Home Explore Help
Sign In
RISCI_ATOM
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Files Issues 23 Wiki
Tree: ede0c26b78
Branches Tags
nextcloud-serve...
/
build
/
integration
/
features
/
auth.feature

auth.feature 4.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 
  1. # SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
    2. 

  2. # SPDX-FileCopyrightText: 2016 ownCloud, Inc.
    3. 

  3. # SPDX-License-Identifier: AGPL-3.0-only
    4. 

  4. Feature: auth
    5. 

  5. 

  6. 	Background:
    7. 

  7. 		Given user "user0" exists
    8. 

  8. 		Given a new restricted client token is added
    9. 

  9. 		Given a new unrestricted client token is added
    10. 

  10. 		Given the cookie jar is reset
    11. 

  11. 

  12. 	# FILES APP
    13. 

  13. 	Scenario: access files app anonymously
    14. 

  14. 		When requesting "/index.php/apps/files" with "GET"
    15. 

  15. 		Then the HTTP status code should be "401"
    16. 

  16. 

  17. 	Scenario: access files app with basic auth
    18. 

  18. 		When requesting "/index.php/apps/files" with "GET" using basic auth
    19. 

  19. 		Then the HTTP status code should be "200"
    20. 

  20. 

  21. 	Scenario: access files app with unrestricted basic token auth
    22. 

  22. 		When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
    23. 

  23. 		Then the HTTP status code should be "200"
    24. 

  24. 		Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
    25. 

  25. 		Then the HTTP status code should be "200"
    26. 

  26. 

  27. 	Scenario: access files app with restricted basic token auth
    28. 

  28. 		When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
    29. 

  29. 		Then the HTTP status code should be "200"
    30. 

  30. 		Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
    31. 

  31. 		Then the HTTP status code should be "404"
    32. 

  32. 

  33. 	Scenario: access files app with an unrestricted client token
    34. 

  34. 		When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
    35. 

  35. 		Then the HTTP status code should be "200"
    36. 

  36. 

  37. 	Scenario: access files app with browser session
    38. 

  38. 		Given a new browser session is started
    39. 

  39. 		When requesting "/index.php/apps/files" with "GET" using browser session
    40. 

  40. 		Then the HTTP status code should be "200"
    41. 

  41. 

  42. 	# WebDAV
    43. 

  43. 	Scenario: using WebDAV anonymously
    44. 

  44. 		When requesting "/remote.php/webdav" with "PROPFIND"
    45. 

  45. 		Then the HTTP status code should be "401"
    46. 

  46. 

  47. 	Scenario: using WebDAV with basic auth
    48. 

  48. 		When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
    49. 

  49. 		Then the HTTP status code should be "207"
    50. 

  50. 

  51. 	Scenario: using WebDAV with unrestricted basic token auth
    52. 

  52. 		When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
    53. 

  53. 		Then the HTTP status code should be "207"
    54. 

  54. 

  55. 	Scenario: using WebDAV with restricted basic token auth
    56. 

  56. 		When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
    57. 

  57. 		Then the HTTP status code should be "207"
    58. 

  58. 

  59. 	Scenario: using old WebDAV endpoint with unrestricted client token
    60. 

  60. 		When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token
    61. 

  61. 		Then the HTTP status code should be "207"
    62. 

  62. 

  63. 	Scenario: using new WebDAV endpoint with unrestricted client token
    64. 

  64. 		When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token
    65. 

  65. 		Then the HTTP status code should be "207"
    66. 

  66. 

  67. 	Scenario: using WebDAV with browser session
    68. 

  68. 		Given a new browser session is started
    69. 

  69. 		When requesting "/remote.php/webdav" with "PROPFIND" using browser session
    70. 

  70. 		Then the HTTP status code should be "207"
    71. 

  71. 

  72. 	# OCS
    73. 

  73. 	Scenario: using OCS anonymously
    74. 

  74. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
    75. 

  75. 		Then the OCS status code should be "997"
    76. 

  76. 

  77. 	Scenario: using OCS with basic auth
    78. 

  78. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic auth
    79. 

  79. 		Then the OCS status code should be "100"
    80. 

  80. 

  81. 	Scenario: using OCS with token auth
    82. 

  82. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
    83. 

  83. 		Then the OCS status code should be "100"
    84. 

  84. 

  85. 	Scenario: using OCS with an unrestricted client token
    86. 

  86. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
    87. 

  87. 		Then the OCS status code should be "100"
    88. 

  88. 

  89. 	Scenario: using OCS with browser session
    90. 

  90. 		Given a new browser session is started
    91. 

  91. 		When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using browser session
    92. 

  92. 		Then the OCS status code should be "100"
    93. 

  93. 

  94. 	# REMEMBER ME
    95. 

  95. 	Scenario: remember login
    96. 

  96. 		Given a new remembered browser session is started
    97. 

  97. 		When the session cookie expires
    98. 

  98. 		And requesting "/index.php/apps/files" with "GET" using browser session
    99. 

  99. 		Then the HTTP status code should be "200"
    100. 

  100. 

  101. 	# AUTH TOKENS
    102. 

  102. 	Scenario: Creating an auth token with regular auth token should not work
    103. 

  103. 		When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
    104. 

  104. 		Then the HTTP status code should be "200"
    105. 

  105. 		When the CSRF token is extracted from the previous response
    106. 

  106. 		When a new unrestricted client token is added using restricted basic token auth
    107. 

  107. 		Then the HTTP status code should be "503"
    108. 

  108. 

  109. 	Scenario: Creating a restricted auth token with regular login should work
    110. 

  110. 		When a new restricted client token is added
    111. 

  111. 		Then the HTTP status code should be "200"
    112. 

  112. 

  113. 	Scenario: Creating an unrestricted auth token with regular login should work
    114. 

  114. 		When a new unrestricted client token is added
    115. 

  115. 		Then the HTTP status code should be "200"
    116. 

  116.