mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-28 09:29:41 -06:00
Code Issues Packages Projects Releases Wiki Activity

[tests-only][ci] split large API test suites (#8212) (#8252)

Browse Source 
* split large API test suites

* remove 30s sleep

* organize core-api test suites

* organize core-api test suites

* divide into 9 pipelines

* organize core-api test suites

* organize api-search suites

* organize api-search suites

* fix config file
This commit is contained in:
Sawjan Gurung
2024-01-19 18:45:40 +05:45
committed by GitHub
parent c5f768153a
commit 4df7c5712c
52 changed files with 221 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

435
tests/acceptance/features/apiGraphUserGroup/addUserToGroup.feature Normal file
View File

@@ -0,0 +1,435 @@
Feature: add users to group
As a admin
I want to be able to add users to a group
So that I can give a user access to the resources of the group
Background:
Given user "Alice" has been created with default attributes and without skeleton files
Scenario: adding a user to a group
Given these groups have been created:
| groupname | comment |
| simplegroup | nothing special here |
| España§àôœ | special European and other characters |
| | Unicode group name |
When the administrator adds the following users to the following groups using the Graph API
| username | groupname |
| Alice | simplegroup |
| Alice | España§àôœ |
| Alice | |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should be listed in the following groups
| username | groupname |
| Alice | simplegroup |
| Alice | España§àôœ |
| Alice | |
Scenario: adding a user to a group with special character in its name
Given these groups have been created:
| groupname | comment |
| brand-new-group | dash |
| the.group | dot |
| left,right | comma |
| 0 | The "false" group |
| Finance (NP) | Space and brackets |
| Admin&Finance | Ampersand |
| maint+eng | Plus sign |
| $x<=>[y*z^2]! | Maths symbols |
| 😁 😂 | emoji |
| admin:Pokhara@Nepal | Colon and @ |
When the administrator adds the following users to the following groups using the Graph API
| username | groupname |
| Alice | brand-new-group |
| Alice | the.group |
| Alice | left,right |
| Alice | 0 |
| Alice | Finance (NP) |
| Alice | Admin&Finance |
| Alice | maint+eng |
| Alice | $x<=>[y*z^2]! |
| Alice | 😁 😂 |
| Alice | admin:Pokhara@Nepal |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should be listed in the following groups
| username | groupname |
| Alice | brand-new-group |
| Alice | the.group |
| Alice | left,right |
| Alice | 0 |
| Alice | Finance (NP) |
| Alice | Admin&Finance |
| Alice | maint+eng |
| Alice | $x<=>[y*z^2]! |
| Alice | 😁 😂 |
| Alice | admin:Pokhara@Nepal |
Scenario: adding a user to a group with % and # in its name
Given these groups have been created:
| groupname | comment |
| maintenance#123 | Hash sign |
| 50%pass | Percent sign (special escaping happens) |
| 50%25=0 | %25 literal looks like an escaped "%" |
| 50%2Eagle | %2E literal looks like an escaped "." |
| 50%2Fix | %2F literal looks like an escaped slash |
| Mgmt\Middle | Backslash |
| staff?group | Question mark |
When the administrator adds the following users to the following groups using the Graph API
| username | groupname |
| Alice | maintenance#123 |
| Alice | 50%pass |
| Alice | 50%25=0 |
| Alice | 50%2Eagle |
| Alice | 50%2Fix |
| Alice | Mgmt\Middle |
| Alice | staff?group |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should be listed in the following groups
| username | groupname |
| Alice | maintenance#123 |
| Alice | 50%pass |
| Alice | 50%25=0 |
| Alice | 50%2Eagle |
| Alice | 50%2Fix |
| Alice | Mgmt\Middle |
| Alice | staff?group |
Scenario: adding a user to a group that has a forward-slash in the group name
Given these groups have been created:
| groupname | comment |
| Mgmt/Sydney | Slash (special escaping happens) |
| Mgmt//NSW/Sydney | Multiple slash |
| priv/subadmins/1 | Subadmins mentioned not at the end |
| var/../etc | using slash-dot-dot |
When the administrator adds the following users to the following groups using the Graph API
| username | groupname |
| Alice | Mgmt/Sydney |
| Alice | Mgmt//NSW/Sydney |
| Alice | priv/subadmins/1 |
| Alice | var/../etc |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should be listed in the following groups
| username | groupname |
| Alice | Mgmt/Sydney |
| Alice | Mgmt//NSW/Sydney |
| Alice | priv/subadmins/1 |
| Alice | var/../etc |
@issue-5938
Scenario Outline: user other than the admin tries to add herself to a group
Given the administrator has assigned the role "<role>" to user "Alice" using the Graph API
And group "groupA" has been created
When user "Alice" tries to add herself to group "groupA" using the Graph API
Then the HTTP status code should be "403"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string",
"enum": ["Unauthorized"]
}
}
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |
@issue-5938
Scenario Outline: user other than the admin tries to add other user to a group
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
And group "groupA" has been created
When user "Alice" tries to add user "Brian" to group "groupA" using the Graph API
Then the HTTP status code should be "403"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "object",
"required": [
"message"
],
"properties": {
"message" : {
"type": "string",
"enum": ["Unauthorized"]
}
}
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: admin tries to add user to a nonexistent group
When the administrator tries to add user "Alice" to a nonexistent group using the Graph API
Then the HTTP status code should be "404"
@issue-5939
Scenario Outline: user other than the admin tries to add user to a nonexistent group
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Alice" using the Graph API
When the user "Alice" tries to add user "Brian" to a nonexistent group using the Graph API
Then the HTTP status code should be "404"
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: admin tries to add a nonexistent user to a group
Given group "groupA" has been created
When the administrator tries to add nonexistent user to group "groupA" using the Graph API
Then the HTTP status code should be "404"
Scenario: admin tries to add user to a group without sending the group
When the administrator tries to add user "Alice" to a nonexistent group using the Graph API
Then the HTTP status code should be "404"
Scenario: add multiple users to a group at once
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
| Carol |
And user "Alice" has created a group "grp1" using the Graph API
When the administrator "Alice" adds the following users to a group "grp1" at once using the Graph API
| username |
| Brian |
| Carol |
Then the HTTP status code should be "204"
And the following users should be listed in the following groups
| username | groupname |
| Brian | grp1 |
| Carol | grp1 |
Scenario: admin tries to add users to a nonexistent group at once
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
| Carol |
When the administrator "Alice" tries to add the following users to a nonexistent group at once using the Graph API
| username |
| Brian |
| Carol |
Then the HTTP status code should be "404"
Scenario: admin tries to add multiple nonexistent users to a group at once
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And user "Alice" has created a group "grp1" using the Graph API
When the administrator "Alice" tries to add the following nonexistent users to a group "grp1" at once using the Graph API
| username |
| Brian |
| Carol |
Then the HTTP status code should be "404"
Scenario: admin tries to add nonexistent and existing users to a group at once
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
And user "Alice" has created a group "grp1" using the Graph API
When the administrator "Alice" tries to add the following existent and nonexistent users to a group "grp1" at once using the Graph API
| username |
| Brian |
| Carol |
Then the HTTP status code should be "404"
Scenario: adding a disabled user to a group
Given these groups have been created:
| groupname | comment |
| sales | normal group |
And the user "Admin" has disabled user "Alice"
When the administrator adds the following users to the following groups using the Graph API
| username | groupname |
| Alice | sales |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should be listed in the following groups
| username | groupname |
| Alice | sales |
@issue-5702
Scenario: try to add users to a group twice
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
| Carol |
And user "Alice" has created a group "grp1" using the Graph API
And the administrator "Alice" has added the following users to a group "grp1" at once using the Graph API
| username |
| Brian |
| Carol |
When the administrator "Alice" adds the following users to a group "grp1" at once using the Graph API
| username |
| Brian |
| Carol |
Then the HTTP status code should be "400"
And the following users should be listed in the following groups
| username | groupname |
| Brian | grp1 |
| Carol | grp1 |
@issue-5793
Scenario: try to add a group to another group with PATCH request
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
And these groups have been created:
| groupname |
| student |
| music |
And user "Brian" has been added to group "music"
When the administrator "Alice" tries to add a group "music" to another group "student" with PATCH request using the Graph API
Then the HTTP status code should be "400"
@issue-5793
Scenario: try to add a group to another group with POST request
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
And these groups have been created:
| groupname |
| student |
| music |
And user "Brian" has been added to group "music"
When the administrator "Alice" tries to add a group "music" to another group "student" with POST request using the Graph API
Then the HTTP status code should be "400"
Scenario Outline: admin tries to add a user to a group with invalid JSON
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
And user "Alice" has created a group "grp1" using the Graph API
When user "Alice" tries to add user "Brian" to group "grp1" with invalid JSON "<invalid-json>" using the Graph API
Then the HTTP status code should be "400"
Examples:
| invalid-json |
| {'@odata.id': 'https://localhost:9200/graph/v1.0/users/%user_id%',} |
| {'@odata.id'- 'https://localhost:9200/graph/v1.0/users/%user_id%'} |
| {@odata.id: https://localhost:9200/graph/v1.0/users/%user_id%} |
Scenario Outline: admin tries to add multiple users to a group at once with invalid JSON
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
| Carol |
And user "Alice" has created a group "grp1" using the Graph API
When user "Alice" tries to add the following users to a group "grp1" at once with invalid JSON "<invalid-json>" using the Graph API
| username |
| Brian |
| Carol |
Then the HTTP status code should be "400"
Examples:
| invalid-json |
| {'members@odata.bind': ['https://localhost:9200/graph/v1.0/users/%user_id%',,'https://localhost:9200/graph/v1.0/users/%user_id%']} |
| {'members@odata.bind'- ['https://localhost:9200/graph/v1.0/users/%user_id%','https://localhost:9200/graph/v1.0/users/%user_id%']} |
| {'members@odata.bind': ['https://localhost:9200/graph/v1.0/users/%user_id%'.'https://localhost:9200/graph/v1.0/users/%user_id%']} |
@issue-5871
Scenario: admin tries to add multiple users with wrong host
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
| Carol |
And user "Alice" has created a group "grp1" using the Graph API
When user "Alice" tries to add the following users to a group "grp1" at once with an invalid host using the Graph API
| username |
| Brian |
| Carol |
Then the HTTP status code should be "400"
@issue-5871
Scenario: admin tries to add single user with wrong host
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
And user "Alice" has created a group "grp1" using the Graph API
When user "Alice" tries to add user "Brian" to group "grp1" with an invalid host using the Graph API
Then the HTTP status code should be "400"
Scenario Outline: try to add invalid user id to a group
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And user "Alice" has created a group "grp1" using the Graph API
When the administrator "Alice" tries to add an invalid user id "<invalid-uuidv4>" to a group "grp1" using the Graph API
Then the HTTP status code should be "404"
Examples:
| invalid-uuidv4 | comment |
| <EFBFBD>ϰ<EFBFBD>Ϧ-@$@^-Ëøœ-ɧɸɱʨΌϖЁϿ | UTF characters |
| 4c510ada-c86b-4815-8820-42cdf82c3d511 | adding an extra character at end of valid UUID pattern |
| 4c510adac8-6b-4815-882042cdf-82c3d51 | invalid UUID pattern |
Scenario Outline: try to add invalid user ids to a group at once
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And user "Alice" has created a group "grp1" using the Graph API
When the administrator "Alice" tries to add the following invalid user ids to a group "grp1" at once using the Graph API
| user-id |
| <invalid-uuidv4> |
| <invalid-uuidv4> |
Then the HTTP status code should be "404"
Examples:
| invalid-uuidv4 | comment |
| <EFBFBD>ϰ<EFBFBD>Ϧ-@$@^-Ëøœ-ɧɸɱʨΌϖЁϿ | UTF characters |
| 4c510ada-c86b-4815-8820-42cdf82c3d511 | adding an extra character at end of valid UUID pattern |
| 4c510adac8-6b-4815-882042cdf-82c3d51 | invalid UUID pattern |
@issue-5855
Scenario: add same user twice to a group at once
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And these users have been created with default attributes and without skeleton files:
| username |
| Brian |
And user "Alice" has created a group "grp1" using the Graph API
When the administrator "Alice" adds the following users to a group "grp1" at once using the Graph API
| username |
| Brian |
| Brian |
Then the HTTP status code should be "204"
And the user "Brian" should be listed once in the group "grp1"

19
tests/acceptance/features/apiGraphUserGroup/changeOwnPassword.feature Normal file
View File

@@ -0,0 +1,19 @@
Feature: an user changes its own password
As a user
I want to change my password
So that I can use new combination as password
Scenario Outline: change own password
Given user "Alice" has been created with default attributes and without skeleton files
When the user "Alice" changes its own password "<currentPassword>" to "<newPassword>" using the Graph API
Then the HTTP status code should be "<code>"
Examples:
| currentPassword | newPassword | code |
| 123456 | validPass | 204 |
| 123456 | кириллица | 204 |
| 123456 | | 204 |
| 123456 | ?&^%0 | 204 |
| 123456 | | 400 |
| 123456 | 123456 | 400 |
| wrongPass | 123456 | 400 |
| | validPass | 400 |

49
tests/acceptance/features/apiGraphUserGroup/createGroup.feature Normal file
View File

@@ -0,0 +1,49 @@
Feature: create group
As an admin
I want to create a group
So that I can add users to the group
Background:
Given user "Alice" has been created with default attributes and without skeleton files
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
Scenario Outline: admin user creates a group
When user "Alice" creates a group "<groupname>" using the Graph API
Then the HTTP status code should be "201"
And group "<groupname>" should exist
Examples:
| groupname |
| simplegroup |
| España§àôœ |
| |
| $x<=>[y*z^2+1]! |
| 😅 😆 |
| comma,grp1 |
| Finance (NP) |
| slash\Middle |
@issue-3516
Scenario: admin user tries to create a group that already exists
Given group "mygroup" has been created
When user "Alice" tries to create a group "mygroup" using the Graph API
Then the HTTP status code should be "409"
And group "mygroup" should exist
@issue-5938
Scenario Outline: user other than the admin can't create a group
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<userRole>" to user "Brian" using the Graph API
When user "Brian" tries to create a group "mygroup" using the Graph API
Then the HTTP status code should be "403"
And group "mygroup" should not exist
Examples:
| userRole |
| Space Admin |
| User |
| User Light |
@issue-5050
Scenario: admin user tries to create a group that is the empty string
When user "Alice" tries to create a group "" using the Graph API
Then the HTTP status code should be "400"

24
tests/acceptance/features/apiGraphUserGroup/createGroupCaseSensitive.feature Normal file
View File

@@ -0,0 +1,24 @@
Feature: create groups, group names are case insensitive
As an admin
I want to create groups with similar cases
So that I can check if the group names are case sensitive
@issue-3516
Scenario Outline: group names are case insensitive, creating groups with different upper and lower case names
Given using OCS API version "<ocs_api_version>"
And group "<group_id1>" has been created
When the administrator creates a group "<group_id2>" using the Graph API
And the administrator creates a group "<group_id3>" using the Graph API
Then the HTTP status code of responses on all endpoints should be "409"
And these groups should not exist:
| groupname |
| <group_id2> |
| <group_id3> |
Examples:
| ocs_api_version | group_id1 | group_id2 | group_id3 |
| 1 | case-sensitive-group | Case-Sensitive-Group | CASE-SENSITIVE-GROUP |
| 1 | Case-Sensitive-Group | CASE-SENSITIVE-GROUP | case-sensitive-group |
| 1 | CASE-SENSITIVE-GROUP | case-sensitive-group | Case-Sensitive-Group |
| 2 | case-sensitive-group | Case-Sensitive-Group | CASE-SENSITIVE-GROUP |
| 2 | Case-Sensitive-Group | CASE-SENSITIVE-GROUP | case-sensitive-group |
| 2 | CASE-SENSITIVE-GROUP | case-sensitive-group | Case-Sensitive-Group |

152
tests/acceptance/features/apiGraphUserGroup/createUser.feature Normal file
View File

@@ -0,0 +1,152 @@
Feature: create user
As a admin
I want to create a user
So that the user can use the application
Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production
See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839
Background:
Given user "Alice" has been created with default attributes and without skeleton files
@issue-3516
Scenario Outline: admin creates a user
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
When the user "Alice" creates a new user with the following attributes using the Graph API:
| userName | <userName> |
| displayName | <displayName> |
| email | <email> |
| password | <password> |
| accountEnabled | <enable> |
Then the HTTP status code should be "<code>"
And user "<userName>" <shouldOrNot> exist
Examples:
| userName | displayName | email | password | code | enable | shouldOrNot |
| SameDisplayName | Alice Hansen | new@example.org | containsCharacters(*:!;_+-&) | 201 | true | should |
| withoutPassSameEmail | without pass | alice@example.org | | 201 | true | should |
| name | pass with space | example@example.org | my pass | 201 | true | should |
| user1 | user names must not start with a number | example@example.org | my pass | 201 | true | should |
| nameWithCharacters(*:!;_+-&) | user | new@example.org | 123 | 400 | true | should not |
| name with space | name with space | example@example.org | 123 | 400 | true | should not |
| createDisabledUser | disabled user | example@example.org | 123 | 201 | false | should |
| nameWithNumbers0123456 | user | name0123456@example.org | 123 | 201 | true | should |
| name.with.dots | user | name.w.dots@example.org | 123 | 201 | true | should |
| 123456789 | user | 123456789@example.org | 123 | 400 | true | should not |
| 0.0 | user | float@example.org | 123 | 400 | true | should not |
| withoutEmail | without email | | 123 | 201 | true | should |
| Alice | same userName | new@example.org | 123 | 409 | true | should |
Scenario: user cannot be created with empty name
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
When the user "Alice" creates a new user with the following attributes using the Graph API:
| userName | |
| displayName | emptyName |
| email | @example.org |
| password | 123 |
| accountEnabled | true |
Then the HTTP status code should be "400"
Scenario Outline: user without admin right cannot create a user
Given the administrator has assigned the role "<role>" to user "Alice" using the Graph API
When the user "Alice" creates a new user with the following attributes using the Graph API:
| userName | user |
| displayName | user |
| email | @example.org |
| password | 123 |
| accountEnabled | true |
Then the HTTP status code should be "401"
And user "user" should not exist
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: user cannot be created with the name of the disabled user
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And the user "Alice" has disabled user "Brian"
When the user "Alice" creates a new user with the following attributes using the Graph API:
| userName | Brian |
| displayName | This is another Brian |
| email | brian@example.com |
| password | 123 |
| accountEnabled | true |
Then the HTTP status code should be "409"
Scenario: user can be created with the name of the deleted user
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And the user "Alice" has deleted a user "Brian"
When the user "Alice" creates a new user with the following attributes using the Graph API:
| userName | Brian |
| displayName | This is another Brian |
| email | brian@example.com |
| password | 123 |
| accountEnabled | true |
Then the HTTP status code should be "201"
And user "Brian" should exist
@env-config
Scenario Outline: create user with setting OCIS no restriction on the user name
Given the config "GRAPH_USERNAME_MATCH" has been set to "none"
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
When the user "Alice" creates a new user with the following attributes using the Graph API:
| userName | <userName> |
| displayName | test user |
| email | new@example.org |
| password | 123 |
| accountEnabled | true |
Then the HTTP status code should be "201"
And user "<userName>" should exist
Examples:
| userName | description |
| 1248Bob | user names starts with the number |
| (*:!;+-&$%)_alice | user names starts with the ASCII characters |
@env-config
Scenario: create user with setting OCIS not to assign the default user role
Given the config "GRAPH_ASSIGN_DEFAULT_USER_ROLE" has been set to "false"
When the user "admin" creates a new user with the following attributes using the Graph API:
| userName | sam |
| displayName | test user |
| email | new@example.org |
| password | 123 |
| accountEnabled | true |
Then the HTTP status code should be "201"
And user "sam" should exist
When the administrator retrieves the assigned role of user "sam" using the Graph API
Then the HTTP status code should be "200"
And the Graph API response should have no role
@env-config
Scenario: create user with setting OCIS assign the default user role
Given the config "GRAPH_ASSIGN_DEFAULT_USER_ROLE" has been set to "true"
When the user "admin" creates a new user with the following attributes using the Graph API:
| userName | sam |
| displayName | test user |
| email | new@example.org |
| password | 123 |
| accountEnabled | true |
Then the HTTP status code should be "201"
And user "sam" should exist
And user "sam" should have the role "User" assigned
Scenario: user is created with the default User role
When the user "admin" creates a new user with the following attributes using the Graph API:
| userName | sam |
| displayName | test user |
| email | new@example.org |
| password | 123 |
| accountEnabled | true |
Then the HTTP status code should be "201"
And user "sam" should exist
And user "sam" should have the role "User" assigned

88
tests/acceptance/features/apiGraphUserGroup/deleteGroup.feature Normal file
View File

@@ -0,0 +1,88 @@
Feature: delete groups
As an admin
I want to be able to delete groups
So that I can remove unnecessary groups
Background:
Given user "Alice" has been created with default attributes and without skeleton files
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
Scenario Outline: admin user deletes a group
Given group "<group_id>" has been created
When user "Alice" deletes group "<group_id>" using the Graph API
Then the HTTP status code should be "204"
And group "<group_id>" should not exist
Examples:
| group_id | comment |
| simplegroup | nothing special here |
| España§àôœ | special European and other characters |
| | Unicode group name |
| brand-new-group | dash |
| the.group | dot |
| left,right | comma |
| 0 | The "false" group |
| Finance (NP) | Space and brackets |
| Admin&Finance | Ampersand |
| admin:Pokhara@Nepal | Colon and @ |
| maint+eng | Plus sign |
| $x<=>[y*z^2]! | Maths symbols |
| Mgmt\Middle | Backslash |
| 😁 😂 | emoji |
| maintenance#123 | Hash sign |
| 50%25=0 | %25 literal looks like an escaped "%" |
| staff?group | Question mark |
| Mgmt/Sydney | Slash (special escaping happens) |
| Mgmt//NSW/Sydney | Multiple slash |
| priv/subadmins/1 | Subadmins mentioned not at the end |
| var/../etc | using slash-dot-dot |
@issue-5083
Scenario Outline: admin user deletes a group having % (as only special char) in its name
Given group "<group_id>" has been created
When user "Alice" deletes group "<group_id>" using the Graph API
Then the HTTP status code should be "204"
And group "<group_id>" should not exist
Examples:
| group_id | comment |
| 50%pass | Percent sign (special escaping happens) |
| 50%2Eagle | %2E literal looks like an escaped "." |
| 50%2Fix | %2F literal looks like an escaped slash |
@issue-5938
Scenario Outline: user other than the admin can't delete a group
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
And group "new-group" has been created
When user "Brian" tries to delete group "new-group" using the Graph API
Then the HTTP status code should be "403"
And group "new-group" should exist
Examples:
| role |
| Space Admin |
| User |
| User Light |
@issue-903
Scenario: deleted group should not be listed in the sharees list
Given group "grp1" has been created
And group "grp2" has been created
And user "Alice" has uploaded file with content "sample text" to "lorem.txt"
And user "Alice" has shared file "lorem.txt" with group "grp1"
And user "Alice" has shared file "lorem.txt" with group "grp2"
And group "grp1" has been deleted
When user "Alice" gets all the shares of the file "lorem.txt" using the sharing API
Then the HTTP status code should be "200"
And group "grp2" should be included in the response
But group "grp1" should not be included in the response
Scenario: user should not see share received via deleted group
Given user "Alice" has uploaded file with content "sample text" to "lorem.txt"
And user "Brian" has been created with default attributes and without skeleton files
And group "grp1" has been created
And user "Brian" has been added to group "grp1"
And user "Alice" has shared file "lorem.txt" with group "grp1"
When user "Alice" deletes group "grp1" using the Graph API
Then the HTTP status code should be "204"
And user "Brian" should not have any received shares

166
tests/acceptance/features/apiGraphUserGroup/deleteUser.feature Normal file
View File

@@ -0,0 +1,166 @@
Feature: delete user
As an admin
I want to be able to delete users
So that I can remove unnecessary users
Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production
See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839
Background:
Given user "Alice" has been created with default attributes and without skeleton files
Scenario Outline: admin user deletes a user
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And the user "Alice" has created a new user with the following attributes:
| userName | <userName> |
| displayName | <displayName> |
| email | <email> |
| password | <password> |
When the user "Alice" deletes a user "<userName>" using the Graph API
Then the HTTP status code should be "204"
And user "<userName>" should not exist
Examples:
| userName | displayName | email | password |
| SameDisplayName | Alice Hansen | new@example.org | containsCharacters(*:!;_+-&) |
| withoutPassSameEmail | without pass | alice@example.org | |
| name | pass with space | example@example.org | my pass |
Scenario: delete a user and specify the user name in different case
Given user "brand-new-user" has been created with default attributes and without skeleton files
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
When the user "Alice" deletes a user "Brand-New-User" using the Graph API
Then the HTTP status code should be "204"
And user "brand-new-user" should not exist
Scenario Outline: admin user deletes another user with different role
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
When the user "Alice" deletes a user "Brian" using the Graph API
Then the HTTP status code should be "204"
And user "Brian" should not exist
Examples:
| role |
| Admin |
| Space Admin |
| User |
| User Light |
Scenario: admin user tries to delete his/her own account
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
When the user "Alice" deletes a user "Alice" using the Graph API
Then the HTTP status code should be "403"
And user "Alice" should exist
Scenario Outline: non-admin user tries to delete his/her own account
Given the administrator has assigned the role "<role>" to user "Alice" using the Graph API
When the user "Alice" deletes a user "Alice" using the Graph API
Then the HTTP status code should be "401"
And user "Alice" should exist
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: admin user tries to delete a nonexistent user
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
When the user "Alice" tries to delete a nonexistent user using the Graph API
Then the HTTP status code should be "404"
Scenario Outline: non-admin user tries to delete a nonexistent user
Given the administrator has assigned the role "<role>" to user "Alice" using the Graph API
When the user "Alice" tries to delete a nonexistent user using the Graph API
Then the HTTP status code should be "401"
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario Outline: non-admin user tries to delete another user with different role
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
And the administrator has assigned the role "<userRole>" to user "Alice" using the Graph API
When the user "Alice" deletes a user "Brian" using the Graph API
Then the HTTP status code should be "401"
And user "Brian" should exist
Examples:
| userRole | role |
| Space Admin | Space Admin |
| Space Admin | User |
| Space Admin | User Light |
| Space Admin | Admin |
| User | Space Admin |
| User | User |
| User | User Light |
| User | Admin |
| User Light | Space Admin |
| User Light | User |
| User Light | User Light |
| User Light | Admin |
Scenario: admin user deletes a disabled user
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And user "Brian" has been created with default attributes and without skeleton files
And the user "Alice" has disabled user "Brian"
When the user "Alice" deletes a user "Brian" using the Graph API
Then the HTTP status code should be "204"
And user "Brian" should not exist
Scenario Outline: normal user tries to delete a disabled user
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And user "Brian" has been created with default attributes and without skeleton files
And user "Carol" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
And the administrator has assigned the role "<userRole>" to user "Carol" using the Graph API
And the user "Alice" has disabled user "Brian"
When the user "Carol" deletes a user "Brian" using the Graph API
Then the HTTP status code should be "401"
And user "Brian" should exist
Examples:
| userRole | role |
| Space Admin | Space Admin |
| Space Admin | User |
| Space Admin | User Light |
| Space Admin | Admin |
| User | Space Admin |
| User | User |
| User | User Light |
| User | Admin |
| User Light | Space Admin |
| User Light | User |
| User Light | User Light |
| User Light | Admin |
Scenario: personal space is deleted automatically when the user is deleted
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And user "Brian" has been created with default attributes and without skeleton files
When the user "Alice" deletes a user "Brian" using the Graph API
Then the HTTP status code should be "204"
When user "Alice" lists all spaces via the Graph API with query "$filter=driveType eq 'personal'"
Then the json responded should not contain a space with name "Brian Murphy"
Scenario: accepted share is deleted automatically when the user is deleted
Given the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And user "Brian" has been created with default attributes and without skeleton files
And user "Brian" has created a folder "new" in space "Brian Murphy"
And user "Brian" has created a share inside of space "Brian Murphy" with settings:
| path | new |
| shareWith | Alice |
| role | viewer |
When the user "Alice" deletes a user "Brian" using the Graph API
Then the HTTP status code should be "204"
And as "Alice" folder "Shares/new" should not exist

42
tests/acceptance/features/apiGraphUserGroup/editGroup.feature Normal file
View File

@@ -0,0 +1,42 @@
Feature: edit group name
As an admin
I want to be able to edit group name
So that I can manage group name
Background:
Given user "Alice" has been created with default attributes and without skeleton files
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
@issue-5977
Scenario Outline: admin user renames a group
Given group "<old_group>" has been created
When user "Alice" renames group "<old_group>" to "<new_group>" using the Graph API
Then the HTTP status code should be "204"
And group "<old_group>" should not exist
And group "<new_group>" should exist
Examples:
| old_group | new_group |
| grp1 | grp101 |
| grp1 | España§àôœ |
| grp1 | |
| grp1 | $x<=>[y*z^2]! |
| grp1 | staff?group |
| grp1 | 50%pass |
@issue-5938
Scenario Outline: user other than the admin can't rename a group
Given the administrator has assigned the role "<role>" to user "Alice" using the Graph API
And group "grp1" has been created
When user "Alice" tries to rename group "grp1" to "grp101" using the Graph API
Then the HTTP status code should be "403"
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: admin user tries to rename nonexistent group
When user "Alice" tries to rename a nonexistent group to "grp1" using the Graph API
Then the HTTP status code should be "404"
And group "grp1" should not exist

502
tests/acceptance/features/apiGraphUserGroup/editUser.feature Normal file
View File

@@ -0,0 +1,502 @@
Feature: edit user
As an admin
I want to be able to edit user information
So that I can manage users
Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production
See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839
Background:
Given user "Alice" has been created with default attributes and without skeleton files
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
And the user "Alice" has created a new user with the following attributes:
| userName | Brian |
| displayName | Brian Murphy |
| email | brian@example.com |
| password | 1234 |
Scenario Outline: admin user can edit another user's email
When the user "Alice" changes the email of user "Brian" to "<newEmail>" using the Graph API
Then the HTTP status code should be "<code>"
And the user information of "Brian" should match this JSON schema
"""
{
"type": "object",
"required": [
"mail"
],
"properties": {
"mail": {
"type": "string",
"enum": ["<emailAsResult>"]
}
}
}
"""
Examples:
| action description | newEmail | code | emailAsResult |
| change to a valid email | newemail@example.com | 200 | newemail@example.com |
| override existing mail | brian@example.com | 200 | brian@example.com |
| two users with same mail | alice@example.org | 200 | alice@example.org |
| empty mail | | 400 | brian@example.com |
| change to a invalid email | invalidEmail | 400 | brian@example.com |
@issue-7044
Scenario Outline: admin user can edit another user's name
Given user "Carol" has been created with default attributes and without skeleton files
When the user "Alice" changes the user name of user "Carol" to "<userName>" using the Graph API
Then the HTTP status code should be "<code>"
And the user information of "<newUserName>" should match this JSON schema
"""
{
"type": "object",
"required": [
"onPremisesSamAccountName"
],
"properties": {
"type": "string",
"onPremisesSamAccountName": {
"enum": ["<newUserName>"]
}
}
}
"""
Examples:
| action description | userName | code | newUserName |
| change to a valid user name | Lionel | 200 | Lionel |
| user name characters | a*!_+-& | 200 | a*!_+-& |
| change to existing user name | Brian | 409 | Brian |
| empty user name | | 400 | Brian |
Scenario: admin user changes the name of a user to the name of an existing disabled user
Given the user "Alice" has created a new user with the following attributes:
| userName | sam |
| displayName | sam |
| email | sam@example.com |
| password | 1234 |
And the user "Alice" has disabled user "Brian"
When the user "Alice" changes the user name of user "sam" to "Brian" using the Graph API
Then the HTTP status code should be "409"
And the user information of "sam" should match this JSON schema
"""
{
"type": "object",
"required": [
"onPremisesSamAccountName"
],
"properties": {
"onPremisesSamAccountName": {
"type": "string",
"enum": ["sam"]
}
}
}
"""
Scenario: admin user changes the name of a user to the name of a previously deleted user
Given the user "Alice" has created a new user with the following attributes:
| userName | sam |
| displayName | sam |
| email | sam@example.com |
| password | 1234 |
And the user "Alice" has deleted a user "sam"
When the user "Alice" changes the user name of user "Brian" to "sam" using the Graph API
Then the HTTP status code should be "200"
And the user information of "sam" should match this JSON schema
"""
{
"type": "object",
"required": [
"onPremisesSamAccountName"
],
"properties": {
"onPremisesSamAccountName": {
"type": "string",
"enum": ["sam"]
}
}
}
"""
Scenario Outline: normal user should not be able to change their email address
Given the administrator has assigned the role "<role>" to user "Brian" using the Graph API
When the user "Brian" tries to change the email of user "Brian" to "newemail@example.com" using the Graph API
Then the HTTP status code should be "401"
And the user information of "Brian" should match this JSON schema
"""
{
"type": "object",
"required": [
"mail"
],
"properties": {
"mail": {
"type": "string",
"enum": ["brian@example.com"]
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario Outline: normal user should not be able to edit another user's email
Given the administrator has assigned the role "<userRole>" to user "Brian" using the Graph API
And the user "Alice" has created a new user with the following attributes:
| userName | Carol |
| displayName | Carol King |
| email | carol@example.com |
| password | 1234 |
And the administrator has assigned the role "<role>" to user "Carol" using the Graph API
When the user "Brian" tries to change the email of user "Carol" to "newemail@example.com" using the Graph API
Then the HTTP status code should be "401"
And the user information of "Carol" should match this JSON schema
"""
{
"type": "object",
"required": [
"mail"
],
"properties": {
"mail": {
"type": "string",
"enum": ["carol@example.com"]
}
}
}
"""
Examples:
| userRole | role |
| Space Admin | Space Admin |
| Space Admin | User |
| Space Admin | User Light |
| Space Admin | Admin |
| User | Space Admin |
| User | User |
| User | User Light |
| User | Admin |
| User Light | Space Admin |
| User Light | User |
| User Light | User Light |
| User Light | Admin |
Scenario Outline: admin user can edit another user display name
When the user "Alice" changes the display name of user "Brian" to "<newDisplayName>" using the Graph API
Then the HTTP status code should be "200"
And the user information of "Brian" should match this JSON schema
"""
{
"type": "object",
"required": [
"displayName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["<displayNameAsResult>"]
}
}
}
"""
Examples:
| action description | newDisplayName | displayNameAsResult |
| change to a display name | Olaf Scholz | Olaf Scholz |
| override to existing display name | Carol King | Carol King |
| change to an empty display name | | Brian Murphy |
| displayName with characters | *:!;_+-&#(?) | *:!;_+-&#(?) |
Scenario Outline: normal user should not be able to change his/her own display name
Given the administrator has assigned the role "<role>" to user "Brian" using the Graph API
When the user "Brian" tries to change the display name of user "Brian" to "Brian Murphy" using the Graph API
Then the HTTP status code should be "401"
And the user information of "Alice" should match this JSON schema
"""
{
"type": "object",
"required": [
"displayName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Alice Hansen"]
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario Outline: normal user should not be able to edit another user's display name
Given the administrator has assigned the role "<userRole>" to user "Brian" using the Graph API
And the user "Alice" has created a new user with the following attributes:
| userName | Carol |
| displayName | Carol King |
| email | carol@example.com |
| password | 1234 |
And the administrator has assigned the role "<role>" to user "Carol" using the Graph API
When the user "Brian" tries to change the display name of user "Carol" to "Alice Hansen" using the Graph API
Then the HTTP status code should be "401"
And the user information of "Carol" should match this JSON schema
"""
{
"type": "object",
"required": [
"displayName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Carol King"]
}
}
}
"""
Examples:
| userRole | role |
| Space Admin | Space Admin |
| Space Admin | User |
| Space Admin | User Light |
| Space Admin | Admin |
| User | Space Admin |
| User | User |
| User | User Light |
| User | Admin |
| User Light | Space Admin |
| User Light | User |
| User Light | User Light |
| User Light | Admin |
Scenario: admin user resets password of another user
Given user "Brian" has uploaded file with content "test file for reset password" to "/resetpassword.txt"
When the user "Alice" resets the password of user "Brian" to "newpassword" using the Graph API
Then the HTTP status code should be "200"
And the content of file "resetpassword.txt" for user "Brian" using password "newpassword" should be "test file for reset password"
Scenario Outline: normal user should not be able to reset the password of another user
Given the administrator has assigned the role "<userRole>" to user "Brian" using the Graph API
And the user "Alice" has created a new user with the following attributes:
| userName | Carol |
| displayName | Carol King |
| email | carol@example.com |
| password | 1234 |
And the administrator has assigned the role "<role>" to user "Carol" using the Graph API
And user "Carol" has uploaded file with content "test file for reset password" to "/resetpassword.txt"
When the user "Brian" resets the password of user "Carol" to "newpassword" using the Graph API
Then the HTTP status code should be "401"
And the content of file "resetpassword.txt" for user "Carol" using password "1234" should be "test file for reset password"
But user "Carol" using password "newpassword" should not be able to download file "resetpassword.txt"
Examples:
| userRole | role |
| Space Admin | Space Admin |
| Space Admin | User |
| Space Admin | User Light |
| Space Admin | Admin |
| User | Space Admin |
| User | User |
| User | User Light |
| User | Admin |
| User Light | Space Admin |
| User Light | User |
| User Light | User Light |
| User Light | Admin |
Scenario: admin user disables another user
When the user "Alice" disables user "Brian" using the Graph API
Then the HTTP status code should be "200"
When user "Alice" gets information of user "Brian" using Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"displayName",
"id",
"mail",
"onPremisesSamAccountName",
"accountEnabled"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Brian Murphy"]
},
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["brian@example.com"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Brian"]
},
"accountEnabled": {
"type": "boolean",
"enum": [false]
}
}
}
"""
Scenario Outline: normal user should not be able to disable another user
Given user "Carol" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
When the user "Brian" tries to disable user "Carol" using the Graph API
Then the HTTP status code should be "401"
When user "Alice" gets information of user "Carol" using Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"displayName",
"id",
"mail",
"onPremisesSamAccountName",
"accountEnabled"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Carol King"]
},
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["carol@example.org"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Carol"]
},
"accountEnabled": {
"type": "boolean",
"enum": [true]
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: admin user enables disabled user
Given the user "Alice" has disabled user "Brian"
When the user "Alice" enables user "Brian" using the Graph API
Then the HTTP status code should be "200"
When user "Alice" gets information of user "Brian" using Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"displayName",
"id",
"mail",
"onPremisesSamAccountName",
"accountEnabled"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Brian Murphy"]
},
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["brian@example.com"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Brian"]
},
"accountEnabled": {
"type": "boolean",
"enum": [true]
}
}
}
"""
Scenario Outline: normal user should not be able to enable another user
Given user "Carol" has been created with default attributes and without skeleton files
And the user "Alice" has disabled user "Carol"
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
When the user "Brian" tries to enable user "Carol" using the Graph API
Then the HTTP status code should be "401"
When user "Alice" gets information of user "Carol" using Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"displayName",
"id",
"mail",
"onPremisesSamAccountName",
"accountEnabled"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Carol King"]
},
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["carol@example.org"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Carol"]
},
"accountEnabled": {
"type": "boolean",
"enum": [false]
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |

568
tests/acceptance/features/apiGraphUserGroup/getGroup.feature Normal file
View File

@@ -0,0 +1,568 @@
Feature: get groups and their members
As an admin
I want to be able to get groups
So that I can see all the groups and their members
Background:
Given user "Alice" has been created with default attributes and without skeleton files
And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
Scenario: admin user lists all the groups
Given group "tea-lover" has been created
And group "coffee-lover" has been created
And group "h2o-lover" has been created
When user "Alice" gets all the groups using the Graph API
Then the HTTP status code should be "200"
And the extra groups returned by the API should be
| tea-lover |
| coffee-lover |
| h2o-lover |
@issue-5938
Scenario Outline: user other than the admin shouldn't get the groups list
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
And group "tea-lover" has been created
And group "coffee-lover" has been created
And group "h2o-lover" has been created
When user "Brian" gets all the groups using the Graph API
Then the HTTP status code should be "403"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string",
"enum": ["search term too short"]
}
}
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: admin user gets users of a group
Given these users have been created with default attributes and without skeleton files:
| username |
| Brian |
| Carol |
And group "tea-lover" has been created
And user "Brian" has been added to group "tea-lover"
And user "Carol" has been added to group "tea-lover"
When user "Alice" gets all the members of group "tea-lover" using the Graph API
Then the HTTP status code should be "200"
And the users returned by the API should be
| Brian |
| Carol |
@issue-5938
Scenario Outline: user other than the admin shouldn't get users of a group
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
And group "tea-lover" has been created
When user "Brian" gets all the members of group "tea-lover" using the Graph API
Then the HTTP status code should be "403"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string",
"enum": ["Unauthorized"]
}
}
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: admin user gets all groups along with its member's information
Given these users have been created with default attributes and without skeleton files:
| username |
| Brian |
| Carol |
And group "tea-lover" has been created
And group "coffee-lover" has been created
And user "Alice" has been added to group "tea-lover"
And user "Brian" has been added to group "coffee-lover"
And user "Carol" has been added to group "tea-lover"
When user "Alice" retrieves all groups along with their members using the Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should contain the group "coffee-lover" in the item 'value', the group-details should match
"""
{
"type": "object",
"required": [
"members"
],
"properties": {
"members": {
"type": "array",
"items": [
{
"type": "object",
"required": [
"displayName",
"id",
"mail",
"onPremisesSamAccountName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Brian Murphy"]
},
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["brian@example.org"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Brian"]
}
}
}
]
}
}
}
"""
And the JSON data of the response should contain the group "tea-lover" in the item 'value', the group-details should match
"""
{
"type": "object",
"required": [
"members"
],
"properties": {
"members": {
"type": "array",
"items": [
{
"type": "object",
"required": [
"displayName",
"id",
"mail",
"onPremisesSamAccountName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Alice Hansen"]
},
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["alice@example.org"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Alice"]
}
}
},
{
"type": "object",
"required": [
"displayName",
"id",
"mail",
"onPremisesSamAccountName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Carol King"]
},
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["carol@example.org"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Carol"]
}
}
}
]
}
}
}
"""
@issue-5938
Scenario Outline: user other than the admin shouldn't get all groups along with its member's information
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
And group "tea-lover" has been created
And group "coffee-lover" has been created
And user "Alice" has been added to group "tea-lover"
And user "Brian" has been added to group "coffee-lover"
When user "Brian" retrieves all groups along with their members using the Graph API
Then the HTTP status code should be "403"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string",
"enum": ["search term too short"]
}
}
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: admin user gets a group along with its member's information
Given user "Brian" has been created with default attributes and without skeleton files
And group "tea-lover" has been created
And user "Alice" has been added to group "tea-lover"
And user "Brian" has been added to group "tea-lover"
When user "Alice" gets all the members information of group "tea-lover" using the Graph API
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"members"
],
"properties": {
"members": {
"type": "array",
"items": [
{
"type": "object",
"required": [
"displayName",
"id",
"mail",
"onPremisesSamAccountName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Alice Hansen"]
},
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["alice@example.org"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Alice"]
}
}
},
{
"type": "object",
"required": [
"displayName",
"id",
"mail",
"onPremisesSamAccountName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["Brian Murphy"]
},
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["brian@example.org"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Brian"]
}
}
}
]
}
}
}
"""
@issue-5604
Scenario Outline: user other than the admin gets a group along with its member's information
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
And group "tea-lover" has been created
And user "Alice" has been added to group "tea-lover"
And user "Brian" has been added to group "tea-lover"
When user "Brian" gets all the members information of group "tea-lover" using the Graph API
Then the HTTP status code should be "403"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string",
"enum": ["Unauthorized"]
}
}
}
}
}
"""
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: get details of a group
Given group "tea-lover" has been created
When user "Alice" gets details of the group "tea-lover" using the Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"displayName",
"id"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["tea-lover"]
},
"id": {
"type": "string",
"pattern": "^%group_id_pattern%$"
}
}
}
"""
Scenario Outline: get details of group with UTF-8 characters name
Given group "<group>" has been created
When user "Alice" gets details of the group "<group>" using the Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"displayName",
"id"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["<group>"]
},
"id": {
"type": "string",
"pattern": "^%group_id_pattern%$"
}
}
}
"""
Examples:
| group |
| España§àôœ |
| |
| $x<=>[y*z^2+1]! |
| եòɴԪ˯ΗՐΛɔπ |
Scenario: admin user tries to get group information of non-existing group
When user "Alice" gets details of the group "non-existing" using the Graph API
Then the HTTP status code should be "404"
Scenario Outline: non-admin user search for a group by group name
Given these users have been created with default attributes and without skeleton files:
| username |
| Brian |
And group "tea-lover" has been created
When user "Brian" searches for group "<group>" using Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"value"
],
"properties": {
"value": {
"type": "array",
"required": [
"displayName",
"id",
"groupTypes"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["tea-lover"]
},
"id": {
"type": "string",
"pattern": "%group_id_pattern%"
},
"groupTypes": {
"type": "array",
"enum": []
}
}
}
}
}
"""
Examples:
| group |
| tea |
| %22tea-%22 |
Scenario: non-admin user tries to search for a group by group name with less than 3 characters
Given these users have been created with default attributes and without skeleton files:
| username |
| Brian |
And group "tea-lover" has been created
When user "Brian" tries to search for group "te" using Graph API
Then the HTTP status code should be "403"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "object",
"required": [
"message"
],
"properties": {
"message":{
"type": "string",
"enum": ["search term too short"]
}
}
}
}
}
"""
@issue-7990
Scenario Outline: non-admin user tries to search for a group by group name with invalid characters/token
Given these users have been created with default attributes and without skeleton files:
| username |
| Brian |
And group "<group>" has been created
When user "Brian" tries to search for group "<group>" using Graph API
Then the HTTP status code should be "400"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string",
"enum": ["Token '<token>' is invalid"]
}
}
}
}
}
"""
Examples:
| group | token |
| tea-lovers | -lovers |
| tea@lovers | @lovers |

1445
tests/acceptance/features/apiGraphUserGroup/getUser.feature Normal file
View File

File diff suppressed because it is too large Load Diff

100
tests/acceptance/features/apiGraphUserGroup/getUserOwnInformation.feature Normal file
View File

@@ -0,0 +1,100 @@
Feature: get user's own information
As user
I want to be able to retrieve my own information
So that I can see my information
Background:
Given user "Alice" has been created with default attributes and without skeleton files
Scenario: user gets his/her own information with no group involvement
When the user "Alice" retrieves her information using the Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"id",
"mail",
"onPremisesSamAccountName"
],
"properties": {
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["alice@example.org"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Alice"]
}
}
}
"""
Scenario: user gets his/her own information with group involvement
Given group "tea-lover" has been created
And group "coffee-lover" has been created
And user "Alice" has been added to group "tea-lover"
And user "Alice" has been added to group "coffee-lover"
When the user "Alice" retrieves her information using the Graph API
Then the HTTP status code should be "200"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"id",
"mail",
"onPremisesSamAccountName"
],
"properties": {
"id" : {
"type": "string",
"pattern": "^%user_id_pattern%$"
},
"mail": {
"type": "string",
"enum": ["alice@example.org"]
},
"onPremisesSamAccountName": {
"type": "string",
"enum": ["Alice"]
},
"memberOf": {
"type": "array",
"items": [
{
"type": "object",
"required": [
"displayName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["tea-lover"]
}
}
},
{
"type": "object",
"required": [
"displayName"
],
"properties": {
"displayName": {
"type": "string",
"enum": ["coffee-lover"]
}
}
}
]
}
}
}
"""

212
tests/acceptance/features/apiGraphUserGroup/removeUserFromGroup.feature Normal file
View File

@@ -0,0 +1,212 @@
Feature: remove a user from a group
As an admin
I want to be able to remove a user from a group
So that I can manage user access to group resources
Background:
Given user "Alice" has been created with default attributes and without skeleton files
Scenario: admin removes a user from a group
Given these groups have been created:
| groupname | comment |
| brand-new-group | nothing special here |
| España§àôœ | special European and other characters |
| | Unicode group name |
And the following users have been added to the following groups
| username | groupname |
| Alice | brand-new-group |
| Alice | España§àôœ |
| Alice | |
When the administrator removes the following users from the following groups using the Graph API
| username | groupname |
| Alice | brand-new-group |
| Alice | España§àôœ |
| Alice | |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should not belong to the following groups
| username | groupname |
| Alice | brand-new-group |
| Alice | España§àôœ |
| Alice | |
Scenario: admin removes a user from a group with special characters
Given these groups have been created:
| groupname | comment |
| brand-new-group | dash |
| the.group | dot |
| left,right | comma |
| 0 | The "false" group |
| Finance (NP) | Space and brackets |
| Admin&Finance | Ampersand |
| admin:Pokhara@Nepal | Colon and @ |
| maint+eng | Plus sign |
| $x<=>[y*z^2]! | Maths symbols |
| Mgmt\Middle | Backslash |
| 😁 😂 | emoji |
And the following users have been added to the following groups
| username | groupname |
| Alice | brand-new-group |
| Alice | the.group |
| Alice | left,right |
| Alice | 0 |
| Alice | Finance (NP) |
| Alice | Admin&Finance |
| Alice | admin:Pokhara@Nepal |
| Alice | maint+eng |
| Alice | $x<=>[y*z^2]! |
| Alice | Mgmt\Middle |
| Alice | 😁 😂 |
When the administrator removes the following users from the following groups using the Graph API
| username | groupname |
| Alice | brand-new-group |
| Alice | the.group |
| Alice | left,right |
| Alice | 0 |
| Alice | Finance (NP) |
| Alice | Admin&Finance |
| Alice | admin:Pokhara@Nepal |
| Alice | maint+eng |
| Alice | $x<=>[y*z^2]! |
| Alice | Mgmt\Middle |
| Alice | 😁 😂 |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should not belong to the following groups
| username | groupname |
| Alice | brand-new-group |
| Alice | the.group |
| Alice | left,right |
| Alice | 0 |
| Alice | Finance (NP) |
| Alice | Admin&Finance |
| Alice | admin:Pokhara@Nepal |
| Alice | maint+eng |
| Alice | $x<=>[y*z^2]! |
| Alice | Mgmt\Middle |
| Alice | 😁 😂 |
Scenario: admin removes a user from a group having % and # in their names
Given these groups have been created:
| groupname | comment |
| maintenance#123 | Hash sign |
| 50%25=0 | %25 literal looks like an escaped "%" |
| staff?group | Question mark |
| 50%pass | Percent sign (special escaping happens) |
| 50%2Eagle | %2E literal looks like an escaped "." |
| 50%2Fix | %2F literal looks like an escaped slash |
And the following users have been added to the following groups
| username | groupname |
| Alice | maintenance#123 |
| Alice | 50%25=0 |
| Alice | staff?group |
| Alice | 50%pass |
| Alice | 50%2Eagle |
| Alice | 50%2Fix |
When the administrator removes the following users from the following groups using the Graph API
| username | groupname |
| Alice | maintenance#123 |
| Alice | 50%25=0 |
| Alice | staff?group |
| Alice | 50%pass |
| Alice | 50%2Eagle |
| Alice | 50%2Fix |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should not belong to the following groups
| username | groupname |
| Alice | maintenance#123 |
| Alice | 50%25=0 |
| Alice | staff?group |
| Alice | 50%pass |
| Alice | 50%2Eagle |
| Alice | 50%2Fix |
Scenario: admin removes a user from a group that has forward-slash(s) in the group name
Given these groups have been created:
| groupname | comment |
| Mgmt/Sydney | Slash (special escaping happens) |
| Mgmt//NSW/Sydney | Multiple slash |
| priv/subadmins/1 | Subadmins mentioned not at the end |
| var/../etc | using slash-dot-dot |
And the following users have been added to the following groups
| username | groupname |
| Alice | Mgmt/Sydney |
| Alice | Mgmt//NSW/Sydney |
| Alice | priv/subadmins/1 |
| Alice | var/../etc |
When the administrator removes the following users from the following groups using the Graph API
| username | groupname |
| Alice | Mgmt/Sydney |
| Alice | Mgmt//NSW/Sydney |
| Alice | priv/subadmins/1 |
| Alice | var/../etc |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should not belong to the following groups
| username | groupname |
| Alice | Mgmt/Sydney |
| Alice | Mgmt//NSW/Sydney |
| Alice | priv/subadmins/1 |
| Alice | var/../etc |
Scenario: admin tries to remove a user from a nonexistent group
When the administrator tries to remove user "Alice" from a nonexistent group using the Graph API
Then the HTTP status code should be "404"
@issue-5938
Scenario Outline: user other than the admin can't remove a user from their group
Given user "Brian" has been created with default attributes and without skeleton files
And the administrator has assigned the role "<role>" to user "Brian" using the Graph API
And group "grp1" has been created
And user "Alice" has been added to group "grp1"
And user "Brian" has been added to group "grp1"
When user "Alice" tries to remove user "Brian" from group "grp1" using the Graph API
Then the HTTP status code should be "403"
And the JSON data of the response should match
"""
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string",
"enum": ["Unauthorized"]
}
}
}
}
}
"""
And user "Brian" should belong to group "grp1"
Examples:
| role |
| Space Admin |
| User |
| User Light |
Scenario: admin removes a disabled user from a group
Given these groups have been created:
| groupname | comment |
| brand-new-group | nothing special here |
And the following users have been added to the following groups
| username | groupname |
| Alice | brand-new-group |
And the user "Admin" has disabled user "Alice"
When the administrator removes the following users from the following groups using the Graph API
| username | groupname |
| Alice | brand-new-group |
Then the HTTP status code of responses on all endpoints should be "204"
And the following users should not belong to the following groups
| username | groupname |
| Alice | brand-new-group |