Skip to content

Commit

Permalink
Merge pull request #37974 from owncloud/refactor-bug-demonstration
Browse files Browse the repository at this point in the history
[Tests-Only]Refactored some oC10 bug demonstration scenarios in api test
  • Loading branch information
phil-davis authored Oct 6, 2020
2 parents 8709a76 + f64ff1b commit c4e8297
Show file tree
Hide file tree
Showing 70 changed files with 1,597 additions and 403 deletions.
56 changes: 22 additions & 34 deletions tests/acceptance/features/apiAuth/cors.feature
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ Feature: CORS headers
| 1 | /cloud/users | 997 | 401 |
| 2 | /cloud/users | 997 | 401 |

#merge into previous scenario when fixed
@issue-34664
#merge into previous scenario when this does not need to be tagged skipOnOcV10
@issue-34664 @skipOnOcV10
Scenario Outline: CORS headers should be returned when setting CORS domain sending Origin header
Given using OCS API version "<ocs_api_version>"
And user "Alice" has added "https://aphno.badal" to the list of personal CORS domains
Expand All @@ -48,12 +48,12 @@ Feature: CORS headers
| Origin | https://aphno.badal |
Then the OCS status code should be "<ocs-code>"
And the HTTP status code should be "<http-code>"
Then the following headers should not be set
| header |
| Access-Control-Allow-Headers |
| Access-Control-Expose-Headers |
| Access-Control-Allow-Origin |
| Access-Control-Allow-Methods |
Then the following headers should be set
| header | value |
| Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With |
| Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,Vary,Webdav-Location,X-Sabre-Status |
| Access-Control-Allow-Origin | https://aphno.badal |
| Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT |
Examples:
| ocs_api_version | endpoint | ocs-code | http-code |
| 1 | /config | 100 | 200 |
Expand Down Expand Up @@ -141,7 +141,7 @@ Feature: CORS headers
| 1 | /cloud/users | 100 | 200 |
| 2 | /cloud/users | 200 | 200 |

@issue-34679 @files_sharing-app-required
@issue-34679 @files_sharing-app-required @skipOnOcV10
Scenario Outline: CORS headers should be returned when invalid password is used
Given using OCS API version "<ocs_api_version>"
And user "Alice" has added "https://aphno.badal" to the list of personal CORS domains
Expand All @@ -150,18 +150,12 @@ Feature: CORS headers
| Origin | https://aphno.badal |
Then the OCS status code should be "<ocs-code>"
And the HTTP status code should be "<http-code>"
Then the following headers should not be set
| header |
| Access-Control-Allow-Headers |
| Access-Control-Expose-Headers |
| Access-Control-Allow-Origin |
| Access-Control-Allow-Methods |
#Then the following headers should be set
# | header | value |
# | Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With |
# | Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,Vary,Webdav-Location,X-Sabre-Status |
# | Access-Control-Allow-Origin | https://aphno.badal |
# | Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT |
Then the following headers should be set
| header | value |
| Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With |
| Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,Vary,Webdav-Location,X-Sabre-Status |
| Access-Control-Allow-Origin | https://aphno.badal |
| Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT |
Examples:
| ocs_api_version | endpoint | ocs-code | http-code |
| 1 | /apps/files_external/api/v1/mounts | 997 | 401 |
Expand All @@ -181,7 +175,7 @@ Feature: CORS headers
| 1 | /cloud/users | 997 | 401 |
| 2 | /cloud/users | 997 | 401 |

@issue-34679
@issue-34679 @skipOnOcV10
Scenario Outline: CORS headers should be returned when invalid password is used (admin only endpoints)
Given using OCS API version "<ocs_api_version>"
And the administrator has added "https://aphno.badal" to the list of personal CORS domains
Expand All @@ -192,18 +186,12 @@ Feature: CORS headers
| Origin | https://aphno.badal |
Then the OCS status code should be "<ocs-code>"
And the HTTP status code should be "<http-code>"
Then the following headers should not be set
| header |
| Access-Control-Allow-Headers |
| Access-Control-Expose-Headers |
| Access-Control-Allow-Origin |
| Access-Control-Allow-Methods |
#Then the following headers should be set
# | header | value |
# | Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With |
# | Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,Vary,Webdav-Location,X-Sabre-Status |
# | Access-Control-Allow-Origin | https://aphno.badal |
# | Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT |
Then the following headers should be set
| header | value |
| Access-Control-Allow-Headers | OC-Checksum,OC-Total-Length,OCS-APIREQUEST,X-OC-Mtime,Accept,Authorization,Brief,Content-Length,Content-Range,Content-Type,Date,Depth,Destination,Host,If,If-Match,If-Modified-Since,If-None-Match,If-Range,If-Unmodified-Since,Location,Lock-Token,Overwrite,Prefer,Range,Schedule-Reply,Timeout,User-Agent,X-Expected-Entity-Length,Accept-Language,Access-Control-Request-Method,Access-Control-Allow-Origin,ETag,OC-Autorename,OC-CalDav-Import,OC-Chunked,OC-Etag,OC-FileId,OC-LazyOps,OC-Total-File-Length,Origin,X-Request-ID,X-Requested-With |
| Access-Control-Expose-Headers | Content-Location,DAV,ETag,Link,Lock-Token,OC-ETag,OC-Checksum,OC-FileId,OC-JobStatus-Location,Vary,Webdav-Location,X-Sabre-Status |
| Access-Control-Allow-Origin | https://aphno.badal |
| Access-Control-Allow-Methods | GET,OPTIONS,POST,PUT,DELETE,MKCOL,PROPFIND,PATCH,PROPPATCH,REPORT |
Examples:
| ocs_api_version | endpoint | ocs-code | http-code |
| 1 | /cloud/apps | 997 | 401 |
Expand Down
23 changes: 23 additions & 0 deletions tests/acceptance/features/apiAuth/corsOc10Issue34664.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
@api @notToImplementOnOCIS
Feature: CORS headers current oC10 behavior for issue-34664

@issue-34664
Scenario Outline: CORS headers should be returned when setting CORS domain sending Origin header
Given user "Alice" has been created with default attributes and skeleton files
And using OCS API version "<ocs_api_version>"
And user "Alice" has added "https://aphno.badal" to the list of personal CORS domains
When user "Alice" sends HTTP method "GET" to OCS API endpoint "<endpoint>" with headers
| header | value |
| Origin | https://aphno.badal |
Then the OCS status code should be "<ocs-code>"
And the HTTP status code should be "<http-code>"
Then the following headers should not be set
| header |
| Access-Control-Allow-Headers |
| Access-Control-Expose-Headers |
| Access-Control-Allow-Origin |
| Access-Control-Allow-Methods |
Examples:
| ocs_api_version | endpoint | ocs-code | http-code |
| 1 | /config | 100 | 200 |
| 2 | /config | 200 | 200 |
Loading

0 comments on commit c4e8297

Please sign in to comment.