* Added api test for delete user using graph API
* Added scenario, admin user tries to delete another admin user
* Added scenario, delete user with username having different case
* Addressed reviews
* add API tests for deleting groups
* add tests to expected failure
* fix php style
* update expected failure list
extend test
* merge scenarios
* bump core commit id
extend tests
descrive scenario
* use when step
* fix
Co-authored-by: Viktor Scharf <scharf.vi@gmail.com>
* add tests for getting groups and group members
* bump core commit id
* fix scenario description
* fix php style
* add tests for creating empty group
* add unauthorized response check
* mark empty group creation scenario as expected to fail
* address reviews
Up to now the /me/changePassword endpoint return a 500 Status when
issue a password change with the old password set to the wrong password.
This changes the code to return 400 (Bad Request) with an additional
message that the old password is wrong. This does not seem to weaken the
security of /me/changePassword (i.e. for allowing easier brute-force
attacks) as the endpoint is only available to already authenticated
users (and only for changing their own passwords)
See #4480
