mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-10 14:09:05 -06:00
Code Issues Packages Projects Releases Wiki Activity

test: remove accountHashDifficulty test suite (#2190)

Browse Source 
Signed-off-by: Saw-jan <saw.jan.grg3e@gmail.com>
This commit is contained in:
Sawjan Gurung
2026-01-21 14:07:01 +05:45
committed by GitHub
parent 8d3b2e3eeb
commit b40c3f068c
11 changed files with 12 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
.woodpecker.star
View File

@@ -201,13 +201,6 @@ config = {
],
"skip": False,
},
"accountsHashDifficulty": {
"skip": False,
"suites": [
"apiAccountsHashDifficulty",
],
"accounts_hash_difficulty": "default",
},
"notification": {
"suites": [
"apiNotification",
@@ -667,10 +660,10 @@ def testPipelines(ctx):
storage = "decomposed"
if "skip" not in config["cs3ApiTests"] or not config["cs3ApiTests"]["skip"]:
pipelines += cs3ApiTests(ctx, storage, "default")
pipelines += cs3ApiTests(ctx, storage)
if "skip" not in config["wopiValidatorTests"] or not config["wopiValidatorTests"]["skip"]:
pipelines += wopiValidatorTests(ctx, storage, "builtin", "default")
pipelines += wopiValidatorTests(ctx, storage, "cs3", "default")
pipelines += wopiValidatorTests(ctx, storage, "builtin")
pipelines += wopiValidatorTests(ctx, storage, "cs3")
pipelines += localApiTestPipeline(ctx)
pipelines += coreApiTestPipeline(ctx)
@@ -1059,12 +1052,12 @@ def codestyle(ctx):
return pipelines
def cs3ApiTests(ctx, storage, accounts_hash_difficulty = 4):
def cs3ApiTests(ctx, storage):
pipeline = {
"name": "test-cs3-API-%s" % storage,
"steps": evaluateWorkflowStep() +
restoreBuildArtifactCache(ctx, dirs["opencloudBinArtifact"], dirs["opencloudBinPath"]) +
opencloudServer(storage, accounts_hash_difficulty, deploy_type = "cs3api_validator") +
opencloudServer(storage, deploy_type = "cs3api_validator") +
[
{
"name": "cs3ApiTests",
@@ -1095,7 +1088,7 @@ def cs3ApiTests(ctx, storage, accounts_hash_difficulty = 4):
])
return [pipeline]
def wopiValidatorTests(ctx, storage, wopiServerType, accounts_hash_difficulty = 4):
def wopiValidatorTests(ctx, storage, wopiServerType):
testgroups = [
"BaseWopiViewing",
"CheckFileInfoSchema",
@@ -1173,7 +1166,7 @@ def wopiValidatorTests(ctx, storage, wopiServerType, accounts_hash_difficulty =
"steps": evaluateWorkflowStep() +
restoreBuildArtifactCache(ctx, dirs["opencloudBinArtifact"], dirs["opencloudBinPath"]) +
waitForServices("fake-office", ["fakeoffice:8080"]) +
opencloudServer(storage, accounts_hash_difficulty, deploy_type = "wopi_validator", extra_server_environment = extra_server_environment) +
opencloudServer(storage, deploy_type = "wopi_validator", extra_server_environment = extra_server_environment) +
wopiServer +
waitForServices("wopi-fakeoffice", ["wopi-fakeoffice:9300"]) +
[
@@ -1224,7 +1217,6 @@ def localApiTestPipeline(ctx):
"extraTestEnvironment": {},
"extraServerEnvironment": {},
"storages": ["posix"],
"accounts_hash_difficulty": 4,
"emailNeeded": False,
"antivirusNeeded": False,
"tikaNeeded": False,
@@ -1281,13 +1273,12 @@ def localApiTestPipeline(ctx):
(waitForLdapService() if params["ldapNeeded"] else []) +
opencloudServer(
storage,
params["accounts_hash_difficulty"],
extra_server_environment = params["extraServerEnvironment"],
with_wrapper = True,
tika_enabled = params["tikaNeeded"],
watch_fs_enabled = run_with_watch_fs_enabled,
) +
(opencloudServer(storage, params["accounts_hash_difficulty"], deploy_type = "federation", extra_server_environment = params["extraServerEnvironment"], watch_fs_enabled = run_with_watch_fs_enabled) if params["federationServer"] else []) +
(opencloudServer(storage, deploy_type = "federation", extra_server_environment = params["extraServerEnvironment"], watch_fs_enabled = run_with_watch_fs_enabled) if params["federationServer"] else []) +
((wopiCollaborationService("fakeoffice") + wopiCollaborationService("collabora") + wopiCollaborationService("onlyoffice")) if params["collaborationServiceNeeded"] else []) +
(openCloudHealthCheck("wopi", ["wopi-collabora:9304", "wopi-onlyoffice:9304", "wopi-fakeoffice:9304"]) if params["collaborationServiceNeeded"] else []) +
localApiTest(params["suites"], storage, params["extraTestEnvironment"], run_with_remote_php, params["generateVirusFiles"]) +
@@ -1366,7 +1357,6 @@ def coreApiTestPipeline(ctx):
"numberOfParts": 7,
"skipExceptParts": [],
"skip": False,
"accounts_hash_difficulty": 4,
}
pipelines = []
@@ -1412,7 +1402,6 @@ def coreApiTestPipeline(ctx):
restoreBuildArtifactCache(ctx, dirs["opencloudBinArtifact"], dirs["opencloudBinPath"]) +
opencloudServer(
storage,
params["accounts_hash_difficulty"],
with_wrapper = True,
watch_fs_enabled = run_with_watch_fs_enabled,
) +
@@ -2330,7 +2319,7 @@ def notifyMatrix(ctx):
return result
def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depends_on = [], deploy_type = "", extra_server_environment = {}, with_wrapper = False, tika_enabled = False, watch_fs_enabled = False):
def opencloudServer(storage = "decomposed", depends_on = [], deploy_type = "", extra_server_environment = {}, with_wrapper = False, tika_enabled = False, watch_fs_enabled = False):
user = "0:0"
container_name = OC_SERVER_NAME
environment = {
@@ -2426,13 +2415,6 @@ def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depend
if watch_fs_enabled:
environment["STORAGE_USERS_POSIX_WATCH_FS"] = True
# Pass in "default" accounts_hash_difficulty to not set this environment variable.
# That will allow OpenCloud to use whatever its built-in default is.
# Otherwise pass in a value from 4 to about 11 or 12 (default 4, for making regular tests fast)
# The high values cause lots of CPU to be used when hashing passwords, and really slow down the tests.
if accounts_hash_difficulty != "default":
environment["ACCOUNTS_HASH_DIFFICULTY"] = accounts_hash_difficulty
for item in extra_server_environment:
environment[item] = extra_server_environment[item]

21
tests/acceptance/config/behat.yml
View File

@@ -3,9 +3,9 @@ default:
"": "%paths.base%/../bootstrap"
suites:
apiAccountsHashDifficulty:
apiSpaces:
paths:
- "%paths.base%/../features/apiAccountsHashDifficulty"
- "%paths.base%/../features/apiSpaces"
context: &common_ldap_suite_context
parameters:
ldapAdminPassword: admin
@@ -18,21 +18,6 @@ default:
adminPassword: admin
regularUserPassword: 123456
- SettingsContext:
- GraphContext:
- SpacesContext:
- CapabilitiesContext:
- FilesVersionsContext:
- NotificationContext:
- OCSContext:
- PublicWebDavContext:
apiSpaces:
paths:
- "%paths.base%/../features/apiSpaces"
context: *common_ldap_suite_context
contexts:
- FeatureContext: *common_feature_context_params
- SettingsContext:
- SpacesContext:
- CapabilitiesContext:
- FilesVersionsContext:
@@ -442,7 +427,7 @@ default:
- AuthAppContext:
- CliContext:
- OcConfigContext:
apiTenancy:
paths:
- "%paths.base%/../features/apiTenancy"

1
tests/acceptance/docker/src/opencloud-base.yml
View File

@@ -14,7 +14,6 @@ services:
SHARING_USER_JSON_FILE: /srv/app/tmp/opencloud/shares.json
PROXY_ENABLE_BASIC_AUTH: "true"
WEB_UI_CONFIG_FILE: /woodpecker/src/github.com/opencloud-eu/opencloud/tests/config/woodpecker/opencloud-config.json
ACCOUNTS_HASH_DIFFICULTY: 4
OC_INSECURE: "true"
IDM_CREATE_DEMO_USERS: "true"
IDM_ADMIN_PASSWORD: "admin"

2
tests/acceptance/expected-failures-decomposed-storage.md
View File

@@ -19,8 +19,6 @@
#### [Settings service user can list other peoples assignments](https://github.com/owncloud/ocis/issues/5032)
- [apiAccountsHashDifficulty/assignRole.feature:27](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L27)
- [apiAccountsHashDifficulty/assignRole.feature:28](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L28)
- [apiGraph/getAssignedRole.feature:31](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L31)
- [apiGraph/getAssignedRole.feature:32](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L32)
- [apiGraph/getAssignedRole.feature:33](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L33)

2
tests/acceptance/expected-failures-posix-storage.md
View File

@@ -19,8 +19,6 @@
#### [Settings service user can list other peoples assignments](https://github.com/owncloud/ocis/issues/5032)
- [apiAccountsHashDifficulty/assignRole.feature:27](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L27)
- [apiAccountsHashDifficulty/assignRole.feature:28](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L28)
- [apiGraph/getAssignedRole.feature:31](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L31)
- [apiGraph/getAssignedRole.feature:32](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L32)
- [apiGraph/getAssignedRole.feature:33](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L33)

16
tests/acceptance/features/apiAccountsHashDifficulty/addUser.feature
View File

@@ -1,16 +0,0 @@
@skipOnReva
Feature: add user
As an admin
I want to be able to add users and store their password with the full hash difficulty
So that I can give people controlled individual access to resources on the OpenCloud server
Scenario: admin creates a user
When the user "Admin" creates a new user with the following attributes using the Graph API:
| userName | brand-new-user |
| displayName | Brand New User |
| email | new@example.org |
| password | %alt1% |
Then the HTTP status code should be "201"
And user "brand-new-user" should exist
And user "brand-new-user" should be able to upload file "filesForUpload/lorem.txt" to "lorem.txt"

64
tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature
View File

@@ -1,64 +0,0 @@
Feature: assign role
As an admin,
I want to assign roles to users
So that I can provide them different authority
Scenario Outline: only admin user can see all existing roles
Given user "Alice" has been created with default attributes
And the administrator has given "Alice" the role "<user-role>" using the settings api
When user "Alice" tries to get all existing roles using the settings API
Then the HTTP status code should be "<http-status-code>"
Examples:
| user-role | http-status-code |
| Admin | 201 |
| Space Admin | 201 |
| User | 201 |
@issue-5032
Scenario Outline: only admin user can see assignments list
Given user "Alice" has been created with default attributes
And the administrator has given "Alice" the role "<user-role>" using the settings api
When user "Alice" tries to get list of assignment using the settings API
Then the HTTP status code should be "<http-status-code>"
Examples:
| user-role | http-status-code |
| Admin | 201 |
| Space Admin | 401 |
| User | 401 |
Scenario Outline: a user cannot change own role
Given user "Alice" has been created with default attributes
And the administrator has given "Alice" the role "<user-role>" using the settings api
When user "Alice" changes his own role to "<desired-role>"
Then the HTTP status code should be "400"
And user "Alice" should have the role "<user-role>"
Examples:
| user-role | desired-role |
| Admin | User |
| Admin | Space Admin |
| Space Admin | Admin |
| Space Admin | Space Admin |
| User | Admin |
| User | Space Admin |
Scenario Outline: only admin user can change the role for another user
Given these users have been created with default attributes:
| username |
| Alice |
| Brian |
And the administrator has given "Alice" the role "<user-role>" using the settings api
When user "Alice" changes the role "<desired-role>" for user "Brian"
Then the HTTP status code should be "<http-status-code>"
And user "Brian" should have the role "<expected-role>"
Examples:
| user-role | desired-role | http-status-code | expected-role |
| Admin | User | 201 | User |
| Admin | Space Admin | 201 | Space Admin |
| Admin | Admin | 201 | Admin |
| Space Admin | Admin | 400 | User |
| Space Admin | Space Admin | 400 | User |
| User | Admin | 400 | User |
| User | Space Admin | 400 | User |

18
tests/acceptance/features/apiAccountsHashDifficulty/createShareToSharesFolder.feature
View File

@@ -1,18 +0,0 @@
@skipOnReva
Feature: sharing
As a user
I want to be able to share files when passwords are stored with the full hash difficulty
So that I can give people secure controlled access to my data
Scenario Outline: creating a share of a file with a user
Given using OCS API version "<ocs-api-version>"
And user "Alice" has been created with default attributes
And user "Alice" has uploaded file with content "OpenCloud test text file 0" to "/textfile0.txt"
And user "Brian" has been created with default attributes
When user "Alice" shares file "textfile0.txt" with user "Brian" using the sharing API
And the content of file "/Shares/textfile0.txt" for user "Brian" should be "OpenCloud test text file 0"
Examples:
| ocs-api-version |
| 1 |
| 2 |

21
tests/acceptance/features/apiAccountsHashDifficulty/uploadFile.feature
View File

@@ -1,21 +0,0 @@
@skipOnReva
Feature: upload file
As a user
I want to be able to upload files when passwords are stored with the full hash difficulty
So that I can store and share files securely between multiple client systems
Scenario Outline: upload a file and check download content
Given using OCS API version "<ocs-api-version>"
And user "Alice" has been created with default attributes
And using <dav-path-version> DAV path
When user "Alice" uploads file with content "uploaded content" to "/upload.txt" using the WebDAV API
Then the content of file "/upload.txt" for user "Alice" should be "uploaded content"
Examples:
| ocs-api-version | dav-path-version |
| 1 | old |
| 1 | new |
| 1 | spaces |
| 2 | old |
| 2 | new |
| 2 | spaces |

31
tests/acceptance/features/apiAccountsHashDifficulty/webDavPUTAuthInvalid.feature
View File

@@ -1,31 +0,0 @@
@skipOnReva
Feature: attempt to PUT files with invalid password
As an admin
I want the system to be secure when passwords are stored with the full hash difficulty
So that unauthorised users do not have access to data
Background:
Given user "Alice" has been created with default attributes
And user "Alice" has created folder "/PARENT"
Scenario: send PUT requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PUT requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"

1
tests/acceptance/scripts/run_api_tests.sh
View File

@@ -64,7 +64,6 @@ SUITES=(
"apiSharingNgShareInvitation"
"apiSharingNgLinkSharePermission"
"apiSharingNgLinkShareRoot"
"apiAccountsHashDifficulty"
"apiSearchContent"
"apiNotification"
)