diff options
author | Sergio Bertolín <sbertolin@solidgear.es> | 2016-06-17 14:10:43 +0200 |
---|---|---|
committer | Thomas Müller <DeepDiver1975@users.noreply.github.com> | 2016-06-17 14:10:43 +0200 |
commit | 491e2654ebed82044f84d3adcc5f845dc471ae06 (patch) | |
tree | e3c7843ac7eb8dbea28969c749d22cac8c7a0f72 /build/integration | |
parent | 85d9e586378d28fb202fd5d1742c680f2a6d7651 (diff) | |
download | nextcloud-server-491e2654ebed82044f84d3adcc5f845dc471ae06.tar.gz nextcloud-server-491e2654ebed82044f84d3adcc5f845dc471ae06.zip |
Added test with new endpoint (#23934)
* Added test with new endpoint
* Moved all scenarios using new dav endpoint to a new feature file
* Removed extra slash in welcome.txt
* some fixes
* Incorrect user while downloading with range
* Fixed Content-disposition
Diffstat (limited to 'build/integration')
-rw-r--r-- | build/integration/features/dav-v2.feature | 55 | ||||
-rw-r--r-- | build/integration/features/webdav-related.feature | 37 |
2 files changed, 55 insertions, 37 deletions
diff --git a/build/integration/features/dav-v2.feature b/build/integration/features/dav-v2.feature new file mode 100644 index 00000000000..2b3aeff9454 --- /dev/null +++ b/build/integration/features/dav-v2.feature @@ -0,0 +1,55 @@ +Feature: dav-v2 + Background: + Given using api version "1" + + Scenario: moving a file new endpoint way + Given using dav path "remote.php/dav" + And As an "admin" + And user "user0" exists + When User "user0" moves file "/files/user0/textfile0.txt" to "/files/user0/FOLDER/textfile0.txt" + Then the HTTP status code should be "201" + + Scenario: download a file with range using new endpoint + Given using dav path "remote.php/dav" + And As an "admin" + And user "user0" exists + And As an "user0" + When Downloading file "/files/user0/welcome.txt" with range "bytes=51-77" + Then Downloaded content should be "example file for developers" + + Scenario: Downloading a file on the new endpoint should serve security headers + Given using dav path "remote.php/dav/files/admin/" + And As an "admin" + When Downloading file "welcome.txt" + Then The following headers should be set + |Content-Disposition|attachment; filename*=UTF-8''welcome.txt; filename="welcome.txt"| + |Content-Security-Policy|default-src 'none';| + |X-Content-Type-Options |nosniff| + |X-Download-Options|noopen| + |X-Frame-Options|Sameorigin| + |X-Permitted-Cross-Domain-Policies|none| + |X-Robots-Tag|none| + |X-XSS-Protection|1; mode=block| + And Downloaded content should start with "Welcome to your ownCloud account!" + + Scenario: Doing a GET with a web login should work without CSRF token on the new backend + Given Logging in using web as "admin" + When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken + Then Downloaded content should start with "Welcome to your ownCloud account!" + Then the HTTP status code should be "200" + + Scenario: Doing a GET with a web login should work with CSRF token on the new backend + Given Logging in using web as "admin" + When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken + Then Downloaded content should start with "Welcome to your ownCloud account!" + Then the HTTP status code should be "200" + + Scenario: Doing a PROPFIND with a web login should not work without CSRF token on the new backend + Given Logging in using web as "admin" + When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken + Then the HTTP status code should be "401" + + Scenario: Doing a PROPFIND with a web login should work with CSRF token on the new backend + Given Logging in using web as "admin" + When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken + Then the HTTP status code should be "207" diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature index 14ff505463c..06df280ea64 100644 --- a/build/integration/features/webdav-related.feature +++ b/build/integration/features/webdav-related.feature @@ -92,43 +92,6 @@ Feature: webdav-related |X-XSS-Protection|1; mode=block| And Downloaded content should start with "Welcome to your ownCloud account!" - Scenario: Downloading a file on the new endpoint should serve security headers - Given using dav path "remote.php/dav/files/admin/" - And As an "admin" - When Downloading file "/welcome.txt" - Then The following headers should be set - |Content-Disposition|attachment; filename*=UTF-8''welcome.txt; filename="welcome.txt"| - |Content-Security-Policy|default-src 'none';| - |X-Content-Type-Options |nosniff| - |X-Download-Options|noopen| - |X-Frame-Options|Sameorigin| - |X-Permitted-Cross-Domain-Policies|none| - |X-Robots-Tag|none| - |X-XSS-Protection|1; mode=block| - And Downloaded content should start with "Welcome to your ownCloud account!" - - Scenario: Doing a GET with a web login should work without CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken - Then Downloaded content should start with "Welcome to your ownCloud account!" - Then the HTTP status code should be "200" - - Scenario: Doing a GET with a web login should work with CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken - Then Downloaded content should start with "Welcome to your ownCloud account!" - Then the HTTP status code should be "200" - - Scenario: Doing a PROPFIND with a web login should not work without CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken - Then the HTTP status code should be "401" - - Scenario: Doing a PROPFIND with a web login should work with CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken - Then the HTTP status code should be "207" - Scenario: Doing a GET with a web login should work without CSRF token on the old backend Given Logging in using web as "admin" When Sending a "GET" to "/remote.php/webdav/welcome.txt" without requesttoken |