diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml index 0631ee4066c..98c60cf2e9c 100644 --- a/tests/acceptance/config/behat.yml +++ b/tests/acceptance/config/behat.yml @@ -138,6 +138,7 @@ default: - WebDavPropertiesContext: - TUSContext: - SpacesTUSContext: + - OcisConfigContext: apiCors: paths: diff --git a/tests/acceptance/features/apiGraph/enforcePasswordPublicLink.feature b/tests/acceptance/features/apiGraph/enforcePasswordPublicLink.feature new file mode 100644 index 00000000000..c0feb39e650 --- /dev/null +++ b/tests/acceptance/features/apiGraph/enforcePasswordPublicLink.feature @@ -0,0 +1,62 @@ +@api @env-config +Feature: enforce password on public link + As a user + I want to enforce passwords on public links shared with upload, edit, or contribute permission + So that the password is required to access the contents of the link + + Background: + Given the config "OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" has been set to "true" + And these users have been created with default attributes and without skeleton files: + | username | + | Alice | + And user "Alice" has uploaded file with content "test file" to "/testfile.txt" + + + Scenario Outline: create a public link with edit permission without a password when enforce-password is enabled + Given using OCS API version "" + When user "Alice" creates a public link share using the sharing API with settings + | path | /testfile.txt | + | permissions | 3 | + Then the HTTP status code should be "" + Then the OCS status code should be "400" + And the OCS status message should be "missing required password" + Examples: + | ocs-api-version | http-code | + | 1 | 200 | + | 2 | 400 | + + + Scenario Outline: update a public link to edit permission without a password + Given using OCS API version "" + And user "Alice" has created a public link share with settings + | path | /testfile.txt | + | permissions | 1 | + When user "Alice" updates the last public link share using the sharing API with + | permissions | 3 | + Then the HTTP status code should be "" + Then the OCS status code should be "400" + And the OCS status message should be "missing required password" + Examples: + | ocs-api-version | http-code | + | 1 | 200 | + | 2 | 400 | + + + Scenario Outline: updates a public link to edit permission with a password + Given using OCS API version "" + And user "Alice" has created a public link share with settings + | path | /testfile.txt | + | permissions | 1 | + When user "Alice" updates the last public link share using the sharing API with + | permissions | 3 | + | password | testpassword | + Then the HTTP status code should be "200" + And the OCS status code should be "" + And the OCS status message should be "OK" + And the public should not be able to download file "/textfile.txt" from inside the last public link shared folder using the new public WebDAV API without a password + And the public should not be able to download file "/textfile.txt" from inside the last public link shared folder using the new public WebDAV API with password "wrong pass" + But the public should be able to download file "/textfile.txt" from inside the last public link shared folder using the new public WebDAV API with password "testpassword" + Examples: + | ocs-api-version | ocs-code | + | 1 | 100 | + | 2 | 200 |