diff --git a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsDELETEAuth.feature b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsDELETEAuth.feature index a5286bb944..431b184be5 100644 --- a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsDELETEAuth.feature +++ b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsDELETEAuth.feature @@ -26,33 +26,33 @@ Feature: auth | /ocs/v1.php/cloud/users/%username% | | /ocs/v1.php/cloud/users/%username%/subadmins | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "998" + And the OCS status code of responses on all endpoints should be "997" Scenario: send DELETE requests to OCS endpoints as admin with wrong password When the administrator requests these endpoints with "DELETE" using password "invalid" about user "Alice" | endpoint | | /ocs/v2.php/cloud/users/%username% | - Then the HTTP status code of responses on all endpoints should be "404" - And the OCS status code of responses on all endpoints should be "998" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" Scenario: send DELETE requests to OCS endpoints as admin with wrong password When the administrator requests these endpoints with "DELETE" using password "invalid" about user "Alice" | endpoint | | /ocs/v1.php/cloud/users/%username%/groups | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "996" + And the OCS status code of responses on all endpoints should be "997" Scenario: send DELETE requests to OCS endpoints as admin with wrong password When the administrator requests these endpoints with "DELETE" using password "invalid" about user "Alice" | endpoint | | /ocs/v2.php/cloud/users/%username%/groups | - Then the HTTP status code of responses on all endpoints should be "500" - And the OCS status code of responses on all endpoints should be "996" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" Scenario: send DELETE requests to OCS endpoints as admin with wrong password When the administrator requests these endpoints with "DELETE" using password "invalid" about user "Alice" | endpoint | | /ocs/v2.php/cloud/users/%username% | | /ocs/v2.php/cloud/users/%username%/subadmins | - Then the HTTP status code of responses on all endpoints should be "404" - And the OCS status code of responses on all endpoints should be "998" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" diff --git a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature index 8f3081a753..3bb8bbf4b5 100644 --- a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature +++ b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsGETAuth.feature @@ -27,7 +27,7 @@ Feature: auth | /ocs/v1.php/privatedata/getattribute | | /ocs/v2.php/privatedata/getattribute | Then the HTTP status code of responses on all endpoints should be "401" - And the OCS status code of responses on all endpoints should be "notset" + And the OCS status code of responses on all endpoints should be "997" @issue-ocis-ocs-26 # after fixing all issues delete this Scenario and use the one from oC10 core @@ -36,12 +36,12 @@ Feature: auth | endpoint | | /ocs/v1.php/cloud/users | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "100" + And the OCS status code of responses on all endpoints should be "997" When a user requests these endpoints with "GET" and no authentication | endpoint | | /ocs/v2.php/cloud/users | - Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "200" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" @issue-ocis-reva-11 @@ -85,12 +85,12 @@ Feature: auth | endpoint | | /ocs/v1.php/cloud/users | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "100" + And the OCS status code of responses on all endpoints should be "997" When the user "Alice" requests these endpoints with "GET" with basic auth | endpoint | | /ocs/v2.php/cloud/users | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "200" + And the OCS status code of responses on all endpoints should be "997" When the user "Alice" requests these endpoints with "GET" with basic auth | endpoint | | /ocs/v2.php/config | @@ -121,7 +121,7 @@ Feature: auth | /ocs/v1.php/privatedata/getattribute | | /ocs/v2.php/privatedata/getattribute | Then the HTTP status code of responses on all endpoints should be "401" - And the OCS status code of responses on all endpoints should be "notset" + And the OCS status code of responses on all endpoints should be "997" @issue-ocis-reva-29 @issue-ocis-reva-30 @@ -134,12 +134,12 @@ Feature: auth | endpoint | | /ocs/v1.php/cloud/users | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "100" + And the OCS status code of responses on all endpoints should be "997" When user "Alice" requests these endpoints with "GET" using password "invalid" | endpoint | | /ocs/v2.php/cloud/users | - Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "200" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" @skipOnOcV10 @issue-ocis-reva-29 @@ -169,7 +169,7 @@ Feature: auth | /ocs/v1.php/privatedata/getattribute | | /ocs/v2.php/privatedata/getattribute | Then the HTTP status code of responses on all endpoints should be "401" - And the OCS status code of responses on all endpoints should be "notset" + And the OCS status code of responses on all endpoints should be "997" @skipOnOcV10 @issue-ocis-reva-29 diff --git a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPOSTAuth.feature b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPOSTAuth.feature index a05de81628..1580ae86cf 100644 --- a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPOSTAuth.feature +++ b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPOSTAuth.feature @@ -26,7 +26,7 @@ Feature: auth | /ocs/v1.php/privatedata/setattribute/testing/test | | /ocs/v2.php/privatedata/setattribute/testing/test | Then the HTTP status code of responses on all endpoints should be "401" - And the OCS status code of responses on all endpoints should be "notset" + And the OCS status code of responses on all endpoints should be "997" # after fixing all issues delete this Scenario and use the one from oC10 core Scenario: send POST requests to OCS endpoints as normal user with wrong password @@ -34,12 +34,12 @@ Feature: auth | endpoint | | /ocs/v1.php/cloud/users | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "400" + And the OCS status code of responses on all endpoints should be "997" When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice" | endpoint | | /ocs/v2.php/cloud/users | - Then the HTTP status code of responses on all endpoints should be "400" - And the OCS status code of responses on all endpoints should be "400" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" @issue-ocis-reva-30 # after fixing all issues delete this Scenario and use the one from oC10 core @@ -48,12 +48,12 @@ Feature: auth | endpoint | | /ocs/v1.php/cloud/users/%username%/groups | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "400" + And the OCS status code of responses on all endpoints should be "997" When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice" | endpoint | | /ocs/v2.php/cloud/users/%username%/groups | - Then the HTTP status code of responses on all endpoints should be "400" - And the OCS status code of responses on all endpoints should be "400" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" @issue-ocis-reva-30 # after fixing all issues delete this Scenario and use the one from oC10 core @@ -62,9 +62,9 @@ Feature: auth | endpoint | | /ocs/v1.php/cloud/users/%username%/subadmins | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "998" + And the OCS status code of responses on all endpoints should be "997" When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice" | endpoint | | /ocs/v2.php/cloud/users/%username%/subadmins | - Then the HTTP status code of responses on all endpoints should be "404" - And the OCS status code of responses on all endpoints should be "998" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" diff --git a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPUTAuth.feature b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPUTAuth.feature index 5bdb30e8dd..a747e02712 100644 --- a/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPUTAuth.feature +++ b/ocis/tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsPUTAuth.feature @@ -10,7 +10,7 @@ Feature: auth | /ocs/v1.php/apps/files_sharing/api/v1/shares/123 | | /ocs/v2.php/apps/files_sharing/api/v1/shares/123 | Then the HTTP status code of responses on all endpoints should be "401" - And the OCS status code of responses on all endpoints should be "notset" + And the OCS status code of responses on all endpoints should be "997" @issue-ocis-reva-30 @issue-ocis-ocs-26 @@ -20,12 +20,12 @@ Feature: auth | endpoint | | /ocs/v1.php/cloud/users/%username% | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "998" + And the OCS status code of responses on all endpoints should be "997" When the administrator requests these endpoints with "PUT" with body "doesnotmatter" using password "invalid" about user "Alice" | endpoint | | /ocs/v2.php/cloud/users/%username% | - Then the HTTP status code of responses on all endpoints should be "404" - And the OCS status code of responses on all endpoints should be "998" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" @issue-ocis-reva-30 @issue-ocis-ocs-28 @@ -36,11 +36,11 @@ Feature: auth | /ocs/v1.php/cloud/users/%username%/disable | | /ocs/v1.php/cloud/users/%username%/enable | Then the HTTP status code of responses on all endpoints should be "200" - And the OCS status code of responses on all endpoints should be "998" + And the OCS status code of responses on all endpoints should be "997" When the administrator requests these endpoints with "PUT" with body "doesnotmatter" using password "invalid" about user "Alice" | endpoint | | /ocs/v2.php/cloud/users/%username%/disable | | /ocs/v2.php/cloud/users/%username%/enable | - Then the HTTP status code of responses on all endpoints should be "404" - And the OCS status code of responses on all endpoints should be "998" + Then the HTTP status code of responses on all endpoints should be "401" + And the OCS status code of responses on all endpoints should be "997" diff --git a/proxy/pkg/middleware/account_uuid.go b/proxy/pkg/middleware/account_uuid.go index 7d3611fd22..2785e8fbf0 100644 --- a/proxy/pkg/middleware/account_uuid.go +++ b/proxy/pkg/middleware/account_uuid.go @@ -99,8 +99,11 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler { Iss: opt.OIDCIss, } } else { + // we are still forwarding the request, the service is responsible for rendering the error + // TODO or render a full blown ocs xml / json error response + next.ServeHTTP(w, r) // tell client to reauthenticate - w.WriteHeader(http.StatusUnauthorized) + //w.WriteHeader(http.StatusUnauthorized) return } } else {