adding test for creating auth-app token using user-id

owncloud · Feb 26, 2025 · 2733ec0 · 2733ec0
1 parent 482bc0c
commit 2733ec0
Show file tree

Hide file tree

Showing 3 changed files with 148 additions and 1 deletion.
diff --git a/tests/acceptance/bootstrap/AuthAppContext.php b/tests/acceptance/bootstrap/AuthAppContext.php
@@ -211,4 +211,31 @@ public function userShouldHaveAuthAppTokens(string $user, int $count): void {
 		);
 	}
 
+	/**
+	 * @When user :user creates app token with user-id for user :impersonatedUser with expiration time :expiration using the auth-app API
+	 *
+	 * @param string $user
+	 * @param string $impersonatedUser
+	 * @param string $expiration
+	 *
+	 * @return void
+	 */
+	public function userCreatesAppTokenWithUserIdForUserWithExpirationTimeUsingTheAuthAppApi(
+		string $user,
+		string $impersonatedUser,
+		string $expiration
+	): void {
+		$this->featureContext->setResponse(
+			AuthAppHelper::createAppAuthToken(
+				$this->featureContext->getBaseUrl(),
+				$this->featureContext->getActualUsername($user),
+				$this->featureContext->getPasswordForUser($user),
+				[
+					"expiry" => $expiration,
+					"userId" => $this->featureContext->getUserIdByUserName($impersonatedUser)
+				],
+			)
+		);
+	}
+
 }
diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
@@ -332,5 +332,10 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiOcm/share.feature:1154](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiOcm/share.feature#L1154)
 - [apiOcm/share.feature:1174](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiOcm/share.feature#L1174)
 
+#### [creating auth-app token with user-id creates token for the wrong user](https://github.com/owncloud/ocis/issues/11063)
+- [apiAuthApp/token.feature:163](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAuthApp/token.feature#L163)
+- [apiAuthApp/token.feature:260](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAuthApp/token.feature#L260)
+- [apiAuthApp/token.feature:267](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAuthApp/token.feature#L267)
+
 Note: always have an empty line at the end of this file.
 The bash script that processes this file requires that the last line has a newline on the end.
diff --git a/tests/acceptance/features/apiAuthApp/token.feature b/tests/acceptance/features/apiAuthApp/token.feature
@@ -157,4 +157,119 @@ Feature: create auth-app token
     And the content in the response should include the following content:
       """
       error parsing expiry. Use e.g. 30m or 72h
-      """
+      """
+
+  @env-config
+  Scenario: admin creates auth-app token with user-id
+    Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
+    When user "Admin" creates app token with user-id for user "Alice" with expiration time "72h" using the auth-app API
+    Then the HTTP status code should be "200"
+    And the JSON data of the response should match
+      """
+      {
+        "type": "object",
+        "required": ["token","expiration_date","created_date","label"],
+        "properties": {
+          "token": { "pattern": "^[a-zA-Z0-9]{16}$" },
+          "label": { "const": "Generated via API" }
+        }
+      }
+      """
+    When user "Alice" lists all created tokens using the auth-app API
+    Then the HTTP status code should be "200"
+    And the JSON data of the response should match
+      """
+      {
+        "type": "array",
+        "minItems": 1,
+        "maxItems": 1,
+        "uniqueItems": true,
+        "items": {
+          "oneOf": [
+            {
+              "type": "object",
+              "required": [
+                "token",
+                "expiration_date",
+                "created_date",
+                "label"
+              ],
+              "properties": {
+                "token": {
+                  "pattern": "^\\$2a\\$11\\$[A-Za-z0-9./]{53}$"
+                },
+                "label": {
+                  "const": "Generated via API"
+                }
+              }
+            }
+          ]
+        }
+      }
+      """
+
+
+  Scenario: user creates auth-app token with user-id
+    When user "Alice" creates app token with user-id for user "Alice" with expiration time "72h" using the auth-app API
+    Then the HTTP status code should be "200"
+    And the JSON data of the response should match
+      """
+      {
+        "type": "object",
+        "required": ["token","expiration_date","created_date","label"],
+        "properties": {
+          "token": { "pattern": "^[a-zA-Z0-9]{16}$" },
+          "label": { "const": "Generated via API" }
+        }
+      }
+      """
+    When user "Alice" lists all created tokens using the auth-app API
+    Then the HTTP status code should be "200"
+    And the JSON data of the response should match
+      """
+      {
+        "type": "array",
+        "minItems": 1,
+        "maxItems": 1,
+        "uniqueItems": true,
+        "items": {
+          "oneOf": [
+            {
+              "type": "object",
+              "required": [
+                "token",
+                "expiration_date",
+                "created_date",
+                "label"
+              ],
+              "properties": {
+                "token": {
+                  "pattern": "^\\$2a\\$11\\$[A-Za-z0-9./]{53}$"
+                },
+                "label": {
+                  "const": "Generated via API"
+                }
+              }
+            }
+          ]
+        }
+      }
+      """
+
+  @env-config
+  Scenario: non-admin user tries to creates auth-app token with user-id for an another user
+    Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
+    And user "Brian" has been created with default attributes
+    When user "Brian" creates app token with user-id for user "Alice" with expiration time "72h" using the auth-app API
+    Then the HTTP status code should be "403"
+
+
+  Scenario: non-admin user tries to creates auth-app token with user-id for an another user without impersonation enabled
+    Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
+    And user "Brian" has been created with default attributes
+    When user "Brian" creates app token with user-id for user "Alice" with expiration time "72h" using the auth-app API
+    Then the HTTP status code should be "403"
+    And the content in the response should include the following content:
+      """
+      impersonation is not allowed
+      """