diff options
Diffstat (limited to 'build/integration')
-rw-r--r-- | build/integration/features/auth.feature | 59 | ||||
-rw-r--r-- | build/integration/features/bootstrap/Auth.php | 135 | ||||
-rw-r--r-- | build/integration/features/bootstrap/CalDavContext.php | 49 | ||||
-rw-r--r-- | build/integration/features/caldav.feature | 9 |
4 files changed, 215 insertions, 37 deletions
diff --git a/build/integration/features/auth.feature b/build/integration/features/auth.feature index a3af28f25c8..b9f423a9e93 100644 --- a/build/integration/features/auth.feature +++ b/build/integration/features/auth.feature @@ -2,11 +2,11 @@ Feature: auth Background: Given user "user0" exists - Given a new client token is used - + Given a new restricted client token is added + Given a new unrestricted client token is added + Given the cookie jar is reset # FILES APP - Scenario: access files app anonymously When requesting "/index.php/apps/files" with "GET" Then the HTTP status code should be "401" @@ -15,12 +15,20 @@ Feature: auth When requesting "/index.php/apps/files" with "GET" using basic auth Then the HTTP status code should be "200" - Scenario: access files app with basic token auth - When requesting "/index.php/apps/files" with "GET" using basic token auth + Scenario: access files app with unrestricted basic token auth + When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth + Then the HTTP status code should be "200" + Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session + Then the HTTP status code should be "200" + + Scenario: access files app with restricted basic token auth + When requesting "/index.php/apps/files" with "GET" using restricted basic token auth Then the HTTP status code should be "200" + Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session + Then the HTTP status code should be "404" - Scenario: access files app with a client token - When requesting "/index.php/apps/files" with "GET" using a client token + Scenario: access files app with an unrestricted client token + When requesting "/index.php/apps/files" with "GET" using an unrestricted client token Then the HTTP status code should be "200" Scenario: access files app with browser session @@ -28,9 +36,7 @@ Feature: auth When requesting "/index.php/apps/files" with "GET" using browser session Then the HTTP status code should be "200" - # WebDAV - Scenario: using WebDAV anonymously When requesting "/remote.php/webdav" with "PROPFIND" Then the HTTP status code should be "401" @@ -39,23 +45,20 @@ Feature: auth When requesting "/remote.php/webdav" with "PROPFIND" using basic auth Then the HTTP status code should be "207" - Scenario: using WebDAV with token auth - When requesting "/remote.php/webdav" with "PROPFIND" using basic token auth + Scenario: using WebDAV with unrestricted basic token auth + When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth Then the HTTP status code should be "207" - # DAV token auth is not possible yet - #Scenario: using WebDAV with a client token - # When requesting "/remote.php/webdav" with "PROPFIND" using a client token - # Then the HTTP status code should be "207" + Scenario: using WebDAV with restricted basic token auth + When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth + Then the HTTP status code should be "207" Scenario: using WebDAV with browser session Given a new browser session is started When requesting "/remote.php/webdav" with "PROPFIND" using browser session Then the HTTP status code should be "207" - # OCS - Scenario: using OCS anonymously When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" Then the OCS status code should be "997" @@ -65,11 +68,11 @@ Feature: auth Then the OCS status code should be "100" Scenario: using OCS with token auth - When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic token auth + When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth Then the OCS status code should be "100" - Scenario: using OCS with client token - When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using a client token + Scenario: using OCS with an unrestricted client token + When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token Then the OCS status code should be "100" Scenario: using OCS with browser session @@ -84,3 +87,19 @@ Feature: auth And requesting "/index.php/apps/files" with "GET" using browser session Then the HTTP status code should be "200" + # AUTH TOKENS + Scenario: Creating an auth token with regular auth token should not work + When requesting "/index.php/apps/files" with "GET" using restricted basic token auth + Then the HTTP status code should be "200" + When the CSRF token is extracted from the previous response + When a new unrestricted client token is added using restricted basic token auth + Then the HTTP status code should be "503" + + Scenario: Creating a restricted auth token with regular login should work + When a new restricted client token is added + Then the HTTP status code should be "200" + + Scenario: Creating an unrestricted auth token with regular login should work + When a new unrestricted client token is added + Then the HTTP status code should be "200" + diff --git a/build/integration/features/bootstrap/Auth.php b/build/integration/features/bootstrap/Auth.php index 46bb94a2b20..fd1b2e05a80 100644 --- a/build/integration/features/bootstrap/Auth.php +++ b/build/integration/features/bootstrap/Auth.php @@ -1,7 +1,5 @@ <?php - /** - * * @author Christoph Wurst <christoph@owncloud.com> * @@ -21,19 +19,28 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ + use GuzzleHttp\Client; use GuzzleHttp\Exception\ClientException; +use GuzzleHttp\Cookie\CookieJar; require __DIR__ . '/../../vendor/autoload.php'; trait Auth { - - private $clientToken; + /** @var string */ + private $unrestrictedClientToken; + /** @var string */ + private $restrictedClientToken; + /** @var Client */ + private $client; + /** @var string */ + private $responseXml; /** @BeforeScenario */ public function setUpScenario() { $this->client = new Client(); $this->responseXml = ''; + $this->cookieJar = new CookieJar(); } /** @@ -65,15 +72,28 @@ trait Auth { } /** - * @Given a new client token is used + * @When the CSRF token is extracted from the previous response + */ + public function theCsrfTokenIsExtractedFromThePreviousResponse() { + $this->requestToken = substr(preg_replace('/(.*)data-requesttoken="(.*)">(.*)/sm', '\2', $this->response->getBody()->getContents()), 0, 89); + } + + /** + * @param bool $loginViaWeb + * @return object */ - public function aNewClientTokenIsUsed() { - $this->loggingInUsingWebAs('user0'); + private function createClientToken($loginViaWeb = true) { + if($loginViaWeb) { + $this->loggingInUsingWebAs('user0'); + } $fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens'; $client = new Client(); $options = [ - 'auth' => ['user0', '123456'], + 'auth' => [ + 'user0', + $loginViaWeb ? '123456' : $this->restrictedClientToken, + ], 'body' => [ 'requesttoken' => $this->requestToken, 'name' => md5(microtime()), @@ -81,34 +101,107 @@ trait Auth { 'cookies' => $this->cookieJar, ]; - $resp = $client->send($client->createRequest('POST', $fullUrl, $options)); + try { + $this->response = $client->send($client->createRequest('POST', $fullUrl, $options)); + } catch (\GuzzleHttp\Exception\ServerException $e) { + $this->response = $e->getResponse(); + } + return json_decode($this->response->getBody()->getContents()); + } - $this->clientToken = json_decode($resp->getBody()->getContents())->token; + /** + * @Given a new restricted client token is added + */ + public function aNewRestrictedClientTokenIsAdded() { + $tokenObj = $this->createClientToken(); + $newCreatedTokenId = $tokenObj->deviceToken->id; + $fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens/' . $newCreatedTokenId; + $client = new Client(); + $options = [ + 'auth' => ['user0', '123456'], + 'headers' => [ + 'requesttoken' => $this->requestToken, + ], + 'json' => [ + 'scope' => [ + 'filesystem' => false, + ], + ], + 'cookies' => $this->cookieJar, + ]; + $this->response = $client->send($client->createRequest('PUT', $fullUrl, $options)); + $this->restrictedClientToken = $tokenObj->token; + } + + /** + * @Given a new unrestricted client token is added + */ + public function aNewUnrestrictedClientTokenIsAdded() { + $this->unrestrictedClientToken = $this->createClientToken()->token; + } + + /** + * @When a new unrestricted client token is added using restricted basic token auth + */ + public function aNewUnrestrictedClientTokenIsAddedUsingRestrictedBasicTokenAuth() { + $this->createClientToken(false); } /** * @When requesting :url with :method using basic auth + * + * @param string $url + * @param string $method */ public function requestingWithBasicAuth($url, $method) { $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:123456')); } /** - * @When requesting :url with :method using basic token auth + * @When requesting :url with :method using unrestricted basic token auth + * + * @param string $url + * @param string $method + */ + public function requestingWithUnrestrictedBasicTokenAuth($url, $method) { + $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->unrestrictedClientToken), true); + } + + /** + * @When requesting :url with :method using restricted basic token auth + * + * @param string $url + * @param string $method + */ + public function requestingWithRestrictedBasicTokenAuth($url, $method) { + $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->restrictedClientToken), true); + } + + /** + * @When requesting :url with :method using an unrestricted client token + * + * @param string $url + * @param string $method */ - public function requestingWithBasicTokenAuth($url, $method) { - $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->clientToken)); + public function requestingWithUsingAnUnrestrictedClientToken($url, $method) { + $this->sendRequest($url, $method, 'token ' . $this->unrestrictedClientToken); } /** - * @When requesting :url with :method using a client token + * @When requesting :url with :method using a restricted client token + * + * @param string $url + * @param string $method */ - public function requestingWithUsingAClientToken($url, $method) { - $this->sendRequest($url, $method, 'token ' . $this->clientToken); + public function requestingWithUsingARestrictedClientToken($url, $method) { + $this->sendRequest($url, $method, 'token ' . $this->restrictedClientToken); } /** * @When requesting :url with :method using browser session + * + * @param string $url + * @param string $method */ public function requestingWithBrowserSession($url, $method) { $this->sendRequest($url, $method, null, true); @@ -116,6 +209,8 @@ trait Auth { /** * @Given a new browser session is started + * + * @param bool $remember */ public function aNewBrowserSessionIsStarted($remember = false) { $loginUrl = substr($this->baseUrl, 0, -5) . '/login'; @@ -149,6 +244,14 @@ trait Auth { $this->aNewBrowserSessionIsStarted(true); } + + /** + * @Given the cookie jar is reset + */ + public function theCookieJarIsReset() { + $this->cookieJar = new CookieJar(); + } + /** * @When the session cookie expires */ diff --git a/build/integration/features/bootstrap/CalDavContext.php b/build/integration/features/bootstrap/CalDavContext.php index 4843dde135a..8c0348f37a8 100644 --- a/build/integration/features/bootstrap/CalDavContext.php +++ b/build/integration/features/bootstrap/CalDavContext.php @@ -89,7 +89,7 @@ class CalDavContext implements \Behat\Behat\Context\Context { 'auth' => [ $user, $password, - ] + ], ] ); $this->response = $this->client->send($request); @@ -184,4 +184,51 @@ class CalDavContext implements \Behat\Behat\Context\Context { $this->response = $this->client->send($request); } + /** + * @Then :user publicly shares the calendar named :name + * + * @param string $user + * @param string $name + */ + public function publiclySharesTheCalendarNamed($user, $name) { + $davUrl = $this->baseUrl . '/remote.php/dav/calendars/'.$user.'/'.$name; + $password = ($user === 'admin') ? 'admin' : '123456'; + + $request = $this->client->createRequest( + 'POST', + $davUrl, + [ + 'body' => '<cs:publish-calendar xmlns:cs="http://calendarserver.org/ns/"/>', + 'auth' => [ + $user, + $password, + ], + 'headers' => [ + 'Content-Type' => 'application/xml; charset=UTF-8', + ], + ] + ); + + $this->response = $this->client->send($request); + } + + /** + * @Then There should be :amount calendars in the response body + * + * @param string $amount + */ + public function t($amount) { + $jsonEncoded = json_encode($this->responseXml); + $arrayElement = json_decode($jsonEncoded, true); + $actual = count($arrayElement['value']) - 1; + if($actual !== (int)$amount) { + throw new InvalidArgumentException( + sprintf( + 'Expected %s got %s', + $amount, + $actual + ) + ); + } + } } diff --git a/build/integration/features/caldav.feature b/build/integration/features/caldav.feature index 5c3983fc40b..2bddbc3e9e4 100644 --- a/build/integration/features/caldav.feature +++ b/build/integration/features/caldav.feature @@ -50,3 +50,12 @@ Feature: caldav Then The CalDAV HTTP status code should be "201" And "admin" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/" Then The CalDAV HTTP status code should be "207" + + Scenario: Propfind on public calendar endpoint without calendars + When "admin" creates a calendar named "MyCalendar" + Then The CalDAV HTTP status code should be "201" + And "admin" publicly shares the calendar named "MyCalendar" + Then The CalDAV HTTP status code should be "202" + When "admin" requests calendar "/" on the endpoint "/remote.php/dav/public-calendars" + Then The CalDAV HTTP status code should be "207" + Then There should be "0" calendars in the response body
\ No newline at end of file |