Add tests for user enumeration and sharing in group only
This commit is contained in:
Joas Schilling
parent
4e9c3b3d64
commit
c4b0a1cdfd
|
|
@ -7,8 +7,9 @@ require __DIR__ . '/../../vendor/autoload.php';
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
trait Sharing{
|
trait Sharing {
|
||||||
use Provisioning;
|
use Provisioning;
|
||||||
|
use AppConfiguration;
|
||||||
|
|
||||||
/** @var int */
|
/** @var int */
|
||||||
private $sharingApiVersion = 1;
|
private $sharingApiVersion = 1;
|
||||||
|
|
@ -520,5 +521,10 @@ trait Sharing{
|
||||||
}
|
}
|
||||||
return $sharees;
|
return $sharees;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function resetAppConfigs() {
|
||||||
|
$this->modifyServerConfig('core', 'shareapi_only_share_with_group_members', 'no');
|
||||||
|
$this->modifyServerConfig('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ Feature: sharees
|
||||||
And user "test" exists
|
And user "test" exists
|
||||||
And user "Sharee1" exists
|
And user "Sharee1" exists
|
||||||
And group "ShareeGroup" exists
|
And group "ShareeGroup" exists
|
||||||
|
And user "test" belongs to group "ShareeGroup"
|
||||||
|
|
||||||
Scenario: Search without exact match
|
Scenario: Search without exact match
|
||||||
Given As an "test"
|
Given As an "test"
|
||||||
|
|
@ -37,50 +38,101 @@ Feature: sharees
|
||||||
And "exact remotes" sharees returned is empty
|
And "exact remotes" sharees returned is empty
|
||||||
And "remotes" sharees returned is empty
|
And "remotes" sharees returned is empty
|
||||||
|
|
||||||
# TODO need to move the appconfig setting from Capabilities to Basic/Provisioning
|
Scenario: Search only with group members - denied
|
||||||
# Scenario: Search without exact match no iteration allowed
|
Given As an "test"
|
||||||
# Given As an "test"
|
And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
|
||||||
# When getting sharees for
|
When getting sharees for
|
||||||
# | search | Sharee |
|
| search | sharee |
|
||||||
# | itemType | file |
|
| itemType | file |
|
||||||
# Then the OCS status code should be "100"
|
Then the OCS status code should be "100"
|
||||||
# And the HTTP status code should be "200"
|
And the HTTP status code should be "200"
|
||||||
# And "exact users" sharees returned is empty
|
And "exact users" sharees returned is empty
|
||||||
# And "users" sharees returned is empty
|
And "users" sharees returned is empty
|
||||||
# And "exact groups" sharees returned is empty
|
And "exact groups" sharees returned is empty
|
||||||
# And "groups" sharees returned is empty
|
And "groups" sharees returned are
|
||||||
# And "exact remotes" sharees returned is empty
|
| ShareeGroup | 1 | ShareeGroup |
|
||||||
# And "remotes" sharees returned is empty
|
And "exact remotes" sharees returned is empty
|
||||||
#
|
And "remotes" sharees returned is empty
|
||||||
# Scenario: Search with exact match no iteration allowed
|
|
||||||
# Given As an "test"
|
Scenario: Search only with group members - allowed
|
||||||
# When getting sharees for
|
Given As an "test"
|
||||||
# | search | Sharee1 |
|
And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
|
||||||
# | itemType | file |
|
And user "Sharee1" belongs to group "ShareeGroup"
|
||||||
# Then the OCS status code should be "100"
|
When getting sharees for
|
||||||
# And the HTTP status code should be "200"
|
| search | sharee |
|
||||||
# And "exact users" sharees returned are
|
| itemType | file |
|
||||||
# | Sharee1 | 0 | Sharee1 |
|
Then the OCS status code should be "100"
|
||||||
# And "users" sharees returned is empty
|
And the HTTP status code should be "200"
|
||||||
# And "exact groups" sharees returned is empty
|
And "exact users" sharees returned is empty
|
||||||
# And "groups" sharees returned is empty
|
And "users" sharees returned are
|
||||||
# And "exact remotes" sharees returned is empty
|
| Sharee1 | 0 | Sharee1 |
|
||||||
# And "remotes" sharees returned is empty
|
And "exact groups" sharees returned is empty
|
||||||
#
|
And "groups" sharees returned are
|
||||||
# Scenario: Search with exact match group no iteration allowed
|
| ShareeGroup | 1 | ShareeGroup |
|
||||||
# Given As an "test"
|
And "exact remotes" sharees returned is empty
|
||||||
# When getting sharees for
|
And "remotes" sharees returned is empty
|
||||||
# | search | ShareeGroup |
|
|
||||||
# | itemType | file |
|
Scenario: Search only with group members - no group as non-member
|
||||||
# Then the OCS status code should be "100"
|
Given As an "Sharee1"
|
||||||
# And the HTTP status code should be "200"
|
And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
|
||||||
# And "exact users" sharees returned is empty
|
When getting sharees for
|
||||||
# And "users" sharees returned is empty
|
| search | sharee |
|
||||||
# And "exact groups" sharees returned are
|
| itemType | file |
|
||||||
# | ShareeGroup | 1 | ShareeGroup |
|
Then the OCS status code should be "100"
|
||||||
# And "groups" sharees returned is empty
|
And the HTTP status code should be "200"
|
||||||
# And "exact remotes" sharees returned is empty
|
And "exact users" sharees returned is empty
|
||||||
# And "remotes" sharees returned is empty
|
And "users" sharees returned is empty
|
||||||
|
And "exact groups" sharees returned is empty
|
||||||
|
And "groups" sharees returned is empty
|
||||||
|
And "exact remotes" sharees returned is empty
|
||||||
|
And "remotes" sharees returned is empty
|
||||||
|
|
||||||
|
Scenario: Search without exact match no iteration allowed
|
||||||
|
Given As an "test"
|
||||||
|
And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
|
||||||
|
When getting sharees for
|
||||||
|
| search | Sharee |
|
||||||
|
| itemType | file |
|
||||||
|
Then the OCS status code should be "100"
|
||||||
|
And the HTTP status code should be "200"
|
||||||
|
And "exact users" sharees returned is empty
|
||||||
|
And "users" sharees returned is empty
|
||||||
|
And "exact groups" sharees returned is empty
|
||||||
|
And "groups" sharees returned is empty
|
||||||
|
And "exact remotes" sharees returned is empty
|
||||||
|
And "remotes" sharees returned is empty
|
||||||
|
|
||||||
|
Scenario: Search with exact match no iteration allowed
|
||||||
|
Given As an "test"
|
||||||
|
And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
|
||||||
|
When getting sharees for
|
||||||
|
| search | Sharee1 |
|
||||||
|
| itemType | file |
|
||||||
|
Then the OCS status code should be "100"
|
||||||
|
And the HTTP status code should be "200"
|
||||||
|
And "exact users" sharees returned are
|
||||||
|
| Sharee1 | 0 | Sharee1 |
|
||||||
|
And "users" sharees returned is empty
|
||||||
|
And "exact groups" sharees returned is empty
|
||||||
|
And "groups" sharees returned is empty
|
||||||
|
And "exact remotes" sharees returned is empty
|
||||||
|
And "remotes" sharees returned is empty
|
||||||
|
|
||||||
|
Scenario: Search with exact match group no iteration allowed
|
||||||
|
Given As an "test"
|
||||||
|
And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
|
||||||
|
When getting sharees for
|
||||||
|
| search | ShareeGroup |
|
||||||
|
| itemType | file |
|
||||||
|
Then the OCS status code should be "100"
|
||||||
|
And the HTTP status code should be "200"
|
||||||
|
And "exact users" sharees returned is empty
|
||||||
|
And "users" sharees returned is empty
|
||||||
|
And "exact groups" sharees returned are
|
||||||
|
| ShareeGroup | 1 | ShareeGroup |
|
||||||
|
And "groups" sharees returned is empty
|
||||||
|
And "exact remotes" sharees returned is empty
|
||||||
|
And "remotes" sharees returned is empty
|
||||||
|
|
||||||
Scenario: Search with exact match
|
Scenario: Search with exact match
|
||||||
Given As an "test"
|
Given As an "test"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue