From b9503505046ba95e99b2fc158409fc6cfdf78932 Mon Sep 17 00:00:00 2001 From: Saugat Pachhai Date: Mon, 14 Jan 2019 16:18:56 +0545 Subject: [PATCH 1/3] Add acceptance tests --- .drone.yml | 50 ++++++- tests/acceptance/config/behat.yml | 25 ++++ .../bootstrap/TwoFactorTOTPContext.php | 58 ++++++++ .../features/bootstrap/bootstrap.php | 32 +++++ .../features/cliTwoFactorTOTP/steps.feature | 132 ++++++++++++++++++ ...nalSecuritySettingsPageWithTOTPEnabled.php | 49 +++++++ 6 files changed, 344 insertions(+), 2 deletions(-) create mode 100644 tests/acceptance/config/behat.yml create mode 100644 tests/acceptance/features/bootstrap/TwoFactorTOTPContext.php create mode 100644 tests/acceptance/features/bootstrap/bootstrap.php create mode 100644 tests/acceptance/features/cliTwoFactorTOTP/steps.feature create mode 100644 tests/acceptance/features/lib/PersonalSecuritySettingsPageWithTOTPEnabled.php diff --git a/.drone.yml b/.drone.yml index 9536ba3..899ad30 100644 --- a/.drone.yml +++ b/.drone.yml @@ -34,7 +34,7 @@ pipeline: pull: true commands: - cd /var/www/owncloud/apps/twofactor_totp - - make + - make vendor - cd /var/www/owncloud/ - php occ a:l - php occ a:e twofactor_totp @@ -51,6 +51,8 @@ pipeline: pull: true commands: - chown www-data /var/www/owncloud -R + - chmod 777 /var/www/owncloud/tests/acceptance/filesForUpload -R + - chmod +x /var/www/owncloud/tests/acceptance/run.sh when: matrix: NEED_SERVER: true @@ -76,6 +78,18 @@ pipeline: matrix: TEST_SUITE: phpunit + cli-acceptance-tests: + image: owncloudci/php:${PHP_VERSION} + pull: true + environment: + - TEST_SERVER_URL=http://owncloud + - BEHAT_SUITE=${BEHAT_SUITE} + commands: + - make test-acceptance-cli + when: + matrix: + TEST_SUITE: cli-acceptance + phan: image: owncloudci/php:${PHP_VERSION} pull: true @@ -148,6 +162,13 @@ services: matrix: NEED_SERVER: true + email: + image: mailhog/mailhog + pull: true + when: + matrix: + USE_EMAIL: true + matrix: include: # owncloud-coding-standard @@ -228,4 +249,29 @@ matrix: TEST_SUITE: phpunit DB_TYPE: sqlite NEED_CORE: true - NEED_INSTALL_APP: true \ No newline at end of file + NEED_INSTALL_APP: true + + - PHP_VERSION: 7.1 + DB_TYPE: mysql + OC_VERSION: daily-master-qa + TEST_SUITE: cli-acceptance + BEHAT_SUITE: cliTwoFactorTOTP + DB_NAME: oc_db + DB_USERNAME: admin + DB_PASSWORD: secret + NEED_CORE: true + NEED_INSTALL_APP: true + NEED_SERVER: true + + - PHP_VERSION: 7.0 + DB_TYPE: mysql + OC_VERSION: daily-stable10-qa + TEST_SUITE: cli-acceptance + BEHAT_SUITE: cliTwoFactorTOTP + DB_NAME: oc_db + DB_USERNAME: admin + DB_PASSWORD: secret + NEED_CORE: true + NEED_INSTALL_APP: true + NEED_SERVER: true + USE_EMAIL: true \ No newline at end of file diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml new file mode 100644 index 0000000..16903c5 --- /dev/null +++ b/tests/acceptance/config/behat.yml @@ -0,0 +1,25 @@ +default: + autoload: + - %paths.base%/../features/bootstrap + + suites: + cliTwoFactorTOTP: + paths: + - %paths.base%/../features/cliTwoFactorTOTP + contexts: + - TwoFactorTOTPContext: + - FeatureContext: &common_feature_context_params + baseUrl: http://localhost:8080 + adminUsername: admin + adminPassword: admin + regularUserPassword: 123456 + ocPath: apps/testing/api/v1/occ + - OccContext: + - WebUIGeneralContext: + - WebUIPersonalSecuritySettingsContext: + - WebUILoginContext: + + extensions: + jarnaiz\JUnitFormatter\JUnitFormatterExtension: + filename: report.xml + outputDir: %paths.base%/../output/ diff --git a/tests/acceptance/features/bootstrap/TwoFactorTOTPContext.php b/tests/acceptance/features/bootstrap/TwoFactorTOTPContext.php new file mode 100644 index 0000000..a5636f1 --- /dev/null +++ b/tests/acceptance/features/bootstrap/TwoFactorTOTPContext.php @@ -0,0 +1,58 @@ + + * @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see . + * + */ + +use Behat\Behat\Context\Context; +use Behat\MinkExtension\Context\RawMinkContext; +use Page\PersonalSecuritySettingsPageWithTOTPEnabled; + +require_once 'bootstrap.php'; + +/** + * Context for two factor totp app + */ +class TwoFactorTOTPContext implements Context { + /** + * @var PersonalSecuritySettingsPageWithTOTPEnabled + */ + private $personalSecuritySettingsPage; + + /** + * WebUIPersonalSecuritySettingsTOTPEnabledContext constructor. + * + * @param PersonalSecuritySettingsPageWithTOTPEnabled $personalSecuritySettingsPage + */ + public function __construct( + PersonalSecuritySettingsPageWithTOTPEnabled $personalSecuritySettingsPage + ) { + // $personalSecuritySettingsPage is private, therefore needs to be overridden + $this->personalSecuritySettingsPage = $personalSecuritySettingsPage; + } + + /** + * @Given /^the user has activated TOTP Second\-factor auth but not verified$/ + * + * @return void + */ + public function theUserHasActivatedTOTPSecondFactorAuthButNotVerified() { + $this->personalSecuritySettingsPage->activateTOTP(); + } +} diff --git a/tests/acceptance/features/bootstrap/bootstrap.php b/tests/acceptance/features/bootstrap/bootstrap.php new file mode 100644 index 0000000..c24c135 --- /dev/null +++ b/tests/acceptance/features/bootstrap/bootstrap.php @@ -0,0 +1,32 @@ + + * @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see . + * + */ +require_once __DIR__ . '/../../../../../../tests/acceptance/features/bootstrap/bootstrap.php'; + +$classLoader = new \Composer\Autoload\ClassLoader(); +$classLoader->addPsr4("Page\\", __DIR__ . "/../lib", true); +$classLoader->addPsr4( + "", __DIR__ . "/../../../../../../tests/acceptance/features/bootstrap", true +); +$classLoader->addPsr4( + "Page\\", __DIR__ . "/../../../../../../tests/acceptance/features/lib", true +); +$classLoader->register(); diff --git a/tests/acceptance/features/cliTwoFactorTOTP/steps.feature b/tests/acceptance/features/cliTwoFactorTOTP/steps.feature new file mode 100644 index 0000000..06c08fa --- /dev/null +++ b/tests/acceptance/features/cliTwoFactorTOTP/steps.feature @@ -0,0 +1,132 @@ +@webUI +Feature: Testing Two factor TOTP + As a admin + I want to be able to verify secrets + So that the users can use TOTP without verification with TOTP code + + Background: + Given these users have been created with default attributes: + | username | + | user8 | + | new-user | + And using OCS API version "2" + And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 false" + And the administrator has invoked occ command "twofactorauth:disable user8" + And the administrator has invoked occ command "twofactorauth:enable user8" + + Scenario: Verifying secret for the user having no secret should fail + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u new-user true" + Then the command should have failed with exit code 1 + And the command output should contain the text "User has no secret: new-user" + And user "new-user" should be able to access a skeleton file + + Scenario: Unverifying secret for the user having no secret should fail + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u new-user false" + Then the command should have failed with exit code 1 + And the command output should contain the text "User has no secret: new-user" + And user "new-user" should be able to access a skeleton file + + @issue-91 + Scenario: Verifying secret to not existing user should fail + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u NEUser true" + Then the command should have been successful + # Then the command should have failed with exit code 1 + And the command output should contain the text "User NEUser does not exist" + + Scenario: Verifying secret from occ command should work + Given user "user8" has logged in using the webUI + And the user has browsed to the personal security settings page + And the user has activated TOTP Second-factor auth but not verified + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 true" + Then the command should have been successful + And the command output should contain the text "The secret of user8 is verified" + And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt" + + Scenario: Unverifying secret from occ command should work + Given user "user8" has logged in using the webUI + And the user has browsed to the personal security settings page + And the user has activated TOTP Second-factor auth but not verified + And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true" + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 false" + Then the command should have been successful + And the command output should contain the text "The secret of user8 is unverified" + And user "user8" should be able to access a skeleton file + + @issue-91 + Scenario: Verifying multiple users containing one not existing user should work for other users, but fail + Given user "user8" has logged in using the webUI + And the user has browsed to the personal security settings page + And the user has activated TOTP Second-factor auth but not verified + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u NEUser true" + Then the command should have been successful + # Then the command should have failed with exit code 1 + And the command output should contain the text "The secret of user8 is verified" + And the command output should contain the text "User NEUser does not exist" + And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt" + + Scenario: Verifying multiple users containing one having no secret set should work for other users, but fail + Given user "user8" has logged in using the webUI + And the user has browsed to the personal security settings page + And the user has activated TOTP Second-factor auth but not verified + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u new-user true" + Then the command should have failed with exit code 1 + And the command output should contain the text "The secret of user8 is verified" + And the command output should contain the text "User has no secret: new-user" + And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt" + And user "new-user" should be able to access a skeleton file + + @issue-91 + Scenario: Unverifying multiple users containing one not existing user should work for other users, but fail + Given user "user8" has logged in using the webUI + And the user has browsed to the personal security settings page + And the user has activated TOTP Second-factor auth but not verified + And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true" + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u NEUser false" + Then the command should have been successful + # Then the command should have failed with exit code 1 + And the command output should contain the text "The secret of user8 is unverified" + And the command output should contain the text "User NEUser does not exist" + And user "user8" should be able to access a skeleton file + + Scenario: Unverifying multiple users containing one having no secret set should work for other users, but fail + Given user "user8" has logged in using the webUI + And the user has browsed to the personal security settings page + And the user has activated TOTP Second-factor auth but not verified + And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true" + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u new-user false" + Then the command should have failed with exit code 1 + And the command output should contain the text "The secret of user8 is unverified" + And the command output should contain the text "User has no secret: new-user" + And user "user8" should be able to access a skeleton file + And user "new-user" should be able to access a skeleton file + + Scenario: Verifying all users that use TOTP should work + Given user "user8" has logged in using the webUI + And the user has browsed to the personal security settings page + And the user has activated TOTP Second-factor auth but not verified + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status --all true" + Then the command should have been successful + And the command output should contain the text "The status of all TOTP secrets has been set to verified" + And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt" + And user "new-user" should be able to access a skeleton file + + Scenario: Unverifying all users that use TOTP should work + Given user "user8" has logged in using the webUI + And the user has browsed to the personal security settings page + And the user has activated TOTP Second-factor auth but not verified + And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status --all true" + When the administrator invokes occ command "twofactor_totp:set-secret-verification-status --all false" + Then the command should have been successful + And the command output should contain the text "The status of all TOTP secrets has been set to unverified" + And user "user8" should be able to access a skeleton file + And user "new-user" should be able to access a skeleton file + + @skip @issue-89 + Scenario: Deleted user having TOTP enabled recreated should not ask for password + Given user "user8" has logged in using the webUI + And the user has browsed to the personal security settings page + And the user has activated TOTP Second-factor auth but not verified + And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status --all true" + When the administrator deletes user "user8" using the provisioning API + And the administrator creates user "user8" using the provisioning API + Then user "user8" should be able to access a skeleton file \ No newline at end of file diff --git a/tests/acceptance/features/lib/PersonalSecuritySettingsPageWithTOTPEnabled.php b/tests/acceptance/features/lib/PersonalSecuritySettingsPageWithTOTPEnabled.php new file mode 100644 index 0000000..163c2af --- /dev/null +++ b/tests/acceptance/features/lib/PersonalSecuritySettingsPageWithTOTPEnabled.php @@ -0,0 +1,49 @@ + + * @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, + * as published by the Free Software Foundation; + * either version 3 of the License, or any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see + * + */ + +namespace Page; + +/** + * Class PersonalSecuritySettingsPageWithTOTPEnabled + * + * @package Page + */ +class PersonalSecuritySettingsPageWithTOTPEnabled extends PersonalSecuritySettingsPage { + private $activateTOTPLabelXpath = '//label[@for="totp-enabled"]'; + private $qrCodeImageXpath = '//div[@id="twofactor-totp-settings"]//img'; + + /** + * Activate TOTP for the user + * + * @return void + */ + public function activateTOTP() { + $label = $this->waitTillElementIsNotNull($this->activateTOTPLabelXpath); + $this->assertElementNotNull( + $label, + __METHOD__ . " Label not found to activate TOTP" + ); + $label->click(); + + $this->waitTillElementIsNotNull($this->qrCodeImageXpath); + } +} From 7599cf7f028946b4db84bf1780313d82cecde90b Mon Sep 17 00:00:00 2001 From: Saugat Pachhai Date: Wed, 23 Jan 2019 12:37:51 +0545 Subject: [PATCH 2/3] Use behat from app --- Makefile | 23 ++++++++++++++++------- tests/acceptance/config/behat.yml | 6 +++--- vendor-bin/behat/composer.json | 17 +++++++++++++++++ 3 files changed, 36 insertions(+), 10 deletions(-) create mode 100644 vendor-bin/behat/composer.json diff --git a/Makefile b/Makefile index 243e8ba..4de5f31 100644 --- a/Makefile +++ b/Makefile @@ -31,6 +31,7 @@ composer_deps= composer_dev_deps= nodejs_deps= bower_deps= +acceptance_test_deps= # bin file definitions PHPUNIT=php -d zend.enable_gc=0 "$(PWD)/../../lib/composer/bin/phpunit" @@ -38,6 +39,7 @@ PHPUNITDBG=phpdbg -qrr -d memory_limit=4096M -d zend.enable_gc=0 "$(PWD)/../../l PHP_CS_FIXER=php -d zend.enable_gc=0 vendor-bin/owncloud-codestyle/vendor/bin/php-cs-fixer PHAN=php -d zend.enable_gc=0 vendor-bin/phan/vendor/bin/phan PHPSTAN=php -d zend.enable_gc=0 vendor-bin/phpstan/vendor/bin/phpstan +BEHAT_BIN=vendor-bin/behat/vendor/bin/behat .DEFAULT_GOAL := help @@ -78,24 +80,25 @@ test-php-phpstan: vendor-bin/phpstan/vendor .PHONY: test-acceptance-api test-acceptance-api: ## Run API acceptance tests -test-acceptance-api: - ../../tests/acceptance/run.sh --remote --type api +test-acceptance-api: vendor-bin/behat/vendor + BEHAT_BIN=$(BEHAT_BIN) ../../tests/acceptance/run.sh --remote --type api .PHONY: test-acceptance-cli test-acceptance-cli: ## Run CLI acceptance tests -test-acceptance-cli: - ../../tests/acceptance/run.sh --remote --type cli +test-acceptance-cli: vendor-bin/behat/vendor + BEHAT_BIN=$(BEHAT_BIN) ../../tests/acceptance/run.sh --remote --type cli .PHONY: test-acceptance-webui test-acceptance-webui: ## Run webUI acceptance tests -test-acceptance-webui: - ../../tests/acceptance/run.sh --remote --type webUI +test-acceptance-webui: vendor-bin/behat/vendor + BEHAT_BIN=$(BEHAT_BIN) ../../tests/acceptance/run.sh --remote --type webUI all: appstore clean: ## Clean build rm -rf $(build_dir) rm -rf vendor + rm -Rf vendor-bin/**/vendor vendor-bin/**/composer.lock composer.phar: curl -sS https://getcomposer.org/installer | php @@ -168,4 +171,10 @@ vendor-bin/phpstan/vendor: vendor/bamarni/composer-bin-plugin vendor-bin/phpstan composer bin phpstan install --no-progress vendor-bin/phpstan/composer.lock: vendor-bin/phpstan/composer.json - @echo phpstan composer.lock is not up to date. \ No newline at end of file + @echo phpstan composer.lock is not up to date. + +vendor-bin/behat/vendor: vendor/bamarni/composer-bin-plugin vendor-bin/behat/composer.lock + composer bin behat install --no-progress + +vendor-bin/behat/composer.lock: vendor-bin/behat/composer.json + @echo behat composer.lock is not up to date. \ No newline at end of file diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml index 16903c5..2cd4a55 100644 --- a/tests/acceptance/config/behat.yml +++ b/tests/acceptance/config/behat.yml @@ -1,11 +1,11 @@ default: autoload: - - %paths.base%/../features/bootstrap + '': '%paths.base%/../features/bootstrap' suites: cliTwoFactorTOTP: paths: - - %paths.base%/../features/cliTwoFactorTOTP + - '%paths.base%/../features/cliTwoFactorTOTP' contexts: - TwoFactorTOTPContext: - FeatureContext: &common_feature_context_params @@ -22,4 +22,4 @@ default: extensions: jarnaiz\JUnitFormatter\JUnitFormatterExtension: filename: report.xml - outputDir: %paths.base%/../output/ + outputDir: '%paths.base%/../output/' diff --git a/vendor-bin/behat/composer.json b/vendor-bin/behat/composer.json new file mode 100644 index 0000000..089758d --- /dev/null +++ b/vendor-bin/behat/composer.json @@ -0,0 +1,17 @@ +{ + "config" : { + "platform": { + "php": "5.6.33" + } + }, + "require": { + "behat/behat": "^3.0", + "behat/mink-extension": "^2.2", + "behat/mink-goutte-driver": "^1.2", + "behat/mink-selenium2-driver": "dev-master", + "jarnaiz/behat-junit-formatter": "^1.3", + "rdx/behat-variables": "^1.2", + "sensiolabs/behat-page-object-extension": "^2.0", + "symfony/translation": "^3.4" + } +} \ No newline at end of file From 8c8b4f9d86150955e5f6e7defbc2e8209efe15b7 Mon Sep 17 00:00:00 2001 From: Saugat Pachhai Date: Wed, 23 Jan 2019 13:23:11 +0545 Subject: [PATCH 3/3] Tag test as webui as it requires selenium to find the result --- .drone.yml | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 899ad30..f6473f5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -78,6 +78,18 @@ pipeline: matrix: TEST_SUITE: phpunit + api-acceptance-tests: + image: owncloudci/php:${PHP_VERSION} + pull: true + environment: + - TEST_SERVER_URL=http://owncloud + - BEHAT_SUITE=${BEHAT_SUITE} + commands: + - make test-acceptance-api + when: + matrix: + TEST_SUITE: api-acceptance + cli-acceptance-tests: image: owncloudci/php:${PHP_VERSION} pull: true @@ -90,6 +102,22 @@ pipeline: matrix: TEST_SUITE: cli-acceptance + webui-acceptance-tests: + image: owncloudci/php:${PHP_VERSION} + pull: true + environment: + - BROWSER=chrome #chrome or firefox + - SELENIUM_HOST=selenium + - SELENIUM_PORT=4444 + - TEST_SERVER_URL=http://owncloud + - PLATFORM=Linux + - BEHAT_SUITE=${BEHAT_SUITE} + commands: + - make test-acceptance-webui + when: + matrix: + TEST_SUITE: web-acceptance + phan: image: owncloudci/php:${PHP_VERSION} pull: true @@ -162,6 +190,13 @@ services: matrix: NEED_SERVER: true + selenium: + image: selenium/standalone-chrome-debug:latest + pull: true + when: + matrix: + TEST_SUITE: web-acceptance + email: image: mailhog/mailhog pull: true @@ -254,7 +289,7 @@ matrix: - PHP_VERSION: 7.1 DB_TYPE: mysql OC_VERSION: daily-master-qa - TEST_SUITE: cli-acceptance + TEST_SUITE: web-acceptance BEHAT_SUITE: cliTwoFactorTOTP DB_NAME: oc_db DB_USERNAME: admin @@ -266,7 +301,7 @@ matrix: - PHP_VERSION: 7.0 DB_TYPE: mysql OC_VERSION: daily-stable10-qa - TEST_SUITE: cli-acceptance + TEST_SUITE: web-acceptance BEHAT_SUITE: cliTwoFactorTOTP DB_NAME: oc_db DB_USERNAME: admin