diff --git a/build/integration/features/dav-v2.feature b/build/integration/features/dav-v2.feature new file mode 100644 index 0000000000..2b3aeff945 --- /dev/null +++ b/build/integration/features/dav-v2.feature @@ -0,0 +1,55 @@ +Feature: dav-v2 + Background: + Given using api version "1" + + Scenario: moving a file new endpoint way + Given using dav path "remote.php/dav" + And As an "admin" + And user "user0" exists + When User "user0" moves file "/files/user0/textfile0.txt" to "/files/user0/FOLDER/textfile0.txt" + Then the HTTP status code should be "201" + + Scenario: download a file with range using new endpoint + Given using dav path "remote.php/dav" + And As an "admin" + And user "user0" exists + And As an "user0" + When Downloading file "/files/user0/welcome.txt" with range "bytes=51-77" + Then Downloaded content should be "example file for developers" + + Scenario: Downloading a file on the new endpoint should serve security headers + Given using dav path "remote.php/dav/files/admin/" + And As an "admin" + When Downloading file "welcome.txt" + Then The following headers should be set + |Content-Disposition|attachment; filename*=UTF-8''welcome.txt; filename="welcome.txt"| + |Content-Security-Policy|default-src 'none';| + |X-Content-Type-Options |nosniff| + |X-Download-Options|noopen| + |X-Frame-Options|Sameorigin| + |X-Permitted-Cross-Domain-Policies|none| + |X-Robots-Tag|none| + |X-XSS-Protection|1; mode=block| + And Downloaded content should start with "Welcome to your ownCloud account!" + + Scenario: Doing a GET with a web login should work without CSRF token on the new backend + Given Logging in using web as "admin" + When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken + Then Downloaded content should start with "Welcome to your ownCloud account!" + Then the HTTP status code should be "200" + + Scenario: Doing a GET with a web login should work with CSRF token on the new backend + Given Logging in using web as "admin" + When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken + Then Downloaded content should start with "Welcome to your ownCloud account!" + Then the HTTP status code should be "200" + + Scenario: Doing a PROPFIND with a web login should not work without CSRF token on the new backend + Given Logging in using web as "admin" + When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken + Then the HTTP status code should be "401" + + Scenario: Doing a PROPFIND with a web login should work with CSRF token on the new backend + Given Logging in using web as "admin" + When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken + Then the HTTP status code should be "207" diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature index 14ff505463..06df280ea6 100644 --- a/build/integration/features/webdav-related.feature +++ b/build/integration/features/webdav-related.feature @@ -92,43 +92,6 @@ Feature: webdav-related |X-XSS-Protection|1; mode=block| And Downloaded content should start with "Welcome to your ownCloud account!" - Scenario: Downloading a file on the new endpoint should serve security headers - Given using dav path "remote.php/dav/files/admin/" - And As an "admin" - When Downloading file "/welcome.txt" - Then The following headers should be set - |Content-Disposition|attachment; filename*=UTF-8''welcome.txt; filename="welcome.txt"| - |Content-Security-Policy|default-src 'none';| - |X-Content-Type-Options |nosniff| - |X-Download-Options|noopen| - |X-Frame-Options|Sameorigin| - |X-Permitted-Cross-Domain-Policies|none| - |X-Robots-Tag|none| - |X-XSS-Protection|1; mode=block| - And Downloaded content should start with "Welcome to your ownCloud account!" - - Scenario: Doing a GET with a web login should work without CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken - Then Downloaded content should start with "Welcome to your ownCloud account!" - Then the HTTP status code should be "200" - - Scenario: Doing a GET with a web login should work with CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "GET" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken - Then Downloaded content should start with "Welcome to your ownCloud account!" - Then the HTTP status code should be "200" - - Scenario: Doing a PROPFIND with a web login should not work without CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken - Then the HTTP status code should be "401" - - Scenario: Doing a PROPFIND with a web login should work with CSRF token on the new backend - Given Logging in using web as "admin" - When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" with requesttoken - Then the HTTP status code should be "207" - Scenario: Doing a GET with a web login should work without CSRF token on the old backend Given Logging in using web as "admin" When Sending a "GET" to "/remote.php/webdav/welcome.txt" without requesttoken