2024-04-19 06:47:29 -04:00
|
|
|
import { LoginResponseDto, login, signUpAdmin } from '@immich/sdk';
|
|
|
|
|
import { loginDto, signupDto } from 'src/fixtures';
|
|
|
|
|
import { errorDto, loginResponseDto, signupResponseDto } from 'src/responses';
|
|
|
|
|
import { app, utils } from 'src/utils';
|
2024-02-19 12:03:51 -05:00
|
|
|
import request from 'supertest';
|
2024-03-07 10:14:36 -05:00
|
|
|
import { beforeEach, describe, expect, it } from 'vitest';
|
2024-02-19 12:03:51 -05:00
|
|
|
|
|
|
|
|
const { name, email, password } = signupDto.admin;
|
|
|
|
|
|
2024-02-19 17:25:57 -05:00
|
|
|
describe(`/auth/admin-sign-up`, () => {
|
2024-02-19 12:03:51 -05:00
|
|
|
beforeEach(async () => {
|
2024-03-07 10:14:36 -05:00
|
|
|
await utils.resetDatabase();
|
2024-02-19 12:03:51 -05:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('POST /auth/admin-sign-up', () => {
|
|
|
|
|
const invalid = [
|
|
|
|
|
{
|
|
|
|
|
should: 'require an email address',
|
|
|
|
|
data: { name, password },
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
should: 'require a password',
|
|
|
|
|
data: { name, email },
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
should: 'require a name',
|
|
|
|
|
data: { email, password },
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
should: 'require a valid email',
|
|
|
|
|
data: { name, email: 'immich', password },
|
|
|
|
|
},
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
for (const { should, data } of invalid) {
|
|
|
|
|
it(`should ${should}`, async () => {
|
2024-02-29 11:26:55 -05:00
|
|
|
const { status, body } = await request(app).post('/auth/admin-sign-up').send(data);
|
2024-02-19 12:03:51 -05:00
|
|
|
expect(status).toEqual(400);
|
|
|
|
|
expect(body).toEqual(errorDto.badRequest());
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
it(`should sign up the admin`, async () => {
|
2024-02-29 11:26:55 -05:00
|
|
|
const { status, body } = await request(app).post('/auth/admin-sign-up').send(signupDto.admin);
|
2024-02-19 12:03:51 -05:00
|
|
|
expect(status).toBe(201);
|
|
|
|
|
expect(body).toEqual(signupResponseDto.admin);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should sign up the admin with a local domain', async () => {
|
|
|
|
|
const { status, body } = await request(app)
|
|
|
|
|
.post('/auth/admin-sign-up')
|
|
|
|
|
.send({ ...signupDto.admin, email: 'admin@local' });
|
|
|
|
|
expect(status).toEqual(201);
|
|
|
|
|
expect(body).toEqual({
|
|
|
|
|
...signupResponseDto.admin,
|
|
|
|
|
email: 'admin@local',
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should transform email to lower case', async () => {
|
|
|
|
|
const { status, body } = await request(app)
|
|
|
|
|
.post('/auth/admin-sign-up')
|
|
|
|
|
.send({ ...signupDto.admin, email: 'aDmIn@IMMICH.cloud' });
|
|
|
|
|
expect(status).toEqual(201);
|
|
|
|
|
expect(body).toEqual(signupResponseDto.admin);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should not allow a second admin to sign up', async () => {
|
|
|
|
|
await signUpAdmin({ signUpDto: signupDto.admin });
|
|
|
|
|
|
2024-02-29 11:26:55 -05:00
|
|
|
const { status, body } = await request(app).post('/auth/admin-sign-up').send(signupDto.admin);
|
2024-02-19 12:03:51 -05:00
|
|
|
|
|
|
|
|
expect(status).toBe(400);
|
|
|
|
|
expect(body).toEqual(errorDto.alreadyHasAdmin);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2024-02-19 17:25:57 -05:00
|
|
|
describe('/auth/*', () => {
|
2024-02-19 12:03:51 -05:00
|
|
|
let admin: LoginResponseDto;
|
|
|
|
|
|
|
|
|
|
beforeEach(async () => {
|
2024-03-07 10:14:36 -05:00
|
|
|
await utils.resetDatabase();
|
2024-02-19 12:03:51 -05:00
|
|
|
await signUpAdmin({ signUpDto: signupDto.admin });
|
|
|
|
|
admin = await login({ loginCredentialDto: loginDto.admin });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe(`POST /auth/login`, () => {
|
|
|
|
|
it('should reject an incorrect password', async () => {
|
2024-02-29 11:26:55 -05:00
|
|
|
const { status, body } = await request(app).post('/auth/login').send({ email, password: 'incorrect' });
|
2024-02-19 12:03:51 -05:00
|
|
|
expect(status).toBe(401);
|
|
|
|
|
expect(body).toEqual(errorDto.incorrectLogin);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
for (const key of Object.keys(loginDto.admin)) {
|
|
|
|
|
it(`should not allow null ${key}`, async () => {
|
|
|
|
|
const { status, body } = await request(app)
|
|
|
|
|
.post('/auth/login')
|
|
|
|
|
.send({ ...loginDto.admin, [key]: null });
|
|
|
|
|
expect(status).toBe(400);
|
|
|
|
|
expect(body).toEqual(errorDto.badRequest());
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
it('should accept a correct password', async () => {
|
2024-02-29 11:26:55 -05:00
|
|
|
const { status, body, headers } = await request(app).post('/auth/login').send({ email, password });
|
2024-02-19 12:03:51 -05:00
|
|
|
expect(status).toBe(201);
|
|
|
|
|
expect(body).toEqual(loginResponseDto.admin);
|
|
|
|
|
|
|
|
|
|
const token = body.accessToken;
|
|
|
|
|
expect(token).toBeDefined();
|
|
|
|
|
|
|
|
|
|
const cookies = headers['set-cookie'];
|
|
|
|
|
expect(cookies).toHaveLength(3);
|
2024-02-29 11:26:55 -05:00
|
|
|
expect(cookies[0]).toEqual(`immich_access_token=${token}; HttpOnly; Path=/; Max-Age=34560000; SameSite=Lax;`);
|
|
|
|
|
expect(cookies[1]).toEqual('immich_auth_type=password; HttpOnly; Path=/; Max-Age=34560000; SameSite=Lax;');
|
|
|
|
|
expect(cookies[2]).toEqual('immich_is_authenticated=true; Path=/; Max-Age=34560000; SameSite=Lax;');
|
2024-02-19 12:03:51 -05:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('POST /auth/validateToken', () => {
|
|
|
|
|
it('should reject an invalid token', async () => {
|
2024-02-29 11:26:55 -05:00
|
|
|
const { status, body } = await request(app).post(`/auth/validateToken`).set('Authorization', 'Bearer 123');
|
2024-02-19 12:03:51 -05:00
|
|
|
expect(status).toBe(401);
|
|
|
|
|
expect(body).toEqual(errorDto.invalidToken);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should accept a valid token', async () => {
|
|
|
|
|
const { status, body } = await request(app)
|
|
|
|
|
.post(`/auth/validateToken`)
|
|
|
|
|
.send({})
|
|
|
|
|
.set('Authorization', `Bearer ${admin.accessToken}`);
|
|
|
|
|
expect(status).toBe(200);
|
|
|
|
|
expect(body).toEqual({ authStatus: true });
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('POST /auth/change-password', () => {
|
|
|
|
|
it('should require authentication', async () => {
|
|
|
|
|
const { status, body } = await request(app)
|
|
|
|
|
.post(`/auth/change-password`)
|
|
|
|
|
.send({ password, newPassword: 'Password1234' });
|
|
|
|
|
expect(status).toBe(401);
|
|
|
|
|
expect(body).toEqual(errorDto.unauthorized);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should require the current password', async () => {
|
|
|
|
|
const { status, body } = await request(app)
|
|
|
|
|
.post(`/auth/change-password`)
|
|
|
|
|
.send({ password: 'wrong-password', newPassword: 'Password1234' })
|
|
|
|
|
.set('Authorization', `Bearer ${admin.accessToken}`);
|
|
|
|
|
expect(status).toBe(400);
|
|
|
|
|
expect(body).toEqual(errorDto.wrongPassword);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should change the password', async () => {
|
|
|
|
|
const { status } = await request(app)
|
|
|
|
|
.post(`/auth/change-password`)
|
|
|
|
|
.send({ password, newPassword: 'Password1234' })
|
|
|
|
|
.set('Authorization', `Bearer ${admin.accessToken}`);
|
|
|
|
|
expect(status).toBe(200);
|
|
|
|
|
|
|
|
|
|
await login({
|
|
|
|
|
loginCredentialDto: {
|
|
|
|
|
email: 'admin@immich.cloud',
|
|
|
|
|
password: 'Password1234',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('POST /auth/logout', () => {
|
|
|
|
|
it('should require authentication', async () => {
|
|
|
|
|
const { status, body } = await request(app).post(`/auth/logout`);
|
|
|
|
|
expect(status).toBe(401);
|
|
|
|
|
expect(body).toEqual(errorDto.unauthorized);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should logout the user', async () => {
|
|
|
|
|
const { status, body } = await request(app)
|
|
|
|
|
.post(`/auth/logout`)
|
|
|
|
|
.set('Authorization', `Bearer ${admin.accessToken}`);
|
|
|
|
|
expect(status).toBe(200);
|
|
|
|
|
expect(body).toEqual({
|
|
|
|
|
successful: true,
|
|
|
|
|
redirectUri: '/auth/login?autoLaunch=0',
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
