Feature: auth
Background:
Given user "user0" exists
Given a new restricted client token is added
Given a new unrestricted client token is added
Given the cookie jar is reset
# FILES APP
Scenario: access files app anonymously
When requesting "/index.php/apps/files" with "GET"
Then the HTTP status code should be "401"
Scenario: access files app with basic auth
When requesting "/index.php/apps/files" with "GET" using basic auth
Then the HTTP status code should be "200"
Scenario: access files app with unrestricted basic token auth
When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
Then the HTTP status code should be "200"
Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
Then the HTTP status code should be "200"
Scenario: access files app with restricted basic token auth
When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
Then the HTTP status code should be "200"
Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
Then the HTTP status code should be "404"
Scenario: access files app with an unrestricted client token
When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
Then the HTTP status code should be "200"
Scenario: access files app with browser session
Given a new browser session is started
When requesting "/index.php/apps/files" with "GET" using browser session
Then the HTTP status code should be "200"
# WebDAV
Scenario: using WebDAV anonymously
When requesting "/remote.php/webdav" with "PROPFIND"
Then the HTTP status code should be "401"
Scenario: using WebDAV with basic auth
When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
Then the HTTP status code should be "207"
Scenario: using WebDAV with unrestricted basic token auth
When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
Then the HTTP status code should be "207"
Scenario: using WebDAV with restricted basic token auth
When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
Then the HTTP status code should be "207"
Scenario: using WebDAV with browser session
Given a new browser session is started
When requesting "/remote.php/webdav" with "PROPFIND" using browser session
Then the HTTP status code should be "207"
# OCS
Scenario: using OCS anonymously
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
Then the OCS status code should be "997"
Scenario: using OCS with basic auth
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
Then the OCS status code should be "100"
Scenario: using OCS with token auth
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
Then the OCS status code should be "100"
Scenario: using OCS with an unrestricted client token
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
Then the OCS status code should be "100"
Scenario: using OCS with browser session
Given a new browser session is started
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
Then the OCS status code should be "100"
# REMEMBER ME
Scenario: remember login
Given a new remembered browser session is started
When the session cookie expires
And requesting "/index.php/apps/files" with "GET" using browser session
Then the HTTP status code should be "200"
# AUTH TOKENS
Scenario: Creating an auth token with regular auth token should not work
When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
Then the HTTP status code should be "200"
When the CSRF token is extracted from the previous response
When a new unrestricted client token is added using restricted basic token auth
Then the HTTP status code should be "503"
Scenario: Creating a restricted auth token with regular login should work
When a new restricted client token is added
Then the HTTP status code should be "200"
Scenario: Creating an unrestricted auth token with regular login should work
When a new unrestricted client token is added
Then the HTTP status code should be "200"
LD-3755-test-pr