Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tests-only][full-ci]Add spaces tests on apiAuthWebDav suites #39718

Merged
merged 1 commit into from
Jan 26, 2022
Merged

[tests-only][full-ci]Add spaces tests on apiAuthWebDav suites #39718

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 80 additions & 0 deletions tests/acceptance/features/apiAuthWebDav/webDavDELETEAuth.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,39 @@ Feature: delete file/folder
| /remote.php/dav/files/%username%/textfile0.txt |
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/PARENT |
| /remote.php/webdav/PARENT/parent.txt |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112 @skipOnOcV10 @personalSpace
Scenario: send DELETE requests to webDav endpoints as normal user with wrong password using the spaces WebDAV API
When user "Alice" requests these endpoints with "DELETE" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
kiranparajuli589 marked this conversation as resolved.
Show resolved Hide resolved
Then the HTTP status code of responses on all endpoints should be "401"

Scenario: send DELETE requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "DELETE" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /remote.php/webdav/textfile0.txt |
| /remote.php/dav/files/%username%/textfile0.txt |
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/PARENT |
| /remote.php/webdav/PARENT/parent.txt |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@skipOnOcV10 @personalSpace
Scenario: send DELETE requests to webDav endpoints as normal user with no password using the spaces WebDAV API
When user "Alice" requests these endpoints with "DELETE" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@issue-ocis-reva-13
Scenario: send DELETE requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "DELETE" including body "doesnotmatter" about user "Alice"
Expand All @@ -43,6 +63,15 @@ Feature: delete file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"

@issue-ocis-reva-13 @skipOnOcV10 @personalSpace
Scenario: send DELETE requests to another user's webDav endpoints as normal user using the spaces WebDAV API
When user "Brian" requests these endpoints with "DELETE" including body "doesnotmatter" about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"

@smokeTest
Scenario: send DELETE requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "DELETE" including body "doesnotmatter" using the password of user "Alice"
Expand All @@ -54,6 +83,15 @@ Feature: delete file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest @skipOnOcV10 @personalSpace
Scenario: send DELETE requests to webDav endpoints using invalid username but correct password using the spaces WebDAV API
When user "usero" requests these endpoints with "DELETE" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

Scenario: send DELETE requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "DELETE" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
Expand All @@ -64,6 +102,15 @@ Feature: delete file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@skipOnOcV10 @personalSpace
Scenario: send DELETE requests to webDav endpoints using valid password and username of different user using the spaces WebDAV API
When user "Brian" requests these endpoints with "DELETE" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send DELETE requests to webDav endpoints without any authentication
Expand All @@ -76,6 +123,15 @@ Feature: delete file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112 @skipOnOcV10 @personalSpace
Scenario: send DELETE requests to webDav endpoints without any authentication using the spaces WebDAV API
When a user requests these endpoints with "DELETE" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@issue-ocis-reva-60
Scenario: send DELETE requests to webDav endpoints using token authentication should not work
Given token auth has been enforced
Expand All @@ -90,6 +146,18 @@ Feature: delete file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@issue-ocis-reva-60 @skipOnOcV10 @personalSpace
Scenario: send DELETE requests to webDav endpoints using token authentication should not work using the spaces WebDAV API
Given token auth has been enforced
And a new browser session for "Alice" has been started
And the user has generated a new app password named "my-client"
When the user requests these endpoints with "DELETE" using the generated app password about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@issue-ocis-reva-60
Scenario: send DELETE requests to webDav endpoints using app password token as password
Given token auth has been enforced
Expand All @@ -103,3 +171,15 @@ Feature: delete file/folder
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/FOLDER |
Then the HTTP status code of responses on all endpoints should be "204"

@issue-ocis-reva-60 @skipOnOcV10 @personalSpace
Scenario: send DELETE requests to webDav endpoints using app password token as password using the spaces WebDAV API
Given token auth has been enforced
And a new browser session for "Alice" has been started
And the user has generated a new app password named "my-client"
When the user "Alice" requests these endpoints with "DELETE" with body "doesnotmatter" using basic auth and generated app password about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "204"
57 changes: 57 additions & 0 deletions tests/acceptance/features/apiAuthWebDav/webDavLOCKAuth.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,15 @@ Feature: LOCK file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112 @skipOnOcV10 @personalSpace
Scenario: send LOCK requests to webDav endpoints as normal user with wrong password using the spaces WebDAV API
When user "Alice" requests these endpoints with "LOCK" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send LOCK requests to webDav endpoints as normal user with no password
Expand All @@ -36,6 +45,15 @@ Feature: LOCK file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112 @skipOnOcV10 @personalSpace
Scenario: send LOCK requests to webDav endpoints as normal user with no password using the spaces WebDAV API
When user "Alice" requests these endpoints with "LOCK" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@issue-ocis-reva-9 @skipOnOcV10.3 @skipOnOcV10.4 @skipOnOcV10.5
Scenario: send LOCK requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "LOCK" to get property "d:shared" about user "Alice"
Expand All @@ -48,6 +66,18 @@ Feature: LOCK file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "409"

@issue-ocis-reva-9 @skipOnOcV10.3 @skipOnOcV10.4 @skipOnOcV10.5 @skipOnOcV10 @personalSpace
Scenario: send LOCK requests to another user's webDav endpoints as normal user using the spaces WebDAV API
When user "Brian" requests these endpoints with "LOCK" to get property "d:shared" about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
Then the HTTP status code of responses on all endpoints should be "403"
When user "Brian" requests these endpoints with "LOCK" to get property "d:shared" about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "409"

Scenario: send LOCK requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "LOCK" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
Expand All @@ -58,6 +88,15 @@ Feature: LOCK file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@skipOnOcV10 @personalSpace
Scenario: send LOCK requests to webDav endpoints using invalid username but correct password using the spaces WebDAV API
When user "usero" requests these endpoints with "LOCK" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

Scenario: send LOCK requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "LOCK" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
Expand All @@ -68,6 +107,15 @@ Feature: LOCK file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@skipOnOcV10 @personalSpace
Scenario: send LOCK requests to webDav endpoints using valid password and username of different user using the spaces WebDAV API
When user "Brian" requests these endpoints with "LOCK" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send LOCK requests to webDav endpoints without any authentication
Expand All @@ -80,6 +128,15 @@ Feature: LOCK file/folder
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112 @skipOnOcV10 @personalSpace
Scenario: send LOCK requests to webDav endpoints without any authentication using the spaces WebDAV API
When a user requests these endpoints with "LOCK" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
| /remote.php/dav/spaces/%spaceid%/textfile0.txt |
| /remote.php/dav/spaces/%spaceid%/PARENT |
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@notToImplementOnOCIS @issue-ocis-reva-37
Scenario: send LOCK requests to webDav endpoints using token authentication should not work
Given token auth has been enforced
Expand Down
Loading