From 4fa76a58c87c4f1a3fa258b0f282e1cec9301d11 Mon Sep 17 00:00:00 2001 From: "sagargurung1001@gmail.com" Date: Mon, 15 Jan 2024 10:12:35 +0545 Subject: [PATCH 1/2] Added test for banned password to create public link Signed-off-by: sagargurung1001@gmail.com --- .../features/apiSharingNg/linkShare.feature | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) diff --git a/tests/acceptance/features/apiSharingNg/linkShare.feature b/tests/acceptance/features/apiSharingNg/linkShare.feature index 671fb0fe1fd..1a4a16e960f 100644 --- a/tests/acceptance/features/apiSharingNg/linkShare.feature +++ b/tests/acceptance/features/apiSharingNg/linkShare.feature @@ -584,3 +584,103 @@ Feature: Create a share link for a resource """ And the public should be able to download file "textfile1.txt" from the last link share with password "%public%" and the content should be "other data" And the public download of file "textfile1.txt" from the last link share with password "$heLlo*1234*" should fail with HTTP status code "401" using shareNg + + + Scenario Outline: create a file's link share with a password that is listed in the Banned-Password-List + Given the config "OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST" has been set to path "config/drone/banned-password-list.txt" + And user "Alice" has uploaded file with content "other data" to "text.txt" + When user "Alice" creates the following link share using the Graph API: + | resourceType | file | + | resource | text.txt | + | space | Personal | + | permissionsRole | view | + | password | | + Then the HTTP status code should be "400" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "error" + ], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "message" + ], + "properties": { + "code": { + "type": "string", + "pattern": "invalidRequest" + }, + "message": { + "type": "string", + "enum": [ + "unfortunately, your password is commonly used. please pick a harder-to-guess password for your safety" + ] + } + } + } + } + } + """ + Examples: + | bannedPassword | + | 123 | + | password | + | ownCloud | + + + Scenario Outline: update a file's link share with a password that is listed in the Banned-Password-List + Given the config "OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST" has been set to path "config/drone/banned-password-list.txt" + And user "Alice" has uploaded file with content "other data" to "text.txt" + And user "Alice" has created the following link share: + | resourceType | file | + | resource | text.txt | + | space | Personal | + | permissionsRole | view | + | password | %public% | + When user "Alice" sets the following password for the last link share using the Graph API: + | resourceType | file | + | resource | text.txt | + | space | Personal | + | permissionsRole | view | + | password | | + Then the HTTP status code should be "400" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "error" + ], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "message" + ], + "properties": { + "code": { + "type": "string", + "pattern": "invalidRequest" + }, + "message": { + "type": "string", + "enum": [ + "unfortunately, your password is commonly used. please pick a harder-to-guess password for your safety" + ] + } + } + } + } + } + """ + Examples: + | bannedPassword | + | 123 | + | password | + | ownCloud | From 9e570577bcfa3a4a73479d3b81733bfe7b60b2d6 Mon Sep 17 00:00:00 2001 From: "sagargurung1001@gmail.com" Date: Thu, 18 Jan 2024 12:46:19 +0545 Subject: [PATCH 2/2] review address Signed-off-by: sagargurung1001@gmail.com --- .../features/apiSharingNg/linkShare.feature | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/tests/acceptance/features/apiSharingNg/linkShare.feature b/tests/acceptance/features/apiSharingNg/linkShare.feature index 1a4a16e960f..57552136f4c 100644 --- a/tests/acceptance/features/apiSharingNg/linkShare.feature +++ b/tests/acceptance/features/apiSharingNg/linkShare.feature @@ -590,11 +590,11 @@ Feature: Create a share link for a resource Given the config "OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST" has been set to path "config/drone/banned-password-list.txt" And user "Alice" has uploaded file with content "other data" to "text.txt" When user "Alice" creates the following link share using the Graph API: - | resourceType | file | - | resource | text.txt | - | space | Personal | - | permissionsRole | view | - | password | | + | resourceType | file | + | resource | text.txt | + | space | Personal | + | permissionsRole | view | + | password | | Then the HTTP status code should be "400" And the JSON data of the response should match """ @@ -627,10 +627,10 @@ Feature: Create a share link for a resource } """ Examples: - | bannedPassword | - | 123 | - | password | - | ownCloud | + | banned-password | + | 123 | + | password | + | ownCloud | Scenario Outline: update a file's link share with a password that is listed in the Banned-Password-List @@ -643,11 +643,11 @@ Feature: Create a share link for a resource | permissionsRole | view | | password | %public% | When user "Alice" sets the following password for the last link share using the Graph API: - | resourceType | file | - | resource | text.txt | - | space | Personal | - | permissionsRole | view | - | password | | + | resourceType | file | + | resource | text.txt | + | space | Personal | + | permissionsRole | view | + | password | | Then the HTTP status code should be "400" And the JSON data of the response should match """ @@ -680,7 +680,7 @@ Feature: Create a share link for a resource } """ Examples: - | bannedPassword | - | 123 | - | password | - | ownCloud | + | banned-password | + | 123 | + | password | + | ownCloud |