Add bug demonstration test for sending PUT request to other user's we…

…bdav endpoint
owncloud · Dec 15, 2021 · b84df09 · b84df09
1 parent af71506
commit b84df09
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature b/tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature
@@ -36,7 +36,7 @@ Feature: get file info using PUT
       | /remote.php/dav/files/%username%/PARENT/parent.txt |
     Then the HTTP status code of responses on all endpoints should be "401"
 
-  @issue-ocis-reva-9 @issue-ocis-reva-197 @skipOnOcV10.3 @skipOnOcV10.4 @skipOnOcV10.5
+  @skipOnOcV10
   Scenario: send PUT requests to another user's webDav endpoints as normal user
     When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" about user "Alice"
       | endpoint                                       |
@@ -46,7 +46,8 @@ Feature: get file info using PUT
     When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" about user "Alice"
       | endpoint                                           |
       | /remote.php/dav/files/%username%/PARENT/parent.txt |
-    Then the HTTP status code of responses on all endpoints should be "409"
+    Then the HTTP status code of responses on all endpoints should be "403"
+
 
   Scenario: send PUT requests to webDav endpoints using invalid username but correct password
     When user "usero" requests these endpoints with "PUT" including body "doesnotmatter" using the password of user "Alice"
@@ -58,6 +59,7 @@ Feature: get file info using PUT
       | /remote.php/dav/files/%username%/PARENT/parent.txt |
     Then the HTTP status code of responses on all endpoints should be "401"
 
+
   Scenario: send PUT requests to webDav endpoints using valid password and username of different user
     When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" using the password of user "Alice"
       | endpoint                                           |

diff --git a/tests/acceptance/features/apiAuthWebDav/webDavPUTAuthOC10Issue39597.feature b/tests/acceptance/features/apiAuthWebDav/webDavPUTAuthOC10Issue39597.feature
@@ -0,0 +1,23 @@
+@api @issue-39597 @skipOnOcV10.3 @skipOnOcV10.4 @skipOnOcV10.5 @skipOnOcis
+Feature: get file info using PUT
+
+  Background:
+    Given these users have been created with default attributes and without skeleton files:
+      | username |
+      | Alice    |
+      | Brian    |
+    And user "Alice" has uploaded file with content "some data" to "/textfile1.txt"
+    And user "Alice" has created folder "/PARENT"
+    And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
+
+
+  Scenario: send PUT requests to another user's webDav endpoints as normal user
+    When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" about user "Alice"
+      | endpoint                                       |
+      | /remote.php/dav/files/%username%/textfile1.txt |
+      | /remote.php/dav/files/%username%/PARENT        |
+    Then the HTTP status code of responses on all endpoints should be "403"
+    When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" about user "Alice"
+      | endpoint                                           |
+      | /remote.php/dav/files/%username%/PARENT/parent.txt |
+    Then the HTTP status code of responses on all endpoints should be "409"