From 0cb731aef1d0bf7d27b81a1af823a6b4c7afacfa Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 24 Jan 2024 16:52:38 +0100 Subject: [PATCH] tests: fix test expectations for cors (#8279) --- ...ected-failures-localAPI-on-OCIS-storage.md | 12 ------ .../acceptance/features/apiCors/cors.feature | 39 ++++++++++--------- 2 files changed, 20 insertions(+), 31 deletions(-) diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index d9b6da351e..83703bdc47 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -45,18 +45,6 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraphUserGroup/deleteGroup.feature:67](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/deleteGroup.feature#L67) -#### [CORS headers are not identical with oC10 headers](https://github.com/owncloud/ocis/issues/5195) - -- [apiCors/cors.feature:28](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiCors/cors.feature#L28) -- [apiCors/cors.feature:29](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiCors/cors.feature#L29) -- [apiCors/cors.feature:30](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiCors/cors.feature#L30) -- [apiCors/cors.feature:31](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiCors/cors.feature#L31) - -#### [Requests with invalid credentials do not return CORS headers](https://github.com/owncloud/ocis/issues/5194) - -- [apiCors/cors.feature:70](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiCors/cors.feature#L70) -- [apiCors/cors.feature:71](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiCors/cors.feature#L71) - #### [A User can get information of another user with Graph API](https://github.com/owncloud/ocis/issues/5125) - [apiGraphUserGroup/getUser.feature:89](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/getUser.feature#L89) diff --git a/tests/acceptance/features/apiCors/cors.feature b/tests/acceptance/features/apiCors/cors.feature index a0a8da4cde..28131c8a08 100644 --- a/tests/acceptance/features/apiCors/cors.feature +++ b/tests/acceptance/features/apiCors/cors.feature @@ -18,11 +18,10 @@ Feature: CORS headers Then the OCS status code should be "" And the HTTP status code should be "" And the following headers should be set - | header | value | - | Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,OC-RequestAppPassword,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,Cache-Control,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With | - | Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,OC-RequestAppPassword,Vary,Webdav-Location,X-Sabre-Status | - | Access-Control-Allow-Origin | https://aphno.badal | - | Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT | + | header | value | + | Access-Control-Expose-Headers | Location | + | Access-Control-Allow-Origin | https://aphno.badal | + | Access-Control-Allow-Credentials | true | Examples: | ocs_api_version | endpoint | ocs-code | http-code | | 1 | /config | 100 | 200 | @@ -52,20 +51,22 @@ Feature: CORS headers | 2 | /apps/files_sharing/api/v1/shares | 200 | 200 | @issue-5194 - Scenario Outline: CORS headers should be returned when an invalid password is used + Scenario Outline: CORS headers should be returned when an preflight request is sent Given using OCS API version "" - When user "Alice" sends HTTP method "GET" to OCS API endpoint "" with headers using password "invalid" - | header | value | - | Origin | https://aphno.badal | - Then the OCS status code should be "997" - And the HTTP status code should be "401" + When user "Alice" sends HTTP method "OPTIONS" to OCS API endpoint "" with headers + | header | value | + | Origin | https://aphno.badal | + | Access-Control-Request-Headers | Origin, Accept, Content-Type, Depth, Authorization, Ocs-Apirequest, If-None-Match, If-Match, Destination, Overwrite, X-Request-Id, X-Requested-With, Tus-Resumable, Tus-Checksum-Algorithm, Upload-Concat, Upload-Length, Upload-Metadata, Upload-Defer-Length, Upload-Expires, Upload-Checksum, Upload-Offset, X-Http-Method-Override, Cache-Control | + | Access-Control-Request-Method | | + And the HTTP status code should be "204" And the following headers should be set - | header | value | - | Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,OC-RequestAppPassword,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,Cache-Control,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With | - | Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,OC-RequestAppPassword,Vary,Webdav-Location,X-Sabre-Status | - | Access-Control-Allow-Origin | https://aphno.badal | - | Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT | + | header | value | + | Access-Control-Allow-Headers | Origin, Accept, Content-Type, Depth, Authorization, Ocs-Apirequest, If-None-Match, If-Match, Destination, Overwrite, X-Request-Id, X-Requested-With, Tus-Resumable, Tus-Checksum-Algorithm, Upload-Concat, Upload-Length, Upload-Metadata, Upload-Defer-Length, Upload-Expires, Upload-Checksum, Upload-Offset, X-Http-Method-Override, Cache-Control | + | Access-Control-Allow-Origin | https://aphno.badal | + | Access-Control-Allow-Methods | | Examples: - | ocs_api_version | endpoint | - | 1 | /apps/files_sharing/api/v1/shares | - | 2 | /apps/files_sharing/api/v1/shares | + | ocs_api_version | | endpoint | request_method | + | 1 | | /apps/files_sharing/api/v1/shares | GET | + | 2 | | /apps/files_sharing/api/v1/shares | PUT | + | 1 | | /apps/files_sharing/api/v1/shares | DELETE | + | 2 | | /apps/files_sharing/api/v1/shares | POST |