mirror of
https://github.com/immich-app/immich.git
synced 2024-12-23 02:06:15 +02:00
4e9b96ff1a
* Allow building and installing cli * feat: add format fix * docs: remove cli folder * feat: use immich scoped package * feat: rewrite cli readme * docs: add info on running without building * cleanup * chore: remove import functionality from cli * feat: add logout to cli * docs: add todo for file format from server * docs: add compilation step to cli * fix: success message spacing * feat: can create albums * fix: add check step to cli * fix: typos * feat: pull file formats from server * chore: use crawl service from server * chore: fix lint * docs: add cli documentation * chore: rename ignore pattern * chore: add version number to cli * feat: use sdk * fix: cleanup * feat: album name on windows * chore: remove skipped asset field * feat: add more info to server-info command * chore: cleanup * wip * chore: remove unneeded packages * e2e test can start * git ignore for geocode in cli * add cli e2e to github actions * can do e2e tests in the cli * simplify e2e test * cleanup * set matrix strategy in workflow * run npm ci in server * choose different working directory * check out submodules too * increase test timeout * set node version * cli docker e2e tests * fix cli docker file * run cli e2e in correct folder * set docker context * correct docker build * remove cli from dockerignore * chore: fix docs links * feat: add cli v2 milestone * fix: set correct cli date * remove submodule * chore: add npmignore * chore(cli): push to npm * fix: server e2e * run npm ci in server * remove state from e2e * run npm ci in server * reshuffle docker compose files * use new e2e composes in makefile * increase test timeout to 10 minutes * make github actions run makefile e2e tests * cleanup github test names * assert on server version * chore: split cli e2e tests into one file per command * chore: set cli release working dir * chore: add repo url to npmjs * chore: bump node setup to v4 * chore: normalize the github url * check e2e code in lint * fix lint * test key login flow * feat: allow configurable config dir * fix session service tests * create missing dir * cleanup * bump cli version to 2.0.4 * remove form-data * feat: allow single files as argument * add version option * bump dependencies * fix lint * wip use axios as upload * version bump * cApiTALiZaTiON * don't touch package lock * wip: don't use job queues * don't use make for cli e2e * fix server e2e * chore: remove old gha step * add npm ci to server --------- Co-authored-by: Alex <alex.tran1502@gmail.com> Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>
292 lines
9.8 KiB
TypeScript
292 lines
9.8 KiB
TypeScript
import { AuthController } from '@app/immich';
|
|
import { api } from '@test/api';
|
|
import {
|
|
adminSignupStub,
|
|
changePasswordStub,
|
|
deviceStub,
|
|
errorStub,
|
|
loginResponseStub,
|
|
loginStub,
|
|
uuidStub,
|
|
} from '@test/fixtures';
|
|
import { testApp } from '@test/test-utils';
|
|
import request from 'supertest';
|
|
|
|
const name = 'Immich Admin';
|
|
const password = 'Password123';
|
|
const email = 'admin@immich.app';
|
|
|
|
const adminSignupResponse = {
|
|
avatarColor: expect.any(String),
|
|
id: expect.any(String),
|
|
name: 'Immich Admin',
|
|
email: 'admin@immich.app',
|
|
storageLabel: 'admin',
|
|
externalPath: null,
|
|
profileImagePath: '',
|
|
// why? lol
|
|
shouldChangePassword: true,
|
|
isAdmin: true,
|
|
createdAt: expect.any(String),
|
|
updatedAt: expect.any(String),
|
|
deletedAt: null,
|
|
oauthId: '',
|
|
memoriesEnabled: true,
|
|
};
|
|
|
|
describe(`${AuthController.name} (e2e)`, () => {
|
|
let server: any;
|
|
let accessToken: string;
|
|
|
|
beforeAll(async () => {
|
|
server = (await testApp.create()).getHttpServer();
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await testApp.teardown();
|
|
});
|
|
|
|
beforeEach(async () => {
|
|
await testApp.reset();
|
|
await api.authApi.adminSignUp(server);
|
|
const response = await api.authApi.adminLogin(server);
|
|
accessToken = response.accessToken;
|
|
});
|
|
|
|
describe('POST /auth/admin-sign-up', () => {
|
|
beforeEach(async () => {
|
|
await testApp.reset();
|
|
});
|
|
|
|
const invalid = [
|
|
{
|
|
should: 'require an email address',
|
|
data: { name, password },
|
|
},
|
|
{
|
|
should: 'require a password',
|
|
data: { name, email },
|
|
},
|
|
{
|
|
should: 'require a name',
|
|
data: { email, password },
|
|
},
|
|
{
|
|
should: 'require a valid email',
|
|
data: { name, email: 'immich', password },
|
|
},
|
|
];
|
|
|
|
for (const { should, data } of invalid) {
|
|
it(`should ${should}`, async () => {
|
|
const { status, body } = await request(server).post('/auth/admin-sign-up').send(data);
|
|
expect(status).toEqual(400);
|
|
expect(body).toEqual(errorStub.badRequest());
|
|
});
|
|
}
|
|
|
|
it(`should sign up the admin`, async () => {
|
|
await api.authApi.adminSignUp(server);
|
|
});
|
|
|
|
it('should sign up the admin with a local domain', async () => {
|
|
const { status, body } = await request(server)
|
|
.post('/auth/admin-sign-up')
|
|
.send({ ...adminSignupStub, email: 'admin@local' });
|
|
expect(status).toEqual(201);
|
|
expect(body).toEqual({ ...adminSignupResponse, email: 'admin@local' });
|
|
});
|
|
|
|
it('should transform email to lower case', async () => {
|
|
const { status, body } = await request(server)
|
|
.post('/auth/admin-sign-up')
|
|
.send({ ...adminSignupStub, email: 'aDmIn@IMMICH.app' });
|
|
expect(status).toEqual(201);
|
|
expect(body).toEqual(adminSignupResponse);
|
|
});
|
|
|
|
it('should not allow a second admin to sign up', async () => {
|
|
await api.authApi.adminSignUp(server);
|
|
|
|
const { status, body } = await request(server).post('/auth/admin-sign-up').send(adminSignupStub);
|
|
|
|
expect(status).toBe(400);
|
|
expect(body).toEqual(errorStub.alreadyHasAdmin);
|
|
});
|
|
|
|
for (const key of Object.keys(adminSignupStub)) {
|
|
it(`should not allow null ${key}`, async () => {
|
|
const { status, body } = await request(server)
|
|
.post('/auth/admin-sign-up')
|
|
.send({ ...adminSignupStub, [key]: null });
|
|
expect(status).toBe(400);
|
|
expect(body).toEqual(errorStub.badRequest());
|
|
});
|
|
}
|
|
});
|
|
|
|
describe(`POST /auth/login`, () => {
|
|
it('should reject an incorrect password', async () => {
|
|
const { status, body } = await request(server).post('/auth/login').send({ email, password: 'incorrect' });
|
|
expect(body).toEqual(errorStub.incorrectLogin);
|
|
expect(status).toBe(401);
|
|
});
|
|
|
|
for (const key of Object.keys(loginStub.admin)) {
|
|
it(`should not allow null ${key}`, async () => {
|
|
const { status, body } = await request(server)
|
|
.post('/auth/login')
|
|
.send({ ...loginStub.admin, [key]: null });
|
|
expect(status).toBe(400);
|
|
expect(body).toEqual(errorStub.badRequest());
|
|
});
|
|
}
|
|
|
|
it('should accept a correct password', async () => {
|
|
const { status, body, headers } = await request(server).post('/auth/login').send({ email, password });
|
|
expect(status).toBe(201);
|
|
expect(body).toEqual(loginResponseStub.admin.response);
|
|
|
|
const token = body.accessToken;
|
|
expect(token).toBeDefined();
|
|
|
|
const cookies = headers['set-cookie'];
|
|
expect(cookies).toHaveLength(2);
|
|
expect(cookies[0]).toEqual(`immich_access_token=${token}; HttpOnly; Path=/; Max-Age=34560000; SameSite=Lax;`);
|
|
expect(cookies[1]).toEqual('immich_auth_type=password; HttpOnly; Path=/; Max-Age=34560000; SameSite=Lax;');
|
|
});
|
|
});
|
|
|
|
describe('GET /auth/devices', () => {
|
|
it('should require authentication', async () => {
|
|
const { status, body } = await request(server).get('/auth/devices');
|
|
expect(status).toBe(401);
|
|
expect(body).toEqual(errorStub.unauthorized);
|
|
});
|
|
|
|
it('should get a list of authorized devices', async () => {
|
|
const { status, body } = await request(server).get('/auth/devices').set('Authorization', `Bearer ${accessToken}`);
|
|
expect(status).toBe(200);
|
|
expect(body).toEqual([deviceStub.current]);
|
|
});
|
|
});
|
|
|
|
describe('DELETE /auth/devices', () => {
|
|
it('should require authentication', async () => {
|
|
const { status, body } = await request(server).delete(`/auth/devices`);
|
|
expect(status).toBe(401);
|
|
expect(body).toEqual(errorStub.unauthorized);
|
|
});
|
|
|
|
it('should logout all devices (except the current one)', async () => {
|
|
for (let i = 0; i < 5; i++) {
|
|
await api.authApi.adminLogin(server);
|
|
}
|
|
|
|
await expect(api.authApi.getAuthDevices(server, accessToken)).resolves.toHaveLength(6);
|
|
|
|
const { status } = await request(server).delete(`/auth/devices`).set('Authorization', `Bearer ${accessToken}`);
|
|
expect(status).toBe(204);
|
|
|
|
await api.authApi.validateToken(server, accessToken);
|
|
});
|
|
});
|
|
|
|
describe('DELETE /auth/devices/:id', () => {
|
|
it('should require authentication', async () => {
|
|
const { status, body } = await request(server).delete(`/auth/devices/${uuidStub.notFound}`);
|
|
expect(status).toBe(401);
|
|
expect(body).toEqual(errorStub.unauthorized);
|
|
});
|
|
|
|
it('should throw an error for a non-existent device id', async () => {
|
|
const { status, body } = await request(server)
|
|
.delete(`/auth/devices/${uuidStub.notFound}`)
|
|
.set('Authorization', `Bearer ${accessToken}`);
|
|
expect(status).toBe(400);
|
|
expect(body).toEqual(errorStub.badRequest('Not found or no authDevice.delete access'));
|
|
});
|
|
|
|
it('should logout a device', async () => {
|
|
const [device] = await api.authApi.getAuthDevices(server, accessToken);
|
|
const { status } = await request(server)
|
|
.delete(`/auth/devices/${device.id}`)
|
|
.set('Authorization', `Bearer ${accessToken}`);
|
|
expect(status).toBe(204);
|
|
|
|
const response = await request(server).post('/auth/validateToken').set('Authorization', `Bearer ${accessToken}`);
|
|
expect(response.body).toEqual(errorStub.invalidToken);
|
|
expect(response.status).toBe(401);
|
|
});
|
|
});
|
|
|
|
describe('POST /auth/validateToken', () => {
|
|
it('should reject an invalid token', async () => {
|
|
const { status, body } = await request(server).post(`/auth/validateToken`).set('Authorization', 'Bearer 123');
|
|
expect(status).toBe(401);
|
|
expect(body).toEqual(errorStub.invalidToken);
|
|
});
|
|
|
|
it('should accept a valid token', async () => {
|
|
const { status, body } = await request(server)
|
|
.post(`/auth/validateToken`)
|
|
.send({})
|
|
.set('Authorization', `Bearer ${accessToken}`);
|
|
expect(status).toBe(200);
|
|
expect(body).toEqual({ authStatus: true });
|
|
});
|
|
});
|
|
|
|
describe('POST /auth/change-password', () => {
|
|
it('should require authentication', async () => {
|
|
const { status, body } = await request(server).post(`/auth/change-password`).send(changePasswordStub);
|
|
expect(status).toBe(401);
|
|
expect(body).toEqual(errorStub.unauthorized);
|
|
});
|
|
|
|
for (const key of Object.keys(changePasswordStub)) {
|
|
it(`should not allow null ${key}`, async () => {
|
|
const { status, body } = await request(server)
|
|
.post('/auth/change-password')
|
|
.send({ ...changePasswordStub, [key]: null })
|
|
.set('Authorization', `Bearer ${accessToken}`);
|
|
expect(status).toBe(400);
|
|
expect(body).toEqual(errorStub.badRequest());
|
|
});
|
|
}
|
|
|
|
it('should require the current password', async () => {
|
|
const { status, body } = await request(server)
|
|
.post(`/auth/change-password`)
|
|
.send({ ...changePasswordStub, password: 'wrong-password' })
|
|
.set('Authorization', `Bearer ${accessToken}`);
|
|
expect(status).toBe(400);
|
|
expect(body).toEqual(errorStub.wrongPassword);
|
|
});
|
|
|
|
it('should change the password', async () => {
|
|
const { status } = await request(server)
|
|
.post(`/auth/change-password`)
|
|
.send(changePasswordStub)
|
|
.set('Authorization', `Bearer ${accessToken}`);
|
|
expect(status).toBe(200);
|
|
|
|
await api.authApi.login(server, { email: 'admin@immich.app', password: 'Password1234' });
|
|
});
|
|
});
|
|
|
|
describe('POST /auth/logout', () => {
|
|
it('should require authentication', async () => {
|
|
const { status, body } = await request(server).post(`/auth/logout`);
|
|
expect(status).toBe(401);
|
|
expect(body).toEqual(errorStub.unauthorized);
|
|
});
|
|
|
|
it('should logout the user', async () => {
|
|
const { status, body } = await request(server).post(`/auth/logout`).set('Authorization', `Bearer ${accessToken}`);
|
|
expect(status).toBe(200);
|
|
expect(body).toEqual({ successful: true, redirectUri: '/auth/login?autoLaunch=0' });
|
|
});
|
|
});
|
|
});
|