neoris/openvidu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

backend: Refactor tests to use a constant when having same routes for better maintainalibity

Browse Source
This commit is contained in:
juancarmore 2025-04-03 18:50:56 +02:00
parent c675fffd07
commit 985e882c7e
2 changed files with 77 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backend/tests/integration/api/security/auth.test.ts
View File

@ -4,7 +4,7 @@ import { Express } from 'express';
import { startTestServer, stopTestServer } from '../../../utils/server-setup.js';
const INTERNAL_BASE_URL = '/meet/internal-api/v1';
const AUTH_BASE_URL = `${INTERNAL_BASE_URL}/auth`;
const AUTH_URL = `${INTERNAL_BASE_URL}/auth`;
describe('OpenVidu Meet Authentication API Tests', () => {
let app: Express;
@ -20,7 +20,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
describe('Login Tests', () => {
it('should successfully login with valid credentials', async () => {
const response = await request(app)
.post(`${AUTH_BASE_URL}/login`)
.post(`${AUTH_URL}/login`)
.send({
username: 'user',
password: 'user'
@ -41,7 +41,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 404 for invalid credentials', async () => {
const response = await request(app)
.post(`${AUTH_BASE_URL}/login`)
.post(`${AUTH_URL}/login`)
.send({
username: 'user',
password: 'invalidpassword'
@ -54,7 +54,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 422 when username is missing', async () => {
const response = await request(app)
.post(`${AUTH_BASE_URL}/login`)
.post(`${AUTH_URL}/login`)
.send({
password: 'user'
})
@ -67,7 +67,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 422 when password is missing', async () => {
const response = await request(app)
.post(`${AUTH_BASE_URL}/login`)
.post(`${AUTH_URL}/login`)
.send({
username: 'user'
})
@ -80,7 +80,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 422 when username is too short', async () => {
const response = await request(app)
.post(`${AUTH_BASE_URL}/login`)
.post(`${AUTH_URL}/login`)
.send({
username: 'usr',
password: 'user'
@ -94,7 +94,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 422 when password is too short', async () => {
const response = await request(app)
.post(`${AUTH_BASE_URL}/login`)
.post(`${AUTH_URL}/login`)
.send({
username: 'user',
password: 'usr'
@ -109,7 +109,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
describe('Logout Tests', () => {
it('should successfully logout', async () => {
const response = await request(app).post(`${AUTH_BASE_URL}/logout`).expect(200);
const response = await request(app).post(`${AUTH_URL}/logout`).expect(200);
expect(response.body).toHaveProperty('message');
expect(response.body.message).toBe('Logout successful');
@ -127,7 +127,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should successfully refresh token with valid refresh token', async () => {
// First, login to get a valid refresh token
const loginResponse = await request(app)
.post(`${AUTH_BASE_URL}/login`)
.post(`${AUTH_URL}/login`)
.send({
username: 'user',
password: 'user'
@ -138,7 +138,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
const refreshTokenCookie = cookies.find((cookie) => cookie.startsWith('OvMeetRefreshToken=')) as string;
const response = await request(app)
.post(`${AUTH_BASE_URL}/refresh`)
.post(`${AUTH_URL}/refresh`)
.set('Cookie', [refreshTokenCookie])
.expect(200);
@ -152,7 +152,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
});
it('should return 400 when no refresh token is provided', async () => {
const response = await request(app).post(`${AUTH_BASE_URL}/refresh`).expect(400);
const response = await request(app).post(`${AUTH_URL}/refresh`).expect(400);
expect(response.body).toHaveProperty('message');
expect(response.body.message).toContain('No refresh token provided');
@ -160,7 +160,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 400 when refresh token is invalid', async () => {
const response = await request(app)
.post(`${AUTH_BASE_URL}/refresh`)
.post(`${AUTH_URL}/refresh`)
.set('Cookie', 'OvMeetRefreshToken=invalidtoken')
.expect(400);
@ -173,7 +173,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 200 and user profile', async () => {
// First, login to get a valid access token
const loginResponse = await request(app)
.post(`${AUTH_BASE_URL}/login`)
.post(`${AUTH_URL}/login`)
.send({
username: 'user',
password: 'user'
@ -182,7 +182,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
const cookies = loginResponse.headers['set-cookie'] as unknown as string[];
const response = await request(app).get(`${AUTH_BASE_URL}/profile`).set('Cookie', cookies).expect(200);
const response = await request(app).get(`${AUTH_URL}/profile`).set('Cookie', cookies).expect(200);
expect(response.body).toHaveProperty('username');
expect(response.body.username).toBe('user');
@ -193,7 +193,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 200 and admin profile', async () => {
// First, login to get a valid access token
const loginResponse = await request(app)
.post(`${AUTH_BASE_URL}/login`)
.post(`${AUTH_URL}/login`)
.send({
username: 'admin',
password: 'admin'
@ -202,7 +202,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
const cookies = loginResponse.headers['set-cookie'] as unknown as string[];
const response = await request(app).get(`${AUTH_BASE_URL}/profile`).set('Cookie', cookies).expect(200);
const response = await request(app).get(`${AUTH_URL}/profile`).set('Cookie', cookies).expect(200);
expect(response.body).toHaveProperty('username');
expect(response.body.username).toBe('admin');
@ -211,7 +211,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
});
it('should return 401 when no access token is provided', async () => {
const response = await request(app).get(`${AUTH_BASE_URL}/profile`).expect(401);
const response = await request(app).get(`${AUTH_URL}/profile`).expect(401);
expect(response.body).toHaveProperty('message');
expect(response.body.message).toContain('Unauthorized');
@ -219,7 +219,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 401 when access token is invalid', async () => {
const response = await request(app)
.get(`${AUTH_BASE_URL}/profile`)
.get(`${AUTH_URL}/profile`)
.set('Cookie', 'OvMeetAccessToken=invalidtoken')
.expect(401);

117
backend/tests/integration/api/security/room-security.test.ts
View File

@ -6,6 +6,7 @@ import { AuthMode, AuthType } from '../../../../src/typings/ce/index.js';
const BASE_URL = '/meet/api/v1';
const INTERNAL_BASE_URL = '/meet/internal-api/v1';
const ROOMS_URL = `${BASE_URL}/rooms`;
const API_KEY_HEADER = 'X-API-Key';
const API_KEY = 'meet-api-key';
@ -54,7 +55,7 @@ describe('Room API Security Tests', () => {
return accessTokenCookie;
};
const extractSecretByroomUrl = (urlString: string, type: string): string => {
const extractSecretByRoomUrl = (urlString: string, type: string): string => {
const url = new URL(urlString);
const secret = url.searchParams.get('secret');
@ -73,33 +74,33 @@ describe('Room API Security Tests', () => {
afterAll(async () => {
// Clean up created rooms
const roomsResponse = await request(app).get(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY);
const roomsResponse = await request(app).get(ROOMS_URL).set(API_KEY_HEADER, API_KEY);
for (const room of roomsResponse.body) {
await request(app).delete(`${BASE_URL}/rooms/${room.roomId}`).set(API_KEY_HEADER, API_KEY);
await request(app).delete(`${ROOMS_URL}/${room.roomId}`).set(API_KEY_HEADER, API_KEY);
}
await stopTestServer();
});
}, 20000);
describe('Create Room Tests', () => {
it('should success when users cannot create rooms, and request includes API key', async () => {
it('should succeed when users cannot create rooms, and request includes API key', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: false
});
const response = await request(app).post(`${BASE_URL}/rooms`).set('X-API-Key', 'meet-api-key').send({
const response = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE
});
expect(response.status).toBe(200);
});
it('should success when users cannot create rooms, and user is authenticated as admin', async () => {
it('should succeed when users cannot create rooms, and user is authenticated as admin', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: false
});
const response = await request(app).post(`${BASE_URL}/rooms`).set('Cookie', adminCookie).send({
const response = await request(app).post(ROOMS_URL).set('Cookie', adminCookie).send({
expirationDate: EXPIRATION_DATE
});
expect(response.status).toBe(200);
@ -110,7 +111,7 @@ describe('Room API Security Tests', () => {
usersCanCreateRooms: false
});
const response = await request(app).post(`${BASE_URL}/rooms`).set('Cookie', userCookie).send({
const response = await request(app).post(ROOMS_URL).set('Cookie', userCookie).send({
expirationDate: EXPIRATION_DATE
});
expect(response.status).toBe(403);
@ -121,31 +122,31 @@ describe('Room API Security Tests', () => {
usersCanCreateRooms: false
});
const response = await request(app).post(`${BASE_URL}/rooms`).send({
const response = await request(app).post(ROOMS_URL).send({
expirationDate: EXPIRATION_DATE
});
expect(response.status).toBe(401);
});
it('should success when users can create rooms and auth is not required, and user is not authenticated', async () => {
it('should succeed when users can create rooms and auth is not required, and user is not authenticated', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: true,
authRequired: false
});
const response = await request(app).post(`${BASE_URL}/rooms`).send({
const response = await request(app).post(ROOMS_URL).send({
expirationDate: EXPIRATION_DATE
});
expect(response.status).toBe(200);
});
it('should success when users can create rooms and auth is required, and user is authenticated', async () => {
it('should succeed when users can create rooms and auth is required, and user is authenticated', async () => {
await changeSecurityPreferences({
usersCanCreateRooms: true,
authRequired: true
});
const response = await request(app).post(`${BASE_URL}/rooms`).set('Cookie', userCookie).send({
const response = await request(app).post(ROOMS_URL).set('Cookie', userCookie).send({
expirationDate: EXPIRATION_DATE
});
expect(response.status).toBe(200);
@ -157,7 +158,7 @@ describe('Room API Security Tests', () => {
authRequired: true
});
const response = await request(app).post(`${BASE_URL}/rooms`).send({
const response = await request(app).post(ROOMS_URL).send({
expirationDate: EXPIRATION_DATE
});
expect(response.status).toBe(401);
@ -165,23 +166,23 @@ describe('Room API Security Tests', () => {
});
describe('Get Rooms Tests', () => {
it('should success when request includes API key', async () => {
const response = await request(app).get(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY);
it('should succeed when request includes API key', async () => {
const response = await request(app).get(ROOMS_URL).set(API_KEY_HEADER, API_KEY);
expect(response.status).toBe(200);
});
it('should success when user is authenticated as admin', async () => {
const response = await request(app).get(`${BASE_URL}/rooms`).set('Cookie', adminCookie);
it('should succeed when user is authenticated as admin', async () => {
const response = await request(app).get(ROOMS_URL).set('Cookie', adminCookie);
expect(response.status).toBe(200);
});
it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(`${BASE_URL}/rooms`).set('Cookie', userCookie);
const response = await request(app).get(ROOMS_URL).set('Cookie', userCookie);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => {
const response = await request(app).get(`${BASE_URL}/rooms`);
const response = await request(app).get(ROOMS_URL);
expect(response.status).toBe(401);
});
});
@ -221,77 +222,77 @@ describe('Room API Security Tests', () => {
beforeAll(async () => {
// Create a room and extract the roomId to test the get room endpoint
const response = await request(app).post(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({
const response = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE
});
roomId = response.body.roomId;
// Extract the moderator and publisher secrets from the room URL
const { moderatorRoomUrl, publisherRoomUrl } = response.body;
const moderatorSecret = extractSecretByroomUrl(moderatorRoomUrl, 'Moderator');
const publisherSecret = extractSecretByroomUrl(publisherRoomUrl, 'Publisher');
const moderatorSecret = extractSecretByRoomUrl(moderatorRoomUrl, 'Moderator');
const publisherSecret = extractSecretByRoomUrl(publisherRoomUrl, 'Publisher');
// Generate participant tokens for the room and extract the cookies
moderatorCookie = await generateParticipantToken(roomId, 'Moderator', moderatorSecret);
publisherCookie = await generateParticipantToken(roomId, 'Publisher', publisherSecret);
});
it('should success when request includes API key', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set(API_KEY_HEADER, API_KEY);
it('should succeed when request includes API key', async () => {
const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set(API_KEY_HEADER, API_KEY);
expect(response.status).toBe(200);
});
it('should success when user is authenticated as admin', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', adminCookie);
it('should succeed when user is authenticated as admin', async () => {
const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', adminCookie);
expect(response.status).toBe(200);
});
it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', userCookie);
const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', userCookie);
expect(response.status).toBe(401);
});
it('should fail when user is not authenticated', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`);
const response = await request(app).get(`${ROOMS_URL}/${roomId}`);
expect(response.status).toBe(401);
});
it('should fail when participant is publisher', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', publisherCookie);
const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', publisherCookie);
expect(response.status).toBe(403);
});
it('should fail when participant is moderator of a different room', async () => {
// Create a new room to get a different roomId
const roomResponse = await request(app).post(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({
const roomResponse = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE
});
const newRoomId = roomResponse.body.roomId;
// Extract the moderator secret and generate a participant token for the new room
const newModeratorSecret = extractSecretByroomUrl(roomResponse.body.moderatorRoomUrl, 'Moderator');
const newModeratorSecret = extractSecretByRoomUrl(roomResponse.body.moderatorRoomUrl, 'Moderator');
const newModeratorCookie = await generateParticipantToken(newRoomId, 'Moderator', newModeratorSecret);
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', newModeratorCookie);
const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', newModeratorCookie);
expect(response.status).toBe(403);
});
it('should success when no authentication is required and participant is moderator', async () => {
it('should succeed when no authentication is required and participant is moderator', async () => {
await changeSecurityPreferences({
authMode: AuthMode.NONE
});
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', moderatorCookie);
const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', moderatorCookie);
expect(response.status).toBe(200);
});
it('should success when authentication is required for moderators, participant is moderator and user is authenticated', async () => {
it('should succeed when authentication is required for moderators, participant is moderator and user is authenticated', async () => {
await changeSecurityPreferences({
authMode: AuthMode.MODERATORS_ONLY
});
const response = await request(app)
.get(`${BASE_URL}/rooms/${roomId}`)
.get(`${ROOMS_URL}/${roomId}`)
.set('Cookie', [moderatorCookie, userCookie]);
expect(response.status).toBe(200);
});
@ -301,17 +302,17 @@ describe('Room API Security Tests', () => {
authMode: AuthMode.MODERATORS_ONLY
});
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', moderatorCookie);
const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', moderatorCookie);
expect(response.status).toBe(401);
});
it('should success when authentication is required for all participants, participant is moderator and user is authenticated', async () => {
it('should succeed when authentication is required for all participants, participant is moderator and user is authenticated', async () => {
await changeSecurityPreferences({
authMode: AuthMode.ALL_USERS
});
const response = await request(app)
.get(`${BASE_URL}/rooms/${roomId}`)
.get(`${ROOMS_URL}/${roomId}`)
.set('Cookie', [moderatorCookie, userCookie]);
expect(response.status).toBe(200);
});
@ -321,7 +322,7 @@ describe('Room API Security Tests', () => {
authMode: AuthMode.ALL_USERS
});
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', moderatorCookie);
const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', moderatorCookie);
expect(response.status).toBe(401);
});
});
@ -331,51 +332,51 @@ describe('Room API Security Tests', () => {
beforeEach(async () => {
// Create a room and extract the roomId to test the delete room endpoint
const response = await request(app).post(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({
const response = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE
});
roomId = response.body.roomId;
});
it('should success when request includes API key', async () => {
const response = await request(app).delete(`${BASE_URL}/rooms/${roomId}`).set(API_KEY_HEADER, API_KEY);
it('should succeed when request includes API key', async () => {
const response = await request(app).delete(`${ROOMS_URL}/${roomId}`).set(API_KEY_HEADER, API_KEY);
expect(response.status).toBe(200);
});
it('should success when user is authenticated as admin', async () => {
const response = await request(app).delete(`${BASE_URL}/rooms/${roomId}`).set('Cookie', adminCookie);
it('should succeed when user is authenticated as admin', async () => {
const response = await request(app).delete(`${ROOMS_URL}/${roomId}`).set('Cookie', adminCookie);
expect(response.status).toBe(200);
});
it('should fail when user is authenticated as user', async () => {
const response = await request(app).delete(`${BASE_URL}/rooms/${roomId}`).set('Cookie', userCookie);
const response = await request(app).delete(`${ROOMS_URL}/${roomId}`).set('Cookie', userCookie);
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => {
const response = await request(app).delete(`${BASE_URL}/rooms/${roomId}`);
const response = await request(app).delete(`${ROOMS_URL}/${roomId}`);
expect(response.status).toBe(401);
});
});
describe.skip('Update Room Preferences Tests', () => {
it('should success when request includes API key', async () => {
const response = await request(app).put(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({});
it('should succeed when request includes API key', async () => {
const response = await request(app).put(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({});
expect(response.status).toBe(200);
});
it('should success when user is authenticated as admin', async () => {
const response = await request(app).put(`${BASE_URL}/rooms`).set('Cookie', adminCookie).send({});
it('should succeed when user is authenticated as admin', async () => {
const response = await request(app).put(ROOMS_URL).set('Cookie', adminCookie).send({});
expect(response.status).toBe(200);
});
it('should fail when user is authenticated as user', async () => {
const response = await request(app).put(`${BASE_URL}/rooms`).set('Cookie', userCookie).send({});
const response = await request(app).put(ROOMS_URL).set('Cookie', userCookie).send({});
expect(response.status).toBe(403);
});
it('should fail when user is not authenticated', async () => {
const response = await request(app).put(`${BASE_URL}/rooms`).send({});
const response = await request(app).put(ROOMS_URL).send({});
expect(response.status).toBe(401);
});
});
@ -386,16 +387,16 @@ describe('Room API Security Tests', () => {
beforeAll(async () => {
// Create a room and extract the roomId to test the get participant role endpoint
const response = await request(app).post(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({
const response = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE
});
roomId = response.body.roomId;
// Extract the moderator secret from the room URL
moderatorSecret = extractSecretByroomUrl(response.body.moderatorRoomUrl, 'Moderator');
moderatorSecret = extractSecretByRoomUrl(response.body.moderatorRoomUrl, 'Moderator');
});
it('should success if user is not authenticated', async () => {
it('should succeed if user is not authenticated', async () => {
const response = await request(app).get(`${INTERNAL_BASE_URL}/rooms/${roomId}/participant-role`).query({
secret: moderatorSecret
});