From 7f85df579c7b98bdf41353f076ae548da41f185d Mon Sep 17 00:00:00 2001 From: Sagar Gurung <46086950+SagarGi@users.noreply.github.com> Date: Thu, 18 Jan 2024 16:45:12 +0545 Subject: [PATCH] [tests-only][full-ci]Added test for banned password to create public link (#8194) * Added test for banned password to create public link Signed-off-by: sagargurung1001@gmail.com * review address Signed-off-by: sagargurung1001@gmail.com --------- Signed-off-by: sagargurung1001@gmail.com --- .../features/apiSharingNg/linkShare.feature | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) diff --git a/tests/acceptance/features/apiSharingNg/linkShare.feature b/tests/acceptance/features/apiSharingNg/linkShare.feature index ee822f4f27..b7259c17a9 100644 --- a/tests/acceptance/features/apiSharingNg/linkShare.feature +++ b/tests/acceptance/features/apiSharingNg/linkShare.feature @@ -592,3 +592,103 @@ Feature: Create a share link for a resource """ And the public should be able to download file "textfile1.txt" from the last link share with password "%public%" and the content should be "other data" And the public download of file "textfile1.txt" from the last link share with password "$heLlo*1234*" should fail with HTTP status code "401" using shareNg + + + Scenario Outline: create a file's link share with a password that is listed in the Banned-Password-List + Given the config "OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST" has been set to path "config/drone/banned-password-list.txt" + And user "Alice" has uploaded file with content "other data" to "text.txt" + When user "Alice" creates the following link share using the Graph API: + | resourceType | file | + | resource | text.txt | + | space | Personal | + | permissionsRole | view | + | password | | + Then the HTTP status code should be "400" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "error" + ], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "message" + ], + "properties": { + "code": { + "type": "string", + "pattern": "invalidRequest" + }, + "message": { + "type": "string", + "enum": [ + "unfortunately, your password is commonly used. please pick a harder-to-guess password for your safety" + ] + } + } + } + } + } + """ + Examples: + | banned-password | + | 123 | + | password | + | ownCloud | + + + Scenario Outline: update a file's link share with a password that is listed in the Banned-Password-List + Given the config "OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST" has been set to path "config/drone/banned-password-list.txt" + And user "Alice" has uploaded file with content "other data" to "text.txt" + And user "Alice" has created the following link share: + | resourceType | file | + | resource | text.txt | + | space | Personal | + | permissionsRole | view | + | password | %public% | + When user "Alice" sets the following password for the last link share using the Graph API: + | resourceType | file | + | resource | text.txt | + | space | Personal | + | permissionsRole | view | + | password | | + Then the HTTP status code should be "400" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "error" + ], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "message" + ], + "properties": { + "code": { + "type": "string", + "pattern": "invalidRequest" + }, + "message": { + "type": "string", + "enum": [ + "unfortunately, your password is commonly used. please pick a harder-to-guess password for your safety" + ] + } + } + } + } + } + """ + Examples: + | banned-password | + | 123 | + | password | + | ownCloud |