Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0.4.4 test run #262

Closed
jnweiger opened this issue Apr 22, 2020 · 6 comments
Closed

0.4.4 test run #262

jnweiger opened this issue Apr 22, 2020 · 6 comments
Assignees
@jnweiger @iHerrmann77

Comments

@jnweiger
Copy link
Contributor

jnweiger commented Apr 22, 2020
edited
Loading

Test Run Document

References:

Versions used:

OAuth2 app Test Plan

This aims to be a client-agnostic testplan for the OAuth2 application, centered in the actions available in the webUI and/or occ commands and their impact on ownCloud's core behavior. To test the application from a client standpoint see:

Testing functionality

Test Case Expected Result Result Related Comment
CLI commands
Enable OAuth2 app via CLI using occ app:enable oauth2 - The apps gets enabled
- Replies from the WebDAV endpoint includes a new WWW-Authenticate: Bearer... header		 ✔️
  • Step 1) enable, logout, login admin, admin check personal -> security
    no applications authorized.
  • Step 2) logged out. expect:

    curl -I http://$SERER/remote.php/webdav | grep -i www-auth

    www-authendicate: bearer
Disable OAuth2 app via CLI using occ app:disable oauth2 - The apps gets disabled
- Previously mentioned header goes away in further requests		 ✔️ :
  • curl -I http://$SERER/remote.php/webdav | grep -i www-auth

    www-authenticate: basic ...
Registered Clients
Default clients The default Registered clients are included among the "Settings > Admin > User Authentication" OAuth 2.0: Registered Clients ✔️ See #38 for the default values
Register new Client 64-character-length client_id and client_secret are generated together with a (required) Client Name and a (required) Redirection URL 🚧 the name is not optional ->owncloud/QA#646
Remove a Client - Confirmation dialog is prompted before removal
- All client sessions opened from those clients get removed		 is removed without confirmation dialog
Unregistered Clients
Authentication flow from an unregistered client Unsuccessful Authorization Request ⚙️ Browser displays the "Request not valid" screen.
Steps:
1. enter URL at desktop client, hit next.
2 client redirects to browser, change client_id in url to something different. Hit enter again.
Authorized Applications
Login with a Registered Client The Client Name is displayed amongst the "Personal > Security" OAuth 2.0 Authorized Applications ⚙️
Session Revocation (i.e. delete Authorized Application) All the sessions opened in the clients are revoked and must be re-authorized ⚙️
User Account Handling
Password change Open sessions are revoked and new credentials must be used in further login attempts ✔️ Improvement suggestion: desktop client 2.6.1 only displays a 'cannot find folder message' when re-auth is required.
Authorization Flow
Successful Authorization Request without any session open in the browser Login form with an additional informative note about the application requesting access to ownCloud is displayed ⚙️
Successful Authorization Request with a valid session in the browser The "Authorize" screen is displayed ⚙️
Successful Authorization Request in a browser with a different user logged in The "Switch User" screen is displayed, allowing to modify the current session ⚙️ See use of the additional user parameter in: #67
Failed attempt in the authorization login form The query parameters for the Authorization Request are preserved in next attempts ⚙️ See original issue in: owncloud/core#28129
Relevant Smoke Tests
Unauthenticated Actions: Public File Drop Files get uploaded normally 🚧 See #100

openidconnect app Test Plan

TODO
@jnweiger
Copy link
Contributor Author

jnweiger commented Apr 27, 2020
edited
Loading

Test setup for running an oauth release candidate version together with openidconnect:

git clone https://github.com/owncloud-docker/compose-playground
cd compose-playground
mkdir apps
cd apps
curl -L https://github.com/owncloud/oauth2/releases/download/v0.4.4RC1/oauth2-0.4.4RC1.tar.gz | tar xzf -
cd ..

export KOPANO_KONNECT_DOMAIN=konnect.docker-playground.local
export OWNCLOUD_DOMAIN=owncloud.docker-playground.local
export OWNCLOUD_HTTP_PORT=9680
export OWNCLOUD_APPS_ENABLE="openidconnect,oauth2"

docker-compose \
    -f owncloud-base.yml \
    -f owncloud-official.yml \
    -f owncloud-exported-ports.yml \
    -f owncloud-mount-apps.yml \
    -f cache/redis.yml \
    -f database/mariadb.yml \
    -f ldap/openldap.yml \
    -f ldap/openldap-mount-ldif.yml \
    -f ldap/openldap-autoconfig-base.yml \
    -f kopano/konnect/docker-compose.yml \
    up

Issues with this setup:

@jnweiger
Copy link
Contributor Author

The login screen should offer kopano as an Alternative login, as e.g. seen on
https://oidc-workshop.owncloud-demo.com/oc10/login
image

@jnweiger
Copy link
Contributor Author

jnweiger commented May 3, 2020

Structure visualization from the above compose
docker-compose svg

@davitol
Copy link
Contributor

davitol commented May 6, 2020

The login screen should offer kopano as an Alternative login, as e.g. seen on
https://oidc-workshop.owncloud-demo.com/oc10/login
image

I guess this configuration should be done in config.php file in the line:

https://github.com/owncloud/core/blob/master/config/config.sample.php#L247

@davitol
Copy link
Contributor

davitol commented May 6, 2020

Having a oC 10.4.1 server, trying to test oauth2 0.4.4 and openideconnect having both enable using https://owncloud.github.io/ocis/bridge/#how-to-do-it.

When I run this step: https://owncloud.github.io/ocis/bridge/#check-it-is-up-and-running

ldapsearch -x -H ldap://XXXXXX:9125 -b dc=example,dc=com -D "cn=admin,dc=example,dc=com" -W '(objectclass=posixaccount)'
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

Screenshot 2020-05-05 at 17 46 30

the credentials i am trying are the ones from the oC user admin/admin

glauth is configured to use owncloud as a backend. It was launched like this:

bin/ocis-glauth --log-level debug server --backend-server https://myowncloudserver.com --backend-basedn dc=example,dc=com

graphapi: 0.0.1 app is installed and enabled

curl https://cloud.example.com/apps/graphapi/v1.0/users/admin -u admin:admin -v works and returns 200 OK .

butonic added a commit to owncloud/ocis that referenced this issue May 6, 2020
@butonic
udpate bridge doc to use correct glauth datastore
01c23f8 
@davitol this should solve your owncloud/oauth2#262 (comment)
@butonic butonic mentioned this issue May 6, 2020
Merged
@davitol
Copy link
Contributor

davitol commented May 6, 2020

This comment #262 (comment) was solved in owncloud/ocis#248

butonic added a commit to owncloud/ocis that referenced this issue Jun 8, 2020
@butonic
udpate bridge doc to use correct glauth datastore
6212f73 
@davitol this should solve your owncloud/oauth2#262 (comment)
@butonic butonic closed this as completed Mar 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jnweiger jnweiger

@iHerrmann77 iHerrmann77

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@butonic @jnweiger @davitol @iHerrmann77