diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index 5623d3e42e..d116f639c7 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -74,30 +74,6 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraphUserGroup/addUserToGroup.feature:289](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L289) -#### [API requests from an unauthorized user should return 403](https://github.com/owncloud/ocis/issues/5938) - -- [apiGraphUserGroup/addUserToGroup.feature:152](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L152) -- [apiGraphUserGroup/addUserToGroup.feature:153](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L153) -- [apiGraphUserGroup/addUserToGroup.feature:154](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L154) -- [apiGraphUserGroup/addUserToGroup.feature:188](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L188) -- [apiGraphUserGroup/addUserToGroup.feature:189](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L189) -- [apiGraphUserGroup/addUserToGroup.feature:190](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L190) -- [apiGraphUserGroup/createGroup.feature:42](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/createGroup.feature#L42) -- [apiGraphUserGroup/createGroup.feature:43](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/createGroup.feature#L43) -- [apiGraphUserGroup/createGroup.feature:44](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/createGroup.feature#L44) -- [apiGraphUserGroup/deleteGroup.feature:63](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/deleteGroup.feature#L63) -- [apiGraphUserGroup/deleteGroup.feature:62](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/deleteGroup.feature#L62) -- [apiGraphUserGroup/deleteGroup.feature:64](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/deleteGroup.feature#L64) -- [apiGraphUserGroup/editGroup.feature:35](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/editGroup.feature#L35) -- [apiGraphUserGroup/editGroup.feature:34](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/editGroup.feature#L34) -- [apiGraphUserGroup/editGroup.feature:36](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/editGroup.feature#L36) -- [apiGraphUserGroup/getGroup.feature:107](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/getGroup.feature#L107) -- [apiGraphUserGroup/getGroup.feature:108](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/getGroup.feature#L108) -- [apiGraphUserGroup/getGroup.feature:109](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/getGroup.feature#L109) -- [apiGraphUserGroup/removeUserFromGroup.feature:193](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature#L193) -- [apiGraphUserGroup/removeUserFromGroup.feature:194](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature#L194) -- [apiGraphUserGroup/removeUserFromGroup.feature:195](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature#L195) - #### [API requests for a non-existent resources should return 404](https://github.com/owncloud/ocis/issues/5939) - [apiGraphUserGroup/addUserToGroup.feature:205](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L205) @@ -306,7 +282,6 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiSpacesDavOperation/moveByFileId.feature:208](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesDavOperation/moveByFileId.feature#L208) - [apiSpacesDavOperation/moveByFileId.feature:209](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesDavOperation/moveByFileId.feature#L209) - ### [OCM. sharing issues](https://github.com/owncloud/ocis/issues/9534) - [apiOcm/share.feature:12](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiOcm/share.feature#L12) diff --git a/tests/acceptance/features/apiGraph/changeRole.feature b/tests/acceptance/features/apiGraph/changeRole.feature index b3c561ddec..6ce2738c7b 100644 --- a/tests/acceptance/features/apiGraph/changeRole.feature +++ b/tests/acceptance/features/apiGraph/changeRole.feature @@ -51,7 +51,7 @@ Feature: change role Given the administrator has assigned the role "" to user "Alice" using the Graph API And user "Brian" has been created with default attributes and without skeleton files When user "Alice" tries to change the role of user "Alice" to role "Admin" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And user "Brian" should have the role "User" Examples: | user-role | diff --git a/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature b/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature index ad936dd205..0957d70751 100644 --- a/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature +++ b/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature @@ -140,7 +140,7 @@ Feature: add users to group "properties": { "message": { "type": "string", - "enum": ["Unauthorized"] + "enum": ["Forbidden"] } } } @@ -176,7 +176,7 @@ Feature: add users to group "properties": { "message" : { "type": "string", - "enum": ["Unauthorized"] + "enum": ["Forbidden"] } } } diff --git a/tests/acceptance/features/apiGraphUserGroup/createUser.feature b/tests/acceptance/features/apiGraphUserGroup/createUser.feature index 63b4df65b8..821a411d30 100644 --- a/tests/acceptance/features/apiGraphUserGroup/createUser.feature +++ b/tests/acceptance/features/apiGraphUserGroup/createUser.feature @@ -56,7 +56,7 @@ Feature: create user | email | @example.org | | password | 123 | | accountEnabled | true | - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And user "user" should not exist Examples: | user-role | diff --git a/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature b/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature index fc1e21ec54..ebdc6f9d22 100644 --- a/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature +++ b/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature @@ -60,7 +60,7 @@ Feature: delete user Scenario Outline: non-admin user tries to delete his/her own account Given the administrator has assigned the role "" to user "Alice" using the Graph API When the user "Alice" deletes a user "Alice" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And user "Alice" should exist Examples: | user-role | @@ -78,7 +78,7 @@ Feature: delete user Scenario Outline: non-admin user tries to delete a nonexistent user Given the administrator has assigned the role "" to user "Alice" using the Graph API When the user "Alice" tries to delete a nonexistent user using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" Examples: | user-role | | Space Admin | @@ -91,7 +91,7 @@ Feature: delete user And the administrator has assigned the role "" to user "Brian" using the Graph API And the administrator has assigned the role "" to user "Alice" using the Graph API When the user "Alice" deletes a user "Brian" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And user "Brian" should exist Examples: | user-role | user-role-2 | @@ -126,7 +126,7 @@ Feature: delete user And the administrator has assigned the role "" to user "Carol" using the Graph API And the user "Alice" has disabled user "Brian" When the user "Carol" deletes a user "Brian" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And user "Brian" should exist Examples: | user-role | user-role-2 | diff --git a/tests/acceptance/features/apiGraphUserGroup/editUser.feature b/tests/acceptance/features/apiGraphUserGroup/editUser.feature index 14c88df546..b2e522901f 100644 --- a/tests/acceptance/features/apiGraphUserGroup/editUser.feature +++ b/tests/acceptance/features/apiGraphUserGroup/editUser.feature @@ -123,7 +123,7 @@ Feature: edit user Scenario Outline: normal user should not be able to change his/her own display name Given the administrator has assigned the role "" to user "Brian" using the Graph API When the user "Brian" tries to change the display name of user "Brian" to "Brian Murphy" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the user information of "Alice" should match this JSON schema """ { @@ -155,7 +155,7 @@ Feature: edit user | password | 1234 | And the administrator has assigned the role "" to user "Carol" using the Graph API When the user "Brian" tries to change the display name of user "Carol" to "Alice Hansen" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the user information of "Carol" should match this JSON schema """ { @@ -204,7 +204,7 @@ Feature: edit user And the administrator has assigned the role "" to user "Carol" using the Graph API And user "Carol" has uploaded file with content "test file for reset password" to "/resetpassword.txt" When the user "Brian" resets the password of user "Carol" to "newpassword" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the content of file "resetpassword.txt" for user "Carol" using password "1234" should be "test file for reset password" But user "Carol" using password "newpassword" should not be able to download file "resetpassword.txt" Examples: @@ -264,7 +264,7 @@ Feature: edit user Given user "Carol" has been created with default attributes and without skeleton files And the administrator has assigned the role "" to user "Brian" using the Graph API When the user "Brian" tries to disable user "Carol" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" When user "Alice" gets information of user "Carol" using Graph API Then the HTTP status code should be "200" And the JSON data of the response should match @@ -347,7 +347,7 @@ Feature: edit user And the user "Alice" has disabled user "Carol" And the administrator has assigned the role "" to user "Brian" using the Graph API When the user "Brian" tries to enable user "Carol" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" When user "Alice" gets information of user "Carol" using Graph API Then the HTTP status code should be "200" And the JSON data of the response should match diff --git a/tests/acceptance/features/apiGraphUserGroup/getGroup.feature b/tests/acceptance/features/apiGraphUserGroup/getGroup.feature index e55819afa2..5056538811 100644 --- a/tests/acceptance/features/apiGraphUserGroup/getGroup.feature +++ b/tests/acceptance/features/apiGraphUserGroup/getGroup.feature @@ -95,7 +95,7 @@ Feature: get groups and their members "properties": { "message": { "type": "string", - "enum": ["Unauthorized"] + "enum": ["Forbidden"] } } } diff --git a/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature b/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature index a8032edaf3..b50ed0693e 100644 --- a/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature +++ b/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature @@ -180,7 +180,7 @@ Feature: remove a user from a group "properties": { "message": { "type": "string", - "enum": ["Unauthorized"] + "enum": ["Forbidden"] } } } diff --git a/tests/acceptance/features/apiGraphUserGroup/searchUserIncludingEmail.feature b/tests/acceptance/features/apiGraphUserGroup/searchUserIncludingEmail.feature index cc98992bda..c087b22452 100644 --- a/tests/acceptance/features/apiGraphUserGroup/searchUserIncludingEmail.feature +++ b/tests/acceptance/features/apiGraphUserGroup/searchUserIncludingEmail.feature @@ -39,7 +39,7 @@ Feature: edit/search user including email Scenario Outline: normal user should not be able to change their email address Given the administrator has assigned the role "" to user "Brian" using the Graph API When the user "Brian" tries to change the email of user "Brian" to "newemail@example.com" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the user information of "Brian" should match this JSON schema """ { @@ -68,7 +68,7 @@ Feature: edit/search user including email | password | 1234 | And the administrator has assigned the role "" to user "Carol" using the Graph API When the user "Brian" tries to change the email of user "Carol" to "newemail@example.com" using the Graph API - Then the HTTP status code should be "401" + Then the HTTP status code should be "403" And the user information of "Carol" should match this JSON schema """ {