summaryrefslogtreecommitdiffstats
path: root/build
diff options
context:
space:
mode:
authorJoas Schilling <nickvergessen@owncloud.com>2016-03-15 14:24:51 +0100
committerJoas Schilling <nickvergessen@owncloud.com>2016-03-15 14:24:51 +0100
commitc4b0a1cdfd8d2c4961f1049b424c7655aef3a55e (patch)
treecc8ff6b55d7502e62d53c66ccbc94454986d18e0 /build
parent4e9c3b3d641d9f11a78420163dfad46c74e554b8 (diff)
downloadnextcloud-server-c4b0a1cdfd8d2c4961f1049b424c7655aef3a55e.tar.gz
nextcloud-server-c4b0a1cdfd8d2c4961f1049b424c7655aef3a55e.zip
Add tests for user enumeration and sharing in group only
Diffstat (limited to 'build')
-rw-r--r--build/integration/features/bootstrap/Sharing.php8
-rw-r--r--build/integration/features/sharees.feature140
2 files changed, 103 insertions, 45 deletions
diff --git a/build/integration/features/bootstrap/Sharing.php b/build/integration/features/bootstrap/Sharing.php
index f516b97146d..f81442c9769 100644
--- a/build/integration/features/bootstrap/Sharing.php
+++ b/build/integration/features/bootstrap/Sharing.php
@@ -7,8 +7,9 @@ require __DIR__ . '/../../vendor/autoload.php';
-trait Sharing{
+trait Sharing {
use Provisioning;
+ use AppConfiguration;
/** @var int */
private $sharingApiVersion = 1;
@@ -520,5 +521,10 @@ trait Sharing{
}
return $sharees;
}
+
+ protected function resetAppConfigs() {
+ $this->modifyServerConfig('core', 'shareapi_only_share_with_group_members', 'no');
+ $this->modifyServerConfig('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
+ }
}
diff --git a/build/integration/features/sharees.feature b/build/integration/features/sharees.feature
index 996a2b444c9..5765b937a67 100644
--- a/build/integration/features/sharees.feature
+++ b/build/integration/features/sharees.feature
@@ -4,6 +4,7 @@ Feature: sharees
And user "test" exists
And user "Sharee1" exists
And group "ShareeGroup" exists
+ And user "test" belongs to group "ShareeGroup"
Scenario: Search without exact match
Given As an "test"
@@ -37,50 +38,101 @@ Feature: sharees
And "exact remotes" sharees returned is empty
And "remotes" sharees returned is empty
-# TODO need to move the appconfig setting from Capabilities to Basic/Provisioning
-# Scenario: Search without exact match no iteration allowed
-# Given As an "test"
-# When getting sharees for
-# | search | Sharee |
-# | itemType | file |
-# Then the OCS status code should be "100"
-# And the HTTP status code should be "200"
-# And "exact users" sharees returned is empty
-# And "users" sharees returned is empty
-# And "exact groups" sharees returned is empty
-# And "groups" sharees returned is empty
-# And "exact remotes" sharees returned is empty
-# And "remotes" sharees returned is empty
-#
-# Scenario: Search with exact match no iteration allowed
-# Given As an "test"
-# When getting sharees for
-# | search | Sharee1 |
-# | itemType | file |
-# Then the OCS status code should be "100"
-# And the HTTP status code should be "200"
-# And "exact users" sharees returned are
-# | Sharee1 | 0 | Sharee1 |
-# And "users" sharees returned is empty
-# And "exact groups" sharees returned is empty
-# And "groups" sharees returned is empty
-# And "exact remotes" sharees returned is empty
-# And "remotes" sharees returned is empty
-#
-# Scenario: Search with exact match group no iteration allowed
-# Given As an "test"
-# When getting sharees for
-# | search | ShareeGroup |
-# | itemType | file |
-# Then the OCS status code should be "100"
-# And the HTTP status code should be "200"
-# And "exact users" sharees returned is empty
-# And "users" sharees returned is empty
-# And "exact groups" sharees returned are
-# | ShareeGroup | 1 | ShareeGroup |
-# And "groups" sharees returned is empty
-# And "exact remotes" sharees returned is empty
-# And "remotes" sharees returned is empty
+ Scenario: Search only with group members - denied
+ Given As an "test"
+ And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
+ When getting sharees for
+ | search | sharee |
+ | itemType | file |
+ Then the OCS status code should be "100"
+ And the HTTP status code should be "200"
+ And "exact users" sharees returned is empty
+ And "users" sharees returned is empty
+ And "exact groups" sharees returned is empty
+ And "groups" sharees returned are
+ | ShareeGroup | 1 | ShareeGroup |
+ And "exact remotes" sharees returned is empty
+ And "remotes" sharees returned is empty
+
+ Scenario: Search only with group members - allowed
+ Given As an "test"
+ And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
+ And user "Sharee1" belongs to group "ShareeGroup"
+ When getting sharees for
+ | search | sharee |
+ | itemType | file |
+ Then the OCS status code should be "100"
+ And the HTTP status code should be "200"
+ And "exact users" sharees returned is empty
+ And "users" sharees returned are
+ | Sharee1 | 0 | Sharee1 |
+ And "exact groups" sharees returned is empty
+ And "groups" sharees returned are
+ | ShareeGroup | 1 | ShareeGroup |
+ And "exact remotes" sharees returned is empty
+ And "remotes" sharees returned is empty
+
+ Scenario: Search only with group members - no group as non-member
+ Given As an "Sharee1"
+ And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
+ When getting sharees for
+ | search | sharee |
+ | itemType | file |
+ Then the OCS status code should be "100"
+ And the HTTP status code should be "200"
+ And "exact users" sharees returned is empty
+ And "users" sharees returned is empty
+ And "exact groups" sharees returned is empty
+ And "groups" sharees returned is empty
+ And "exact remotes" sharees returned is empty
+ And "remotes" sharees returned is empty
+
+ Scenario: Search without exact match no iteration allowed
+ Given As an "test"
+ And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
+ When getting sharees for
+ | search | Sharee |
+ | itemType | file |
+ Then the OCS status code should be "100"
+ And the HTTP status code should be "200"
+ And "exact users" sharees returned is empty
+ And "users" sharees returned is empty
+ And "exact groups" sharees returned is empty
+ And "groups" sharees returned is empty
+ And "exact remotes" sharees returned is empty
+ And "remotes" sharees returned is empty
+
+ Scenario: Search with exact match no iteration allowed
+ Given As an "test"
+ And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
+ When getting sharees for
+ | search | Sharee1 |
+ | itemType | file |
+ Then the OCS status code should be "100"
+ And the HTTP status code should be "200"
+ And "exact users" sharees returned are
+ | Sharee1 | 0 | Sharee1 |
+ And "users" sharees returned is empty
+ And "exact groups" sharees returned is empty
+ And "groups" sharees returned is empty
+ And "exact remotes" sharees returned is empty
+ And "remotes" sharees returned is empty
+
+ Scenario: Search with exact match group no iteration allowed
+ Given As an "test"
+ And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
+ When getting sharees for
+ | search | ShareeGroup |
+ | itemType | file |
+ Then the OCS status code should be "100"
+ And the HTTP status code should be "200"
+ And "exact users" sharees returned is empty
+ And "users" sharees returned is empty
+ And "exact groups" sharees returned are
+ | ShareeGroup | 1 | ShareeGroup |
+ And "groups" sharees returned is empty
+ And "exact remotes" sharees returned is empty
+ And "remotes" sharees returned is empty
Scenario: Search with exact match
Given As an "test"