-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactored some bug demonstration scenarios in api test
- Loading branch information
1 parent
fd294d7
commit 818fb6b
Showing
37 changed files
with
1,255 additions
and
0 deletions.
There are no files selected for viewing
23 changes: 23 additions & 0 deletions
23
tests/acceptance/features/apiAuth/corsOc10Issue34664.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
@api @skipOnOcV10 @notToImplementOnOCIS | ||
Feature: CORS headers correct expected behavior for issue 34664 | ||
|
||
@issue-34664 | ||
Scenario Outline: CORS headers should be returned when setting CORS domain sending Origin header | ||
Given user "Alice" has been created with default attributes and skeleton files | ||
And using OCS API version "<ocs_api_version>" | ||
And user "Alice" has added "https://aphno.badal" to the list of personal CORS domains | ||
When user "Alice" sends HTTP method "GET" to OCS API endpoint "<endpoint>" with headers | ||
| header | value | | ||
| Origin | https://aphno.badal | | ||
Then the OCS status code should be "<ocs-code>" | ||
And the HTTP status code should be "<http-code>" | ||
Then the following headers should be set | ||
| header | value | | ||
| Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With | | ||
| Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,Vary,Webdav-Location,X-Sabre-Status | | ||
| Access-Control-Allow-Origin | https://aphno.badal | | ||
| Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT | | ||
Examples: | ||
| ocs_api_version | endpoint | ocs-code | http-code | | ||
| 1 | /config | 100 | 200 | | ||
| 2 | /config | 200 | 200 | |
65 changes: 65 additions & 0 deletions
65
tests/acceptance/features/apiAuth/corsOc10Issue34679.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
@api @skipOnOcV10 @notToImplementOnOCIS | ||
Feature: CORS headers correct expected behavior for issue 34679 | ||
|
||
Background: | ||
Given user "Alice" has been created with default attributes and skeleton files | ||
|
||
@issue-34679 @files_sharing-app-required | ||
Scenario Outline: CORS headers should be returned when invalid password is used | ||
Given using OCS API version "<ocs_api_version>" | ||
And user "Alice" has added "https://aphno.badal" to the list of personal CORS domains | ||
When user "Alice" sends HTTP method "GET" to OCS API endpoint "<endpoint>" with headers using password "invalid" | ||
| header | value | | ||
| Origin | https://aphno.badal | | ||
Then the OCS status code should be "<ocs-code>" | ||
And the HTTP status code should be "<http-code>" | ||
Then the following headers should be set | ||
| header | value | | ||
| Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With | | ||
| Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,Vary,Webdav-Location,X-Sabre-Status | | ||
| Access-Control-Allow-Origin | https://aphno.badal | | ||
| Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT | | ||
Examples: | ||
| ocs_api_version | endpoint | ocs-code | http-code | | ||
| 1 | /apps/files_external/api/v1/mounts | 997 | 401 | | ||
| 2 | /apps/files_external/api/v1/mounts | 997 | 401 | | ||
| 1 | /apps/files_sharing/api/v1/remote_shares | 997 | 401 | | ||
| 2 | /apps/files_sharing/api/v1/remote_shares | 997 | 401 | | ||
| 1 | /apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | | ||
| 2 | /apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | | ||
| 1 | /apps/files_sharing/api/v1/shares | 997 | 401 | | ||
| 2 | /apps/files_sharing/api/v1/shares | 997 | 401 | | ||
| 1 | /privatedata/getattribute | 997 | 401 | | ||
| 2 | /privatedata/getattribute | 997 | 401 | | ||
| 1 | /cloud/apps | 997 | 401 | | ||
| 2 | /cloud/apps | 997 | 401 | | ||
| 1 | /cloud/groups | 997 | 401 | | ||
| 2 | /cloud/groups | 997 | 401 | | ||
| 1 | /cloud/users | 997 | 401 | | ||
| 2 | /cloud/users | 997 | 401 | | ||
|
||
@issue-34679 | ||
Scenario Outline: CORS headers should be returned when invalid password is used (admin only endpoints) | ||
Given using OCS API version "<ocs_api_version>" | ||
And the administrator has added "https://aphno.badal" to the list of personal CORS domains | ||
And user "another-admin" has been created with default attributes and without skeleton files | ||
And user "another-admin" has been added to group "admin" | ||
When user "another-admin" sends HTTP method "GET" to OCS API endpoint "<endpoint>" with headers using password "invalid" | ||
| header | value | | ||
| Origin | https://aphno.badal | | ||
Then the OCS status code should be "<ocs-code>" | ||
And the HTTP status code should be "<http-code>" | ||
Then the following headers should be set | ||
| header | value | | ||
| Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With | | ||
| Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,Vary,Webdav-Location,X-Sabre-Status | | ||
| Access-Control-Allow-Origin | https://aphno.badal | | ||
| Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT | | ||
Examples: | ||
| ocs_api_version | endpoint | ocs-code | http-code | | ||
| 1 | /cloud/apps | 997 | 401 | | ||
| 2 | /cloud/apps | 997 | 401 | | ||
| 1 | /cloud/groups | 997 | 401 | | ||
| 2 | /cloud/groups | 997 | 401 | | ||
| 1 | /cloud/users | 997 | 401 | | ||
| 2 | /cloud/users | 997 | 401 | |
30 changes: 30 additions & 0 deletions
30
tests/acceptance/features/apiAuthOcs/ocsDELETEAuthOc01Issue32068.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
@api @files_sharing-app-required | ||
@skipOnOcV10 @notToImplementOnOCIS | ||
Feature: auth | ||
|
||
@smokeTest @issue-32068 @issue-ocis-reva-30 @issue-ocis-reva-65 | ||
@skipOnBruteForceProtection @issue-brute_force_protection-112 | ||
Scenario: send DELETE requests to OCS endpoints as admin with wrong password | ||
Given user "another-admin" has been created with default attributes and without skeleton files | ||
And user "another-admin" has been added to group "admin" | ||
When user "another-admin" requests these endpoints with "DELETE" using password "invalid" about user "Alice" | ||
| endpoint | | ||
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending/123 | | ||
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/123 | | ||
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/123 | | ||
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/123 | | ||
| /ocs/v2.php/apps/files_sharing/api/v1/shares/123 | | ||
| /ocs/v1.php/apps/files_sharing/api/v1/shares/pending/123 | | ||
| /ocs/v2.php/apps/files_sharing/api/v1/shares/pending/123 | | ||
| /ocs/v1.php/cloud/apps/testing | | ||
| /ocs/v2.php/cloud/apps/testing | | ||
| /ocs/v1.php/cloud/groups/group1 | | ||
| /ocs/v2.php/cloud/groups/group1 | | ||
| /ocs/v1.php/cloud/users/%username% | | ||
| /ocs/v2.php/cloud/users/%username% | | ||
| /ocs/v1.php/cloud/users/%username%/groups | | ||
| /ocs/v2.php/cloud/users/%username%/groups | | ||
| /ocs/v1.php/cloud/users/%username%/subadmins | | ||
| /ocs/v2.php/cloud/users/%username%/subadmins | | ||
Then the HTTP status code of responses on all endpoints should be "401" | ||
And the OCS status code of responses on all endpoints should be "401" |
Oops, something went wrong.