diff --git a/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature b/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature index eefb91ee807b..e22f77051e2a 100644 --- a/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature +++ b/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature @@ -4,37 +4,31 @@ Feature: auth Given user "user0" has been created with default attributes @issue-32068 - Scenario Outline: using OCS anonymously - When a user requests "" with "GET" and no authentication - Then the OCS status code should be "" - And the HTTP status code should be "" - Examples: - |endpoint | ocs-code | http-code | - |/ocs/v1.php/apps/files_external/api/v1/mounts | 997 | 401 | - |/ocs/v2.php/apps/files_external/api/v1/mounts | 997 | 401 | - |/ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - |/ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - |/ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - |/ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - |/ocs/v1.php/apps/files_sharing/api/v1/shares | 997 | 401 | - |/ocs/v2.php/apps/files_sharing/api/v1/shares | 997 | 401 | - |/ocs/v1.php/cloud/apps | 997 | 401 | - |/ocs/v2.php/cloud/apps | 997 | 401 | - |/ocs/v1.php/cloud/groups | 997 | 401 | - |/ocs/v2.php/cloud/groups | 997 | 401 | - |/ocs/v1.php/cloud/users | 997 | 401 | - |/ocs/v2.php/cloud/users | 997 | 401 | - |/ocs/v1.php/config | 100 | 200 | - |/ocs/v2.php/config | 200 | 200 | - |/ocs/v1.php/privatedata/getattribute | 997 | 401 | - |/ocs/v2.php/privatedata/getattribute | 997 | 401 | + Scenario: using OCS anonymously + When a user requests these endpoints with "GET" and no authentication then the status codes should be as listed + | endpoint | ocs-code | http-code | + | /ocs/v1.php/apps/files_external/api/v1/mounts | 997 | 401 | + | /ocs/v2.php/apps/files_external/api/v1/mounts | 997 | 401 | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | 997 | 401 | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | 997 | 401 | + | /ocs/v1.php/cloud/apps | 997 | 401 | + | /ocs/v2.php/cloud/apps | 997 | 401 | + | /ocs/v1.php/cloud/groups | 997 | 401 | + | /ocs/v2.php/cloud/groups | 997 | 401 | + | /ocs/v1.php/cloud/users | 997 | 401 | + | /ocs/v2.php/cloud/users | 997 | 401 | + | /ocs/v1.php/config | 100 | 200 | + | /ocs/v2.php/config | 200 | 200 | + | /ocs/v1.php/privatedata/getattribute | 997 | 401 | + | /ocs/v2.php/privatedata/getattribute | 997 | 401 | @issue-32068 - Scenario Outline: using OCS with non-admin basic auth - When user "user0" requests "" with "GET" using basic auth - Then the OCS status code should be "" - And the HTTP status code should be "" - Examples: + Scenario: using OCS with non-admin basic auth + When user "user0" requests these endpoints with "GET" with basic auth then the status codes should be as listed |endpoint | ocs-code | http-code | |/ocs/v1.php/apps/files_external/api/v1/mounts | 100 | 200 | |/ocs/v2.php/apps/files_external/api/v1/mounts | 200 | 200 | @@ -56,37 +50,30 @@ Feature: auth |/ocs/v2.php/privatedata/getattribute | 200 | 200 | @issue-32068 - Scenario Outline: using OCS as normal user with wrong password - Given using OCS API version "" - When user "user0" sends HTTP method "GET" to OCS API endpoint "" using password "invalid" - Then the OCS status code should be "" - And the HTTP status code should be "" - Examples: - | ocs_api_version |endpoint | ocs-code | http-code | - | 1 |/apps/files_external/api/v1/mounts | 997 | 401 | - | 2 |/apps/files_external/api/v1/mounts | 997 | 401 | - | 1 |/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | 2 |/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | 1 |/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | 2 |/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | 1 |/apps/files_sharing/api/v1/shares | 997 | 401 | - | 2 |/apps/files_sharing/api/v1/shares | 997 | 401 | - | 1 |/cloud/apps | 997 | 401 | - | 2 |/cloud/apps | 997 | 401 | - | 1 |/cloud/groups | 997 | 401 | - | 2 |/cloud/groups | 997 | 401 | - | 1 |/cloud/users | 997 | 401 | - | 2 |/cloud/users | 997 | 401 | - | 1 |/config | 100 | 200 | - | 2 |/config | 200 | 200 | - | 1 |/privatedata/getattribute | 997 | 401 | - | 2 |/privatedata/getattribute | 997 | 401 | + Scenario: using OCS as normal user with wrong password + When user "user0" requests with "GET" using these endpoints with password "invalid" then the status codes should be as listed + | endpoint | ocs-code | http-code | + | /ocs/v1.php/apps/files_external/api/v1/mounts | 997 | 401 | + | /ocs/v2.php/apps/files_external/api/v1/mounts | 997 | 401 | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | 997 | 401 | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | 997 | 401 | + | /ocs/v1.php/cloud/apps | 997 | 401 | + | /ocs/v2.php/cloud/apps | 997 | 401 | + | /ocs/v1.php/cloud/groups | 997 | 401 | + | /ocs/v2.php/cloud/groups | 997 | 401 | + | /ocs/v1.php/cloud/users | 997 | 401 | + | /ocs/v2.php/cloud/users | 997 | 401 | + | /ocs/v1.php/config | 100 | 200 | + | /ocs/v2.php/config | 200 | 200 | + | /ocs/v1.php/privatedata/getattribute | 997 | 401 | + | /ocs/v2.php/privatedata/getattribute | 997 | 401 | - Scenario Outline: using OCS with admin basic auth - When the administrator requests "" with "GET" using basic auth - Then the OCS status code should be "" - And the HTTP status code should be "" - Examples: + Scenario:using OCS with admin basic auth + When admin requests these endpoint with "GET" then the status codes should be as listed |endpoint | ocs-code | http-code | |/ocs/v1.php/cloud/apps | 100 | 200 | |/ocs/v2.php/cloud/apps | 200 | 200 | @@ -95,36 +82,31 @@ Feature: auth |/ocs/v1.php/cloud/users | 100 | 200 | |/ocs/v2.php/cloud/users | 200 | 200 | - Scenario Outline: using OCS as admin user with wrong password - Given using OCS API version "" - When the administrator sends HTTP method "GET" to OCS API endpoint "" using password "invalid" - Then the OCS status code should be "" - And the HTTP status code should be "" - Examples: - | ocs_api_version |endpoint | ocs-code | http-code | - | 1 |/apps/files_external/api/v1/mounts | 997 | 401 | - | 2 |/apps/files_external/api/v1/mounts | 997 | 401 | - | 1 |/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | 2 |/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | 1 |/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | 2 |/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | 1 |/apps/files_sharing/api/v1/shares | 997 | 401 | - | 2 |/apps/files_sharing/api/v1/shares | 997 | 401 | - | 1 |/cloud/apps | 997 | 401 | - | 2 |/cloud/apps | 997 | 401 | - | 1 |/cloud/groups | 997 | 401 | - | 2 |/cloud/groups | 997 | 401 | - | 1 |/cloud/users | 997 | 401 | - | 2 |/cloud/users | 997 | 401 | - | 1 |/privatedata/getattribute | 997 | 401 | - | 2 |/privatedata/getattribute | 997 | 401 | + Scenario: using OCS as admin user with wrong password + When admin requests these endpoints with "GET" using password "invalid" then the status codes should be as listed + | endpoint | ocs-code | http-code | + | /ocs/v1.php/apps/files_external/api/v1/mounts | 997 | 401 | + | /ocs/v2.php/apps/files_external/api/v1/mounts | 997 | 401 | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | 997 | 401 | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | 997 | 401 | + | /ocs/v1.php/cloud/apps | 997 | 401 | + | /ocs/v2.php/cloud/apps | 997 | 401 | + | /ocs/v1.php/cloud/groups | 997 | 401 | + | /ocs/v2.php/cloud/groups | 997 | 401 | + | /ocs/v1.php/cloud/users | 997 | 401 | + | /ocs/v2.php/cloud/users | 997 | 401 | + | /ocs/v1.php/config | 100 | 200 | + | /ocs/v2.php/config | 200 | 200 | + | /ocs/v1.php/privatedata/getattribute | 997 | 401 | + | /ocs/v2.php/privatedata/getattribute | 997 | 401 | - Scenario Outline: using OCS with token auth of a normal user + Scenario: using OCS with token auth of a normal user Given a new client token for "user0" has been generated - When user "user0" requests "" with "GET" using basic token auth - Then the OCS status code should be "" - And the HTTP status code should be "" - Examples: + When "user0" requests endpoint with "GET" using basic token auth then status codes should be as listed |endpoint | ocs-code | http-code | |/ocs/v1.php/apps/files_external/api/v1/mounts | 100 | 200 | |/ocs/v2.php/apps/files_external/api/v1/mounts | 200 | 200 | @@ -145,39 +127,33 @@ Feature: auth |/ocs/v1.php/privatedata/getattribute | 100 | 200 | |/ocs/v2.php/privatedata/getattribute | 200 | 200 | - Scenario Outline: using OCS with browser session of a normal user - Given a new browser session for "user0" has been started - When the user requests "" with "GET" using the browser session - Then the OCS status code should be "" - And the HTTP status code should be "" - Examples: - |endpoint | ocs-code | http-code | - |/ocs/v1.php/apps/files_external/api/v1/mounts | 100 | 200 | - |/ocs/v2.php/apps/files_external/api/v1/mounts | 200 | 200 | - |/ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 100 | 200 | - |/ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 200 | 200 | - |/ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 100 | 200 | - |/ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 200 | 200 | - |/ocs/v1.php/apps/files_sharing/api/v1/shares | 100 | 200 | - |/ocs/v2.php/apps/files_sharing/api/v1/shares | 200 | 200 | - |/ocs/v1.php/cloud/apps | 997 | 401 | - |/ocs/v2.php/cloud/apps | 997 | 401 | - |/ocs/v1.php/cloud/groups | 997 | 401 | - |/ocs/v2.php/cloud/groups | 997 | 401 | - |/ocs/v1.php/cloud/users | 997 | 401 | - |/ocs/v2.php/cloud/users | 997 | 401 | - |/ocs/v1.php/config | 100 | 200 | - |/ocs/v2.php/config | 200 | 200 | - |/ocs/v1.php/privatedata/getattribute | 100 | 200 | - |/ocs/v2.php/privatedata/getattribute | 200 | 200 | + Scenario: using OCS with browser session of normal user + Given a new browser session for "user0" has been started + When user0 requests these endpoints with "GET" using new browser session then status code be as listed + |endpoint | ocs-code | http-code | + |/ocs/v1.php/apps/files_external/api/v1/mounts | 100 | 200 | + |/ocs/v2.php/apps/files_external/api/v1/mounts | 200 | 200 | + |/ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 100 | 200 | + |/ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 200 | 200 | + |/ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 100 | 200 | + |/ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 200 | 200 | + |/ocs/v1.php/apps/files_sharing/api/v1/shares | 100 | 200 | + |/ocs/v2.php/apps/files_sharing/api/v1/shares | 200 | 200 | + |/ocs/v1.php/cloud/apps | 997 | 401 | + |/ocs/v2.php/cloud/apps | 997 | 401 | + |/ocs/v1.php/cloud/groups | 997 | 401 | + |/ocs/v2.php/cloud/groups | 997 | 401 | + |/ocs/v1.php/cloud/users | 997 | 401 | + |/ocs/v2.php/cloud/users | 997 | 401 | + |/ocs/v1.php/config | 100 | 200 | + |/ocs/v2.php/config | 200 | 200 | + |/ocs/v1.php/privatedata/getattribute | 100 | 200 | + |/ocs/v2.php/privatedata/getattribute | 200 | 200 | - Scenario Outline: using OCS with an app password of a normal user + Scenario: using OCS with an app password of a normal user Given a new browser session for "user0" has been started And the user has generated a new app password named "my-client" - When the user requests "" with "GET" using the generated app password - Then the OCS status code should be "" - And the HTTP status code should be "" - Examples: + When the user requests these endpoints with "GET" using the generated app password then status code should be as listed |endpoint | ocs-code | http-code | |/ocs/v1.php/apps/files_external/api/v1/mounts | 100 | 200 | |/ocs/v2.php/apps/files_external/api/v1/mounts | 200 | 200 | diff --git a/tests/acceptance/features/bootstrap/Auth.php b/tests/acceptance/features/bootstrap/Auth.php index b2ec96637e6b..99e251673cdb 100644 --- a/tests/acceptance/features/bootstrap/Auth.php +++ b/tests/acceptance/features/bootstrap/Auth.php @@ -20,6 +20,7 @@ */ use TestHelpers\HttpRequestHelper; +use Behat\Gherkin\Node\TableNode; require __DIR__ . '/../../../../lib/composer/autoload.php'; @@ -96,6 +97,167 @@ public function userRequestsURLWith($url, $method) { $this->sendRequest($url, $method); } + /** + * @When a user requests these endpoints with :method and no authentication then the status codes should be as listed + * + * @param string $method + * @param TableNode $table + * + * @return void + */ + public function userRequestsEndpointsWithNoAuthentication($method, TableNode $table) { + foreach ($table->getHash() as $row) { + $this->sendRequest($row['endpoint'], $method); + $this->ocsContext->theOCSStatusCodeShouldBe( + $row['ocs-code'], + $message = "Got unexpected OCS code while sending request to endpoint " . $row['endpoint'] + ); + $this->theHTTPStatusCodeShouldBe( + $row['http-code'], + $message = "Got unexpected HTTP code while sending request to endpoint " . $row['endpoint'] + ); + } + } + + /** + * @When user :user requests these endpoints with :method with basic auth then the status codes should be as listed + * + * @param string $user + * @param string $method + * @param TableNode $table + * + * @return void + */ + public function userRequestsEndpointsWithBasicAuth($user, $method, TableNode $table) { + $this->userRequestsEndpointsWithWrongPassword($user, $method, null, $table); + } + + /** + * @When user :user requests with :method using these endpoints with password :password then the status codes should be as listed + * + * @param string $user + * @param string $method + * @param string $password + * @param TableNode $table + * + * @return void + */ + public function userRequestsEndpointsWithWrongPassword($user, $method, $password, TableNode $table) { + foreach ($table->getHash() as $row) { + $this->userRequestsURLWithUsingBasicAuth($user, $row['endpoint'], $method, $password); + $this->ocsContext->theOCSStatusCodeShouldBe( + $row['ocs-code'], + $message = "Got unexpected OCS code while sending request to endpoint " . $row['endpoint'] + ); + $this->theHTTPStatusCodeShouldBe( + $row['http-code'], + $message = "Got unexpected HTTP code while sending request to endpoint " . $row['endpoint'] + ); + } + } + + /** + * @When admin requests these endpoint with :method then the status codes should be as listed + * + * @param string $method + * @param TableNode $table + * + * @return void + */ + public function adminRequestsEndpoint($method, TableNode $table) { + $this-> adminRequestsEndpointsWithPassword($method, null, $table); + } + + /** + * @When admin requests these endpoints with :method using password :password then the status codes should be as listed + * + * @param string $method + * @param string $password + * @param TableNode $table + * + * @return void + */ + public function adminRequestsEndpointsWithPassword($method, $password, TableNode $table) { + foreach ($table->getHash() as $row) { + $this->administratorRequestsURLWithUsingBasicAuth($row['endpoint'], $method, $password); + $this->ocsContext->theOCSStatusCodeShouldBe( + $row['ocs-code'], + $message = "Got unexpected OCS code while sending request to endpoint " . $row['endpoint'] + ); + $this->theHTTPStatusCodeShouldBe( + $row['http-code'], + $message = "Got unexpected HTTP code while sending request to endpoint " . $row['endpoint'] + ); + } + } + + /** + * @When :user0 requests endpoint with :method using basic token auth then status codes should be as listed + * + * @param string $user0 + * @param string $method + * @param TableNode $table + * + * @return void + */ + public function newlyGeneratedClientRequestsForEndpointUsingBasicTokenAuth($user0, $method, TableNode $table) { + foreach ($table->getHash() as $row) { + $this->userRequestsURLWithUsingBasicTokenAuth($user0, $row['endpoint'], $method); + $this->ocsContext->theOCSStatusCodeShouldBe( + $row['ocs-code'], + $message = "Got unexpected OCS code while sending request to endpoint " . $row['endpoint'] + ); + $this->theHTTPStatusCodeShouldBe( + $row['http-code'], + $message = "Got unexpected HTTP code while sending request to endpoint " . $row['endpoint'] + ); + } + } + + /** + * @When user0 requests these endpoints with :method using new browser session then status code be as listed + * + * @param string $method + * @param TableNode $table + * + * @return void + */ + public function userRequestsTheseEndpointsUsingNewBrowserSession($method, TableNode $table) { + foreach ($table->getHash() as $row) { + $this->userRequestsURLWithBrowserSession($row['endpoint'], $method); + $this->ocsContext->theOCSStatusCodeShouldBe( + $row['ocs-code'], + $message = "Got unexpected OCS code while sending request to endpoint " . $row['endpoint'] + ); + $this->theHTTPStatusCodeShouldBe( + $row['http-code'], + $message = "Got unexpected HTTP code while sending request to endpoint " . $row['endpoint'] + ); + } + } + + /** + * @When the user requests these endpoints with :method using the generated app password then status code should be as listed + * + * @param string $method + * @param TableNode $table + * + * @return void + */ + public function userRequestsEndpointsUsingTheGeneratedAppPassword($method, TableNode $table) { + foreach ($table->getHash() as $row) { + $this->userRequestsURLWithUsingAppPassword($row['endpoint'], $method); + $this->ocsContext->theOCSStatusCodeShouldBe( + $row['ocs-code'], + $message = "Got unexpected OCS code while sending request to endpoint " . $row['endpoint'] + ); + $this->theHTTPStatusCodeShouldBe( + $row['http-code'], + $message = "Got unexpected HTTP code while sending request to endpoint " . $row['endpoint'] + ); + } + } + /** * @param string $url * @param string $method @@ -205,11 +367,16 @@ public function aNewClientTokenForTheAdministratorHasBeenGenerated() { * @param string $user * @param string $url * @param string $method + * @param string $password * * @return void */ - public function userRequestsURLWithUsingBasicAuth($user, $url, $method) { - $authString = "$user:" . $this->getPasswordForUser($user); + public function userRequestsURLWithUsingBasicAuth($user, $url, $method, $password=null) { + if ($password === null) { + $authString = "$user:" . $this->getPasswordForUser($user); + } else { + $authString = $password; + } $this->sendRequest( $url, $method, 'basic ' . \base64_encode($authString) ); @@ -220,12 +387,13 @@ public function userRequestsURLWithUsingBasicAuth($user, $url, $method) { * * @param string $url * @param string $method + * @param string $password * * @return void */ - public function administratorRequestsURLWithUsingBasicAuth($url, $method) { + public function administratorRequestsURLWithUsingBasicAuth($url, $method, $password=null) { $this->userRequestsURLWithUsingBasicAuth( - $this->getAdminUsername(), $url, $method + $this->getAdminUsername(), $url, $method, $password ); }