mirror of
https://github.com/matrix-org/matrix-js-sdk.git
synced 2025-06-10 02:21:19 +03:00
* Bump eslint-plugin-matrix-org to enable @typescript-eslint/consistent-type-imports rule * Re-lint after merge
604 lines
20 KiB
TypeScript
604 lines
20 KiB
TypeScript
/*
|
|
Copyright 2016 OpenMarket Ltd
|
|
Copyright 2019 The Matrix.org Foundation C.I.C.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
import { type MatrixClient } from "../../src/client";
|
|
import { logger } from "../../src/logger";
|
|
import { InteractiveAuth, AuthType } from "../../src/interactive-auth";
|
|
import { HTTPError, MatrixError } from "../../src/http-api";
|
|
import { sleep } from "../../src/utils";
|
|
import { secureRandomString } from "../../src/randomstring";
|
|
|
|
// Trivial client object to test interactive auth
|
|
// (we do not need TestClient here)
|
|
class FakeClient {
|
|
generateClientSecret() {
|
|
return "testcl1Ent5EcreT";
|
|
}
|
|
}
|
|
|
|
const getFakeClient = (): MatrixClient => new FakeClient() as unknown as MatrixClient;
|
|
|
|
describe("InteractiveAuth", () => {
|
|
it("should start an auth stage and complete it", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest: doRequest,
|
|
stateUpdated: stateUpdated,
|
|
requestEmailToken: jest.fn(),
|
|
authData: {
|
|
session: "sessionId",
|
|
flows: [{ stages: [AuthType.Password] }],
|
|
params: {
|
|
[AuthType.Password]: { param: "aa" },
|
|
},
|
|
},
|
|
});
|
|
|
|
expect(ia.getSessionId()).toEqual("sessionId");
|
|
expect(ia.getStageParams(AuthType.Password)).toEqual({
|
|
param: "aa",
|
|
});
|
|
|
|
// first we expect a call here
|
|
stateUpdated.mockImplementation((stage) => {
|
|
logger.log("aaaa");
|
|
expect(stage).toEqual(AuthType.Password);
|
|
ia.submitAuthDict({
|
|
type: AuthType.Password,
|
|
});
|
|
});
|
|
|
|
// .. which should trigger a call here
|
|
const requestRes = { a: "b" };
|
|
doRequest.mockImplementation(async (authData) => {
|
|
logger.log("cccc");
|
|
expect(authData).toEqual({
|
|
session: "sessionId",
|
|
type: AuthType.Password,
|
|
});
|
|
return requestRes;
|
|
});
|
|
|
|
const res = await ia.attemptAuth();
|
|
expect(res).toBe(requestRes);
|
|
expect(doRequest).toHaveBeenCalledTimes(1);
|
|
expect(stateUpdated).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
it("should handle auth errcode presence", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest: doRequest,
|
|
stateUpdated: stateUpdated,
|
|
requestEmailToken: jest.fn(),
|
|
authData: {
|
|
session: "sessionId",
|
|
flows: [{ stages: [AuthType.Password] }],
|
|
params: {
|
|
[AuthType.Password]: { param: "aa" },
|
|
},
|
|
},
|
|
});
|
|
|
|
expect(ia.getSessionId()).toEqual("sessionId");
|
|
expect(ia.getStageParams(AuthType.Password)).toEqual({
|
|
param: "aa",
|
|
});
|
|
|
|
// first we expect a call here
|
|
stateUpdated.mockImplementation((stage) => {
|
|
logger.log("aaaa");
|
|
expect(stage).toEqual(AuthType.Password);
|
|
ia.submitAuthDict({
|
|
type: AuthType.Password,
|
|
});
|
|
});
|
|
|
|
// .. which should trigger a call here
|
|
const requestRes = { a: "b" };
|
|
doRequest.mockImplementation(async (authData) => {
|
|
logger.log("cccc");
|
|
expect(authData).toEqual({
|
|
session: "sessionId",
|
|
type: AuthType.Password,
|
|
});
|
|
return requestRes;
|
|
});
|
|
|
|
const res = await ia.attemptAuth();
|
|
expect(res).toBe(requestRes);
|
|
expect(doRequest).toHaveBeenCalledTimes(1);
|
|
expect(stateUpdated).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
it("should handle set emailSid for email flow", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
doRequest,
|
|
stateUpdated,
|
|
requestEmailToken,
|
|
matrixClient: getFakeClient(),
|
|
emailSid: "myEmailSid",
|
|
authData: {
|
|
session: "sessionId",
|
|
flows: [{ stages: [AuthType.Email, AuthType.Password] }],
|
|
params: {
|
|
[AuthType.Email]: { param: "aa" },
|
|
[AuthType.Password]: { param: "bb" },
|
|
},
|
|
},
|
|
});
|
|
|
|
expect(ia.getSessionId()).toEqual("sessionId");
|
|
expect(ia.getStageParams(AuthType.Email)).toEqual({
|
|
param: "aa",
|
|
});
|
|
|
|
// first we expect a call here
|
|
stateUpdated.mockImplementation((stage) => {
|
|
logger.log("husky");
|
|
expect(stage).toEqual(AuthType.Email);
|
|
ia.submitAuthDict({
|
|
type: AuthType.Email,
|
|
});
|
|
});
|
|
|
|
// .. which should trigger a call here
|
|
const requestRes = { a: "b" };
|
|
doRequest.mockImplementation(async (authData) => {
|
|
logger.log("barfoo");
|
|
expect(authData).toEqual({
|
|
session: "sessionId",
|
|
type: AuthType.Email,
|
|
});
|
|
return requestRes;
|
|
});
|
|
|
|
const res = await ia.attemptAuth();
|
|
expect(res).toBe(requestRes);
|
|
expect(doRequest).toHaveBeenCalledTimes(1);
|
|
expect(stateUpdated).toHaveBeenCalledTimes(1);
|
|
expect(requestEmailToken).toHaveBeenCalledTimes(0);
|
|
expect(ia.getEmailSid()).toBe("myEmailSid");
|
|
});
|
|
|
|
it("should make a request if no authdata is provided", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
stateUpdated,
|
|
doRequest,
|
|
requestEmailToken,
|
|
});
|
|
|
|
expect(ia.getSessionId()).toBe(undefined);
|
|
expect(ia.getStageParams(AuthType.Password)).toBe(undefined);
|
|
|
|
// first we expect a call to doRequest
|
|
doRequest.mockImplementation((authData) => {
|
|
logger.log("request1", authData);
|
|
expect(authData).toEqual(null); // first request should be null
|
|
const err = new MatrixError(
|
|
{
|
|
session: "sessionId",
|
|
flows: [{ stages: [AuthType.Password] }],
|
|
params: {
|
|
[AuthType.Password]: { param: "aa" },
|
|
},
|
|
},
|
|
401,
|
|
);
|
|
throw err;
|
|
});
|
|
|
|
// .. which should be followed by a call to stateUpdated
|
|
const requestRes = { a: "b" };
|
|
stateUpdated.mockImplementation((stage) => {
|
|
expect(stage).toEqual(AuthType.Password);
|
|
expect(ia.getSessionId()).toEqual("sessionId");
|
|
expect(ia.getStageParams(AuthType.Password)).toEqual({
|
|
param: "aa",
|
|
});
|
|
|
|
// submitAuthDict should trigger another call to doRequest
|
|
doRequest.mockImplementation(async (authData) => {
|
|
logger.log("request2", authData);
|
|
expect(authData).toEqual({
|
|
session: "sessionId",
|
|
type: AuthType.Password,
|
|
});
|
|
return requestRes;
|
|
});
|
|
|
|
ia.submitAuthDict({
|
|
type: AuthType.Password,
|
|
});
|
|
});
|
|
|
|
const res = await ia.attemptAuth();
|
|
expect(res).toBe(requestRes);
|
|
expect(doRequest).toHaveBeenCalledTimes(2);
|
|
expect(stateUpdated).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
it("should make a request if authdata is null", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
stateUpdated,
|
|
doRequest,
|
|
requestEmailToken,
|
|
});
|
|
|
|
expect(ia.getSessionId()).toBe(undefined);
|
|
expect(ia.getStageParams(AuthType.Password)).toBe(undefined);
|
|
|
|
// first we expect a call to doRequest
|
|
doRequest.mockImplementation((authData) => {
|
|
logger.log("request1", authData);
|
|
expect(authData).toEqual(null); // first request should be null
|
|
const err = new MatrixError(
|
|
{
|
|
session: "sessionId",
|
|
flows: [{ stages: [AuthType.Password] }],
|
|
params: {
|
|
[AuthType.Password]: { param: "aa" },
|
|
},
|
|
},
|
|
401,
|
|
);
|
|
throw err;
|
|
});
|
|
|
|
// .. which should be followed by a call to stateUpdated
|
|
const requestRes = { a: "b" };
|
|
stateUpdated.mockImplementation((stage) => {
|
|
expect(stage).toEqual(AuthType.Password);
|
|
expect(ia.getSessionId()).toEqual("sessionId");
|
|
expect(ia.getStageParams(AuthType.Password)).toEqual({
|
|
param: "aa",
|
|
});
|
|
|
|
// submitAuthDict should trigger another call to doRequest
|
|
doRequest.mockImplementation(async (authData) => {
|
|
logger.log("request2", authData);
|
|
expect(authData).toEqual({
|
|
session: "sessionId",
|
|
type: AuthType.Password,
|
|
});
|
|
return requestRes;
|
|
});
|
|
|
|
ia.submitAuthDict({
|
|
type: AuthType.Password,
|
|
});
|
|
});
|
|
|
|
const res = await ia.attemptAuth();
|
|
expect(res).toBe(requestRes);
|
|
expect(doRequest).toHaveBeenCalledTimes(2);
|
|
expect(stateUpdated).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
it("should start an auth stage and reject if no auth flow", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest,
|
|
stateUpdated,
|
|
requestEmailToken,
|
|
});
|
|
|
|
doRequest.mockImplementation((authData) => {
|
|
logger.log("request1", authData);
|
|
expect(authData).toEqual(null); // first request should be null
|
|
const err = new MatrixError(
|
|
{
|
|
session: "sessionId",
|
|
flows: [],
|
|
params: {
|
|
[AuthType.Password]: { param: "aa" },
|
|
},
|
|
},
|
|
401,
|
|
);
|
|
throw err;
|
|
});
|
|
|
|
await expect(ia.attemptAuth.bind(ia)).rejects.toThrow(new Error("No appropriate authentication flow found"));
|
|
});
|
|
|
|
it("should start an auth stage and reject if no auth flow but has session", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest,
|
|
stateUpdated,
|
|
requestEmailToken,
|
|
authData: {},
|
|
sessionId: "sessionId",
|
|
});
|
|
|
|
doRequest.mockImplementation((authData) => {
|
|
logger.log("request1", authData);
|
|
expect(authData).toEqual({ session: "sessionId" }); // has existing sessionId
|
|
const err = new MatrixError(
|
|
{
|
|
session: "sessionId",
|
|
flows: [],
|
|
params: {
|
|
[AuthType.Password]: { param: "aa" },
|
|
},
|
|
error: "Mock Error 1",
|
|
errcode: "MOCKERR1",
|
|
},
|
|
401,
|
|
);
|
|
throw err;
|
|
});
|
|
|
|
await expect(ia.attemptAuth.bind(ia)).rejects.toThrow(new Error("No appropriate authentication flow found"));
|
|
});
|
|
|
|
it("should handle unexpected error types without data property set", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest,
|
|
stateUpdated,
|
|
requestEmailToken,
|
|
authData: {
|
|
session: "sessionId",
|
|
},
|
|
});
|
|
|
|
doRequest.mockImplementation((authData) => {
|
|
logger.log("request1", authData);
|
|
expect(authData).toEqual({ session: "sessionId" }); // has existing sessionId
|
|
const err = new HTTPError("myerror", 401);
|
|
throw err;
|
|
});
|
|
|
|
await expect(ia.attemptAuth.bind(ia)).rejects.toThrow(new Error("myerror"));
|
|
});
|
|
|
|
it("should allow dummy auth", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest,
|
|
stateUpdated,
|
|
requestEmailToken,
|
|
authData: {
|
|
session: "sessionId",
|
|
flows: [{ stages: [AuthType.Dummy] }],
|
|
params: {},
|
|
},
|
|
});
|
|
|
|
const requestRes = { a: "b" };
|
|
doRequest.mockImplementation((authData) => {
|
|
logger.log("request1", authData);
|
|
expect(authData).toEqual({
|
|
session: "sessionId",
|
|
type: AuthType.Dummy,
|
|
});
|
|
return requestRes;
|
|
});
|
|
|
|
const res = await ia.attemptAuth();
|
|
expect(res).toBe(requestRes);
|
|
expect(doRequest).toHaveBeenCalledTimes(1);
|
|
expect(stateUpdated).toHaveBeenCalledTimes(0);
|
|
});
|
|
|
|
describe("requestEmailToken", () => {
|
|
it("increases auth attempts", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
requestEmailToken.mockImplementation(async () => ({ sid: "" }));
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest,
|
|
stateUpdated,
|
|
requestEmailToken,
|
|
});
|
|
|
|
await ia.requestEmailToken();
|
|
expect(requestEmailToken).toHaveBeenLastCalledWith(undefined, ia.getClientSecret(), 1, undefined);
|
|
requestEmailToken.mockClear();
|
|
await ia.requestEmailToken();
|
|
expect(requestEmailToken).toHaveBeenLastCalledWith(undefined, ia.getClientSecret(), 2, undefined);
|
|
requestEmailToken.mockClear();
|
|
await ia.requestEmailToken();
|
|
expect(requestEmailToken).toHaveBeenLastCalledWith(undefined, ia.getClientSecret(), 3, undefined);
|
|
requestEmailToken.mockClear();
|
|
await ia.requestEmailToken();
|
|
expect(requestEmailToken).toHaveBeenLastCalledWith(undefined, ia.getClientSecret(), 4, undefined);
|
|
requestEmailToken.mockClear();
|
|
await ia.requestEmailToken();
|
|
expect(requestEmailToken).toHaveBeenLastCalledWith(undefined, ia.getClientSecret(), 5, undefined);
|
|
});
|
|
|
|
it("passes errors through", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
requestEmailToken.mockImplementation(async () => {
|
|
throw new Error("unspecific network error");
|
|
});
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest,
|
|
stateUpdated,
|
|
requestEmailToken,
|
|
});
|
|
|
|
await expect(ia.requestEmailToken.bind(ia)).rejects.toThrow("unspecific network error");
|
|
});
|
|
|
|
it("only starts one request at a time", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
requestEmailToken.mockImplementation(() => sleep(500, { sid: "" }));
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest,
|
|
stateUpdated,
|
|
requestEmailToken,
|
|
});
|
|
|
|
await Promise.all([ia.requestEmailToken(), ia.requestEmailToken(), ia.requestEmailToken()]);
|
|
expect(requestEmailToken).toHaveBeenCalledTimes(1);
|
|
});
|
|
|
|
it("stores result in email sid", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
const requestEmailToken = jest.fn();
|
|
const sid = secureRandomString(24);
|
|
requestEmailToken.mockImplementation(() => sleep(500, { sid }));
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest,
|
|
stateUpdated,
|
|
requestEmailToken,
|
|
});
|
|
|
|
await ia.requestEmailToken();
|
|
expect(ia.getEmailSid()).toEqual(sid);
|
|
});
|
|
});
|
|
|
|
it("should prioritise shorter flows", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest: doRequest,
|
|
stateUpdated: stateUpdated,
|
|
requestEmailToken: jest.fn(),
|
|
authData: {
|
|
session: "sessionId",
|
|
flows: [{ stages: [AuthType.Recaptcha, AuthType.Password] }, { stages: [AuthType.Password] }],
|
|
params: {},
|
|
},
|
|
});
|
|
|
|
// @ts-ignore
|
|
ia.chooseStage();
|
|
expect(ia.getChosenFlow()?.stages).toEqual([AuthType.Password]);
|
|
});
|
|
|
|
it("should prioritise flows with entirely supported stages", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest: doRequest,
|
|
stateUpdated: stateUpdated,
|
|
requestEmailToken: jest.fn(),
|
|
authData: {
|
|
session: "sessionId",
|
|
flows: [{ stages: ["com.devture.shared_secret_auth"] }, { stages: [AuthType.Password] }],
|
|
params: {},
|
|
},
|
|
supportedStages: [AuthType.Password],
|
|
});
|
|
|
|
// @ts-ignore
|
|
ia.chooseStage();
|
|
expect(ia.getChosenFlow()?.stages).toEqual([AuthType.Password]);
|
|
});
|
|
|
|
it("should fire stateUpdated callback with error when a request fails", async () => {
|
|
const doRequest = jest.fn();
|
|
const stateUpdated = jest.fn();
|
|
|
|
const ia = new InteractiveAuth({
|
|
matrixClient: getFakeClient(),
|
|
doRequest: doRequest,
|
|
stateUpdated: stateUpdated,
|
|
requestEmailToken: jest.fn(),
|
|
authData: {
|
|
session: "sessionId",
|
|
flows: [{ stages: [AuthType.Password] }],
|
|
params: {
|
|
[AuthType.Password]: { param: "aa" },
|
|
},
|
|
},
|
|
});
|
|
|
|
// StateUpdated should be called. We call submitAuthDict() to trigger a request ...
|
|
let firstTime = true;
|
|
stateUpdated.mockImplementation((stage) => {
|
|
expect(stage).toEqual(AuthType.Password);
|
|
// Only trigger the request the first time, to avoid an infinite loop
|
|
if (firstTime) {
|
|
firstTime = false;
|
|
ia.submitAuthDict({
|
|
type: AuthType.Password,
|
|
});
|
|
}
|
|
});
|
|
|
|
// .. which which we then reject, so we can test the behaviour in that case.
|
|
doRequest.mockRejectedValue(new MatrixError({ errcode: "M_UNKNOWN", error: "This is an error" }));
|
|
|
|
await Promise.allSettled([ia.attemptAuth()]);
|
|
expect(stateUpdated).toHaveBeenCalledWith("m.login.password", {
|
|
errcode: "M_UNKNOWN",
|
|
error: "This is an error",
|
|
});
|
|
});
|
|
});
|