[API Acceptance Tests] Test exceptional case in all ocs routes

[DeepDiver1975]

Background

When migrating from legacy OCS Api implementations to OCSController we are breaking behavior in exceptional cases. Instead of proper OCS response with proper xml/json body a pure JSON response is returned. PR to fix this will follow.

Actions

Add api acceptance tests for ALL ocs routes (needed because of the migration path to make sure we hit everything properly).
Test following exceptional scenarios:

• wrong user credentials
• no admin access to admin only routes
• TO BE ANALYSED accessing routes of a disabled app

All scenarios need to be executed as CORS requests and non CORS requests (analyse CORS requests with wrong origin header as well)

Test Targets

• master
• stable10

[ownclouders]

GitMate.io thinks the contributor most likely able to help you is @phil-davis.

Possibly related issues are #22485 (test), #22492 (test), #31579 (test), #32040 (fix API acceptance tests), and #31403 (Expand API acceptance tests).

[individual-it]

List of endpoints (including endpoints added by bundled apps) and tested response

Path	GET	POST	PUT	DELETE
/apps/files_external/api/v1/mounts	json xml 🤖	NA	NA	NA
/apps/files_sharing/api/v1/remote_shares	json xml 🤖	NA	NA	NA
/apps/files_sharing/api/v1/remote_shares/pending	json xml 🤖	NA	NA	NA
/apps/files_sharing/api/v1/remote_shares/pending/{id}	NA	json xml 🤖	NA	json xml 🤖
/apps/files_sharing/api/v1/remote_shares/{id}	json xml 🤖	NA	NA	json xml 🤖
/apps/files_sharing/api/v1/shares	json xml 🤖	json xml 🤖	NA	NA
/apps/files_sharing/api/v1/shares/pending/{id}	NA	json xml 🤖	NA	json xml 🤖
/apps/files_sharing/api/v1/shares/{id}	json xml 🤖	NA	json xml 🤖	json xml 🤖
/cloud/apps	json xml 🤖	NA	NA	NA
/cloud/apps/{appid}	json xml 🤖	json xml 🤖	NA	json xml 🤖
/cloud/groups	json xml 🤖	json xml 🤖	NA	NA
/cloud/groups/{groupid}	json xml 🤖	NA	NA	json xml 🤖
/cloud/groups/{groupid}/subadmins	json xml 🤖	NA	NA	NA
/cloud/users	json xml 🤖	json xml 🤖	NA	NA
/cloud/users/{userid}	json xml 🤖	NA	json xml 🤖 👎 (only OCS code)	json xml 🤖
/cloud/users/{userid}/disable	NA	NA	json xml 🤖	NA
/cloud/users/{userid}/enable	NA	NA	json xml 🤖	NA
/cloud/users/{userid}/groups	json xml 🤖	json xml 🤖	NA	json xml 🤖
/cloud/users/{userid}/subadmins	json xml 🤖	json xml 🤖	NA	json xml 🤖
/config	json xml 🤖 (OCS code, rest is hard-coded #31355)	NA	NA	NA
/person/check	NA	json xml 🤖 (OCS code, unused endpoint)	NA	NA
/privatedata/deleteattribute/{app}/{key}	NA	json xml 🤖 (OCS code, unused endpoint)	NA	NA
/privatedata/getattribute	json xml 🤖 (OCS code, unused endpoint)	NA	NA	NA
/privatedata/getattribute/{app}	json xml 🤖 (OCS code, unused endpoint)	NA	NA	NA
/privatedata/getattribute/{app}/{key}	json xml 🤖 (OCS code, unused endpoint)	NA	NA	NA
/privatedata/setattribute/{app}/{key}	NA	json xml:robot: (OCS code, unused endpoint)	NA	NA

List of endpoints that are tested for correct authentication

Path	anonymously	correct basic auth	incorrect basic auth	token based basic auth	client token	browser session	app password	no admin access
/apps/files_external/api/v1/mounts	🤖 GET #34627	🤖	🤖 #34643	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	NA
/apps/files_sharing/api/v1/remote_shares	🤖	🤖	🤖 #34643	🤖	🤖	🤖	🤖	NA
/apps/files_sharing/api/v1/remote_shares/pending	🤖 GET #34627	🤖	🤖 #34643	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	NA
/apps/files_sharing/api/v1/remote_shares/pending/{id}		🤖	🤖 #34643					NA
/apps/files_sharing/api/v1/remote_shares/{id}		🤖	🤖 #34643					NA
/apps/files_sharing/api/v1/shares	🤖 GET #34627	🤖 GET #34627	🤖 #34643	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	NA
/apps/files_sharing/api/v1/shares/pending/{id}		🤖	🤖 #34643					NA
/apps/files_sharing/api/v1/shares/{id}		🤖	🤖 #34643					NA
/cloud/apps	🤖 GET #34627	🤖 GET #34627	🤖 #34643	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627
/cloud/apps/{appid}		🤖	🤖 #34643
/cloud/groups	🤖 GET #34627	🤖	🤖 #34643	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627
/cloud/groups/{groupid}		🤖		🤖 #34643				🤖
/cloud/groups/{groupid}/subadmins		🤖		🤖 #34643				🤖
/cloud/users	🤖 GET #34627	🤖	🤖 #34643	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖
/cloud/users/{userid}		🤖	🤖 #34643					🤖
/cloud/users/{userid}/disable		🤖	🤖 #34643					🤖
/cloud/users/{userid}/enable		🤖	🤖 #34643					🤖
/cloud/users/{userid}/groups		🤖	🤖 #34643					🤖
/cloud/users/{userid}/subadmins		🤖	🤖 #34643					🤖
/config	🤖 GET #34627	🤖 GET #34627		🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	NA
/person/check	unused endpoint		🤖 #34643
/privatedata/deleteattribute/{app}/{key}	unused endpoint		🤖 #34643
/privatedata/getattribute	unused endpoint:robot: GET #34627	🤖 GET #34627	🤖 #34643	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	🤖 GET #34627	NA
/privatedata/getattribute/{app}	unused endpoint
/privatedata/getattribute/{app}/{key}	unused endpoint
/privatedata/setattribute/{app}/{key}	unused endpoint		🤖 #34643

[individual-it]

I've to looks through what is tested
so far:

• there are no tests that use the json response
• some tests check only the ocs code of the response (e.g. tests in auth suite)

[patrickjahns]

It would be great to have a API specification first and issue contract based testing in order to ensure the contracts ( and the error cases ) are done properly :-)

[individual-it]

the second table shows the progress of testing ocs endpoints for correct / incorrect authentications

[individual-it]

CORS tests #34665

[individual-it]

a couple of more CORS tests #34697

[individual-it]

I think we have covered most of the important cases, closing this issue. Feel free to reopen if more cases need to be covered

[DeepDiver1975]

It would be great to have a API specification first and issue contract based testing in order to ensure the contracts ( and the error cases ) are done properly :-)

did you say specification? https://www.freedesktop.org/wiki/Specifications/open-collaboration-services/