test for adding users to a group using invalid JSON (#5931)

2026-01-04 03:09:33 -06:00 · 2023-03-27 10:41:21 +05:45
parent a82ec7fb0c
commit 264aacca8f
2 changed files with 111 additions and 0 deletions
--- a/tests/acceptance/features/apiGraph/addUserToGroup.feature
+++ b/tests/acceptance/features/apiGraph/addUserToGroup.feature
@@ -253,3 +253,37 @@ Feature: add users to group
    And user "Brian" has been added to group "music"
    When the administrator "Alice" tries to add a group "music" to a group "student" using the Graph API
    Then the HTTP status code should be "400"
+
+
+  Scenario Outline: admin tries to add a user to a group with invalid JSON
+    Given the administrator has given "Alice" the role "Admin" using the settings api
+    And these users have been created with default attributes and without skeleton files:
+      | username |
+      | Brian    |
+    And user "Alice" has created a group "grp1" using the Graph API
+    When user "Alice" tries to add user "Brian" to group "grp1" with invalid JSON "<invalid-json>" using the Graph API
+    Then the HTTP status code should be "400"
+    Examples:
+      | invalid-json                                                        |
+      | {'@odata.id': 'https://localhost:9200/graph/v1.0/users/%user_id%',} |
+      | {'@odata.id'- 'https://localhost:9200/graph/v1.0/users/%user_id%'}  |
+      | {@odata.id: https://localhost:9200/graph/v1.0/users/%user_id%}      |
+
+
+  Scenario Outline: admin tries to add multiple users to a group at once with invalid JSON
+    Given the administrator has given "Alice" the role "Admin" using the settings api
+    And these users have been created with default attributes and without skeleton files:
+      | username |
+      | Brian    |
+      | Carol    |
+    And user "Alice" has created a group "grp1" using the Graph API
+    When user "Alice" tries to add the following users to a group "grp1" at once with invalid JSON "<invalid-json>" using the Graph API
+      | username |
+      | Brian    |
+      | Carol    |
+    Then the HTTP status code should be "400"
+    Examples:
+      | invalid-json                                                                                                                       |
+      | {'members@odata.bind': ['https://localhost:9200/graph/v1.0/users/%user_id%',,'https://localhost:9200/graph/v1.0/users/%user_id%']} |
+      | {'members@odata.bind'- ['https://localhost:9200/graph/v1.0/users/%user_id%','https://localhost:9200/graph/v1.0/users/%user_id%']}  |
+      | {'members@odata.bind': ['https://localhost:9200/graph/v1.0/users/%user_id%'.'https://localhost:9200/graph/v1.0/users/%user_id%']}  |
--- a/tests/acceptance/features/bootstrap/GraphContext.php
+++ b/tests/acceptance/features/bootstrap/GraphContext.php
@@ -16,6 +16,7 @@ use Psr\Http\Message\ResponseInterface;
 use TestHelpers\GraphHelper;
 use TestHelpers\WebDavHelper;
 use PHPUnit\Framework\Assert;
+use TestHelpers\HttpRequestHelper;

 require_once 'bootstrap.php';

@@ -2191,4 +2192,80 @@ class GraphContext implements Context {
 			)
 		);
 	}
+
+	/**
+	 * @When /^user "([^"]*)" tries to add user "([^"]*)" to group "([^"]*)" with invalid JSON "([^"]*)" using the Graph API$/
+	 *
+	 * @param string $adminUser
+	 * @param string $user
+	 * @param string $group
+	 * @param string $invalidJSON
+	 *
+	 * @return void
+	 * @throws Exception
+	 * @throws GuzzleException
+	 */
+	public function userTriesToAddUserToGroupWithInvalidJsonUsingTheGraphApi(string $adminUser, string $user, string $group, string $invalidJSON): void {
+		$groupId = $this->featureContext->getAttributeOfCreatedGroup($group, "id");
+		$credentials = $this->getAdminOrUserCredentials($adminUser);
+
+		$invalidJSON = $this->featureContext->substituteInLineCodes(
+			$invalidJSON,
+			null,
+			[],
+			[],
+			null,
+			$user
+		);
+
+		$this->featureContext->setResponse(
+			HttpRequestHelper::post(
+				GraphHelper::getFullUrl($this->featureContext->getBaseUrl(), 'groups/' . $groupId . '/members/$ref'),
+				$this->featureContext->getStepLineRef(),
+				$credentials["username"],
+				$credentials["password"],
+				['Content-Type' => 'application/json'],
+				\json_encode($invalidJSON)
+			)
+		);
+	}
+
+	/**
+	 * @When /^user "([^"]*)" tries to add the following users to a group "([^"]*)" at once with invalid JSON "([^"]*)" using the Graph API$/
+	 *
+	 * @param string $user
+	 * @param string $group
+	 * @param string $invalidJSON
+	 * @param TableNode $table
+	 *
+	 * @return void
+	 * @throws Exception
+	 * @throws GuzzleException
+	 */
+	public function userTriesToAddTheFollowingUsersToAGroupAtOnceWithInvalidJsonUsingTheGraphApi(string $user, string $group, string $invalidJSON, TableNode $table): void {
+		$groupId = $this->featureContext->getAttributeOfCreatedGroup($group, "id");
+		$credentials = $this->getAdminOrUserCredentials($user);
+		foreach ($table->getHash() as $row) {
+			$invalidJSON = $this->featureContext->substituteInLineCodes(
+				$invalidJSON,
+				null,
+				[],
+				[],
+				null,
+				$row['username']
+			);
+		}
+
+		$this->featureContext->setResponse(
+			HttpRequestHelper::sendRequest(
+				GraphHelper::getFullUrl($this->featureContext->getBaseUrl(), 'groups/' . $groupId),
+				$this->featureContext->getStepLineRef(),
+				'PATCH',
+				$credentials["username"],
+				$credentials["password"],
+				['Content-Type' => 'application/json'],
+				\json_encode($invalidJSON)
+			)
+		);
+	}
 }