2016-05-03 17:21:49 +03:00
|
|
|
Feature: auth
|
|
|
|
|
|
|
|
Background:
|
|
|
|
Given user "user0" exists
|
2017-04-05 14:14:59 +03:00
|
|
|
Given a new restricted client token is added
|
|
|
|
Given a new unrestricted client token is added
|
|
|
|
Given the cookie jar is reset
|
2016-05-03 17:21:49 +03:00
|
|
|
|
|
|
|
# FILES APP
|
|
|
|
Scenario: access files app anonymously
|
|
|
|
When requesting "/index.php/apps/files" with "GET"
|
|
|
|
Then the HTTP status code should be "401"
|
|
|
|
|
|
|
|
Scenario: access files app with basic auth
|
|
|
|
When requesting "/index.php/apps/files" with "GET" using basic auth
|
|
|
|
Then the HTTP status code should be "200"
|
|
|
|
|
2017-04-05 14:14:59 +03:00
|
|
|
Scenario: access files app with unrestricted basic token auth
|
|
|
|
When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
|
|
|
|
Then the HTTP status code should be "200"
|
|
|
|
Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
|
|
|
|
Then the HTTP status code should be "200"
|
|
|
|
|
|
|
|
Scenario: access files app with restricted basic token auth
|
|
|
|
When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
|
2016-05-03 17:21:49 +03:00
|
|
|
Then the HTTP status code should be "200"
|
2017-04-05 14:14:59 +03:00
|
|
|
Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
|
|
|
|
Then the HTTP status code should be "404"
|
2016-05-03 17:21:49 +03:00
|
|
|
|
2017-04-05 14:14:59 +03:00
|
|
|
Scenario: access files app with an unrestricted client token
|
|
|
|
When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
|
2016-05-03 17:21:49 +03:00
|
|
|
Then the HTTP status code should be "200"
|
|
|
|
|
|
|
|
Scenario: access files app with browser session
|
|
|
|
Given a new browser session is started
|
|
|
|
When requesting "/index.php/apps/files" with "GET" using browser session
|
|
|
|
Then the HTTP status code should be "200"
|
|
|
|
|
|
|
|
# WebDAV
|
|
|
|
Scenario: using WebDAV anonymously
|
|
|
|
When requesting "/remote.php/webdav" with "PROPFIND"
|
|
|
|
Then the HTTP status code should be "401"
|
|
|
|
|
|
|
|
Scenario: using WebDAV with basic auth
|
|
|
|
When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
|
|
|
|
Then the HTTP status code should be "207"
|
|
|
|
|
2017-04-05 14:14:59 +03:00
|
|
|
Scenario: using WebDAV with unrestricted basic token auth
|
|
|
|
When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
|
2016-05-03 17:21:49 +03:00
|
|
|
Then the HTTP status code should be "207"
|
|
|
|
|
2017-04-05 14:14:59 +03:00
|
|
|
Scenario: using WebDAV with restricted basic token auth
|
|
|
|
When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
|
|
|
|
Then the HTTP status code should be "207"
|
2016-05-03 17:21:49 +03:00
|
|
|
|
2017-05-18 21:34:48 +03:00
|
|
|
Scenario: using WebDAV with restricted basic token auth
|
|
|
|
When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token
|
|
|
|
Then the HTTP status code should be "207"
|
|
|
|
|
2016-05-03 17:21:49 +03:00
|
|
|
Scenario: using WebDAV with browser session
|
|
|
|
Given a new browser session is started
|
|
|
|
When requesting "/remote.php/webdav" with "PROPFIND" using browser session
|
|
|
|
Then the HTTP status code should be "207"
|
|
|
|
|
|
|
|
# OCS
|
|
|
|
Scenario: using OCS anonymously
|
|
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
|
|
|
|
Then the OCS status code should be "997"
|
|
|
|
|
|
|
|
Scenario: using OCS with basic auth
|
|
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
|
|
|
|
Then the OCS status code should be "100"
|
|
|
|
|
|
|
|
Scenario: using OCS with token auth
|
2017-04-05 14:14:59 +03:00
|
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
|
2016-05-03 17:21:49 +03:00
|
|
|
Then the OCS status code should be "100"
|
|
|
|
|
2017-04-05 14:14:59 +03:00
|
|
|
Scenario: using OCS with an unrestricted client token
|
|
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
|
2016-05-03 17:21:49 +03:00
|
|
|
Then the OCS status code should be "100"
|
|
|
|
|
|
|
|
Scenario: using OCS with browser session
|
|
|
|
Given a new browser session is started
|
|
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
|
2017-01-02 13:20:22 +03:00
|
|
|
Then the OCS status code should be "100"
|
|
|
|
|
|
|
|
# REMEMBER ME
|
|
|
|
Scenario: remember login
|
|
|
|
Given a new remembered browser session is started
|
|
|
|
When the session cookie expires
|
|
|
|
And requesting "/index.php/apps/files" with "GET" using browser session
|
|
|
|
Then the HTTP status code should be "200"
|
|
|
|
|
2017-04-05 14:14:59 +03:00
|
|
|
# AUTH TOKENS
|
|
|
|
Scenario: Creating an auth token with regular auth token should not work
|
|
|
|
When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
|
|
|
|
Then the HTTP status code should be "200"
|
|
|
|
When the CSRF token is extracted from the previous response
|
|
|
|
When a new unrestricted client token is added using restricted basic token auth
|
|
|
|
Then the HTTP status code should be "503"
|
|
|
|
|
|
|
|
Scenario: Creating a restricted auth token with regular login should work
|
|
|
|
When a new restricted client token is added
|
|
|
|
Then the HTTP status code should be "200"
|
|
|
|
|
|
|
|
Scenario: Creating an unrestricted auth token with regular login should work
|
|
|
|
When a new unrestricted client token is added
|
|
|
|
Then the HTTP status code should be "200"
|
|
|
|
|