Home Explore Help
Sign In
RISCI_ATOM
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Files Issues 23 Wiki
Tree: 3314735cec
Branches Tags
nextcloud-serve...
/
build
/
integration
/
features
/
auth.feature

auth.feature 4.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. Feature: auth
    2. 

  2. 

  3. 	Background:
    4. 

  4. 		Given user "user0" exists
    5. 

  5. 		Given a new restricted client token is added
    6. 

  6. 		Given a new unrestricted client token is added
    7. 

  7. 		Given the cookie jar is reset
    8. 

  8. 

  9. 	# FILES APP
    10. 

  10. 	Scenario: access files app anonymously
    11. 

  11. 		When requesting "/index.php/apps/files" with "GET"
    12. 

  12. 		Then the HTTP status code should be "401"
    13. 

  13. 

  14. 	Scenario: access files app with basic auth
    15. 

  15. 		When requesting "/index.php/apps/files" with "GET" using basic auth
    16. 

  16. 		Then the HTTP status code should be "200"
    17. 

  17. 

  18. 	Scenario: access files app with unrestricted basic token auth
    19. 

  19. 		When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
    20. 

  20. 		Then the HTTP status code should be "200"
    21. 

  21. 		Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
    22. 

  22. 		Then the HTTP status code should be "200"
    23. 

  23. 

  24. 	Scenario: access files app with restricted basic token auth
    25. 

  25. 		When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
    26. 

  26. 		Then the HTTP status code should be "200"
    27. 

  27. 		Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
    28. 

  28. 		Then the HTTP status code should be "404"
    29. 

  29. 

  30. 	Scenario: access files app with an unrestricted client token
    31. 

  31. 		When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
    32. 

  32. 		Then the HTTP status code should be "200"
    33. 

  33. 

  34. 	Scenario: access files app with browser session
    35. 

  35. 		Given a new browser session is started
    36. 

  36. 		When requesting "/index.php/apps/files" with "GET" using browser session
    37. 

  37. 		Then the HTTP status code should be "200"
    38. 

  38. 

  39. 	# WebDAV
    40. 

  40. 	Scenario: using WebDAV anonymously
    41. 

  41. 		When requesting "/remote.php/webdav" with "PROPFIND"
    42. 

  42. 		Then the HTTP status code should be "401"
    43. 

  43. 

  44. 	Scenario: using WebDAV with basic auth
    45. 

  45. 		When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
    46. 

  46. 		Then the HTTP status code should be "207"
    47. 

  47. 

  48. 	Scenario: using WebDAV with unrestricted basic token auth
    49. 

  49. 		When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
    50. 

  50. 		Then the HTTP status code should be "207"
    51. 

  51. 

  52. 	Scenario: using WebDAV with restricted basic token auth
    53. 

  53. 		When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
    54. 

  54. 		Then the HTTP status code should be "207"
    55. 

  55. 

  56. 	Scenario: using old WebDAV endpoint with unrestricted client token
    57. 

  57. 		When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token
    58. 

  58. 		Then the HTTP status code should be "207"
    59. 

  59. 

  60. 	Scenario: using new WebDAV endpoint with unrestricted client token
    61. 

  61. 		When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token
    62. 

  62. 		Then the HTTP status code should be "207"
    63. 

  63. 

  64. 	Scenario: using WebDAV with browser session
    65. 

  65. 		Given a new browser session is started
    66. 

  66. 		When requesting "/remote.php/webdav" with "PROPFIND" using browser session
    67. 

  67. 		Then the HTTP status code should be "207"
    68. 

  68. 

  69. 	# OCS
    70. 

  70. 	Scenario: using OCS anonymously
    71. 

  71. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
    72. 

  72. 		Then the OCS status code should be "997"
    73. 

  73. 

  74. 	Scenario: using OCS with basic auth
    75. 

  75. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
    76. 

  76. 		Then the OCS status code should be "100"
    77. 

  77. 

  78. 	Scenario: using OCS with token auth
    79. 

  79. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
    80. 

  80. 		Then the OCS status code should be "100"
    81. 

  81. 

  82. 	Scenario: using OCS with an unrestricted client token
    83. 

  83. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
    84. 

  84. 		Then the OCS status code should be "100"
    85. 

  85. 

  86. 	Scenario: using OCS with browser session
    87. 

  87. 		Given a new browser session is started
    88. 

  88. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
    89. 

  89. 		Then the OCS status code should be "100"
    90. 

  90. 

  91. 	# REMEMBER ME
    92. 

  92. 	Scenario: remember login
    93. 

  93. 		Given a new remembered browser session is started
    94. 

  94. 		When the session cookie expires
    95. 

  95. 		And requesting "/index.php/apps/files" with "GET" using browser session
    96. 

  96. 		Then the HTTP status code should be "200"
    97. 

  97. 

  98. 	# AUTH TOKENS
    99. 

  99. 	Scenario: Creating an auth token with regular auth token should not work
    100. 

  100. 		When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
    101. 

  101. 		Then the HTTP status code should be "200"
    102. 

  102. 		When the CSRF token is extracted from the previous response
    103. 

  103. 		When a new unrestricted client token is added using restricted basic token auth
    104. 

  104. 		Then the HTTP status code should be "503"
    105. 

  105. 

  106. 	Scenario: Creating a restricted auth token with regular login should work
    107. 

  107. 		When a new restricted client token is added
    108. 

  108. 		Then the HTTP status code should be "200"
    109. 

  109. 

  110. 	Scenario: Creating an unrestricted auth token with regular login should work
    111. 

  111. 		When a new unrestricted client token is added
    112. 

  112. 		Then the HTTP status code should be "200"
    113. 

  113.