From 3dabf0448871f625c93212068a06f080a9abe8c1 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Thu, 28 Feb 2019 15:34:53 +0545 Subject: [PATCH] move auth tests into separate behat suite --- .drone.yml | 11 ++++ tests/acceptance/config/behat.yml | 6 ++ .../features/apiAuth/filesAppAuth.feature | 39 ++++++++++++ .../features/apiAuth/ocsDELETEAuth.feature | 34 +++++++++++ .../ocsGETAuth.feature} | 61 ------------------- .../features/apiAuth/ocsPOSTAuth.feature | 40 ++++++++++++ .../features/apiAuth/ocsPUTAuth.feature | 25 ++++++++ .../{apiMain => apiAuth}/tokenAuth.feature | 0 .../features/apiAuth/webDavAuth.feature | 28 +++++++++ 9 files changed, 183 insertions(+), 61 deletions(-) create mode 100644 tests/acceptance/features/apiAuth/filesAppAuth.feature create mode 100644 tests/acceptance/features/apiAuth/ocsDELETEAuth.feature rename tests/acceptance/features/{apiMain/auth.feature => apiAuth/ocsGETAuth.feature} (91%) create mode 100644 tests/acceptance/features/apiAuth/ocsPOSTAuth.feature create mode 100644 tests/acceptance/features/apiAuth/ocsPUTAuth.feature rename tests/acceptance/features/{apiMain => apiAuth}/tokenAuth.feature (100%) create mode 100644 tests/acceptance/features/apiAuth/webDavAuth.feature diff --git a/.drone.yml b/.drone.yml index 5678b94c4869..155074ce570b 100644 --- a/.drone.yml +++ b/.drone.yml @@ -774,6 +774,17 @@ matrix: OWNCLOUD_LOG: true INSTALL_TESTING_APP: true + - PHP_VERSION: 7.1 + TEST_SUITE: api + BEHAT_SUITE: apiAuth + DB_TYPE: mariadb + USE_SERVER: true + SERVER_PROTOCOL: https + INSTALL_SERVER: true + CHOWN_SERVER: true + OWNCLOUD_LOG: true + INSTALL_TESTING_APP: true + - PHP_VERSION: 7.1 TEST_SUITE: api BEHAT_SUITE: apiCapabilities diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml index 8e41c0036eea..55c6870b156d 100644 --- a/tests/acceptance/config/behat.yml +++ b/tests/acceptance/config/behat.yml @@ -20,6 +20,12 @@ default: - OccContext: - TransferOwnershipContext: + apiAuth: + paths: + - '%paths.base%/../features/apiAuth' + contexts: + - FeatureContext: *common_feature_context_params + apiCapabilities: paths: - '%paths.base%/../features/apiCapabilities' diff --git a/tests/acceptance/features/apiAuth/filesAppAuth.feature b/tests/acceptance/features/apiAuth/filesAppAuth.feature new file mode 100644 index 000000000000..421574c5307a --- /dev/null +++ b/tests/acceptance/features/apiAuth/filesAppAuth.feature @@ -0,0 +1,39 @@ +@api @TestAlsoOnExternalUserBackend +Feature: auth + + Background: + Given user "user0" has been created with default attributes + And a new client token for "user0" has been generated + + @smokeTest + Scenario: access files app anonymously + When a user requests "/index.php/apps/files" with "GET" and no authentication + Then the HTTP status code should be "401" + + @smokeTest + Scenario: access files app with basic auth + When user "user0" requests "/index.php/apps/files" with "GET" using basic auth + Then the HTTP status code should be "200" + + @smokeTest + Scenario: access files app with basic token auth + When user "user0" requests "/index.php/apps/files" with "GET" using basic token auth + Then the HTTP status code should be "200" + + @smokeTest + Scenario: access files app with a client token + When the user requests "/index.php/apps/files" with "GET" using the generated client token + Then the HTTP status code should be "200" + + @smokeTest + Scenario: access files app with browser session + Given a new browser session for "user0" has been started + When the user requests "/index.php/apps/files" with "GET" using the browser session + Then the HTTP status code should be "200" + + @smokeTest + Scenario: access files app with an app password + Given a new browser session for "user0" has been started + And the user has generated a new app password named "my-client" + When the user requests "/index.php/apps/files" with "GET" using the generated app password + Then the HTTP status code should be "200" diff --git a/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature b/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature new file mode 100644 index 000000000000..f1feb2eb5f5b --- /dev/null +++ b/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature @@ -0,0 +1,34 @@ +@api @TestAlsoOnExternalUserBackend +Feature: auth + + Background: + Given user "user0" has been created with default attributes + And a new client token for "user0" has been generated + + @issue-32068 + Scenario Outline: send DELETE requests to OCS endpoints as admin with wrong password + Given using OCS API version "" + And group "group1" has been created + When the administrator sends HTTP method "DELETE" to OCS API endpoint "" using password "invalid" + Then the OCS status code should be "" + And the HTTP status code should be "" + Examples: + | ocs_api_version |endpoint | ocs-code | http-code | + | 1 |/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | + | 2 |/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | + | 1 |/apps/files_sharing/api/v1/remote_shares/123 | 997 | 401 | + | 2 |/apps/files_sharing/api/v1/remote_shares/123 | 997 | 401 | + | 1 |/apps/files_sharing/api/v1/shares/123 | 997 | 401 | + | 2 |/apps/files_sharing/api/v1/shares/123 | 997 | 401 | + | 1 |/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | + | 2 |/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | + | 1 |/cloud/apps/testing | 997 | 401 | + | 2 |/cloud/apps/testing | 997 | 401 | + | 1 |/cloud/groups/group1 | 997 | 401 | + | 2 |/cloud/groups/group1 | 997 | 401 | + | 1 |/cloud/users/user0 | 997 | 401 | + | 2 |/cloud/users/user0 | 997 | 401 | + | 1 |/cloud/users/user0/groups | 997 | 401 | + | 2 |/cloud/users/user0/groups | 997 | 401 | + | 1 |/cloud/users/user0/subadmins | 997 | 401 | + | 2 |/cloud/users/user0/subadmins | 997 | 401 | diff --git a/tests/acceptance/features/apiMain/auth.feature b/tests/acceptance/features/apiAuth/ocsGETAuth.feature similarity index 91% rename from tests/acceptance/features/apiMain/auth.feature rename to tests/acceptance/features/apiAuth/ocsGETAuth.feature index 8fe6565f5892..a4e74815c462 100644 --- a/tests/acceptance/features/apiMain/auth.feature +++ b/tests/acceptance/features/apiAuth/ocsGETAuth.feature @@ -1,70 +1,9 @@ @api @TestAlsoOnExternalUserBackend Feature: auth - Background: Given user "user0" has been created with default attributes And a new client token for "user0" has been generated - # FILES APP - @smokeTest - Scenario: access files app anonymously - When a user requests "/index.php/apps/files" with "GET" and no authentication - Then the HTTP status code should be "401" - - @smokeTest - Scenario: access files app with basic auth - When user "user0" requests "/index.php/apps/files" with "GET" using basic auth - Then the HTTP status code should be "200" - - @smokeTest - Scenario: access files app with basic token auth - When user "user0" requests "/index.php/apps/files" with "GET" using basic token auth - Then the HTTP status code should be "200" - - @smokeTest - Scenario: access files app with a client token - When the user requests "/index.php/apps/files" with "GET" using the generated client token - Then the HTTP status code should be "200" - - @smokeTest - Scenario: access files app with browser session - Given a new browser session for "user0" has been started - When the user requests "/index.php/apps/files" with "GET" using the browser session - Then the HTTP status code should be "200" - - @smokeTest - Scenario: access files app with an app password - Given a new browser session for "user0" has been started - And the user has generated a new app password named "my-client" - When the user requests "/index.php/apps/files" with "GET" using the generated app password - Then the HTTP status code should be "200" - - # WebDAV - - Scenario: using WebDAV anonymously - When a user requests "/remote.php/webdav" with "PROPFIND" and no authentication - Then the HTTP status code should be "401" - - Scenario: using WebDAV with basic auth - When user "user0" requests "/remote.php/webdav" with "PROPFIND" using basic auth - Then the HTTP status code should be "207" - - Scenario: using WebDAV with token auth - When user "user0" requests "/remote.php/webdav" with "PROPFIND" using basic token auth - Then the HTTP status code should be "207" - - # DAV token auth is not possible yet - #Scenario: using WebDAV with a client token - # When requesting "/remote.php/webdav" with "PROPFIND" using a client token - # Then the HTTP status code should be "207" - - Scenario: using WebDAV with browser session - Given a new browser session for "user0" has been started - When the user requests "/remote.php/webdav" with "PROPFIND" using the browser session - Then the HTTP status code should be "207" - - - # OCS @issue-32068 Scenario Outline: using OCS anonymously When a user requests "" with "GET" and no authentication diff --git a/tests/acceptance/features/apiAuth/ocsPOSTAuth.feature b/tests/acceptance/features/apiAuth/ocsPOSTAuth.feature new file mode 100644 index 000000000000..342533f3c26f --- /dev/null +++ b/tests/acceptance/features/apiAuth/ocsPOSTAuth.feature @@ -0,0 +1,40 @@ +@api @TestAlsoOnExternalUserBackend +Feature: auth + + Background: + Given user "user0" has been created with default attributes + And a new client token for "user0" has been generated + + @issue-32068 + Scenario Outline: send POST requests to OCS endpoints as normal user with wrong password + Given using OCS API version "" + And user "user1" has been created with default attributes + When user "user0" sends HTTP method "POST" to OCS API endpoint "" with body using password "invalid" + | data | doesnotmatter | + Then the OCS status code should be "" + And the HTTP status code should be "" + Examples: + | ocs_api_version |endpoint | ocs-code | http-code | + | 1 |/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | + | 2 |/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | + | 1 |/apps/files_sharing/api/v1/shares | 997 | 401 | + | 2 |/apps/files_sharing/api/v1/shares | 997 | 401 | + | 1 |/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | + | 2 |/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | + | 1 |/cloud/apps/testing | 997 | 401 | + | 2 |/cloud/apps/testing | 997 | 401 | + | 1 |/cloud/groups | 997 | 401 | + | 2 |/cloud/groups | 997 | 401 | + | 1 |/cloud/users | 997 | 401 | + | 2 |/cloud/users | 997 | 401 | + | 1 |/cloud/users/user0/groups | 997 | 401 | + | 2 |/cloud/users/user0/groups | 997 | 401 | + | 1 |/cloud/users/user0/subadmins | 997 | 401 | + | 2 |/cloud/users/user0/subadmins | 997 | 401 | + | 1 |/person/check | 101 | 200 | + | 2 |/person/check | 400 | 400 | + | 1 |/privatedata/deleteattribute/testing/test | 997 | 401 | + | 2 |/privatedata/deleteattribute/testing/test | 997 | 401 | + | 1 |/privatedata/setattribute/testing/test | 997 | 401 | + | 2 |/privatedata/setattribute/testing/test | 997 | 401 | + diff --git a/tests/acceptance/features/apiAuth/ocsPUTAuth.feature b/tests/acceptance/features/apiAuth/ocsPUTAuth.feature new file mode 100644 index 000000000000..38792496717c --- /dev/null +++ b/tests/acceptance/features/apiAuth/ocsPUTAuth.feature @@ -0,0 +1,25 @@ +@api @TestAlsoOnExternalUserBackend +Feature: auth + + Background: + Given user "user0" has been created with default attributes + And a new client token for "user0" has been generated + + @issue-32068 + Scenario Outline: send PUT requests to OCS endpoints as admin with wrong password + Given using OCS API version "" + When the administrator sends HTTP method "PUT" to OCS API endpoint "" with body using password "invalid" + | data | doesnotmatter | + Then the OCS status code should be "" + And the HTTP status code should be "" + Examples: + | ocs_api_version |endpoint | ocs-code | http-code | + | 1 |/cloud/users/user0 | 997 | 401 | + | 2 |/cloud/users/user0 | 997 | 401 | + | 1 |/cloud/users/user0/disable | 997 | 401 | + | 2 |/cloud/users/user0/disable | 997 | 401 | + | 1 |/cloud/users/user0/enable | 997 | 401 | + | 2 |/cloud/users/user0/enable | 997 | 401 | + | 1 |/apps/files_sharing/api/v1/shares/123 | 997 | 401 | + | 2 |/apps/files_sharing/api/v1/shares/123 | 997 | 401 | + diff --git a/tests/acceptance/features/apiMain/tokenAuth.feature b/tests/acceptance/features/apiAuth/tokenAuth.feature similarity index 100% rename from tests/acceptance/features/apiMain/tokenAuth.feature rename to tests/acceptance/features/apiAuth/tokenAuth.feature diff --git a/tests/acceptance/features/apiAuth/webDavAuth.feature b/tests/acceptance/features/apiAuth/webDavAuth.feature new file mode 100644 index 000000000000..387a5c485082 --- /dev/null +++ b/tests/acceptance/features/apiAuth/webDavAuth.feature @@ -0,0 +1,28 @@ +@api @TestAlsoOnExternalUserBackend +Feature: auth + + Background: + Given user "user0" has been created with default attributes + And a new client token for "user0" has been generated + + Scenario: using WebDAV anonymously + When a user requests "/remote.php/webdav" with "PROPFIND" and no authentication + Then the HTTP status code should be "401" + + Scenario: using WebDAV with basic auth + When user "user0" requests "/remote.php/webdav" with "PROPFIND" using basic auth + Then the HTTP status code should be "207" + + Scenario: using WebDAV with token auth + When user "user0" requests "/remote.php/webdav" with "PROPFIND" using basic token auth + Then the HTTP status code should be "207" + + # DAV token auth is not possible yet + #Scenario: using WebDAV with a client token + # When requesting "/remote.php/webdav" with "PROPFIND" using a client token + # Then the HTTP status code should be "207" + + Scenario: using WebDAV with browser session + Given a new browser session for "user0" has been started + When the user requests "/remote.php/webdav" with "PROPFIND" using the browser session + Then the HTTP status code should be "207"