add auth integration tests
This commit is contained in:
Christoph Wurst
Thomas Müller
parent
f0f8bdd495
commit
bfed02b038
|
|
@ -0,0 +1,78 @@
|
|||
Feature: auth
|
||||
|
||||
Background:
|
||||
Given user "user0" exists
|
||||
Given a new client token is used
|
||||
|
||||
|
||||
# FILES APP
|
||||
|
||||
Scenario: access files app anonymously
|
||||
When requesting "/index.php/apps/files" with "GET"
|
||||
Then the HTTP status code should be "401"
|
||||
|
||||
Scenario: access files app with basic auth
|
||||
When requesting "/index.php/apps/files" with "GET" using basic auth
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: access files app with basic token auth
|
||||
When requesting "/index.php/apps/files" with "GET" using basic token auth
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: access files app with a client token
|
||||
When requesting "/index.php/apps/files" with "GET" using a client token
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: access files app with browser session
|
||||
Given a new browser session is started
|
||||
When requesting "/index.php/apps/files" with "GET" using browser session
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
|
||||
# WebDAV
|
||||
|
||||
Scenario: using WebDAV anonymously
|
||||
When requesting "/remote.php/webdav" with "PROPFIND"
|
||||
Then the HTTP status code should be "401"
|
||||
|
||||
Scenario: using WebDAV with basic auth
|
||||
When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
|
||||
Then the HTTP status code should be "207"
|
||||
|
||||
Scenario: using WebDAV with token auth
|
||||
When requesting "/remote.php/webdav" with "PROPFIND" using basic token auth
|
||||
Then the HTTP status code should be "207"
|
||||
|
||||
# DAV token auth is not possible yet
|
||||
#Scenario: using WebDAV with a client token
|
||||
# When requesting "/remote.php/webdav" with "PROPFIND" using a client token
|
||||
# Then the HTTP status code should be "207"
|
||||
|
||||
Scenario: using WebDAV with browser session
|
||||
Given a new browser session is started
|
||||
When requesting "/remote.php/webdav" with "PROPFIND" using browser session
|
||||
Then the HTTP status code should be "207"
|
||||
|
||||
|
||||
# OCS
|
||||
|
||||
Scenario: using OCS anonymously
|
||||
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
|
||||
Then the OCS status code should be "997"
|
||||
|
||||
Scenario: using OCS with basic auth
|
||||
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
|
||||
Then the OCS status code should be "100"
|
||||
|
||||
Scenario: using OCS with token auth
|
||||
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic token auth
|
||||
Then the OCS status code should be "100"
|
||||
|
||||
Scenario: using OCS with client token
|
||||
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using a client token
|
||||
Then the OCS status code should be "100"
|
||||
|
||||
Scenario: using OCS with browser session
|
||||
Given a new browser session is started
|
||||
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
|
||||
Then the OCS status code should be "100"
|
||||
|
|
@ -0,0 +1,117 @@
|
|||
<?php
|
||||
|
||||
use GuzzleHttp\Client;
|
||||
use GuzzleHttp\Exception\ClientException;
|
||||
|
||||
require __DIR__ . '/../../vendor/autoload.php';
|
||||
|
||||
trait Auth {
|
||||
|
||||
private $clientToken;
|
||||
|
||||
/** @BeforeScenario */
|
||||
public function tearUpScenario() {
|
||||
$this->client = new Client();
|
||||
$this->responseXml = '';
|
||||
}
|
||||
|
||||
/**
|
||||
* @When requesting :url with :method
|
||||
*/
|
||||
public function requestingWith($url, $method) {
|
||||
$this->sendRequest($url, $method);
|
||||
}
|
||||
|
||||
private function sendRequest($url, $method, $authHeader = null, $useCookies = false) {
|
||||
$fullUrl = substr($this->baseUrl, 0, -5) . $url;
|
||||
try {
|
||||
if ($useCookies) {
|
||||
$request = $this->client->createRequest($method, $fullUrl, [
|
||||
'cookies' => $this->cookieJar,
|
||||
]);
|
||||
} else {
|
||||
$request = $this->client->createRequest($method, $fullUrl);
|
||||
}
|
||||
if ($authHeader) {
|
||||
$request->setHeader('Authorization', $authHeader);
|
||||
}
|
||||
$request->setHeader('OCS_APIREQUEST', 'true');
|
||||
$request->setHeader('requesttoken', $this->requestToken);
|
||||
$this->response = $this->client->send($request);
|
||||
} catch (ClientException $ex) {
|
||||
$this->response = $ex->getResponse();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given a new client token is used
|
||||
*/
|
||||
public function aNewClientTokenIsUsed() {
|
||||
$client = new Client();
|
||||
$resp = $client->post(substr($this->baseUrl, 0, -5) . '/token/generate', [
|
||||
'json' => [
|
||||
'user' => 'user0',
|
||||
'password' => '123456',
|
||||
]
|
||||
]);
|
||||
$this->clientToken = json_decode($resp->getBody()->getContents())->token;
|
||||
}
|
||||
|
||||
/**
|
||||
* @When requesting :url with :method using basic auth
|
||||
*/
|
||||
public function requestingWithBasicAuth($url, $method) {
|
||||
$this->sendRequest($url, $method, 'basic ' . base64_encode('user:user'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @When requesting :url with :method using basic token auth
|
||||
*/
|
||||
public function requestingWithBasicTokenAuth($url, $method) {
|
||||
$this->sendRequest($url, $method, 'basic ' . base64_encode('user:' . $this->clientToken));
|
||||
}
|
||||
|
||||
/**
|
||||
* @When requesting :url with :method using a client token
|
||||
*/
|
||||
public function requestingWithUsingAClientToken($url, $method) {
|
||||
$this->sendRequest($url, $method, 'token ' . $this->clientToken);
|
||||
}
|
||||
|
||||
/**
|
||||
* @When requesting :url with :method using browser session
|
||||
*/
|
||||
public function requestingWithBrowserSession($url, $method) {
|
||||
$this->sendRequest($url, $method, null, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given a new browser session is started
|
||||
*/
|
||||
public function aNewBrowserSessionIsStarted() {
|
||||
$loginUrl = substr($this->baseUrl, 0, -5) . '/login';
|
||||
// Request a new session and extract CSRF token
|
||||
$client = new Client();
|
||||
$response = $client->get(
|
||||
$loginUrl, [
|
||||
'cookies' => $this->cookieJar,
|
||||
]
|
||||
);
|
||||
$this->extracRequestTokenFromResponse($response);
|
||||
|
||||
// Login and extract new token
|
||||
$client = new Client();
|
||||
$response = $client->post(
|
||||
$loginUrl, [
|
||||
'body' => [
|
||||
'user' => 'user0',
|
||||
'password' => '123456',
|
||||
'requesttoken' => $this->requestToken,
|
||||
],
|
||||
'cookies' => $this->cookieJar,
|
||||
]
|
||||
);
|
||||
$this->extracRequestTokenFromResponse($response);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -6,6 +6,9 @@ use GuzzleHttp\Message\ResponseInterface;
|
|||
require __DIR__ . '/../../vendor/autoload.php';
|
||||
|
||||
trait BasicStructure {
|
||||
|
||||
use Auth;
|
||||
|
||||
/** @var string */
|
||||
private $currentUser = '';
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue