Add acceptance tests

.drone.yml

@@ -34,7 +34,7 @@ pipeline:
     pull: true
     commands:
     - cd /var/www/owncloud/apps/twofactor_totp
-    - make
+    - make vendor
     - cd /var/www/owncloud/
     - php occ a:l
     - php occ a:e twofactor_totp
@@ -51,6 +51,8 @@ pipeline:
     pull: true
     commands:
     - chown www-data /var/www/owncloud -R
+    - chmod 777 /var/www/owncloud/tests/acceptance/filesForUpload -R
+    - chmod +x /var/www/owncloud/tests/acceptance/run.sh
     when:
       matrix:
         NEED_SERVER: true
@@ -76,6 +78,18 @@ pipeline:
       matrix:
         TEST_SUITE: phpunit
 
+  cli-acceptance-tests:
+    image: owncloudci/php:${PHP_VERSION}
+    pull: true
+    environment:
+      - TEST_SERVER_URL=http://owncloud
+      - BEHAT_SUITE=${BEHAT_SUITE}
+    commands:
+      - make test-acceptance-cli
+    when:
+      matrix:
+        TEST_SUITE: cli-acceptance
+
   phan:
     image: owncloudci/php:${PHP_VERSION}
     pull: true
@@ -148,6 +162,13 @@ services:
       matrix:
         NEED_SERVER: true
 
+  email:
+    image: mailhog/mailhog
+    pull: true
+    when:
+      matrix:
+        USE_EMAIL: true
+
 matrix:
   include:
   # owncloud-coding-standard
@@ -228,4 +249,29 @@ matrix:
     TEST_SUITE: phpunit
     DB_TYPE: sqlite
     NEED_CORE: true
-    NEED_INSTALL_APP: true
+    NEED_INSTALL_APP: true
+
+  - PHP_VERSION: 7.1
+    DB_TYPE: mysql
+    OC_VERSION: daily-master-qa
+    TEST_SUITE: cli-acceptance
+    BEHAT_SUITE: cliTwoFactorTOTP
+    DB_NAME: oc_db
+    DB_USERNAME: admin
+    DB_PASSWORD: secret
+    NEED_CORE: true
+    NEED_INSTALL_APP: true
+    NEED_SERVER: true
+
+  - PHP_VERSION: 7.0
+    DB_TYPE: mysql
+    OC_VERSION: daily-stable10-qa
+    TEST_SUITE: cli-acceptance
+    BEHAT_SUITE: cliTwoFactorTOTP
+    DB_NAME: oc_db
+    DB_USERNAME: admin
+    DB_PASSWORD: secret
+    NEED_CORE: true
+    NEED_INSTALL_APP: true
+    NEED_SERVER: true
+    USE_EMAIL: true

tests/acceptance/config/behat.yml

@@ -0,0 +1,25 @@
+default:
+  autoload:
+    - %paths.base%/../features/bootstrap
+
+  suites:
+    cliTwoFactorTOTP:
+      paths:
+        - %paths.base%/../features/cliTwoFactorTOTP
+      contexts:
+        - TwoFactorTOTPContext:
+        - FeatureContext: &common_feature_context_params
+            baseUrl:  http://localhost:8080
+            adminUsername: admin
+            adminPassword: admin
+            regularUserPassword: 123456
+            ocPath: apps/testing/api/v1/occ
+        - OccContext:
+        - WebUIGeneralContext:
+        - WebUIPersonalSecuritySettingsContext:
+        - WebUILoginContext:
+
+  extensions:
+    jarnaiz\JUnitFormatter\JUnitFormatterExtension:
+      filename: report.xml
+      outputDir: %paths.base%/../output/

tests/acceptance/features/bootstrap/TwoFactorTOTPContext.php

@@ -0,0 +1,58 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Saugat Pachhai <saugat@jankaritech.com>
+ * @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+use Behat\Behat\Context\Context;
+use Behat\MinkExtension\Context\RawMinkContext;
+use Page\PersonalSecuritySettingsPageWithTOTPEnabled;
+
+require_once 'bootstrap.php';
+
+/**
+ * Context for two factor totp app
+ */
+class TwoFactorTOTPContext implements Context {
+	/**
+	 * @var PersonalSecuritySettingsPageWithTOTPEnabled
+	 */
+	private $personalSecuritySettingsPage;
+
+	/**
+	 * WebUIPersonalSecuritySettingsTOTPEnabledContext constructor.
+	 *
+	 * @param PersonalSecuritySettingsPageWithTOTPEnabled $personalSecuritySettingsPage
+	 */
+	public function __construct(
+		PersonalSecuritySettingsPageWithTOTPEnabled $personalSecuritySettingsPage
+	) {
+		// $personalSecuritySettingsPage is private, therefore needs to be overridden
+		$this->personalSecuritySettingsPage = $personalSecuritySettingsPage;
+	}
+
+	/**
+	 * @Given /^the user has activated TOTP Second\-factor auth but not verified$/
+	 *
+	 * @return void
+	 */
+	public function theUserHasActivatedTOTPSecondFactorAuthButNotVerified() {
+		$this->personalSecuritySettingsPage->activateTOTP();
+	}
+}

tests/acceptance/features/bootstrap/bootstrap.php

@@ -0,0 +1,32 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Saugat Pachhai <saugat@jankaritech.com>
+ * @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+require_once __DIR__ . '/../../../../../../tests/acceptance/features/bootstrap/bootstrap.php';
+
+$classLoader = new \Composer\Autoload\ClassLoader();
+$classLoader->addPsr4("Page\\", __DIR__ . "/../lib", true);
+$classLoader->addPsr4(
+	"", __DIR__ . "/../../../../../../tests/acceptance/features/bootstrap", true
+);
+$classLoader->addPsr4(
+	"Page\\", __DIR__ . "/../../../../../../tests/acceptance/features/lib", true
+);
+$classLoader->register();

tests/acceptance/features/cliTwoFactorTOTP/steps.feature

@@ -0,0 +1,132 @@
+@webUI
+Feature: Testing Two factor TOTP
+  As a admin
+  I want to be able to verify secrets
+  So that the users can use TOTP without verification with TOTP code
+
+  Background:
+    Given these users have been created with default attributes:
+      | username |
+      | user8    |
+      | new-user |
+    And using OCS API version "2"
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 false"
+    And the administrator has invoked occ command "twofactorauth:disable user8"
+    And the administrator has invoked occ command "twofactorauth:enable user8"
+
+  Scenario:  Verifying secret for the user having no secret should fail
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u new-user true"
+    Then the command should have failed with exit code 1
+    And the command output should contain the text "User has no secret: new-user"
+    And user "new-user" should be able to access a skeleton file
+
+  Scenario:  Unverifying secret for the user having no secret should fail
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u new-user false"
+    Then the command should have failed with exit code 1
+    And the command output should contain the text "User has no secret: new-user"
+    And user "new-user" should be able to access a skeleton file
+
+  @issue-91
+  Scenario: Verifying secret to not existing user should fail
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u NEUser true"
+    Then the command should have been successful
+    # Then the command should have failed with exit code 1
+    And the command output should contain the text "User NEUser does not exist"
+
+  Scenario: Verifying secret from occ command should work
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 true"
+    Then the command should have been successful
+    And the command output should contain the text "The secret of user8 is verified"
+    And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt"
+
+  Scenario: Unverifying secret from occ command should work
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true"
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 false"
+    Then the command should have been successful
+    And the command output should contain the text "The secret of user8 is unverified"
+    And user "user8" should be able to access a skeleton file
+
+  @issue-91
+  Scenario: Verifying multiple users containing one not existing user should work for other users, but fail
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u NEUser true"
+    Then the command should have been successful
+    # Then the command should have failed with exit code 1
+    And the command output should contain the text "The secret of user8 is verified"
+    And the command output should contain the text "User NEUser does not exist"
+    And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt"
+
+  Scenario: Verifying multiple users containing one having no secret set should work for other users, but fail
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u new-user true"
+    Then the command should have failed with exit code 1
+    And the command output should contain the text "The secret of user8 is verified"
+    And the command output should contain the text "User has no secret: new-user"
+    And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt"
+    And user "new-user" should be able to access a skeleton file
+
+  @issue-91
+  Scenario: Unverifying multiple users containing one not existing user should work for other users, but fail
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true"
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u NEUser false"
+    Then the command should have been successful
+    # Then the command should have failed with exit code 1
+    And the command output should contain the text "The secret of user8 is unverified"
+    And the command output should contain the text "User NEUser does not exist"
+    And user "user8" should be able to access a skeleton file
+
+  Scenario: Unverifying multiple users containing one having no secret set should work for other users, but fail
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true"
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u new-user false"
+    Then the command should have failed with exit code 1
+    And the command output should contain the text "The secret of user8 is unverified"
+    And the command output should contain the text "User has no secret: new-user"
+    And user "user8" should be able to access a skeleton file
+    And user "new-user" should be able to access a skeleton file
+
+  Scenario: Verifying all users that use TOTP should work
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status --all true"
+    Then the command should have been successful
+    And the command output should contain the text "The status of all TOTP secrets has been set to verified"
+    And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt"
+    And user "new-user" should be able to access a skeleton file
+
+  Scenario: Unverifying all users that use TOTP should work
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status --all true"
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status --all false"
+    Then the command should have been successful
+    And the command output should contain the text "The status of all TOTP secrets has been set to unverified"
+    And user "user8" should be able to access a skeleton file
+    And user "new-user" should be able to access a skeleton file
+
+  @skip @issue-89
+  Scenario: Deleted user having TOTP enabled recreated should not ask for password
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status --all true"
+    When the administrator deletes user "user8" using the provisioning API
+    And the administrator creates user "user8" using the provisioning API
+    Then user "user8" should be able to access a skeleton file

tests/acceptance/features/lib/PersonalSecuritySettingsPageWithTOTPEnabled.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Saugat Pachhai <saugat@jankaritech.com>
+ * @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License,
+ * as published by the Free Software Foundation;
+ * either version 3 of the License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace Page;
+
+/**
+ * Class PersonalSecuritySettingsPageWithTOTPEnabled
+ *
+ * @package Page
+ */
+class PersonalSecuritySettingsPageWithTOTPEnabled extends PersonalSecuritySettingsPage {
+	private $activateTOTPLabelXpath = '//label[@for="totp-enabled"]';
+	private $qrCodeImageXpath = '//div[@id="twofactor-totp-settings"]//img';
+
+	/**
+	 * Activate TOTP for the user
+	 *
+	 * @return void
+	 */
+	public function activateTOTP() {
+		$label = $this->waitTillElementIsNotNull($this->activateTOTPLabelXpath);
+		$this->assertElementNotNull(
+			$label,
+			__METHOD__ . " Label not found to activate TOTP"
+		);
+		$label->click();
+
+		$this->waitTillElementIsNotNull($this->qrCodeImageXpath);
+	}
+}