Add tests for user enumeration and sharing in group only

2016-03-15 14:24:51 +01:00 · 2016-03-15 14:24:51 +01:00 · c4b0a1cdfd
parent 4e9c3b3d64
commit c4b0a1cdfd
2 changed files with 103 additions and 45 deletions
--- a/build/integration/features/bootstrap/Sharing.php
+++ b/build/integration/features/bootstrap/Sharing.php
@ -7,8 +7,9 @@ require __DIR__ . '/../../vendor/autoload.php';



-trait Sharing{
+trait Sharing {
 	use Provisioning;
+	use AppConfiguration;

 	/** @var int */
 	private $sharingApiVersion = 1;
@ -520,5 +521,10 @@ trait Sharing{
 		}
 		return $sharees;
 	}
+
+	protected function resetAppConfigs() {
+		$this->modifyServerConfig('core', 'shareapi_only_share_with_group_members', 'no');
+		$this->modifyServerConfig('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
+	}
 }

--- a/build/integration/features/sharees.feature
+++ b/build/integration/features/sharees.feature
@ -4,6 +4,7 @@ Feature: sharees
    And user "test" exists
    And user "Sharee1" exists
    And group "ShareeGroup" exists
+    And user "test" belongs to group "ShareeGroup"

  Scenario: Search without exact match
    Given As an "test"
@ -37,50 +38,101 @@ Feature: sharees
    And "exact remotes" sharees returned is empty
    And "remotes" sharees returned is empty

-# TODO need to move the appconfig setting from Capabilities to Basic/Provisioning
-#  Scenario: Search without exact match no iteration allowed
-#    Given As an "test"
-#    When getting sharees for
-#      | search | Sharee |
-#      | itemType | file |
-#    Then the OCS status code should be "100"
-#    And the HTTP status code should be "200"
-#    And "exact users" sharees returned is empty
-#    And "users" sharees returned is empty
-#    And "exact groups" sharees returned is empty
-#    And "groups" sharees returned is empty
-#    And "exact remotes" sharees returned is empty
-#    And "remotes" sharees returned is empty
-#
-#  Scenario: Search with exact match no iteration allowed
-#    Given As an "test"
-#    When getting sharees for
-#      | search | Sharee1 |
-#      | itemType | file |
-#    Then the OCS status code should be "100"
-#    And the HTTP status code should be "200"
-#    And "exact users" sharees returned are
-#      | Sharee1 | 0 | Sharee1 |
-#    And "users" sharees returned is empty
-#    And "exact groups" sharees returned is empty
-#    And "groups" sharees returned is empty
-#    And "exact remotes" sharees returned is empty
-#    And "remotes" sharees returned is empty
-#
-#  Scenario: Search with exact match group no iteration allowed
-#    Given As an "test"
-#    When getting sharees for
-#      | search | ShareeGroup |
-#      | itemType | file |
-#    Then the OCS status code should be "100"
-#    And the HTTP status code should be "200"
-#    And "exact users" sharees returned is empty
-#    And "users" sharees returned is empty
-#    And "exact groups" sharees returned are
-#      | ShareeGroup | 1 | ShareeGroup |
-#    And "groups" sharees returned is empty
-#    And "exact remotes" sharees returned is empty
-#    And "remotes" sharees returned is empty
+  Scenario: Search only with group members - denied
+    Given As an "test"
+    And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
+    When getting sharees for
+      | search | sharee |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned is empty
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned are
+      | ShareeGroup | 1 | ShareeGroup |
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty
+
+  Scenario: Search only with group members - allowed
+    Given As an "test"
+    And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
+    And user "Sharee1" belongs to group "ShareeGroup"
+    When getting sharees for
+      | search | sharee |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned are
+      | Sharee1 | 0 | Sharee1 |
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned are
+      | ShareeGroup | 1 | ShareeGroup |
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty
+
+  Scenario: Search only with group members - no group as non-member
+    Given As an "Sharee1"
+    And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
+    When getting sharees for
+      | search | sharee |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned is empty
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned is empty
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty
+
+  Scenario: Search without exact match no iteration allowed
+    Given As an "test"
+    And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
+    When getting sharees for
+      | search | Sharee |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned is empty
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned is empty
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty
+
+  Scenario: Search with exact match no iteration allowed
+    Given As an "test"
+    And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
+    When getting sharees for
+      | search | Sharee1 |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned are
+      | Sharee1 | 0 | Sharee1 |
+    And "users" sharees returned is empty
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned is empty
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty
+
+  Scenario: Search with exact match group no iteration allowed
+    Given As an "test"
+    And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
+    When getting sharees for
+      | search | ShareeGroup |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned is empty
+    And "exact groups" sharees returned are
+      | ShareeGroup | 1 | ShareeGroup |
+    And "groups" sharees returned is empty
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty

  Scenario: Search with exact match
    Given As an "test"