330 lines
11 KiB
TypeScript
330 lines
11 KiB
TypeScript
import { afterAll, beforeAll, describe, expect, it } from '@jest/globals';
|
|
import { Express } from 'express';
|
|
import request from 'supertest';
|
|
import { container } from '../../../../src/config/dependency-injector.config.js';
|
|
import { INTERNAL_CONFIG } from '../../../../src/config/internal-config.js';
|
|
import { MeetStorageService } from '../../../../src/services/index.js';
|
|
import { expectValidationError } from '../../../helpers/assertion-helpers.js';
|
|
import {
|
|
changeAuthTransportMode,
|
|
extractCookieFromHeaders,
|
|
generateApiKey,
|
|
getApiKeys,
|
|
loginUser,
|
|
startTestServer
|
|
} from '../../../helpers/request-helpers.js';
|
|
import { AuthTransportMode } from '@openvidu-meet/typings';
|
|
|
|
const AUTH_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth`;
|
|
|
|
describe('Authentication API Tests', () => {
|
|
let app: Express;
|
|
|
|
beforeAll(() => {
|
|
app = startTestServer();
|
|
});
|
|
|
|
describe('Login Tests', () => {
|
|
it('should successfully login with valid credentials', async () => {
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/login`)
|
|
.send({
|
|
username: 'admin',
|
|
password: 'admin'
|
|
})
|
|
.expect(200);
|
|
|
|
expect(response.body).toHaveProperty('message');
|
|
|
|
// Check for access and refresh tokens
|
|
expect(response.body).toHaveProperty('accessToken');
|
|
expect(response.body).toHaveProperty('refreshToken');
|
|
});
|
|
|
|
it('should successfully login and set cookies in cookie mode', async () => {
|
|
// Set auth transport mode to cookie
|
|
await changeAuthTransportMode(AuthTransportMode.COOKIE);
|
|
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/login`)
|
|
.send({
|
|
username: 'admin',
|
|
password: 'admin'
|
|
})
|
|
.expect(200);
|
|
|
|
// Check for access and refresh token cookies
|
|
const accessTokenCookie = extractCookieFromHeaders(response, INTERNAL_CONFIG.ACCESS_TOKEN_COOKIE_NAME);
|
|
const refreshTokenCookie = extractCookieFromHeaders(response, INTERNAL_CONFIG.REFRESH_TOKEN_COOKIE_NAME);
|
|
expect(accessTokenCookie).toBeDefined();
|
|
expect(refreshTokenCookie).toBeDefined();
|
|
|
|
// Revert auth transport mode to header
|
|
await changeAuthTransportMode(AuthTransportMode.HEADER);
|
|
});
|
|
|
|
it('should return 404 for invalid credentials', async () => {
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/login`)
|
|
.send({
|
|
username: 'admin',
|
|
password: 'invalidpassword'
|
|
})
|
|
.expect(404);
|
|
|
|
expect(response.body).toHaveProperty('message');
|
|
expect(response.body.message).toContain('Invalid username or password');
|
|
});
|
|
|
|
it('should return 422 when username is missing', async () => {
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/login`)
|
|
.send({
|
|
password: 'user'
|
|
})
|
|
.expect(422);
|
|
|
|
expectValidationError(response, 'username', 'Required');
|
|
});
|
|
|
|
it('should return 422 when password is missing', async () => {
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/login`)
|
|
.send({
|
|
username: 'user'
|
|
})
|
|
.expect(422);
|
|
|
|
expectValidationError(response, 'password', 'Required');
|
|
});
|
|
|
|
it('should return 422 when username is too short', async () => {
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/login`)
|
|
.send({
|
|
username: 'usr',
|
|
password: 'user'
|
|
})
|
|
.expect(422);
|
|
|
|
expectValidationError(response, 'username', 'Username must be at least 4 characters long');
|
|
});
|
|
|
|
it('should return 422 when password is too short', async () => {
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/login`)
|
|
.send({
|
|
username: 'user',
|
|
password: 'usr'
|
|
})
|
|
.expect(422);
|
|
|
|
expectValidationError(response, 'password', 'Password must be at least 4 characters long');
|
|
});
|
|
});
|
|
|
|
describe('Logout Tests', () => {
|
|
it('should successfully logout', async () => {
|
|
const response = await request(app).post(`${AUTH_PATH}/logout`).expect(200);
|
|
|
|
expect(response.body).toHaveProperty('message');
|
|
expect(response.body.message).toBe('Logout successful');
|
|
});
|
|
|
|
it('should successfully logout and clear cookies in cookie mode', async () => {
|
|
// Set auth transport mode to cookie
|
|
await changeAuthTransportMode(AuthTransportMode.COOKIE);
|
|
|
|
const response = await request(app).post(`${AUTH_PATH}/logout`).expect(200);
|
|
|
|
// Check that the access and refresh token cookies are cleared
|
|
const accessTokenCookie = extractCookieFromHeaders(response, INTERNAL_CONFIG.ACCESS_TOKEN_COOKIE_NAME);
|
|
const refreshTokenCookie = extractCookieFromHeaders(response, INTERNAL_CONFIG.REFRESH_TOKEN_COOKIE_NAME);
|
|
expect(accessTokenCookie).toBeDefined();
|
|
expect(accessTokenCookie).toContain('Expires=Thu, 01 Jan 1970 00:00:00 GMT');
|
|
expect(refreshTokenCookie).toBeDefined();
|
|
expect(refreshTokenCookie).toContain('Expires=Thu, 01 Jan 1970 00:00:00 GMT');
|
|
|
|
// Revert auth transport mode to header
|
|
await changeAuthTransportMode(AuthTransportMode.HEADER);
|
|
});
|
|
});
|
|
|
|
describe('Refresh Token Tests', () => {
|
|
it('should successfully refresh token with valid refresh token', async () => {
|
|
// First, login to get a valid refresh token
|
|
const loginResponse = await request(app)
|
|
.post(`${AUTH_PATH}/login`)
|
|
.send({
|
|
username: 'admin',
|
|
password: 'admin'
|
|
})
|
|
.expect(200);
|
|
|
|
expect(loginResponse.body).toHaveProperty('refreshToken');
|
|
const refreshToken = loginResponse.body.refreshToken;
|
|
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/refresh`)
|
|
.set(INTERNAL_CONFIG.REFRESH_TOKEN_HEADER, `Bearer ${refreshToken}`)
|
|
.expect(200);
|
|
|
|
expect(response.body).toHaveProperty('message');
|
|
expect(response.body).toHaveProperty('accessToken');
|
|
});
|
|
|
|
it('should successfully refresh token and set new access token cookie in cookie mode', async () => {
|
|
// Set auth transport mode to cookie
|
|
await changeAuthTransportMode(AuthTransportMode.COOKIE);
|
|
|
|
// First, login to get a valid refresh token cookie
|
|
const loginResponse = await request(app)
|
|
.post(`${AUTH_PATH}/login`)
|
|
.send({
|
|
username: 'admin',
|
|
password: 'admin'
|
|
})
|
|
.expect(200);
|
|
|
|
const refreshTokenCookie = extractCookieFromHeaders(
|
|
loginResponse,
|
|
INTERNAL_CONFIG.REFRESH_TOKEN_COOKIE_NAME
|
|
);
|
|
expect(refreshTokenCookie).toBeDefined();
|
|
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/refresh`)
|
|
.set('Cookie', refreshTokenCookie!)
|
|
.expect(200);
|
|
|
|
// Check that a new access token cookie is set
|
|
const newAccessTokenCookie = extractCookieFromHeaders(response, INTERNAL_CONFIG.ACCESS_TOKEN_COOKIE_NAME);
|
|
expect(newAccessTokenCookie).toBeDefined();
|
|
|
|
// Revert auth transport mode to header
|
|
await changeAuthTransportMode(AuthTransportMode.HEADER);
|
|
});
|
|
|
|
it('should return 400 when no refresh token is provided', async () => {
|
|
const response = await request(app).post(`${AUTH_PATH}/refresh`).expect(400);
|
|
|
|
expect(response.body).toHaveProperty('message');
|
|
expect(response.body.message).toContain('No refresh token provided');
|
|
});
|
|
|
|
it('should return 400 when refresh token is invalid', async () => {
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/refresh`)
|
|
.set(INTERNAL_CONFIG.REFRESH_TOKEN_HEADER, 'Bearer invalidtoken')
|
|
.expect(400);
|
|
|
|
expect(response.body).toHaveProperty('message');
|
|
expect(response.body.message).toContain('Invalid refresh token');
|
|
});
|
|
});
|
|
|
|
describe('API Keys Management', () => {
|
|
let adminAccessToken: string;
|
|
|
|
beforeAll(async () => {
|
|
adminAccessToken = await loginUser();
|
|
});
|
|
|
|
afterAll(async () => {
|
|
// Restore API key
|
|
const storageService = container.get(MeetStorageService);
|
|
await storageService['initializeApiKey']();
|
|
});
|
|
|
|
const getRoomsWithApiKey = async (apiKey: string) => {
|
|
return request(app)
|
|
.get(`${INTERNAL_CONFIG.API_BASE_PATH_V1}/rooms`)
|
|
.set(INTERNAL_CONFIG.API_KEY_HEADER, apiKey);
|
|
};
|
|
|
|
it('should create a new API key', async () => {
|
|
const response = await request(app)
|
|
.post(`${AUTH_PATH}/api-keys`)
|
|
.set(INTERNAL_CONFIG.ACCESS_TOKEN_HEADER, adminAccessToken)
|
|
.expect(201);
|
|
|
|
expect(response.body).toHaveProperty('key');
|
|
expect(response.body).toHaveProperty('creationDate');
|
|
expect(response.body.key).toMatch(/^ovmeet-/);
|
|
|
|
// Verify the API key works by making a request to the get rooms endpoint
|
|
// using the newly created API key
|
|
const apiResponse = await getRoomsWithApiKey(response.body.key);
|
|
expect(apiResponse.status).toBe(200);
|
|
});
|
|
|
|
it('should get the list of API keys', async () => {
|
|
await generateApiKey();
|
|
const response = await getApiKeys();
|
|
|
|
expect(Array.isArray(response.body)).toBe(true);
|
|
|
|
if (response.body.length > 0) {
|
|
expect(response.body[0]).toHaveProperty('key');
|
|
expect(response.body[0]).toHaveProperty('creationDate');
|
|
}
|
|
});
|
|
|
|
it('should only exist one API key at a time', async () => {
|
|
const apiKey1 = await generateApiKey();
|
|
const apiKey2 = await generateApiKey();
|
|
const response = await getApiKeys();
|
|
|
|
expect(response.body.length).toBe(1);
|
|
expect(response.body[0].key).toBe(apiKey2); // The second key should replace the first
|
|
|
|
// Verify the first API key no longer works
|
|
let apiResponse = await getRoomsWithApiKey(apiKey1);
|
|
expect(apiResponse.status).toBe(401);
|
|
|
|
// Verify the second API key works
|
|
apiResponse = await getRoomsWithApiKey(apiKey2);
|
|
expect(apiResponse.status).toBe(200);
|
|
});
|
|
|
|
it('should delete all API keys', async () => {
|
|
const apiKey = await generateApiKey();
|
|
await request(app)
|
|
.delete(`${AUTH_PATH}/api-keys`)
|
|
.set(INTERNAL_CONFIG.ACCESS_TOKEN_HEADER, adminAccessToken)
|
|
.expect(200);
|
|
|
|
// Confirm deletion
|
|
const getResponse = await getApiKeys();
|
|
expect(getResponse.status).toBe(200);
|
|
expect(Array.isArray(getResponse.body)).toBe(true);
|
|
expect(getResponse.body.length).toBe(0);
|
|
|
|
// Verify the deleted API key no longer works
|
|
const apiResponse = await getRoomsWithApiKey(apiKey);
|
|
expect(apiResponse.status).toBe(401);
|
|
});
|
|
|
|
it('should succeed API key endpoints for authenticated admin user in cookie mode', async () => {
|
|
// Set auth transport mode to cookie
|
|
await changeAuthTransportMode(AuthTransportMode.COOKIE);
|
|
|
|
// Login as admin to get access token cookie
|
|
const adminCookie = await loginUser();
|
|
|
|
await request(app).post(`${AUTH_PATH}/api-keys`).set('Cookie', adminCookie).expect(201);
|
|
await request(app).get(`${AUTH_PATH}/api-keys`).set('Cookie', adminCookie).expect(200);
|
|
await request(app).delete(`${AUTH_PATH}/api-keys`).set('Cookie', adminCookie).expect(200);
|
|
|
|
// Revert auth transport mode to header
|
|
await changeAuthTransportMode(AuthTransportMode.HEADER);
|
|
});
|
|
|
|
it('should reject API key endpoints for unauthenticated users', async () => {
|
|
await request(app).post(`${AUTH_PATH}/api-keys`).expect(401);
|
|
await request(app).get(`${AUTH_PATH}/api-keys`).expect(401);
|
|
await request(app).delete(`${AUTH_PATH}/api-keys`).expect(401);
|
|
});
|
|
});
|
|
});
|