cloud/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis.git synced 2025-04-18 23:44:07 +03:00
Code

add test to access resource of another user using their auth-app token

Browse Source 
Signed-off-by: prashant-gurung899 <prasantgrg777@gmail.com>
This commit is contained in:
prashant-gurung899 2025-04-09 16:52:54 +05:45
parent c118bada1e
commit 7a0b59bb6d
No known key found for this signature in database
GPG Key ID: DEA6868D99D4D475
2 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tests/acceptance/bootstrap/AuthContext.php
View File

@ -556,6 +556,7 @@ class AuthContext implements Context {
/**
* @When user :asUser requests these endpoints with :method using the password of user :ofUser
* @When user :asUser requests these endpoints with :method using the auth-app token of user :ofUser
*
* @param string $asUser
* @param string $method
@ -565,7 +566,7 @@ class AuthContext implements Context {
* @return void
* @throws Exception
*/
public function userRequestsTheseEndpointsWithoutBodyUsingThePasswordOfUser(
public function userRequestsTheseEndpointsWithoutBodyUsingThePasswordOrAuthAppTokenOfUser(
string $asUser,
string $method,
string $ofUser,

50
tests/acceptance/features/apiAuthApp/tokenUsage.feature
View File

@ -85,4 +85,52 @@ Feature: create auth-app token
}
}
}
"""
"""
Scenario: admin tries to access resource of another user using auth-app token
Given user "Alice" has created auth-app token with expiration time "72h" using the auth-app API
And user "Alice" has uploaded file with content "ownCloud test text file" to "textfile.txt"
When user "Admin" requests these endpoints with "PROPFIND" using the auth-app token of user "Alice"
| endpoint |
| /webdav/textfile.txt |
| /dav/files/%username%/textfile.txt |
| /dav/spaces/%spaceid%/textfile.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: non-admin user tries to access resource of another user using auth-app token
Given user "Alice" has created auth-app token with expiration time "72h" using the auth-app API
And user "Alice" has uploaded file with content "ownCloud test text file" to "textfile.txt"
And user "Brian" has been created with default attributes
When user "Brian" requests these endpoints with "PROPFIND" using the auth-app token of user "Alice"
| endpoint |
| /webdav/textfile.txt |
| /dav/files/%username%/textfile.txt |
| /dav/spaces/%spaceid%/textfile.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@env-config
Scenario: admin tries to access resource of another user using impersonation token
Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
And user "Admin" has created auth-app token for user "Alice" with expiration time "72h" using the auth-app API
And user "Alice" has uploaded file with content "ownCloud test text file" to "textfile.txt"
When user "Admin" requests these endpoints with "PROPFIND" using the auth-app token of user "Alice"
| endpoint |
| /webdav/textfile.txt |
| /dav/files/%username%/textfile.txt |
| /dav/spaces/%spaceid%/textfile.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@env-config
Scenario: non-admin user tries to access resource of another user using impersonation token
Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
And user "Admin" has created auth-app token for user "Alice" with expiration time "72h" using the auth-app API
And user "Alice" has uploaded file with content "ownCloud test text file" to "textfile.txt"
And user "Brian" has been created with default attributes
When user "Brian" requests these endpoints with "PROPFIND" using the auth-app token of user "Alice"
| endpoint |
| /webdav/textfile.txt |
| /dav/files/%username%/textfile.txt |
| /dav/spaces/%spaceid%/textfile.txt |
Then the HTTP status code of responses on all endpoints should be "401"