nextcloud/build/integration/features/auth.feature

Feature: auth

	Background:
		Given user "user0" exists
		Given a new restricted client token is added
		Given a new unrestricted client token is added
		Given the cookie jar is reset

	# FILES APP
	Scenario: access files app anonymously
		When requesting "/index.php/apps/files" with "GET"
		Then the HTTP status code should be "401"

	Scenario: access files app with basic auth
		When requesting "/index.php/apps/files" with "GET" using basic auth
		Then the HTTP status code should be "200"

	Scenario: access files app with unrestricted basic token auth
		When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
		Then the HTTP status code should be "200"
		Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
		Then the HTTP status code should be "200"

	Scenario: access files app with restricted basic token auth
		When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
		Then the HTTP status code should be "200"
		Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
		Then the HTTP status code should be "404"

	Scenario: access files app with an unrestricted client token
		When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
		Then the HTTP status code should be "200"

	Scenario: access files app with browser session
		Given a new browser session is started
		When requesting "/index.php/apps/files" with "GET" using browser session
		Then the HTTP status code should be "200"

	# WebDAV
	Scenario: using WebDAV anonymously
		When requesting "/remote.php/webdav" with "PROPFIND"
		Then the HTTP status code should be "401"

	Scenario: using WebDAV with basic auth
		When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
		Then the HTTP status code should be "207"

	Scenario: using WebDAV with unrestricted basic token auth
		When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
		Then the HTTP status code should be "207"

	Scenario: using WebDAV with restricted basic token auth
		When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
		Then the HTTP status code should be "207"

	Scenario: using old WebDAV endpoint with unrestricted client token
		When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token
		Then the HTTP status code should be "207"

	Scenario: using new WebDAV endpoint with unrestricted client token
		When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token
		Then the HTTP status code should be "207"

	Scenario: using WebDAV with browser session
		Given a new browser session is started
		When requesting "/remote.php/webdav" with "PROPFIND" using browser session
		Then the HTTP status code should be "207"

	# OCS
	Scenario: using OCS anonymously
		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
		Then the OCS status code should be "997"

	Scenario: using OCS with basic auth
		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
		Then the OCS status code should be "100"

	Scenario: using OCS with token auth
		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
		Then the OCS status code should be "100"

	Scenario: using OCS with an unrestricted client token
		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
		Then the OCS status code should be "100"

	Scenario: using OCS with browser session
		Given a new browser session is started
		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
		Then the OCS status code should be "100"

	# REMEMBER ME
	Scenario: remember login
		Given a new remembered browser session is started
		When the session cookie expires
		And requesting "/index.php/apps/files" with "GET" using browser session
		Then the HTTP status code should be "200"

	# AUTH TOKENS
	Scenario: Creating an auth token with regular auth token should not work
		When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
		Then the HTTP status code should be "200"
		When the CSRF token is extracted from the previous response
		When a new unrestricted client token is added using restricted basic token auth
		Then the HTTP status code should be "503"

	Scenario: Creating a restricted auth token with regular login should work
		When a new restricted client token is added
		Then the HTTP status code should be "200"

	Scenario: Creating an unrestricted auth token with regular login should work
		When a new unrestricted client token is added
		Then the HTTP status code should be "200"
add auth integration tests 2016-05-03 17:21:49 +03:00			`Feature: auth`

			`Background:`
			`Given user "user0" exists`
Add integration tests for token auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-05 14:14:59 +03:00			`Given a new restricted client token is added`
			`Given a new unrestricted client token is added`
			`Given the cookie jar is reset`
add auth integration tests 2016-05-03 17:21:49 +03:00
			`# FILES APP`
			`Scenario: access files app anonymously`
			`When requesting "/index.php/apps/files" with "GET"`
			`Then the HTTP status code should be "401"`

			`Scenario: access files app with basic auth`
			`When requesting "/index.php/apps/files" with "GET" using basic auth`
			`Then the HTTP status code should be "200"`

Add integration tests for token auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-05 14:14:59 +03:00			`Scenario: access files app with unrestricted basic token auth`
			`When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth`
			`Then the HTTP status code should be "200"`
			`Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session`
			`Then the HTTP status code should be "200"`

			`Scenario: access files app with restricted basic token auth`
			`When requesting "/index.php/apps/files" with "GET" using restricted basic token auth`
add auth integration tests 2016-05-03 17:21:49 +03:00			`Then the HTTP status code should be "200"`
Add integration tests for token auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-05 14:14:59 +03:00			`Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session`
			`Then the HTTP status code should be "404"`
add auth integration tests 2016-05-03 17:21:49 +03:00
Add integration tests for token auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-05 14:14:59 +03:00			`Scenario: access files app with an unrestricted client token`
			`When requesting "/index.php/apps/files" with "GET" using an unrestricted client token`
add auth integration tests 2016-05-03 17:21:49 +03:00			`Then the HTTP status code should be "200"`

			`Scenario: access files app with browser session`
			`Given a new browser session is started`
			`When requesting "/index.php/apps/files" with "GET" using browser session`
			`Then the HTTP status code should be "200"`

			`# WebDAV`
			`Scenario: using WebDAV anonymously`
			`When requesting "/remote.php/webdav" with "PROPFIND"`
			`Then the HTTP status code should be "401"`

			`Scenario: using WebDAV with basic auth`
			`When requesting "/remote.php/webdav" with "PROPFIND" using basic auth`
			`Then the HTTP status code should be "207"`

Add integration tests for token auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-05 14:14:59 +03:00			`Scenario: using WebDAV with unrestricted basic token auth`
			`When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth`
add auth integration tests 2016-05-03 17:21:49 +03:00			`Then the HTTP status code should be "207"`

Add integration tests for token auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-05 14:14:59 +03:00			`Scenario: using WebDAV with restricted basic token auth`
			`When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth`
			`Then the HTTP status code should be "207"`
add auth integration tests 2016-05-03 17:21:49 +03:00
Make legacy DAV backend use the BearerAuth backend as well Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-05-18 22:19:39 +03:00			`Scenario: using old WebDAV endpoint with unrestricted client token`
Add additional test for accessing DAV using Bearer Auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-05-18 21:34:48 +03:00			`When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token`
			`Then the HTTP status code should be "207"`

Make legacy DAV backend use the BearerAuth backend as well Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-05-18 22:19:39 +03:00			`Scenario: using new WebDAV endpoint with unrestricted client token`
			`When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token`
			`Then the HTTP status code should be "207"`

add auth integration tests 2016-05-03 17:21:49 +03:00			`Scenario: using WebDAV with browser session`
			`Given a new browser session is started`
			`When requesting "/remote.php/webdav" with "PROPFIND" using browser session`
			`Then the HTTP status code should be "207"`

			`# OCS`
			`Scenario: using OCS anonymously`
			`When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"`
			`Then the OCS status code should be "997"`

			`Scenario: using OCS with basic auth`
			`When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth`
			`Then the OCS status code should be "100"`

			`Scenario: using OCS with token auth`
Add integration tests for token auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-05 14:14:59 +03:00			`When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth`
add auth integration tests 2016-05-03 17:21:49 +03:00			`Then the OCS status code should be "100"`

Add integration tests for token auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-05 14:14:59 +03:00			`Scenario: using OCS with an unrestricted client token`
			`When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token`
add auth integration tests 2016-05-03 17:21:49 +03:00			`Then the OCS status code should be "100"`

			`Scenario: using OCS with browser session`
			`Given a new browser session is started`
			`When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session`
Test remember-me login This adds a simple integration test that ensures that remembered login works when the session cookies vanish. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2017-01-02 13:20:22 +03:00			`Then the OCS status code should be "100"`

			`# REMEMBER ME`
			`Scenario: remember login`
			`Given a new remembered browser session is started`
			`When the session cookie expires`
			`And requesting "/index.php/apps/files" with "GET" using browser session`
			`Then the HTTP status code should be "200"`

Add integration tests for token auth Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-05 14:14:59 +03:00			`# AUTH TOKENS`
			`Scenario: Creating an auth token with regular auth token should not work`
			`When requesting "/index.php/apps/files" with "GET" using restricted basic token auth`
			`Then the HTTP status code should be "200"`
			`When the CSRF token is extracted from the previous response`
			`When a new unrestricted client token is added using restricted basic token auth`
			`Then the HTTP status code should be "503"`

			`Scenario: Creating a restricted auth token with regular login should work`
			`When a new restricted client token is added`
			`Then the HTTP status code should be "200"`

			`Scenario: Creating an unrestricted auth token with regular login should work`
			`When a new unrestricted client token is added`
			`Then the HTTP status code should be "200"`