From 00efd8af2ef344b3bcd99d95a74983109e4a5097 Mon Sep 17 00:00:00 2001 From: Prarup Gurung Date: Wed, 14 Dec 2022 14:15:18 +0545 Subject: [PATCH] [full-ci] [tests-only] Added api test for edit user using graph API (#5150) --- .../features/apiGraph/editUser.feature | 141 ++++++++++++++++++ .../features/bootstrap/GraphContext.php | 116 +++++++++++++- .../bootstrap/RoleAssignmentContext.php | 1 + 3 files changed, 254 insertions(+), 4 deletions(-) create mode 100644 tests/acceptance/features/apiGraph/editUser.feature diff --git a/tests/acceptance/features/apiGraph/editUser.feature b/tests/acceptance/features/apiGraph/editUser.feature new file mode 100644 index 000000000..9156316af --- /dev/null +++ b/tests/acceptance/features/apiGraph/editUser.feature @@ -0,0 +1,141 @@ +@api @skipOnOcV10 +Feature: edit user + + Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production + See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839 + + Background: + Given user "Alice" has been created with default attributes and without skeleton files + And the administrator has given "Alice" the role "Admin" using the settings api + And the user "Alice" has created a new user using the Graph API with the following settings: + | userName | Brian | + | displayName | Brian Murphy | + | email | brian@example.com | + | password | 1234 | + + + Scenario: the admin user can edit another user email + When the user "Alice" changes the email of user "Brian" to "newemail@example.com" using the Graph API + Then the HTTP status code should be "200" + And the user "Brian" should have information with these key and value pairs: + | key | value | + | mail | newemail@example.com | + + + Scenario: the admin user can override an existing user email of another user + When the user "Alice" changes the email of user "Brian" to "brian@example.com" using the Graph API + Then the HTTP status code should be "200" + And the user "Brian" should have information with these key and value pairs: + | key | value | + | mail | brian@example.com | + + + Scenario: the admin user cannot clear an existing user email + When the user "Alice" tries to change the email of user "Brian" to "" using the Graph API + Then the HTTP status code should be "400" + And the user "Brian" should have information with these key and value pairs: + | key | value | + | mail | brian@example.com | + + + Scenario Outline: a normal user should not be able to change their email address + Given the administrator has given "Brian" the role "" using the settings api + When the user "Brian" tries to change the email of user "Brian" to "newemail@example.com" using the Graph API + Then the HTTP status code should be "401" + And the user "Brian" should have information with these key and value pairs: + | key | value | + | mail | brian@example.com | + Examples: + | role | + | Space Admin | + | User | + + + Scenario Outline: a normal user should not be able to edit another user's email + Given the administrator has given "Brian" the role "" using the settings api + And the user "Alice" has created a new user using the Graph API with the following settings: + | userName | Carol | + | displayName | Carol King | + | email | carol@example.com | + | password | 1234 | + When the user "Brian" tries to change the email of user "Carol" to "newemail@example.com" using the Graph API + Then the HTTP status code should be "401" + And the user "Carol" should have information with these key and value pairs: + | key | value | + | mail | carol@example.com | + Examples: + | role | + | Space Admin | + | User | + + + Scenario: the admin user can edit another user display name + When the user "Alice" changes the display name of user "Brian" to "Carol King" using the Graph API + Then the HTTP status code should be "200" + And the user "Brian" should have information with these key and value pairs: + | key | value | + | displayName | Carol King | + + + Scenario: the admin user cannot clear another user display name + When the user "Alice" tries to change the display name of user "Brian" to "" using the Graph API + Then the HTTP status code should be "400" + And the user "Brian" should have information with these key and value pairs: + | key | value | + | displayName | Brian Murphy | + + + Scenario Outline: a normal user should not be able to change his/her own display name + Given the administrator has given "Brian" the role "" using the settings api + When the user "Brian" tries to change the display name of user "Brian" to "Brian Murphy" using the Graph API + Then the HTTP status code should be "401" + And the user "Alice" should have information with these key and value pairs: + | key | value | + | displayName | Alice Hansen | + Examples: + | role | + | Space Admin | + | User | + + + Scenario Outline: a normal user should not be able to edit another user's display name + Given the administrator has given "Brian" the role "" using the settings api + And the user "Alice" has created a new user using the Graph API with the following settings: + | userName | Carol | + | displayName | Carol King | + | email | carol@example.com | + | password | 1234 | + When the user "Brian" tries to change the display name of user "Carol" to "Alice Hansen" using the Graph API + Then the HTTP status code should be "401" + And the user "Carol" should have information with these key and value pairs: + | key | value | + | displayName | Carol King | + Examples: + | role | + | Space Admin | + | User | + + + Scenario: the admin user resets password of another user + Given user "Brian" has uploaded file with content "test file for reset password" to "/resetpassword.txt" + When the user "Alice" resets the password of user "Brian" to "newpassword" using the Graph API + Then the HTTP status code should be "200" + And the content of file "resetpassword.txt" for user "Brian" using password "newpassword" should be "test file for reset password" + + + Scenario Outline: a normal user should not be able to reset the password of another user + Given the administrator has given "Brian" the role "" using the settings api + And the user "Alice" has created a new user using the Graph API with the following settings: + | userName | Carol | + | displayName | Carol King | + | email | carol@example.com | + | password | 1234 | + And user "Carol" has uploaded file with content "test file for reset password" to "/resetpassword.txt" + When the user "Brian" resets the password of user "Carol" to "newpassword" using the Graph API + Then the HTTP status code should be "401" + And the content of file "resetpassword.txt" for user "Carol" using password "1234" should be "test file for reset password" + But user "Carol" using password "newpassword" should not be able to download file "resetpassword.txt" + Examples: + | role | + | Space Admin | + | User | diff --git a/tests/acceptance/features/bootstrap/GraphContext.php b/tests/acceptance/features/bootstrap/GraphContext.php index c9e4276f8..0eb723b37 100644 --- a/tests/acceptance/features/bootstrap/GraphContext.php +++ b/tests/acceptance/features/bootstrap/GraphContext.php @@ -87,6 +87,95 @@ class GraphContext implements Context { $this->featureContext->theHttpStatusCodeShouldBe(200); // TODO 204 when prefer=minimal header was sent } + /** + * @When /^the user "([^"]*)" changes the email of user "([^"]*)" to "([^"]*)" using the Graph API$/ + * @When /^the user "([^"]*)" tries to change the email of user "([^"]*)" to "([^"]*)" using the Graph API$/ + * + * @param string $byUser + * @param string $user + * @param string $email + * + * @return void + * @throws GuzzleException + * @throws Exception + */ + public function theUserChangesTheEmailOfUserToUsingTheGraphApi(string $byUser, string $user, string $email): void { + $response = $this->editUserUsingTheGraphApi($byUser, $user, null, null, $email); + $this->featureContext->setResponse($response); + } + + /** + * @When /^the user "([^"]*)" changes the display name of user "([^"]*)" to "([^"]*)" using the Graph API$/ + * @When /^the user "([^"]*)" tries to change the display name of user "([^"]*)" to "([^"]*)" using the Graph API$/ + * + * @param string $byUser + * @param string $user + * @param string $displayName + * + * @return void + * @throws GuzzleException + * @throws Exception + */ + public function theUserChangesTheDisplayNameOfUserToUsingTheGraphApi(string $byUser, string $user, string $displayName): void { + $response = $this->editUserUsingTheGraphApi($byUser, $user, null, null, null, $displayName); + $this->featureContext->setResponse($response); + } + + /** + * @Then /^the user "([^"]*)" should have information with these key and value pairs:$/ + * + * @param string $user + * @param TableNode $table + * + * @return void + * @throws Exception + * @throws GuzzleException + * @throws JsonException + */ + public function theUserShouldHaveInformationWithTheseKeyAndValuePairs(string $user, TableNode $table): void { + $rows = $table->getHash(); + $this->adminHasRetrievedUserUsingTheGraphApi($user); + foreach ($rows as $row) { + $key = $row['key']; + $expectedValue = $row['value']; + $responseValue = $this->featureContext->getJsonDecodedResponse($this->featureContext->getResponse())[$key]; + Assert::assertEquals( + $expectedValue, + $responseValue + ); + } + } + + /** + * Edits the user information + * + * @param string $byUser + * @param string $user + * @param string|null $userName + * @param string|null $password + * @param string|null $email + * @param string|null $displayName + * + * @return void + * @throws GuzzleException + */ + public function editUserUsingTheGraphApi(string $byUser, string $user, string $userName = null, string $password = null, string $email = null, string $displayName = null): ResponseInterface { + $user = $this->featureContext->getActualUsername($user); + $userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id'); + $userId = $userId ?? $user; + return GraphHelper::editUser( + $this->featureContext->getBaseUrl(), + $this->featureContext->getStepLineRef(), + $byUser, + $this->featureContext->getPasswordForUser($byUser), + $userId, + $userName, + $password, + $email, + $displayName + ); + } + /** * @param string $user * @@ -98,6 +187,7 @@ class GraphContext implements Context { $user = $this->featureContext->getActualUsername($user); try { $userId = $this->featureContext->getAttributeOfCreatedUser($user, "id"); + $userId = $userId ?? $user; } catch (Exception $e) { $userId = $user; } @@ -343,21 +433,25 @@ class GraphContext implements Context { /** * @param string $user * @param string $password + * @param string|null $byUser * * @return void * @throws JsonException */ public function adminChangesPasswordOfUserToUsingTheGraphApi( string $user, - string $password + string $password, + ?string $byUser = null ): void { + $credentials = $this->getAdminOrUserCredentials($byUser); $user = $this->featureContext->getActualUsername($user); - $userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id'); + $userId = $this->featureContext->getAttributeOfCreatedUser($user, "id"); + $userId = $userId ?? $user; $response = GraphHelper::editUser( $this->featureContext->getBaseUrl(), $this->featureContext->getStepLineRef(), - $this->featureContext->getAdminUsername(), - $this->featureContext->getAdminPassword(), + $credentials["username"], + $credentials["password"], $userId, null, $password @@ -365,6 +459,20 @@ class GraphContext implements Context { $this->featureContext->setResponse($response); } + /** + * @When /^the user "([^"]*)" resets the password of user "([^"]*)" to "([^"]*)" using the Graph API$/ + * + * @param string $byUser + * @param string $user + * @param string $password + * + * @return void + * @throws Exception + */ + public function theUserResetsThePasswordOfUserToUsingTheGraphApi(string $byUser, string $user, string $password) { + $this->adminChangesPasswordOfUserToUsingTheGraphApi($user, $password, $byUser); + } + /** * * @param array $groups diff --git a/tests/acceptance/features/bootstrap/RoleAssignmentContext.php b/tests/acceptance/features/bootstrap/RoleAssignmentContext.php index b89791df4..e90b64713 100644 --- a/tests/acceptance/features/bootstrap/RoleAssignmentContext.php +++ b/tests/acceptance/features/bootstrap/RoleAssignmentContext.php @@ -128,6 +128,7 @@ class RoleAssignmentContext implements Context { $admin = $this->featureContext->getAdminUserName(); $roleId = $this->userGetRoleIdByRoleName($admin, $role); $userId = $this->featureContext->getAttributeOfCreatedUser($user, 'id'); + $userId = $userId ?? $user; $this->setRoleToUser($admin, $userId, $roleId); }