-
Notifications
You must be signed in to change notification settings - Fork 2.1k
/
webDavPROPPATCHAuth.feature
105 lines (91 loc) · 6.18 KB
/
webDavPROPPATCHAuth.feature
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
@api
Feature: PROPPATCH file/folder
Background:
Given these users have been created with default attributes and without skeleton files:
| username |
| Alice |
| Brian |
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has uploaded file with content "some data" to "/textfile1.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send PROPPATCH requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "PROPPATCH" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /remote.php/webdav/textfile0.txt |
| /remote.php/dav/files/%username%/textfile0.txt |
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/PARENT |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send PROPPATCH requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "PROPPATCH" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /remote.php/webdav/textfile0.txt |
| /remote.php/dav/files/%username%/textfile0.txt |
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/PARENT |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PROPPATCH requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "PROPPATCH" to set property "favorite" about user "Alice"
| endpoint |
| /remote.php/dav/files/%username%/textfile0.txt |
| /remote.php/dav/files/%username%/PARENT |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
Scenario: send PROPPATCH requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "PROPPATCH" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /remote.php/webdav/textfile0.txt |
| /remote.php/dav/files/%username%/textfile0.txt |
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/PARENT |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PROPPATCH requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "PROPPATCH" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /remote.php/webdav/textfile0.txt |
| /remote.php/dav/files/%username%/textfile0.txt |
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/PARENT |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest @skipOnBruteForceProtection @issue-brute_force_protection-112
Scenario: send PROPPATCH requests to webDav endpoints without any authentication
When a user requests these endpoints with "PROPPATCH" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
| /remote.php/webdav/textfile0.txt |
| /remote.php/dav/files/%username%/textfile0.txt |
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/PARENT |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PROPPATCH requests to webDav endpoints using token authentication should not work
Given token auth has been enforced
And a new browser session for "Alice" has been started
And the user has generated a new app password named "my-client"
When the user requests these endpoints with "PROPPATCH" using the generated app password about user "Alice"
| endpoint |
| /remote.php/webdav/textfile0.txt |
| /remote.php/dav/files/%username%/textfile0.txt |
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/PARENT |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PROPPATCH requests to webDav endpoints using app password token as password
Given token auth has been enforced
And a new browser session for "Alice" has been started
And the user has generated a new app password named "my-client"
When the user "Alice" requests these endpoints with "PROPPATCH" to set property "favorite" using basic auth and generated app password about user "Alice"
| endpoint |
| /remote.php/webdav/textfile0.txt |
| /remote.php/dav/files/%username%/textfile1.txt |
| /remote.php/dav/files/%username%/PARENT/parent.txt |
| /remote.php/webdav/PARENT |
| /remote.php/dav/files/%username%/FOLDER |
Then the HTTP status code of responses on all endpoints should be "207"