diff --git a/tests/TestHelpers/WebDavHelper.php b/tests/TestHelpers/WebDavHelper.php
index 0e77a0aeeb30..64c177394528 100644
--- a/tests/TestHelpers/WebDavHelper.php
+++ b/tests/TestHelpers/WebDavHelper.php
@@ -305,7 +305,6 @@ public static function makeDavRequest(
}
}
}
-
return HttpRequestHelper::sendRequest(
$fullUrl, $method, $user, $password, $headers, $body, $config, null,
$stream, $timeout, $client
diff --git a/tests/acceptance/features/apiAuthWebDav/webDavMKCOLAuth.feature b/tests/acceptance/features/apiAuthWebDav/webDavMKCOLAuth.feature
new file mode 100644
index 000000000000..f761e4635000
--- /dev/null
+++ b/tests/acceptance/features/apiAuthWebDav/webDavMKCOLAuth.feature
@@ -0,0 +1,40 @@
+@api @TestAlsoOnExternalUserBackend
+Feature: get file info using MKCOL
+
+ Background:
+ Given user "user0" has been created with default attributes and skeleton files
+ And user "user1" has been created with default attributes and without skeleton files
+
+ Scenario: send MKCOL requests to webDav endpoints as normal user with wrong password
+ When user "user0" requests these endpoints with "MKCOL" including body using password "invalid" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
+
+ Scenario: send MKCOL requests to webDav endpoints as normal user with no password
+ When user "user0" requests these endpoints with "MKCOL" including body using password "" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
+
+ Scenario: send MKCOL requests to another user's webDav endpoints as normal user
+ When user "user1" requests these endpoints with "MKCOL" including body then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/dav/files/user0/textfile0.txt | 403 | |
+ | /remote.php/dav/files/user0/PARENT | 403 | |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 409 | |
+
+ Scenario: send MKCOL requests to webDav endpoints using invalid username but correct password
+ When user "usero" requests these endpoints with "MKCOL" including body using the password of user "user0" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
diff --git a/tests/acceptance/features/apiAuthWebDav/webDavPOSTAuth.feature b/tests/acceptance/features/apiAuthWebDav/webDavPOSTAuth.feature
new file mode 100644
index 000000000000..c711fd9d4b19
--- /dev/null
+++ b/tests/acceptance/features/apiAuthWebDav/webDavPOSTAuth.feature
@@ -0,0 +1,40 @@
+@api @TestAlsoOnExternalUserBackend
+Feature: get file info using POST
+
+ Background:
+ Given user "user0" has been created with default attributes and skeleton files
+ And user "user1" has been created with default attributes and without skeleton files
+
+ Scenario: send POST requests to webDav endpoints as normal user with wrong password
+ When user "user0" requests these endpoints with "POST" including body using password "invalid" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
+
+ Scenario: send POST requests to webDav endpoints as normal user with no password
+ When user "user0" requests these endpoints with "POST" including body using password "" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
+
+ Scenario: send POST requests to another user's webDav endpoints as normal user
+ When user "user1" requests these endpoints with "POST" including body then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/dav/files/user0/textfile1.txt | 404 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENTS | 404 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENTS/parent.txt | 404 | doesnotmatter |
+
+ Scenario: send POST requests to webDav endpoints using invalid username but correct password
+ When user "usero" requests these endpoints with "POST" including body using the password of user "user0" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
diff --git a/tests/acceptance/features/apiAuthWebDav/webDavPROPFINDAuth.feature b/tests/acceptance/features/apiAuthWebDav/webDavPROPFINDAuth.feature
new file mode 100644
index 000000000000..d788cf339c38
--- /dev/null
+++ b/tests/acceptance/features/apiAuthWebDav/webDavPROPFINDAuth.feature
@@ -0,0 +1,40 @@
+@api @TestAlsoOnExternalUserBackend
+Feature: get file info using PROPFIND
+
+ Background:
+ Given user "user0" has been created with default attributes and skeleton files
+ And user "user1" has been created with default attributes and without skeleton files
+
+ Scenario: send PROPFIND requests to webDav endpoints as normal user with wrong password
+ When user "user0" requests these endpoints with "PROPFIND" including body using password "invalid" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
+
+ Scenario: send PROPFIND requests to webDav endpoints as normal user with no password
+ When user "user0" requests these endpoints with "PROPFIND" including body using password "" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
+
+ Scenario: send PROPFIND requests to another user's webDav endpoints as normal user
+ When user "user1" requests these endpoints with "PROPFIND" including body then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/dav/files/user0/textfile0.txt | 404 | |
+ | /remote.php/dav/files/user0/PARENT | 404 | |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 404 | |
+
+ Scenario: send PROPFIND requests to webDav endpoints using invalid username but correct password
+ When user "usero" requests these endpoints with "PROPFIND" including body using the password of user "user0" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
diff --git a/tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature b/tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature
new file mode 100644
index 000000000000..8ae215524a35
--- /dev/null
+++ b/tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature
@@ -0,0 +1,40 @@
+@api @TestAlsoOnExternalUserBackend
+Feature: get file info using PUT
+
+ Background:
+ Given user "user0" has been created with default attributes and skeleton files
+ And user "user1" has been created with default attributes and without skeleton files
+
+ Scenario: send PUT requests to webDav endpoints as normal user with wrong password
+ When user "user0" requests these endpoints with "PUT" including body using password "invalid" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
+
+ Scenario: send PUT requests to webDav endpoints as normal user with no password
+ When user "user0" requests these endpoints with "PUT" including body using password "" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |
+
+ Scenario: send PUT requests to another user's webDav endpoints as normal user
+ When user "user1" requests these endpoints with "PUT" including body then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/dav/files/user0/textfile1.txt | 403 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENTS | 403 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENTS/parent.txt | 404 | doesnotmatter |
+
+ Scenario: send PUT requests to webDav endpoints using invalid username but correct password
+ When user "usero" requests these endpoints with "PUT" including body using the password of user "user0" then the status codes should be as listed
+ | endpoint | http-code | body |
+ | /remote.php/webdav/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/textfile0.txt | 401 | doesnotmatter |
+ | /remote.php/webdav/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT | 401 | doesnotmatter |
+ | /remote.php/dav/files/user0/PARENT/parent.txt | 401 | doesnotmatter |