Add acceptance tests for occ

.drone.yml

@@ -34,7 +34,7 @@ pipeline:
     pull: true
     commands:
     - cd /var/www/owncloud/apps/twofactor_totp
-    - make
+    - make vendor
     - cd /var/www/owncloud/
     - php occ a:l
     - php occ a:e twofactor_totp
@@ -51,6 +51,8 @@ pipeline:
     pull: true
     commands:
     - chown www-data /var/www/owncloud -R
+    - chmod 777 /var/www/owncloud/tests/acceptance/filesForUpload -R
+    - chmod +x /var/www/owncloud/tests/acceptance/run.sh
     when:
       matrix:
         NEED_SERVER: true
@@ -76,6 +78,18 @@ pipeline:
       matrix:
         TEST_SUITE: phpunit
 
+  cli-acceptance-tests:
+    image: owncloudci/php:${PHP_VERSION}
+    pull: true
+    environment:
+      - TEST_SERVER_URL=http://owncloud
+      - BEHAT_SUITE=${BEHAT_SUITE}
+    commands:
+      - make test-acceptance-cli
+    when:
+      matrix:
+        TEST_SUITE: cli-acceptance
+
   phan:
     image: owncloudci/php:${PHP_VERSION}
     pull: true
@@ -148,6 +162,13 @@ services:
       matrix:
         NEED_SERVER: true
 
+  email:
+    image: mailhog/mailhog
+    pull: true
+    when:
+      matrix:
+        USE_EMAIL: true
+
 matrix:
   include:
   # owncloud-coding-standard
@@ -228,4 +249,29 @@ matrix:
     TEST_SUITE: phpunit
     DB_TYPE: sqlite
     NEED_CORE: true
-    NEED_INSTALL_APP: true
+    NEED_INSTALL_APP: true
+
+  - PHP_VERSION: 7.1
+    DB_TYPE: mysql
+    OC_VERSION: daily-master-qa
+    TEST_SUITE: cli-acceptance
+    BEHAT_SUITE: cliTwoFactorTOTP
+    DB_NAME: oc_db
+    DB_USERNAME: admin
+    DB_PASSWORD: secret
+    NEED_CORE: true
+    NEED_INSTALL_APP: true
+    NEED_SERVER: true
+
+  - PHP_VERSION: 7.0
+    DB_TYPE: mysql
+    OC_VERSION: daily-stable10-qa
+    TEST_SUITE: cli-acceptance
+    BEHAT_SUITE: cliTwoFactorTOTP
+    DB_NAME: oc_db
+    DB_USERNAME: admin
+    DB_PASSWORD: secret
+    NEED_CORE: true
+    NEED_INSTALL_APP: true
+    NEED_SERVER: true
+    USE_EMAIL: true

Makefile

@@ -31,13 +31,15 @@ composer_deps=
 composer_dev_deps=
 nodejs_deps=
 bower_deps=
+acceptance_test_deps=
 
 # bin file definitions
 PHPUNIT=php -d zend.enable_gc=0  "$(PWD)/../../lib/composer/bin/phpunit"
 PHPUNITDBG=phpdbg -qrr -d memory_limit=4096M -d zend.enable_gc=0 "$(PWD)/../../lib/composer/bin/phpunit"
 PHP_CS_FIXER=php -d zend.enable_gc=0 vendor-bin/owncloud-codestyle/vendor/bin/php-cs-fixer
 PHAN=php -d zend.enable_gc=0 vendor-bin/phan/vendor/bin/phan
 PHPSTAN=php -d zend.enable_gc=0 vendor-bin/phpstan/vendor/bin/phpstan
+BEHAT_BIN=vendor-bin/behat/vendor/bin/behat
 
 .DEFAULT_GOAL := help
 
@@ -78,24 +80,25 @@ test-php-phpstan: vendor-bin/phpstan/vendor
 
 .PHONY: test-acceptance-api
 test-acceptance-api: ## Run API acceptance tests
-test-acceptance-api:
-	../../tests/acceptance/run.sh --remote --type api
+test-acceptance-api: vendor-bin/behat/vendor
+	BEHAT_BIN=$(BEHAT_BIN) ../../tests/acceptance/run.sh --remote --type api
 
 .PHONY: test-acceptance-cli
 test-acceptance-cli: ## Run CLI acceptance tests
-test-acceptance-cli:
-	../../tests/acceptance/run.sh --remote --type cli
+test-acceptance-cli: vendor-bin/behat/vendor
+	BEHAT_BIN=$(BEHAT_BIN) ../../tests/acceptance/run.sh --remote --type cli
 
 .PHONY: test-acceptance-webui
 test-acceptance-webui: ## Run webUI acceptance tests
-test-acceptance-webui:
-	../../tests/acceptance/run.sh --remote --type webUI
+test-acceptance-webui: vendor-bin/behat/vendor
+	BEHAT_BIN=$(BEHAT_BIN) ../../tests/acceptance/run.sh --remote --type webUI
 
 all: appstore
 
 clean: ## Clean build
 	rm -rf $(build_dir)
 	rm -rf vendor
+	rm -Rf vendor-bin/**/vendor vendor-bin/**/composer.lock
 
 composer.phar:
 	curl -sS https://getcomposer.org/installer | php
@@ -168,4 +171,10 @@ vendor-bin/phpstan/vendor: vendor/bamarni/composer-bin-plugin vendor-bin/phpstan
 	composer bin phpstan install --no-progress
 
 vendor-bin/phpstan/composer.lock: vendor-bin/phpstan/composer.json
-	@echo phpstan composer.lock is not up to date.
+	@echo phpstan composer.lock is not up to date.
+
+vendor-bin/behat/vendor: vendor/bamarni/composer-bin-plugin vendor-bin/behat/composer.lock
+	composer bin behat install --no-progress
+
+vendor-bin/behat/composer.lock: vendor-bin/behat/composer.json
+	@echo behat composer.lock is not up to date.

tests/acceptance/config/behat.yml

@@ -0,0 +1,25 @@
+default:
+  autoload:
+    '': '%paths.base%/../features/bootstrap'
+
+  suites:
+    cliTwoFactorTOTP:
+      paths:
+        - '%paths.base%/../features/cliTwoFactorTOTP'
+      contexts:
+        - TwoFactorTOTPContext:
+        - FeatureContext: &common_feature_context_params
+            baseUrl:  http://localhost:8080
+            adminUsername: admin
+            adminPassword: admin
+            regularUserPassword: 123456
+            ocPath: apps/testing/api/v1/occ
+        - OccContext:
+        - WebUIGeneralContext:
+        - WebUIPersonalSecuritySettingsContext:
+        - WebUILoginContext:
+
+  extensions:
+    jarnaiz\JUnitFormatter\JUnitFormatterExtension:
+      filename: report.xml
+      outputDir: '%paths.base%/../output/'

tests/acceptance/features/bootstrap/TwoFactorTOTPContext.php

@@ -0,0 +1,58 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Saugat Pachhai <saugat@jankaritech.com>
+ * @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+use Behat\Behat\Context\Context;
+use Behat\MinkExtension\Context\RawMinkContext;
+use Page\PersonalSecuritySettingsPageWithTOTPEnabled;
+
+require_once 'bootstrap.php';
+
+/**
+ * Context for two factor totp app
+ */
+class TwoFactorTOTPContext implements Context {
+	/**
+	 * @var PersonalSecuritySettingsPageWithTOTPEnabled
+	 */
+	private $personalSecuritySettingsPage;
+
+	/**
+	 * WebUIPersonalSecuritySettingsTOTPEnabledContext constructor.
+	 *
+	 * @param PersonalSecuritySettingsPageWithTOTPEnabled $personalSecuritySettingsPage
+	 */
+	public function __construct(
+		PersonalSecuritySettingsPageWithTOTPEnabled $personalSecuritySettingsPage
+	) {
+		// $personalSecuritySettingsPage is private, therefore needs to be overridden
+		$this->personalSecuritySettingsPage = $personalSecuritySettingsPage;
+	}
+
+	/**
+	 * @Given /^the user has activated TOTP Second\-factor auth but not verified$/
+	 *
+	 * @return void
+	 */
+	public function theUserHasActivatedTOTPSecondFactorAuthButNotVerified() {
+		$this->personalSecuritySettingsPage->activateTOTP();
+	}
+}

tests/acceptance/features/bootstrap/bootstrap.php

@@ -0,0 +1,32 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Saugat Pachhai <saugat@jankaritech.com>
+ * @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+require_once __DIR__ . '/../../../../../../tests/acceptance/features/bootstrap/bootstrap.php';
+
+$classLoader = new \Composer\Autoload\ClassLoader();
+$classLoader->addPsr4("Page\\", __DIR__ . "/../lib", true);
+$classLoader->addPsr4(
+	"", __DIR__ . "/../../../../../../tests/acceptance/features/bootstrap", true
+);
+$classLoader->addPsr4(
+	"Page\\", __DIR__ . "/../../../../../../tests/acceptance/features/lib", true
+);
+$classLoader->register();

tests/acceptance/features/cliTwoFactorTOTP/steps.feature

@@ -0,0 +1,132 @@
+@webUI
+Feature: Testing Two factor TOTP
+  As a admin
+  I want to be able to verify secrets
+  So that the users can use TOTP without verification with TOTP code
+
+  Background:
+    Given these users have been created with default attributes:
+      | username |
+      | user8    |
+      | new-user |
+    And using OCS API version "2"
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 false"
+    And the administrator has invoked occ command "twofactorauth:disable user8"
+    And the administrator has invoked occ command "twofactorauth:enable user8"
+
+  Scenario:  Verifying secret for the user having no secret should fail
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u new-user true"
+    Then the command should have failed with exit code 1
+    And the command output should contain the text "User has no secret: new-user"
+    And user "new-user" should be able to access a skeleton file
+
+  Scenario:  Unverifying secret for the user having no secret should fail
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u new-user false"
+    Then the command should have failed with exit code 1
+    And the command output should contain the text "User has no secret: new-user"
+    And user "new-user" should be able to access a skeleton file
+
+  @issue-91
+  Scenario: Verifying secret to not existing user should fail
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u NEUser true"
+    Then the command should have been successful
+    # Then the command should have failed with exit code 1
+    And the command output should contain the text "User NEUser does not exist"
+
+  Scenario: Verifying secret from occ command should work
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 true"
+    Then the command should have been successful
+    And the command output should contain the text "The secret of user8 is verified"
+    And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt"
+
+  Scenario: Unverifying secret from occ command should work
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true"
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 false"
+    Then the command should have been successful
+    And the command output should contain the text "The secret of user8 is unverified"
+    And user "user8" should be able to access a skeleton file
+
+  @issue-91
+  Scenario: Verifying multiple users containing one not existing user should work for other users, but fail
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u NEUser true"
+    Then the command should have been successful
+    # Then the command should have failed with exit code 1
+    And the command output should contain the text "The secret of user8 is verified"
+    And the command output should contain the text "User NEUser does not exist"
+    And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt"
+
+  Scenario: Verifying multiple users containing one having no secret set should work for other users, but fail
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u new-user true"
+    Then the command should have failed with exit code 1
+    And the command output should contain the text "The secret of user8 is verified"
+    And the command output should contain the text "User has no secret: new-user"
+    And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt"
+    And user "new-user" should be able to access a skeleton file
+
+  @issue-91
+  Scenario: Unverifying multiple users containing one not existing user should work for other users, but fail
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true"
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u NEUser false"
+    Then the command should have been successful
+    # Then the command should have failed with exit code 1
+    And the command output should contain the text "The secret of user8 is unverified"
+    And the command output should contain the text "User NEUser does not exist"
+    And user "user8" should be able to access a skeleton file
+
+  Scenario: Unverifying multiple users containing one having no secret set should work for other users, but fail
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true"
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u new-user false"
+    Then the command should have failed with exit code 1
+    And the command output should contain the text "The secret of user8 is unverified"
+    And the command output should contain the text "User has no secret: new-user"
+    And user "user8" should be able to access a skeleton file
+    And user "new-user" should be able to access a skeleton file
+
+  Scenario: Verifying all users that use TOTP should work
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status --all true"
+    Then the command should have been successful
+    And the command output should contain the text "The status of all TOTP secrets has been set to verified"
+    And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt"
+    And user "new-user" should be able to access a skeleton file
+
+  Scenario: Unverifying all users that use TOTP should work
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status --all true"
+    When the administrator invokes occ command "twofactor_totp:set-secret-verification-status --all false"
+    Then the command should have been successful
+    And the command output should contain the text "The status of all TOTP secrets has been set to unverified"
+    And user "user8" should be able to access a skeleton file
+    And user "new-user" should be able to access a skeleton file
+
+  @skip @issue-89
+  Scenario: Deleted user having TOTP enabled recreated should not ask for password
+    Given user "user8" has logged in using the webUI
+    And the user has browsed to the personal security settings page
+    And the user has activated TOTP Second-factor auth but not verified
+    And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status --all true"
+    When the administrator deletes user "user8" using the provisioning API
+    And the administrator creates user "user8" using the provisioning API
+    Then user "user8" should be able to access a skeleton file