diff --git a/tests/acceptance/features/apiAuthOcs/ocsDELETEAuth.feature b/tests/acceptance/features/apiAuthOcs/ocsDELETEAuth.feature index a7aa37f89327..628ac752c688 100644 --- a/tests/acceptance/features/apiAuthOcs/ocsDELETEAuth.feature +++ b/tests/acceptance/features/apiAuthOcs/ocsDELETEAuth.feature @@ -8,45 +8,48 @@ Feature: auth @smokeTest @issue-32068 @skipOnOcis @issue-ocis-reva-30 @issue-ocis-reva-65 @skipOnBruteForceProtection @issue-brute_force_protection-112 Scenario: send DELETE requests to OCS endpoints as admin with wrong password - When user "another-admin" requests these endpoints with "DELETE" using password "invalid" then the status codes about user "Alice" should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/123 | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/123 | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares/123 | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | - | /ocs/v1.php/cloud/apps/testing | 997 | 401 | - | /ocs/v2.php/cloud/apps/testing | 997 | 401 | - | /ocs/v1.php/cloud/groups/group1 | 997 | 401 | - | /ocs/v2.php/cloud/groups/group1 | 997 | 401 | - | /ocs/v1.php/cloud/users/%username% | 997 | 401 | - | /ocs/v2.php/cloud/users/%username% | 997 | 401 | - | /ocs/v1.php/cloud/users/%username%/groups | 997 | 401 | - | /ocs/v2.php/cloud/users/%username%/groups | 997 | 401 | - | /ocs/v1.php/cloud/users/%username%/subadmins | 997 | 401 | - | /ocs/v2.php/cloud/users/%username%/subadmins | 997 | 401 | + When user "another-admin" requests these endpoints with "DELETE" using password "invalid" about user "Alice" + | endpoint | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/123 | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/shares/123 | + | /ocs/v1.php/apps/files_sharing/api/v1/shares/pending/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/shares/pending/123 | + | /ocs/v1.php/cloud/apps/testing | + | /ocs/v2.php/cloud/apps/testing | + | /ocs/v1.php/cloud/groups/group1 | + | /ocs/v2.php/cloud/groups/group1 | + | /ocs/v1.php/cloud/users/%username% | + | /ocs/v2.php/cloud/users/%username% | + | /ocs/v1.php/cloud/users/%username%/groups | + | /ocs/v2.php/cloud/users/%username%/groups | + | /ocs/v1.php/cloud/users/%username%/subadmins | + | /ocs/v2.php/cloud/users/%username%/subadmins | + Then the HTTP status code of responses on all endpoints should be "401" + Then the OCS status code of responses on all endpoints should be "997" @smokeTest @skipOnOcV10 @issue-ocis-reva-30 @issue-ocis-reva-65 #after fixing all issues delete this Scenario and use the one above Scenario: send DELETE requests to OCS endpoints as admin with wrong password - When user "another-admin" requests these endpoints with "DELETE" using password "invalid" then the status codes about user "Alice" should be as listed - | endpoint | http-code | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending/123 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/123 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/123 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/123 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares/123 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares/pending/123 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares/pending/123 | 401 | - | /ocs/v1.php/cloud/apps/testing | 401 | - | /ocs/v2.php/cloud/apps/testing | 401 | - | /ocs/v1.php/cloud/groups/group1 | 401 | - | /ocs/v2.php/cloud/groups/group1 | 401 | - | /ocs/v1.php/cloud/users/%username% | 401 | - | /ocs/v2.php/cloud/users/%username% | 401 | - | /ocs/v1.php/cloud/users/%username%/groups | 401 | - | /ocs/v2.php/cloud/users/%username%/groups | 401 | - | /ocs/v1.php/cloud/users/%username%/subadmins | 401 | - | /ocs/v2.php/cloud/users/%username%/subadmins | 401 | + When user "another-admin" requests these endpoints with "DELETE" using password "invalid" about user "Alice" + | endpoint | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/123 | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/shares/123 | + | /ocs/v1.php/apps/files_sharing/api/v1/shares/pending/123 | + | /ocs/v2.php/apps/files_sharing/api/v1/shares/pending/123 | + | /ocs/v1.php/cloud/apps/testing | + | /ocs/v2.php/cloud/apps/testing | + | /ocs/v1.php/cloud/groups/group1 | + | /ocs/v2.php/cloud/groups/group1 | + | /ocs/v1.php/cloud/users/%username% | + | /ocs/v2.php/cloud/users/%username% | + | /ocs/v1.php/cloud/users/%username%/groups | + | /ocs/v2.php/cloud/users/%username%/groups | + | /ocs/v1.php/cloud/users/%username%/subadmins | + | /ocs/v2.php/cloud/users/%username%/subadmins | + Then the HTTP status code of responses on all endpoints should be "401" diff --git a/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature b/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature index e2903d7c078a..6469666ee5d0 100644 --- a/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature +++ b/tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature @@ -5,30 +5,42 @@ Feature: auth Given user "Alice" has been created with default attributes and skeleton files @issue-32068 @skipOnOcis - @issue-ocis-reva-29 @issue-ocis-reva-30 @smokeTest Scenario: using OCS anonymously - When a user requests these endpoints with "GET" and no authentication then the status codes should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 997 | 401 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares | 997 | 401 | - | /ocs/v1.php/cloud/apps | 997 | 401 | - | /ocs/v2.php/cloud/apps | 997 | 401 | - | /ocs/v1.php/cloud/groups | 997 | 401 | - | /ocs/v2.php/cloud/groups | 997 | 401 | - | /ocs/v1.php/cloud/users | 997 | 401 | - | /ocs/v2.php/cloud/users | 997 | 401 | - | /ocs/v1.php/config | 100 | 200 | - | /ocs/v2.php/config | 200 | 200 | - | /ocs/v1.php/privatedata/getattribute | 997 | 401 | - | /ocs/v2.php/privatedata/getattribute | 997 | 401 | + When a user requests these endpoints with "GET" and no authentication + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "401" + Then the OCS status code of responses on all endpoints should be "997" + + @issue-ocis-reva-29 @skipOnOcis + Scenario: ocs config end point accessible by unauthorized users + When a user requests these endpoints with "GET" and no authentication + | endpoint | + | /ocs/v1.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + Then the OCS status code of responses on all endpoints should be "100" + When a user requests these endpoints with "GET" and no authentication + | endpoint | + | /ocs/v2.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + Then the OCS status code of responses on all endpoints should be "200" @skipOnOcV10 @issue-ocis-reva-29 @@ -36,26 +48,27 @@ Feature: auth @smokeTest #after fixing all issues delete this Scenario and use the one above Scenario: using OCS anonymously - When a user requests these endpoints with "GET" and no authentication then the status codes should be as listed - | endpoint | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 401 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares | 401 | - | /ocs/v1.php/cloud/apps | 401 | - | /ocs/v2.php/cloud/apps | 401 | - | /ocs/v1.php/cloud/groups | 401 | - | /ocs/v2.php/cloud/groups | 401 | - | /ocs/v1.php/cloud/users | 401 | - | /ocs/v2.php/cloud/users | 401 | - | /ocs/v1.php/config | 401 | - | /ocs/v2.php/config | 401 | - | /ocs/v1.php/privatedata/getattribute | 401 | - | /ocs/v2.php/privatedata/getattribute | 401 | + When a user requests these endpoints with "GET" and no authentication + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + | /ocs/v1.php/config | + | /ocs/v2.php/config | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "401" @issue-32068 @skipOnOcis @issue-ocis-reva-11 @@ -66,26 +79,36 @@ Feature: auth @issue-ocis-reva-34 @issue-ocis-reva-35 Scenario: using OCS with non-admin basic auth - When the user "Alice" requests these endpoints with "GET" with basic auth then the status codes should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 100 | 200 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares | 200 | 200 | - | /ocs/v1.php/cloud/apps | 997 | 401 | - | /ocs/v2.php/cloud/apps | 997 | 401 | - | /ocs/v1.php/cloud/groups | 997 | 401 | - | /ocs/v2.php/cloud/groups | 997 | 401 | - | /ocs/v1.php/cloud/users | 997 | 401 | - | /ocs/v2.php/cloud/users | 997 | 401 | - | /ocs/v1.php/config | 100 | 200 | - | /ocs/v2.php/config | 200 | 200 | - | /ocs/v1.php/privatedata/getattribute | 100 | 200 | - | /ocs/v2.php/privatedata/getattribute | 200 | 200 | + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/config | + | /ocs/v1.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "200" + Then the OCS status code of responses on all endpoints should be "100" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/config | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "200" + Then the OCS status code of responses on all endpoints should be "200" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v1.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/apps | + | /ocs/v2.php/cloud/groups | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "401" + Then the OCS status code of responses on all endpoints should be "997" @skipOnOcV10 @issue-ocis-reva-11 @@ -97,26 +120,49 @@ Feature: auth @issue-ocis-reva-35 #after fixing all issues delete this Scenario and use the one above Scenario: using OCS with non-admin basic auth - When the user "Alice" requests these endpoints with "GET" with basic auth then the status codes should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 998 | 200 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 998 | 404 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 998 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 998 | 404 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 998 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 998 | 404 | + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v1.php/cloud/groups | + | /ocs/v1.php/cloud/apps | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "998" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v1.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | # | /ocs/v1.php/apps/files_sharing/api/v1/shares | 100 | 200 | # | /ocs/v2.php/apps/files_sharing/api/v1/shares | 100 | 200 | - | /ocs/v1.php/cloud/apps | 998 | 200 | - | /ocs/v2.php/cloud/apps | 998 | 404 | - | /ocs/v1.php/cloud/groups | 998 | 200 | - | /ocs/v2.php/cloud/groups | 998 | 404 | - | /ocs/v1.php/cloud/users | 403 | 200 | - | /ocs/v2.php/cloud/users | 403 | 403 | - | /ocs/v1.php/config | 100 | 200 | - | /ocs/v2.php/config | 200 | 200 | - | /ocs/v1.php/privatedata/getattribute | 998 | 200 | - | /ocs/v2.php/privatedata/getattribute | 998 | 404 | + + | /ocs/v2.php/cloud/apps | + | /ocs/v2.php/cloud/groups | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "404" + And the OCS status code of responses on all endpoints should be "998" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v1.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "403" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "403" + And the OCS status code of responses on all endpoints should be "403" + When the user "Alice" requests these endpoints with "GET" with basic auth + | endpoint | + | /ocs/v2.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" @issue-32068 @skipOnOcis @issue-ocis-reva-29 @@ -124,26 +170,37 @@ Feature: auth @smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112 Scenario: using OCS as normal user with wrong password - When user "Alice" requests these endpoints with "GET" using password "invalid" then the status codes should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 997 | 401 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares | 997 | 401 | - | /ocs/v1.php/cloud/apps | 997 | 401 | - | /ocs/v2.php/cloud/apps | 997 | 401 | - | /ocs/v1.php/cloud/groups | 997 | 401 | - | /ocs/v2.php/cloud/groups | 997 | 401 | - | /ocs/v1.php/cloud/users | 997 | 401 | - | /ocs/v2.php/cloud/users | 997 | 401 | - | /ocs/v1.php/config | 100 | 200 | - | /ocs/v2.php/config | 200 | 200 | - | /ocs/v1.php/privatedata/getattribute | 997 | 401 | - | /ocs/v2.php/privatedata/getattribute | 997 | 401 | + When user "Alice" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" + When user "Alice" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v1.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When user "Alice" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v2.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" + @skipOnOcV10 @issue-ocis-reva-29 @@ -151,38 +208,45 @@ Feature: auth @smokeTest #after fixing all issues delete this Scenario and use the one above Scenario: using OCS as normal user with wrong password - When user "Alice" requests these endpoints with "GET" using password "invalid" then the status codes should be as listed - | endpoint | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 401 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares | 401 | - | /ocs/v1.php/cloud/apps | 401 | - | /ocs/v2.php/cloud/apps | 401 | - | /ocs/v1.php/cloud/groups | 401 | - | /ocs/v2.php/cloud/groups | 401 | - | /ocs/v1.php/cloud/users | 401 | - | /ocs/v2.php/cloud/users | 401 | - | /ocs/v1.php/config | 401 | - | /ocs/v2.php/config | 401 | - | /ocs/v1.php/privatedata/getattribute | 401 | - | /ocs/v2.php/privatedata/getattribute | 401 | + When user "Alice" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + | /ocs/v1.php/config | + | /ocs/v2.php/config | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "401" @skipOnOcis @issue-ocis-reva-65 Scenario:using OCS with admin basic auth - When the administrator requests these endpoint with "GET" then the status codes should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/cloud/apps | 100 | 200 | - | /ocs/v2.php/cloud/apps | 200 | 200 | - | /ocs/v1.php/cloud/groups | 100 | 200 | - | /ocs/v2.php/cloud/groups | 200 | 200 | - | /ocs/v1.php/cloud/users | 100 | 200 | - | /ocs/v2.php/cloud/users | 200 | 200 | + When the administrator requests these endpoint with "GET" + | endpoint | + | /ocs/v1.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v1.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When the administrator requests these endpoint with "GET" + | endpoint | + | /ocs/v2.php/cloud/apps | + | /ocs/v2.php/cloud/groups | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" @skipOnOcis @issue-ocis-reva-65 @@ -190,98 +254,141 @@ Feature: auth Scenario: using OCS as admin user with wrong password Given user "another-admin" has been created with default attributes and without skeleton files And user "another-admin" has been added to group "admin" - When user "another-admin" requests these endpoints with "GET" using password "invalid" then the status codes should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 997 | 401 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 997 | 401 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares | 997 | 401 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares | 997 | 401 | - | /ocs/v1.php/cloud/apps | 997 | 401 | - | /ocs/v2.php/cloud/apps | 997 | 401 | - | /ocs/v1.php/cloud/groups | 997 | 401 | - | /ocs/v2.php/cloud/groups | 997 | 401 | - | /ocs/v1.php/cloud/users | 997 | 401 | - | /ocs/v2.php/cloud/users | 997 | 401 | - | /ocs/v1.php/config | 100 | 200 | - | /ocs/v2.php/config | 200 | 200 | - | /ocs/v1.php/privatedata/getattribute | 997 | 401 | - | /ocs/v2.php/privatedata/getattribute | 997 | 401 | + When user "another-admin" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" + When user "another-admin" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v1.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When user "another-admin" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v2.php/config | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" + @skipOnOcis @issue-ocis-reva-28 Scenario: using OCS with token auth of a normal user Given a new client token for "Alice" has been generated - When user "Alice" requests these endpoints with "GET" using basic token auth then the status codes should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 100 | 200 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares | 200 | 200 | - | /ocs/v1.php/cloud/apps | 997 | 401 | - | /ocs/v2.php/cloud/apps | 997 | 401 | - | /ocs/v1.php/cloud/groups | 997 | 401 | - | /ocs/v2.php/cloud/groups | 997 | 401 | - | /ocs/v1.php/cloud/users | 997 | 401 | - | /ocs/v2.php/cloud/users | 997 | 401 | - | /ocs/v1.php/config | 100 | 200 | - | /ocs/v2.php/config | 200 | 200 | - | /ocs/v1.php/privatedata/getattribute | 100 | 200 | - | /ocs/v2.php/privatedata/getattribute | 200 | 200 | + When user "Alice" requests these endpoints with "GET" using basic token auth + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/config | + | /ocs/v1.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When user "Alice" requests these endpoints with "GET" using basic token auth + | endpoint | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/config | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" + When user "Alice" requests these endpoints with "GET" using basic token auth + | endpoint | + | /ocs/v1.php/cloud/apps | + | /ocs/v1.php/cloud/users | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/apps | + | /ocs/v2.php/cloud/groups | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" @skipOnOcis Scenario: using OCS with browser session of normal user Given a new browser session for "Alice" has been started - When the user requests these endpoints with "GET" using a new browser session then the status codes should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 100 | 200 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares | 200 | 200 | - | /ocs/v1.php/cloud/apps | 997 | 401 | - | /ocs/v2.php/cloud/apps | 997 | 401 | - | /ocs/v1.php/cloud/groups | 997 | 401 | - | /ocs/v2.php/cloud/groups | 997 | 401 | - | /ocs/v1.php/cloud/users | 997 | 401 | - | /ocs/v2.php/cloud/users | 997 | 401 | - | /ocs/v1.php/config | 100 | 200 | - | /ocs/v2.php/config | 200 | 200 | - | /ocs/v1.php/privatedata/getattribute | 100 | 200 | - | /ocs/v2.php/privatedata/getattribute | 200 | 200 | + When the user requests these endpoints with "GET" using a new browser session + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/config | + | /ocs/v1.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When the user requests these endpoints with "GET" using a new browser session + | endpoint | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/config | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" + When the user requests these endpoints with "GET" using a new browser session + | endpoint | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" + @skipOnOcis @issue-ocis-reva-60 Scenario: using OCS with an app password of a normal user Given a new browser session for "Alice" has been started And the user has generated a new app password named "my-client" - When the user requests these endpoints with "GET" using the generated app password then the status codes should be as listed - | endpoint | ocs-code | http-code | - | /ocs/v1.php/apps/files_external/api/v1/mounts | 100 | 200 | - | /ocs/v2.php/apps/files_external/api/v1/mounts | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 200 | 200 | - | /ocs/v1.php/apps/files_sharing/api/v1/shares | 100 | 200 | - | /ocs/v2.php/apps/files_sharing/api/v1/shares | 200 | 200 | - | /ocs/v1.php/cloud/apps | 997 | 401 | - | /ocs/v2.php/cloud/apps | 997 | 401 | - | /ocs/v1.php/cloud/groups | 997 | 401 | - | /ocs/v2.php/cloud/groups | 997 | 401 | - | /ocs/v1.php/cloud/users | 997 | 401 | - | /ocs/v2.php/cloud/users | 997 | 401 | - | /ocs/v1.php/config | 100 | 200 | - | /ocs/v2.php/config | 200 | 200 | - | /ocs/v1.php/privatedata/getattribute | 100 | 200 | - | /ocs/v2.php/privatedata/getattribute | 200 | 200 | + When the user requests these endpoints with "GET" using the generated app password + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/config | + | /ocs/v1.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + + When the user requests these endpoints with "GET" using the generated app password + | endpoint | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/config | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" + When the user requests these endpoints with "GET" using the generated app password + | endpoint | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/cloud/users | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" diff --git a/tests/acceptance/features/apiAuthOcs/ocsPOSTAuth.feature b/tests/acceptance/features/apiAuthOcs/ocsPOSTAuth.feature index e314aec50269..603598f88c7d 100644 --- a/tests/acceptance/features/apiAuthOcs/ocsPOSTAuth.feature +++ b/tests/acceptance/features/apiAuthOcs/ocsPOSTAuth.feature @@ -33,15 +33,11 @@ Feature: auth | /ocs/v2.php/privatedata/setattribute/testing/test | Then the HTTP status code of responses on all endpoints should be "401" Then the OCS status code of responses on all endpoints should be "997" - - Scenario: send POST requests to OCS endpoints as normal user with wrong password When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice" | endpoint | | /ocs/v1.php/person/check | Then the HTTP status code of responses on all endpoints should be "200" Then the OCS status code of responses on all endpoints should be "101" - - Scenario: send POST requests to OCS endpoints as normal user with wrong password When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice" | endpoint | | /ocs/v2.php/person/check | diff --git a/tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature b/tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature index 4da1ed16e721..7ef3bfe38e3d 100644 --- a/tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature +++ b/tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature @@ -98,13 +98,13 @@ Feature: get file info using PUT Given token auth has been enforced And a new browser session for "Alice" has been started And the user has generated a new app password named "my-client" - When the user "Alice" requests these endpoints with "PUT" with body "doesnotmatter" using the basic auth and generated app password about user "Alice" + When the user "Alice" requests these endpoints with "PUT" with body "doesnotmatter" using basic auth and generated app password about user "Alice" | endpoint | | /remote.php/webdav/textfile0.txt | | /remote.php/dav/files/%username%/textfile1.txt | | /remote.php/dav/files/%username%/PARENT/parent.txt | Then the HTTP status code of responses on all endpoints should be "204" - When the user "Alice" requests these endpoints with "PUT" with body "doesnotmatter" using the basic auth and generated app password about user "Alice" + When the user "Alice" requests these endpoints with "PUT" with body "doesnotmatter" using basic auth and generated app password about user "Alice" # this folder is created, so gives 201 - CREATED | /remote.php/webdav/PARENS | | /remote.php/dav/files/%username%/FOLDERS | diff --git a/tests/acceptance/features/bootstrap/AuthContext.php b/tests/acceptance/features/bootstrap/AuthContext.php index 6771272c5fa3..ec22fe704f0a 100644 --- a/tests/acceptance/features/bootstrap/AuthContext.php +++ b/tests/acceptance/features/bootstrap/AuthContext.php @@ -180,7 +180,7 @@ public function verifyStatusCode($ocsCode, $httpCode, $endPoint) { * @return void * @throws Exception */ - public function userRequestsEndpointsWithNoAuthThenStatusCodeAboutUser($method, $body, $ofUser, TableNode $table) { + public function userRequestsEndpointsWithBodyAndNoAuthThenStatusCodeAboutUser($method, $body, $ofUser, TableNode $table) { $ofUser = \strtolower($this->featureContext->getActualUsername($ofUser)); $this->featureContext->verifyTableNodeColumns($table, ['endpoint']); foreach ($table->getHash() as $row) { @@ -188,14 +188,14 @@ public function userRequestsEndpointsWithNoAuthThenStatusCodeAboutUser($method, $row['endpoint'], $ofUser ); $this->sendRequest($row['endpoint'], $method, null, false, $body); - $this->featureContext->pushToLastStatusCodesArray( + $this->featureContext->pushToLastHttpStatusCodesArray( $this->featureContext->getResponse()->getStatusCode() ); } } /** - * @When a user requests these endpoints with :method and no authentication then the status codes should be as listed + * @When a user requests these endpoints with :method and no authentication * * @param string $method * @param TableNode $table @@ -204,17 +204,24 @@ public function userRequestsEndpointsWithNoAuthThenStatusCodeAboutUser($method, * @throws Exception */ public function userRequestsEndpointsWithNoAuthentication($method, TableNode $table) { - $this->featureContext->verifyTableNodeColumns($table, ['endpoint', 'http-code'], ['ocs-code', 'body']); + $this->featureContext->verifyTableNodeColumns($table, ['endpoint']); + $this->featureContext->emptyLastOCSStatusCodesArray(); + $this->featureContext->emptyLastHTTPStatusCodesArray(); foreach ($table->getHash() as $row) { - $body = $row['body'] ?? null; - $this->sendRequest($row['endpoint'], $method, null, false, $body); - $ocsCode = $row['ocs-code'] ?? null; - $this->verifyStatusCode($ocsCode, $row['http-code'], $row['endpoint']); + $this->sendRequest($row['endpoint'], $method); + $this->featureContext->pushToLastHttpStatusCodesArray( + $this->featureContext->getResponse()->getStatusCode() + ); + $this->featureContext->pushToLastOcsCodesArray( + $this->featureContext->ocsContext->getOCSResponseStatusCode( + $this->featureContext->getResponse() + ) + ); } } /** - * @When the user :user requests these endpoints with :method with basic auth then the status codes should be as listed + * @When the user :user requests these endpoints with :method with basic auth * * @param string $user * @param string $method @@ -225,7 +232,7 @@ public function userRequestsEndpointsWithNoAuthentication($method, TableNode $ta */ public function userRequestsEndpointsWithBasicAuth($user, $method, TableNode $table) { $user = $this->featureContext->getActualUsername($user); - $this->userRequestsEndpointsWithPassword($user, $method, null, $table); + $this->userRequestsEndpointsWithPassword($user, $method,null, $table); } /** @@ -299,7 +306,8 @@ public function requestEndpointsWithBasicAuthAndGeneratedPassword( ) { $user = $this->featureContext->getActualUsername($user); $ofUser = \strtolower($this->featureContext->getActualUsername($ofUser)); - + $this->featureContext->verifyTableNodeRows($table, ['endpoint']); + $this->featureContext->emptyLastHTTPStatusCodesArray(); if (!$body && $property) { $body = $this->featureContext->getBodyForOCSRequest($method, $property); } @@ -310,41 +318,14 @@ public function requestEndpointsWithBasicAuthAndGeneratedPassword( $row['endpoint'], $ofUser ); $this->userRequestsURLWithUsingBasicAuth($user, $row['endpoint'], $method, $this->appToken, $body); - $this->featureContext->pushToLastStatusCodesArray( + $this->featureContext->pushToLastHttpStatusCodesArray( $this->featureContext->getResponse()->getStatusCode() ); } } /** - * @When user :user requests these endpoints with :method using password :password then the status codes about user :ofUser should be as listed - * - * @param string $user - * @param string $method - * @param string $password - * @param string $ofUser - * @param TableNode $table - * - * @return void - * @throws Exception - */ - public function userRequestsEndpointsWithPasswordThenStatusCodeAboutUser($user, $method, $password, $ofUser, TableNode $table) { - $user = $this->featureContext->getActualUsername($user); - $ofUser = \strtolower($this->featureContext->getActualUsername($ofUser)); - $this->featureContext->verifyTableNodeColumns($table, ['endpoint', 'http-code'], ['ocs-code', 'body']); - foreach ($table->getHash() as $row) { - $row['endpoint'] = $this->featureContext->substituteInLineCodes( - $row['endpoint'], $ofUser - ); - $body = $row['body'] ?? null; - $ocsCode = $row['ocs-code'] ?? null; - $this->userRequestsURLWithUsingBasicAuth($user, $row['endpoint'], $method, $password, $body); - $this->verifyStatusCode($ocsCode, $row['http-code'], $row['endpoint']); - } - } - - /** - * @When user :user requests these endpoints with :method using password :password then the status codes should be as listed + * @When user :user requests these endpoints with :method using password :password * * @param string $user * @param string $method @@ -356,17 +337,24 @@ public function userRequestsEndpointsWithPasswordThenStatusCodeAboutUser($user, */ public function userRequestsEndpointsWithPassword($user, $method, $password, TableNode $table) { $user = $this->featureContext->getActualUsername($user); - $this->featureContext->verifyTableNodeColumns($table, ['endpoint', 'http-code'], ['ocs-code', 'body']); + $this->featureContext->emptyLastOCSStatusCodesArray(); + $this->featureContext->emptyLastHTTPStatusCodesArray(); + $this->featureContext->verifyTableNodeColumns($table, ['endpoint']); foreach ($table->getHash() as $row) { - $body = $row['body'] ?? null; - $ocsCode = $row['ocs-code'] ?? null; - $this->userRequestsURLWithUsingBasicAuth($user, $row['endpoint'], $method, $password, $body); - $this->verifyStatusCode($ocsCode, $row['http-code'], $row['endpoint']); + $this->userRequestsURLWithUsingBasicAuth($user, $row['endpoint'], $method, $password); + $this->featureContext->pushToLastHttpStatusCodesArray( + $this->featureContext->getResponse()->getStatusCode() + ); + $this->featureContext->pushToLastOcsCodesArray( + $this->featureContext->ocsContext->getOCSResponseStatusCode( + $this->featureContext->getResponse() + ) + ); } } /** - * @When the administrator requests these endpoint with :method then the status codes should be as listed + * @When the administrator requests these endpoint with :method * * @param string $method * @param TableNode $table @@ -379,7 +367,7 @@ public function adminRequestsEndpoint($method, TableNode $table) { } /** - * @When the administrator requests these endpoints with :method using password :password then the status codes should be as listed + * @When the administrator requests these endpoints with :method using password :password * * @param string $method * @param string $password @@ -393,20 +381,26 @@ public function adminRequestsEndpointsWithPassword( $password, TableNode $table ) { - $this->featureContext->verifyTableNodeColumns($table, ['endpoint', 'http-code'], ['ocs-code']); + $this->featureContext->verifyTableNodeColumns($table, ['endpoint']); foreach ($table->getHash() as $row) { $this->administratorRequestsURLWithUsingBasicAuth( $row['endpoint'], $method, $password ); - $ocsCode = $row['ocs-code'] ?? null; - $this->verifyStatusCode($ocsCode, $row['http-code'], $row['endpoint']); + $this->featureContext->pushToLastHttpStatusCodesArray( + $this->featureContext->getResponse()->getStatusCode() + ); + $this->featureContext->pushToLastOcsCodesArray( + $this->featureContext->ocsContext->getOCSResponseStatusCode( + $this->featureContext->getResponse() + ) + ); } } /** - * @When user :user requests these endpoints with :method using basic token auth then the status codes should be as listed + * @When user :user requests these endpoints with :method using basic token auth * * @param string $user * @param string $method @@ -417,16 +411,24 @@ public function adminRequestsEndpointsWithPassword( */ public function whenUserWithNewClientTokenRequestsForEndpointUsingBasicTokenAuth($user, $method, TableNode $table) { $user = $this->featureContext->getActualUsername($user); - $this->featureContext->verifyTableNodeColumns($table, ['endpoint', 'http-code'], ['ocs-code']); + $this->featureContext->verifyTableNodeColumns($table, ['endpoint']); + $this->featureContext->emptyLastHTTPStatusCodesArray(); + $this->featureContext->emptyLastOCSStatusCodesArray(); foreach ($table->getHash() as $row) { - $ocsCode = $row['ocs-code'] ?? null; $this->userRequestsURLWithUsingBasicTokenAuth($user, $row['endpoint'], $method); - $this->verifyStatusCode($ocsCode, $row['http-code'], $row['endpoint']); + $this->featureContext->pushToLastHttpStatusCodesArray( + $this->featureContext->getResponse()->getStatusCode() + ); + $this->featureContext->pushToLastOcsCodesArray( + $this->featureContext->ocsContext->getOCSResponseStatusCode( + $this->featureContext->getResponse() + ) + ); } } /** - * @When the user requests these endpoints with :method using a new browser session then the status codes should be as listed + * @When the user requests these endpoints with :method using a new browser session * * @param string $method * @param TableNode $table @@ -435,11 +437,19 @@ public function whenUserWithNewClientTokenRequestsForEndpointUsingBasicTokenAuth * @throws Exception */ public function userRequestsTheseEndpointsUsingNewBrowserSession($method, TableNode $table) { - $this->featureContext->verifyTableNodeColumns($table, ['endpoint', 'http-code'], ['ocs-code']); + $this->featureContext->verifyTableNodeColumns($table, ['endpoint']); + $this->featureContext->emptyLastHTTPStatusCodesArray(); + $this->featureContext->emptyLastOCSStatusCodesArray(); foreach ($table->getHash() as $row) { - $ocsCode = $row['ocs-code'] ?? null; $this->userRequestsURLWithBrowserSession($row['endpoint'], $method); - $this->verifyStatusCode($ocsCode, $row['http-code'], $row['endpoint']); + $this->featureContext->pushToLastHttpStatusCodesArray( + $this->featureContext->getResponse()->getStatusCode() + ); + $this->featureContext->pushToLastOcsCodesArray( + $this->featureContext->ocsContext->getOCSResponseStatusCode( + $this->featureContext->getResponse() + ) + ); } } @@ -461,14 +471,14 @@ public function userRequestsEndpointsUsingTheGeneratedAppPasswordThenStatusCodeA $row['endpoint'], $user ); $this->userRequestsURLWithUsingAppPassword($row['endpoint'], $method); - $this->featureContext->pushToLastStatusCodesArray( + $this->featureContext->pushToLastHttpStatusCodesArray( $this->featureContext->getResponse()->getStatusCode() ); } } /** - * @When the user requests these endpoints with :method using the generated app password then the status codes should be as listed + * @When the user requests these endpoints with :method using the generated app password * * @param string $method * @param TableNode $table @@ -477,11 +487,19 @@ public function userRequestsEndpointsUsingTheGeneratedAppPasswordThenStatusCodeA * @throws Exception */ public function userRequestsEndpointsUsingTheGeneratedAppPassword($method, TableNode $table) { - $this->featureContext->verifyTableNodeColumns($table, ['endpoint', 'http-code'], ['ocs-code']); + $this->featureContext->verifyTableNodeColumns($table, ['endpoint']); + $this->featureContext->emptyLastHTTPStatusCodesArray(); + $this->featureContext->emptyLastOCSStatusCodesArray(); foreach ($table->getHash() as $row) { $this->userRequestsURLWithUsingAppPassword($row['endpoint'], $method); - $ocsCode = $row['ocs-code'] ?? null; - $this->verifyStatusCode($ocsCode, $row['http-code'], $row['endpoint']); + $this->featureContext->pushToLastHttpStatusCodesArray( + $this->featureContext->getResponse()->getStatusCode() + ); + $this->featureContext->pushToLastOcsCodesArray( + $this->featureContext->ocsContext->getOCSResponseStatusCode( + $this->featureContext->getResponse() + ) + ); } } @@ -640,6 +658,7 @@ public function aNewClientTokenForTheAdministratorHasBeenGenerated() { * @param string $body * * @return void + * @throws Exception */ public function userRequestsURLWithUsingBasicAuth($user, $url, $method, $password = null, $body = null) { $userRenamed = $this->featureContext->getActualUsername($user); @@ -666,6 +685,7 @@ public function userRequestsURLWithUsingBasicAuth($user, $url, $method, $passwor * @param string $body * * @return void + * @throws Exception */ public function userHasRequestedURLWithUsingBasicAuth( $user, $url, $method, $password = null, $body = null @@ -684,6 +704,7 @@ public function userHasRequestedURLWithUsingBasicAuth( * @param string $password * * @return void + * @throws Exception */ public function administratorRequestsURLWithUsingBasicAuth($url, $method, $password = null) { $this->userRequestsURLWithUsingBasicAuth( diff --git a/tests/acceptance/features/bootstrap/FeatureContext.php b/tests/acceptance/features/bootstrap/FeatureContext.php index 648a52316505..9d448461336d 100644 --- a/tests/acceptance/features/bootstrap/FeatureContext.php +++ b/tests/acceptance/features/bootstrap/FeatureContext.php @@ -278,7 +278,7 @@ class FeatureContext extends BehatVariablesContext { /** * @var array last http status codes */ - private $lastStatusCodesArray = []; + private $lastHttpStatusCodesArray = []; /** * @var array last ocs status codes */ @@ -289,8 +289,22 @@ class FeatureContext extends BehatVariablesContext { * * @return void */ - public function pushToLastStatusCodesArray($httpStatusCode) { - \array_push($this->lastStatusCodesArray, $httpStatusCode); + public function pushToLastHttpStatusCodesArray($httpStatusCode) { + \array_push($this->lastHttpStatusCodesArray, $httpStatusCode); + } + + /** + * @return void + */ + public function emptyLastHTTPStatusCodesArray() { + $this->lastHttpStatusCodesArray = []; + } + + /** + * @return void + */ + public function emptyLastOCSStatusCodesArray() { + $this->lastOCSStatusCodesArray = []; } /** * @param $ocsStatusCode diff --git a/tests/acceptance/features/bootstrap/OCSContext.php b/tests/acceptance/features/bootstrap/OCSContext.php index 7c571812faa8..b9c29ece4211 100644 --- a/tests/acceptance/features/bootstrap/OCSContext.php +++ b/tests/acceptance/features/bootstrap/OCSContext.php @@ -431,44 +431,41 @@ public function theAdministratorSendsHttpMethodToOcsApiWithBodyAndPassword( } /** - * @When the administrator requests these endpoints with :method with body using password :password then the status codes should be as listed + * @When /^user "([^"]*)" sends HTTP method "([^"]*)" to OCS API endpoint "([^"]*)" with body using password "([^"]*)"$/ * - * @param string $method + * @param string $user + * @param string $verb + * @param string $url * @param string $password - * @param TableNode $table + * @param TableNode $body * * @return void */ - public function administratorSendsRequestToTheseEndpointsWithPassword( - $method, - $password, - TableNode $table + public function userSendsHTTPMethodToOcsApiEndpointWithBodyAndPassword( + $user, $verb, $url, $password, $body ) { - $admin = $this->featureContext->getAdminUsername(); - $this->userSendsRequestToTheseEndpointsWithBodyUsingPassword( - $admin, - $method, - $password, - $table + $this->userSendsHTTPMethodToOcsApiEndpointWithBody( + $user, $verb, $url, $body, $password ); } /** - * @When /^user "([^"]*)" sends HTTP method "([^"]*)" to OCS API endpoint "([^"]*)" with body using password "([^"]*)"$/ + * @When user :user requests these endpoints with :method using password :password about user :ofUser * * @param string $user - * @param string $verb - * @param string $url + * @param string $method * @param string $password - * @param TableNode $body + * @param string $ofUser + * @param TableNode $table * * @return void + * @throws \Exception */ - public function userSendsHTTPMethodToOcsApiEndpointWithBodyAndPassword( - $user, $verb, $url, $password, $body + public function userSendsRequestToTheseEndpointsWithOutBodyUsingPassword( + $user, $method, $password, $ofUser, TableNode $table ) { - $this->userSendsHTTPMethodToOcsApiEndpointWithBody( - $user, $verb, $url, $body, $password + $this->userSendsRequestToTheseEndpointsWithBodyUsingPassword( + $user, $method, null, $password, $ofUser, $table ); } @@ -491,6 +488,8 @@ public function userSendsRequestToTheseEndpointsWithBodyUsingPassword( $user = $this->featureContext->getActualUsername($user); $ofUser = $this->featureContext->getActualUsername($ofUser); $this->featureContext->verifyTableNodeColumns($table, ['endpoint']); + $this->featureContext->emptyLastHTTPStatusCodesArray(); + $this->featureContext->emptyLastOCSStatusCodesArray(); foreach ($table->getHash() as $row) { $row['endpoint'] = $this->featureContext->substituteInLineCodes( $row['endpoint'], $ofUser @@ -502,7 +501,7 @@ public function userSendsRequestToTheseEndpointsWithBodyUsingPassword( $password, $body ); - $this->featureContext->pushToLastStatusCodesArray( + $this->featureContext->pushToLastHttpStatusCodesArray( $this->featureContext->getResponse()->getStatusCode() ); $this->featureContext->pushToLastOcsCodesArray( @@ -566,6 +565,8 @@ public function sendRequestToTheseEndpointsAsNormalUser( $user = $this->featureContext->getActualUsername($user); $ofUser = $this->featureContext->getActualUsername($ofUser); $this->featureContext->verifyTableNodeColumns($table, ['endpoint']); + $this->featureContext->emptyLastHTTPStatusCodesArray(); + $this->featureContext->emptyLastOCSStatusCodesArray(); if (!$body && $property) { $body = $this->featureContext->getBodyForOCSRequest($method, $property); } @@ -580,7 +581,7 @@ public function sendRequestToTheseEndpointsAsNormalUser( $this->featureContext->getPasswordForUser($user), $body ); - $this->featureContext->pushToLastStatusCodesArray( + $this->featureContext->pushToLastHttpStatusCodesArray( $this->featureContext->getResponse()->getStatusCode() ); } @@ -613,7 +614,7 @@ public function userRequestsTheseEndpointsWithUsingThePasswordOfUser($asUser, $m $this->featureContext->getPasswordForUser($user), $body ); - $this->featureContext->pushToLastStatusCodesArray( + $this->featureContext->pushToLastHttpStatusCodesArray( $this->featureContext->getResponse()->getStatusCode() ); } diff --git a/tests/acceptance/features/bootstrap/WebDav.php b/tests/acceptance/features/bootstrap/WebDav.php index b4a83fff818a..60d01ca870cd 100644 --- a/tests/acceptance/features/bootstrap/WebDav.php +++ b/tests/acceptance/features/bootstrap/WebDav.php @@ -1779,7 +1779,8 @@ public function theHTTPStatusCodeOfAllUploadResponsesShouldBe($statusCode) { * @throws Exception */ public function theHTTPStatusCodeOfResponsesOnAllEndpointsShouldBe($statusCode) { - $duplicateRemovedStatusCodes = \array_unique($this->lastStatusCodesArray); + $duplicateRemovedStatusCodes = \array_unique($this->lastHttpStatusCodesArray); + var_dump($duplicateRemovedStatusCodes); if (\count($duplicateRemovedStatusCodes) === 1) { Assert::assertSame( \intval($statusCode),