summaryrefslogtreecommitdiffstats
path: root/build/integration
diff options
context:
space:
mode:
Diffstat (limited to 'build/integration')
-rw-r--r--build/integration/features/auth.feature59
-rw-r--r--build/integration/features/bootstrap/Auth.php135
-rw-r--r--build/integration/features/bootstrap/CalDavContext.php49
-rw-r--r--build/integration/features/caldav.feature9
4 files changed, 215 insertions, 37 deletions
diff --git a/build/integration/features/auth.feature b/build/integration/features/auth.feature
index a3af28f25c8..b9f423a9e93 100644
--- a/build/integration/features/auth.feature
+++ b/build/integration/features/auth.feature
@@ -2,11 +2,11 @@ Feature: auth
Background:
Given user "user0" exists
- Given a new client token is used
-
+ Given a new restricted client token is added
+ Given a new unrestricted client token is added
+ Given the cookie jar is reset
# FILES APP
-
Scenario: access files app anonymously
When requesting "/index.php/apps/files" with "GET"
Then the HTTP status code should be "401"
@@ -15,12 +15,20 @@ Feature: auth
When requesting "/index.php/apps/files" with "GET" using basic auth
Then the HTTP status code should be "200"
- Scenario: access files app with basic token auth
- When requesting "/index.php/apps/files" with "GET" using basic token auth
+ Scenario: access files app with unrestricted basic token auth
+ When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
+ Then the HTTP status code should be "200"
+ Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
+ Then the HTTP status code should be "200"
+
+ Scenario: access files app with restricted basic token auth
+ When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
Then the HTTP status code should be "200"
+ Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
+ Then the HTTP status code should be "404"
- Scenario: access files app with a client token
- When requesting "/index.php/apps/files" with "GET" using a client token
+ Scenario: access files app with an unrestricted client token
+ When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
Then the HTTP status code should be "200"
Scenario: access files app with browser session
@@ -28,9 +36,7 @@ Feature: auth
When requesting "/index.php/apps/files" with "GET" using browser session
Then the HTTP status code should be "200"
-
# WebDAV
-
Scenario: using WebDAV anonymously
When requesting "/remote.php/webdav" with "PROPFIND"
Then the HTTP status code should be "401"
@@ -39,23 +45,20 @@ Feature: auth
When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
Then the HTTP status code should be "207"
- Scenario: using WebDAV with token auth
- When requesting "/remote.php/webdav" with "PROPFIND" using basic token auth
+ Scenario: using WebDAV with unrestricted basic token auth
+ When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
Then the HTTP status code should be "207"
- # DAV token auth is not possible yet
- #Scenario: using WebDAV with a client token
- # When requesting "/remote.php/webdav" with "PROPFIND" using a client token
- # Then the HTTP status code should be "207"
+ Scenario: using WebDAV with restricted basic token auth
+ When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
+ Then the HTTP status code should be "207"
Scenario: using WebDAV with browser session
Given a new browser session is started
When requesting "/remote.php/webdav" with "PROPFIND" using browser session
Then the HTTP status code should be "207"
-
# OCS
-
Scenario: using OCS anonymously
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
Then the OCS status code should be "997"
@@ -65,11 +68,11 @@ Feature: auth
Then the OCS status code should be "100"
Scenario: using OCS with token auth
- When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic token auth
+ When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
Then the OCS status code should be "100"
- Scenario: using OCS with client token
- When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using a client token
+ Scenario: using OCS with an unrestricted client token
+ When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
Then the OCS status code should be "100"
Scenario: using OCS with browser session
@@ -84,3 +87,19 @@ Feature: auth
And requesting "/index.php/apps/files" with "GET" using browser session
Then the HTTP status code should be "200"
+ # AUTH TOKENS
+ Scenario: Creating an auth token with regular auth token should not work
+ When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
+ Then the HTTP status code should be "200"
+ When the CSRF token is extracted from the previous response
+ When a new unrestricted client token is added using restricted basic token auth
+ Then the HTTP status code should be "503"
+
+ Scenario: Creating a restricted auth token with regular login should work
+ When a new restricted client token is added
+ Then the HTTP status code should be "200"
+
+ Scenario: Creating an unrestricted auth token with regular login should work
+ When a new unrestricted client token is added
+ Then the HTTP status code should be "200"
+
diff --git a/build/integration/features/bootstrap/Auth.php b/build/integration/features/bootstrap/Auth.php
index 46bb94a2b20..fd1b2e05a80 100644
--- a/build/integration/features/bootstrap/Auth.php
+++ b/build/integration/features/bootstrap/Auth.php
@@ -1,7 +1,5 @@
<?php
-
/**
-
*
* @author Christoph Wurst <christoph@owncloud.com>
*
@@ -21,19 +19,28 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
+
use GuzzleHttp\Client;
use GuzzleHttp\Exception\ClientException;
+use GuzzleHttp\Cookie\CookieJar;
require __DIR__ . '/../../vendor/autoload.php';
trait Auth {
-
- private $clientToken;
+ /** @var string */
+ private $unrestrictedClientToken;
+ /** @var string */
+ private $restrictedClientToken;
+ /** @var Client */
+ private $client;
+ /** @var string */
+ private $responseXml;
/** @BeforeScenario */
public function setUpScenario() {
$this->client = new Client();
$this->responseXml = '';
+ $this->cookieJar = new CookieJar();
}
/**
@@ -65,15 +72,28 @@ trait Auth {
}
/**
- * @Given a new client token is used
+ * @When the CSRF token is extracted from the previous response
+ */
+ public function theCsrfTokenIsExtractedFromThePreviousResponse() {
+ $this->requestToken = substr(preg_replace('/(.*)data-requesttoken="(.*)">(.*)/sm', '\2', $this->response->getBody()->getContents()), 0, 89);
+ }
+
+ /**
+ * @param bool $loginViaWeb
+ * @return object
*/
- public function aNewClientTokenIsUsed() {
- $this->loggingInUsingWebAs('user0');
+ private function createClientToken($loginViaWeb = true) {
+ if($loginViaWeb) {
+ $this->loggingInUsingWebAs('user0');
+ }
$fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens';
$client = new Client();
$options = [
- 'auth' => ['user0', '123456'],
+ 'auth' => [
+ 'user0',
+ $loginViaWeb ? '123456' : $this->restrictedClientToken,
+ ],
'body' => [
'requesttoken' => $this->requestToken,
'name' => md5(microtime()),
@@ -81,34 +101,107 @@ trait Auth {
'cookies' => $this->cookieJar,
];
- $resp = $client->send($client->createRequest('POST', $fullUrl, $options));
+ try {
+ $this->response = $client->send($client->createRequest('POST', $fullUrl, $options));
+ } catch (\GuzzleHttp\Exception\ServerException $e) {
+ $this->response = $e->getResponse();
+ }
+ return json_decode($this->response->getBody()->getContents());
+ }
- $this->clientToken = json_decode($resp->getBody()->getContents())->token;
+ /**
+ * @Given a new restricted client token is added
+ */
+ public function aNewRestrictedClientTokenIsAdded() {
+ $tokenObj = $this->createClientToken();
+ $newCreatedTokenId = $tokenObj->deviceToken->id;
+ $fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens/' . $newCreatedTokenId;
+ $client = new Client();
+ $options = [
+ 'auth' => ['user0', '123456'],
+ 'headers' => [
+ 'requesttoken' => $this->requestToken,
+ ],
+ 'json' => [
+ 'scope' => [
+ 'filesystem' => false,
+ ],
+ ],
+ 'cookies' => $this->cookieJar,
+ ];
+ $this->response = $client->send($client->createRequest('PUT', $fullUrl, $options));
+ $this->restrictedClientToken = $tokenObj->token;
+ }
+
+ /**
+ * @Given a new unrestricted client token is added
+ */
+ public function aNewUnrestrictedClientTokenIsAdded() {
+ $this->unrestrictedClientToken = $this->createClientToken()->token;
+ }
+
+ /**
+ * @When a new unrestricted client token is added using restricted basic token auth
+ */
+ public function aNewUnrestrictedClientTokenIsAddedUsingRestrictedBasicTokenAuth() {
+ $this->createClientToken(false);
}
/**
* @When requesting :url with :method using basic auth
+ *
+ * @param string $url
+ * @param string $method
*/
public function requestingWithBasicAuth($url, $method) {
$this->sendRequest($url, $method, 'basic ' . base64_encode('user0:123456'));
}
/**
- * @When requesting :url with :method using basic token auth
+ * @When requesting :url with :method using unrestricted basic token auth
+ *
+ * @param string $url
+ * @param string $method
+ */
+ public function requestingWithUnrestrictedBasicTokenAuth($url, $method) {
+ $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->unrestrictedClientToken), true);
+ }
+
+ /**
+ * @When requesting :url with :method using restricted basic token auth
+ *
+ * @param string $url
+ * @param string $method
+ */
+ public function requestingWithRestrictedBasicTokenAuth($url, $method) {
+ $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->restrictedClientToken), true);
+ }
+
+ /**
+ * @When requesting :url with :method using an unrestricted client token
+ *
+ * @param string $url
+ * @param string $method
*/
- public function requestingWithBasicTokenAuth($url, $method) {
- $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->clientToken));
+ public function requestingWithUsingAnUnrestrictedClientToken($url, $method) {
+ $this->sendRequest($url, $method, 'token ' . $this->unrestrictedClientToken);
}
/**
- * @When requesting :url with :method using a client token
+ * @When requesting :url with :method using a restricted client token
+ *
+ * @param string $url
+ * @param string $method
*/
- public function requestingWithUsingAClientToken($url, $method) {
- $this->sendRequest($url, $method, 'token ' . $this->clientToken);
+ public function requestingWithUsingARestrictedClientToken($url, $method) {
+ $this->sendRequest($url, $method, 'token ' . $this->restrictedClientToken);
}
/**
* @When requesting :url with :method using browser session
+ *
+ * @param string $url
+ * @param string $method
*/
public function requestingWithBrowserSession($url, $method) {
$this->sendRequest($url, $method, null, true);
@@ -116,6 +209,8 @@ trait Auth {
/**
* @Given a new browser session is started
+ *
+ * @param bool $remember
*/
public function aNewBrowserSessionIsStarted($remember = false) {
$loginUrl = substr($this->baseUrl, 0, -5) . '/login';
@@ -149,6 +244,14 @@ trait Auth {
$this->aNewBrowserSessionIsStarted(true);
}
+
+ /**
+ * @Given the cookie jar is reset
+ */
+ public function theCookieJarIsReset() {
+ $this->cookieJar = new CookieJar();
+ }
+
/**
* @When the session cookie expires
*/
diff --git a/build/integration/features/bootstrap/CalDavContext.php b/build/integration/features/bootstrap/CalDavContext.php
index 4843dde135a..8c0348f37a8 100644
--- a/build/integration/features/bootstrap/CalDavContext.php
+++ b/build/integration/features/bootstrap/CalDavContext.php
@@ -89,7 +89,7 @@ class CalDavContext implements \Behat\Behat\Context\Context {
'auth' => [
$user,
$password,
- ]
+ ],
]
);
$this->response = $this->client->send($request);
@@ -184,4 +184,51 @@ class CalDavContext implements \Behat\Behat\Context\Context {
$this->response = $this->client->send($request);
}
+ /**
+ * @Then :user publicly shares the calendar named :name
+ *
+ * @param string $user
+ * @param string $name
+ */
+ public function publiclySharesTheCalendarNamed($user, $name) {
+ $davUrl = $this->baseUrl . '/remote.php/dav/calendars/'.$user.'/'.$name;
+ $password = ($user === 'admin') ? 'admin' : '123456';
+
+ $request = $this->client->createRequest(
+ 'POST',
+ $davUrl,
+ [
+ 'body' => '<cs:publish-calendar xmlns:cs="http://calendarserver.org/ns/"/>',
+ 'auth' => [
+ $user,
+ $password,
+ ],
+ 'headers' => [
+ 'Content-Type' => 'application/xml; charset=UTF-8',
+ ],
+ ]
+ );
+
+ $this->response = $this->client->send($request);
+ }
+
+ /**
+ * @Then There should be :amount calendars in the response body
+ *
+ * @param string $amount
+ */
+ public function t($amount) {
+ $jsonEncoded = json_encode($this->responseXml);
+ $arrayElement = json_decode($jsonEncoded, true);
+ $actual = count($arrayElement['value']) - 1;
+ if($actual !== (int)$amount) {
+ throw new InvalidArgumentException(
+ sprintf(
+ 'Expected %s got %s',
+ $amount,
+ $actual
+ )
+ );
+ }
+ }
}
diff --git a/build/integration/features/caldav.feature b/build/integration/features/caldav.feature
index 5c3983fc40b..2bddbc3e9e4 100644
--- a/build/integration/features/caldav.feature
+++ b/build/integration/features/caldav.feature
@@ -50,3 +50,12 @@ Feature: caldav
Then The CalDAV HTTP status code should be "201"
And "admin" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/"
Then The CalDAV HTTP status code should be "207"
+
+ Scenario: Propfind on public calendar endpoint without calendars
+ When "admin" creates a calendar named "MyCalendar"
+ Then The CalDAV HTTP status code should be "201"
+ And "admin" publicly shares the calendar named "MyCalendar"
+ Then The CalDAV HTTP status code should be "202"
+ When "admin" requests calendar "/" on the endpoint "/remote.php/dav/public-calendars"
+ Then The CalDAV HTTP status code should be "207"
+ Then There should be "0" calendars in the response body \ No newline at end of file