-import { handleIdAndPassLogin, handleTokenRevocation } from '@server/lib/auth'
+import { handleLogin, handleTokenRevocation } from '@server/lib/auth'
import * as RateLimit from 'express-rate-limit'
import { CONFIG } from '@server/initializers/config'
import * as express from 'express'
tokensRouter.post('/token',
loginRateLimiter,
- handleIdAndPassLogin,
+ handleLogin,
tokenSuccess
)
const PLUGIN_GLOBAL_CSS_FILE_NAME = 'plugins-global.css'
const PLUGIN_GLOBAL_CSS_PATH = join(CONFIG.STORAGE.TMP_DIR, PLUGIN_GLOBAL_CSS_FILE_NAME)
+let PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME = 1000 * 60 * 5 // 5 minutes
+
const DEFAULT_THEME_NAME = 'default'
const DEFAULT_USER_THEME_NAME = 'instance-default'
FILES_CACHE.VIDEO_CAPTIONS.MAX_AGE = 3000
MEMOIZE_TTL.OVERVIEWS_SAMPLE = 3000
OVERVIEWS.VIDEOS.SAMPLE_THRESHOLD = 2
+
+ PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME = 5000
}
updateWebserverUrls()
VIDEO_VIEW_LIFETIME,
CONTACT_FORM_LIFETIME,
VIDEO_PLAYLIST_PRIVACIES,
+ PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME,
ASSETS_PATH,
loadLanguages,
buildLanguages
import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users'
import { logger } from '@server/helpers/logger'
import { generateRandomString } from '@server/helpers/utils'
-import { OAUTH_LIFETIME, WEBSERVER } from '@server/initializers/constants'
+import { OAUTH_LIFETIME, PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants'
import { revokeToken } from '@server/lib/oauth-model'
import { PluginManager } from '@server/lib/plugins/plugin-manager'
import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
npmName: string
}>()
-async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
+async function handleLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
const grantType = req.body.grant_type
if (grantType === 'password') {
logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName)
const bypassToken = await generateRandomString(32)
- const tokenLifetime = 1000 * 60 * 5 // 5 minutes
const expires = new Date()
- expires.setTime(expires.getTime() + tokenLifetime)
+ expires.setTime(expires.getTime() + PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME)
const user = buildUserResult(authResult)
authBypassTokens.set(bypassToken, {
// ---------------------------------------------------------------------------
-export { oAuthServer, handleIdAndPassLogin, onExternalUserAuthenticated, handleTokenRevocation }
+export { oAuthServer, handleLogin, onExternalUserAuthenticated, handleTokenRevocation }
// ---------------------------------------------------------------------------
const now = new Date()
if (now.getTime() > expires.getTime()) {
- logger.error('Cannot authenticate user with an expired bypass token')
+ logger.error('Cannot authenticate user with an expired external auth token')
return res.sendStatus(400)
}
return {
username: pluginResult.username,
email: pluginResult.email,
- role: pluginResult.role || UserRole.USER,
+ role: pluginResult.role ?? UserRole.USER,
displayName: pluginResult.displayName || pluginResult.username
}
}
if (token) {
if (res.locals.explicitLogout === true && token.User.pluginAuth && token.authName) {
- PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName)
+ PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User)
}
clearCacheByToken(token.accessToken)
import { PluginTranslation } from '../../../shared/models/plugins/plugin-translation.model'
import { RegisterHelpersStore } from './register-helpers-store'
import { RegisterServerHookOptions } from '@shared/models/plugins/register-server-hook.model'
-import { MOAuthTokenUser } from '@server/typings/models'
+import { MOAuthTokenUser, MUser } from '@server/typings/models'
+import { RegisterServerAuthPassOptions, RegisterServerAuthExternalOptions } from '@shared/models/plugins/register-server-auth.model'
export interface RegisteredPlugin {
npmName: string
return this.translations[locale] || {}
}
- onLogout (npmName: string, authName: string) {
+ onLogout (npmName: string, authName: string, user: MUser) {
const auth = this.getAuth(npmName, authName)
if (auth?.onLogout) {
logger.info('Running onLogout function from auth %s of plugin %s', authName, npmName)
try {
- auth.onLogout()
+ auth.onLogout(user)
} catch (err) {
logger.warn('Cannot run onLogout function from auth %s of plugin %s.', authName, npmName, { err })
}
const plugin = this.getRegisteredPluginOrTheme(npmName)
if (!plugin || plugin.type !== PluginType.PLUGIN) return null
- return plugin.registerHelpersStore.getIdAndPassAuths()
- .find(a => a.authName === authName)
+ let auths: (RegisterServerAuthPassOptions | RegisterServerAuthExternalOptions)[] = plugin.registerHelpersStore.getIdAndPassAuths()
+ auths = auths.concat(plugin.registerHelpersStore.getExternalAuths())
+
+ return auths.find(a => a.authName === authName)
}
// ###################### Private getters ######################
+import * as express from 'express'
import { logger } from '@server/helpers/logger'
-import { VIDEO_CATEGORIES, VIDEO_LANGUAGES, VIDEO_LICENCES, VIDEO_PLAYLIST_PRIVACIES, VIDEO_PRIVACIES } from '@server/initializers/constants'
+import {
+ VIDEO_CATEGORIES,
+ VIDEO_LANGUAGES,
+ VIDEO_LICENCES,
+ VIDEO_PLAYLIST_PRIVACIES,
+ VIDEO_PRIVACIES
+} from '@server/initializers/constants'
import { onExternalUserAuthenticated } from '@server/lib/auth'
import { PluginModel } from '@server/models/server/plugin'
import { RegisterServerOptions } from '@server/typings/plugins'
import { PluginVideoLanguageManager } from '@shared/models/plugins/plugin-video-language-manager.model'
import { PluginVideoLicenceManager } from '@shared/models/plugins/plugin-video-licence-manager.model'
import { PluginVideoPrivacyManager } from '@shared/models/plugins/plugin-video-privacy-manager.model'
-import { RegisterServerAuthExternalOptions, RegisterServerAuthExternalResult, RegisterServerAuthPassOptions, RegisterServerExternalAuthenticatedResult } from '@shared/models/plugins/register-server-auth.model'
+import {
+ RegisterServerAuthExternalOptions,
+ RegisterServerAuthExternalResult,
+ RegisterServerAuthPassOptions,
+ RegisterServerExternalAuthenticatedResult
+} from '@shared/models/plugins/register-server-auth.model'
import { RegisterServerHookOptions } from '@shared/models/plugins/register-server-hook.model'
import { RegisterServerSettingOptions } from '@shared/models/plugins/register-server-setting.model'
import { serverHookObject } from '@shared/models/plugins/server-hook.model'
-import * as express from 'express'
import { buildPluginHelpers } from './plugin-helpers'
type AlterableVideoConstant = 'language' | 'licence' | 'category' | 'privacy' | 'playlistPrivacy'
const self = this
return (options: RegisterServerAuthExternalOptions) => {
+ if (!options.authName || !options.onAuthRequest || typeof options.onAuthRequest !== 'function') {
+ logger.error('Cannot register auth plugin %s: authName of getWeight or login are not valid.', this.npmName)
+ return
+ }
+
this.externalAuths.push(options)
return {
describe('With static plugin routes', function () {
it('Should fail with an unknown plugin name/plugin version', async function () {
const paths = [
+ '/plugins/' + pluginName + '/0.0.1/auth/fake-auth',
'/plugins/' + pluginName + '/0.0.1/static/images/chocobo.png',
'/plugins/' + pluginName + '/0.0.1/client-scripts/client/common-client-plugin.js',
'/themes/' + themeName + '/0.0.1/static/images/chocobo.png',
it('Should fail with invalid versions', async function () {
const paths = [
+ '/plugins/' + pluginName + '/0.0.1.1/auth/fake-auth',
'/plugins/' + pluginName + '/0.0.1.1/static/images/chocobo.png',
'/plugins/' + pluginName + '/0.1/client-scripts/client/common-client-plugin.js',
'/themes/' + themeName + '/1/static/images/chocobo.png',
}
})
+ it('Should fail with an unknown auth name', async function () {
+ const path = '/plugins/' + pluginName + '/' + npmVersion + '/auth/bad-auth'
+
+ await makeGetRequest({ url: server.url, path, statusCodeExpected: 404 })
+ })
+
it('Should fail with an unknown static file', async function () {
const paths = [
'/plugins/' + pluginName + '/' + npmVersion + '/static/fake/chocobo.png',
for (const p of paths) {
await makeGetRequest({ url: server.url, path: p, statusCodeExpected: 200 })
}
+
+ const authPath = '/plugins/' + pluginName + '/' + npmVersion + '/auth/fake-auth'
+ await makeGetRequest({ url: server.url, path: authPath, statusCodeExpected: 302 })
})
})
})
it('Should succeed with the correct parameters', async function () {
+ this.timeout(10000)
+
const it = [
{ suffix: 'install', status: 200 },
{ suffix: 'update', status: 200 },
/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
import 'mocha'
-import { getMyUserInformation, installPlugin, setAccessTokensToServers, updatePluginSettings, userLogin, uploadVideo, uninstallPlugin } from '../../../shared/extra-utils'
-import { cleanupTests, flushAndRunServer, ServerInfo } from '../../../shared/extra-utils/server/servers'
-import { User } from '@shared/models/users/user.model'
import { expect } from 'chai'
+import { User } from '@shared/models/users/user.model'
+import {
+ getMyUserInformation,
+ installPlugin,
+ setAccessTokensToServers,
+ uninstallPlugin,
+ updatePluginSettings,
+ uploadVideo,
+ userLogin
+} from '../../../shared/extra-utils'
+import { cleanupTests, flushAndRunServer, ServerInfo } from '../../../shared/extra-utils/server/servers'
describe('Official plugin auth-ldap', function () {
let server: ServerInfo
--- /dev/null
+async function register ({
+ registerExternalAuth,
+ peertubeHelpers
+}) {
+ {
+ const result = registerExternalAuth({
+ authName: 'external-auth-1',
+ authDisplayName: 'External Auth 1',
+ onLogout: user => peertubeHelpers.logger.info('On logout %s', user.username),
+ onAuthRequest: (req, res) => {
+ const username = req.query.username
+
+ result.userAuthenticated({
+ req,
+ res,
+ username,
+ email: username + '@example.com'
+ })
+ }
+ })
+ }
+
+ {
+ const result = registerExternalAuth({
+ authName: 'external-auth-2',
+ authDisplayName: 'External Auth 2',
+ onAuthRequest: (req, res) => {
+ result.userAuthenticated({
+ req,
+ res,
+ username: 'kefka',
+ email: 'kefka@example.com',
+ role: 0,
+ displayName: 'Kefka Palazzo'
+ })
+ },
+ hookTokenValidity: (options) => {
+ if (options.type === 'refresh') {
+ return { valid: false }
+ }
+
+ if (options.type === 'access') {
+ const token = options.token
+ const now = new Date()
+ now.setTime(now.getTime() - 5000)
+
+ const createdAt = new Date(token.createdAt)
+
+ return { valid: createdAt.getTime() >= now.getTime() }
+ }
+
+ return { valid: true }
+ }
+ })
+ }
+}
+
+async function unregister () {
+ return
+}
+
+module.exports = {
+ register,
+ unregister
+}
+
+// ###########################################################################
--- /dev/null
+{
+ "name": "peertube-plugin-test-external-auth-one",
+ "version": "0.0.1",
+ "description": "External auth one",
+ "engine": {
+ "peertube": ">=1.3.0"
+ },
+ "keywords": [
+ "peertube",
+ "plugin"
+ ],
+ "homepage": "https://github.com/Chocobozzz/PeerTube",
+ "author": "Chocobozzz",
+ "bugs": "https://github.com/Chocobozzz/PeerTube/issues",
+ "library": "./main.js",
+ "staticDirs": {},
+ "css": [],
+ "clientScripts": [],
+ "translations": {}
+}
--- /dev/null
+async function register ({
+ registerExternalAuth,
+ peertubeHelpers
+}) {
+ {
+ const result = registerExternalAuth({
+ authName: 'external-auth-3',
+ authDisplayName: 'External Auth 3',
+ onAuthRequest: (req, res) => {
+ result.userAuthenticated({
+ req,
+ res,
+ username: 'cid',
+ email: 'cid@example.com',
+ displayName: 'Cid Marquez'
+ })
+ }
+ })
+ }
+}
+
+async function unregister () {
+ return
+}
+
+module.exports = {
+ register,
+ unregister
+}
+
+// ###########################################################################
--- /dev/null
+{
+ "name": "peertube-plugin-test-external-auth-two",
+ "version": "0.0.1",
+ "description": "External auth two",
+ "engine": {
+ "peertube": ">=1.3.0"
+ },
+ "keywords": [
+ "peertube",
+ "plugin"
+ ],
+ "homepage": "https://github.com/Chocobozzz/PeerTube",
+ "author": "Chocobozzz",
+ "bugs": "https://github.com/Chocobozzz/PeerTube/issues",
+ "library": "./main.js",
+ "staticDirs": {},
+ "css": [],
+ "clientScripts": [],
+ "translations": {}
+}
--- /dev/null
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+
+import 'mocha'
+import { expect } from 'chai'
+import { ServerConfig, User, UserRole } from '@shared/models'
+import {
+ decodeQueryString,
+ getConfig,
+ getExternalAuth,
+ getMyUserInformation,
+ getPluginTestPath,
+ installPlugin,
+ loginUsingExternalToken,
+ logout,
+ refreshToken,
+ setAccessTokensToServers,
+ uninstallPlugin,
+ updateMyUser,
+ wait
+} from '../../../shared/extra-utils'
+import { cleanupTests, flushAndRunServer, ServerInfo, waitUntilLog } from '../../../shared/extra-utils/server/servers'
+
+async function loginExternal (options: {
+ server: ServerInfo
+ npmName: string
+ authName: string
+ username: string
+ query?: any
+ statusCodeExpected?: number
+}) {
+ const res = await getExternalAuth({
+ url: options.server.url,
+ npmName: options.npmName,
+ npmVersion: '0.0.1',
+ authName: options.authName,
+ query: options.query,
+ statusCodeExpected: options.statusCodeExpected || 302
+ })
+
+ if (res.status !== 302) return
+
+ const location = res.header.location
+ const { externalAuthToken } = decodeQueryString(location)
+
+ const resLogin = await loginUsingExternalToken(
+ options.server,
+ options.username,
+ externalAuthToken as string
+ )
+
+ return resLogin.body
+}
+
+describe('Test external auth plugins', function () {
+ let server: ServerInfo
+
+ let cyanAccessToken: string
+ let cyanRefreshToken: string
+
+ let kefkaAccessToken: string
+ let kefkaRefreshToken: string
+
+ let externalAuthToken: string
+
+ before(async function () {
+ this.timeout(30000)
+
+ server = await flushAndRunServer(1)
+ await setAccessTokensToServers([ server ])
+
+ for (const suffix of [ 'one', 'two' ]) {
+ await installPlugin({
+ url: server.url,
+ accessToken: server.accessToken,
+ path: getPluginTestPath('-external-auth-' + suffix)
+ })
+ }
+ })
+
+ it('Should display the correct configuration', async function () {
+ const res = await getConfig(server.url)
+
+ const config: ServerConfig = res.body
+
+ const auths = config.plugin.registeredExternalAuths
+ expect(auths).to.have.lengthOf(3)
+
+ const auth2 = auths.find((a) => a.authName === 'external-auth-2')
+ expect(auth2).to.exist
+ expect(auth2.authDisplayName).to.equal('External Auth 2')
+ expect(auth2.npmName).to.equal('peertube-plugin-test-external-auth-one')
+ })
+
+ it('Should redirect for a Cyan login', async function () {
+ const res = await getExternalAuth({
+ url: server.url,
+ npmName: 'test-external-auth-one',
+ npmVersion: '0.0.1',
+ authName: 'external-auth-1',
+ query: {
+ username: 'cyan'
+ },
+ statusCodeExpected: 302
+ })
+
+ const location = res.header.location
+ expect(location.startsWith('/login?')).to.be.true
+
+ const searchParams = decodeQueryString(location)
+
+ expect(searchParams.externalAuthToken).to.exist
+ expect(searchParams.username).to.equal('cyan')
+
+ externalAuthToken = searchParams.externalAuthToken as string
+ })
+
+ it('Should reject auto external login with a missing or invalid token', async function () {
+ await loginUsingExternalToken(server, 'cyan', '', 400)
+ await loginUsingExternalToken(server, 'cyan', 'blabla', 400)
+ })
+
+ it('Should reject auto external login with a missing or invalid username', async function () {
+ await loginUsingExternalToken(server, '', externalAuthToken, 400)
+ await loginUsingExternalToken(server, '', externalAuthToken, 400)
+ })
+
+ it('Should reject auto external login with an expired token', async function () {
+ this.timeout(15000)
+
+ await wait(5000)
+
+ await loginUsingExternalToken(server, 'cyan', externalAuthToken, 400)
+
+ await waitUntilLog(server, 'expired external auth token')
+ })
+
+ it('Should auto login Cyan, create the user and use the token', async function () {
+ {
+ const res = await loginExternal({
+ server,
+ npmName: 'test-external-auth-one',
+ authName: 'external-auth-1',
+ query: {
+ username: 'cyan'
+ },
+ username: 'cyan'
+ })
+
+ cyanAccessToken = res.access_token
+ cyanRefreshToken = res.refresh_token
+ }
+
+ {
+ const res = await getMyUserInformation(server.url, cyanAccessToken)
+
+ const body: User = res.body
+ expect(body.username).to.equal('cyan')
+ expect(body.account.displayName).to.equal('cyan')
+ expect(body.email).to.equal('cyan@example.com')
+ expect(body.role).to.equal(UserRole.USER)
+ }
+ })
+
+ it('Should auto login Kefka, create the user and use the token', async function () {
+ {
+ const res = await loginExternal({
+ server,
+ npmName: 'test-external-auth-one',
+ authName: 'external-auth-2',
+ username: 'kefka'
+ })
+
+ kefkaAccessToken = res.access_token
+ kefkaRefreshToken = res.refresh_token
+ }
+
+ {
+ const res = await getMyUserInformation(server.url, kefkaAccessToken)
+
+ const body: User = res.body
+ expect(body.username).to.equal('kefka')
+ expect(body.account.displayName).to.equal('Kefka Palazzo')
+ expect(body.email).to.equal('kefka@example.com')
+ expect(body.role).to.equal(UserRole.ADMINISTRATOR)
+ }
+ })
+
+ it('Should refresh Cyan token, but not Kefka token', async function () {
+ {
+ const resRefresh = await refreshToken(server, cyanRefreshToken)
+ cyanAccessToken = resRefresh.body.access_token
+ cyanRefreshToken = resRefresh.body.refresh_token
+
+ const res = await getMyUserInformation(server.url, cyanAccessToken)
+ const user: User = res.body
+ expect(user.username).to.equal('cyan')
+ }
+
+ {
+ await refreshToken(server, kefkaRefreshToken, 400)
+ }
+ })
+
+ it('Should update Cyan profile', async function () {
+ await updateMyUser({
+ url: server.url,
+ accessToken: cyanAccessToken,
+ displayName: 'Cyan Garamonde',
+ description: 'Retainer to the king of Doma'
+ })
+
+ const res = await getMyUserInformation(server.url, cyanAccessToken)
+
+ const body: User = res.body
+ expect(body.account.displayName).to.equal('Cyan Garamonde')
+ expect(body.account.description).to.equal('Retainer to the king of Doma')
+ })
+
+ it('Should logout Cyan', async function () {
+ await logout(server.url, cyanAccessToken)
+ })
+
+ it('Should have logged out Cyan', async function () {
+ await waitUntilLog(server, 'On logout cyan')
+
+ await getMyUserInformation(server.url, cyanAccessToken, 401)
+ })
+
+ it('Should login Cyan and keep the old existing profile', async function () {
+ {
+ const res = await loginExternal({
+ server,
+ npmName: 'test-external-auth-one',
+ authName: 'external-auth-1',
+ query: {
+ username: 'cyan'
+ },
+ username: 'cyan'
+ })
+
+ cyanAccessToken = res.access_token
+ }
+
+ const res = await getMyUserInformation(server.url, cyanAccessToken)
+
+ const body: User = res.body
+ expect(body.username).to.equal('cyan')
+ expect(body.account.displayName).to.equal('Cyan Garamonde')
+ expect(body.account.description).to.equal('Retainer to the king of Doma')
+ expect(body.role).to.equal(UserRole.USER)
+ })
+
+ it('Should reject token of Kefka by the plugin hook', async function () {
+ this.timeout(10000)
+
+ await wait(5000)
+
+ await getMyUserInformation(server.url, kefkaAccessToken, 401)
+ })
+
+ it('Should uninstall the plugin one and do not login Cyan', async function () {
+ await uninstallPlugin({
+ url: server.url,
+ accessToken: server.accessToken,
+ npmName: 'peertube-plugin-test-external-auth-one'
+ })
+
+ await loginExternal({
+ server,
+ npmName: 'test-external-auth-one',
+ authName: 'external-auth-1',
+ query: {
+ username: 'cyan'
+ },
+ username: 'cyan',
+ statusCodeExpected: 404
+ })
+ })
+
+ it('Should display the correct configuration', async function () {
+ const res = await getConfig(server.url)
+
+ const config: ServerConfig = res.body
+
+ const auths = config.plugin.registeredExternalAuths
+ expect(auths).to.have.lengthOf(1)
+
+ const auth2 = auths.find((a) => a.authName === 'external-auth-2')
+ expect(auth2).to.not.exist
+ })
+
+ after(async function () {
+ await cleanupTests([ server ])
+ })
+})
updateMyUser,
userLogin,
wait,
- login, refreshToken
+ login, refreshToken, getConfig
} from '../../../shared/extra-utils'
-import { User, UserRole } from '@shared/models'
+import { User, UserRole, ServerConfig } from '@shared/models'
import { expect } from 'chai'
describe('Test id and pass auth plugins', function () {
}
})
+ it('Should display the correct configuration', async function () {
+ const res = await getConfig(server.url)
+
+ const config: ServerConfig = res.body
+
+ const auths = config.plugin.registeredIdAndPassAuths
+ expect(auths).to.have.lengthOf(8)
+
+ const crashAuth = auths.find(a => a.authName === 'crash-auth')
+ expect(crashAuth).to.exist
+ expect(crashAuth.npmName).to.equal('peertube-plugin-test-id-pass-auth-one')
+ expect(crashAuth.weight).to.equal(50)
+ })
+
it('Should not login', async function () {
await userLogin(server, { username: 'toto', password: 'password' }, 400)
})
await userLogin(server, { username: 'crash', password: 'crash password' }, 400)
})
+ it('Should display the correct configuration', async function () {
+ const res = await getConfig(server.url)
+
+ const config: ServerConfig = res.body
+
+ const auths = config.plugin.registeredIdAndPassAuths
+ expect(auths).to.have.lengthOf(6)
+
+ const crashAuth = auths.find(a => a.authName === 'crash-auth')
+ expect(crashAuth).to.not.exist
+ })
+
after(async function () {
await cleanupTests([ server ])
})
import './action-hooks'
import './id-and-pass-auth'
+import './external-auth'
import './filter-hooks'
import './translations'
import './video-constants'
import { buildAbsoluteFixturePath, root } from '../miscs/miscs'
import { isAbsolute, join } from 'path'
import { URL } from 'url'
+import { decode } from 'querystring'
function get4KFileUrl () {
return 'https://download.cpy.re/peertube/4k_file.txt'
statusCodeExpected?: number
contentType?: string
range?: string
+ redirects?: number
}) {
if (!options.statusCodeExpected) options.statusCodeExpected = 400
if (options.contentType === undefined) options.contentType = 'application/json'
if (options.token) req.set('Authorization', 'Bearer ' + options.token)
if (options.query) req.query(options.query)
if (options.range) req.set('Range', options.range)
+ if (options.redirects) req.redirects(options.redirects)
return req.expect(options.statusCodeExpected)
}
})
}
+function decodeQueryString (path: string) {
+ return decode(path.split('?')[1])
+}
+
// ---------------------------------------------------------------------------
export {
get4KFileUrl,
makeHTMLRequest,
makeGetRequest,
+ decodeQueryString,
makeUploadRequest,
makePostBodyRequest,
makePutBodyRequest,
return join(root(), 'server', 'tests', 'fixtures', 'peertube-plugin-test' + suffix)
}
+function getExternalAuth (options: {
+ url: string
+ npmName: string
+ npmVersion: string
+ authName: string
+ query?: any
+ statusCodeExpected?: number
+}) {
+ const { url, npmName, npmVersion, authName, statusCodeExpected, query } = options
+
+ const path = '/plugins/' + npmName + '/' + npmVersion + '/auth/' + authName
+
+ return makeGetRequest({
+ url,
+ path,
+ query,
+ statusCodeExpected: statusCodeExpected || 200,
+ redirects: 0
+ })
+}
+
export {
listPlugins,
listAvailablePlugins,
updatePluginPackageJSON,
getPluginPackageJSON,
getPluginTestPath,
- getPublicSettings
+ getPublicSettings,
+ getExternalAuth
}
return Promise.all(tasks)
}
+function loginUsingExternalToken (server: Server, username: string, externalAuthToken: string, expectedStatus = 200) {
+ const path = '/api/v1/users/token'
+
+ const body = {
+ client_id: server.client.id,
+ client_secret: server.client.secret,
+ username: username,
+ response_type: 'code',
+ grant_type: 'password',
+ scope: 'upload',
+ externalAuthToken
+ }
+
+ return request(server.url)
+ .post(path)
+ .type('form')
+ .send(body)
+ .expect(expectedStatus)
+}
+
// ---------------------------------------------------------------------------
export {
setAccessTokensToServers,
Server,
Client,
- User
+ User,
+ loginUsingExternalToken
}
import { UserRole } from '@shared/models'
-import { MOAuthToken } from '@server/typings/models'
+import { MOAuthToken, MUser } from '@server/typings/models'
import * as express from 'express'
export type RegisterServerAuthOptions = RegisterServerAuthPassOptions | RegisterServerAuthExternalOptions
authName: string
// Called by PeerTube when a user from your plugin logged out
- onLogout?(): void
+ onLogout?(user: MUser): void
// Your plugin can hook PeerTube access/refresh token validity
// So you can control for your plugin the user session lifetime
projects / oweals / peertube.git / commitdiff