diff options
Diffstat (limited to 'build/integration/features/auth.feature')
| -rw-r--r-- | build/integration/features/auth.feature | 59 |
1 files changed, 39 insertions, 20 deletions
diff --git a/build/integration/features/auth.feature b/build/integration/features/auth.feature index a3af28f25c8..b9f423a9e93 100644 --- a/build/integration/features/auth.feature +++ b/build/integration/features/auth.feature @@ -2,11 +2,11 @@ Feature: auth Background: Given user "user0" exists - Given a new client token is used - + Given a new restricted client token is added + Given a new unrestricted client token is added + Given the cookie jar is reset # FILES APP - Scenario: access files app anonymously When requesting "/index.php/apps/files" with "GET" Then the HTTP status code should be "401" @@ -15,12 +15,20 @@ Feature: auth When requesting "/index.php/apps/files" with "GET" using basic auth Then the HTTP status code should be "200" - Scenario: access files app with basic token auth - When requesting "/index.php/apps/files" with "GET" using basic token auth + Scenario: access files app with unrestricted basic token auth + When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth + Then the HTTP status code should be "200" + Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session + Then the HTTP status code should be "200" + + Scenario: access files app with restricted basic token auth + When requesting "/index.php/apps/files" with "GET" using restricted basic token auth Then the HTTP status code should be "200" + Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session + Then the HTTP status code should be "404" - Scenario: access files app with a client token - When requesting "/index.php/apps/files" with "GET" using a client token + Scenario: access files app with an unrestricted client token + When requesting "/index.php/apps/files" with "GET" using an unrestricted client token Then the HTTP status code should be "200" Scenario: access files app with browser session @@ -28,9 +36,7 @@ Feature: auth When requesting "/index.php/apps/files" with "GET" using browser session Then the HTTP status code should be "200" - # WebDAV - Scenario: using WebDAV anonymously When requesting "/remote.php/webdav" with "PROPFIND" Then the HTTP status code should be "401" @@ -39,23 +45,20 @@ Feature: auth When requesting "/remote.php/webdav" with "PROPFIND" using basic auth Then the HTTP status code should be "207" - Scenario: using WebDAV with token auth - When requesting "/remote.php/webdav" with "PROPFIND" using basic token auth + Scenario: using WebDAV with unrestricted basic token auth + When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth Then the HTTP status code should be "207" - # DAV token auth is not possible yet - #Scenario: using WebDAV with a client token - # When requesting "/remote.php/webdav" with "PROPFIND" using a client token - # Then the HTTP status code should be "207" + Scenario: using WebDAV with restricted basic token auth + When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth + Then the HTTP status code should be "207" Scenario: using WebDAV with browser session Given a new browser session is started When requesting "/remote.php/webdav" with "PROPFIND" using browser session Then the HTTP status code should be "207" - # OCS - Scenario: using OCS anonymously When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" Then the OCS status code should be "997" @@ -65,11 +68,11 @@ Feature: auth Then the OCS status code should be "100" Scenario: using OCS with token auth - When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic token auth + When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth Then the OCS status code should be "100" - Scenario: using OCS with client token - When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using a client token + Scenario: using OCS with an unrestricted client token + When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token Then the OCS status code should be "100" Scenario: using OCS with browser session @@ -84,3 +87,19 @@ Feature: auth And requesting "/index.php/apps/files" with "GET" using browser session Then the HTTP status code should be "200" + # AUTH TOKENS + Scenario: Creating an auth token with regular auth token should not work + When requesting "/index.php/apps/files" with "GET" using restricted basic token auth + Then the HTTP status code should be "200" + When the CSRF token is extracted from the previous response + When a new unrestricted client token is added using restricted basic token auth + Then the HTTP status code should be "503" + + Scenario: Creating a restricted auth token with regular login should work + When a new restricted client token is added + Then the HTTP status code should be "200" + + Scenario: Creating an unrestricted auth token with regular login should work + When a new unrestricted client token is added + Then the HTTP status code should be "200" + |