neoris/openvidu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
openvidu/meet-ce/backend/tests/integration/api/security/participant-security.test.ts

349 lines
12 KiB
TypeScript
Raw Blame History

import { afterAll, beforeAll, describe, expect, it } from '@jest/globals';
import { Express } from 'express';
import request from 'supertest';
import { INTERNAL_CONFIG } from '../../../../src/config/internal-config.js';
import { AuthMode, AuthTransportMode } from '@openvidu-meet/typings';
import {
changeAuthTransportMode,
changeSecurityConfig,
deleteAllRooms,
disconnectFakeParticipants,
loginUser,
sleep,
startTestServer
} from '../../../helpers/request-helpers.js';
import { RoomData, setupSingleRoom } from '../../../helpers/test-scenarios.js';
const PARTICIPANTS_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/participants`;
describe('Participant API Security Tests', () => {
const PARTICIPANT_NAME = 'TEST_PARTICIPANT';
let app: Express;
let adminAccessToken: string;
beforeAll(async () => {
app = startTestServer();
adminAccessToken = await loginUser();
});
afterAll(async () => {
await disconnectFakeParticipants();
await deleteAllRooms();
});
describe('Generate Participant Token Tests', () => {
let roomData: RoomData;
beforeAll(async () => {
roomData = await setupSingleRoom();
});
it('should succeed when no authentication is required and participant is speaker', async () => {
await changeSecurityConfig(AuthMode.NONE);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId,
secret: roomData.speakerSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should succeed when no authentication is required and participant is moderator', async () => {
await changeSecurityConfig(AuthMode.NONE);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should succeed when authentication is required for moderator and participant is speaker', async () => {
await changeSecurityConfig(AuthMode.MODERATORS_ONLY);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId,
secret: roomData.speakerSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => {
await changeSecurityConfig(AuthMode.MODERATORS_ONLY);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token`)
.set(INTERNAL_CONFIG.ACCESS_TOKEN_HEADER, adminAccessToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should succeed when authentication is required for moderator, participant is moderator and authenticated via cookie', async () => {
// Set auth transport mode to cookie
await changeAuthTransportMode(AuthTransportMode.COOKIE);
// Login as admin to get access token cookie
const adminCookie = await loginUser();
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).set('Cookie', adminCookie).send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
// Revert auth transport mode to header
await changeAuthTransportMode(AuthTransportMode.HEADER);
});
it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => {
await changeSecurityConfig(AuthMode.MODERATORS_ONLY);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(401);
});
it('should succeed when authentication is required for all users, participant is speaker and authenticated', async () => {
await changeSecurityConfig(AuthMode.ALL_USERS);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token`)
.set(INTERNAL_CONFIG.ACCESS_TOKEN_HEADER, adminAccessToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.speakerSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should fail when authentication is required for all users and participant is speaker but not authenticated', async () => {
await changeSecurityConfig(AuthMode.ALL_USERS);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId,
secret: roomData.speakerSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(401);
});
it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => {
await changeSecurityConfig(AuthMode.ALL_USERS);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token`)
.set(INTERNAL_CONFIG.ACCESS_TOKEN_HEADER, adminAccessToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => {
await changeSecurityConfig(AuthMode.ALL_USERS);
const response = await request(app).post(`${PARTICIPANTS_PATH}/token`).send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME
});
expect(response.status).toBe(401);
});
});
describe('Refresh Participant Token Tests', () => {
let roomData: RoomData;
beforeAll(async () => {
// Set short expiration for testing
const initialTokenExpiration = INTERNAL_CONFIG.PARTICIPANT_TOKEN_EXPIRATION;
INTERNAL_CONFIG.PARTICIPANT_TOKEN_EXPIRATION = '1s';
roomData = await setupSingleRoom(true);
await sleep('2s'); // Ensure the token is expired
// Restore original expiration after setup
INTERNAL_CONFIG.PARTICIPANT_TOKEN_EXPIRATION = initialTokenExpiration;
});
it('should succeed when no authentication is required and participant is speaker', async () => {
await changeSecurityConfig(AuthMode.NONE);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set(INTERNAL_CONFIG.PARTICIPANT_TOKEN_HEADER, roomData.speakerToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.speakerSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should succeed when no authentication is required and participant is moderator', async () => {
await changeSecurityConfig(AuthMode.NONE);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set(INTERNAL_CONFIG.PARTICIPANT_TOKEN_HEADER, roomData.moderatorToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should succeed when authentication is required for moderator and participant is speaker', async () => {
await changeSecurityConfig(AuthMode.MODERATORS_ONLY);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set(INTERNAL_CONFIG.PARTICIPANT_TOKEN_HEADER, roomData.speakerToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.speakerSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should succeed when authentication is required for moderator, participant is moderator and authenticated', async () => {
await changeSecurityConfig(AuthMode.MODERATORS_ONLY);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set(INTERNAL_CONFIG.ACCESS_TOKEN_HEADER, adminAccessToken)
.set(INTERNAL_CONFIG.PARTICIPANT_TOKEN_HEADER, roomData.moderatorToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should succeed when authentication is required for moderator, participant is moderator and authenticated via cookie', async () => {
// Set auth transport mode to cookie
await changeAuthTransportMode(AuthTransportMode.COOKIE);
// Login as admin to get access token cookie
const adminCookie = await loginUser();
// Create a new room to obtain participant token in cookie mode
const newRoomData = await setupSingleRoom(true);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set('Cookie', adminCookie)
.set('Cookie', newRoomData.moderatorToken)
.send({
roomId: newRoomData.room.roomId,
secret: newRoomData.moderatorSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
// Revert auth transport mode to header
await changeAuthTransportMode(AuthTransportMode.HEADER);
});
it('should fail when authentication is required for moderator and participant is moderator but not authenticated', async () => {
await changeSecurityConfig(AuthMode.MODERATORS_ONLY);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set(INTERNAL_CONFIG.PARTICIPANT_TOKEN_HEADER, roomData.moderatorToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(401);
});
it('should succeed when authentication is required for all users, participant is speaker and authenticated', async () => {
await changeSecurityConfig(AuthMode.ALL_USERS);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set(INTERNAL_CONFIG.ACCESS_TOKEN_HEADER, adminAccessToken)
.set(INTERNAL_CONFIG.PARTICIPANT_TOKEN_HEADER, roomData.speakerToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.speakerSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should fail when authentication is required for all users and participant is speaker but not authenticated', async () => {
await changeSecurityConfig(AuthMode.ALL_USERS);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set(INTERNAL_CONFIG.PARTICIPANT_TOKEN_HEADER, roomData.speakerToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.speakerSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(401);
});
it('should succeed when authentication is required for all users, participant is moderator and authenticated', async () => {
await changeSecurityConfig(AuthMode.ALL_USERS);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set(INTERNAL_CONFIG.ACCESS_TOKEN_HEADER, adminAccessToken)
.set(INTERNAL_CONFIG.PARTICIPANT_TOKEN_HEADER, roomData.moderatorToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(200);
});
it('should fail when authentication is required for all users and participant is moderator but not authenticated', async () => {
await changeSecurityConfig(AuthMode.ALL_USERS);
const response = await request(app)
.post(`${PARTICIPANTS_PATH}/token/refresh`)
.set(INTERNAL_CONFIG.PARTICIPANT_TOKEN_HEADER, roomData.moderatorToken)
.send({
roomId: roomData.room.roomId,
secret: roomData.moderatorSecret,
participantName: PARTICIPANT_NAME,
participantIdentity: PARTICIPANT_NAME
});
expect(response.status).toBe(401);
});
});
});
Reference in New Issue View Git Blame Copy Permalink