Merge remote-tracking branch 'origin/develop' into release-candidate

4 years ago · 58b2763324
parent bfa43b8b35 194a600f31
commit 58b2763324
8 changed files with 46 additions and 14 deletions
--- a/.mocharc.api.js
+++ b/.mocharc.api.js
@ -11,6 +11,7 @@ module.exports = {
 	file: 'tests/end-to-end/teardown.js',
 	spec: [
 		'tests/end-to-end/api/*.js',
+		'tests/end-to-end/api/*.ts',
 		'tests/end-to-end/apps/*.js',
 	],
 };
--- a/app/api/server/api.d.ts
+++ b/app/api/server/api.d.ts
@ -43,7 +43,7 @@ type UnauthorizedResult<T> = {

 export type NonEnterpriseTwoFactorOptions = {
 	authRequired: true;
-	twoFactorRequiredNonEnterprise: true;
+	forceTwoFactorAuthenticationForNonEnterprise: true;
 	twoFactorRequired: true;
 	permissionsRequired?: string[];
 	twoFactorOptions: ITwoFactorOptions;
@ -51,11 +51,13 @@ export type NonEnterpriseTwoFactorOptions = {

 type Options = {
 	permissionsRequired?: string[];
-	twoFactorOptions?: ITwoFactorOptions;
-	twoFactorRequired?: boolean;
 	authRequired?: boolean;
-	twoFactorRequiredNonEnterprise?: true;
-};
+	forceTwoFactorAuthenticationForNonEnterprise?: boolean;
+} | {
+	authRequired: true;
+	twoFactorRequired: true;
+	twoFactorOptions?: ITwoFactorOptions;
+}

 type Request = {
 	method: 'GET' | 'POST' | 'PUT' | 'DELETE';
--- a/app/api/server/api.js
+++ b/app/api/server/api.js
@ -273,6 +273,9 @@ export class APIClass extends Restivus {
 	}

 	processTwoFactor({ userId, request, invocation, options, connection }) {
+		if (!options.twoFactorRequired) {
+			return;
+		}
 		const code = request.headers['x-2fa-code'];
 		const method = request.headers['x-2fa-method'];

@ -399,9 +402,7 @@ export class APIClass extends Restivus {
 						};
 						Accounts._setAccountData(connection.id, 'loginToken', this.token);

-						if (_options.twoFactorRequired) {
-							api.processTwoFactor({ userId: this.userId, request: this.request, invocation, options: _options, connection });
-						}
+						api.processTwoFactor({ userId: this.userId, request: this.request, invocation, options: _options, connection });

 						result = DDP._CurrentInvocation.withValue(invocation, () => Promise.await(originalAction.apply(this))) || API.v1.success();

--- a/client/startup/routes.ts
+++ b/client/startup/routes.ts
@ -60,7 +60,7 @@ FlowRouter.route('/meet/:rid', {
 	async action(_params, queryParams) {
 		if (queryParams?.token !== undefined) {
 			// visitor login
-			const visitor = await APIClient.v1.get(`/livechat/visitor/${queryParams?.token}`);
+			const visitor = await APIClient.v1.get(`livechat/visitor/${queryParams?.token}`);
 			if (visitor?.visitor) {
 				return appLayout.render({ component: MeetPage });
 			}
--- a/client/views/meet/MeetPage.tsx
+++ b/client/views/meet/MeetPage.tsx
@ -25,7 +25,7 @@ const MeetPage: FC = () => {
 	const closeCallTab = (): void => window.close();

 	const setupCallForVisitor = useCallback(async () => {
-		const room = await APIClient.v1.get(`/livechat/room?token=${visitorToken}&rid=${roomId}`);
+		const room = await APIClient.v1.get(`livechat/room?token=${visitorToken}&rid=${roomId}`);
 		if (room?.room?.v?.token === visitorToken) {
 			setVisitorId(room.room.v._id);
 			setVisitorName(room.room.fname);
@ -39,7 +39,7 @@ const MeetPage: FC = () => {
 	}, [visitorToken, roomId]);

 	const setupCallForAgent = useCallback(async () => {
-		const room = await APIClient.v1.get(`/rooms.info?roomId=${roomId}`);
+		const room = await APIClient.v1.get(`rooms.info?roomId=${roomId}`);
 		if (room?.room?.servedBy?._id === Meteor.userId()) {
 			setVisitorName(room.room.fname);
 			room?.room?.responseBy?.username
--- a/ee/server/api/api.ts
+++ b/ee/server/api/api.ts
@ -7,8 +7,8 @@ import { isEnterprise } from '../../app/license/server/license';

 export const isNonEnterpriseTwoFactorOptions = (options?: Options):
 	options is NonEnterpriseTwoFactorOptions => !!options
-	&& 'twoFactorRequiredNonEnterprise' in options
-	&& Boolean(options.twoFactorRequiredNonEnterprise);
+	&& 'forceTwoFactorAuthenticationForNonEnterprise' in options
+	&& Boolean(options.forceTwoFactorAuthenticationForNonEnterprise);

 API.v1.processTwoFactor = use(API.v1.processTwoFactor, function([params, ...context], next) {
 	if (isNonEnterpriseTwoFactorOptions(params.options) && !isEnterprise()) {
--- a/ee/server/api/ldap.ts
+++ b/ee/server/api/ldap.ts
@ -3,7 +3,11 @@ import { settings } from '../../../app/settings/server';
 import { API } from '../../../app/api/server/api';
 import { LDAPEE } from '../sdk';

-API.v1.addRoute('ldap.syncNow', { authRequired: true, twoFactorRequiredNonEnterprise: true }, {
+API.v1.addRoute('ldap.syncNow', {
+	authRequired: true,
+	forceTwoFactorAuthenticationForNonEnterprise: true,
+	twoFactorRequired: true,
+}, {
 	async post() {
 		if (!this.userId) {
 			throw new Error('error-invalid-user');
--- a/tests/end-to-end/api/26-LDAP.ts
+++ b/tests/end-to-end/api/26-LDAP.ts
@ -0,0 +1,24 @@
+import { expect } from 'chai';
+import type { Response } from 'supertest';
+
+import { getCredentials, api, request, credentials } from '../../data/api-data.js';
+
+describe('LDAP', function() {
+	this.retries(0);
+
+	before((done) => getCredentials(done));
+
+	describe('[/ldap.syncNow]', () => {
+		it('should throw an error containing totp-required error ', (done) => {
+			request.post(api('ldap.syncNow'))
+				.set(credentials)
+				.expect('Content-Type', 'application/json')
+				.expect(400)
+				.expect((res: Response) => {
+					expect(res.body).to.have.property('success', false);
+					expect(res.body).to.have.property('errorType', 'totp-required');
+				})
+				.end(done);
+		});
+	});
+});