expand createUser.feature (#6662)

tests/acceptance/features/apiGraph/assignRole.feature

@@ -35,7 +35,7 @@ Feature: assign role
 
   Scenario Outline: assign role to the user with setting api and list role with graph api
     Given user "Alice" has been created with default attributes and without skeleton files
-    And the administrator has assigned the role "<userRole>" to user "Alice" using the Graph API
+    And the administrator has given "Alice" the role "<userRole>" using the settings api
     When the administrator retrieves the assigned role of user "Alice" using the Graph API
     Then the HTTP status code should be "200"
     And the Graph API response should have the role "<userRole>"

tests/acceptance/features/apiGraph/changeRole.feature

@@ -46,3 +46,16 @@ Feature: change role
       | User        |
       | User Light  |
       | Admin       |
+
+
+  Scenario Outline: non-admin cannot change the user role
+    Given the administrator has assigned the role "<role>" to user "Alice" using the Graph API
+    And user "Brian" has been created with default attributes and without skeleton files
+    When user "Alice" tries to change the role of user "Alice" to role "Admin" using the Graph API
+    Then the HTTP status code should be "401"
+    And user "Brian" should have the role "User"
+    Examples:
+      | role        |
+      | Space Admin |
+      | User        |
+      | User Light  |

tests/acceptance/features/apiGraph/createUser.feature

@@ -22,23 +22,24 @@ Feature: create user
     Then the HTTP status code should be "<code>"
     And user "<userName>" <shouldOrNot> exist
     Examples:
-      | userName                     | displayName     | email                   | password                     | code | enable | shouldOrNot |
-      | SameDisplayName              | Alice Hansen    | new@example.org         | containsCharacters(*:!;_+-&) | 200  | true   | should      |
-      | withoutPassSameEmail         | without pass    | alice@example.org       |                              | 200  | true   | should      |
-      | name                         | pass with space | example@example.org     | my pass                      | 200  | true   | should      |
-      | nameWithCharacters(*:!;_+-&) | user            | new@example.org         | 123                          | 400  | true   | should not  |
-      | name with space              | name with space | example@example.org     | 123                          | 400  | true   | should not  |
-      | createDisabledUser           | disabled user   | example@example.org     | 123                          | 200  | false  | should      |
-      | nameWithNumbers0123456       | user            | name0123456@example.org | 123                          | 200  | true   | should      |
-      | name.with.dots               | user            | name.w.dots@example.org | 123                          | 200  | true   | should      |
-      | 123456789                    | user            | 123456789@example.org   | 123                          | 400  | true   | should not  |
-      | 0.0                          | user            | float@example.org       | 123                          | 400  | true   | should not  |
+      | userName                     | displayName                             | email                   | password                     | code | enable | shouldOrNot |
+      | SameDisplayName              | Alice Hansen                            | new@example.org         | containsCharacters(*:!;_+-&) | 200  | true   | should      |
+      | withoutPassSameEmail         | without pass                            | alice@example.org       |                              | 200  | true   | should      |
+      | name                         | pass with space                         | example@example.org     | my pass                      | 200  | true   | should      |
+      | user1                        | user names must not start with a number | example@example.org     | my pass                      | 200  | true   | should      |
+      | nameWithCharacters(*:!;_+-&) | user                                    | new@example.org         | 123                          | 400  | true   | should not  |
+      | name with space              | name with space                         | example@example.org     | 123                          | 400  | true   | should not  |
+      | createDisabledUser           | disabled user                           | example@example.org     | 123                          | 200  | false  | should      |
+      | nameWithNumbers0123456       | user                                    | name0123456@example.org | 123                          | 200  | true   | should      |
+      | name.with.dots               | user                                    | name.w.dots@example.org | 123                          | 200  | true   | should      |
+      | 123456789                    | user                                    | 123456789@example.org   | 123                          | 400  | true   | should not  |
+      | 0.0                          | user                                    | float@example.org       | 123                          | 400  | true   | should not  |
 
     @skipOnStable2.0
     Examples:
-      | userName                     | displayName     | email               | password                     | code | enable | shouldOrNot |
-      | withoutEmail                 | without email   |                     | 123                          | 200  | true   | should      |
-      | Alice                        | same userName   | new@example.org     | 123                          | 409  | true   | should      |
+      | userName     | displayName   | email           | password | code | enable | shouldOrNot |
+      | withoutEmail | without email |                 | 123      | 200  | true   | should      |
+      | Alice        | same userName | new@example.org | 123      | 409  | true   | should      |
 
 
   Scenario: user cannot be created with empty name
@@ -94,3 +95,63 @@ Feature: create user
       | accountEnabled | true                  |
     Then the HTTP status code should be "200"
     And user "Brian" should exist
+
+
+  @env-config
+  Scenario Outline: create user with setting OCIS no restriction on the user name
+    Given the config "GRAPH_USERNAME_MATCH" has been set to "none"
+    And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
+    When the user "Alice" creates a new user using GraphAPI with the following settings:
+      | userName       | <userName>      |
+      | displayName    | test user       |
+      | email          | new@example.org |
+      | password       | 123             |
+      | accountEnabled | true            |
+    Then the HTTP status code should be "200"
+    And user "<userName>" should exist
+    Examples:
+      | userName          | description                                 |
+      | 1248Bob           | user names starts with the number           |
+      | (*:!;+-&$%)_alice | user names starts with the ASCII characters |
+
+
+  @env-config
+  Scenario: create user with setting OCIS not to assign the default user role
+    Given the config "GRAPH_ASSIGN_DEFAULT_USER_ROLE" has been set to "false"
+    When the user "admin" creates a new user using GraphAPI with the following settings:
+      | userName       | sam             |
+      | displayName    | test user       |
+      | email          | new@example.org |
+      | password       | 123             |
+      | accountEnabled | true            |
+    Then the HTTP status code should be "200"
+    And user "sam" should exist
+    When the administrator retrieves the assigned role of user "sam" using the Graph API
+    Then the HTTP status code should be "200"
+    And the Graph API response should have no role
+
+
+  @env-config
+  Scenario: create user with setting OCIS assign the default user role
+    Given the config "GRAPH_ASSIGN_DEFAULT_USER_ROLE" has been set to "true"
+    When the user "admin" creates a new user using GraphAPI with the following settings:
+      | userName       | sam             |
+      | displayName    | test user       |
+      | email          | new@example.org |
+      | password       | 123             |
+      | accountEnabled | true            |
+    Then the HTTP status code should be "200"
+    And user "sam" should exist
+    And user "sam" should have the role "User" assigned
+
+
+  Scenario: user is created with the default User role
+    When the user "admin" creates a new user using GraphAPI with the following settings:
+      | userName       | sam             |
+      | displayName    | test user       |
+      | email          | new@example.org |
+      | password       | 123             |
+      | accountEnabled | true            |
+    Then the HTTP status code should be "200"
+    And user "sam" should exist
+    And user "sam" should have the role "User" assigned

tests/acceptance/features/bootstrap/GraphContext.php

@@ -1952,6 +1952,20 @@ public function theGraphApiResponseShouldHaveTheRole(string $role): void {
 		);
 	}
 
+	/**
+	 * @Then /^the Graph API response should have no role$/
+	 *
+	 * @return void
+	 * @throws Exception
+	 * @throws GuzzleException
+	 */
+	public function theGraphApiResponseShouldHaveNoRole(): void {
+		Assert::assertEmpty(
+			$this->featureContext->getJsonDecodedResponse($this->featureContext->getResponse())['value'],
+			"the user has a role, but should not"
+		);
+	}
+
 	/**
 	 * @When user :user gets details of the group :groupName using the Graph API
 	 *
@@ -2402,7 +2416,7 @@ public function userTriesToExportGdprReportOfAnotherUserUsingGraphApi(string $us
 	 * @throws GuzzleException
 	 */
 	public function getAssignedRole(string $user) {
-		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id') ?? $user;
+		$userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id') ?? $this->featureContext->getUserIdByUserName($user);
 		return (
 			GraphHelper::getAssignedRole(
 				$this->featureContext->getBAseUrl(),