106 lines
4.3 KiB
Gherkin
106 lines
4.3 KiB
Gherkin
Feature: auth
|
|
|
|
Background:
|
|
Given user "user0" exists
|
|
Given a new restricted client token is added
|
|
Given a new unrestricted client token is added
|
|
Given the cookie jar is reset
|
|
|
|
# FILES APP
|
|
Scenario: access files app anonymously
|
|
When requesting "/index.php/apps/files" with "GET"
|
|
Then the HTTP status code should be "401"
|
|
|
|
Scenario: access files app with basic auth
|
|
When requesting "/index.php/apps/files" with "GET" using basic auth
|
|
Then the HTTP status code should be "200"
|
|
|
|
Scenario: access files app with unrestricted basic token auth
|
|
When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
|
|
Then the HTTP status code should be "200"
|
|
Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
|
|
Then the HTTP status code should be "200"
|
|
|
|
Scenario: access files app with restricted basic token auth
|
|
When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
|
|
Then the HTTP status code should be "200"
|
|
Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
|
|
Then the HTTP status code should be "404"
|
|
|
|
Scenario: access files app with an unrestricted client token
|
|
When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
|
|
Then the HTTP status code should be "200"
|
|
|
|
Scenario: access files app with browser session
|
|
Given a new browser session is started
|
|
When requesting "/index.php/apps/files" with "GET" using browser session
|
|
Then the HTTP status code should be "200"
|
|
|
|
# WebDAV
|
|
Scenario: using WebDAV anonymously
|
|
When requesting "/remote.php/webdav" with "PROPFIND"
|
|
Then the HTTP status code should be "401"
|
|
|
|
Scenario: using WebDAV with basic auth
|
|
When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
|
|
Then the HTTP status code should be "207"
|
|
|
|
Scenario: using WebDAV with unrestricted basic token auth
|
|
When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
|
|
Then the HTTP status code should be "207"
|
|
|
|
Scenario: using WebDAV with restricted basic token auth
|
|
When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
|
|
Then the HTTP status code should be "207"
|
|
|
|
Scenario: using WebDAV with browser session
|
|
Given a new browser session is started
|
|
When requesting "/remote.php/webdav" with "PROPFIND" using browser session
|
|
Then the HTTP status code should be "207"
|
|
|
|
# OCS
|
|
Scenario: using OCS anonymously
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
|
|
Then the OCS status code should be "997"
|
|
|
|
Scenario: using OCS with basic auth
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
|
|
Then the OCS status code should be "100"
|
|
|
|
Scenario: using OCS with token auth
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
|
|
Then the OCS status code should be "100"
|
|
|
|
Scenario: using OCS with an unrestricted client token
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
|
|
Then the OCS status code should be "100"
|
|
|
|
Scenario: using OCS with browser session
|
|
Given a new browser session is started
|
|
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
|
|
Then the OCS status code should be "100"
|
|
|
|
# REMEMBER ME
|
|
Scenario: remember login
|
|
Given a new remembered browser session is started
|
|
When the session cookie expires
|
|
And requesting "/index.php/apps/files" with "GET" using browser session
|
|
Then the HTTP status code should be "200"
|
|
|
|
# AUTH TOKENS
|
|
Scenario: Creating an auth token with regular auth token should not work
|
|
When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
|
|
Then the HTTP status code should be "200"
|
|
When the CSRF token is extracted from the previous response
|
|
When a new unrestricted client token is added using restricted basic token auth
|
|
Then the HTTP status code should be "503"
|
|
|
|
Scenario: Creating a restricted auth token with regular login should work
|
|
When a new restricted client token is added
|
|
Then the HTTP status code should be "200"
|
|
|
|
Scenario: Creating an unrestricted auth token with regular login should work
|
|
When a new unrestricted client token is added
|
|
Then the HTTP status code should be "200"
|
|
|