summaryrefslogtreecommitdiffstats
path: root/build
diff options
context:
space:
mode:
authorDaniel Calviño Sánchez <danxuliu@gmail.com>2020-09-18 18:32:59 +0200
committerDaniel Calviño Sánchez <danxuliu@gmail.com>2020-09-18 18:34:30 +0200
commitc4c602ee80b3bd6a158274df12019ba4e41e31d0 (patch)
treebe27f4861292f574dab03c473ba77eee31c46883 /build
parent5e143845cb6d9591d506df4b554348b7dce0296e (diff)
downloadnextcloud-server-c4c602ee80b3bd6a158274df12019ba4e41e31d0.tar.gz
nextcloud-server-c4c602ee80b3bd6a158274df12019ba4e41e31d0.zip
Add integration tests for transferring files of a user with a risky name
The files:transfer-ownership performs a sanitization of users with "risky" display names (including characters like "\" or "/"). In order to allow (escaped) double quotes in the display name the regular expression used in the "user XXX with displayname YYY exists" step had to be adjusted. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Diffstat (limited to 'build')
-rw-r--r--build/integration/features/bootstrap/CommandLineContext.php8
-rw-r--r--build/integration/features/bootstrap/Provisioning.php2
-rw-r--r--build/integration/features/transfer-ownership.feature32
3 files changed, 41 insertions, 1 deletions
diff --git a/build/integration/features/bootstrap/CommandLineContext.php b/build/integration/features/bootstrap/CommandLineContext.php
index 3acb59ec404..6db8de6b485 100644
--- a/build/integration/features/bootstrap/CommandLineContext.php
+++ b/build/integration/features/bootstrap/CommandLineContext.php
@@ -27,6 +27,7 @@
require __DIR__ . '/../../vendor/autoload.php';
use Behat\Behat\Hook\Scope\BeforeScenarioScope;
+use PHPUnit\Framework\Assert;
class CommandLineContext implements \Behat\Behat\Context\Context {
use CommandLine;
@@ -129,4 +130,11 @@ class CommandLineContext implements \Behat\Behat\Context\Context {
$davPath = rtrim($davPath, '/') . $this->lastTransferPath;
$this->featureContext->usingDavPath($davPath);
}
+
+ /**
+ * @Then /^transfer folder name contains "([^"]+)"$/
+ */
+ public function transferFolderNameContains($text) {
+ Assert::assertContains($text, $this->lastTransferPath);
+ }
}
diff --git a/build/integration/features/bootstrap/Provisioning.php b/build/integration/features/bootstrap/Provisioning.php
index daf5b11569c..31331092ae7 100644
--- a/build/integration/features/bootstrap/Provisioning.php
+++ b/build/integration/features/bootstrap/Provisioning.php
@@ -70,7 +70,7 @@ trait Provisioning {
}
/**
- * @Given /^user "([^"]*)" with displayname "([^"]*)" exists$/
+ * @Given /^user "([^"]*)" with displayname "((?:[^"]|\\")*)" exists$/
* @param string $user
*/
public function assureUserWithDisplaynameExists($user, $displayname) {
diff --git a/build/integration/features/transfer-ownership.feature b/build/integration/features/transfer-ownership.feature
index 7afaf1f3e59..46aeabb3aa7 100644
--- a/build/integration/features/transfer-ownership.feature
+++ b/build/integration/features/transfer-ownership.feature
@@ -29,6 +29,22 @@ Feature: transfer-ownership
And using received transfer folder of "user1" as dav path
And as "user1" the folder "/test" exists
+ Scenario: transferring ownership from user with risky display name
+ Given user "user0" with displayname "user0 \"risky\"? ヂspḷay 'na|\/|e':.#" exists
+ And user "user1" exists
+ And User "user0" created a folder "/test"
+ And User "user0" uploads file "data/textfile.txt" to "/test/somefile.txt"
+ When transferring ownership from "user0" to "user1"
+ And the command was successful
+ And As an "user1"
+ And using received transfer folder of "user1" as dav path
+ Then Downloaded content when downloading file "/test/somefile.txt" with range "bytes=0-6" should be "This is"
+ And transfer folder name contains "transferred from user0 -risky- ヂspḷay -na|-|e- on"
+ And using old dav path
+ And as "user0" the folder "/test" does not exist
+ And using received transfer folder of "user1" as dav path
+ And as "user1" the folder "/test" exists
+
Scenario: transferring ownership of file shares
Given user "user0" exists
And user "user1" exists
@@ -319,6 +335,22 @@ Feature: transfer-ownership
And using received transfer folder of "user1" as dav path
And as "user1" the folder "/test" exists
+ Scenario: transferring ownership from user with risky display name
+ Given user "user0" with displayname "user0 \"risky\"? ヂspḷay 'na|\/|e':.#" exists
+ And user "user1" exists
+ And User "user0" created a folder "/test"
+ And User "user0" uploads file "data/textfile.txt" to "/test/somefile.txt"
+ When transferring ownership of path "test" from "user0" to "user1"
+ And the command was successful
+ And As an "user1"
+ And using received transfer folder of "user1" as dav path
+ Then Downloaded content when downloading file "/test/somefile.txt" with range "bytes=0-6" should be "This is"
+ And transfer folder name contains "transferred from user0 -risky- ヂspḷay -na|-|e- on"
+ And using old dav path
+ And as "user0" the folder "/test" does not exist
+ And using received transfer folder of "user1" as dav path
+ And as "user1" the folder "/test" exists
+
Scenario: transferring ownership of file shares
Given user "user0" exists
And user "user1" exists