From 244f2bc937ec0079c1c1251bfe1f74b6ca0f8844 Mon Sep 17 00:00:00 2001
From: Saw-jan <saw.jan.grg3e@gmail.com>
Date: Thu, 18 Jul 2024 09:44:31 +0545
Subject: [PATCH] test: updated test expectation

---
 ...ected-failures-localAPI-on-OCIS-storage.md | 25 -------------------
 .../features/apiGraph/changeRole.feature      |  2 +-
 .../apiGraphUserGroup/addUserToGroup.feature  |  4 +--
 .../apiGraphUserGroup/createUser.feature      |  2 +-
 .../apiGraphUserGroup/deleteUser.feature      |  8 +++---
 .../apiGraphUserGroup/editUser.feature        | 10 ++++----
 .../apiGraphUserGroup/getGroup.feature        |  2 +-
 .../removeUserFromGroup.feature               |  2 +-
 .../searchUserIncludingEmail.feature          |  4 +--
 9 files changed, 17 insertions(+), 42 deletions(-)

diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
index 5623d3e42..d116f639c 100644
--- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
+++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
@@ -74,30 +74,6 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 
 - [apiGraphUserGroup/addUserToGroup.feature:289](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L289)
 
-#### [API requests from an unauthorized user should return 403](https://github.com/owncloud/ocis/issues/5938)
-
-- [apiGraphUserGroup/addUserToGroup.feature:152](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L152)
-- [apiGraphUserGroup/addUserToGroup.feature:153](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L153)
-- [apiGraphUserGroup/addUserToGroup.feature:154](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L154)
-- [apiGraphUserGroup/addUserToGroup.feature:188](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L188)
-- [apiGraphUserGroup/addUserToGroup.feature:189](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L189)
-- [apiGraphUserGroup/addUserToGroup.feature:190](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L190)
-- [apiGraphUserGroup/createGroup.feature:42](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/createGroup.feature#L42)
-- [apiGraphUserGroup/createGroup.feature:43](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/createGroup.feature#L43)
-- [apiGraphUserGroup/createGroup.feature:44](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/createGroup.feature#L44)
-- [apiGraphUserGroup/deleteGroup.feature:63](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/deleteGroup.feature#L63)
-- [apiGraphUserGroup/deleteGroup.feature:62](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/deleteGroup.feature#L62)
-- [apiGraphUserGroup/deleteGroup.feature:64](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/deleteGroup.feature#L64)
-- [apiGraphUserGroup/editGroup.feature:35](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/editGroup.feature#L35)
-- [apiGraphUserGroup/editGroup.feature:34](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/editGroup.feature#L34)
-- [apiGraphUserGroup/editGroup.feature:36](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/editGroup.feature#L36)
-- [apiGraphUserGroup/getGroup.feature:107](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/getGroup.feature#L107)
-- [apiGraphUserGroup/getGroup.feature:108](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/getGroup.feature#L108)
-- [apiGraphUserGroup/getGroup.feature:109](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/getGroup.feature#L109)
-- [apiGraphUserGroup/removeUserFromGroup.feature:193](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature#L193)
-- [apiGraphUserGroup/removeUserFromGroup.feature:194](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature#L194)
-- [apiGraphUserGroup/removeUserFromGroup.feature:195](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature#L195)
-
 #### [API requests for a non-existent resources should return 404](https://github.com/owncloud/ocis/issues/5939)
 
 - [apiGraphUserGroup/addUserToGroup.feature:205](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature#L205)
@@ -306,7 +282,6 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiSpacesDavOperation/moveByFileId.feature:208](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesDavOperation/moveByFileId.feature#L208)
 - [apiSpacesDavOperation/moveByFileId.feature:209](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesDavOperation/moveByFileId.feature#L209)
 
-
 ### [OCM. sharing issues](https://github.com/owncloud/ocis/issues/9534)
 
 - [apiOcm/share.feature:12](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiOcm/share.feature#L12)
diff --git a/tests/acceptance/features/apiGraph/changeRole.feature b/tests/acceptance/features/apiGraph/changeRole.feature
index b3c561dde..6ce2738c7 100644
--- a/tests/acceptance/features/apiGraph/changeRole.feature
+++ b/tests/acceptance/features/apiGraph/changeRole.feature
@@ -51,7 +51,7 @@ Feature: change role
     Given the administrator has assigned the role "<user-role>" to user "Alice" using the Graph API
     And user "Brian" has been created with default attributes and without skeleton files
     When user "Alice" tries to change the role of user "Alice" to role "Admin" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And user "Brian" should have the role "User"
     Examples:
       | user-role   |
diff --git a/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature b/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature
index ad936dd20..0957d7075 100644
--- a/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature
+++ b/tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature
@@ -140,7 +140,7 @@ Feature: add users to group
             "properties": {
               "message": {
                 "type": "string",
-                "enum": ["Unauthorized"]
+                "enum": ["Forbidden"]
               }
             }
           }
@@ -176,7 +176,7 @@ Feature: add users to group
             "properties": {
               "message" : {
                 "type": "string",
-                "enum": ["Unauthorized"]
+                "enum": ["Forbidden"]
               }
             }
           }
diff --git a/tests/acceptance/features/apiGraphUserGroup/createUser.feature b/tests/acceptance/features/apiGraphUserGroup/createUser.feature
index 63b4df65b..821a411d3 100644
--- a/tests/acceptance/features/apiGraphUserGroup/createUser.feature
+++ b/tests/acceptance/features/apiGraphUserGroup/createUser.feature
@@ -56,7 +56,7 @@ Feature: create user
       | email          | @example.org |
       | password       | 123          |
       | accountEnabled | true         |
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And user "user" should not exist
     Examples:
       | user-role   |
diff --git a/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature b/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature
index fc1e21ec5..ebdc6f9d2 100644
--- a/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature
+++ b/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature
@@ -60,7 +60,7 @@ Feature: delete user
   Scenario Outline: non-admin user tries to delete his/her own account
     Given the administrator has assigned the role "<user-role>" to user "Alice" using the Graph API
     When the user "Alice" deletes a user "Alice" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And user "Alice" should exist
     Examples:
       | user-role   |
@@ -78,7 +78,7 @@ Feature: delete user
   Scenario Outline: non-admin user tries to delete a nonexistent user
     Given the administrator has assigned the role "<user-role>" to user "Alice" using the Graph API
     When the user "Alice" tries to delete a nonexistent user using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     Examples:
       | user-role   |
       | Space Admin |
@@ -91,7 +91,7 @@ Feature: delete user
     And the administrator has assigned the role "<user-role-2>" to user "Brian" using the Graph API
     And the administrator has assigned the role "<user-role>" to user "Alice" using the Graph API
     When the user "Alice" deletes a user "Brian" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And user "Brian" should exist
     Examples:
       | user-role   | user-role-2 |
@@ -126,7 +126,7 @@ Feature: delete user
     And the administrator has assigned the role "<user-role>" to user "Carol" using the Graph API
     And the user "Alice" has disabled user "Brian"
     When the user "Carol" deletes a user "Brian" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And user "Brian" should exist
     Examples:
       | user-role   | user-role-2 |
diff --git a/tests/acceptance/features/apiGraphUserGroup/editUser.feature b/tests/acceptance/features/apiGraphUserGroup/editUser.feature
index 14c88df54..b2e522901 100644
--- a/tests/acceptance/features/apiGraphUserGroup/editUser.feature
+++ b/tests/acceptance/features/apiGraphUserGroup/editUser.feature
@@ -123,7 +123,7 @@ Feature: edit user
   Scenario Outline: normal user should not be able to change his/her own display name
     Given the administrator has assigned the role "<user-role>" to user "Brian" using the Graph API
     When the user "Brian" tries to change the display name of user "Brian" to "Brian Murphy" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And the user information of "Alice" should match this JSON schema
       """
       {
@@ -155,7 +155,7 @@ Feature: edit user
       | password    | 1234              |
     And the administrator has assigned the role "<user-role-2>" to user "Carol" using the Graph API
     When the user "Brian" tries to change the display name of user "Carol" to "Alice Hansen" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And the user information of "Carol" should match this JSON schema
       """
       {
@@ -204,7 +204,7 @@ Feature: edit user
     And the administrator has assigned the role "<user-role-2>" to user "Carol" using the Graph API
     And user "Carol" has uploaded file with content "test file for reset password" to "/resetpassword.txt"
     When the user "Brian" resets the password of user "Carol" to "newpassword" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And the content of file "resetpassword.txt" for user "Carol" using password "1234" should be "test file for reset password"
     But user "Carol" using password "newpassword" should not be able to download file "resetpassword.txt"
     Examples:
@@ -264,7 +264,7 @@ Feature: edit user
     Given user "Carol" has been created with default attributes and without skeleton files
     And the administrator has assigned the role "<user-role>" to user "Brian" using the Graph API
     When the user "Brian" tries to disable user "Carol" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     When user "Alice" gets information of user "Carol" using Graph API
     Then the HTTP status code should be "200"
     And the JSON data of the response should match
@@ -347,7 +347,7 @@ Feature: edit user
     And the user "Alice" has disabled user "Carol"
     And the administrator has assigned the role "<user-role>" to user "Brian" using the Graph API
     When the user "Brian" tries to enable user "Carol" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     When user "Alice" gets information of user "Carol" using Graph API
     Then the HTTP status code should be "200"
     And the JSON data of the response should match
diff --git a/tests/acceptance/features/apiGraphUserGroup/getGroup.feature b/tests/acceptance/features/apiGraphUserGroup/getGroup.feature
index e55819afa..505653881 100644
--- a/tests/acceptance/features/apiGraphUserGroup/getGroup.feature
+++ b/tests/acceptance/features/apiGraphUserGroup/getGroup.feature
@@ -95,7 +95,7 @@ Feature: get groups and their members
             "properties": {
               "message": {
                 "type": "string",
-                "enum": ["Unauthorized"]
+                "enum": ["Forbidden"]
               }
             }
           }
diff --git a/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature b/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature
index a8032edaf..b50ed0693 100644
--- a/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature
+++ b/tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature
@@ -180,7 +180,7 @@ Feature: remove a user from a group
             "properties": {
               "message": {
                 "type": "string",
-                "enum": ["Unauthorized"]
+                "enum": ["Forbidden"]
               }
             }
           }
diff --git a/tests/acceptance/features/apiGraphUserGroup/searchUserIncludingEmail.feature b/tests/acceptance/features/apiGraphUserGroup/searchUserIncludingEmail.feature
index cc98992bd..c087b2245 100644
--- a/tests/acceptance/features/apiGraphUserGroup/searchUserIncludingEmail.feature
+++ b/tests/acceptance/features/apiGraphUserGroup/searchUserIncludingEmail.feature
@@ -39,7 +39,7 @@ Feature: edit/search user including email
   Scenario Outline: normal user should not be able to change their email address
     Given the administrator has assigned the role "<user-role>" to user "Brian" using the Graph API
     When the user "Brian" tries to change the email of user "Brian" to "newemail@example.com" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And the user information of "Brian" should match this JSON schema
       """
       {
@@ -68,7 +68,7 @@ Feature: edit/search user including email
       | password    | 1234              |
     And the administrator has assigned the role "<user-role-2>" to user "Carol" using the Graph API
     When the user "Brian" tries to change the email of user "Carol" to "newemail@example.com" using the Graph API
-    Then the HTTP status code should be "401"
+    Then the HTTP status code should be "403"
     And the user information of "Carol" should match this JSON schema
       """
       {