summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@owncloud.com>2016-05-03 16:21:49 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2016-05-11 13:36:46 +0200
commitbfed02b038664b8b99753b4fb874d652422f29bd (patch)
treebb2da68c95a28e7c500f15231f6c63903c8a92b3
parentf0f8bdd495ff958ce536e577e42586090b6bcd8f (diff)
downloadnextcloud-server-bfed02b038664b8b99753b4fb874d652422f29bd.tar.gz
nextcloud-server-bfed02b038664b8b99753b4fb874d652422f29bd.zip
add auth integration tests
-rw-r--r--build/integration/features/auth.feature78
-rw-r--r--build/integration/features/bootstrap/Auth.php117
-rw-r--r--build/integration/features/bootstrap/BasicStructure.php3
3 files changed, 198 insertions, 0 deletions
diff --git a/build/integration/features/auth.feature b/build/integration/features/auth.feature
new file mode 100644
index 00000000000..43aa618bd00
--- /dev/null
+++ b/build/integration/features/auth.feature
@@ -0,0 +1,78 @@
+Feature: auth
+
+ Background:
+ Given user "user0" exists
+ Given a new client token is used
+
+
+ # FILES APP
+
+ Scenario: access files app anonymously
+ When requesting "/index.php/apps/files" with "GET"
+ Then the HTTP status code should be "401"
+
+ Scenario: access files app with basic auth
+ When requesting "/index.php/apps/files" with "GET" using basic auth
+ Then the HTTP status code should be "200"
+
+ Scenario: access files app with basic token auth
+ When requesting "/index.php/apps/files" with "GET" using basic token auth
+ Then the HTTP status code should be "200"
+
+ Scenario: access files app with a client token
+ When requesting "/index.php/apps/files" with "GET" using a client token
+ Then the HTTP status code should be "200"
+
+ Scenario: access files app with browser session
+ Given a new browser session is started
+ When requesting "/index.php/apps/files" with "GET" using browser session
+ Then the HTTP status code should be "200"
+
+
+ # WebDAV
+
+ Scenario: using WebDAV anonymously
+ When requesting "/remote.php/webdav" with "PROPFIND"
+ Then the HTTP status code should be "401"
+
+ Scenario: using WebDAV with basic auth
+ When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
+ Then the HTTP status code should be "207"
+
+ Scenario: using WebDAV with token auth
+ When requesting "/remote.php/webdav" with "PROPFIND" using basic token auth
+ Then the HTTP status code should be "207"
+
+ # DAV token auth is not possible yet
+ #Scenario: using WebDAV with a client token
+ # When requesting "/remote.php/webdav" with "PROPFIND" using a client token
+ # Then the HTTP status code should be "207"
+
+ Scenario: using WebDAV with browser session
+ Given a new browser session is started
+ When requesting "/remote.php/webdav" with "PROPFIND" using browser session
+ Then the HTTP status code should be "207"
+
+
+ # OCS
+
+ Scenario: using OCS anonymously
+ When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
+ Then the OCS status code should be "997"
+
+ Scenario: using OCS with basic auth
+ When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
+ Then the OCS status code should be "100"
+
+ Scenario: using OCS with token auth
+ When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic token auth
+ Then the OCS status code should be "100"
+
+ Scenario: using OCS with client token
+ When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using a client token
+ Then the OCS status code should be "100"
+
+ Scenario: using OCS with browser session
+ Given a new browser session is started
+ When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
+ Then the OCS status code should be "100" \ No newline at end of file
diff --git a/build/integration/features/bootstrap/Auth.php b/build/integration/features/bootstrap/Auth.php
new file mode 100644
index 00000000000..88edcd49a5b
--- /dev/null
+++ b/build/integration/features/bootstrap/Auth.php
@@ -0,0 +1,117 @@
+<?php
+
+use GuzzleHttp\Client;
+use GuzzleHttp\Exception\ClientException;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+trait Auth {
+
+ private $clientToken;
+
+ /** @BeforeScenario */
+ public function tearUpScenario() {
+ $this->client = new Client();
+ $this->responseXml = '';
+ }
+
+ /**
+ * @When requesting :url with :method
+ */
+ public function requestingWith($url, $method) {
+ $this->sendRequest($url, $method);
+ }
+
+ private function sendRequest($url, $method, $authHeader = null, $useCookies = false) {
+ $fullUrl = substr($this->baseUrl, 0, -5) . $url;
+ try {
+ if ($useCookies) {
+ $request = $this->client->createRequest($method, $fullUrl, [
+ 'cookies' => $this->cookieJar,
+ ]);
+ } else {
+ $request = $this->client->createRequest($method, $fullUrl);
+ }
+ if ($authHeader) {
+ $request->setHeader('Authorization', $authHeader);
+ }
+ $request->setHeader('OCS_APIREQUEST', 'true');
+ $request->setHeader('requesttoken', $this->requestToken);
+ $this->response = $this->client->send($request);
+ } catch (ClientException $ex) {
+ $this->response = $ex->getResponse();
+ }
+ }
+
+ /**
+ * @Given a new client token is used
+ */
+ public function aNewClientTokenIsUsed() {
+ $client = new Client();
+ $resp = $client->post(substr($this->baseUrl, 0, -5) . '/token/generate', [
+ 'json' => [
+ 'user' => 'user0',
+ 'password' => '123456',
+ ]
+ ]);
+ $this->clientToken = json_decode($resp->getBody()->getContents())->token;
+ }
+
+ /**
+ * @When requesting :url with :method using basic auth
+ */
+ public function requestingWithBasicAuth($url, $method) {
+ $this->sendRequest($url, $method, 'basic ' . base64_encode('user:user'));
+ }
+
+ /**
+ * @When requesting :url with :method using basic token auth
+ */
+ public function requestingWithBasicTokenAuth($url, $method) {
+ $this->sendRequest($url, $method, 'basic ' . base64_encode('user:' . $this->clientToken));
+ }
+
+ /**
+ * @When requesting :url with :method using a client token
+ */
+ public function requestingWithUsingAClientToken($url, $method) {
+ $this->sendRequest($url, $method, 'token ' . $this->clientToken);
+ }
+
+ /**
+ * @When requesting :url with :method using browser session
+ */
+ public function requestingWithBrowserSession($url, $method) {
+ $this->sendRequest($url, $method, null, true);
+ }
+
+ /**
+ * @Given a new browser session is started
+ */
+ public function aNewBrowserSessionIsStarted() {
+ $loginUrl = substr($this->baseUrl, 0, -5) . '/login';
+ // Request a new session and extract CSRF token
+ $client = new Client();
+ $response = $client->get(
+ $loginUrl, [
+ 'cookies' => $this->cookieJar,
+ ]
+ );
+ $this->extracRequestTokenFromResponse($response);
+
+ // Login and extract new token
+ $client = new Client();
+ $response = $client->post(
+ $loginUrl, [
+ 'body' => [
+ 'user' => 'user0',
+ 'password' => '123456',
+ 'requesttoken' => $this->requestToken,
+ ],
+ 'cookies' => $this->cookieJar,
+ ]
+ );
+ $this->extracRequestTokenFromResponse($response);
+ }
+
+}
diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php
index 60ae51dbdf0..b8fb516fada 100644
--- a/build/integration/features/bootstrap/BasicStructure.php
+++ b/build/integration/features/bootstrap/BasicStructure.php
@@ -6,6 +6,9 @@ use GuzzleHttp\Message\ResponseInterface;
require __DIR__ . '/../../vendor/autoload.php';
trait BasicStructure {
+
+ use Auth;
+
/** @var string */
private $currentUser = '';