mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-01 18:01:28 -06:00
35 lines
1.9 KiB
Gherkin
35 lines
1.9 KiB
Gherkin
@api @skipOnReva
|
|
Feature: attempt to PUT files with invalid password
|
|
As an admin
|
|
I want to the system to be secure when passwords are stored with the full hash difficulty
|
|
So that unauthorised users do not have access to data
|
|
|
|
Note - this feature is run in CI with ACCOUNTS_HASH_DIFFICULTY set to the default for production
|
|
See https://github.com/owncloud/ocis/issues/1542 and https://github.com/owncloud/ocis/pull/839
|
|
|
|
Background:
|
|
Given user "Alice" has been created with default attributes and without skeleton files
|
|
And user "Alice" has created folder "/PARENT"
|
|
|
|
|
|
Scenario: send PUT requests to webDav endpoints as normal user with wrong password
|
|
When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "invalid" about user "Alice"
|
|
| endpoint |
|
|
| /remote.php/webdav/textfile0.txt |
|
|
| /remote.php/dav/files/%username%/textfile0.txt |
|
|
| /remote.php/webdav/PARENT |
|
|
| /remote.php/dav/files/%username%/PARENT |
|
|
| /remote.php/dav/files/%username%/PARENT/parent.txt |
|
|
Then the HTTP status code of responses on all endpoints should be "401"
|
|
|
|
|
|
Scenario: send PUT requests to webDav endpoints as normal user with no password
|
|
When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "" about user "Alice"
|
|
| endpoint |
|
|
| /remote.php/webdav/textfile0.txt |
|
|
| /remote.php/dav/files/%username%/textfile0.txt |
|
|
| /remote.php/webdav/PARENT |
|
|
| /remote.php/dav/files/%username%/PARENT |
|
|
| /remote.php/dav/files/%username%/PARENT/parent.txt |
|
|
Then the HTTP status code of responses on all endpoints should be "401"
|