neoris/openvidu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: Refactor tests and requests helper to reflect backend changes

Browse Source
This commit is contained in:
juancarmore 2025-05-31 01:38:26 +02:00
parent 610c5276b0
commit 130b84ba69
9 changed files with 119 additions and 458 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
backend/tests/helpers/request-helpers.ts
View File

@ -11,9 +11,7 @@ import {
LIVEKIT_API_SECRET, LIVEKIT_API_SECRET,
MEET_ADMIN_SECRET, MEET_ADMIN_SECRET,
MEET_ADMIN_USER, MEET_ADMIN_USER,
MEET_API_KEY, MEET_API_KEY
MEET_SECRET,
MEET_USER
} from '../../src/environment.js'; } from '../../src/environment.js';
import { createApp, registerDependencies } from '../../src/server.js'; import { createApp, registerDependencies } from '../../src/server.js';
import { RecordingService, RoomService } from '../../src/services/index.js'; import { RecordingService, RoomService } from '../../src/services/index.js';
@ -23,15 +21,10 @@ import {
MeetRecordingAccess, MeetRecordingAccess,
MeetRoom, MeetRoom,
MeetRoomOptions, MeetRoomOptions,
UserRole,
WebhookPreferences WebhookPreferences
} from '../../src/typings/ce/index.js'; } from '../../src/typings/ce/index.js';
const CREDENTIALS = { const CREDENTIALS = {
user: {
username: MEET_USER,
password: MEET_SECRET
},
admin: { admin: {
username: MEET_ADMIN_USER, username: MEET_ADMIN_USER,
password: MEET_ADMIN_SECRET password: MEET_ADMIN_SECRET
@ -58,7 +51,7 @@ export const startTestServer = (): Express => {
export const getAppearancePreferences = async () => { export const getAppearancePreferences = async () => {
checkAppIsRunning(); checkAppIsRunning();
const adminCookie = await loginUserAsRole(UserRole.ADMIN); const adminCookie = await loginUser();
const response = await request(app) const response = await request(app)
.get(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/appearance`) .get(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/appearance`)
.set('Cookie', adminCookie) .set('Cookie', adminCookie)
@ -69,7 +62,7 @@ export const getAppearancePreferences = async () => {
export const updateAppearancePreferences = async (preferences: any) => { export const updateAppearancePreferences = async (preferences: any) => {
checkAppIsRunning(); checkAppIsRunning();
const adminCookie = await loginUserAsRole(UserRole.ADMIN); const adminCookie = await loginUser();
const response = await request(app) const response = await request(app)
.put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/appearance`) .put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/appearance`)
.set('Cookie', adminCookie) .set('Cookie', adminCookie)
@ -80,7 +73,7 @@ export const updateAppearancePreferences = async (preferences: any) => {
export const getWebbhookPreferences = async () => { export const getWebbhookPreferences = async () => {
checkAppIsRunning(); checkAppIsRunning();
const adminCookie = await loginUserAsRole(UserRole.ADMIN); const adminCookie = await loginUser();
const response = await request(app) const response = await request(app)
.get(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/webhooks`) .get(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/webhooks`)
.set('Cookie', adminCookie) .set('Cookie', adminCookie)
@ -91,7 +84,7 @@ export const getWebbhookPreferences = async () => {
export const updateWebbhookPreferences = async (preferences: WebhookPreferences) => { export const updateWebbhookPreferences = async (preferences: WebhookPreferences) => {
checkAppIsRunning(); checkAppIsRunning();
const adminCookie = await loginUserAsRole(UserRole.ADMIN); const adminCookie = await loginUser();
const response = await request(app) const response = await request(app)
.put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/webhooks`) .put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/webhooks`)
.set('Cookie', adminCookie) .set('Cookie', adminCookie)
@ -103,7 +96,7 @@ export const updateWebbhookPreferences = async (preferences: WebhookPreferences)
export const getSecurityPreferences = async () => { export const getSecurityPreferences = async () => {
checkAppIsRunning(); checkAppIsRunning();
const adminCookie = await loginUserAsRole(UserRole.ADMIN); const adminCookie = await loginUser();
const response = await request(app) const response = await request(app)
.get(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/security`) .get(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/security`)
.set('Cookie', adminCookie) .set('Cookie', adminCookie)
@ -114,7 +107,7 @@ export const getSecurityPreferences = async () => {
export const updateSecurityPreferences = async (preferences: any) => { export const updateSecurityPreferences = async (preferences: any) => {
checkAppIsRunning(); checkAppIsRunning();
const adminCookie = await loginUserAsRole(UserRole.ADMIN); const adminCookie = await loginUser();
const response = await request(app) const response = await request(app)
.put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/security`) .put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences/security`)
.set('Cookie', adminCookie) .set('Cookie', adminCookie)
@ -122,36 +115,27 @@ export const updateSecurityPreferences = async (preferences: any) => {
return response; return response;
}; };
export const changeSecurityPreferences = async ({ export const changeSecurityPreferences = async (authMode: AuthMode) => {
usersCanCreateRooms = true,
authRequired = true,
authMode = AuthMode.NONE
}) => {
const response = await updateSecurityPreferences({ const response = await updateSecurityPreferences({
roomCreationPolicy: {
allowRoomCreation: usersCanCreateRooms,
requireAuthentication: authRequired
},
authentication: { authentication: {
authMode: authMode, authMethod: {
method: {
type: AuthType.SINGLE_USER type: AuthType.SINGLE_USER
} },
authModeToAccessRoom: authMode
} }
}); });
expect(response.status).toBe(200); expect(response.status).toBe(200);
}; };
/** /**
* Logs in a user as a specific role (admin or user) and returns the access token cookie * Logs in a user and returns the access token cookie
*/ */
export const loginUserAsRole = async (role: UserRole): Promise<string> => { export const loginUser = async (): Promise<string> => {
checkAppIsRunning(); checkAppIsRunning();
const credentials = role === UserRole.ADMIN ? CREDENTIALS.admin : CREDENTIALS.user;
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth/login`) .post(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth/login`)
.send(credentials) .send(CREDENTIALS.admin)
.expect(200); .expect(200);
const cookies = response.headers['set-cookie'] as unknown as string[]; const cookies = response.headers['set-cookie'] as unknown as string[];
@ -201,7 +185,7 @@ export const getRoom = async (roomId: string, fields?: string) => {
export const updateRoomPreferences = async (roomId: string, preferences: any) => { export const updateRoomPreferences = async (roomId: string, preferences: any) => {
checkAppIsRunning(); checkAppIsRunning();
const adminCookie = await loginUserAsRole(UserRole.ADMIN); const adminCookie = await loginUser();
return await request(app) return await request(app)
.put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/rooms/${roomId}`) .put(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/rooms/${roomId}`)
.set('Cookie', adminCookie) .set('Cookie', adminCookie)
@ -311,9 +295,7 @@ export const generateParticipantToken = async (participantOptions: any) => {
checkAppIsRunning(); checkAppIsRunning();
// Disable authentication to generate the token // Disable authentication to generate the token
await changeSecurityPreferences({ await changeSecurityPreferences(AuthMode.NONE);
authMode: AuthMode.NONE
});
// Generate the participant token // Generate the participant token
const response = await request(app) const response = await request(app)
@ -350,9 +332,7 @@ export const refreshParticipantToken = async (participantOptions: any) => {
checkAppIsRunning(); checkAppIsRunning();
// Disable authentication to generate the token // Disable authentication to generate the token
await changeSecurityPreferences({ await changeSecurityPreferences(AuthMode.NONE);
authMode: AuthMode.NONE
});
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/participants/token/refresh`) .post(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/participants/token/refresh`)
@ -420,9 +400,7 @@ export const generateRecordingToken = async (roomId: string, secret: string) =>
checkAppIsRunning(); checkAppIsRunning();
// Disable authentication to generate the token // Disable authentication to generate the token
await changeSecurityPreferences({ await changeSecurityPreferences(AuthMode.NONE);
authMode: AuthMode.NONE
});
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/rooms/${roomId}/recording-token`) .post(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/rooms/${roomId}/recording-token`)

149
backend/tests/integration/api/global-preferences/security.test.ts
View File

@ -8,15 +8,11 @@ import {
import { AuthMode, AuthType } from '../../../../src/typings/ce/index.js'; import { AuthMode, AuthType } from '../../../../src/typings/ce/index.js';
const defaultPreferences = { const defaultPreferences = {
roomCreationPolicy: {
allowRoomCreation: true,
requireAuthentication: true
},
authentication: { authentication: {
authMode: AuthMode.NONE, authMethod: {
method: {
type: AuthType.SINGLE_USER type: AuthType.SINGLE_USER
} },
authModeToAccessRoom: AuthMode.NONE
} }
}; };
@ -36,15 +32,11 @@ describe('Security Preferences API Tests', () => {
describe('Update security preferences', () => { describe('Update security preferences', () => {
it('should update security preferences with valid complete data', async () => { it('should update security preferences with valid complete data', async () => {
const validPreferences = { const validPreferences = {
roomCreationPolicy: {
allowRoomCreation: true,
requireAuthentication: true
},
authentication: { authentication: {
authMode: AuthMode.ALL_USERS, authMethod: {
method: {
type: AuthType.SINGLE_USER type: AuthType.SINGLE_USER
} },
authModeToAccessRoom: AuthMode.ALL_USERS
} }
}; };
let response = await updateSecurityPreferences(validPreferences); let response = await updateSecurityPreferences(validPreferences);
@ -56,113 +48,22 @@ describe('Security Preferences API Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
expect(response.body).toEqual(validPreferences); expect(response.body).toEqual(validPreferences);
}); });
it('should update security preferences with valid partial data (roomCreationPolicy)', async () => {
const validPreferences = {
roomCreationPolicy: {
allowRoomCreation: false
}
};
let response = await updateSecurityPreferences(validPreferences);
expect(response.status).toBe(200);
expect(response.body.message).toBe('Security preferences updated successfully');
response = await getSecurityPreferences();
expect(response.status).toBe(200);
expect(response.body.roomCreationPolicy.allowRoomCreation).toEqual(
validPreferences.roomCreationPolicy.allowRoomCreation
);
expect(response.body.authentication).toEqual(defaultPreferences.authentication);
});
it('should update security preferences with valid partial data (authentication)', async () => {
const validPreferences = {
authentication: {
authMode: AuthMode.ALL_USERS,
method: {
type: AuthType.SINGLE_USER
}
}
};
let response = await updateSecurityPreferences(validPreferences);
expect(response.status).toBe(200);
expect(response.body.message).toBe('Security preferences updated successfully');
response = await getSecurityPreferences();
expect(response.status).toBe(200);
expect(response.body.authentication).toEqual(validPreferences.authentication);
expect(response.body.roomCreationPolicy).toEqual(defaultPreferences.roomCreationPolicy);
});
}); });
describe('Update security preferences validation', () => { describe('Update security preferences validation', () => {
it('should reject when allowRoomCreation is not a boolean', async () => { it('should reject when authModeToAccessRoom is not a valid enum value', async () => {
const response = await updateSecurityPreferences({
roomCreationPolicy: {
allowRoomCreation: 'invalid',
requireAuthentication: true
}
});
expectValidationError(
response,
'roomCreationPolicy.allowRoomCreation',
'Expected boolean, received string'
);
});
it('should reject when requireAuthentication is not a boolean', async () => {
const response = await updateSecurityPreferences({
roomCreationPolicy: {
allowRoomCreation: true,
requireAuthentication: 'invalid'
}
});
expectValidationError(
response,
'roomCreationPolicy.requireAuthentication',
'Expected boolean, received string'
);
});
it('should reject when allowRoomCreation is not provided', async () => {
const response = await updateSecurityPreferences({
roomCreationPolicy: {
requireAuthentication: true
}
});
expectValidationError(response, 'roomCreationPolicy.allowRoomCreation', 'Required');
});
it('should reject when allowRoomCreation is true and requireAuthentication is not provided', async () => {
const response = await updateSecurityPreferences({
roomCreationPolicy: {
allowRoomCreation: true
}
});
expectValidationError(
response,
'roomCreationPolicy.requireAuthentication',
'requireAuthentication is required when allowRoomCreation is true'
);
});
it('should reject when authMode is not a valid enum value', async () => {
const response = await updateSecurityPreferences({ const response = await updateSecurityPreferences({
authentication: { authentication: {
authMode: 'invalid', authMethod: {
method: {
type: AuthType.SINGLE_USER type: AuthType.SINGLE_USER
} },
authModeToAccessRoom: 'invalid'
} }
}); });
expectValidationError( expectValidationError(
response, response,
'authentication.authMode', 'authentication.authModeToAccessRoom',
"Invalid enum value. Expected 'none' | 'moderators_only' | 'all_users', received 'invalid'" "Invalid enum value. Expected 'none' | 'moderators_only' | 'all_users', received 'invalid'"
); );
}); });
@ -170,27 +71,27 @@ describe('Security Preferences API Tests', () => {
it('should reject when authType is not a valid enum value', async () => { it('should reject when authType is not a valid enum value', async () => {
const response = await updateSecurityPreferences({ const response = await updateSecurityPreferences({
authentication: { authentication: {
authMode: AuthMode.NONE, authMethod: {
method: {
type: 'invalid' type: 'invalid'
} },
authModeToAccessRoom: AuthMode.ALL_USERS
} }
}); });
expectValidationError( expectValidationError(
response, response,
'authentication.method.type', 'authentication.authMethod.type',
"Invalid enum value. Expected 'single-user', received 'invalid'" "Invalid enum value. Expected 'single-user', received 'invalid'"
); );
}); });
it('should reject when authMode or method are not provided', async () => { it('should reject when authModeToAccessRoom or authMethod are not provided', async () => {
let response = await updateSecurityPreferences({ let response = await updateSecurityPreferences({
authentication: { authentication: {
authMode: AuthMode.NONE authMode: AuthMode.NONE
} }
}); });
expectValidationError(response, 'authentication.method', 'Required'); expectValidationError(response, 'authentication.authMethod', 'Required');
response = await updateSecurityPreferences({ response = await updateSecurityPreferences({
authentication: { authentication: {
@ -199,15 +100,7 @@ describe('Security Preferences API Tests', () => {
} }
} }
}); });
expectValidationError(response, 'authentication.authMode', 'Required'); expectValidationError(response, 'authentication.authModeToAccessRoom', 'Required');
});
it('should reject when roomCreationPolicy is not an object', async () => {
const response = await updateSecurityPreferences({
roomCreationPolicy: 'invalid'
});
expectValidationError(response, 'roomCreationPolicy', 'Expected object, received string');
}); });
it('should reject when authentication is not an object', async () => { it('should reject when authentication is not an object', async () => {
@ -217,12 +110,6 @@ describe('Security Preferences API Tests', () => {
expectValidationError(response, 'authentication', 'Expected object, received string'); expectValidationError(response, 'authentication', 'Expected object, received string');
}); });
it('should reject when both roomCreationPolicy and authentication are not provided', async () => {
const response = await updateSecurityPreferences({});
expectValidationError(response, '', 'At least one field must be provided for the update');
});
}); });
describe('Get security preferences', () => { describe('Get security preferences', () => {

30
backend/tests/integration/api/rooms/create-room.test.ts
View File

@ -3,9 +3,9 @@ import { Express } from 'express';
import ms from 'ms'; import ms from 'ms';
import request from 'supertest'; import request from 'supertest';
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
import { MeetRecordingAccess, UserRole } from '../../../../src/typings/ce/index.js'; import { MeetRecordingAccess } from '../../../../src/typings/ce/index.js';
import { expectValidRoom } from '../../../helpers/assertion-helpers.js'; import { expectValidRoom } from '../../../helpers/assertion-helpers.js';
import { createRoom, deleteAllRooms, loginUserAsRole, startTestServer } from '../../../helpers/request-helpers.js'; import { createRoom, deleteAllRooms, loginUser, startTestServer } from '../../../helpers/request-helpers.js';
const ROOMS_PATH = `${INTERNAL_CONFIG.API_BASE_PATH_V1}/rooms`; const ROOMS_PATH = `${INTERNAL_CONFIG.API_BASE_PATH_V1}/rooms`;
@ -13,11 +13,11 @@ describe('Room API Tests', () => {
const validAutoDeletionDate = Date.now() + ms('2h'); const validAutoDeletionDate = Date.now() + ms('2h');
let app: Express; let app: Express;
let userCookie: string; let adminCookie: string;
beforeAll(async () => { beforeAll(async () => {
app = startTestServer(); app = startTestServer();
userCookie = await loginUserAsRole(UserRole.USER); adminCookie = await loginUser();
}); });
afterAll(async () => { afterAll(async () => {
@ -68,7 +68,7 @@ describe('Room API Tests', () => {
roomIdPrefix: 'TestRoom' roomIdPrefix: 'TestRoom'
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
// Check that the error message contains the positive number validation // Check that the error message contains the positive number validation
expect(response.body.error).toContain('Unprocessable Entity'); expect(response.body.error).toContain('Unprocessable Entity');
@ -81,7 +81,7 @@ describe('Room API Tests', () => {
roomIdPrefix: 'TestRoom' roomIdPrefix: 'TestRoom'
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
expect(response.body.error).toContain('Unprocessable Entity'); expect(response.body.error).toContain('Unprocessable Entity');
expect(JSON.stringify(response.body.details)).toContain( expect(JSON.stringify(response.body.details)).toContain(
@ -95,7 +95,7 @@ describe('Room API Tests', () => {
roomIdPrefix: 'TestRoom' roomIdPrefix: 'TestRoom'
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
expect(JSON.stringify(response.body.details)).toContain('Expected number'); expect(JSON.stringify(response.body.details)).toContain('Expected number');
}); });
@ -106,7 +106,7 @@ describe('Room API Tests', () => {
roomIdPrefix: 'TestRoom' roomIdPrefix: 'TestRoom'
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
expect(JSON.stringify(response.body.details)).toContain('Expected number'); expect(JSON.stringify(response.body.details)).toContain('Expected number');
}); });
@ -117,7 +117,7 @@ describe('Room API Tests', () => {
roomIdPrefix: 'TestRoom' roomIdPrefix: 'TestRoom'
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
expect(JSON.stringify(response.body.details)).toContain('Expected number'); expect(JSON.stringify(response.body.details)).toContain('Expected number');
}); });
@ -128,7 +128,7 @@ describe('Room API Tests', () => {
autoDeletionDate: validAutoDeletionDate autoDeletionDate: validAutoDeletionDate
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
expect(JSON.stringify(response.body.details)).toContain('Expected string'); expect(JSON.stringify(response.body.details)).toContain('Expected string');
}); });
@ -139,7 +139,7 @@ describe('Room API Tests', () => {
autoDeletionDate: validAutoDeletionDate autoDeletionDate: validAutoDeletionDate
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
expect(JSON.stringify(response.body.details)).toContain('Expected string'); expect(JSON.stringify(response.body.details)).toContain('Expected string');
}); });
@ -151,7 +151,7 @@ describe('Room API Tests', () => {
preferences: 'invalid-preferences' preferences: 'invalid-preferences'
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
expect(JSON.stringify(response.body.details)).toContain('Expected object'); expect(JSON.stringify(response.body.details)).toContain('Expected object');
}); });
@ -172,7 +172,7 @@ describe('Room API Tests', () => {
} }
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
expect(JSON.stringify(response.body.details)).toContain('Expected boolean'); expect(JSON.stringify(response.body.details)).toContain('Expected boolean');
}); });
@ -181,7 +181,7 @@ describe('Room API Tests', () => {
// In this case, instead of sending JSON object, send an invalid JSON string. // In this case, instead of sending JSON object, send an invalid JSON string.
const response = await request(app) const response = await request(app)
.post(ROOMS_PATH) .post(ROOMS_PATH)
.set('Cookie', userCookie) .set('Cookie', adminCookie)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send('{"roomIdPrefix": "TestRoom",') // invalid JSON syntax .send('{"roomIdPrefix": "TestRoom",') // invalid JSON syntax
.expect(400); .expect(400);
@ -197,7 +197,7 @@ describe('Room API Tests', () => {
autoDeletionDate: validAutoDeletionDate autoDeletionDate: validAutoDeletionDate
}; };
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send(payload).expect(422); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send(payload).expect(422);
expect(JSON.stringify(response.body.details)).toContain('roomIdPrefix cannot exceed 50 characters'); expect(JSON.stringify(response.body.details)).toContain('roomIdPrefix cannot exceed 50 characters');
}); });

31
backend/tests/integration/api/security/auth.test.ts
View File

@ -2,9 +2,8 @@ import { beforeAll, describe, expect, it } from '@jest/globals';
import { Express } from 'express'; import { Express } from 'express';
import request from 'supertest'; import request from 'supertest';
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
import { UserRole } from '../../../../src/typings/ce/index.js';
import { expectValidationError } from '../../../helpers/assertion-helpers.js'; import { expectValidationError } from '../../../helpers/assertion-helpers.js';
import { loginUserAsRole, startTestServer } from '../../../helpers/request-helpers.js'; import { loginUser, startTestServer } from '../../../helpers/request-helpers.js';
const AUTH_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth`; const AUTH_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth`;
@ -20,8 +19,8 @@ describe('Authentication API Tests', () => {
const response = await request(app) const response = await request(app)
.post(`${AUTH_PATH}/login`) .post(`${AUTH_PATH}/login`)
.send({ .send({
username: 'user', username: 'admin',
password: 'user' password: 'admin'
}) })
.expect(200); .expect(200);
@ -45,7 +44,7 @@ describe('Authentication API Tests', () => {
const response = await request(app) const response = await request(app)
.post(`${AUTH_PATH}/login`) .post(`${AUTH_PATH}/login`)
.send({ .send({
username: 'user', username: 'admin',
password: 'invalidpassword' password: 'invalidpassword'
}) })
.expect(404); .expect(404);
@ -127,8 +126,8 @@ describe('Authentication API Tests', () => {
const loginResponse = await request(app) const loginResponse = await request(app)
.post(`${AUTH_PATH}/login`) .post(`${AUTH_PATH}/login`)
.send({ .send({
username: 'user', username: 'admin',
password: 'user' password: 'admin'
}) })
.expect(200); .expect(200);
@ -172,22 +171,10 @@ describe('Authentication API Tests', () => {
}); });
describe('Profile Tests', () => { describe('Profile Tests', () => {
let userCookie: string;
let adminCookie: string; let adminCookie: string;
beforeAll(async () => { beforeAll(async () => {
// Get cookies for admin and user adminCookie = await loginUser();
userCookie = await loginUserAsRole(UserRole.USER);
adminCookie = await loginUserAsRole(UserRole.ADMIN);
});
it('should return 200 and user profile', async () => {
const response = await request(app).get(`${AUTH_PATH}/profile`).set('Cookie', userCookie).expect(200);
expect(response.body).toHaveProperty('username');
expect(response.body.username).toBe('user');
expect(response.body).toHaveProperty('role');
expect(response.body.role).toContain('user');
}); });
it('should return 200 and admin profile', async () => { it('should return 200 and admin profile', async () => {
@ -195,8 +182,8 @@ describe('Authentication API Tests', () => {
expect(response.body).toHaveProperty('username'); expect(response.body).toHaveProperty('username');
expect(response.body.username).toBe('admin'); expect(response.body.username).toBe('admin');
expect(response.body).toHaveProperty('role'); expect(response.body).toHaveProperty('roles');
expect(response.body.role).toContain('admin'); expect(response.body.roles).toEqual(expect.arrayContaining(['admin', 'user']));
}); });
it('should return 401 when no access token is provided', async () => { it('should return 401 when no access token is provided', async () => {

25
backend/tests/integration/api/security/meeting-security.test.ts
View File

@ -3,11 +3,10 @@ import { Express } from 'express';
import request from 'supertest'; import request from 'supertest';
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
import { MEET_API_KEY } from '../../../../src/environment.js'; import { MEET_API_KEY } from '../../../../src/environment.js';
import { UserRole } from '../../../../src/typings/ce/index.js';
import { import {
deleteAllRooms, deleteAllRooms,
disconnectFakeParticipants, disconnectFakeParticipants,
loginUserAsRole, loginUser,
startTestServer startTestServer
} from '../../../helpers/request-helpers.js'; } from '../../../helpers/request-helpers.js';
import { RoomData, setupSingleRoom } from '../../../helpers/test-scenarios.js'; import { RoomData, setupSingleRoom } from '../../../helpers/test-scenarios.js';
@ -16,18 +15,12 @@ const MEETINGS_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/meetings`;
describe('Meeting API Security Tests', () => { describe('Meeting API Security Tests', () => {
let app: Express; let app: Express;
let userCookie: string;
let adminCookie: string; let adminCookie: string;
let roomData: RoomData; let roomData: RoomData;
beforeAll(async () => { beforeAll(async () => {
app = startTestServer(); app = startTestServer();
adminCookie = await loginUser();
// Get cookies for admin and user
userCookie = await loginUserAsRole(UserRole.USER);
adminCookie = await loginUserAsRole(UserRole.ADMIN);
}); });
beforeEach(async () => { beforeEach(async () => {
@ -54,13 +47,6 @@ describe('Meeting API Security Tests', () => {
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.delete(`${MEETINGS_PATH}/${roomData.room.roomId}`)
.set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should succeed when participant is moderator', async () => { it('should succeed when participant is moderator', async () => {
const response = await request(app) const response = await request(app)
.delete(`${MEETINGS_PATH}/${roomData.room.roomId}`) .delete(`${MEETINGS_PATH}/${roomData.room.roomId}`)
@ -102,13 +88,6 @@ describe('Meeting API Security Tests', () => {
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.delete(`${MEETINGS_PATH}/${roomData.room.roomId}/participants/${PARTICIPANT_NAME}`)
.set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should succeed when participant is moderator', async () => { it('should succeed when participant is moderator', async () => {
const response = await request(app) const response = await request(app)
.delete(`${MEETINGS_PATH}/${roomData.room.roomId}/participants/${PARTICIPANT_NAME}`) .delete(`${MEETINGS_PATH}/${roomData.room.roomId}/participants/${PARTICIPANT_NAME}`)

56
backend/tests/integration/api/security/participant-security.test.ts
View File

@ -2,12 +2,12 @@ import { afterAll, beforeAll, describe, expect, it } from '@jest/globals';
import { Express } from 'express'; import { Express } from 'express';
import request from 'supertest'; import request from 'supertest';
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
import { AuthMode, UserRole } from '../../../../src/typings/ce/index.js'; import { AuthMode } from '../../../../src/typings/ce/index.js';
import { import {
changeSecurityPreferences, changeSecurityPreferences,
deleteAllRooms, deleteAllRooms,
disconnectFakeParticipants, disconnectFakeParticipants,
loginUserAsRole, loginUser,
startTestServer startTestServer
} from '../../../helpers/request-helpers.js'; } from '../../../helpers/request-helpers.js';
import { RoomData, setupSingleRoom } from '../../../helpers/test-scenarios.js'; import { RoomData, setupSingleRoom } from '../../../helpers/test-scenarios.js';
@ -18,11 +18,11 @@ describe('Participant API Security Tests', () => {
const PARTICIPANT_NAME = 'TEST_PARTICIPANT'; const PARTICIPANT_NAME = 'TEST_PARTICIPANT';
let app: Express; let app: Express;
let userCookie: string; let adminCookie: string;
beforeAll(async () => { beforeAll(async () => {
app = startTestServer(); app = startTestServer();
userCookie = await loginUserAsRole(UserRole.USER); adminCookie = await loginUser();
}); });
afterAll(async () => { afterAll(async () => {
@ -38,7 +38,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when no authentication is required and participant is publisher', async () => { it('should succeed when no authentication is required and participant is publisher', async () => {
await changeSecurityPreferences({ authMode: AuthMode.NONE }); await changeSecurityPreferences(AuthMode.NONE);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -49,7 +49,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when no authentication is required and participant is moderator', async () => { it('should succeed when no authentication is required and participant is moderator', async () => {
await changeSecurityPreferences({ authMode: AuthMode.NONE }); await changeSecurityPreferences(AuthMode.NONE);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -60,7 +60,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when authentication is required for moderator and participant is publisher', async () => { it('should succeed when authentication is required for moderator and participant is publisher', async () => {
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY }); await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -71,9 +71,9 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => { it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY }); await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', userCookie).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', adminCookie).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
participantName: PARTICIPANT_NAME, participantName: PARTICIPANT_NAME,
secret: roomData.moderatorSecret secret: roomData.moderatorSecret
@ -82,7 +82,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => { it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY }); await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -93,9 +93,9 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when authentication is required for all users, participant is publisher and authenticated', async () => { it('should succeed when authentication is required for all users, participant is publisher and authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', userCookie).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', adminCookie).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
participantName: PARTICIPANT_NAME, participantName: PARTICIPANT_NAME,
secret: roomData.publisherSecret secret: roomData.publisherSecret
@ -104,7 +104,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should fail when authentication is required for all users and participant is publisher but not authenticated', async () => { it('should fail when authentication is required for all users and participant is publisher but not authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -115,9 +115,9 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => { it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', userCookie).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', adminCookie).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
participantName: PARTICIPANT_NAME, participantName: PARTICIPANT_NAME,
secret: roomData.moderatorSecret secret: roomData.moderatorSecret
@ -126,7 +126,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => { it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -145,7 +145,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when no authentication is required and participant is publisher', async () => { it('should succeed when no authentication is required and participant is publisher', async () => {
await changeSecurityPreferences({ authMode: AuthMode.NONE }); await changeSecurityPreferences(AuthMode.NONE);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -156,7 +156,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when no authentication is required and participant is moderator', async () => { it('should succeed when no authentication is required and participant is moderator', async () => {
await changeSecurityPreferences({ authMode: AuthMode.NONE }); await changeSecurityPreferences(AuthMode.NONE);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -167,7 +167,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when authentication is required for moderator and participant is publisher', async () => { it('should succeed when authentication is required for moderator and participant is publisher', async () => {
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY }); await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -178,11 +178,11 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => { it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY }); await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
const response = await request(app) const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`) .post(`${PARTICIPANTS_PATH}/token/refresh`)
.set('Cookie', userCookie) .set('Cookie', adminCookie)
.send({ .send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
participantName: PARTICIPANT_NAME, participantName: PARTICIPANT_NAME,
@ -192,7 +192,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => { it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY }); await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -203,11 +203,11 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when authentication is required for all users, participant is publisher and authenticated', async () => { it('should succeed when authentication is required for all users, participant is publisher and authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app) const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`) .post(`${PARTICIPANTS_PATH}/token/refresh`)
.set('Cookie', userCookie) .set('Cookie', adminCookie)
.send({ .send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
participantName: PARTICIPANT_NAME, participantName: PARTICIPANT_NAME,
@ -217,7 +217,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should fail when authentication is required for all users and participant is publisher but not authenticated', async () => { it('should fail when authentication is required for all users and participant is publisher but not authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
@ -228,11 +228,11 @@ describe('Participant API Security Tests', () => {
}); });
it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => { it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app) const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`) .post(`${PARTICIPANTS_PATH}/token/refresh`)
.set('Cookie', userCookie) .set('Cookie', adminCookie)
.send({ .send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,
participantName: PARTICIPANT_NAME, participantName: PARTICIPANT_NAME,
@ -242,7 +242,7 @@ describe('Participant API Security Tests', () => {
}); });
it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => { it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({ const response = await request(app).post(`${PARTICIPANTS_PATH}/token/refresh`).send({
roomId: roomData.room.roomId, roomId: roomData.room.roomId,

53
backend/tests/integration/api/security/preferences-security.test.ts
View File

@ -3,23 +3,18 @@ import { Express } from 'express';
import request from 'supertest'; import request from 'supertest';
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
import { MEET_API_KEY } from '../../../../src/environment.js'; import { MEET_API_KEY } from '../../../../src/environment.js';
import { UserRole } from '../../../../src/typings/ce/index.js'; import { loginUser, startTestServer } from '../../../helpers/request-helpers.js';
import { loginUserAsRole, startTestServer } from '../../../helpers/request-helpers.js'; import { AuthMode, AuthType } from '../../../../src/typings/ce/index.js';
const PREFERENCES_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences`; const PREFERENCES_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences`;
describe('Global Preferences API Security Tests', () => { describe('Global Preferences API Security Tests', () => {
let app: Express; let app: Express;
let userCookie: string;
let adminCookie: string; let adminCookie: string;
beforeAll(async () => { beforeAll(async () => {
app = startTestServer(); app = startTestServer();
adminCookie = await loginUser();
// Get cookies for admin and user
userCookie = await loginUserAsRole(UserRole.USER);
adminCookie = await loginUserAsRole(UserRole.ADMIN);
}); });
describe('Update Webhook Preferences Tests', () => { describe('Update Webhook Preferences Tests', () => {
@ -44,14 +39,6 @@ describe('Global Preferences API Security Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.put(`${PREFERENCES_PATH}/webhooks`)
.set('Cookie', userCookie)
.send(webhookPreferences);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).put(`${PREFERENCES_PATH}/webhooks`).send(webhookPreferences); const response = await request(app).put(`${PREFERENCES_PATH}/webhooks`).send(webhookPreferences);
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -71,11 +58,6 @@ describe('Global Preferences API Security Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(`${PREFERENCES_PATH}/webhooks`).set('Cookie', userCookie);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).get(`${PREFERENCES_PATH}/webhooks`); const response = await request(app).get(`${PREFERENCES_PATH}/webhooks`);
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -84,9 +66,11 @@ describe('Global Preferences API Security Tests', () => {
describe('Update Security Preferences Tests', () => { describe('Update Security Preferences Tests', () => {
const securityPreferences = { const securityPreferences = {
roomCreationPolicy: { authentication: {
allowRoomCreation: true, authMethod: {
requireAuthentication: true type: AuthType.SINGLE_USER
},
authModeToAccessRoom: AuthMode.ALL_USERS
} }
}; };
@ -106,14 +90,6 @@ describe('Global Preferences API Security Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.put(`${PREFERENCES_PATH}/security`)
.set('Cookie', userCookie)
.send(securityPreferences);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).put(`${PREFERENCES_PATH}/security`).send(securityPreferences); const response = await request(app).put(`${PREFERENCES_PATH}/security`).send(securityPreferences);
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -144,14 +120,6 @@ describe('Global Preferences API Security Tests', () => {
expect(response.status).toBe(402); // Assuming 402 is the expected status code for this case expect(response.status).toBe(402); // Assuming 402 is the expected status code for this case
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.put(`${PREFERENCES_PATH}/appearance`)
.set('Cookie', userCookie)
.send({});
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).put(`${PREFERENCES_PATH}/appearance`).send({}); const response = await request(app).put(`${PREFERENCES_PATH}/appearance`).send({});
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -171,11 +139,6 @@ describe('Global Preferences API Security Tests', () => {
expect(response.status).toBe(402); // Assuming 402 is the expected status code for this case expect(response.status).toBe(402); // Assuming 402 is the expected status code for this case
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(`${PREFERENCES_PATH}/appearance`).set('Cookie', userCookie);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).get(`${PREFERENCES_PATH}/appearance`); const response = await request(app).get(`${PREFERENCES_PATH}/appearance`);
expect(response.status).toBe(401); expect(response.status).toBe(401);

56
backend/tests/integration/api/security/recording-security.test.ts
View File

@ -3,14 +3,14 @@ import { Express } from 'express';
import request from 'supertest'; import request from 'supertest';
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
import { MEET_API_KEY } from '../../../../src/environment.js'; import { MEET_API_KEY } from '../../../../src/environment.js';
import { MeetRecordingAccess, UserRole } from '../../../../src/typings/ce/index.js'; import { MeetRecordingAccess } from '../../../../src/typings/ce/index.js';
import { expectValidStopRecordingResponse } from '../../../helpers/assertion-helpers.js'; import { expectValidStopRecordingResponse } from '../../../helpers/assertion-helpers.js';
import { import {
deleteAllRecordings, deleteAllRecordings,
deleteAllRooms, deleteAllRooms,
disconnectFakeParticipants, disconnectFakeParticipants,
generateRecordingTokenCookie, generateRecordingTokenCookie,
loginUserAsRole, loginUser,
startTestServer, startTestServer,
stopAllRecordings, stopAllRecordings,
stopRecording, stopRecording,
@ -23,16 +23,11 @@ const INTERNAL_RECORDINGS_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/r
describe('Recording API Security Tests', () => { describe('Recording API Security Tests', () => {
let app: Express; let app: Express;
let userCookie: string;
let adminCookie: string; let adminCookie: string;
beforeAll(async () => { beforeAll(async () => {
app = startTestServer(); app = startTestServer();
adminCookie = await loginUser();
// Get cookies for admin and user
userCookie = await loginUserAsRole(UserRole.USER);
adminCookie = await loginUserAsRole(UserRole.ADMIN);
}); });
afterAll(async () => { afterAll(async () => {
@ -64,14 +59,6 @@ describe('Recording API Security Tests', () => {
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.post(INTERNAL_RECORDINGS_PATH)
.send({ roomId: roomData.room.roomId })
.set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should succeed when participant is moderator', async () => { it('should succeed when participant is moderator', async () => {
const response = await request(app) const response = await request(app)
.post(INTERNAL_RECORDINGS_PATH) .post(INTERNAL_RECORDINGS_PATH)
@ -129,13 +116,6 @@ describe('Recording API Security Tests', () => {
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.post(`${INTERNAL_RECORDINGS_PATH}/${roomData.recordingId}/stop`)
.set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should succeed when participant is moderator', async () => { it('should succeed when participant is moderator', async () => {
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_RECORDINGS_PATH}/${roomData.recordingId}/stop`) .post(`${INTERNAL_RECORDINGS_PATH}/${roomData.recordingId}/stop`)
@ -177,11 +157,6 @@ describe('Recording API Security Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(RECORDINGS_PATH).set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should succeed when recording access is public and participant is publisher', async () => { it('should succeed when recording access is public and participant is publisher', async () => {
await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC);
const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret); const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret);
@ -265,11 +240,6 @@ describe('Recording API Security Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}`).set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should succeed when recording access is public and participant is publisher', async () => { it('should succeed when recording access is public and participant is publisher', async () => {
await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC);
const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret); const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret);
@ -353,11 +323,6 @@ describe('Recording API Security Tests', () => {
expect(response.status).toBe(204); expect(response.status).toBe(204);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app).delete(`${RECORDINGS_PATH}/${recordingId}`).set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should fail when recording access is public and participant is publisher', async () => { it('should fail when recording access is public and participant is publisher', async () => {
await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC);
const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret); const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret);
@ -455,14 +420,6 @@ describe('Recording API Security Tests', () => {
.set('Cookie', adminCookie); .set('Cookie', adminCookie);
expect(response.status).toBe(204); expect(response.status).toBe(204);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.delete(RECORDINGS_PATH)
.query({ recordingIds: [recordingId] })
.set('Cookie', userCookie);
expect(response.status).toBe(403);
});
}); });
describe('Get Recording Media Tests', () => { describe('Get Recording Media Tests', () => {
@ -488,13 +445,6 @@ describe('Recording API Security Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.get(`${RECORDINGS_PATH}/${recordingId}/media`)
.set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should succeed when recording access is public and participant is publisher', async () => { it('should succeed when recording access is public and participant is publisher', async () => {
await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC);
const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret); const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret);

119
backend/tests/integration/api/security/room-security.test.ts
View File

@ -3,12 +3,12 @@ import { Express } from 'express';
import request from 'supertest'; import request from 'supertest';
import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; import INTERNAL_CONFIG from '../../../../src/config/internal-config.js';
import { MEET_API_KEY } from '../../../../src/environment.js'; import { MEET_API_KEY } from '../../../../src/environment.js';
import { AuthMode, MeetRecordingAccess, UserRole } from '../../../../src/typings/ce/index.js'; import { AuthMode, MeetRecordingAccess } from '../../../../src/typings/ce/index.js';
import { import {
changeSecurityPreferences, changeSecurityPreferences,
createRoom, createRoom,
deleteAllRooms, deleteAllRooms,
loginUserAsRole, loginUser,
startTestServer, startTestServer,
updateRecordingAccessPreferencesInRoom updateRecordingAccessPreferencesInRoom
} from '../../../helpers/request-helpers.js'; } from '../../../helpers/request-helpers.js';
@ -19,15 +19,11 @@ const INTERNAL_ROOMS_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/rooms`
describe('Room API Security Tests', () => { describe('Room API Security Tests', () => {
let app: Express; let app: Express;
let userCookie: string;
let adminCookie: string; let adminCookie: string;
beforeAll(async () => { beforeAll(async () => {
app = startTestServer(); app = startTestServer();
adminCookie = await loginUser();
// Get cookies for admin and user
userCookie = await loginUserAsRole(UserRole.USER);
adminCookie = await loginUserAsRole(UserRole.ADMIN);
}); });
afterAll(async () => { afterAll(async () => {
@ -35,11 +31,7 @@ describe('Room API Security Tests', () => {
}); });
describe('Create Room Tests', () => { describe('Create Room Tests', () => {
it('should succeed when users cannot create rooms, and request includes API key', async () => { it('should succeed when request includes API key', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: false
});
const response = await request(app) const response = await request(app)
.post(ROOMS_PATH) .post(ROOMS_PATH)
.set(INTERNAL_CONFIG.API_KEY_HEADER, MEET_API_KEY) .set(INTERNAL_CONFIG.API_KEY_HEADER, MEET_API_KEY)
@ -47,59 +39,12 @@ describe('Room API Security Tests', () => {
expect(response.status).toBe(201); expect(response.status).toBe(201);
}); });
it('should succeed when users cannot create rooms, and user is authenticated as admin', async () => { it('should succeed when user is authenticated as admin', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: false
});
const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send({}); const response = await request(app).post(ROOMS_PATH).set('Cookie', adminCookie).send({});
expect(response.status).toBe(201); expect(response.status).toBe(201);
}); });
it('should fail when users cannot create rooms, and user is authenticated as user', async () => { it('should fail when user is not authenticated', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: false
});
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send({});
expect(response.status).toBe(403);
});
it('should fail when users cannot create rooms, and user is not authenticated', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: false
});
const response = await request(app).post(ROOMS_PATH).send({});
expect(response.status).toBe(401);
});
it('should succeed when users can create rooms and auth is not required, and user is not authenticated', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: true,
authRequired: false
});
const response = await request(app).post(ROOMS_PATH).send({});
expect(response.status).toBe(201);
});
it('should succeed when users can create rooms and auth is required, and user is authenticated', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: true,
authRequired: true
});
const response = await request(app).post(ROOMS_PATH).set('Cookie', userCookie).send({});
expect(response.status).toBe(201);
});
it('should fail when users can create rooms and auth is required, and user is not authenticated', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: true,
authRequired: true
});
const response = await request(app).post(ROOMS_PATH).send({}); const response = await request(app).post(ROOMS_PATH).send({});
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
@ -116,11 +61,6 @@ describe('Room API Security Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(ROOMS_PATH).set('Cookie', userCookie);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).get(ROOMS_PATH); const response = await request(app).get(ROOMS_PATH);
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -151,11 +91,6 @@ describe('Room API Security Tests', () => {
expect(response.status).toBe(204); expect(response.status).toBe(204);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app).delete(ROOMS_PATH).query({ roomIds: roomId }).set('Cookie', userCookie);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).delete(ROOMS_PATH).query({ roomIds: roomId }); const response = await request(app).delete(ROOMS_PATH).query({ roomIds: roomId });
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -181,11 +116,6 @@ describe('Room API Security Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(`${ROOMS_PATH}/${roomData.room.roomId}`).set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).get(`${ROOMS_PATH}/${roomData.room.roomId}`); const response = await request(app).get(`${ROOMS_PATH}/${roomData.room.roomId}`);
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -235,11 +165,6 @@ describe('Room API Security Tests', () => {
expect(response.status).toBe(204); expect(response.status).toBe(204);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app).delete(`${ROOMS_PATH}/${roomId}`).set('Cookie', userCookie);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).delete(`${ROOMS_PATH}/${roomId}`); const response = await request(app).delete(`${ROOMS_PATH}/${roomId}`);
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -279,14 +204,6 @@ describe('Room API Security Tests', () => {
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => {
const response = await request(app)
.put(`${INTERNAL_ROOMS_PATH}/${roomId}`)
.set('Cookie', userCookie)
.send(roomPreferences);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).put(`${INTERNAL_ROOMS_PATH}/${roomId}`).send(roomPreferences); const response = await request(app).put(`${INTERNAL_ROOMS_PATH}/${roomId}`).send(roomPreferences);
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -308,7 +225,7 @@ describe('Room API Security Tests', () => {
}); });
it('should succeed when no authentication is required and participant is publisher', async () => { it('should succeed when no authentication is required and participant is publisher', async () => {
await changeSecurityPreferences({ authMode: AuthMode.NONE }); await changeSecurityPreferences(AuthMode.NONE);
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`) .post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
@ -317,7 +234,7 @@ describe('Room API Security Tests', () => {
}); });
it('should succeed when no authentication is required and participant is moderator', async () => { it('should succeed when no authentication is required and participant is moderator', async () => {
await changeSecurityPreferences({ authMode: AuthMode.NONE }); await changeSecurityPreferences(AuthMode.NONE);
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`) .post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
@ -326,7 +243,7 @@ describe('Room API Security Tests', () => {
}); });
it('should succeed when authentication is required for moderator and participant is publisher', async () => { it('should succeed when authentication is required for moderator and participant is publisher', async () => {
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY }); await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`) .post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
@ -335,17 +252,17 @@ describe('Room API Security Tests', () => {
}); });
it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => { it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY }); await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`) .post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
.set('Cookie', userCookie) .set('Cookie', adminCookie)
.send({ secret: roomData.moderatorSecret }); .send({ secret: roomData.moderatorSecret });
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => { it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.MODERATORS_ONLY }); await changeSecurityPreferences(AuthMode.MODERATORS_ONLY);
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`) .post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
@ -354,17 +271,17 @@ describe('Room API Security Tests', () => {
}); });
it('should succeed when authentication is required for all users, participant is publisher and authenticated', async () => { it('should succeed when authentication is required for all users, participant is publisher and authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`) .post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
.set('Cookie', userCookie) .set('Cookie', adminCookie)
.send({ secret: roomData.publisherSecret }); .send({ secret: roomData.publisherSecret });
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when authentication is required for all users and participant is publisher but not authenticated', async () => { it('should fail when authentication is required for all users and participant is publisher but not authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`) .post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
@ -373,17 +290,17 @@ describe('Room API Security Tests', () => {
}); });
it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => { it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`) .post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)
.set('Cookie', userCookie) .set('Cookie', adminCookie)
.send({ secret: roomData.moderatorSecret }); .send({ secret: roomData.moderatorSecret });
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => { it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => {
await changeSecurityPreferences({ authMode: AuthMode.ALL_USERS }); await changeSecurityPreferences(AuthMode.ALL_USERS);
const response = await request(app) const response = await request(app)
.post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`) .post(`${INTERNAL_ROOMS_PATH}/${roomData.room.roomId}/recording-token`)