A user with reshare permissions on a file is now able to get any share
of that file (just like the owner).
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
This will be needed to test scenarios in which updating a share return a
different HTTP status code, like 401.
The assertion for the 200 HTTP status code was added in those scenarios
that tested updating a share (that is, those that were also checking the
OCS status code), but not in those in which updating a share was just a
preparatory step for the actual test (in the same way that the HTTP
status code is not checked in those tests when creating a share).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Copied and adjusted from "tests/integration/run-docker.sh" in Talk; see
its commit history for further reference.
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
The tests check an user share and a link share; there is a slight
difference in style between them as each one is based on the test above
it, which tests increasing reshare permissions.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The admin user is not deleted after each integration test is run, so
folders created by the admin user in one test are still there when the
next tests run; tests should be independent one from each other, so a
regular user that is created and deleted for each test should be used
instead.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fails with:
* build/integration/federation_features/federated.feature:183
* build/integration/federation_features/federated.feature:232
* build/integration/federation_features/federated.feature:247
* build/integration/federation_features/federated.feature:263
<details><summary>Show full log</summary>
```
Scenario: Reshare a federated shared file # /drone/src/github.com/nextcloud/server/build/integration/federation_features/federated.feature:183
Given Using server "REMOTE" # FederationContext::usingServer()
And user "user1" exists # FederationContext::assureUserExists()
And user "user2" exists # FederationContext::assureUserExists()
And Using server "LOCAL" # FederationContext::usingServer()
And user "user0" exists # FederationContext::assureUserExists()
And User "user0" from server "LOCAL" shares "/textfile0.txt" with user "user1" from server "REMOTE" # FederationContext::federateSharing()
And User "user1" from server "REMOTE" accepts last pending share # FederationContext::acceptLastPendingShare()
And Using server "REMOTE" # FederationContext::usingServer()
And As an "user1" # FederationContext::asAn()
When creating a share with # FederationContext::creatingShare()
| path | /textfile0 (2).txt |
| shareType | 0 |
| shareWith | user2 |
| permissions | 19 |
Then the OCS status code should be "100" # FederationContext::theOCSStatusCodeShouldBe()
Failed asserting that SimpleXMLElement Object &000000007d8e0d3c00000000403fd08a (
0 => '404'
) matches expected '100'.
...
{"message":"Can not find share with ID: 8"}
Scenario: Overwrite a federated shared folder as recipient # /drone/src/github.com/nextcloud/server/build/integration/federation_features/federated.feature:232
Given Using server "REMOTE" # FederationContext::usingServer()
And user "user1" exists # FederationContext::assureUserExists()
And user "user2" exists # FederationContext::assureUserExists()
And Using server "LOCAL" # FederationContext::usingServer()
And user "user0" exists # FederationContext::assureUserExists()
And User "user0" from server "LOCAL" shares "/PARENT" with user "user1" from server "REMOTE" # FederationContext::federateSharing()
And User "user1" from server "REMOTE" accepts last pending share # FederationContext::acceptLastPendingShare()
And Using server "REMOTE" # FederationContext::usingServer()
And As an "user1" # FederationContext::asAn()
And User "user1" modifies text of "/textfile0.txt" with text "BLABLABLA" # FederationContext::modifyTextOfFile()
When User "user1" uploads file "../../data/user1/files/textfile0.txt" to "/PARENT (2)/textfile0.txt" # FederationContext::userUploadsAFileTo()
Client error: `PUT http://localhost:8180/remote.php/webdav/PARENT%20(2)/textfile0.txt` resulted in a `404 Not Found` response:
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre\DA (truncated...)
(GuzzleHttp\Exception\ClientException)
...
{"message":"Can not find share with ID: 10"}
Scenario: Overwrite a federated shared file as recipient using old chunking # /drone/src/github.com/nextcloud/server/build/integration/federation_features/federated.feature:247
Given Using server "REMOTE" # FederationContext::usingServer()
And user "user1" exists # FederationContext::assureUserExists()
And user "user2" exists # FederationContext::assureUserExists()
And Using server "LOCAL" # FederationContext::usingServer()
And user "user0" exists # FederationContext::assureUserExists()
And User "user0" from server "LOCAL" shares "/textfile0.txt" with user "user1" from server "REMOTE" # FederationContext::federateSharing()
And User "user1" from server "REMOTE" accepts last pending share # FederationContext::acceptLastPendingShare()
And Using server "REMOTE" # FederationContext::usingServer()
And As an "user1" # FederationContext::asAn()
And user "user1" uploads chunk file "1" of "3" with "AAAAA" to "/textfile0 (2).txt" # FederationContext::userUploadsChunkFileOfWithToWithChecksum()
Client error: `PUT http://localhost:8180/remote.php/webdav/textfile0%20(2).txt-chunking-42-3-0` resulted in a `404 Not Found` response:
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre\DA (truncated...)
(GuzzleHttp\Exception\ClientException)
...
{"message":"Can not find share with ID: 11"}
Scenario: Overwrite a federated shared folder as recipient using old chunking # /drone/src/github.com/nextcloud/server/build/integration/federation_features/federated.feature:263
Given Using server "REMOTE" # FederationContext::usingServer()
And user "user1" exists # FederationContext::assureUserExists()
And user "user2" exists # FederationContext::assureUserExists()
And Using server "LOCAL" # FederationContext::usingServer()
And user "user0" exists # FederationContext::assureUserExists()
And User "user0" from server "LOCAL" shares "/PARENT" with user "user1" from server "REMOTE" # FederationContext::federateSharing()
And User "user1" from server "REMOTE" accepts last pending share # FederationContext::acceptLastPendingShare()
And Using server "REMOTE" # FederationContext::usingServer()
And As an "user1" # FederationContext::asAn()
And user "user1" uploads chunk file "1" of "3" with "AAAAA" to "/PARENT (2)/textfile0.txt" # FederationContext::userUploadsChunkFileOfWithToWithChecksum()
Client error: `PUT http://localhost:8180/remote.php/webdav/PARENT%20(2)/textfile0.txt-chunking-42-3-0` resulted in a `404 Not Found` response:
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre\DA (truncated...)
(GuzzleHttp\Exception\ClientException)
...
{"message":"Can not find share with ID: 12"}
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
The test just ensures that the controller will gracefully reject the
creation instead of failing miserably; the integration tests when Talk
is enabled are in the Talk repository.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When the ownership of a user share is transfered to the receiver the
share is removed, as the receiver now owns the original file. However,
due to a missing condition, any share with a group, link or remote with
the same id as the user was removed, not only the user shares.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Add "PARENT (2)" and its subdirectories to the paths to be checked, as
before only the own "PARENT" folder was being checked, but not the
shared one.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When a file is shared and the receiver of the share already has a file
with the same name that file is left untouched, and "(2)" is appended to
the name of the shared file.
As "textfile0.txt" is included in the user folder skeleton all the users
in the integration test have that file, so when it is shared the
receiver sees the share as "/textfile0 (2).txt", and her own file as
"/textfile0.txt".
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
"--tags=XXX" limits the features or scenarios to be run to those
matching the tag filter expression.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The data directory is not necessarily located at "../..". The proper
directory is now got by running "php console.php config:system:get
datadirectory".
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Until now it was safe to assume that every file was readable by its
owner, so there was no need to return whether the file was readable or
not. However, with the introduction of end to end encryption that is no
longer the case, and it is now necessary to explicitly provide that
information.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.
Fixes https://github.com/nextcloud/server/issues/5088
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This helps massively reduce the numerous useless 401 exceptions that
appears in the test log. These appear only because Sabre first connects
without any auth type to receive the challenge and then sends the
authentication data.
With this change it will directly use basic auth.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This will help user to selectively move the folders
specified using --path option, instead of moving
entire folder under files directory.
Signed-off-by: Sujith H <sharidasan@owncloud.com>
Update the integration test for transfer-ownership
Update the integration test for transfer-ownership
as the new option --path is introduced in the command.
Signed-off-by: Sujith H <sharidasan@owncloud.com>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This adds a simple integration test that ensures that remembered
login works when the session cookies vanish.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
John Molakvoæ (skjnldsv)
Daniel Calviño Sánchez
Christoph Wurst
Joas Schilling
Arthur Schiwon
Julius Härtl
Morris Jobke
Daniel Kesselberg
Roeland Jago Douma
dependabot[bot]
Robin Appelman
Bjoern Schiessle
Thomas Müller
Lukas Reschke
Vincent Petry
Sergio Bertolin
Roeland Jago Douma
Sujith H
Phil Davis