diff --git a/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsDELETEAuth.feature b/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsDELETEAuth.feature index 8be10830f..ce20879ac 100644 --- a/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsDELETEAuth.feature +++ b/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsDELETEAuth.feature @@ -1,8 +1,8 @@ -@api +@api @issue-ocis-ocs-26 +# after fixing all issues delete these Scenarios and use the one from oC10 core + Feature: auth - @issue-ocis-reva-30 @issue-ocis-reva-65 - # after fixing all issues delete this Scenario and use the one from oC10 core Scenario: send DELETE requests to OCS endpoints as admin with wrong password When the administrator requests these endpoints with "DELETE" using password "invalid" about user "Alice" | endpoint | @@ -17,11 +17,36 @@ Feature: auth | /ocs/v2.php/cloud/apps/testing | | /ocs/v1.php/cloud/groups/group1 | | /ocs/v2.php/cloud/groups/group1 | - | /ocs/v1.php/cloud/users/%username% | - | /ocs/v2.php/cloud/users/%username% | - | /ocs/v1.php/cloud/users/%username%/groups | - | /ocs/v2.php/cloud/users/%username%/groups | - | /ocs/v1.php/cloud/users/%username%/subadmins | - | /ocs/v2.php/cloud/users/%username%/subadmins | Then the HTTP status code of responses on all endpoints should be "401" And the OCS status code of responses on all endpoints should be "notset" + + Scenario: send DELETE requests to OCS endpoints as admin with wrong password + When the administrator requests these endpoints with "DELETE" using password "invalid" about user "Alice" + | endpoint | + | /ocs/v1.php/cloud/users/%username% | + | /ocs/v2.php/cloud/users/%username% | + | /ocs/v1.php/cloud/users/%username%/subadmins | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "998" + + Scenario: send DELETE requests to OCS endpoints as admin with wrong password + When the administrator requests these endpoints with "DELETE" using password "invalid" about user "Alice" + | endpoint | + | /ocs/v1.php/cloud/users/%username%/groups | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "996" + + Scenario: send DELETE requests to OCS endpoints as admin with wrong password + When the administrator requests these endpoints with "DELETE" using password "invalid" about user "Alice" + | endpoint | + | /ocs/v2.php/cloud/users/%username%/groups | + Then the HTTP status code of responses on all endpoints should be "500" + And the OCS status code of responses on all endpoints should be "996" + + Scenario: send DELETE requests to OCS endpoints as admin with wrong password + When the administrator requests these endpoints with "DELETE" using password "invalid" about user "Alice" + | endpoint | + | /ocs/v2.php/cloud/users/%username% | + | /ocs/v2.php/cloud/users/%username%/subadmins | + Then the HTTP status code of responses on all endpoints should be "404" + And the OCS status code of responses on all endpoints should be "998" diff --git a/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature b/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature index d48ec88c0..3a4d60a79 100644 --- a/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature +++ b/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature @@ -22,8 +22,6 @@ Feature: auth | /ocs/v2.php/cloud/apps | | /ocs/v1.php/cloud/groups | | /ocs/v2.php/cloud/groups | - | /ocs/v1.php/cloud/users | - | /ocs/v2.php/cloud/users | | /ocs/v1.php/config | | /ocs/v2.php/config | | /ocs/v1.php/privatedata/getattribute | @@ -31,6 +29,21 @@ Feature: auth Then the HTTP status code of responses on all endpoints should be "401" And the OCS status code of responses on all endpoints should be "notset" + @issue-ocis-ocs-26 + # after fixing all issues delete this Scenario and use the one from oC10 core + Scenario: using OCS anonymously + When a user requests these endpoints with "GET" and no authentication + | endpoint | + | /ocs/v1.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When a user requests these endpoints with "GET" and no authentication + | endpoint | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" + + @issue-ocis-reva-11 @issue-ocis-reva-30 @issue-ocis-reva-31 @@ -72,12 +85,12 @@ Feature: auth | endpoint | | /ocs/v1.php/cloud/users | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "403" + And the OCS status code of responses on all endpoints should be "100" When the user "Alice" requests these endpoints with "GET" with basic auth | endpoint | | /ocs/v2.php/cloud/users | - Then the HTTP status code of responses on all endpoints should be "403" - And the OCS status code of responses on all endpoints should be "403" + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" When the user "Alice" requests these endpoints with "GET" with basic auth | endpoint | | /ocs/v2.php/config | @@ -86,8 +99,9 @@ Feature: auth @issue-ocis-reva-29 @issue-ocis-reva-30 + @issue-ocis-accounts-73 # after fixing all issues delete this Scenario and use the one from oC10 core - Scenario: using OCS as normal user with wrong password + Scenario: using OCS as normal user (username has a capital letter) with wrong password When user "Alice" requests these endpoints with "GET" using password "invalid" | endpoint | | /ocs/v1.php/apps/files_external/api/v1/mounts | @@ -102,11 +116,77 @@ Feature: auth | /ocs/v2.php/cloud/apps | | /ocs/v1.php/cloud/groups | | /ocs/v2.php/cloud/groups | - | /ocs/v1.php/cloud/users | - | /ocs/v2.php/cloud/users | | /ocs/v1.php/config | | /ocs/v2.php/config | | /ocs/v1.php/privatedata/getattribute | | /ocs/v2.php/privatedata/getattribute | Then the HTTP status code of responses on all endpoints should be "401" And the OCS status code of responses on all endpoints should be "notset" + + @issue-ocis-reva-29 + @issue-ocis-reva-30 + @issue-ocis-accounts-73 + @issue-ocis-ocs-26 + @smokeTest + #after fixing all issues delete this Scenario and use the one above + Scenario: using OCS as normal user (username has a capital letter) with wrong password + When user "Alice" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v1.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When user "Alice" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200" + + @skipOnOcV10 + @issue-ocis-reva-29 + @issue-ocis-reva-30 + @issue-ocis-accounts-73 + @issue-ocis-ocs-26 + @smokeTest + #after fixing all issues delete this Scenario and use the one above + Scenario: using OCS as normal user (username does not have a capital letter) with wrong password + Given user "brian" has been created with default attributes and skeleton files + When user "brian" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v1.php/apps/files_external/api/v1/mounts | + | /ocs/v2.php/apps/files_external/api/v1/mounts | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares | + | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | + | /ocs/v1.php/apps/files_sharing/api/v1/shares | + | /ocs/v2.php/apps/files_sharing/api/v1/shares | + | /ocs/v1.php/cloud/apps | + | /ocs/v2.php/cloud/apps | + | /ocs/v1.php/cloud/groups | + | /ocs/v2.php/cloud/groups | + | /ocs/v1.php/config | + | /ocs/v2.php/config | + | /ocs/v1.php/privatedata/getattribute | + | /ocs/v2.php/privatedata/getattribute | + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "notset" + + @skipOnOcV10 + @issue-ocis-reva-29 + @issue-ocis-reva-30 + @issue-ocis-accounts-73 + @issue-ocis-ocs-26 + @smokeTest + #after fixing all issues delete this Scenario and use the one above + Scenario: using OCS as normal user (username does not have a capital letter) with wrong password + Given user "brian" has been created with default attributes and skeleton files + When user "brian" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v1.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "100" + When user "brian" requests these endpoints with "GET" using password "invalid" + | endpoint | + | /ocs/v2.php/cloud/users | + Then the HTTP status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "200"