webdav-related.feature 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519
  1. Feature: webdav-related
  2. Background:
  3. Given using api version "1"
  4. Scenario: Unauthenticated call old dav path
  5. Given using old dav path
  6. When connecting to dav endpoint
  7. Then the HTTP status code should be "401"
  8. And there are no duplicate headers
  9. And The following headers should be set
  10. |WWW-Authenticate|Basic realm="Nextcloud"|
  11. Scenario: Unauthenticated call new dav path
  12. Given using new dav path
  13. When connecting to dav endpoint
  14. Then the HTTP status code should be "401"
  15. And there are no duplicate headers
  16. And The following headers should be set
  17. |WWW-Authenticate|Basic realm="Nextcloud"|
  18. Scenario: Moving a file
  19. Given using old dav path
  20. And As an "admin"
  21. And user "user0" exists
  22. And As an "user0"
  23. When User "user0" moves file "/welcome.txt" to "/FOLDER/welcome.txt"
  24. Then the HTTP status code should be "201"
  25. And Downloaded content when downloading file "/FOLDER/welcome.txt" with range "bytes=0-6" should be "Welcome"
  26. Scenario: Moving and overwriting a file old way
  27. Given using old dav path
  28. And As an "admin"
  29. And user "user0" exists
  30. And As an "user0"
  31. When User "user0" moves file "/welcome.txt" to "/textfile0.txt"
  32. Then the HTTP status code should be "204"
  33. And Downloaded content when downloading file "/textfile0.txt" with range "bytes=0-6" should be "Welcome"
  34. Scenario: Moving a file to a folder with no permissions
  35. Given using old dav path
  36. And As an "admin"
  37. And user "user0" exists
  38. And user "user1" exists
  39. And As an "user1"
  40. And user "user1" created a folder "/testshare"
  41. And as "user1" creating a share with
  42. | path | testshare |
  43. | shareType | 0 |
  44. | permissions | 1 |
  45. | shareWith | user0 |
  46. And As an "user0"
  47. And User "user0" moves file "/textfile0.txt" to "/testshare/textfile0.txt"
  48. And the HTTP status code should be "403"
  49. When Downloading file "/testshare/textfile0.txt"
  50. Then the HTTP status code should be "404"
  51. Scenario: Moving a file to overwrite a file in a folder with no permissions
  52. Given using old dav path
  53. And As an "admin"
  54. And user "user0" exists
  55. And user "user1" exists
  56. And As an "user1"
  57. And user "user1" created a folder "/testshare"
  58. And as "user1" creating a share with
  59. | path | testshare |
  60. | shareType | 0 |
  61. | permissions | 1 |
  62. | shareWith | user0 |
  63. And User "user1" copies file "/welcome.txt" to "/testshare/overwritethis.txt"
  64. And As an "user0"
  65. When User "user0" moves file "/textfile0.txt" to "/testshare/overwritethis.txt"
  66. Then the HTTP status code should be "403"
  67. And Downloaded content when downloading file "/testshare/overwritethis.txt" with range "bytes=0-6" should be "Welcome"
  68. Scenario: Copying a file
  69. Given using old dav path
  70. And As an "admin"
  71. And user "user0" exists
  72. And As an "user0"
  73. When User "user0" copies file "/welcome.txt" to "/FOLDER/welcome.txt"
  74. Then the HTTP status code should be "201"
  75. And Downloaded content when downloading file "/FOLDER/welcome.txt" with range "bytes=0-6" should be "Welcome"
  76. Scenario: Copying and overwriting a file
  77. Given using old dav path
  78. And As an "admin"
  79. And user "user0" exists
  80. And As an "user0"
  81. When User "user0" copies file "/welcome.txt" to "/textfile1.txt"
  82. Then the HTTP status code should be "204"
  83. And Downloaded content when downloading file "/textfile1.txt" with range "bytes=0-6" should be "Welcome"
  84. Scenario: Copying a file to a folder with no permissions
  85. Given using old dav path
  86. And As an "admin"
  87. And user "user0" exists
  88. And user "user1" exists
  89. And As an "user1"
  90. And user "user1" created a folder "/testshare"
  91. And as "user1" creating a share with
  92. | path | testshare |
  93. | shareType | 0 |
  94. | permissions | 1 |
  95. | shareWith | user0 |
  96. And As an "user0"
  97. When User "user0" copies file "/textfile0.txt" to "/testshare/textfile0.txt"
  98. Then the HTTP status code should be "403"
  99. And Downloading file "/testshare/textfile0.txt"
  100. And the HTTP status code should be "404"
  101. Scenario: Copying a file to overwrite a file into a folder with no permissions
  102. Given using old dav path
  103. And As an "admin"
  104. And user "user0" exists
  105. And user "user1" exists
  106. And As an "user1"
  107. And user "user1" created a folder "/testshare"
  108. And as "user1" creating a share with
  109. | path | testshare |
  110. | shareType | 0 |
  111. | permissions | 1 |
  112. | shareWith | user0 |
  113. And User "user1" copies file "/welcome.txt" to "/testshare/overwritethis.txt"
  114. And As an "user0"
  115. When User "user0" copies file "/textfile0.txt" to "/testshare/overwritethis.txt"
  116. Then the HTTP status code should be "403"
  117. And Downloaded content when downloading file "/testshare/overwritethis.txt" with range "bytes=0-6" should be "Welcome"
  118. Scenario: download a file with range
  119. Given using old dav path
  120. And As an "admin"
  121. When Downloading file "/welcome.txt" with range "bytes=52-78"
  122. Then Downloaded content should be "example file for developers"
  123. Scenario: Upload forbidden if quota is 0
  124. Given using old dav path
  125. And As an "admin"
  126. And user "user0" exists
  127. And user "user0" has a quota of "0"
  128. When User "user0" uploads file "data/textfile.txt" to "/asdf.txt"
  129. Then the HTTP status code should be "507"
  130. Scenario: Retrieving folder quota when no quota is set
  131. Given using old dav path
  132. And As an "admin"
  133. And user "user0" exists
  134. When user "user0" has unlimited quota
  135. Then as "user0" gets properties of folder "/" with
  136. |{DAV:}quota-available-bytes|
  137. And the single response should contain a property "{DAV:}quota-available-bytes" with value "-3"
  138. Scenario: Retrieving folder quota when quota is set
  139. Given using old dav path
  140. And As an "admin"
  141. And user "user0" exists
  142. When user "user0" has a quota of "10 MB"
  143. Then as "user0" gets properties of folder "/" with
  144. |{DAV:}quota-available-bytes|
  145. And the single response should contain a property "{DAV:}quota-available-bytes" with value "10485421"
  146. Scenario: Retrieving folder quota of shared folder with quota when no quota is set for recipient
  147. Given using old dav path
  148. And As an "admin"
  149. And user "user0" exists
  150. And user "user1" exists
  151. And user "user0" has unlimited quota
  152. And user "user1" has a quota of "10 MB"
  153. And As an "user1"
  154. And user "user1" created a folder "/testquota"
  155. And as "user1" creating a share with
  156. | path | testquota |
  157. | shareType | 0 |
  158. | permissions | 31 |
  159. | shareWith | user0 |
  160. Then as "user0" gets properties of folder "/testquota" with
  161. |{DAV:}quota-available-bytes|
  162. And the single response should contain a property "{DAV:}quota-available-bytes" with value "10485421"
  163. Scenario: Uploading a file as recipient using webdav having quota
  164. Given using old dav path
  165. And As an "admin"
  166. And user "user0" exists
  167. And user "user1" exists
  168. And user "user0" has a quota of "10 MB"
  169. And user "user1" has a quota of "10 MB"
  170. And As an "user1"
  171. And user "user1" created a folder "/testquota"
  172. And as "user1" creating a share with
  173. | path | testquota |
  174. | shareType | 0 |
  175. | permissions | 31 |
  176. | shareWith | user0 |
  177. And As an "user0"
  178. When User "user0" uploads file "data/textfile.txt" to "/testquota/asdf.txt"
  179. Then the HTTP status code should be "201"
  180. Scenario: Retrieving folder quota when quota is set and a file was uploaded
  181. Given using old dav path
  182. And As an "admin"
  183. And user "user0" exists
  184. And user "user0" has a quota of "1 KB"
  185. And user "user0" adds a file of 93 bytes to "/prueba.txt"
  186. When as "user0" gets properties of folder "/" with
  187. |{DAV:}quota-available-bytes|
  188. Then the single response should contain a property "{DAV:}quota-available-bytes" with value "592"
  189. Scenario: Retrieving folder quota when quota is set and a file was recieved
  190. Given using old dav path
  191. And As an "admin"
  192. And user "user0" exists
  193. And user "user1" exists
  194. And user "user1" has a quota of "1 KB"
  195. And user "user0" adds a file of 93 bytes to "/user0.txt"
  196. And file "user0.txt" of user "user0" is shared with user "user1"
  197. When as "user1" gets properties of folder "/" with
  198. |{DAV:}quota-available-bytes|
  199. Then the single response should contain a property "{DAV:}quota-available-bytes" with value "685"
  200. Scenario: download a public shared file with range
  201. Given user "user0" exists
  202. And As an "user0"
  203. When creating a share with
  204. | path | welcome.txt |
  205. | shareType | 3 |
  206. And Downloading last public shared file with range "bytes=52-78"
  207. Then Downloaded content should be "example file for developers"
  208. Scenario: download a public shared file inside a folder with range
  209. Given user "user0" exists
  210. And As an "user0"
  211. When creating a share with
  212. | path | PARENT |
  213. | shareType | 3 |
  214. And Downloading last public shared file inside a folder "/parent.txt" with range "bytes=1-8"
  215. Then Downloaded content should be "extcloud"
  216. Scenario: Downloading a file on the old endpoint should serve security headers
  217. Given using old dav path
  218. And As an "admin"
  219. When Downloading file "/welcome.txt"
  220. Then The following headers should be set
  221. |Content-Disposition|attachment; filename*=UTF-8''welcome.txt; filename="welcome.txt"|
  222. |Content-Security-Policy|default-src 'none';|
  223. |X-Content-Type-Options |nosniff|
  224. |X-Download-Options|noopen|
  225. |X-Frame-Options|Sameorigin|
  226. |X-Permitted-Cross-Domain-Policies|none|
  227. |X-Robots-Tag|none|
  228. |X-XSS-Protection|1; mode=block|
  229. And Downloaded content should start with "Welcome to your Nextcloud account!"
  230. Scenario: Doing a GET with a web login should work without CSRF token on the old backend
  231. Given Logging in using web as "admin"
  232. When Sending a "GET" to "/remote.php/webdav/welcome.txt" without requesttoken
  233. Then Downloaded content should start with "Welcome to your Nextcloud account!"
  234. Then the HTTP status code should be "200"
  235. Scenario: Doing a GET with a web login should work with CSRF token on the old backend
  236. Given Logging in using web as "admin"
  237. When Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
  238. Then Downloaded content should start with "Welcome to your Nextcloud account!"
  239. Then the HTTP status code should be "200"
  240. Scenario: Doing a PROPFIND with a web login should not work without CSRF token on the old backend
  241. Given Logging in using web as "admin"
  242. When Sending a "PROPFIND" to "/remote.php/webdav/welcome.txt" without requesttoken
  243. Then the HTTP status code should be "401"
  244. Scenario: Doing a PROPFIND with a web login should work with CSRF token on the old backend
  245. Given Logging in using web as "admin"
  246. When Sending a "PROPFIND" to "/remote.php/webdav/welcome.txt" with requesttoken
  247. Then the HTTP status code should be "207"
  248. Scenario: Upload chunked file asc
  249. Given user "user0" exists
  250. And user "user0" uploads chunk file "1" of "3" with "AAAAA" to "/myChunkedFile.txt"
  251. And user "user0" uploads chunk file "2" of "3" with "BBBBB" to "/myChunkedFile.txt"
  252. And user "user0" uploads chunk file "3" of "3" with "CCCCC" to "/myChunkedFile.txt"
  253. When As an "user0"
  254. And Downloading file "/myChunkedFile.txt"
  255. Then Downloaded content should be "AAAAABBBBBCCCCC"
  256. Scenario: Upload chunked file desc
  257. Given user "user0" exists
  258. And user "user0" uploads chunk file "3" of "3" with "CCCCC" to "/myChunkedFile.txt"
  259. And user "user0" uploads chunk file "2" of "3" with "BBBBB" to "/myChunkedFile.txt"
  260. And user "user0" uploads chunk file "1" of "3" with "AAAAA" to "/myChunkedFile.txt"
  261. When As an "user0"
  262. And Downloading file "/myChunkedFile.txt"
  263. Then Downloaded content should be "AAAAABBBBBCCCCC"
  264. Scenario: Upload chunked file random
  265. Given user "user0" exists
  266. And user "user0" uploads chunk file "2" of "3" with "BBBBB" to "/myChunkedFile.txt"
  267. And user "user0" uploads chunk file "3" of "3" with "CCCCC" to "/myChunkedFile.txt"
  268. And user "user0" uploads chunk file "1" of "3" with "AAAAA" to "/myChunkedFile.txt"
  269. When As an "user0"
  270. And Downloading file "/myChunkedFile.txt"
  271. Then Downloaded content should be "AAAAABBBBBCCCCC"
  272. Scenario: A file that is not shared does not have a share-types property
  273. Given user "user0" exists
  274. And user "user0" created a folder "/test"
  275. When as "user0" gets properties of folder "/test" with
  276. |{http://owncloud.org/ns}share-types|
  277. Then the response should contain an empty property "{http://owncloud.org/ns}share-types"
  278. Scenario: A file that is shared to a user has a share-types property
  279. Given user "user0" exists
  280. And user "user1" exists
  281. And user "user0" created a folder "/test"
  282. And as "user0" creating a share with
  283. | path | test |
  284. | shareType | 0 |
  285. | permissions | 31 |
  286. | shareWith | user1 |
  287. When as "user0" gets properties of folder "/test" with
  288. |{http://owncloud.org/ns}share-types|
  289. Then the response should contain a share-types property with
  290. | 0 |
  291. Scenario: A file that is shared to a group has a share-types property
  292. Given user "user0" exists
  293. And group "group1" exists
  294. And user "user0" created a folder "/test"
  295. And as "user0" creating a share with
  296. | path | test |
  297. | shareType | 1 |
  298. | permissions | 31 |
  299. | shareWith | group1 |
  300. When as "user0" gets properties of folder "/test" with
  301. |{http://owncloud.org/ns}share-types|
  302. Then the response should contain a share-types property with
  303. | 1 |
  304. Scenario: A file that is shared by link has a share-types property
  305. Given user "user0" exists
  306. And user "user0" created a folder "/test"
  307. And as "user0" creating a share with
  308. | path | test |
  309. | shareType | 3 |
  310. | permissions | 31 |
  311. When as "user0" gets properties of folder "/test" with
  312. |{http://owncloud.org/ns}share-types|
  313. Then the response should contain a share-types property with
  314. | 3 |
  315. Scenario: A file that is shared by user,group and link has a share-types property
  316. Given user "user0" exists
  317. And user "user1" exists
  318. And group "group2" exists
  319. And user "user0" created a folder "/test"
  320. And as "user0" creating a share with
  321. | path | test |
  322. | shareType | 0 |
  323. | permissions | 31 |
  324. | shareWith | user1 |
  325. And as "user0" creating a share with
  326. | path | test |
  327. | shareType | 1 |
  328. | permissions | 31 |
  329. | shareWith | group2 |
  330. And as "user0" creating a share with
  331. | path | test |
  332. | shareType | 3 |
  333. | permissions | 31 |
  334. When as "user0" gets properties of folder "/test" with
  335. |{http://owncloud.org/ns}share-types|
  336. Then the response should contain a share-types property with
  337. | 0 |
  338. | 1 |
  339. | 3 |
  340. Scenario: Upload chunked file asc with new chunking
  341. Given using new dav path
  342. And user "user0" exists
  343. And user "user0" creates a new chunking upload with id "chunking-42"
  344. And user "user0" uploads new chunk file "1" with "AAAAA" to id "chunking-42"
  345. And user "user0" uploads new chunk file "2" with "BBBBB" to id "chunking-42"
  346. And user "user0" uploads new chunk file "3" with "CCCCC" to id "chunking-42"
  347. And user "user0" moves new chunk file with id "chunking-42" to "/myChunkedFile.txt"
  348. When As an "user0"
  349. And Downloading file "/myChunkedFile.txt"
  350. Then Downloaded content should be "AAAAABBBBBCCCCC"
  351. Scenario: Upload chunked file desc with new chunking
  352. Given using new dav path
  353. And user "user0" exists
  354. And user "user0" creates a new chunking upload with id "chunking-42"
  355. And user "user0" uploads new chunk file "3" with "CCCCC" to id "chunking-42"
  356. And user "user0" uploads new chunk file "2" with "BBBBB" to id "chunking-42"
  357. And user "user0" uploads new chunk file "1" with "AAAAA" to id "chunking-42"
  358. And user "user0" moves new chunk file with id "chunking-42" to "/myChunkedFile.txt"
  359. When As an "user0"
  360. And Downloading file "/myChunkedFile.txt"
  361. Then Downloaded content should be "AAAAABBBBBCCCCC"
  362. Scenario: Upload chunked file random with new chunking
  363. Given using new dav path
  364. And user "user0" exists
  365. And user "user0" creates a new chunking upload with id "chunking-42"
  366. And user "user0" uploads new chunk file "2" with "BBBBB" to id "chunking-42"
  367. And user "user0" uploads new chunk file "3" with "CCCCC" to id "chunking-42"
  368. And user "user0" uploads new chunk file "1" with "AAAAA" to id "chunking-42"
  369. And user "user0" moves new chunk file with id "chunking-42" to "/myChunkedFile.txt"
  370. When As an "user0"
  371. And Downloading file "/myChunkedFile.txt"
  372. Then Downloaded content should be "AAAAABBBBBCCCCC"
  373. Scenario: A disabled user cannot use webdav
  374. Given user "userToBeDisabled" exists
  375. And As an "admin"
  376. And assure user "userToBeDisabled" is disabled
  377. When Downloading file "/welcome.txt" as "userToBeDisabled"
  378. Then the HTTP status code should be "503"
  379. Scenario: Copying files into a folder with edit permissions
  380. Given using dav path "remote.php/webdav"
  381. And user "user0" exists
  382. And user "user1" exists
  383. And As an "user1"
  384. And user "user1" created a folder "/testcopypermissionsAllowed"
  385. And as "user1" creating a share with
  386. | path | testcopypermissionsAllowed |
  387. | shareType | 0 |
  388. | permissions | 31 |
  389. | shareWith | user0 |
  390. And User "user0" uploads file with content "copytest" to "/copytest.txt"
  391. When User "user0" copies file "/copytest.txt" to "/testcopypermissionsAllowed/copytest.txt"
  392. Then the HTTP status code should be "201"
  393. Scenario: Copying files into a folder without edit permissions
  394. Given using dav path "remote.php/webdav"
  395. And user "user0" exists
  396. And user "user1" exists
  397. And As an "user1"
  398. And user "user1" created a folder "/testcopypermissionsNotAllowed"
  399. And as "user1" creating a share with
  400. | path | testcopypermissionsNotAllowed |
  401. | shareType | 0 |
  402. | permissions | 1 |
  403. | shareWith | user0 |
  404. And User "user0" uploads file with content "copytest" to "/copytest.txt"
  405. When User "user0" copies file "/copytest.txt" to "/testcopypermissionsNotAllowed/copytest.txt"
  406. Then the HTTP status code should be "403"
  407. Scenario: Uploading a file as recipient with limited permissions
  408. Given using new dav path
  409. And As an "admin"
  410. And user "user0" exists
  411. And user "user1" exists
  412. And user "user0" has a quota of "10 MB"
  413. And user "user1" has a quota of "10 MB"
  414. And As an "user1"
  415. And user "user1" created a folder "/testfolder"
  416. And as "user1" creating a share with
  417. | path | testfolder |
  418. | shareType | 0 |
  419. | permissions | 23 |
  420. | shareWith | user0 |
  421. And As an "user0"
  422. And User "user0" uploads file "data/textfile.txt" to "/testfolder/asdf.txt"
  423. And As an "user1"
  424. When User "user1" deletes file "/testfolder/asdf.txt"
  425. Then the HTTP status code should be "204"
  426. Scenario: Creating a folder
  427. Given using old dav path
  428. And user "user0" exists
  429. And user "user0" created a folder "/test_folder"
  430. When as "user0" gets properties of folder "/test_folder" with
  431. |{DAV:}resourcetype|
  432. Then the single response should contain a property "{DAV:}resourcetype" with value "{DAV:}collection"
  433. Scenario: Creating a folder with special chars
  434. Given using old dav path
  435. And user "user0" exists
  436. And user "user0" created a folder "/test_folder:5"
  437. When as "user0" gets properties of folder "/test_folder:5" with
  438. |{DAV:}resourcetype|
  439. Then the single response should contain a property "{DAV:}resourcetype" with value "{DAV:}collection"
  440. Scenario: Removing everything of a folder
  441. Given using old dav path
  442. And As an "admin"
  443. And user "user0" exists
  444. And As an "user0"
  445. And User "user0" moves file "/welcome.txt" to "/FOLDER/welcome.txt"
  446. And user "user0" created a folder "/FOLDER/SUBFOLDER"
  447. And User "user0" copies file "/textfile0.txt" to "/FOLDER/SUBFOLDER/testfile0.txt"
  448. When User "user0" deletes everything from folder "/FOLDER/"
  449. Then user "user0" should see following elements
  450. | /FOLDER/ |
  451. | /PARENT/ |
  452. | /PARENT/parent.txt |
  453. | /textfile0.txt |
  454. | /textfile1.txt |
  455. | /textfile2.txt |
  456. | /textfile3.txt |
  457. | /textfile4.txt |
  458. Scenario: Removing everything of a folder using new dav path
  459. Given using new dav path
  460. And As an "admin"
  461. And user "user0" exists
  462. And As an "user0"
  463. And User "user0" moves file "/welcome.txt" to "/FOLDER/welcome.txt"
  464. And user "user0" created a folder "/FOLDER/SUBFOLDER"
  465. And User "user0" copies file "/textfile0.txt" to "/FOLDER/SUBFOLDER/testfile0.txt"
  466. When User "user0" deletes everything from folder "/FOLDER/"
  467. Then user "user0" should see following elements
  468. | /FOLDER/ |
  469. | /PARENT/ |
  470. | /PARENT/parent.txt |
  471. | /textfile0.txt |
  472. | /textfile1.txt |
  473. | /textfile2.txt |
  474. | /textfile3.txt |
  475. | /textfile4.txt |