aboutsummaryrefslogtreecommitdiffstats
path: root/apps/oauth2/templates/admin.php
blob: 3f6f879b7e156894503fd7734fc3d9cd5b3dc278 (plain) 
1
2
3
4
5
6
7
8
9
10
11

<?php
/**
 * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

script('oauth2', 'oauth2');

?>

<div id="oauth2"></div>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-27 23:54:52 +0000
/* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
Feature: LDAP
  Background:
    Given using api version "2"
    And having a valid LDAP configuration
    And modify LDAP configuration
      | ldapExpertUsernameAttr | employeeNumber |
      | ldapLoginFilter        | (&(objectclass=inetorgperson)(employeeNumber=%uid)) |

# Those tests are dedicated to ensure Nc is working when it is provided with
# users having numerical IDs

Scenario: Look for a expected LDAP users
  Given As an "admin"
  And sending "GET" to "/cloud/users"
  Then the OCS status code should be "200"
  And the "users" result should match
    | 92379 | 1 |
    | 50194 | 1 |

Scenario: check default home of an LDAP user
  Given As an "admin"
  And sending "GET" to "/cloud/users/92379"
  Then the OCS status code should be "200"
  And the record's fields should match
    | storageLocation | /dev/shm/nc_int/92379 |

Scenario: Test by logging in
  Given cookies are reset
  And Logging in using web as "92379"
  And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
  Then the HTTP status code should be "200"

Scenario: Test LDAP group retrieval with numeric group ids and nesting
  # Nesting does not play a role here really
  Given modify LDAP configuration
    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
    | ldapGroupFilter               | (objectclass=groupOfNames) |
    | ldapGroupMemberAssocAttr      | member |
    | ldapNestedGroups              | 1 |
    | useMemberOfToDetectMembership | 1 |
  And As an "admin"
  And sending "GET" to "/cloud/groups"
  Then the OCS status code should be "200"
  And the "groups" result should match
    | 2000 | 1 |
    | 3000 | 1 |
    | 3001 | 1 |
    | 3002 | 1 |

Scenario: Test LDAP group membership with intermediate groups not matching filter, numeric group ids
  Given modify LDAP configuration
    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
    | ldapGroupFilter               | (&(cn=2000)(objectclass=groupOfNames)) |
    | ldapNestedGroups              | 1 |
    | useMemberOfToDetectMembership | 1 |
    | ldapUserFilter                | (&(objectclass=inetorgperson)(!(uid=alice))) |
    | ldapGroupMemberAssocAttr      | member |
  And As an "admin"
  # for population
  And sending "GET" to "/cloud/groups"
  And sending "GET" to "/cloud/groups/2000/users"
  Then the OCS status code should be "200"
  And the "users" result should match
    | 92379 | 0 |
    | 54172 | 1 |
    | 50194 | 1 |
    | 59376 | 1 |
    | 59463 | 1 |

Scenario: Test LDAP admin group mapping, empowered user
  Given modify LDAP configuration
    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
    | ldapGroupFilter               | (objectclass=groupOfNames) |
    | ldapGroupMemberAssocAttr      | member |
    | ldapAdminGroup                | 3001   |
    | useMemberOfToDetectMembership | 1 |
  And cookies are reset
  # alice, part of the promoted group
  And Logging in using web as "92379"
  And sending "GET" to "/cloud/groups"
  And sending "GET" to "/cloud/groups/2000/users"
  And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken
  Then the HTTP status code should be "200"

Scenario: Test LDAP admin group mapping, regular user (no access)
    Given modify LDAP configuration
      | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
      | ldapGroupFilter               | (objectclass=groupOfNames) |
      | ldapGroupMemberAssocAttr      | member |
      | ldapAdminGroup                | 3001   |
      | useMemberOfToDetectMembership | 1 |
    And cookies are reset
    # gustaf, not part of the promoted group
    And Logging in using web as "59376"
    And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken
    Then the HTTP status code should be "403"
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-27 23:54:51 +0000