owncloud · individual-it · Mar 6, 2023 · Feb 23, 2023 · Feb 28, 2023 · Mar 3, 2023
diff --git a/tests/TestHelpers/GraphHelper.php b/tests/TestHelpers/GraphHelper.php
@@ -171,6 +171,7 @@ public static function createUser(
 	 * @param string|null $password
 	 * @param string|null $email
 	 * @param string|null $displayName
+	 * @param bool|true $accountEnabled
 	 *
 	 * @return ResponseInterface
 	 * @throws GuzzleException
@@ -184,13 +185,15 @@ public static function editUser(
 		?string $userName = null,
 		?string $password = null,
 		?string $email = null,
-		?string $displayName = null
+		?string $displayName = null,
+		?bool $accountEnabled = true
 	): ResponseInterface {
 		$payload = self::preparePatchUserPayload(
 			$userName,
 			$password,
 			$email,
-			$displayName
+			$displayName,
+			$accountEnabled
 		);
 		$url = self::getFullUrl($baseUrl, 'users/' . $userId);
 		return HttpRequestHelper::sendRequest(
@@ -639,6 +642,7 @@ public static function prepareCreateUserPayload(
 		if (!empty($email)) {
 			$payload['mail'] = $email ?? $userName . '@example.com';
 		}
+		$payload['accountEnabled'] = true;
 		return \json_encode($payload);
 	}
 
@@ -649,14 +653,16 @@ public static function prepareCreateUserPayload(
 	 * @param string|null $password
 	 * @param string|null $email
 	 * @param string|null $displayName
+	 * @param bool|true $accountEnabled
 	 *
 	 * @return string
 	 */
 	public static function preparePatchUserPayload(
 		?string $userName,
 		?string $password,
 		?string $email,
-		?string $displayName
+		?string $displayName,
+		?bool $accountEnabled
 	): string {
 		$payload = [];
 		if ($userName) {
@@ -671,6 +677,8 @@ public static function preparePatchUserPayload(
 		if ($email) {
 			$payload['mail'] = $email;
 		}
+		$payload['accountEnabled'] = $accountEnabled;
+
 		return \json_encode($payload);
 	}
 

diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
@@ -23,7 +23,8 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiGraph/createGroupCaseSensitive.feature:21](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroupCaseSensitive.feature#L21)
 - [apiGraph/createGroupCaseSensitive.feature:22](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroupCaseSensitive.feature#L22)
 - [apiGraph/createGroup.feature:26](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createGroup.feature#L26)
-- [apiGraph/createUser.feature:28](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createUser.feature#L28)
+- [apiGraph/createUser.feature:29](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createUser.feature#L29)
+- [apiGraph/createUser.feature:61](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/createUser.feature#L61)
 
 ### [PROPFIND on accepted shares with identical names containing brackets exit with 404](https://github.com/owncloud/ocis/issues/4421)
 - [apiSpacesShares/changingFilesShare.feature:12](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/changingFilesShare.feature#L12)
@@ -92,7 +93,7 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 
 #### [A User can get information of another user with Graph API](https://github.com/owncloud/ocis/issues/5125)
 - [apiGraph/getUser.feature:23](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L23)
-- [apiGraph/getUser.feature:92](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L92)
+- [apiGraph/getUser.feature:102](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L102)
 
 #### [Sharing to a group with an expiration date does not work #5442](https://github.com/owncloud/ocis/issues/5442)
 - [apiSpacesShares/shareSubItemOfSpace.feature:105](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature#L105)
@@ -103,5 +104,8 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 #### [Normal user can get expanded members information of a group](https://github.com/owncloud/ocis/issues/5604)
 - [apiGraph/getGroup.feature:100](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L100)
 
+#### Change editUser test where we set empty value
+- [apiGraph/editUser.feature:33](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editUser.feature#L33)
+- [apiGraph/editUser.feature:80](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/editUser.feature#L80)
 Note: always have an empty line at the end of this file.
 The bash script that processes this file requires that the last line has a newline on the end.
diff --git a/tests/acceptance/features/apiGraph/addUserToGroup.feature b/tests/acceptance/features/apiGraph/addUserToGroup.feature
@@ -69,14 +69,14 @@ Feature: add users to group
 
   Scenario: adding a user to a group with % and # in its name
     Given these groups have been created:
-      | groupname           | comment                                 |
-      | maintenance#123     | Hash sign                               |
-      | 50%pass             | Percent sign (special escaping happens) |
-      | 50%25=0             | %25 literal looks like an escaped "%"   |
-      | 50%2Eagle           | %2E literal looks like an escaped "."   |
-      | 50%2Fix             | %2F literal looks like an escaped slash |
-      | Mgmt\Middle         | Backslash                               |
-      | staff?group         | Question mark                           |
+      | groupname       | comment                                 |
+      | maintenance#123 | Hash sign                               |
+      | 50%pass         | Percent sign (special escaping happens) |
+      | 50%25=0         | %25 literal looks like an escaped "%"   |
+      | 50%2Eagle       | %2E literal looks like an escaped "."   |
+      | 50%2Fix         | %2F literal looks like an escaped slash |
+      | Mgmt\Middle     | Backslash                               |
+      | staff?group     | Question mark                           |
     When the administrator adds the following users to the following groups using the Graph API
       | username | groupname       |
       | Alice    | maintenance#123 |
@@ -149,3 +149,17 @@ Feature: add users to group
   Scenario: admin tries to add user to a group without sending the group
     When the administrator tries to add user "Alice" to group "" using the Graph API
     Then the HTTP status code should be "404"
+
+
+  Scenario: adding a disabled user to a group
+    Given these groups have been created:
+      | groupname | comment      |
+      | sales     | normal group |
+    And the user "Admin" has disabled user "Alice" using the Graph API
+    When the administrator adds the following users to the following groups using the Graph API
+      | username | groupname |
+      | Alice    | sales     |
+    Then the HTTP status code of responses on all endpoints should be "204"
+    And the following users should be listed in the following groups
+      | username | groupname |
+      | Alice    | sales     |
diff --git a/tests/acceptance/features/apiGraph/createUser.feature b/tests/acceptance/features/apiGraph/createUser.feature
@@ -12,43 +12,74 @@ Feature: create user
   Scenario Outline: the admin creates a user
     Given the administrator has given "Alice" the role "Admin" using the settings api
     When the user "Alice" creates a new user using GraphAPI with the following settings:
-      | userName    | <userName>    |
-      | displayName | <displayName> |
-      | email       | <email>       |
-      | password    | <password>    |
+      | userName       | <userName>    |
+      | displayName    | <displayName> |
+      | email          | <email>       |
+      | password       | <password>    |
+      | accountEnabled | <enable>      |
     Then the HTTP status code should be "<code>"
     And user "<userName>" <shouldOrNot> exist
     Examples:
-      | userName                     | displayName      | email               | password                     | code | shouldOrNot |
-      | SameDisplayName              | Alice Hansen     | [email protected]     | containsCharacters(*:!;_+-&) | 200  | should     |
-      | withoutPassSameEmail         | without pass     | [email protected]   |                              | 200  | should     |
-      | name                         | pass with space  | [email protected] | my pass                      | 200  | should     |
-      | nameWithCharacters(*:!;_+-&) | user             | [email protected]     | 123                          | 400  | should not |
-      | withoutEmail                 | without email    |                     | 123                          | 200  | should     |
-      | Alice                        | same userName    | [email protected]     | 123                          | 400  | should     |
-      | name with space              | name with space  | [email protected] | 123                          | 400  | should not |
+      | userName                     | displayName     | email               | password                     | code | enable | shouldOrNot |
+      | SameDisplayName              | Alice Hansen    | [email protected]     | containsCharacters(*:!;_+-&) | 200  | true   | should      |
+      | withoutPassSameEmail         | without pass    | [email protected]   |                              | 200  | true   | should      |
+      | name                         | pass with space | [email protected] | my pass                      | 200  | true   | should      |
+      | nameWithCharacters(*:!;_+-&) | user            | [email protected]     | 123                          | 400  | true   | should not  |
+      | withoutEmail                 | without email   |                     | 123                          | 200  | true   | should      |
+      | Alice                        | same userName   | [email protected]     | 123                          | 400  | true   | should      |
+      | name with space              | name with space | [email protected] | 123                          | 400  | true   | should not  |
+      | createDisabledUser           | disabled user   | [email protected] | 123                          | 200  | false  | should      |
 
 
   Scenario: a user cannot be created with empty name
     Given the administrator has given "Alice" the role "Admin" using the settings api
     When the user "Alice" creates a new user using GraphAPI with the following settings:
-      | userName    |              |
-      | displayName | emptyName    |
-      | email       | @example.org |
-      | password    | 123          |
+      | userName       |              |
+      | displayName    | emptyName    |
+      | email          | @example.org |
+      | password       | 123          |
+      | accountEnabled | true         |
     Then the HTTP status code should be "400"
 
 
   Scenario Outline: a user without admin right cannot create a user
     Given the administrator has given "Alice" the role "<role>" using the settings api
     When the user "Alice" creates a new user using GraphAPI with the following settings:
-      | userName    | user         |
-      | displayName | user         |
-      | email       | @example.org |
-      | password    | 123          |
+      | userName       | user         |
+      | displayName    | user         |
+      | email          | @example.org |
+      | password       | 123          |
+      | accountEnabled | true         |
     Then the HTTP status code should be "401"
     And user "user" should not exist
     Examples:
       | role        |
       | Space Admin |
       | User        |
+
+
+  Scenario: a user cannot be created with the name of the disabled user
+    Given user "Brian" has been created with default attributes and without skeleton files
+    And the administrator has given "Alice" the role "Admin" using the settings api
+    And the user "Alice" has disabled user "Brian" using the Graph API
+    When the user "Alice" creates a new user using GraphAPI with the following settings:
+      | userName       | Brian                 |
+      | displayName    | This is another Brian |
+      | email          | [email protected]     |
+      | password       | 123                   |
+      | accountEnabled | true                  |
+    Then the HTTP status code should be "400"
+
+
+  Scenario: a user can be created with the name of the deleted user
+    Given user "Brian" has been created with default attributes and without skeleton files
+    And the administrator has given "Alice" the role "Admin" using the settings api
+    And the user "Alice" has deleted a user "Brian" using the Graph API
+    When the user "Alice" creates a new user using GraphAPI with the following settings:
+      | userName       | Brian                 |
+      | displayName    | This is another Brian |
+      | email          | [email protected]     |
+      | password       | 123                   |
+      | accountEnabled | true                  |
+    Then the HTTP status code should be "200"
+    And user "Brian" should exist
diff --git a/tests/acceptance/features/apiGraph/deleteUser.feature b/tests/acceptance/features/apiGraph/deleteUser.feature
@@ -71,3 +71,13 @@ Feature: delete user
       | role        |
       | Space Admin |
       | User        |
+
+
+  Scenario: the admin user deletes a disabled user
+    Given the administrator has given "Alice" the role "Admin" using the settings api
+    And user "Brian" has been created with default attributes and without skeleton files
+    And the user "Alice" has disabled user "Brian" using the Graph API
+    When the user "Alice" deletes a user "Brian" using the Graph API
+    Then the HTTP status code should be "204"
+    And user "Brian" should not exist
+
diff --git a/tests/acceptance/features/apiGraph/editUser.feature b/tests/acceptance/features/apiGraph/editUser.feature
@@ -139,3 +139,59 @@ Feature: edit user
       | role        |
       | Space Admin |
       | User        |
+
+
+  Scenario: the admin user disables another user
+    When the user "Alice" disables user "Brian" using the Graph API
+    Then the HTTP status code should be "200"
+    When user "Alice" gets information of user "Brian" using Graph API
+    Then the HTTP status code should be "200"
+    And the user retrieve API response should contain the following information:
+      | displayName  | id        | mail              | onPremisesSamAccountName | accountEnabled |
+      | Brian Murphy | %uuid_v4% | [email protected] | Brian                    | false          |
+
+
+  Scenario Outline: a normal user should not be able to disable another user
+    Given user "Carol" has been created with default attributes and without skeleton files
+    And the administrator has given "Brian" the role "<role>" using the settings api
+    When the user "Brian" tries to disable user "Carol" using the Graph API
+    Then the HTTP status code should be "401"
+    When user "Alice" gets information of user "Carol" using Graph API
+    Then the HTTP status code should be "200"
+    And the user retrieve API response should contain the following information:
+      | displayName | id        | mail              | onPremisesSamAccountName | accountEnabled |
+      | Carol King  | %uuid_v4% | [email protected] | Carol                    | true           |
+    Examples:
+      | role        |
+      | Space Admin |
+      | User        |
+      | Guest       |
+
+
+  Scenario: the admin user enables disabled user
+    Given the user "Alice" has disabled user "Brian" using the Graph API
+    When the user "Alice" enables user "Brian" using the Graph API
+    Then the HTTP status code should be "200"
+    When user "Alice" gets information of user "Brian" using Graph API
+    Then the HTTP status code should be "200"
+    And the user retrieve API response should contain the following information:
+      | displayName  | id        | mail              | onPremisesSamAccountName | accountEnabled |
+      | Brian Murphy | %uuid_v4% | [email protected] | Brian                    | true           |
+
+
+  Scenario Outline: a normal user should not be able to enable another user
+    Given user "Carol" has been created with default attributes and without skeleton files
+    And the user "Alice" has disabled user "Carol" using the Graph API
+    And the administrator has given "Brian" the role "<role>" using the settings api
+    When the user "Brian" tries to enable user "Carol" using the Graph API
+    Then the HTTP status code should be "401"
+    When user "Alice" gets information of user "Carol" using Graph API
+    Then the HTTP status code should be "200"
+    And the user retrieve API response should contain the following information:
+      | displayName | id        | mail              | onPremisesSamAccountName | accountEnabled |
+      | Carol King  | %uuid_v4% | [email protected] | Carol                    | false          |
+    Examples:
+      | role        |
+      | Space Admin |
+      | User        |
+      | Guest       |