From 71f1c752fffe270a24e4fec36f9bf328ed09cf32 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Thu, 30 Jul 2020 14:40:11 +0545 Subject: [PATCH] Add apiOcisSpecific features from apiAuthOcs --- .../apiOcisSpecific/ocsGETAuth.feature | 112 ++++++++++++++++++ .../apiOcisSpecific/ocsPOSTAuth.feature | 35 ++++++ .../apiOcisSpecific/ocsPUTAuth.feature | 18 +++ 3 files changed, 165 insertions(+) create mode 100644 tests/acceptance/features/apiOcisSpecific/ocsGETAuth.feature create mode 100644 tests/acceptance/features/apiOcisSpecific/ocsPOSTAuth.feature create mode 100644 tests/acceptance/features/apiOcisSpecific/ocsPUTAuth.feature diff --git a/tests/acceptance/features/apiOcisSpecific/ocsGETAuth.feature b/tests/acceptance/features/apiOcisSpecific/ocsGETAuth.feature new file mode 100644 index 000000000..d48ec88c0 --- /dev/null +++ b/tests/acceptance/features/apiOcisSpecific/ocsGETAuth.feature @@ -0,0 +1,112 @@ +@api +Feature: auth + + Background: + Given user "Alice" has been created with default attributes and skeleton files + + @issue-ocis-reva-29 + @issue-ocis-reva-30 + # after fixing all issues delete this Scenario and use the one from oC10 core + Scenario: using OCS anonymously + When a user requests these endpoints with "GET" and no authentication + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + | /ocs/v1.php/config | + | /ocs/v2.php/config | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "notset" + + @issue-ocis-reva-11 + @issue-ocis-reva-30 + @issue-ocis-reva-31 + @issue-ocis-reva-32 + @issue-ocis-reva-33 + @issue-ocis-reva-34 + @issue-ocis-reva-35 + # after fixing all issues delete this Scenario and use the one from oC10 core + Scenario: using OCS with non-admin basic auth + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v1.php/cloud/groups | + | /ocs/v1.php/cloud/apps | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "998" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v1.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + # | /ocs/v1.php/apps/files_sharing/api/v1/shares | 100 | 200 | + # | /ocs/v2.php/apps/files_sharing/api/v1/shares | 100 | 200 | + + | /ocs/v2.php/cloud/apps | + | /ocs/v2.php/cloud/groups | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "404" + And the OCS status code of responses on all endpoints should be "998" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v1.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "403" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "403" + And the OCS status code of responses on all endpoints should be "403" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v2.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" + + @issue-ocis-reva-29 + @issue-ocis-reva-30 + # after fixing all issues delete this Scenario and use the one from oC10 core + Scenario: using OCS as normal user with wrong password + When user "Alice" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + | /ocs/v1.php/config | + | /ocs/v2.php/config | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "notset" diff --git a/tests/acceptance/features/apiOcisSpecific/ocsPOSTAuth.feature b/tests/acceptance/features/apiOcisSpecific/ocsPOSTAuth.feature new file mode 100644 index 000000000..3b3927e6e --- /dev/null +++ b/tests/acceptance/features/apiOcisSpecific/ocsPOSTAuth.feature @@ -0,0 +1,35 @@ +@api +Feature: auth + + Background: + Given user "Alice" has been created with default attributes and skeleton files + + @issue-ocis-reva-30 + # after fixing all issues delete this Scenario and use the one from oC10 core + Scenario: send POST requests to OCS endpoints as normal user with wrong password + When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice" + | endpoint | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/123 | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/apps/files_sharing/api/v1/shares/pending/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/shares/pending/123 | + | /ocs/v1.php/cloud/apps/testing | + | /ocs/v2.php/cloud/apps/testing | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + | /ocs/v1.php/cloud/users/%username%/groups | + | /ocs/v2.php/cloud/users/%username%/groups | + | /ocs/v1.php/cloud/users/%username%/subadmins | + | /ocs/v2.php/cloud/users/%username%/subadmins | + | /ocs/v1.php/person/check | + | /ocs/v2.php/person/check | + | /ocs/v1.php/privatedata/deleteattribute/testing/test | + | /ocs/v2.php/privatedata/deleteattribute/testing/test | + | /ocs/v1.php/privatedata/setattribute/testing/test | + | /ocs/v2.php/privatedata/setattribute/testing/test | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "notset" diff --git a/tests/acceptance/features/apiOcisSpecific/ocsPUTAuth.feature b/tests/acceptance/features/apiOcisSpecific/ocsPUTAuth.feature new file mode 100644 index 000000000..b8e54da9a --- /dev/null +++ b/tests/acceptance/features/apiOcisSpecific/ocsPUTAuth.feature @@ -0,0 +1,18 @@ +@api +Feature: auth + + @issue-ocis-reva-30 + # after fixing all issues delete this Scenario and use the one from oC10 core + Scenario: send PUT request to OCS endpoints as admin with wrong password + When the administrator requests these endpoints with "PUT" with body "doesnotmatter" using password "invalid" about user "Alice" + | endpoint | + | /ocs/v1.php/cloud/users/%username% | + | /ocs/v2.php/cloud/users/%username% | + | /ocs/v1.php/cloud/users/%username%/disable | + | /ocs/v2.php/cloud/users/%username%/disable | + | /ocs/v1.php/cloud/users/%username%/enable | + | /ocs/v2.php/cloud/users/%username%/enable | + | /ocs/v1.php/apps/files_sharing/api/v1/shares/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/shares/123 | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "notset"