From 9a2cd49dcafacdc54489199a255784d248509b3c Mon Sep 17 00:00:00 2001 From: Sabin Panta <64484313+S-Panta@users.noreply.github.com> Date: Wed, 29 May 2024 16:06:26 +0545 Subject: [PATCH] [tests-only][full-ci] adding test for creating link space share via permission endpoint (#9250) * adding test for creating link space share via permission endpoint * addressing the reviews --- ...ected-failures-localAPI-on-OCIS-storage.md | 6 + .../apiSharingNgLinkShare/linkShare.feature | 501 ++++++++++++++++++ .../features/bootstrap/SharingNgContext.php | 28 +- 3 files changed, 532 insertions(+), 3 deletions(-) diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index 0b26f91ac0..cfc16c508c 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -262,6 +262,12 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiSharingNgLinkShare/linkShare.feature:2101](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature#L2101) - [apiSharingNgLinkShare/linkShare.feature:2168](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature#L2168) - [apiSharingNgLinkShare/linkShare.feature:2239](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature#L2239) +- [apiSharingNgLinkShare/linkShare.feature:2420](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature#L2420) +- [apiSharingNgLinkShare/linkShare.feature:2679](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature#L2679) +- [apiSharingNgLinkShare/linkShare.feature:2733](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature#L2733) +- [apiSharingNgLinkShare/linkShare.feature:2734](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature#L2734) +- [apiSharingNgLinkShare/linkShare.feature:2735](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature#L2735) +- [apiSharingNgLinkShare/linkShare.feature:2803](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature#L2803) - [apiSharingNg/removeAccessToDriveItem.feature:125](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNg/removeAccessToDriveItem.feature#L125) - [apiSharingNg/removeAccessToDriveItem.feature:141](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNg/removeAccessToDriveItem.feature#L141) - [apiSharingNg/removeAccessToDriveItem.feature:161](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSharingNg/removeAccessToDriveItem.feature#L161) diff --git a/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature b/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature index f0b894ef73..cd23a5521d 100644 --- a/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature +++ b/tests/acceptance/features/apiSharingNgLinkShare/linkShare.feature @@ -2300,3 +2300,504 @@ Feature: Create a share link for a resource """ And the public should be able to download file "textfile.txt" from the last link share with password "%public%" and the content should be "to share" And the public download of file "textfile.txt" from the last link share with password "$heLlo*1234*" should fail with HTTP status code "401" using shareNg + + @issue-7879 + Scenario Outline: try to create a link share of a Personal and Shares drives using permissions endpoint + When user "Alice" tries to create the following space link share using permissions endpoint of the Graph API: + | space | | + | permissionsRole | | + | password | %public% | + Then the HTTP status code should be "400" + And the JSON data of the response should match + """ + { + "type": "object", + "required": ["error"], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "innererror", + "message" + ], + "properties": { + "code": { + "const": "invalidRequest" + }, + "innererror": { + "type": "object", + "required": [ + "date", + "request-id" + ] + }, + "message": { + "const": "" + } + } + } + } + } + """ + Examples: + | permissions-role | drive | message | + | view | Shares | no share permission | + | edit | Shares | no share permission | + | upload | Shares | no share permission | + | createOnly | Shares | no share permission | + | blocksDownload | Shares | invalid link type | + | view | Personal | cannot create link on personal space root | + | edit | Personal | cannot create link on personal space root | + | upload | Personal | cannot create link on personal space root | + | createOnly | Personal | cannot create link on personal space root | + | blocksDownload | Personal | invalid link type | + + @issue-7879 + Scenario Outline: create a link share of a project-space drive using permissions endpoint + Given using spaces DAV path + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "projectSpace" with the default quota using the Graph API + When user "Alice" creates the following space link share using permissions endpoint of the Graph API: + | space | projectSpace | + | permissionsRole | | + | password | %public% | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "hasPassword", + "id", + "link" + ], + "properties": { + "hasPassword": { + "const": true + }, + "id": { + "type": "string", + "pattern": "^[a-zA-Z]{15}$" + }, + "link": { + "type": "object", + "required": [ + "@libre.graph.displayName", + "@libre.graph.quickLink", + "preventsDownload", + "type", + "webUrl" + ], + "properties": { + "@libre.graph.displayName": { + "const": "" + }, + "@libre.graph.quickLink": { + "const": false + }, + "preventsDownload": { + "const": false + }, + "type": { + "const": "" + }, + "webUrl": { + "type": "string", + "pattern": "^%base_url%/s/[a-zA-Z]{15}$" + } + } + } + } + } + """ + Examples: + | permissions-role | + | view | + | edit | + | upload | + | createOnly | + | blocksDownload | + + + Scenario Outline: try to create an internal link share of a Personal and Shares drives using permissions endpoint + When user "Alice" tries to create the following space link share using permissions endpoint of the Graph API: + | space | | + | permissionsRole | internal | + Then the HTTP status code should be "400" + And the JSON data of the response should match + """ + { + "type": "object", + "required": ["error"], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "innererror", + "message" + ], + "properties": { + "code": { + "const": "invalidRequest" + }, + "innererror": { + "type": "object", + "required": [ + "date", + "request-id" + ] + }, + "message": { + "const": "" + } + } + } + } + } + """ + Examples: + | drive | message | + | Personal | cannot create link on personal space root | + | Shares | no share permission | + + + Scenario Outline: try to create an internal link share with password of a Personal and Shares drives using permissions endpoint + When user "Alice" tries to create the following space link share using permissions endpoint of the Graph API: + | space | | + | permissionsRole | internal | + | password | %public% | + Then the HTTP status code should be "400" + And the JSON data of the response should match + """ + { + "type": "object", + "required": ["error"], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "innererror", + "message" + ], + "properties": { + "code": { + "const": "invalidRequest" + }, + "innererror": { + "type": "object", + "required": [ + "date", + "request-id" + ] + }, + "message": { + "const": "password is redundant for the internal link" + } + } + } + } + } + """ + Examples: + | drive | + | Personal | + | Shares | + + + Scenario: create an internal link share of a project-space using permissions endpoint + Given using spaces DAV path + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "projectSpace" with the default quota using the Graph API + When user "Alice" creates the following space link share using permissions endpoint of the Graph API: + | space | projectSpace | + | permissionsRole | internal | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "hasPassword", + "id", + "link" + ], + "properties": { + "hasPassword": { + "const": false + }, + "id": { + "pattern": "^[a-zA-Z]{15}$" + }, + "link": { + "type": "object", + "required": [ + "@libre.graph.displayName", + "@libre.graph.quickLink", + "preventsDownload", + "type", + "webUrl" + ], + "properties": { + "@libre.graph.displayName": { + "const": "" + }, + "@libre.graph.quickLink": { + "const": false + }, + "preventsDownload": { + "const": false + }, + "type": { + "const": "internal" + }, + "webUrl": { + "type": "string", + "pattern": "^%base_url%/s/[a-zA-Z]{15}$" + } + } + } + } + } + """ + + + Scenario: try to create an internal link share of a project-space with password using permissions endpoint + Given using spaces DAV path + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "projectSpace" with the default quota using the Graph API + When user "Alice" creates the following space link share using permissions endpoint of the Graph API: + | space | projectSpace | + | permissionsRole | internal | + | password | %public% | + Then the HTTP status code should be "400" + And the JSON data of the response should match + """ + { + "type": "object", + "required": ["error"], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "innererror", + "message" + ], + "properties": { + "code": { + "const": "invalidRequest" + }, + "innererror": { + "type": "object", + "required": [ + "date", + "request-id" + ] + }, + "message": { + "const": "password is redundant for the internal link" + } + } + } + } + } + """ + + + Scenario Outline: create a link share of a project-space with display name and expiry date using permissions endpoint + Given using spaces DAV path + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "projectSpace" with the default quota using the Graph API + When user "Alice" creates the following space link share using permissions endpoint of the Graph API: + | space | projectSpace | + | permissionsRole | | + | password | %public% | + | displayName | Homework | + | expirationDateTime | 2200-07-15T14:00:00.000Z | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "hasPassword", + "id", + "link", + "expirationDateTime" + ], + "properties": { + "hasPassword": { + "const": true + }, + "id": { + "type": "string", + "pattern": "^[a-zA-Z]{15}$" + }, + "expirationDateTime": { + "const": "2200-07-15T23:59:59Z" + }, + "link": { + "type": "object", + "required": [ + "@libre.graph.displayName", + "@libre.graph.quickLink", + "preventsDownload", + "type", + "webUrl" + ], + "properties": { + "@libre.graph.displayName": { + "const": "Homework" + }, + "@libre.graph.quickLink": { + "const": false + }, + "preventsDownload": { + "const": false + }, + "type": { + "const": "" + }, + "webUrl": { + "type": "string", + "pattern": "^%base_url%/s/[a-zA-Z]{15}$" + } + } + } + } + } + """ + Examples: + | permissions-role | + | view | + | edit | + | upload | + | createOnly | + | blocksDownload | + + + Scenario Outline: try to create a link share of a project-space with a password that is listed in the Banned-Password-List using permissions endpoint + Given the config "OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST" has been set to path "config/drone/banned-password-list.txt" + And using spaces DAV path + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "projectSpace" with the default quota using the Graph API + When user "Alice" creates the following space link share using permissions endpoint of the Graph API: + | space | projectSpace | + | permissionsRole | | + | password | | + Then the HTTP status code should be "400" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "error" + ], + "properties": { + "error": { + "type": "object", + "required": [ + "code", + "message" + ], + "properties": { + "code": { + "type": "string", + "pattern": "invalidRequest" + }, + "message": { + "const": "unfortunately, your password is commonly used. please pick a harder-to-guess password for your safety" + } + } + } + } + } + """ + Examples: + | banned-password | permissions-role | + | 123 | view | + | password | view | + | ownCloud | view | + | 123 | edit | + | password | edit | + | ownCloud | edit | + | 123 | upload | + | password | upload | + | ownCloud | upload | + | 123 | createOnly | + | password | createOnly | + | ownCloud | createOnly | + | 123 | blocksDownload | + | password | blocksDownload | + | ownCloud | blocksDownload | + + + Scenario Outline: create a link share of a project-space without password using permissions endpoint + Given the following configs have been set: + | config | value | + | OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD | false | + And using spaces DAV path + And the administrator has assigned the role "Space Admin" to user "Alice" using the Graph API + And user "Alice" has created a space "projectSpace" with the default quota using the Graph API + When user "Alice" creates the following space link share using permissions endpoint of the Graph API: + | space | projectSpace | + | permissionsRole | | + Then the HTTP status code should be "200" + And the JSON data of the response should match + """ + { + "type": "object", + "required": [ + "hasPassword", + "id", + "link" + ], + "properties": { + "hasPassword": { + "const": false + }, + "id": { + "type": "string", + "pattern": "^[a-zA-Z]{15}$" + }, + "link": { + "type": "object", + "required": [ + "@libre.graph.displayName", + "@libre.graph.quickLink", + "preventsDownload", + "type", + "webUrl" + ], + "properties": { + "@libre.graph.displayName": { + "const": "" + }, + "@libre.graph.quickLink": { + "const": false + }, + "preventsDownload": { + "const": false + }, + "type": { + "const": "" + }, + "webUrl": { + "type": "string", + "pattern": "^%base_url%/s/[a-zA-Z]{15}$" + } + } + } + } + } + """ + Examples: + | permissions-role | + | view | + | edit | + | upload | + | createOnly | + | blocksDownload | diff --git a/tests/acceptance/features/bootstrap/SharingNgContext.php b/tests/acceptance/features/bootstrap/SharingNgContext.php index f3ab0a013a..a1a073b02e 100644 --- a/tests/acceptance/features/bootstrap/SharingNgContext.php +++ b/tests/acceptance/features/bootstrap/SharingNgContext.php @@ -71,11 +71,20 @@ class SharingNgContext implements Context { */ public function createLinkShare(string $user, TableNode $body): ResponseInterface { $bodyRows = $body->getRowsHash(); - $space = $bodyRows['space']; $resource = $bodyRows['resource'] ?? ""; - $spaceId = ($this->spacesContext->getSpaceByName($user, $space))["id"]; - $itemId = $this->spacesContext->getResourceId($user, $space, $resource); + if ($bodyRows['space'] === 'Personal' || $bodyRows['space'] === 'Shares') { + $space = $this->spacesContext->getSpaceByName($user, $bodyRows['space']); + } else { + $space = $this->spacesContext->getCreatedSpace($bodyRows['space']); + } + $spaceId = $space['id']; + + if ($resource === '' && !\in_array($bodyRows['space'], ['Personal', 'Shares'])) { + $itemId = $space['fileId']; + } else { + $itemId = $this->spacesContext->getResourceId($user, $bodyRows['space'], $resource); + } $bodyRows['displayName'] = $bodyRows['displayName'] ?? null; $bodyRows['expirationDateTime'] = \array_key_exists('expirationDateTime', $bodyRows) ? \date('Y-m-d', \strtotime($bodyRows['expirationDateTime'])) . 'T14:00:00.000Z' : null; @@ -553,6 +562,19 @@ class SharingNgContext implements Context { $this->featureContext->setResponse($response); } + /** + * @When /^user "([^"]*)" (?:tries to create|creates) the following space link share using permissions endpoint of the Graph API:$/ + * + * @param string $user + * @param TableNode $body + * + * @return void + * @throws GuzzleException + */ + public function userCreatesTheFollowingSpaceLinkShareUsingPermissionsEndpointOfTheGraphApi(string $user, TableNode $body):void { + $this->featureContext->setResponse($this->createLinkShare($user, $body)); + } + /** * @Given /^user "([^"]*)" has created the following resource link share:$/ *