auth.feature 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
  1. Feature: auth
  2. Background:
  3. Given user "user0" exists
  4. Given a new restricted client token is added
  5. Given a new unrestricted client token is added
  6. Given the cookie jar is reset
  7. # FILES APP
  8. Scenario: access files app anonymously
  9. When requesting "/index.php/apps/files" with "GET"
  10. Then the HTTP status code should be "401"
  11. Scenario: access files app with basic auth
  12. When requesting "/index.php/apps/files" with "GET" using basic auth
  13. Then the HTTP status code should be "200"
  14. Scenario: access files app with unrestricted basic token auth
  15. When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
  16. Then the HTTP status code should be "200"
  17. Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
  18. Then the HTTP status code should be "200"
  19. Scenario: access files app with restricted basic token auth
  20. When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
  21. Then the HTTP status code should be "200"
  22. Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
  23. Then the HTTP status code should be "404"
  24. Scenario: access files app with an unrestricted client token
  25. When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
  26. Then the HTTP status code should be "200"
  27. Scenario: access files app with browser session
  28. Given a new browser session is started
  29. When requesting "/index.php/apps/files" with "GET" using browser session
  30. Then the HTTP status code should be "200"
  31. # WebDAV
  32. Scenario: using WebDAV anonymously
  33. When requesting "/remote.php/webdav" with "PROPFIND"
  34. Then the HTTP status code should be "401"
  35. Scenario: using WebDAV with basic auth
  36. When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
  37. Then the HTTP status code should be "207"
  38. Scenario: using WebDAV with unrestricted basic token auth
  39. When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
  40. Then the HTTP status code should be "207"
  41. Scenario: using WebDAV with restricted basic token auth
  42. When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
  43. Then the HTTP status code should be "207"
  44. Scenario: using old WebDAV endpoint with unrestricted client token
  45. When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token
  46. Then the HTTP status code should be "207"
  47. Scenario: using new WebDAV endpoint with unrestricted client token
  48. When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token
  49. Then the HTTP status code should be "207"
  50. Scenario: using WebDAV with browser session
  51. Given a new browser session is started
  52. When requesting "/remote.php/webdav" with "PROPFIND" using browser session
  53. Then the HTTP status code should be "207"
  54. # OCS
  55. Scenario: using OCS anonymously
  56. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
  57. Then the OCS status code should be "997"
  58. Scenario: using OCS with basic auth
  59. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
  60. Then the OCS status code should be "100"
  61. Scenario: using OCS with token auth
  62. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
  63. Then the OCS status code should be "100"
  64. Scenario: using OCS with an unrestricted client token
  65. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
  66. Then the OCS status code should be "100"
  67. Scenario: using OCS with browser session
  68. Given a new browser session is started
  69. When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
  70. Then the OCS status code should be "100"
  71. # REMEMBER ME
  72. Scenario: remember login
  73. Given a new remembered browser session is started
  74. When the session cookie expires
  75. And requesting "/index.php/apps/files" with "GET" using browser session
  76. Then the HTTP status code should be "200"
  77. # AUTH TOKENS
  78. Scenario: Creating an auth token with regular auth token should not work
  79. When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
  80. Then the HTTP status code should be "200"
  81. When the CSRF token is extracted from the previous response
  82. When a new unrestricted client token is added using restricted basic token auth
  83. Then the HTTP status code should be "503"
  84. Scenario: Creating a restricted auth token with regular login should work
  85. When a new restricted client token is added
  86. Then the HTTP status code should be "200"
  87. Scenario: Creating an unrestricted auth token with regular login should work
  88. When a new unrestricted client token is added
  89. Then the HTTP status code should be "200"