From 831d57f7488bdd5a935b962024d313c3cf67f27d Mon Sep 17 00:00:00 2001 From: Prajwol Amatya <83579989+PrajwolAmatya@users.noreply.github.com> Date: Thu, 22 Jun 2023 14:25:45 +0545 Subject: [PATCH] [tests-only] [full-ci] API test for enforce password config and update the public share to edit permission (#6409) * api test to update public link to upload, edit or contribute permission with enforce password enabled * added test to create public link with enforce password enabled --- tests/acceptance/config/behat.yml | 1 + .../enforcePasswordPublicLink.feature | 62 +++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 tests/acceptance/features/apiGraph/enforcePasswordPublicLink.feature diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml index 0631ee4066..98c60cf2e9 100644 --- a/tests/acceptance/config/behat.yml +++ b/tests/acceptance/config/behat.yml @@ -138,6 +138,7 @@ default: - WebDavPropertiesContext: - TUSContext: - SpacesTUSContext: + - OcisConfigContext: apiCors: paths: diff --git a/tests/acceptance/features/apiGraph/enforcePasswordPublicLink.feature b/tests/acceptance/features/apiGraph/enforcePasswordPublicLink.feature new file mode 100644 index 0000000000..c0feb39e65 --- /dev/null +++ b/tests/acceptance/features/apiGraph/enforcePasswordPublicLink.feature @@ -0,0 +1,62 @@ +@api @env-config +Feature: enforce password on public link + As a user + I want to enforce passwords on public links shared with upload, edit, or contribute permission + So that the password is required to access the contents of the link + + Background: + Given the config "OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" has been set to "true" + And these users have been created with default attributes and without skeleton files: + | username | + | Alice | + And user "Alice" has uploaded file with content "test file" to "/testfile.txt" + + + Scenario Outline: create a public link with edit permission without a password when enforce-password is enabled + Given using OCS API version "" + When user "Alice" creates a public link share using the sharing API with settings + | path | /testfile.txt | + | permissions | 3 | + Then the HTTP status code should be "" + Then the OCS status code should be "400" + And the OCS status message should be "missing required password" + Examples: + | ocs-api-version | http-code | + | 1 | 200 | + | 2 | 400 | + + + Scenario Outline: update a public link to edit permission without a password + Given using OCS API version "" + And user "Alice" has created a public link share with settings + | path | /testfile.txt | + | permissions | 1 | + When user "Alice" updates the last public link share using the sharing API with + | permissions | 3 | + Then the HTTP status code should be "" + Then the OCS status code should be "400" + And the OCS status message should be "missing required password" + Examples: + | ocs-api-version | http-code | + | 1 | 200 | + | 2 | 400 | + + + Scenario Outline: updates a public link to edit permission with a password + Given using OCS API version "" + And user "Alice" has created a public link share with settings + | path | /testfile.txt | + | permissions | 1 | + When user "Alice" updates the last public link share using the sharing API with + | permissions | 3 | + | password | testpassword | + Then the HTTP status code should be "200" + And the OCS status code should be "" + And the OCS status message should be "OK" + And the public should not be able to download file "/textfile.txt" from inside the last public link shared folder using the new public WebDAV API without a password + And the public should not be able to download file "/textfile.txt" from inside the last public link shared folder using the new public WebDAV API with password "wrong pass" + But the public should be able to download file "/textfile.txt" from inside the last public link shared folder using the new public WebDAV API with password "testpassword" + Examples: + | ocs-api-version | ocs-code | + | 1 | 100 | + | 2 | 200 |