aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Calviño Sánchez <danxuliu@gmail.com>2020-09-18 18:32:59 +0200
committerDaniel Calviño Sánchez <danxuliu@gmail.com>2020-09-18 18:54:55 +0200
commitf400c44e8b7acbdf3fb15ec3dee4153656d46b8d (patch)
tree55a00fba4621a1c026204b0ffa3d0f86d62fcc2b
parent29fcaa1cec5a632dab830e00248fe5d1faf8b02c (diff)
downloadnextcloud-server-f400c44e8b7acbdf3fb15ec3dee4153656d46b8d.tar.gz
nextcloud-server-f400c44e8b7acbdf3fb15ec3dee4153656d46b8d.zip
Add integration tests for transferring files of a user with a risky name
The files:transfer-ownership performs a sanitization of users with "risky" display names (including characters like "\" or "/"). In order to allow (escaped) double quotes in the display name the regular expression used in the "user XXX with displayname YYY exists" step had to be adjusted. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
-rw-r--r--build/integration/features/bootstrap/CommandLineContext.php8
-rw-r--r--build/integration/features/bootstrap/Provisioning.php2
-rw-r--r--build/integration/features/transfer-ownership.feature32
3 files changed, 41 insertions, 1 deletions
diff --git a/build/integration/features/bootstrap/CommandLineContext.php b/build/integration/features/bootstrap/CommandLineContext.php
index bf999fd2050..a689f0aab30 100644
--- a/build/integration/features/bootstrap/CommandLineContext.php
+++ b/build/integration/features/bootstrap/CommandLineContext.php
@@ -26,6 +26,7 @@
require __DIR__ . '/../../vendor/autoload.php';
use Behat\Behat\Hook\Scope\BeforeScenarioScope;
+use PHPUnit\Framework\Assert;
class CommandLineContext implements \Behat\Behat\Context\Context {
use CommandLine;
@@ -128,4 +129,11 @@ class CommandLineContext implements \Behat\Behat\Context\Context {
$davPath = rtrim($davPath, '/') . $this->lastTransferPath;
$this->featureContext->usingDavPath($davPath);
}
+
+ /**
+ * @Then /^transfer folder name contains "([^"]+)"$/
+ */
+ public function transferFolderNameContains($text) {
+ Assert::assertContains($text, $this->lastTransferPath);
+ }
}
diff --git a/build/integration/features/bootstrap/Provisioning.php b/build/integration/features/bootstrap/Provisioning.php
index daf5b11569c..31331092ae7 100644
--- a/build/integration/features/bootstrap/Provisioning.php
+++ b/build/integration/features/bootstrap/Provisioning.php
@@ -70,7 +70,7 @@ trait Provisioning {
}
/**
- * @Given /^user "([^"]*)" with displayname "([^"]*)" exists$/
+ * @Given /^user "([^"]*)" with displayname "((?:[^"]|\\")*)" exists$/
* @param string $user
*/
public function assureUserWithDisplaynameExists($user, $displayname) {
diff --git a/build/integration/features/transfer-ownership.feature b/build/integration/features/transfer-ownership.feature
index 265e1d370e4..49326c96d93 100644
--- a/build/integration/features/transfer-ownership.feature
+++ b/build/integration/features/transfer-ownership.feature
@@ -29,6 +29,22 @@ Feature: transfer-ownership
And using received transfer folder of "user1" as dav path
And as "user1" the folder "/test" exists
+ Scenario: transfering ownership from user with risky display name
+ Given user "user0" with displayname "user0 \"risky\"? ヂspḷay 'na|\/|e':.#" exists
+ And user "user1" exists
+ And User "user0" created a folder "/test"
+ And User "user0" uploads file "data/textfile.txt" to "/test/somefile.txt"
+ When transfering ownership from "user0" to "user1"
+ And the command was successful
+ And As an "user1"
+ And using received transfer folder of "user1" as dav path
+ Then Downloaded content when downloading file "/test/somefile.txt" with range "bytes=0-6" should be "This is"
+ And transfer folder name contains "transferred from user0 -risky- ヂspḷay -na|-|e- on"
+ And using old dav path
+ And as "user0" the folder "/test" does not exist
+ And using received transfer folder of "user1" as dav path
+ And as "user1" the folder "/test" exists
+
Scenario: transfering ownership of file shares
Given user "user0" exists
And user "user1" exists
@@ -319,6 +335,22 @@ Feature: transfer-ownership
And using received transfer folder of "user1" as dav path
And as "user1" the folder "/test" exists
+ Scenario: transfering ownership from user with risky display name
+ Given user "user0" with displayname "user0 \"risky\"? ヂspḷay 'na|\/|e':.#" exists
+ And user "user1" exists
+ And User "user0" created a folder "/test"
+ And User "user0" uploads file "data/textfile.txt" to "/test/somefile.txt"
+ When transfering ownership of path "test" from "user0" to "user1"
+ And the command was successful
+ And As an "user1"
+ And using received transfer folder of "user1" as dav path
+ Then Downloaded content when downloading file "/test/somefile.txt" with range "bytes=0-6" should be "This is"
+ And transfer folder name contains "transferred from user0 -risky- ヂspḷay -na|-|e- on"
+ And using old dav path
+ And as "user0" the folder "/test" does not exist
+ And using received transfer folder of "user1" as dav path
+ And as "user1" the folder "/test" exists
+
Scenario: transfering ownership of file shares
Given user "user0" exists
And user "user1" exists