Setup details (click to expand)
References: * https://github.com/owncloud/oauth2/wiki/OAuth-code-Flow-Sequence-DiagramThis aims to be a client-agnostic testplan for the OAuth2 application, centered in the actions available in the webUI and/or occ commands and their impact on ownCloud's core behavior. To test the application from a client standpoint see:
| Test Case | Expected Result | Result | Related Comment |
|---|---|---|---|
| CLI commands | |||
Enable OAuth2 app via CLI using occ app:enable oauth2 |
- The apps gets enabled - Replies from the WebDAV endpoint includes a new WWW-Authenticate: Bearer... header |
🚧 | |
Disable OAuth2 app via CLI using occ app:disable oauth2 |
- The apps gets disabled - Previously mentioned header goes away in further requests |
🚧 | |
| Registered Clients | |||
| Default clients | The default Registered clients are included among the "Settings > Admin > User Authentication" OAuth 2.0: Registered Clients | 🚧 | See owncloud/oauth2#38 for the default values |
| Register new Client | 64-character-length client_id and client_secret are generated together with a (required) Client Name and a (required) Redirection URL |
🚧 | |
| Remove a Client | - Confirmation dialog is prompted before removal - All client sessions opened from those clients get removed |
🚧 | |
| Unregistered Clients | |||
| Authentication flow from an unregistered client | Unsuccessful Authorization Request | ⚙️ | Browser displays the "Request not valid" screen. |
| Authorized Applications | |||
| Login with a Registered Client | The Client Name is displayed amongst the "Personal > Security" OAuth 2.0 Authorized Applications | ⚙️ | |
| Session Revocation (i.e. delete Authorized Application) | All the sessions opened in the clients are revoked and must be re-authorized | ⚙️ | |
| User Account Handling | |||
| Password change | Open sessions are revoked and new credentials must be used in further login attempts | 🚧 | |
| Authorization Flow | |||
| Successful Authorization Request without any session open in the browser | Login form with an additional informative note about the application requesting access to ownCloud is displayed | ⚙️ | |
| Successful Authorization Request with a valid session in the browser | The "Authorize" screen is displayed | ⚙️ | |
| Successful Authorization Request in a browser with a different user logged in | The "Switch User" screen is displayed, allowing to modify the current session | ⚙️ | See use of the additional user parameter in: owncloud/oauth2#67 |
| Failed attempt in the authorization login form | The query parameters for the Authorization Request are preserved in next attempts | ⚙️ | See original issue in: owncloud/core#28129 |
| Relevant Smoke Tests | |||
| Unauthenticated Actions: Public File Drop | Files get uploaded normally | 🚧 | See owncloud/oauth2#100 |
| OAuth with new Web App | |||
| Register Web app via CLI | occ app:enable web client_id="$(tr -dc 'a-z0-9' < /dev/urandom | head -c 32)" client_secret="$(tr -dc 'a-z0-9' < /dev/urandom | head -c 32)" web_baseurl="https://$oc10_fqdn/index.php/apps/web" occ config:system:set web.baseUrl --value $web_baseurl occ oauth:add-client "ownCloud Web" $client_id $client_secret $web_baseurl/oidc-callback.html |
🚧 | |
| Successful Authorization Request without any session open in the browser | Login form with an additional informative note about the application requesting access to ownCloud is displayed | 🚧 | |
| Successful Authorization Request with a valid session in the browser | The "Authorize" screen is displayed | 🚧 |