-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #36601 from owncloud/api-auth-2
Tests for accessing webDav endpoints with invalid authentication
- Loading branch information
Showing
5 changed files
with
160 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
tests/acceptance/features/apiAuthWebDav/webDavMKCOLAuth.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| @api @TestAlsoOnExternalUserBackend | ||
| Feature: get file info using MKCOL | ||
|
|
||
| Background: | ||
| Given user "user0" has been created with default attributes and skeleton files | ||
| And user "user1" has been created with default attributes and without skeleton files | ||
|
|
||
| Scenario: send MKCOL requests to webDav endpoints as normal user with wrong password | ||
| When user "user0" requests these endpoints with "MKCOL" including body using password "invalid" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | | ||
|
|
||
| Scenario: send MKCOL requests to webDav endpoints as normal user with no password | ||
| When user "user0" requests these endpoints with "MKCOL" including body using password "" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | | ||
|
|
||
| Scenario: send MKCOL requests to another user's webDav endpoints as normal user | ||
| When user "user1" requests these endpoints with "MKCOL" including body then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 403 | | | ||
| | /remote.php/dav/files/user0/PARENT | 403 | | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 409 | | | ||
|
|
||
| Scenario: send MKCOL requests to webDav endpoints using invalid username but correct password | ||
| When user "usero" requests these endpoints with "MKCOL" including body using the password of user "user0" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | |
40 changes: 40 additions & 0 deletions
40
tests/acceptance/features/apiAuthWebDav/webDavPOSTAuth.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| @api @TestAlsoOnExternalUserBackend | ||
| Feature: get file info using POST | ||
|
|
||
| Background: | ||
| Given user "user0" has been created with default attributes and skeleton files | ||
| And user "user1" has been created with default attributes and without skeleton files | ||
|
|
||
| Scenario: send POST requests to webDav endpoints as normal user with wrong password | ||
| When user "user0" requests these endpoints with "POST" including body using password "invalid" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | | ||
|
|
||
| Scenario: send POST requests to webDav endpoints as normal user with no password | ||
| When user "user0" requests these endpoints with "POST" including body using password "" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | | ||
|
|
||
| Scenario: send POST requests to another user's webDav endpoints as normal user | ||
| When user "user1" requests these endpoints with "POST" including body then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/dav/files/user0/textfile1.txt | 404 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENTS | 404 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENTS/parent.txt | 404 | doesnotmatter | | ||
|
|
||
| Scenario: send POST requests to webDav endpoints using invalid username but correct password | ||
| When user "usero" requests these endpoints with "POST" including body using the password of user "user0" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | |
40 changes: 40 additions & 0 deletions
40
tests/acceptance/features/apiAuthWebDav/webDavPROPFINDAuth.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| @api @TestAlsoOnExternalUserBackend | ||
| Feature: get file info using PROPFIND | ||
|
|
||
| Background: | ||
| Given user "user0" has been created with default attributes and skeleton files | ||
| And user "user1" has been created with default attributes and without skeleton files | ||
|
|
||
| Scenario: send PROPFIND requests to webDav endpoints as normal user with wrong password | ||
| When user "user0" requests these endpoints with "PROPFIND" including body using password "invalid" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | | ||
|
|
||
| Scenario: send PROPFIND requests to webDav endpoints as normal user with no password | ||
| When user "user0" requests these endpoints with "PROPFIND" including body using password "" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | | ||
|
|
||
| Scenario: send PROPFIND requests to another user's webDav endpoints as normal user | ||
| When user "user1" requests these endpoints with "PROPFIND" including body then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 404 | <?xml version="1.0"?><d:propfind xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns"><d:prop><d:getetag /></d:prop></d:propfind> | | ||
| | /remote.php/dav/files/user0/PARENT | 404 | <?xml version="1.0"?><d:propfind xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns"><d:prop><d:getetag /></d:prop></d:propfind> | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 404 | <?xml version="1.0"?><d:propfind xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns"><d:prop><d:getetag /></d:prop></d:propfind> | | ||
|
|
||
| Scenario: send PROPFIND requests to webDav endpoints using invalid username but correct password | ||
| When user "usero" requests these endpoints with "PROPFIND" including body using the password of user "user0" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | |
40 changes: 40 additions & 0 deletions
40
tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| @api @TestAlsoOnExternalUserBackend | ||
| Feature: get file info using PUT | ||
|
|
||
| Background: | ||
| Given user "user0" has been created with default attributes and skeleton files | ||
| And user "user1" has been created with default attributes and without skeleton files | ||
|
|
||
| Scenario: send PUT requests to webDav endpoints as normal user with wrong password | ||
| When user "user0" requests these endpoints with "PUT" including body using password "invalid" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | | ||
|
|
||
| Scenario: send PUT requests to webDav endpoints as normal user with no password | ||
| When user "user0" requests these endpoints with "PUT" including body using password "" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | | ||
|
|
||
| Scenario: send PUT requests to another user's webDav endpoints as normal user | ||
| When user "user1" requests these endpoints with "PUT" including body then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/dav/files/user0/textfile1.txt | 403 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENTS | 403 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENTS/parent.txt | 404 | doesnotmatter | | ||
|
|
||
| Scenario: send PUT requests to webDav endpoints using invalid username but correct password | ||
| When user "usero" requests these endpoints with "PUT" including body using the password of user "user0" then the status codes should be as listed | ||
| | endpoint | http-code | body | | ||
| | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter | | ||
| | /remote.php/webdav/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter | | ||
| | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter | |