diff --git a/backend/tests/integration/api/security/recording-security.test.ts b/backend/tests/integration/api/security/recording-security.test.ts index 8d1ed74..7c410ec 100644 --- a/backend/tests/integration/api/security/recording-security.test.ts +++ b/backend/tests/integration/api/security/recording-security.test.ts @@ -158,29 +158,6 @@ describe('Recording API Security Tests', () => { expect(response.status).toBe(200); }); - it('should succeed when recording access is public and participant is publisher', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret); - - const response = await request(app).get(RECORDINGS_PATH).set('Cookie', recordingCookie); - expect(response.status).toBe(200); - }); - - it('should succeed when recording access is public and participant is moderator', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.moderatorSecret); - - const response = await request(app).get(RECORDINGS_PATH).set('Cookie', recordingCookie); - expect(response.status).toBe(200); - }); - - it('should fail when recording access is public and user is not authenticated', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - - const response = await request(app).get(RECORDINGS_PATH); - expect(response.status).toBe(401); - }); - it('should succeed when recording access is admin-moderator-publisher and participant is publisher', async () => { await updateRecordingAccessPreferencesInRoom( roomData.room.roomId, @@ -241,29 +218,6 @@ describe('Recording API Security Tests', () => { expect(response.status).toBe(200); }); - it('should succeed when recording access is public and participant is publisher', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret); - - const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}`).set('Cookie', recordingCookie); - expect(response.status).toBe(200); - }); - - it('should succeed when recording access is public and participant is moderator', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.moderatorSecret); - - const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}`).set('Cookie', recordingCookie); - expect(response.status).toBe(200); - }); - - it('should fail when recording access is public and user is not authenticated', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - - const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}`); - expect(response.status).toBe(401); - }); - it('should succeed when recording access is admin-moderator-publisher and participant is publisher', async () => { await updateRecordingAccessPreferencesInRoom( roomData.room.roomId, @@ -301,6 +255,50 @@ describe('Recording API Security Tests', () => { const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}`).set('Cookie', recordingCookie); expect(response.status).toBe(200); }); + + it('should succeed when using public access secret and user is not authenticated', async () => { + const recordingUrlResponse = await getRecordingUrl(recordingId); + expect(recordingUrlResponse.status).toBe(200); + const recordingUrl = recordingUrlResponse.body.url; + expect(recordingUrl).toBeDefined(); + + // Parse the URL to extract the secret from the query parameters + const parsedUrl = new URL(recordingUrl); + const secret = parsedUrl.searchParams.get('secret'); + + const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}?secret=${secret}`); + expect(response.status).toBe(200); + }); + + it('should fail when using private access secret and user is not authenticated', async () => { + const recordingUrlResponse = await getRecordingUrl(recordingId, true); + expect(recordingUrlResponse.status).toBe(200); + const recordingUrl = recordingUrlResponse.body.url; + expect(recordingUrl).toBeDefined(); + + // Parse the URL to extract the secret from the query parameters + const parsedUrl = new URL(recordingUrl); + const secret = parsedUrl.searchParams.get('secret'); + + const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}?secret=${secret}`); + expect(response.status).toBe(401); + }); + + it('should succeed when using private access secret and user is authenticated', async () => { + const recordingUrlResponse = await getRecordingUrl(recordingId, true); + expect(recordingUrlResponse.status).toBe(200); + const recordingUrl = recordingUrlResponse.body.url; + expect(recordingUrl).toBeDefined(); + + // Parse the URL to extract the secret from the query parameters + const parsedUrl = new URL(recordingUrl); + const secret = parsedUrl.searchParams.get('secret'); + + const response = await request(app) + .get(`${RECORDINGS_PATH}/${recordingId}?secret=${secret}`) + .set('Cookie', adminCookie); + expect(response.status).toBe(200); + }); }); describe('Delete Recording Tests', () => { @@ -324,33 +322,6 @@ describe('Recording API Security Tests', () => { expect(response.status).toBe(204); }); - it('should fail when recording access is public and participant is publisher', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret); - - const response = await request(app) - .delete(`${RECORDINGS_PATH}/${recordingId}`) - .set('Cookie', recordingCookie); - expect(response.status).toBe(403); - }); - - it('should succeed when recording access is public and participant is moderator', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.moderatorSecret); - - const response = await request(app) - .delete(`${RECORDINGS_PATH}/${recordingId}`) - .set('Cookie', recordingCookie); - expect(response.status).toBe(204); - }); - - it('should fail when recording access is public and user is not authenticated', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - - const response = await request(app).delete(`${RECORDINGS_PATH}/${recordingId}`); - expect(response.status).toBe(401); - }); - it('should fail when recording access is admin-moderator-publisher and participant is publisher', async () => { await updateRecordingAccessPreferencesInRoom( roomData.room.roomId, @@ -446,33 +417,6 @@ describe('Recording API Security Tests', () => { expect(response.status).toBe(200); }); - it('should succeed when recording access is public and participant is publisher', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret); - - const response = await request(app) - .get(`${RECORDINGS_PATH}/${recordingId}/media`) - .set('Cookie', recordingCookie); - expect(response.status).toBe(200); - }); - - it('should succeed when recording access is public and participant is moderator', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.moderatorSecret); - - const response = await request(app) - .get(`${RECORDINGS_PATH}/${recordingId}/media`) - .set('Cookie', recordingCookie); - expect(response.status).toBe(200); - }); - - it('should succeed when recording access is public and user is not authenticated', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - - const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}/media`); - expect(response.status).toBe(200); - }); - it('should succeed when recording access is admin-moderator-publisher and participant is publisher', async () => { await updateRecordingAccessPreferencesInRoom( roomData.room.roomId, @@ -591,33 +535,6 @@ describe('Recording API Security Tests', () => { expect(response.status).toBe(200); }); - it('should succeed when recording access is public and participant is publisher', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.publisherSecret); - - const response = await request(app) - .get(`${RECORDINGS_PATH}/${recordingId}/url`) - .set('Cookie', recordingCookie); - expect(response.status).toBe(200); - }); - - it('should succeed when recording access is public and participant is moderator', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - const recordingCookie = await generateRecordingTokenCookie(roomData.room.roomId, roomData.moderatorSecret); - - const response = await request(app) - .get(`${RECORDINGS_PATH}/${recordingId}/url`) - .set('Cookie', recordingCookie); - expect(response.status).toBe(200); - }); - - it('should fail when recording access is public and user is not authenticated', async () => { - await updateRecordingAccessPreferencesInRoom(roomData.room.roomId, MeetRecordingAccess.PUBLIC); - - const response = await request(app).get(`${RECORDINGS_PATH}/${recordingId}/url`); - expect(response.status).toBe(401); - }); - it('should succeed when recording access is admin-moderator-publisher and participant is publisher', async () => { await updateRecordingAccessPreferencesInRoom( roomData.room.roomId,