2015-07-20 00:09:47 -07:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
/* global it:false */
|
|
|
|
|
/* global describe:false */
|
|
|
|
|
/* global before:false */
|
|
|
|
|
/* global after:false */
|
|
|
|
|
|
2021-06-05 15:26:35 -07:00
|
|
|
const constants = require('../../constants.js'),
|
2021-06-05 10:37:11 -07:00
|
|
|
common = require('./common.js'),
|
2015-07-20 00:09:47 -07:00
|
|
|
expect = require('expect.js'),
|
2025-02-14 17:26:54 +01:00
|
|
|
superagent = require('../../superagent.js');
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2023-08-14 11:08:38 +05:30
|
|
|
describe('Cloudron', function () {
|
2023-08-11 19:41:05 +05:30
|
|
|
const { setup, cleanup, serverUrl, owner, user, dashboardFqdn } = common;
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
before(setup);
|
|
|
|
|
after(cleanup);
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
describe('config', function () {
|
|
|
|
|
it('cannot get config without token', async function () {
|
2023-08-12 21:47:24 +05:30
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/dashboard/config`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.ok(() => true);
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(401);
|
2015-07-20 00:09:47 -07:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('can get config (admin)', async function () {
|
2023-08-12 21:47:24 +05:30
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/dashboard/config`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.query({ access_token: owner.token });
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(200);
|
2021-06-05 10:37:11 -07:00
|
|
|
expect(response.body.apiServerOrigin).to.eql('http://localhost:6060');
|
|
|
|
|
expect(response.body.webServerOrigin).to.eql('https://cloudron.io');
|
2023-08-11 19:41:05 +05:30
|
|
|
expect(response.body.adminFqdn).to.eql(dashboardFqdn);
|
2021-06-05 10:37:11 -07:00
|
|
|
expect(response.body.version).to.eql(constants.VERSION);
|
|
|
|
|
expect(response.body.cloudronName).to.be.a('string');
|
2015-07-20 00:09:47 -07:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('can get config (non-admin)', async function () {
|
2023-08-12 21:47:24 +05:30
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/dashboard/config`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.query({ access_token: user.token });
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(200);
|
2021-06-05 10:37:11 -07:00
|
|
|
expect(response.body.apiServerOrigin).to.eql('http://localhost:6060');
|
|
|
|
|
expect(response.body.webServerOrigin).to.eql('https://cloudron.io');
|
2023-08-11 19:41:05 +05:30
|
|
|
expect(response.body.adminFqdn).to.eql(dashboardFqdn);
|
2021-06-05 10:37:11 -07:00
|
|
|
expect(response.body.version).to.eql(constants.VERSION);
|
|
|
|
|
expect(response.body.cloudronName).to.be.a('string');
|
2017-08-26 13:59:45 -07:00
|
|
|
});
|
2016-06-27 22:24:30 -05:00
|
|
|
});
|
|
|
|
|
|
2021-11-22 20:42:51 +01:00
|
|
|
describe('account setup', function () {
|
|
|
|
|
it('succeeds without pre-set username and display name', async function () {
|
|
|
|
|
const USER = {
|
|
|
|
|
email: 'setup1@account.com',
|
|
|
|
|
password: 'test?!3434543534',
|
|
|
|
|
username: 'setupuser1',
|
|
|
|
|
displayName: 'setup user1',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ email: USER.email });
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(201);
|
2021-11-22 20:42:51 +01:00
|
|
|
USER.id = response.body.id;
|
|
|
|
|
|
|
|
|
|
const response2 = await superagent.get(`${serverUrl}/api/v1/users/${USER.id}/invite_link`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response2.status).to.equal(200);
|
2021-11-22 20:42:51 +01:00
|
|
|
|
2023-08-10 16:21:22 +05:30
|
|
|
const response3 = await superagent.post(`${serverUrl}/api/v1/auth/setup_account`)
|
2021-11-22 20:42:51 +01:00
|
|
|
.send({
|
|
|
|
|
inviteToken: require('url').parse(response2.body.inviteLink, true).query.inviteToken,
|
|
|
|
|
password: USER.password,
|
|
|
|
|
username: USER.username,
|
|
|
|
|
displayName: USER.displayName
|
|
|
|
|
})
|
|
|
|
|
.ok(() => true);
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response3.status).to.equal(201);
|
2021-11-22 20:42:51 +01:00
|
|
|
expect(response3.body.accessToken).to.be.a('string');
|
|
|
|
|
|
|
|
|
|
const response4 = await superagent.get(`${serverUrl}/api/v1/users/${USER.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response4.status).to.equal(200);
|
2021-11-22 20:42:51 +01:00
|
|
|
expect(response4.body.username).to.equal(USER.username);
|
|
|
|
|
expect(response4.body.displayName).to.equal(USER.displayName);
|
|
|
|
|
|
2023-08-10 16:21:22 +05:30
|
|
|
const response5 = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-11-22 20:42:51 +01:00
|
|
|
.send({ username: USER.username, password: USER.password });
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response5.status).to.equal(200);
|
2021-11-22 20:42:51 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('succeeds and overwrites with pre-set username and display name', async function () {
|
|
|
|
|
const USER = {
|
|
|
|
|
email: 'setup2@account.com',
|
|
|
|
|
password: 'test?!3434543534',
|
2022-01-13 15:20:16 -08:00
|
|
|
username: 'presetup2',
|
2021-11-22 20:42:51 +01:00
|
|
|
displayName: 'setup user2',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
2022-01-13 15:20:16 -08:00
|
|
|
.send({ email: USER.email, username: 'presetup2', displayName: 'pre setup' });
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(201);
|
2021-11-22 20:42:51 +01:00
|
|
|
USER.id = response.body.id;
|
|
|
|
|
|
|
|
|
|
const response2 = await superagent.get(`${serverUrl}/api/v1/users/${USER.id}/invite_link`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response2.status).to.equal(200);
|
2021-11-22 20:42:51 +01:00
|
|
|
|
2023-08-10 16:21:22 +05:30
|
|
|
const response3 = await superagent.post(`${serverUrl}/api/v1/auth/setup_account`)
|
2021-11-22 20:42:51 +01:00
|
|
|
.send({
|
|
|
|
|
inviteToken: require('url').parse(response2.body.inviteLink, true).query.inviteToken,
|
|
|
|
|
password: USER.password,
|
2022-01-13 15:20:16 -08:00
|
|
|
username: 'setupuser2', // this will cause a conflict. cannot change username
|
2021-11-22 20:42:51 +01:00
|
|
|
displayName: USER.displayName
|
|
|
|
|
})
|
|
|
|
|
.ok(() => true);
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response3.status).to.equal(409);
|
2021-11-22 20:42:51 +01:00
|
|
|
|
2023-08-10 16:21:22 +05:30
|
|
|
const response4 = await superagent.post(`${serverUrl}/api/v1/auth/setup_account`)
|
2022-01-13 15:20:16 -08:00
|
|
|
.send({
|
|
|
|
|
inviteToken: require('url').parse(response2.body.inviteLink, true).query.inviteToken,
|
|
|
|
|
password: USER.password,
|
|
|
|
|
displayName: USER.displayName
|
|
|
|
|
})
|
|
|
|
|
.ok(() => true);
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response4.status).to.equal(201);
|
2022-01-13 15:20:16 -08:00
|
|
|
expect(response4.body.accessToken).to.be.a('string');
|
|
|
|
|
|
|
|
|
|
const response5 = await superagent.get(`${serverUrl}/api/v1/users/${USER.id}`)
|
2021-11-22 20:42:51 +01:00
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response5.status).to.equal(200);
|
2022-01-13 15:20:16 -08:00
|
|
|
expect(response5.body.username).to.equal(USER.username);
|
|
|
|
|
expect(response5.body.displayName).to.equal(USER.displayName);
|
2021-11-22 20:42:51 +01:00
|
|
|
|
2023-08-10 16:21:22 +05:30
|
|
|
const response6 = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-11-22 20:42:51 +01:00
|
|
|
.send({ username: USER.username, password: USER.password });
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response6.status).to.equal(200);
|
2021-11-22 20:42:51 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('succeeds and does not overwrite pre-set username and display name if profiles are locked', async function () {
|
|
|
|
|
const USER = {
|
|
|
|
|
email: 'setup3@account.com',
|
|
|
|
|
password: 'test?!3434543534',
|
|
|
|
|
username: 'setupuser3',
|
|
|
|
|
displayName: 'setup user3',
|
|
|
|
|
};
|
|
|
|
|
|
2023-08-03 08:11:42 +05:30
|
|
|
const response0 = await superagent.post(`${serverUrl}/api/v1/user_directory/profile_config`)
|
2021-11-22 20:42:51 +01:00
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.send({ lockUserProfiles: true, mandatory2FA: false });
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response0.status).to.equal(200);
|
2021-11-22 20:42:51 +01:00
|
|
|
|
|
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/users`)
|
|
|
|
|
.query({ access_token: owner.token })
|
2022-01-13 15:20:16 -08:00
|
|
|
.send({ email: USER.email, username: 'presetup3', displayName: 'pre setup3' });
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(201);
|
2021-11-22 20:42:51 +01:00
|
|
|
USER.id = response.body.id;
|
|
|
|
|
|
|
|
|
|
const response2 = await superagent.get(`${serverUrl}/api/v1/users/${USER.id}/invite_link`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response2.status).to.equal(200);
|
2021-11-22 20:42:51 +01:00
|
|
|
|
2023-08-10 16:21:22 +05:30
|
|
|
const response3 = await superagent.post(`${serverUrl}/api/v1/auth/setup_account`)
|
2021-11-22 20:42:51 +01:00
|
|
|
.send({
|
|
|
|
|
inviteToken: require('url').parse(response2.body.inviteLink, true).query.inviteToken,
|
|
|
|
|
password: USER.password,
|
2022-01-13 15:20:16 -08:00
|
|
|
username: USER.username, // ignored
|
|
|
|
|
displayName: USER.displayName // ignored
|
2021-11-22 20:42:51 +01:00
|
|
|
})
|
|
|
|
|
.ok(() => true);
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response3.status).to.equal(201);
|
2021-11-22 20:42:51 +01:00
|
|
|
expect(response3.body.accessToken).to.be.a('string');
|
|
|
|
|
|
|
|
|
|
const response4 = await superagent.get(`${serverUrl}/api/v1/users/${USER.id}`)
|
|
|
|
|
.query({ access_token: owner.token })
|
|
|
|
|
.ok(() => true);
|
|
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response4.status).to.equal(200);
|
2022-01-13 15:20:16 -08:00
|
|
|
expect(response4.body.username).to.equal('presetup3'); // what the admin provided
|
|
|
|
|
expect(response4.body.displayName).to.equal('pre setup3'); // what the admin provided
|
2021-11-22 20:42:51 +01:00
|
|
|
|
2023-08-10 16:21:22 +05:30
|
|
|
const response5 = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2022-01-13 15:20:16 -08:00
|
|
|
.send({ username: 'presetup3', password: USER.password });
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response5.status).to.equal(200);
|
2021-11-22 20:42:51 +01:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2020-02-10 16:40:07 +01:00
|
|
|
describe('login', function () {
|
2021-06-05 10:37:11 -07:00
|
|
|
it('cannot login without body', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.ok(() => true);
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(400);
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('cannot login without username', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ password: owner.password })
|
|
|
|
|
.ok(() => true);
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(400);
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('cannot login without password', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: owner.username })
|
|
|
|
|
.ok(() => true);
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(400);
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('cannot login with empty username', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: '', password: owner.password })
|
|
|
|
|
.ok(() => true);
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(400);
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('cannot login with empty password', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: owner.username, password: '' })
|
|
|
|
|
.ok(() => true);
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(400);
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('cannot login with unknown username', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: 'somethingrandom', password: owner.password })
|
|
|
|
|
.ok(() => true);
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(401);
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('cannot login with unknown email', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: 'randomgemail', password: owner.password })
|
|
|
|
|
.ok(() => true);
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(401);
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('cannot login with wrong password', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: owner.username, password: owner.password.toUpperCase() })
|
|
|
|
|
.ok(() => true);
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(401);
|
2021-06-05 10:37:11 -07:00
|
|
|
});
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('can login with username', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: owner.username, password: owner.password });
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(200);
|
2021-06-05 10:37:11 -07:00
|
|
|
expect(new Date(response.body.expires).toString()).to.not.be('Invalid Date');
|
|
|
|
|
expect(response.body.accessToken).to.be.a('string');
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('can login with uppercase username', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: owner.username.toUpperCase(), password: owner.password });
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(200);
|
2021-06-05 10:37:11 -07:00
|
|
|
expect(new Date(response.body.expires).toString()).to.not.be('Invalid Date');
|
|
|
|
|
expect(response.body.accessToken).to.be.a('string');
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('can login with email', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: owner.email, password: owner.password });
|
|
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(200);
|
2021-06-05 10:37:11 -07:00
|
|
|
expect(new Date(response.body.expires).toString()).to.not.be('Invalid Date');
|
|
|
|
|
expect(response.body.accessToken).to.be.a('string');
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
it('can login with uppercase email', async function () {
|
2023-08-10 16:21:22 +05:30
|
|
|
const response = await superagent.post(`${serverUrl}/api/v1/auth/login`)
|
2021-06-05 10:37:11 -07:00
|
|
|
.send({ username: owner.email.toUpperCase(), password: owner.password });
|
2020-02-10 16:40:07 +01:00
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(200);
|
2021-06-05 10:37:11 -07:00
|
|
|
expect(new Date(response.body.expires).toString()).to.not.be('Invalid Date');
|
|
|
|
|
expect(response.body.accessToken).to.be.a('string');
|
2020-02-10 16:40:07 +01:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2021-06-05 10:37:11 -07:00
|
|
|
describe('languages', function () {
|
|
|
|
|
it('succeeds', async function () {
|
|
|
|
|
const response = await superagent.get(`${serverUrl}/api/v1/cloudron/languages`);
|
|
|
|
|
|
2025-02-14 17:26:54 +01:00
|
|
|
expect(response.status).to.equal(200);
|
2021-06-05 10:37:11 -07:00
|
|
|
expect(response.body.languages).to.be.an('array');
|
|
|
|
|
expect(response.body.languages.indexOf('en')).to.not.equal(-1);
|
2020-11-18 00:10:06 +01:00
|
|
|
});
|
2019-12-12 13:21:24 +01:00
|
|
|
});
|
2015-07-20 00:09:47 -07:00
|
|
|
});
|
