Skip to content

Commit

Permalink
Refactored features files, remove extra blank lines
Browse files Browse the repository at this point in the history
  • Loading branch information
@grgprarup
grgprarup committed Oct 31, 2022
1 parent 453b2c7 commit 65739e3
Show file tree
Hide file tree
Showing 35 changed files with 144 additions and 125 deletions.
5 changes: 5 additions & 0 deletions tests/acceptance/features/apiAuth/tokenAuth.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,14 @@ Feature: tokenAuth
And user "Alice" has been created with default attributes and without skeleton files
And token auth has been enforced


Scenario: creating a user with basic auth should be blocked when token auth is enforced
Given user "brand-new-user" has been deleted
When the administrator sends a user creation request for user "brand-new-user" password "%alt1%" using the provisioning API
Then the OCS status code should be "997"
And the HTTP status code should be "401"


Scenario: moving a file should be blocked when token auth is enforced
Given using new DAV path
When user "Alice" moves file "/textfile0.txt" to "/renamed_textfile0.txt" using the WebDAV API
Expand All @@ -24,13 +26,15 @@ Feature: tokenAuth
When the user requests "/index.php/apps/files" with "GET" using the generated app password
Then the HTTP status code should be "200"


Scenario: cannot access files app with an app password that is deleted when token auth is enforced
Given a new browser session for "Alice" has been started
And the user has generated a new app password named "my-client"
And the user has deleted the app password named "my-client"
When the user requests "/index.php/apps/files" with "GET" using the generated app password
Then the HTTP status code should be "401"


Scenario: Access files app with when there are multiple tokens generated
Given a new browser session for "Alice" has been started
And the user has generated a new app password named "my-client"
Expand All @@ -45,6 +49,7 @@ Feature: tokenAuth
When user "Alice" requests "/index.php/apps/files" with "GET" using basic auth
Then the HTTP status code should be "401"


Scenario: using WebDAV with basic auth should be blocked when token auth is enforced
When user "Alice" requests "/remote.php/webdav" with "PROPFIND" using basic auth
Then the HTTP status code should be "401"
Expand Down
5 changes: 0 additions & 5 deletions tests/acceptance/features/apiAuth/webDavAuth.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,6 @@ Feature: auth
When user "Alice" requests "/remote.php/webdav" with "PROPFIND" using basic token auth
Then the HTTP status code should be "207"

# DAV token auth is not possible yet
#Scenario: using WebDAV with a client token
# When requesting "/remote.php/webdav" with "PROPFIND" using a client token
# Then the HTTP status code should be "207"

@smokeTest @notToImplementOnOCIS
Scenario: using WebDAV with browser session
Given a new browser session for "Alice" has been started
Expand Down
4 changes: 1 addition & 3 deletions tests/acceptance/features/apiAuthOcs/ocsDELETEAuth.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@ Feature: auth
Background:
Given user "another-admin" has been created with default attributes and without skeleton files

@smokeTest @issue-ocis-reva-30 @issue-ocis-reva-65
@skipOnBruteForceProtection @issue-brute_force_protection-112
@skipOnOcV10 @issue-32068
@smokeTest @issue-ocis-reva-30 @issue-ocis-reva-65 @skipOnBruteForceProtection @issue-brute_force_protection-112 @skipOnOcV10 @issue-32068
Scenario: send DELETE requests to OCS endpoints as admin with wrong password
Given user "another-admin" has been added to group "admin"
When user "another-admin" requests these endpoints with "DELETE" using password "invalid" about user "Alice"
Expand Down
3 changes: 1 addition & 2 deletions tests/acceptance/features/apiAuthOcs/ocsDELETEAuthOc10Issue32068.feature
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
@api @files_sharing-app-required @notToImplementOnOCIS
Feature: current oC10 behavior for issue-32068

@smokeTest @issue-32068 @issue-ocis-reva-30 @issue-ocis-reva-65
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @issue-32068 @issue-ocis-reva-30 @issue-ocis-reva-65 @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send DELETE requests to OCS endpoints as admin with wrong password
Given user "another-admin" has been created with default attributes and without skeleton files
And user "another-admin" has been added to group "admin"
Expand Down
21 changes: 4 additions & 17 deletions tests/acceptance/features/apiAuthOcs/ocsGETAuth.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@ Feature: auth
Background:
Given user "Alice" has been created with default attributes and without skeleton files

@issue-32068 @skipOnOcV10
@issue-ocis-reva-30
@smokeTest
@issue-32068 @skipOnOcV10 @issue-ocis-reva-30 @smokeTest
Scenario: using OCS anonymously
When a user requests these endpoints with "GET" and no authentication
| endpoint |
Expand Down Expand Up @@ -40,14 +38,7 @@ Feature: auth
Then the HTTP status code of responses on all endpoints should be "200"
And the OCS status code of responses on all endpoints should be "200"

@issue-32068 @skipOnOcV10
@issue-ocis-reva-11
@issue-ocis-reva-30
@issue-ocis-reva-31
@issue-ocis-reva-32
@issue-ocis-reva-33
@issue-ocis-reva-34
@issue-ocis-reva-35
@issue-32068 @skipOnOcV10 @issue-ocis-reva-11 @issue-ocis-reva-30 @issue-ocis-reva-31 @issue-ocis-reva-32 @issue-ocis-reva-33 @issue-ocis-reva-34 @issue-ocis-reva-35
Scenario: using OCS with non-admin basic auth
When the user "Alice" requests these endpoints with "GET" with basic auth
| endpoint |
Expand Down Expand Up @@ -78,9 +69,7 @@ Feature: auth
Then the HTTP status code of responses on all endpoints should be "401"
And the OCS status code of responses on all endpoints should be "401"

@issue-32068 @skipOnOcV10 @issue-ocis-reva-29 @issue-ocis-reva-30
@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@issue-32068 @skipOnOcV10 @issue-ocis-reva-29 @issue-ocis-reva-30 @smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: using OCS as normal user with wrong password
When user "Alice" requests these endpoints with "GET" using password "invalid"
| endpoint |
Expand Down Expand Up @@ -128,8 +117,7 @@ Feature: auth
Then the HTTP status code of responses on all endpoints should be "200"
And the OCS status code of responses on all endpoints should be "200"

@issue-ocis-reva-30 @issue-ocis-reva-65
@skipOnBruteForceProtection @issue-brute_force_protection-112
@issue-ocis-reva-30 @issue-ocis-reva-65 @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: using OCS as admin user with wrong password
Given user "another-admin" has been created with default attributes and without skeleton files
And user "another-admin" has been added to group "admin"
Expand Down Expand Up @@ -162,7 +150,6 @@ Feature: auth
Then the HTTP status code of responses on all endpoints should be "200"
And the OCS status code of responses on all endpoints should be "200"


@notToImplementOnOCIS @issue-ocis-reva-30 @issue-ocis-reva-28
Scenario: using OCS with token auth of a normal user
Given a new client token for "Alice" has been generated
Expand Down
7 changes: 2 additions & 5 deletions tests/acceptance/features/apiAuthOcs/ocsGETAuthFilesExternal.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,7 @@ Feature: auth
Background:
Given user "Alice" has been created with default attributes and without skeleton files

@issue-32068 @skipOnOcV10
@smokeTest
@issue-32068 @skipOnOcV10 @smokeTest
Scenario: using OCS anonymously
When a user requests these endpoints with "GET" and no authentication
| endpoint |
Expand All @@ -27,9 +26,7 @@ Feature: auth
Then the HTTP status code of responses on all endpoints should be "200"
And the OCS status code of responses on all endpoints should be "200"

@issue-32068 @skipOnOcV10
@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@issue-32068 @skipOnOcV10 @smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: using OCS as normal user with wrong password
When user "Alice" requests these endpoints with "GET" using password "invalid"
| endpoint |
Expand Down
3 changes: 1 addition & 2 deletions tests/acceptance/features/apiAuthOcs/ocsGETAuthFilesExternalOc10Issue32068.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,7 @@ Feature: current oC10 behavior for issue-32068
Then the HTTP status code of responses on all endpoints should be "200"
And the OCS status code of responses on all endpoints should be "200"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: using OCS as normal user with wrong password
When user "Alice" requests these endpoints with "GET" using password "invalid"
| endpoint |
Expand Down
17 changes: 3 additions & 14 deletions tests/acceptance/features/apiAuthOcs/ocsGETAuthOc10Issue32068.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@ Feature: current oC10 behavior for issue-32068
Background:
Given user "Alice" has been created with default attributes and without skeleton files

@issue-32068
@issue-ocis-reva-30
@smokeTest
@issue-32068 @issue-ocis-reva-30 @smokeTest
Scenario: using OCS anonymously
When a user requests these endpoints with "GET" and no authentication
| endpoint |
Expand All @@ -28,14 +26,7 @@ Feature: current oC10 behavior for issue-32068
And the OCS status code of responses on all endpoints should be "997"
#And the OCS status code of responses on all endpoints should be "401"

@issue-32068
@issue-ocis-reva-11
@issue-ocis-reva-30
@issue-ocis-reva-31
@issue-ocis-reva-32
@issue-ocis-reva-33
@issue-ocis-reva-34
@issue-ocis-reva-35
@issue-32068 @issue-ocis-reva-11 @issue-ocis-reva-30 @issue-ocis-reva-31 @issue-ocis-reva-32 @issue-ocis-reva-33 @issue-ocis-reva-34 @issue-ocis-reva-35
Scenario: using OCS with non-admin basic auth
When the user "Alice" requests these endpoints with "GET" with basic auth
| endpoint |
Expand Down Expand Up @@ -67,9 +58,7 @@ Feature: current oC10 behavior for issue-32068
And the OCS status code of responses on all endpoints should be "997"
#And the OCS status code of responses on all endpoints should be "401"

@issue-32068 @issue-ocis-reva-29 @issue-ocis-reva-30
@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@issue-32068 @issue-ocis-reva-29 @issue-ocis-reva-30 @smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: using OCS as normal user with wrong password
When user "Alice" requests these endpoints with "GET" using password "invalid"
| endpoint |
Expand Down
4 changes: 1 addition & 3 deletions tests/acceptance/features/apiAuthOcs/ocsPOSTAuth.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@ Feature: auth
Background:
Given user "Alice" has been created with default attributes and without skeleton files

@issue-ocis-reva-30
@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@issue-ocis-reva-30 @smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send POST requests to OCS endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
Expand Down
4 changes: 1 addition & 3 deletions tests/acceptance/features/apiAuthOcs/ocsPUTAuth.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@ Feature: auth
Background:
Given user "another-admin" has been created with default attributes and without skeleton files

@issue-ocis-reva-30
@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@issue-ocis-reva-30 @smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send PUT request to OCS endpoints as admin with wrong password
Given user "another-admin" has been added to group "admin"
When user "another-admin" requests these endpoints with "PUT" including body "doesnotmatter" using password "invalid" about user "Alice"
Expand Down
7 changes: 3 additions & 4 deletions tests/acceptance/features/apiAuthWebDav/webDavDELETEAuth.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,7 @@ Feature: delete file/folder
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send DELETE requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "DELETE" using password "invalid" about user "Alice"
| endpoint |
Expand Down Expand Up @@ -92,6 +91,7 @@ Feature: delete file/folder
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"


Scenario: send DELETE requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "DELETE" using the password of user "Alice"
| endpoint |
Expand All @@ -111,8 +111,7 @@ Feature: delete file/folder
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send DELETE requests to webDav endpoints without any authentication
When a user requests these endpoints with "DELETE" with no authentication about user "Alice"
| endpoint |
Expand Down
11 changes: 5 additions & 6 deletions tests/acceptance/features/apiAuthWebDav/webDavLOCKAuth.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,7 @@ Feature: LOCK file/folder
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send LOCK requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "LOCK" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
Expand All @@ -33,8 +32,7 @@ Feature: LOCK file/folder
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send LOCK requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "LOCK" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
Expand Down Expand Up @@ -78,6 +76,7 @@ Feature: LOCK file/folder
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "409"


Scenario: send LOCK requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "LOCK" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
Expand All @@ -97,6 +96,7 @@ Feature: LOCK file/folder
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"


Scenario: send LOCK requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "LOCK" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
Expand All @@ -116,8 +116,7 @@ Feature: LOCK file/folder
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send LOCK requests to webDav endpoints without any authentication
When a user requests these endpoints with "LOCK" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
Expand Down
11 changes: 5 additions & 6 deletions tests/acceptance/features/apiAuthWebDav/webDavMKCOLAuth.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,7 @@ Feature: create folder using MKCOL
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send MKCOL requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "MKCOL" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
Expand All @@ -29,8 +28,7 @@ Feature: create folder using MKCOL
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send MKCOL requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "MKCOL" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
Expand Down Expand Up @@ -78,6 +76,7 @@ Feature: create folder using MKCOL
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "409"


Scenario: send MKCOL requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "MKCOL" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
Expand All @@ -97,6 +96,7 @@ Feature: create folder using MKCOL
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"


Scenario: send MKCOL requests to webDav endpoints using valid password and username of different user
Given user "Brian" has been created with default attributes and without skeleton files
When user "Brian" requests these endpoints with "MKCOL" including body "doesnotmatter" using the password of user "Alice"
Expand All @@ -118,8 +118,7 @@ Feature: create folder using MKCOL
| /remote.php/dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

@smokeTest
@skipOnBruteForceProtection @issue-brute_force_protection-112
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send MKCOL requests to webDav endpoints without any authentication
When a user requests these endpoints with "MKCOL" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
Expand Down
Loading

0 comments on commit 65739e3

Please sign in to comment.