Feature: auth Background: Given user "user0" exists Given a new restricted client token is added Given a new unrestricted client token is added Given the cookie jar is reset # FILES APP Scenario: access files app anonymously When requesting "/index.php/apps/files" with "GET" Then the HTTP status code should be "401" Scenario: access files app with basic auth When requesting "/index.php/apps/files" with "GET" using basic auth Then the HTTP status code should be "200" Scenario: access files app with unrestricted basic token auth When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth Then the HTTP status code should be "200" Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session Then the HTTP status code should be "200" Scenario: access files app with restricted basic token auth When requesting "/index.php/apps/files" with "GET" using restricted basic token auth Then the HTTP status code should be "200" Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session Then the HTTP status code should be "404" Scenario: access files app with an unrestricted client token When requesting "/index.php/apps/files" with "GET" using an unrestricted client token Then the HTTP status code should be "200" Scenario: access files app with browser session Given a new browser session is started When requesting "/index.php/apps/files" with "GET" using browser session Then the HTTP status code should be "200" # WebDAV Scenario: using WebDAV anonymously When requesting "/remote.php/webdav" with "PROPFIND" Then the HTTP status code should be "401" Scenario: using WebDAV with basic auth When requesting "/remote.php/webdav" with "PROPFIND" using basic auth Then the HTTP status code should be "207" Scenario: using WebDAV with unrestricted basic token auth When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth Then the HTTP status code should be "207" Scenario: using WebDAV with restricted basic token auth When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth Then the HTTP status code should be "207" Scenario: using old WebDAV endpoint with unrestricted client token When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token Then the HTTP status code should be "207" Scenario: using new WebDAV endpoint with unrestricted client token When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token Then the HTTP status code should be "207" Scenario: using WebDAV with browser session Given a new browser session is started When requesting "/remote.php/webdav" with "PROPFIND" using browser session Then the HTTP status code should be "207" # OCS Scenario: using OCS anonymously When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" Then the OCS status code should be "997" Scenario: using OCS with basic auth When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth Then the OCS status code should be "100" Scenario: using OCS with token auth When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth Then the OCS status code should be "100" Scenario: using OCS with an unrestricted client token When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token Then the OCS status code should be "100" Scenario: using OCS with browser session Given a new browser session is started When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session Then the OCS status code should be "100" # REMEMBER ME Scenario: remember login Given a new remembered browser session is started When the session cookie expires And requesting "/index.php/apps/files" with "GET" using browser session Then the HTTP status code should be "200" # AUTH TOKENS Scenario: Creating an auth token with regular auth token should not work When requesting "/index.php/apps/files" with "GET" using restricted basic token auth Then the HTTP status code should be "200" When the CSRF token is extracted from the previous response When a new unrestricted client token is added using restricted basic token auth Then the HTTP status code should be "503" Scenario: Creating a restricted auth token with regular login should work When a new restricted client token is added Then the HTTP status code should be "200" Scenario: Creating an unrestricted auth token with regular login should work When a new unrestricted client token is added Then the HTTP status code should be "200"