Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[tests-only][full-ci] Backport enforce password test scenarios #6598

Merged
merged 2 commits into from
Jun 23, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions tests/acceptance/config/behat.yml
Original file line number Diff line number Diff line change
@@ -138,6 +138,7 @@ default:
- WebDavPropertiesContext:
- TUSContext:
- SpacesTUSContext:
- OcisConfigContext:

apiCors:
paths:
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
@api @env-config @skipOnStable3.0
Feature: enforce password on public link
As a user
I want to enforce passwords on public links shared with upload, edit, or contribute permission
So that the password is required to access the contents of the link

Background:
Given the config "OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" has been set to "true"
And these users have been created with default attributes and without skeleton files:
| username |
| Alice |
And user "Alice" has uploaded file with content "test file" to "/testfile.txt"


Scenario Outline: create a public link with edit permission without a password when enforce-password is enabled
Given using OCS API version "<ocs-api-version>"
When user "Alice" creates a public link share using the sharing API with settings
| path | /testfile.txt |
| permissions | 3 |
Then the HTTP status code should be "<http-code>"
Then the OCS status code should be "400"
And the OCS status message should be "missing required password"
Examples:
| ocs-api-version | http-code |
| 1 | 200 |
| 2 | 400 |


Scenario Outline: update a public link to edit permission without a password
Given using OCS API version "<ocs-api-version>"
And user "Alice" has created a public link share with settings
| path | /testfile.txt |
| permissions | 1 |
When user "Alice" updates the last public link share using the sharing API with
| permissions | 3 |
Then the HTTP status code should be "<http-code>"
Then the OCS status code should be "400"
And the OCS status message should be "missing required password"
Examples:
| ocs-api-version | http-code |
| 1 | 200 |
| 2 | 400 |


Scenario Outline: updates a public link to edit permission with a password
Given using OCS API version "<ocs-api-version>"
And user "Alice" has created a public link share with settings
| path | /testfile.txt |
| permissions | 1 |
When user "Alice" updates the last public link share using the sharing API with
| permissions | 3 |
| password | testpassword |
Then the HTTP status code should be "200"
And the OCS status code should be "<ocs-code>"
And the OCS status message should be "OK"
And the public should not be able to download file "/textfile.txt" from inside the last public link shared folder using the new public WebDAV API without a password
And the public should not be able to download file "/textfile.txt" from inside the last public link shared folder using the new public WebDAV API with password "wrong pass"
But the public should be able to download file "/textfile.txt" from inside the last public link shared folder using the new public WebDAV API with password "testpassword"
Examples:
| ocs-api-version | ocs-code |
| 1 | 100 |
| 2 | 200 |