.room.roomId}/participants/${PARTICIPANT_NAME}`)
|
||||
.set('Cookie', userCookie);
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should succeed when participant is moderator', async () => {
|
||||
const response = await request(app)
|
||||
.delete(`${MEETINGS_PATH}/${roomData.room.roomId}/participants/${PARTICIPANT_NAME}`)
|
||||
|
||||
@ -2,12 +2,12 @@ import { afterAll, beforeAll, describe, expect, it } from '@jest/globals';
|
||||
import { Express } from 'express';
|
||||
import request from 'supertest';
|
||||
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
|
||||
import { AuthMode, UserRole } from '../../../../src/typings/ce/index.js';
|
||||
import { AuthMode } from '../../../../src/typings/ce/index.js';
|
||||
import {
|
||||
changeSecurityPreferences,
|
||||
deleteAllRooms,
|
||||
disconnectFakeParticipants,
|
||||
loginUserAsRole,
|
||||
loginUser,
|
||||
startTestServer
|
||||
} from '../../../helpers/request-helpers.js';
|
||||
import { RoomData, setupSingleRoom } from '../../../helpers/test-scenarios.js';
|
||||
@ -18,11 +18,11 @@ describe('Participant API Security Tests', () => {
|
||||
const PARTICIPANT_NAME = 'TEST_PARTICIPANT';
|
||||
|
||||
let app: Express;
|
||||
let userCookie: string;
|
||||
let adminCookie: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
app = startTestServer();
|
||||
userCookie = await loginUserAsRole(UserRole.USER);
|
||||
adminCookie = await loginUser();
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
@ -38,7 +38,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when no authentication is required and participant is publisher', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.NONE });
|
||||
await changeSecurityPreferences(AuthMode.NONE);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -49,7 +49,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when no authentication is required and participant is moderator', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.NONE });
|
||||
await changeSecurityPreferences(AuthMode.NONE);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -60,7 +60,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for moderator and participant is publisher', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY });
|
||||
await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -71,9 +71,9 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY });
|
||||
await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', userCookie).send({
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', adminCookie).send({
|
||||
roomId: roomData.room.roomId,
|
||||
participantName: PARTICIPANT_NAME,
|
||||
secret: roomData.moderatorSecret
|
||||
@ -82,7 +82,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY });
|
||||
await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -93,9 +93,9 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for all users, participant is publisher and authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', userCookie).send({
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', adminCookie).send({
|
||||
roomId: roomData.room.roomId,
|
||||
participantName: PARTICIPANT_NAME,
|
||||
secret: roomData.publisherSecret
|
||||
@ -104,7 +104,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should fail when authentication is required for all users and participant is publisher but not authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -115,9 +115,9 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', userCookie).send({
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', adminCookie).send({
|
||||
roomId: roomData.room.roomId,
|
||||
participantName: PARTICIPANT_NAME,
|
||||
secret: roomData.moderatorSecret
|
||||
@ -126,7 +126,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -145,7 +145,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when no authentication is required and participant is publisher', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.NONE });
|
||||
await changeSecurityPreferences(AuthMode.NONE);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -156,7 +156,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when no authentication is required and participant is moderator', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.NONE });
|
||||
await changeSecurityPreferences(AuthMode.NONE);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -167,7 +167,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for moderator and participant is publisher', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY });
|
||||
await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -178,11 +178,11 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY });
|
||||
await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${PARTICIPANTS_PATH}/token/refresh`)
|
||||
.set('Cookie', userCookie)
|
||||
.set('Cookie', adminCookie)
|
||||
.send({
|
||||
roomId: roomData.room.roomId,
|
||||
participantName: PARTICIPANT_NAME,
|
||||
@ -192,7 +192,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY });
|
||||
await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -203,11 +203,11 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for all users, participant is publisher and authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${PARTICIPANTS_PATH}/token/refresh`)
|
||||
.set('Cookie', userCookie)
|
||||
.set('Cookie', adminCookie)
|
||||
.send({
|
||||
roomId: roomData.room.roomId,
|
||||
participantName: PARTICIPANT_NAME,
|
||||
@ -217,7 +217,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should fail when authentication is required for all users and participant is publisher but not authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
@ -228,11 +228,11 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${PARTICIPANTS_PATH}/token/refresh`)
|
||||
.set('Cookie', userCookie)
|
||||
.set('Cookie', adminCookie)
|
||||
.send({
|
||||
roomId: roomData.room.roomId,
|
||||
participantName: PARTICIPANT_NAME,
|
||||
@ -242,7 +242,7 @@ describe('Participant API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
|
||||
roomId: roomData.room.roomId,
|
||||
|
||||
@ -3,23 +3,18 @@ import { Express } from 'express';
|
||||
import request from 'supertest';
|
||||
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
|
||||
import { MEET_API_KEY } from '../../../../src/environment.js';
|
||||
import { UserRole } from '../../../../src/typings/ce/index.js';
|
||||
import { loginUserAsRole, startTestServer } from '../../../helpers/request-helpers.js';
|
||||
import { loginUser, startTestServer } from '../../../helpers/request-helpers.js';
|
||||
import { AuthMode, AuthType } from '../../../../src/typings/ce/index.js';
|
||||
|
||||
const PREFERENCES_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences`;
|
||||
|
||||
describe('Global Preferences API Security Tests', () => {
|
||||
let app: Express;
|
||||
|
||||
let userCookie: string;
|
||||
let adminCookie: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
app = startTestServer();
|
||||
|
||||
// Get cookies for admin and user
|
||||
userCookie = await loginUserAsRole(UserRole.USER);
|
||||
adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
adminCookie = await loginUser();
|
||||
});
|
||||
|
||||
describe('Update Webhook Preferences Tests', () => {
|
||||
@ -44,14 +39,6 @@ describe('Global Preferences API Security Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.put(`${PREFERENCES_PATH}/webhooks`)
|
||||
.set('Cookie', userCookie)
|
||||
.send(webhookPreferences);
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).put(`${PREFERENCES_PATH}/webhooks`).send(webhookPreferences);
|
||||
expect(response.status).toBe(401);
|
||||
@ -71,11 +58,6 @@ describe('Global Preferences API Security Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app).get(`${PREFERENCES_PATH}/webhooks`).set('Cookie', userCookie);
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).get(`${PREFERENCES_PATH}/webhooks`);
|
||||
expect(response.status).toBe(401);
|
||||
@ -84,9 +66,11 @@ describe('Global Preferences API Security Tests', () => {
|
||||
|
||||
describe('Update Security Preferences Tests', () => {
|
||||
const securityPreferences = {
|
||||
roomCreationPolicy: {
|
||||
allowRoomCreation: true,
|
||||
requireAuthentication: true
|
||||
authentication: {
|
||||
authMethod: {
|
||||
type: AuthType.SINGLE_USER
|
||||
},
|
||||
authModeToAccessRoom: AuthMode.ALL_USERS
|
||||
}
|
||||
};
|
||||
|
||||
@ -106,14 +90,6 @@ describe('Global Preferences API Security Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.put(`${PREFERENCES_PATH}/security`)
|
||||
.set('Cookie', userCookie)
|
||||
.send(securityPreferences);
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).put(`${PREFERENCES_PATH}/security`).send(securityPreferences);
|
||||
expect(response.status).toBe(401);
|
||||
@ -144,14 +120,6 @@ describe('Global Preferences API Security Tests', () => {
|
||||
expect(response.status).toBe(402); // Assuming 402 is the expected status code for this case
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.put(`${PREFERENCES_PATH}/appearance`)
|
||||
.set('Cookie', userCookie)
|
||||
.send({});
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).put(`${PREFERENCES_PATH}/appearance`).send({});
|
||||
expect(response.status).toBe(401);
|
||||
@ -171,11 +139,6 @@ describe('Global Preferences API Security Tests', () => {
|
||||
expect(response.status).toBe(402); // Assuming 402 is the expected status code for this case
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app).get(`${PREFERENCES_PATH}/appearance`).set('Cookie', userCookie);
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).get(`${PREFERENCES_PATH}/appearance`);
|
||||
expect(response.status).toBe(401);
|
||||
|
||||
@ -3,14 +3,14 @@ import { Express } from 'express';
|
||||
import request from 'supertest';
|
||||
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
|
||||
import { MEET_API_KEY } from '../../../../src/environment.js';
|
||||
import { MeetRecordingAccess, UserRole } from '../../../../src/typings/ce/index.js';
|
||||
import { MeetRecordingAccess } from '../../../../src/typings/ce/index.js';
|
||||
import { expectValidStopRecordingResponse } from '../../../helpers/assertion-helpers.js';
|
||||
import {
|
||||
deleteAllRecordings,
|
||||
deleteAllRooms,
|
||||
disconnectFakeParticipants,
|
||||
generateRecordingTokenCookie,
|
||||
loginUserAsRole,
|
||||
loginUser,
|
||||
startTestServer,
|
||||
stopAllRecordings,
|
||||
stopRecording,
|
||||
@ -23,16 +23,11 @@ const INTERNAL_RECORDINGS_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/r
|
||||
|
||||
describe('Recording API Security Tests', () => {
|
||||
let app: Express;
|
||||
|
||||
let userCookie: string;
|
||||
let adminCookie: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
app = startTestServer();
|
||||
|
||||
// Get cookies for admin and user
|
||||
userCookie = await loginUserAsRole(UserRole.USER);
|
||||
adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
adminCookie = await loginUser();
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
@ -64,14 +59,6 @@ describe('Recording API Security Tests', () => {
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.post(INTERNAL_RECORDINGS_PATH)
|
||||
.send({ roomId: roomData.room.roomId })
|
||||
.set('Cookie', userCookie);
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should succeed when participant is moderator', async () => {
|
||||
const response = await request(app)
|
||||
.post(INTERNAL_RECORDINGS_PATH)
|
||||
@ -129,13 +116,6 @@ describe('Recording API Security Tests', () => {
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_RECORDINGS_PATH}/${roomData.recordingId}/stop`)
|
||||
.set('Cookie', userCookie);
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should succeed when participant is moderator', async () => {
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_RECORDINGS_PATH}/${roomData.recordingId}/stop`)
|
||||
@ -177,11 +157,6 @@ describe('Recording API Security Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app).get(RECORDINGS_PATH).set('Cookie', userCookie);
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should succeed when recording access is public and participant is publisher', async () => {
|
||||
await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC);
|
||||
const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret);
|
||||
@ -265,11 +240,6 @@ describe('Recording API Security Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}`).set('Cookie', userCookie);
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should succeed when recording access is public and participant is publisher', async () => {
|
||||
await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC);
|
||||
const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret);
|
||||
@ -353,11 +323,6 @@ describe('Recording API Security Tests', () => {
|
||||
expect(response.status).toBe(204);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app).delete(`${RECORDINGS_PATH}/${recordingId}`).set('Cookie', userCookie);
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should fail when recording access is public and participant is publisher', async () => {
|
||||
await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC);
|
||||
const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret);
|
||||
@ -455,14 +420,6 @@ describe('Recording API Security Tests', () => {
|
||||
.set('Cookie', adminCookie);
|
||||
expect(response.status).toBe(204);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.delete(RECORDINGS_PATH)
|
||||
.query({ recordingIds: [recordingId] })
|
||||
.set('Cookie', userCookie);
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
});
|
||||
|
||||
describe('Get Recording Media Tests', () => {
|
||||
@ -488,13 +445,6 @@ describe('Recording API Security Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.get(`${RECORDINGS_PATH}/${recordingId}/media`)
|
||||
.set('Cookie', userCookie);
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should succeed when recording access is public and participant is publisher', async () => {
|
||||
await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC);
|
||||
const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret);
|
||||
|
||||
@ -3,12 +3,12 @@ import { Express } from 'express';
|
||||
import request from 'supertest';
|
||||
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
|
||||
import { MEET_API_KEY } from '../../../../src/environment.js';
|
||||
import { AuthMode, MeetRecordingAccess, UserRole } from '../../../../src/typings/ce/index.js';
|
||||
import { AuthMode, MeetRecordingAccess } from '../../../../src/typings/ce/index.js';
|
||||
import {
|
||||
changeSecurityPreferences,
|
||||
createRoom,
|
||||
deleteAllRooms,
|
||||
loginUserAsRole,
|
||||
loginUser,
|
||||
startTestServer,
|
||||
updateRecordingAccessPreferencesInRoom
|
||||
} from '../../../helpers/request-helpers.js';
|
||||
@ -19,15 +19,11 @@ const INTERNAL_ROOMS_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/rooms`
|
||||
|
||||
describe('Room API Security Tests', () => {
|
||||
let app: Express;
|
||||
let userCookie: string;
|
||||
let adminCookie: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
app = startTestServer();
|
||||
|
||||
// Get cookies for admin and user
|
||||
userCookie = await loginUserAsRole(UserRole.USER);
|
||||
adminCookie = await loginUserAsRole(UserRole.ADMIN);
|
||||
adminCookie = await loginUser();
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
@ -35,11 +31,7 @@ describe('Room API Security Tests', () => {
|
||||
});
|
||||
|
||||
describe('Create Room Tests', () => {
|
||||
it('should succeed when users cannot create rooms, and request includes API key', async () => {
|
||||
await changeSecurityPreferences({
|
||||
usersCanCreateRooms: false
|
||||
});
|
||||
|
||||
it('should succeed when request includes API key', async () => {
|
||||
const response = await request(app)
|
||||
.post(ROOMS_PATH)
|
||||
.set(INTERNAL_CONFIG.API_KEY_HEADER, MEET_API_KEY)
|
||||
@ -47,59 +39,12 @@ describe('Room API Security Tests', () => {
|
||||
expect(response.status).toBe(201);
|
||||
});
|
||||
|
||||
it('should succeed when users cannot create rooms, and user is authenticated as admin', async () => {
|
||||
await changeSecurityPreferences({
|
||||
usersCanCreateRooms: false
|
||||
});
|
||||
|
||||
it('should succeed when user is authenticated as admin', async () => {
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send({});
|
||||
expect(response.status).toBe(201);
|
||||
});
|
||||
|
||||
it('should fail when users cannot create rooms, and user is authenticated as user', async () => {
|
||||
await changeSecurityPreferences({
|
||||
usersCanCreateRooms: false
|
||||
});
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send({});
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when users cannot create rooms, and user is not authenticated', async () => {
|
||||
await changeSecurityPreferences({
|
||||
usersCanCreateRooms: false
|
||||
});
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).send({});
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should succeed when users can create rooms and auth is not required, and user is not authenticated', async () => {
|
||||
await changeSecurityPreferences({
|
||||
usersCanCreateRooms: true,
|
||||
authRequired: false
|
||||
});
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).send({});
|
||||
expect(response.status).toBe(201);
|
||||
});
|
||||
|
||||
it('should succeed when users can create rooms and auth is required, and user is authenticated', async () => {
|
||||
await changeSecurityPreferences({
|
||||
usersCanCreateRooms: true,
|
||||
authRequired: true
|
||||
});
|
||||
|
||||
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send({});
|
||||
expect(response.status).toBe(201);
|
||||
});
|
||||
|
||||
it('should fail when users can create rooms and auth is required, and user is not authenticated', async () => {
|
||||
await changeSecurityPreferences({
|
||||
usersCanCreateRooms: true,
|
||||
authRequired: true
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).post(ROOMS_PATH).send({});
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
@ -116,11 +61,6 @@ describe('Room API Security Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app).get(ROOMS_PATH).set('Cookie', userCookie);
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).get(ROOMS_PATH);
|
||||
expect(response.status).toBe(401);
|
||||
@ -151,11 +91,6 @@ describe('Room API Security Tests', () => {
|
||||
expect(response.status).toBe(204);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app).delete(ROOMS_PATH).query({ roomIds: roomId }).set('Cookie', userCookie);
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).delete(ROOMS_PATH).query({ roomIds: roomId });
|
||||
expect(response.status).toBe(401);
|
||||
@ -181,11 +116,6 @@ describe('Room API Security Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app).get(`${ROOMS_PATH}/${roomData.room.roomId}`).set('Cookie', userCookie);
|
||||
expect(response.status).toBe(401);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).get(`${ROOMS_PATH}/${roomData.room.roomId}`);
|
||||
expect(response.status).toBe(401);
|
||||
@ -235,11 +165,6 @@ describe('Room API Security Tests', () => {
|
||||
expect(response.status).toBe(204);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app).delete(`${ROOMS_PATH}/${roomId}`).set('Cookie', userCookie);
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).delete(`${ROOMS_PATH}/${roomId}`);
|
||||
expect(response.status).toBe(401);
|
||||
@ -279,14 +204,6 @@ describe('Room API Security Tests', () => {
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when user is authenticated as user', async () => {
|
||||
const response = await request(app)
|
||||
.put(`${INTERNAL_ROOMS_PATH}/${roomId}`)
|
||||
.set('Cookie', userCookie)
|
||||
.send(roomPreferences);
|
||||
expect(response.status).toBe(403);
|
||||
});
|
||||
|
||||
it('should fail when user is not authenticated', async () => {
|
||||
const response = await request(app).put(`${INTERNAL_ROOMS_PATH}/${roomId}`).send(roomPreferences);
|
||||
expect(response.status).toBe(401);
|
||||
@ -308,7 +225,7 @@ describe('Room API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when no authentication is required and participant is publisher', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.NONE });
|
||||
await changeSecurityPreferences(AuthMode.NONE);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
|
||||
@ -317,7 +234,7 @@ describe('Room API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when no authentication is required and participant is moderator', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.NONE });
|
||||
await changeSecurityPreferences(AuthMode.NONE);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
|
||||
@ -326,7 +243,7 @@ describe('Room API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for moderator and participant is publisher', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY });
|
||||
await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
|
||||
@ -335,17 +252,17 @@ describe('Room API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY });
|
||||
await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
|
||||
.set('Cookie', userCookie)
|
||||
.set('Cookie', adminCookie)
|
||||
.send({ secret: roomData.moderatorSecret });
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY });
|
||||
await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
|
||||
@ -354,17 +271,17 @@ describe('Room API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for all users, participant is publisher and authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
|
||||
.set('Cookie', userCookie)
|
||||
.set('Cookie', adminCookie)
|
||||
.send({ secret: roomData.publisherSecret });
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when authentication is required for all users and participant is publisher but not authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
|
||||
@ -373,17 +290,17 @@ describe('Room API Security Tests', () => {
|
||||
});
|
||||
|
||||
it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
|
||||
.set('Cookie', userCookie)
|
||||
.set('Cookie', adminCookie)
|
||||
.send({ secret: roomData.moderatorSecret });
|
||||
expect(response.status).toBe(200);
|
||||
});
|
||||
|
||||
it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => {
|
||||
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS });
|
||||
await changeSecurityPreferences(AuthMode.ALL_USERS);
|
||||
|
||||
const response = await request(app)
|
||||
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user