cloud/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis.git synced 2025-04-18 23:44:07 +03:00
Code

Merge pull request #11185 from owncloud/test/access-resource-using-token

Browse Source 
[tests-only][full-ci] add test to access resource of another user using impersonation token.
This commit is contained in:
Prashant Gurung 2025-04-11 17:24:37 +05:45 committed by GitHub
commit f2885d8781
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tests/acceptance/bootstrap/AuthContext.php
View File

@ -556,6 +556,7 @@ class AuthContext implements Context {
/**
* @When user :asUser requests these endpoints with :method using the password of user :ofUser
* @When user :asUser requests these endpoints with :method using the auth-app token of user :ofUser
*
* @param string $asUser
* @param string $method
@ -565,7 +566,7 @@ class AuthContext implements Context {
* @return void
* @throws Exception
*/
public function userRequestsTheseEndpointsWithoutBodyUsingThePasswordOfUser(
public function userRequestsTheseEndpointsWithoutBodyUsingThePasswordOrAuthAppTokenOfUser(
string $asUser,
string $method,
string $ofUser,

50
tests/acceptance/features/apiAuthApp/tokenUsage.feature
View File

@ -85,4 +85,52 @@ Feature: create auth-app token
}
}
}
"""
"""
Scenario: admin tries to access resource of another user using auth-app token
Given user "Alice" has created auth-app token with expiration time "72h" using the auth-app API
And user "Alice" has uploaded file with content "ownCloud test text file" to "textfile.txt"
When user "Admin" requests these endpoints with "PROPFIND" using the auth-app token of user "Alice"
| endpoint |
| /webdav/textfile.txt |
| /dav/files/%username%/textfile.txt |
| /dav/spaces/%spaceid%/textfile.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: non-admin user tries to access resource of another user using auth-app token
Given user "Alice" has created auth-app token with expiration time "72h" using the auth-app API
And user "Alice" has uploaded file with content "ownCloud test text file" to "textfile.txt"
And user "Brian" has been created with default attributes
When user "Brian" requests these endpoints with "PROPFIND" using the auth-app token of user "Alice"
| endpoint |
| /webdav/textfile.txt |
| /dav/files/%username%/textfile.txt |
| /dav/spaces/%spaceid%/textfile.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@env-config
Scenario: admin tries to access resource of another user using impersonation token
Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
And user "Admin" has created auth-app token for user "Alice" with expiration time "72h" using the auth-app API
And user "Alice" has uploaded file with content "ownCloud test text file" to "textfile.txt"
When user "Admin" requests these endpoints with "PROPFIND" using the auth-app token of user "Alice"
| endpoint |
| /webdav/textfile.txt |
| /dav/files/%username%/textfile.txt |
| /dav/spaces/%spaceid%/textfile.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@env-config
Scenario: non-admin user tries to access resource of another user using impersonation token
Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true"
And user "Admin" has created auth-app token for user "Alice" with expiration time "72h" using the auth-app API
And user "Alice" has uploaded file with content "ownCloud test text file" to "textfile.txt"
And user "Brian" has been created with default attributes
When user "Brian" requests these endpoints with "PROPFIND" using the auth-app token of user "Alice"
| endpoint |
| /webdav/textfile.txt |
| /dav/files/%username%/textfile.txt |
| /dav/spaces/%spaceid%/textfile.txt |
Then the HTTP status code of responses on all endpoints should be "401"