summaryrefslogtreecommitdiffstats
path: root/build
diff options
context:
space:
mode:
Diffstat (limited to 'build')
-rw-r--r--build/integration/features/auth.feature59
-rw-r--r--build/integration/features/bootstrap/Auth.php135
2 files changed, 158 insertions, 36 deletions
diff --git a/build/integration/features/auth.feature b/build/integration/features/auth.feature
index a3af28f25c8..b9f423a9e93 100644
--- a/build/integration/features/auth.feature
+++ b/build/integration/features/auth.feature
@@ -2,11 +2,11 @@ Feature: auth
Background:
Given user "user0" exists
- Given a new client token is used
-
+ Given a new restricted client token is added
+ Given a new unrestricted client token is added
+ Given the cookie jar is reset
# FILES APP
-
Scenario: access files app anonymously
When requesting "/index.php/apps/files" with "GET"
Then the HTTP status code should be "401"
@@ -15,12 +15,20 @@ Feature: auth
When requesting "/index.php/apps/files" with "GET" using basic auth
Then the HTTP status code should be "200"
- Scenario: access files app with basic token auth
- When requesting "/index.php/apps/files" with "GET" using basic token auth
+ Scenario: access files app with unrestricted basic token auth
+ When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
+ Then the HTTP status code should be "200"
+ Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
+ Then the HTTP status code should be "200"
+
+ Scenario: access files app with restricted basic token auth
+ When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
Then the HTTP status code should be "200"
+ Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
+ Then the HTTP status code should be "404"
- Scenario: access files app with a client token
- When requesting "/index.php/apps/files" with "GET" using a client token
+ Scenario: access files app with an unrestricted client token
+ When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
Then the HTTP status code should be "200"
Scenario: access files app with browser session
@@ -28,9 +36,7 @@ Feature: auth
When requesting "/index.php/apps/files" with "GET" using browser session
Then the HTTP status code should be "200"
-
# WebDAV
-
Scenario: using WebDAV anonymously
When requesting "/remote.php/webdav" with "PROPFIND"
Then the HTTP status code should be "401"
@@ -39,23 +45,20 @@ Feature: auth
When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
Then the HTTP status code should be "207"
- Scenario: using WebDAV with token auth
- When requesting "/remote.php/webdav" with "PROPFIND" using basic token auth
+ Scenario: using WebDAV with unrestricted basic token auth
+ When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
Then the HTTP status code should be "207"
- # DAV token auth is not possible yet
- #Scenario: using WebDAV with a client token
- # When requesting "/remote.php/webdav" with "PROPFIND" using a client token
- # Then the HTTP status code should be "207"
+ Scenario: using WebDAV with restricted basic token auth
+ When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
+ Then the HTTP status code should be "207"
Scenario: using WebDAV with browser session
Given a new browser session is started
When requesting "/remote.php/webdav" with "PROPFIND" using browser session
Then the HTTP status code should be "207"
-
# OCS
-
Scenario: using OCS anonymously
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
Then the OCS status code should be "997"
@@ -65,11 +68,11 @@ Feature: auth
Then the OCS status code should be "100"
Scenario: using OCS with token auth
- When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic token auth
+ When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
Then the OCS status code should be "100"
- Scenario: using OCS with client token
- When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using a client token
+ Scenario: using OCS with an unrestricted client token
+ When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
Then the OCS status code should be "100"
Scenario: using OCS with browser session
@@ -84,3 +87,19 @@ Feature: auth
And requesting "/index.php/apps/files" with "GET" using browser session
Then the HTTP status code should be "200"
+ # AUTH TOKENS
+ Scenario: Creating an auth token with regular auth token should not work
+ When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
+ Then the HTTP status code should be "200"
+ When the CSRF token is extracted from the previous response
+ When a new unrestricted client token is added using restricted basic token auth
+ Then the HTTP status code should be "503"
+
+ Scenario: Creating a restricted auth token with regular login should work
+ When a new restricted client token is added
+ Then the HTTP status code should be "200"
+
+ Scenario: Creating an unrestricted auth token with regular login should work
+ When a new unrestricted client token is added
+ Then the HTTP status code should be "200"
+
diff --git a/build/integration/features/bootstrap/Auth.php b/build/integration/features/bootstrap/Auth.php
index 46bb94a2b20..fd1b2e05a80 100644
--- a/build/integration/features/bootstrap/Auth.php
+++ b/build/integration/features/bootstrap/Auth.php
@@ -1,7 +1,5 @@
<?php
-
/**
-
*
* @author Christoph Wurst <christoph@owncloud.com>
*
@@ -21,19 +19,28 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
+
use GuzzleHttp\Client;
use GuzzleHttp\Exception\ClientException;
+use GuzzleHttp\Cookie\CookieJar;
require __DIR__ . '/../../vendor/autoload.php';
trait Auth {
-
- private $clientToken;
+ /** @var string */
+ private $unrestrictedClientToken;
+ /** @var string */
+ private $restrictedClientToken;
+ /** @var Client */
+ private $client;
+ /** @var string */
+ private $responseXml;
/** @BeforeScenario */
public function setUpScenario() {
$this->client = new Client();
$this->responseXml = '';
+ $this->cookieJar = new CookieJar();
}
/**
@@ -65,15 +72,28 @@ trait Auth {
}
/**
- * @Given a new client token is used
+ * @When the CSRF token is extracted from the previous response
+ */
+ public function theCsrfTokenIsExtractedFromThePreviousResponse() {
+ $this->requestToken = substr(preg_replace('/(.*)data-requesttoken="(.*)">(.*)/sm', '\2', $this->response->getBody()->getContents()), 0, 89);
+ }
+
+ /**
+ * @param bool $loginViaWeb
+ * @return object
*/
- public function aNewClientTokenIsUsed() {
- $this->loggingInUsingWebAs('user0');
+ private function createClientToken($loginViaWeb = true) {
+ if($loginViaWeb) {
+ $this->loggingInUsingWebAs('user0');
+ }
$fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens';
$client = new Client();
$options = [
- 'auth' => ['user0', '123456'],
+ 'auth' => [
+ 'user0',
+ $loginViaWeb ? '123456' : $this->restrictedClientToken,
+ ],
'body' => [
'requesttoken' => $this->requestToken,
'name' => md5(microtime()),
@@ -81,34 +101,107 @@ trait Auth {
'cookies' => $this->cookieJar,
];
- $resp = $client->send($client->createRequest('POST', $fullUrl, $options));
+ try {
+ $this->response = $client->send($client->createRequest('POST', $fullUrl, $options));
+ } catch (\GuzzleHttp\Exception\ServerException $e) {
+ $this->response = $e->getResponse();
+ }
+ return json_decode($this->response->getBody()->getContents());
+ }
- $this->clientToken = json_decode($resp->getBody()->getContents())->token;
+ /**
+ * @Given a new restricted client token is added
+ */
+ public function aNewRestrictedClientTokenIsAdded() {
+ $tokenObj = $this->createClientToken();
+ $newCreatedTokenId = $tokenObj->deviceToken->id;
+ $fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens/' . $newCreatedTokenId;
+ $client = new Client();
+ $options = [
+ 'auth' => ['user0', '123456'],
+ 'headers' => [
+ 'requesttoken' => $this->requestToken,
+ ],
+ 'json' => [
+ 'scope' => [
+ 'filesystem' => false,
+ ],
+ ],
+ 'cookies' => $this->cookieJar,
+ ];
+ $this->response = $client->send($client->createRequest('PUT', $fullUrl, $options));
+ $this->restrictedClientToken = $tokenObj->token;
+ }
+
+ /**
+ * @Given a new unrestricted client token is added
+ */
+ public function aNewUnrestrictedClientTokenIsAdded() {
+ $this->unrestrictedClientToken = $this->createClientToken()->token;
+ }
+
+ /**
+ * @When a new unrestricted client token is added using restricted basic token auth
+ */
+ public function aNewUnrestrictedClientTokenIsAddedUsingRestrictedBasicTokenAuth() {
+ $this->createClientToken(false);
}
/**
* @When requesting :url with :method using basic auth
+ *
+ * @param string $url
+ * @param string $method
*/
public function requestingWithBasicAuth($url, $method) {
$this->sendRequest($url, $method, 'basic ' . base64_encode('user0:123456'));
}
/**
- * @When requesting :url with :method using basic token auth
+ * @When requesting :url with :method using unrestricted basic token auth
+ *
+ * @param string $url
+ * @param string $method
+ */
+ public function requestingWithUnrestrictedBasicTokenAuth($url, $method) {
+ $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->unrestrictedClientToken), true);
+ }
+
+ /**
+ * @When requesting :url with :method using restricted basic token auth
+ *
+ * @param string $url
+ * @param string $method
+ */
+ public function requestingWithRestrictedBasicTokenAuth($url, $method) {
+ $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->restrictedClientToken), true);
+ }
+
+ /**
+ * @When requesting :url with :method using an unrestricted client token
+ *
+ * @param string $url
+ * @param string $method
*/
- public function requestingWithBasicTokenAuth($url, $method) {
- $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->clientToken));
+ public function requestingWithUsingAnUnrestrictedClientToken($url, $method) {
+ $this->sendRequest($url, $method, 'token ' . $this->unrestrictedClientToken);
}
/**
- * @When requesting :url with :method using a client token
+ * @When requesting :url with :method using a restricted client token
+ *
+ * @param string $url
+ * @param string $method
*/
- public function requestingWithUsingAClientToken($url, $method) {
- $this->sendRequest($url, $method, 'token ' . $this->clientToken);
+ public function requestingWithUsingARestrictedClientToken($url, $method) {
+ $this->sendRequest($url, $method, 'token ' . $this->restrictedClientToken);
}
/**
* @When requesting :url with :method using browser session
+ *
+ * @param string $url
+ * @param string $method
*/
public function requestingWithBrowserSession($url, $method) {
$this->sendRequest($url, $method, null, true);
@@ -116,6 +209,8 @@ trait Auth {
/**
* @Given a new browser session is started
+ *
+ * @param bool $remember
*/
public function aNewBrowserSessionIsStarted($remember = false) {
$loginUrl = substr($this->baseUrl, 0, -5) . '/login';
@@ -149,6 +244,14 @@ trait Auth {
$this->aNewBrowserSessionIsStarted(true);
}
+
+ /**
+ * @Given the cookie jar is reset
+ */
+ public function theCookieJarIsReset() {
+ $this->cookieJar = new CookieJar();
+ }
+
/**
* @When the session cookie expires
*/