1
0

auth.feature 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. # SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
  2. # SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  3. # SPDX-License-Identifier: AGPL-3.0-only
  4. Feature: auth
  5. Background:
  6. Given user "user0" exists
  7. Given a new restricted client token is added
  8. Given a new unrestricted client token is added
  9. Given the cookie jar is reset
  10. # FILES APP
  11. Scenario: access files app anonymously
  12. When requesting "/index.php/apps/files" with "GET"
  13. Then the HTTP status code should be "401"
  14. Scenario: access files app with basic auth
  15. When requesting "/index.php/apps/files" with "GET" using basic auth
  16. Then the HTTP status code should be "200"
  17. Scenario: access files app with unrestricted basic token auth
  18. When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
  19. Then the HTTP status code should be "200"
  20. Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
  21. Then the HTTP status code should be "200"
  22. Scenario: access files app with restricted basic token auth
  23. When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
  24. Then the HTTP status code should be "200"
  25. Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
  26. Then the HTTP status code should be "404"
  27. Scenario: access files app with an unrestricted client token
  28. When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
  29. Then the HTTP status code should be "200"
  30. Scenario: access files app with browser session
  31. Given a new browser session is started
  32. When requesting "/index.php/apps/files" with "GET" using browser session
  33. Then the HTTP status code should be "200"
  34. # WebDAV
  35. Scenario: using WebDAV anonymously
  36. When requesting "/remote.php/webdav" with "PROPFIND"
  37. Then the HTTP status code should be "401"
  38. Scenario: using WebDAV with basic auth
  39. When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
  40. Then the HTTP status code should be "207"
  41. Scenario: using WebDAV with unrestricted basic token auth
  42. When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
  43. Then the HTTP status code should be "207"
  44. Scenario: using WebDAV with restricted basic token auth
  45. When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
  46. Then the HTTP status code should be "207"
  47. Scenario: using old WebDAV endpoint with unrestricted client token
  48. When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token
  49. Then the HTTP status code should be "207"
  50. Scenario: using new WebDAV endpoint with unrestricted client token
  51. When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token
  52. Then the HTTP status code should be "207"
  53. Scenario: using WebDAV with browser session
  54. Given a new browser session is started
  55. When requesting "/remote.php/webdav" with "PROPFIND" using browser session
  56. Then the HTTP status code should be "207"
  57. # OCS
  58. Scenario: using OCS anonymously
  59. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
  60. Then the OCS status code should be "997"
  61. Scenario: using OCS with basic auth
  62. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
  63. Then the OCS status code should be "100"
  64. Scenario: using OCS with token auth
  65. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
  66. Then the OCS status code should be "100"
  67. Scenario: using OCS with an unrestricted client token
  68. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
  69. Then the OCS status code should be "100"
  70. Scenario: using OCS with browser session
  71. Given a new browser session is started
  72. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
  73. Then the OCS status code should be "100"
  74. # REMEMBER ME
  75. Scenario: remember login
  76. Given a new remembered browser session is started
  77. When the session cookie expires
  78. And requesting "/index.php/apps/files" with "GET" using browser session
  79. Then the HTTP status code should be "200"
  80. # AUTH TOKENS
  81. Scenario: Creating an auth token with regular auth token should not work
  82. When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
  83. Then the HTTP status code should be "200"
  84. When the CSRF token is extracted from the previous response
  85. When a new unrestricted client token is added using restricted basic token auth
  86. Then the HTTP status code should be "503"
  87. Scenario: Creating a restricted auth token with regular login should work
  88. When a new restricted client token is added
  89. Then the HTTP status code should be "200"
  90. Scenario: Creating an unrestricted auth token with regular login should work
  91. When a new unrestricted client token is added
  92. Then the HTTP status code should be "200"