Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[tests-only][full-ci] adding test for creating auth-app token using user-id #10987

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[tests-only][full-ci] adding test for creating auth-app token using user-id #10987

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions tests/acceptance/bootstrap/AuthAppContext.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,4 +211,30 @@ public function userShouldHaveAuthAppTokens(string $user, int $count): void {
);
}

/**
* @When user :user creates app token with user-id for user :impersonatedUser with expiration time :expiration using the auth-app API
*
* @param string $user
* @param string $impersonatedUser
* @param string $expiration
*
* @return void
*/
public function userCreatesAppTokenWithUserIdForUserWithExpirationTimeUsingTheAuthAppApi(
string $user,
string $impersonatedUser,
string $expiration
): void {
$this->featureContext->setResponse(
AuthAppHelper::createAppAuthToken(
$this->featureContext->getBaseUrl(),
$this->featureContext->getActualUsername($user),
$this->featureContext->getPasswordForUser($user),
[
"expiry" => $expiration,
"userId" => $this->featureContext->getUserIdByUserName($impersonatedUser)
],
)
);
}
}
5 changes: 5 additions & 0 deletions tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -339,5 +339,10 @@ The expected failures in this file are from features in the owncloud/ocis repo.
#### [Delete user containing + in username returns 404 but user gets deleted](https://github.com/owncloud/ocis/issues/11027)
- [apiGraphUserGroup/deleteUser.feature:28](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature#L28)

#### [creating auth-app token with user-id creates token for the wrong user](https://github.com/owncloud/ocis/issues/11063)
- [apiAuthApp/token.feature:170](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAuthApp/token.feature#L170)
- [apiAuthApp/token.feature:265](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAuthApp/token.feature#L265)
- [apiAuthApp/token.feature:272](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAuthApp/token.feature#L272)

Note: always have an empty line at the end of this file.
The bash script that processes this file requires that the last line has a newline on the end.
112 changes: 112 additions & 0 deletions tests/acceptance/features/apiAuthApp/token.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,3 +165,115 @@ Feature: create auth-app token
And the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
When user "Alice" tries to create auth-app token for user "Brian" with expiration time "72h" using the auth-app API
Then the HTTP status code should be "403"

@env-config @issue-11063
Scenario: admin creates auth-app token with user-id
Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
When user "Admin" creates app token with user-id for user "Alice" with expiration time "72h" using the auth-app API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": ["token","expiration_date","created_date","label"],
"properties": {
"token": { "pattern": "^[a-zA-Z0-9]{16}$" },
"label": { "const": "Generated via API" }
}
}
"""
When user "Alice" lists all created tokens using the auth-app API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "array",
"minItems": 1,
"maxItems": 1,
"items": {
"oneOf": [
{
"type": "object",
"required": [
"token",
"expiration_date",
"created_date",
"label"
],
"properties": {
"token": {
"pattern": "^\\$2a\\$11\\$[A-Za-z0-9./]{53}$"
},
"label": {
"const": "Generated via API"
}
}
}
]
}
}
"""


Scenario: user creates auth-app token with user-id
When user "Alice" creates app token with user-id for user "Alice" with expiration time "72h" using the auth-app API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": ["token","expiration_date","created_date","label"],
"properties": {
"token": { "pattern": "^[a-zA-Z0-9]{16}$" },
"label": { "const": "Generated via API" }
}
}
"""
When user "Alice" lists all created tokens using the auth-app API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "array",
"minItems": 1,
"maxItems": 1,
"items": {
"oneOf": [
{
"type": "object",
"required": [
"token",
"expiration_date",
"created_date",
"label"
],
"properties": {
"token": {
"pattern": "^\\$2a\\$11\\$[A-Za-z0-9./]{53}$"
},
"label": {
"const": "Generated via API"
}
}
}
]
}
}
"""

@env-config @issue-11063
Scenario: non-admin user tries to creates auth-app token with user-id for an another user
Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
And user "Brian" has been created with default attributes
When user "Brian" creates app token with user-id for user "Alice" with expiration time "72h" using the auth-app API
Then the HTTP status code should be "403"

@issue-11063
Scenario: non-admin user tries to creates auth-app token with user-id for an another user without impersonation enabled
Comment on lines +265 to +272
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same needs to be done for username as well. check if they exist or not.
also please update all of them in the QA ticket.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/owncloud/ocis/pull/10985/files#diff-4523ee795e0f4bedc559f73001d83c77cb28a9f59ccbfc0b6fd6d2b208b395bcR163

Copy link
Member

@saw-jan saw-jan Feb 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just make sure the similar test scenarios exist while using username as well

Given user "Brian" has been created with default attributes
When user "Brian" creates app token with user-id for user "Alice" with expiration time "72h" using the auth-app API
Then the HTTP status code should be "403"
And the content in the response should include the following content:
"""
impersonation is not allowed
"""