add more CORS tests

owncloud · Jan 24, 2024 · 5dc9d86 · 5dc9d86
1 parent d703a8e
commit 5dc9d86
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 7 deletions.
diff --git a/tests/TestHelpers/WebDavHelper.php b/tests/TestHelpers/WebDavHelper.php
@@ -179,6 +179,7 @@ public static function getBodyForPropfind(?array $properties): string {
 	 * @param string|null $type
 	 * @param int|null $davPathVersionToUse
 	 * @param string|null $doDavRequestAsUser
+	 * @param array|null $headers
 	 *
 	 * @return ResponseInterface
 	 * @throws Exception
@@ -194,7 +195,8 @@ public static function propfind(
 		?string $folderDepth = '1',
 		?string $type = "files",
 		?int $davPathVersionToUse = self::DAV_VERSION_NEW,
-		?string $doDavRequestAsUser = null
+		?string $doDavRequestAsUser = null,
+		?array $headers = []
 	):ResponseInterface {
 		$body = self::getBodyForPropfind($properties);
 		$folderDepth = (string) $folderDepth;

diff --git a/tests/acceptance/features/apiCors/cors.feature b/tests/acceptance/features/apiCors/cors.feature
@@ -34,8 +34,8 @@ Feature: CORS headers
   Scenario Outline: CORS headers should not be returned when CORS domain does not match origin header
     Given using OCS API version "<ocs_api_version>"
     When user "Alice" sends HTTP method "GET" to OCS API endpoint "<endpoint>" with headers
-      | header | value               |
-      | Origin | https://mero.badal  |
+      | header | value              |
+      | Origin | https://mero.badal |
     Then the OCS status code should be "<ocs-code>"
     And the HTTP status code should be "<http-code>"
     And the following headers should not be set
@@ -69,3 +69,41 @@ Feature: CORS headers
       | ocs_api_version | endpoint                          |
       | 1               | /apps/files_sharing/api/v1/shares |
       | 2               | /apps/files_sharing/api/v1/shares |
+
+
+  Scenario: CORS headers should be returned when setting CORS domain sending origin header in the Graph api
+    When user "Alice" lists all available spaces with headers using the Graph API
+      | header | value               |
+      | Origin | https://aphno.badal |
+    Then the HTTP status code should be "200"
+    And the following headers should be set
+      | header                      | value               |
+      | Access-Control-Allow-Origin | https://aphno.badal |
+
+  @issue-8231
+  Scenario: CORS headers should be returned when setting CORS domain sending origin header in the Webdav api
+    When user "Alice" sends PROPFIND request to space "Alice Hansen" with headers using the WebDAV API
+      | header | value               |
+      | Origin | https://aphno.badal |
+    Then the HTTP status code should be "207"
+    And the following headers should be set
+      | header                      | value               |
+      | Access-Control-Allow-Origin | https://aphno.badal |
+
+  # duplicated from cors.feature:13 please delete the test after fixing cors.feature:13
+  Scenario Outline: CORS headers should be returned when setting CORS domain sending origin header in the OCS api
+    Given using OCS API version "<ocs_api_version>"
+    When user "Alice" sends HTTP method "GET" to OCS API endpoint "<endpoint>" with headers
+      | header | value               |
+      | Origin | https://aphno.badal |
+    Then the OCS status code should be "<ocs-code>"
+    And the HTTP status code should be "<http-code>"
+    And the following headers should be set
+      | header                      | value               |
+      | Access-Control-Allow-Origin | https://aphno.badal |
+    Examples:
+      | ocs_api_version | endpoint                          | ocs-code | http-code |
+      | 1               | /config                           | 100      | 200       |
+      | 2               | /config                           | 200      | 200       |
+      | 1               | /apps/files_sharing/api/v1/shares | 100      | 200       |
+      | 2               | /apps/files_sharing/api/v1/shares | 200      | 200       |
diff --git a/tests/acceptance/features/bootstrap/SpacesContext.php b/tests/acceptance/features/bootstrap/SpacesContext.php
@@ -544,19 +544,22 @@ public function sendCreateFolderRequest(
 	/**
 	 * @param string $user
 	 * @param string $query
+	 * @param array $headers
 	 *
 	 * @return ResponseInterface
 	 *
 	 * @throws GuzzleException
 	 * @throws Exception
 	 */
-	public function listAllAvailableSpacesOfUser(string $user, string $query = ''): ResponseInterface {
+	public function listAllAvailableSpacesOfUser(string $user, string $query = '', array $headers = []): ResponseInterface {
 		$response = GraphHelper::getMySpaces(
 			$this->featureContext->getBaseUrl(),
 			$user,
 			$this->featureContext->getPasswordForUser($user),
 			"?" . $query,
-			$this->featureContext->getStepLineRef()
+			$this->featureContext->getStepLineRef(),
+			[],
+			$headers
 		);
 		$this->rememberTheAvailableSpaces($response);
 		return $response;
@@ -578,6 +581,28 @@ public function theUserListsAllHisAvailableSpacesUsingTheGraphApi(string $user,
 		$this->featureContext->setResponse($this->listAllAvailableSpacesOfUser($user, $query));
 	}
 
+	/**
+	 * @When /^user "([^"]*)" lists all available spaces with headers using the Graph API$/
+	 *
+	 * @param string $user
+	 * @param TableNode $headersTable
+	 *
+	 * @return void
+	 *
+	 * @throws GuzzleException
+	 * @throws Exception
+	 */
+	public function theUserListsAllHisAvailableSpacesWithHeadersUsingTheGraphApi(string $user, TableNode $headersTable): void {
+		$this->featureContext->verifyTableNodeColumns(
+			$headersTable,
+			['header', 'value']
+		);
+		foreach ($headersTable as $row) {
+			$headers[$row['header']] = $row ['value'];
+		}
+		$this->featureContext->setResponse($this->listAllAvailableSpacesOfUser($user, '', $headers));
+	}
+
 	/**
 	 * The method is used on the administration setting tab, which only the Admin user and the Space admin user have access to
 	 *
@@ -3528,17 +3553,44 @@ public function userSendsPropfindRequestToSpace(string $user, string $spaceName,
 		);
 	}
 
+	/**
+	 * @When /^user "([^"]*)" sends PROPFIND request to space "([^"]*)" with headers using the WebDAV API$/
+	 *
+	 * @param string $user
+	 * @param string $spaceName
+	 * @param TableNode $headersTable
+	 *
+	 * @return void
+	 *
+	 * @throws JsonException
+	 *
+	 * @throws GuzzleException
+	 */
+	public function userSendsPropfindRequestToSpaceWithHeaders(string $user, string $spaceName, $headersTable): void {
+		$this->featureContext->verifyTableNodeColumns(
+			$headersTable,
+			['header', 'value']
+		);
+		foreach ($headersTable as $row) {
+			$headers[$row['header']] = $row ['value'];
+		}
+		$this->featureContext->setResponse(
+			$this->sendPropfindRequestToSpace($user, $spaceName, '', $headers)
+		);
+	}
+
 	/**
 	 * @param string $user
 	 * @param string $spaceName
 	 * @param string|null $resource
+	 * @param array|null $headers
 	 *
 	 * @return ResponseInterface
 	 * @throws GuzzleException
 	 *
 	 * @throws JsonException
 	 */
-	public function sendPropfindRequestToSpace(string $user, string $spaceName, ?string $resource = ""): ResponseInterface {
+	public function sendPropfindRequestToSpace(string $user, string $spaceName, ?string $resource = "", ?array $headers = []): ResponseInterface {
 		$this->setSpaceIDByName($user, $spaceName);
 		$properties = ['oc:permissions','oc:file-parent','oc:fileid','oc:share-types','oc:privatelink','d:resourcetype','oc:size','oc:name','d:getcontenttype','oc:tags','d:lockdiscovery','d:activelock'];
 		return  WebDavHelper::propfind(
@@ -3550,7 +3602,9 @@ public function sendPropfindRequestToSpace(string $user, string $spaceName, ?str
 			$this->featureContext->getStepLineRef(),
 			"0",
 			"files",
-			WebDavHelper::DAV_VERSION_SPACES
+			WebDavHelper::DAV_VERSION_SPACES,
+			"",
+			$headers
 		);
 	}