Initial QSfera import

This commit is contained in:
Курнат Андрей
2026-06-07 10:20:04 +03:00
commit 2315f25754
16485 changed files with 4826827 additions and 0 deletions
@@ -0,0 +1,27 @@
Feature: auth
As a user
I want to send delete request with wrong password
So that I can make sure it doesn't work
@smokeTest @issue-1337 @issue-1319
Scenario: send DELETE requests to OCS endpoints as admin with wrong password
When user "admin" requests these endpoints with "DELETE" using password "invalid" about user "Alice"
| endpoint |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending/123 |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/123 |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/123 |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/123 |
| /ocs/v2.php/apps/files_sharing/api/v1/shares/123 |
| /ocs/v1.php/apps/files_sharing/api/v1/shares/pending/123 |
| /ocs/v2.php/apps/files_sharing/api/v1/shares/pending/123 |
| /ocs/v1.php/cloud/apps/testing |
| /ocs/v2.php/cloud/apps/testing |
| /ocs/v1.php/cloud/groups/group1 |
| /ocs/v2.php/cloud/groups/group1 |
| /ocs/v1.php/cloud/users/%username% |
| /ocs/v2.php/cloud/users/%username% |
| /ocs/v1.php/cloud/users/%username%/groups |
| /ocs/v2.php/cloud/users/%username%/groups |
| /ocs/v1.php/cloud/users/%username%/subadmins |
| /ocs/v2.php/cloud/users/%username%/subadmins |
Then the HTTP status code of responses on all endpoints should be "401"
@@ -0,0 +1,139 @@
Feature: auth
As a user
I want to send GET request to various endpoints
So that I can make sure the endpoints need proper authentication
Background:
Given user "Alice" has been created with default attributes
@issue-1337 @smokeTest
Scenario: using OCS anonymously
When a user requests these endpoints with "GET" and no authentication
| endpoint |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending |
| /ocs/v1.php/apps/files_sharing/api/v1/shares |
| /ocs/v2.php/apps/files_sharing/api/v1/shares |
| /ocs/v1.php/cloud/apps |
| /ocs/v2.php/cloud/apps |
| /ocs/v1.php/cloud/groups |
| /ocs/v2.php/cloud/groups |
| /ocs/v1.php/cloud/users |
| /ocs/v2.php/cloud/users |
| /ocs/v1.php/privatedata/getattribute |
| /ocs/v2.php/privatedata/getattribute |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-1338
Scenario: ocs config end point accessible by unauthorized users
When a user requests these endpoints with "GET" and no authentication
| endpoint |
| /ocs/v1.php/config |
Then the HTTP status code of responses on all endpoints should be "200"
And the OCS status code of responses on all endpoints should be "100"
When a user requests these endpoints with "GET" and no authentication
| endpoint |
| /ocs/v2.php/config |
Then the HTTP status code of responses on all endpoints should be "200"
And the OCS status code of responses on all endpoints should be "200"
@issue-1337 @issue-1336 @issue-1335 @issue-1334 @issue-1333
Scenario: using OCS with non-admin basic auth
When the user "Alice" requests these endpoints with "GET" with basic auth
| endpoint |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending |
| /ocs/v1.php/apps/files_sharing/api/v1/shares |
| /ocs/v1.php/config |
| /ocs/v1.php/privatedata/getattribute |
Then the HTTP status code of responses on each endpoint should be "404,404,200,200,404" respectively
When the user "Alice" requests these endpoints with "GET" with basic auth
| endpoint |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending |
| /ocs/v2.php/apps/files_sharing/api/v1/shares |
| /ocs/v2.php/config |
| /ocs/v2.php/privatedata/getattribute |
Then the HTTP status code of responses on each endpoint should be "404,404,200,200,404" respectively
When the user "Alice" requests these endpoints with "GET" with basic auth
| endpoint |
| /ocs/v1.php/cloud/apps |
| /ocs/v1.php/cloud/groups |
| /ocs/v1.php/cloud/users |
| /ocs/v2.php/cloud/apps |
| /ocs/v2.php/cloud/groups |
| /ocs/v2.php/cloud/users |
Then the HTTP status code of responses on all endpoints should be "404"
@issue-1338 @issue-1337 @smokeTest
Scenario: using OCS as normal user with wrong password
When user "Alice" requests these endpoints with "GET" using password "invalid"
| endpoint |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending |
| /ocs/v1.php/apps/files_sharing/api/v1/shares |
| /ocs/v2.php/apps/files_sharing/api/v1/shares |
| /ocs/v1.php/cloud/apps |
| /ocs/v2.php/cloud/apps |
| /ocs/v1.php/cloud/groups |
| /ocs/v2.php/cloud/groups |
| /ocs/v1.php/cloud/users |
| /ocs/v2.php/cloud/users |
| /ocs/v1.php/privatedata/getattribute |
| /ocs/v2.php/privatedata/getattribute |
Then the HTTP status code of responses on all endpoints should be "401"
When user "Alice" requests these endpoints with "GET" using password "invalid"
| endpoint |
| /ocs/v1.php/config |
Then the HTTP status code of responses on all endpoints should be "200"
When user "Alice" requests these endpoints with "GET" using password "invalid"
| endpoint |
| /ocs/v2.php/config |
Then the HTTP status code of responses on all endpoints should be "200"
@issue-1319
Scenario: using OCS with admin basic auth
When the administrator requests these endpoints with "GET"
| endpoint |
| /ocs/v1.php/cloud/apps |
| /ocs/v1.php/cloud/groups |
| /ocs/v1.php/cloud/users |
Then the HTTP status code of responses on all endpoints should be "404"
When the administrator requests these endpoints with "GET"
| endpoint |
| /ocs/v2.php/cloud/apps |
| /ocs/v2.php/cloud/groups |
| /ocs/v2.php/cloud/users |
Then the HTTP status code of responses on all endpoints should be "404"
@issue-1337 @issue-1319
Scenario: using OCS as admin user with wrong password
When user "admin" requests these endpoints with "GET" using password "invalid"
| endpoint |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending |
| /ocs/v1.php/apps/files_sharing/api/v1/shares |
| /ocs/v2.php/apps/files_sharing/api/v1/shares |
| /ocs/v1.php/cloud/apps |
| /ocs/v2.php/cloud/apps |
| /ocs/v1.php/cloud/groups |
| /ocs/v2.php/cloud/groups |
| /ocs/v1.php/cloud/users |
| /ocs/v2.php/cloud/users |
| /ocs/v1.php/privatedata/getattribute |
| /ocs/v2.php/privatedata/getattribute |
Then the HTTP status code of responses on all endpoints should be "401"
When user "another-admin" requests these endpoints with "GET" using password "invalid"
| endpoint |
| /ocs/v1.php/config |
Then the HTTP status code of responses on all endpoints should be "200"
When user "another-admin" requests these endpoints with "GET" using password "invalid"
| endpoint |
| /ocs/v2.php/config |
Then the HTTP status code of responses on all endpoints should be "200"
@@ -0,0 +1,41 @@
Feature: auth
As a user
I want to send POST request to various endpoints
So that I can make sure the endpoints need proper authentication
Background:
Given user "Alice" has been created with default attributes
@issue-1337 @smokeTest
Scenario: send POST requests to OCS endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending/123 |
| /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/123 |
| /ocs/v1.php/apps/files_sharing/api/v1/shares |
| /ocs/v2.php/apps/files_sharing/api/v1/shares |
| /ocs/v1.php/apps/files_sharing/api/v1/shares/pending/123 |
| /ocs/v2.php/apps/files_sharing/api/v1/shares/pending/123 |
| /ocs/v1.php/cloud/apps/testing |
| /ocs/v2.php/cloud/apps/testing |
| /ocs/v1.php/cloud/groups |
| /ocs/v2.php/cloud/groups |
| /ocs/v1.php/cloud/users |
| /ocs/v2.php/cloud/users |
| /ocs/v1.php/cloud/users/%username%/groups |
| /ocs/v2.php/cloud/users/%username%/groups |
| /ocs/v1.php/cloud/users/%username%/subadmins |
| /ocs/v2.php/cloud/users/%username%/subadmins |
| /ocs/v1.php/privatedata/deleteattribute/testing/test |
| /ocs/v2.php/privatedata/deleteattribute/testing/test |
| /ocs/v1.php/privatedata/setattribute/testing/test |
| /ocs/v2.php/privatedata/setattribute/testing/test |
Then the HTTP status code of responses on all endpoints should be "401"
When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /ocs/v1.php/person/check |
Then the HTTP status code of responses on all endpoints should be "401"
When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /ocs/v2.php/person/check |
Then the HTTP status code of responses on all endpoints should be "401"
@@ -0,0 +1,18 @@
Feature: auth
As a user
I want to send PUT request to various endpoints
So that I can make sure the endpoints need proper authentication
@issue-1337 @smokeTest
Scenario: send PUT request to OCS endpoints as admin with wrong password
When user "admin" requests these endpoints with "PUT" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /ocs/v1.php/cloud/users/%username% |
| /ocs/v2.php/cloud/users/%username% |
| /ocs/v1.php/cloud/users/%username%/disable |
| /ocs/v2.php/cloud/users/%username%/disable |
| /ocs/v1.php/cloud/users/%username%/enable |
| /ocs/v2.php/cloud/users/%username%/enable |
| /ocs/v1.php/apps/files_sharing/api/v1/shares/123 |
| /ocs/v2.php/apps/files_sharing/api/v1/shares/123 |
Then the HTTP status code of responses on all endpoints should be "401"
@@ -0,0 +1,27 @@
Feature: auth
As a user
I want to check the authentication of the application
So that I can make sure it's secure
Background:
Given user "Alice" has been created with default attributes
@smokeTest @issue-10334
Scenario Outline: using WebDAV anonymously
When a user requests "<dav-path>" with "PROPFIND" and no authentication
Then the HTTP status code should be "401"
Examples:
| dav-path |
| /webdav |
| /dav/files/%username% |
| /dav/spaces/%spaceid% |
@smokeTest @issue-10334
Scenario Outline: using WebDAV with basic auth
When user "Alice" requests "<dav-path>" with "PROPFIND" using basic auth
Then the HTTP status code should be "207"
Examples:
| dav-path |
| /webdav |
| /dav/files/%username% |
| /dav/spaces/%spaceid% |
@@ -0,0 +1,125 @@
Feature: COPY file/folder
As a user
I want to copy a file or folder
So that I can duplicate it
Background:
Given these users have been created with default attributes:
| username |
| Alice |
| Brian |
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
And using new DAV path
@smokeTest
Scenario: send COPY requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "COPY" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send COPY requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "COPY" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-3882
Scenario: send COPY requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "COPY" about user "Alice"
| endpoint |
| /dav/files/%username%/textfile0.txt |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
@issue-3882
Scenario: send COPY requests to another user's webDav endpoints as normal user using the spaces WebDAV API
Given using spaces DAV path
When user "Brian" requests these endpoints with "COPY" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
Scenario: send COPY requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "COPY" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send COPY requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "COPY" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send COPY requests to webDav endpoints without any authentication
When a user requests these endpoints with "COPY" with no authentication about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-4332 @issue-3882
Scenario: send COPY requests to webDav endpoints with body as normal user
When user "Alice" requests these endpoints with "COPY" including body "doesnotmatter" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /webdav/PARENT/parent.txt |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "415"
@issue-4332 @issue-3882
Scenario: send COPY requests to webDav endpoints with body as normal user using the spaces WebDAV API
When user "Alice" requests these endpoints with "COPY" including body "doesnotmatter" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "415"
@@ -0,0 +1,125 @@
Feature: delete file/folder
As a user
I want to delete a file or folder
So that I can remove redundant resources
Background:
Given these users have been created with default attributes:
| username |
| Alice |
| Brian |
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has uploaded file with content "some data" to "/textfile1.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
@smokeTest
Scenario: send DELETE requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "DELETE" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /webdav/PARENT/parent.txt |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send DELETE requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "DELETE" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /webdav/PARENT/parent.txt |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send DELETE requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "DELETE" about user "Alice"
| endpoint |
| /dav/files/%username%/textfile0.txt |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
Scenario: send DELETE requests to another user's webDav endpoints as normal user using the spaces WebDAV API
When user "Brian" requests these endpoints with "DELETE" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
@smokeTest
Scenario: send DELETE requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "DELETE" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send DELETE requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "DELETE" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send DELETE requests to webDav endpoints without any authentication
When a user requests these endpoints with "DELETE" with no authentication about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-4332
Scenario: send DELETE requests to webDav endpoints with body as normal user
When user "Alice" requests these endpoints with "DELETE" including body "doesnotmatter" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile1.txt |
| /dav/files/%username%/PARENT/parent.txt |
| /webdav/PARENT |
| /dav/files/%username%/FOLDER |
Then the HTTP status code of responses on all endpoints should be "415"
@issue-4332
Scenario: send DELETE requests to webDav endpoints with body as normal user using the spaces WebDAV API
When user "Alice" requests these endpoints with "DELETE" including body "doesnotmatter" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/PARENT |
Then the HTTP status code of responses on all endpoints should be "415"
@@ -0,0 +1,109 @@
Feature: LOCK file/folder
As a user
I want to lock a file or folder
So that I can ensure that the resources won't be changed unexpectedly
Background:
Given these users have been created with default attributes:
| username |
| Alice |
| Brian |
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has uploaded file with content "some data" to "/textfile1.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
@smokeTest
Scenario: send LOCK requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "LOCK" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send LOCK requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "LOCK" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-1347 @issue-2176
Scenario: send LOCK requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "LOCK" to get property "d:shared" about user "Alice"
| endpoint |
| /dav/files/%username%/textfile0.txt |
| /dav/files/%username%/PARENT |
Then the HTTP status code of responses on all endpoints should be "403"
When user "Brian" requests these endpoints with "LOCK" to get property "d:shared" about user "Alice"
| endpoint |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "409"
@issue-1347 @issue-2176
Scenario: send LOCK requests to another user's webDav endpoints as normal user using the spaces WebDAV API
When user "Brian" requests these endpoints with "LOCK" to get property "d:shared" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
Then the HTTP status code of responses on all endpoints should be "403"
When user "Brian" requests these endpoints with "LOCK" to get property "d:shared" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "409"
Scenario: send LOCK requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "LOCK" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send LOCK requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "LOCK" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send LOCK requests to webDav endpoints without any authentication
When a user requests these endpoints with "LOCK" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@@ -0,0 +1,126 @@
Feature: create folder using MKCOL
As a user
I want to create folders
So that I can organise resources in folders
Background:
Given user "Alice" has been created with default attributes
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
@smokeTest
Scenario: send MKCOL requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "MKCOL" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send MKCOL requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "MKCOL" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-5049 @issue-1347 @issue-1292
Scenario: send MKCOL requests to another user's webDav endpoints as normal user
Given user "Brian" has been created with default attributes
When user "Brian" requests these endpoints with "MKCOL" including body "" about user "Alice"
| endpoint |
| /dav/files/%username%/textfile0.txt |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/does-not-exist |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
@issue-5049 @issue-1347 @issue-1292
Scenario: send MKCOL requests to non-existent user's webDav endpoints as normal user
Given user "Brian" has been created with default attributes
When user "Brian" requests these endpoints with "MKCOL" including body "" about user "non-existent-user"
| endpoint |
| /dav/files/non-existent-user/textfile0.txt |
| /dav/files/non-existent-user/PARENT |
| /dav/files/non-existent-user/does-not-exist |
| /dav/files/non-existent-user/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
@issue-1347 @issue-1292
Scenario: send MKCOL requests to another user's webDav endpoints as normal user using the spaces WebDAV API
Given user "Brian" has been created with default attributes
When user "Brian" requests these endpoints with "MKCOL" including body "" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/does-not-exist |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
@issue-5049 @issue-1347 @issue-1292
Scenario: send MKCOL requests to non-existent user's webDav endpoints as normal user using the spaces WebDAV API
Given user "Brian" has been created with default attributes
When user "Brian" requests these endpoints with "MKCOL" including body "" about user "non-existent-user"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/does-not-exist |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
Scenario: send MKCOL requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "MKCOL" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send MKCOL requests to webDav endpoints using valid password and username of different user
Given user "Brian" has been created with default attributes
When user "Brian" requests these endpoints with "MKCOL" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send MKCOL requests to webDav endpoints without any authentication
When a user requests these endpoints with "MKCOL" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@@ -0,0 +1,124 @@
Feature: MOVE file/folder
As a user
I want to move resources
So that I can organise resources according to my preference
Background:
Given these users have been created with default attributes:
| username |
| Alice |
| Brian |
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
@smokeTest
Scenario: send MOVE requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "MOVE" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send MOVE requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "MOVE" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-3882
Scenario: send MOVE requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "MOVE" about user "Alice"
| endpoint |
| /dav/files/%username%/textfile0.txt |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
@issue-3882
Scenario: send MOVE requests to another user's webDav endpoints as normal user using the spaces WebDAV API
Given using spaces DAV path
When user "Brian" requests these endpoints with "MOVE" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
Scenario: send MOVE requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "MOVE" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send MOVE requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "MOVE" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send MOVE requests to webDav endpoints without any authentication
When a user requests these endpoints with "MOVE" with no authentication about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-4332 @issue-3882
Scenario: send MOVE requests to webDav endpoints with body as normal user
When user "Alice" requests these endpoints with "MOVE" including body "doesnotmatter" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /webdav/PARENT/parent.txt |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "415"
@issue-4332 @issue-3882
Scenario: send MOVE requests to webDav endpoints with body as normal user using the spaces WebDAV API
When user "Alice" requests these endpoints with "MOVE" including body "doesnotmatter" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "415"
@@ -0,0 +1,103 @@
Feature: POST file/folder
As a user
I want to send POST request to various endpoints
So that I can ensure the endpoints are well authenticated
Background:
Given these users have been created with default attributes:
| username |
| Alice |
| Brian |
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has uploaded file with content "some data" to "/textfile1.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
@smokeTest
Scenario: send POST requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send POST requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-1287
Scenario: send POST requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "POST" including body "doesnotmatter" about user "Alice"
| endpoint |
| /dav/files/%username%/textfile1.txt |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "412"
@issue-1287
Scenario: send POST requests to another user's webDav endpoints as normal user using the spaces WebDAV API
When user "Brian" requests these endpoints with "POST" including body "doesnotmatter" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "412"
Scenario: send POST requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "POST" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send POST requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "POST" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send POST requests to webDav endpoints without any authentication
When a user requests these endpoints with "POST" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@@ -0,0 +1,102 @@
Feature: PROPFIND file/folder
As a user
I want to send PROPFIND request to various endpoints
So that I can ensure the endpoints are well authenticated
Background:
Given these users have been created with default attributes:
| username |
| Alice |
| Brian |
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
@smokeTest
Scenario: send PROPFIND requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "PROPFIND" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send PROPFIND requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "PROPFIND" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@issue-1347
Scenario: send PROPFIND requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "PROPFIND" to get property "d:getetag" about user "Alice"
| endpoint |
| /dav/files/%username%/textfile0.txt |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
@issue-1347
Scenario: send PROPFIND requests to another user's webDav endpoints as normal user using the spaces WebDAV API
When user "Brian" requests these endpoints with "PROPFIND" to get property "d:getetag" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
Scenario: send PROPFIND requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "PROPFIND" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PROPFIND requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "PROPFIND" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send PROPFIND requests to webDav endpoints without any authentication
When a user requests these endpoints with "PROPFIND" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@@ -0,0 +1,85 @@
Feature: PROPPATCH file/folder
As a user
I want to send PROPPATCH request to various endpoints
So that I can ensure the endpoints are well authenticated
Background:
Given these users have been created with default attributes:
| username |
| Alice |
| Brian |
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has uploaded file with content "some data" to "/textfile1.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
@smokeTest
Scenario: send PROPPATCH requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "PROPPATCH" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send PROPPATCH requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "PROPPATCH" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PROPPATCH requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "PROPPATCH" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PROPPATCH requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "PROPPATCH" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send PROPPATCH requests to webDav endpoints without any authentication
When a user requests these endpoints with "PROPPATCH" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@@ -0,0 +1,109 @@
Feature: PUT file/folder
As a user
I want to send PUT request to various endpoints
So that I can ensure the endpoints are well authenticated
Background:
Given these users have been created with default attributes:
| username |
| Alice |
| Brian |
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has uploaded file with content "some data" to "/textfile1.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
@smokeTest
Scenario: send PUT requests to webDav endpoints as normal user with wrong password
When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "invalid" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send PUT requests to webDav endpoints as normal user with no password
When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "" about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PUT requests to another user's webDav endpoints as normal user
When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" about user "Alice"
| endpoint |
| /dav/files/%username%/textfile1.txt |
| /dav/files/%username%/PARENT |
Then the HTTP status code of responses on all endpoints should be "404"
When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" about user "Alice"
| endpoint |
| /dav/files/%username%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
Scenario: send PUT requests to another user's webDav endpoints as normal user using the spaces WebDAV API
When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
Then the HTTP status code of responses on all endpoints should be "404"
When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" about user "Alice"
| endpoint |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "404"
Scenario: send PUT requests to webDav endpoints using invalid username but correct password
When user "usero" requests these endpoints with "PUT" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
Scenario: send PUT requests to webDav endpoints using valid password and username of different user
When user "Brian" requests these endpoints with "PUT" including body "doesnotmatter" using the password of user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@smokeTest
Scenario: send PUT requests to webDav endpoints without any authentication
When a user requests these endpoints with "PUT" with body "doesnotmatter" and no authentication about user "Alice"
| endpoint |
| /webdav/textfile0.txt |
| /dav/files/%username%/textfile0.txt |
| /webdav/PARENT |
| /dav/files/%username%/PARENT |
| /dav/files/%username%/PARENT/parent.txt |
| /dav/spaces/%spaceid%/textfile0.txt |
| /dav/spaces/%spaceid%/PARENT |
| /dav/spaces/%spaceid%/PARENT/parent.txt |
Then the HTTP status code of responses on all endpoints should be "401"
@@ -0,0 +1,205 @@
Feature: make webdav request with special urls
As a user
I want to make webdav request with special urls
So that I can make sure that they work
Background:
Given user "Alice" has been created with default attributes
And user "Alice" has uploaded file with content "some data" to "/textfile0.txt"
And user "Alice" has uploaded file with content "some data" to "/textfile1.txt"
And user "Alice" has created folder "/PARENT"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has uploaded file with content "some data" to "/PARENT/parent.txt"
Scenario: send DELETE requests to webDav endpoints with 2 slashes
When user "Alice" requests these endpoints with "DELETE" using password "%regular%" about user "Alice"
| endpoint |
| //webdav/textfile0.txt |
| //dav//files/%username%/textfile1.txt |
| /dav//files/%username%/PARENT/parent.txt |
| /webdav//PARENT |
| //dav/files/%username%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "204"
Scenario: send DELETE requests to webDav endpoints with 2 slashes using the spaces WebDAV API
When user "Alice" requests these endpoints with "DELETE" using password "%regular%" about user "Alice"
| endpoint |
| //dav/spaces/%spaceid%/textfile0.txt |
| //dav//spaces/%spaceid%/PARENT/parent.txt |
| /dav//spaces/%spaceid%/PARENT |
| //dav/spaces/%spaceid%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "204"
Scenario: send GET requests to webDav endpoints with 2 slashes
When user "Alice" requests these endpoints with "GET" using password "%regular%" about user "Alice"
| endpoint |
| //webdav/textfile0.txt |
| //dav//files/%username%/textfile1.txt |
| /dav//files/%username%/PARENT/parent.txt |
| //webdav/PARENT |
| //dav/files/%username%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "200"
Scenario: send GET requests to webDav endpoints with 2 slashes using the spaces WebDAV API
When user "Alice" requests these endpoints with "GET" using password "%regular%" about user "Alice"
| endpoint |
| //dav/spaces/%spaceid%/textfile0.txt |
| //dav//spaces/%spaceid%/PARENT/parent.txt |
| /dav//spaces/%spaceid%/PARENT |
| //dav/spaces/%spaceid%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "200"
Scenario: send LOCK requests to webDav endpoints with 2 slashes
When user "Alice" requests these endpoints with "LOCK" to get property "d:shared" about user "Alice"
| endpoint |
| //webdav/textfile0.txt |
| //dav//files/%username%/textfile1.txt |
| /dav//files/%username%/PARENT/parent.txt |
| //webdav/PARENT |
| //dav/files/%username%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "200"
Scenario: send LOCK requests to webDav endpoints with 2 slashes using the spaces WebDAV API
When user "Alice" requests these endpoints with "LOCK" to get property "d:shared" about user "Alice"
| endpoint |
| //dav/spaces/%spaceid%/textfile0.txt |
| //dav//spaces/%spaceid%/PARENT/parent.txt |
| /dav//spaces/%spaceid%/PARENT |
| //dav/spaces/%spaceid%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "200"
Scenario: send MKCOL requests to webDav endpoints with 2 slashes
When user "Alice" requests these endpoints with "MKCOL" using password "%regular%" about user "Alice"
| endpoint |
| //webdav/PARENT1 |
| /webdav//PARENT2 |
| //webdav//PARENT3 |
| //dav//files/%username%/PARENT4 |
| /dav/files/%username%//PARENT5 |
| /dav//files/%username%/PARENT6 |
Then the HTTP status code of responses on all endpoints should be "201"
Scenario: send MKCOL requests to webDav endpoints with 2 slashes using the spaces WebDAV API
When user "Alice" requests these endpoints with "MKCOL" using password "%regular%" about user "Alice"
| endpoint |
| //dav/spaces/%spaceid%/PARENT1 |
| /dav//spaces/%spaceid%/PARENT2 |
| //dav//spaces/%spaceid%/PARENT3 |
| //dav/spaces//%spaceid%/PARENT4 |
| /dav/spaces/%spaceid%//PARENT5 |
| /dav//spaces/%spaceid%/PARENT6 |
Then the HTTP status code of responses on all endpoints should be "201"
Scenario: send MOVE requests to webDav endpoints with 2 slashes
When user "Alice" requests these endpoints with "MOVE" using password "%regular%" about user "Alice"
| endpoint | destination |
| //webdav/textfile0.txt | /webdav/textfileZero.txt |
| /dav//files/%username%/textfile1.txt | /dav/files/%username%/textfileOne.txt |
| /webdav//PARENT | /webdav/PARENT1 |
| //dav/files//%username%//PARENT1 | /dav/files/%username%/PARENT2 |
| /dav//files/%username%/PARENT2/parent.txt | /dav/files/%username%/PARENT2/parent1.txt |
Then the HTTP status code of responses on all endpoints should be "201"
Scenario: send MOVE requests to webDav endpoints with 2 slashes using the spaces WebDAV API
When user "Alice" requests these endpoints with "MOVE" using password "%regular%" about user "Alice"
| endpoint | destination |
| /dav//spaces/%spaceid%/textfile1.txt | /dav/spaces/%spaceid%/textfileOne.txt |
| /dav/spaces/%spaceid%//PARENT | /dav/spaces/%spaceid%/PARENT1 |
| //dav/spaces/%spaceid%//PARENT1 | /dav/spaces/%spaceid%/PARENT2 |
| //dav/spaces/%spaceid%/PARENT2/parent.txt | /dav/spaces/%spaceid%/PARENT2/parent1.txt |
Then the HTTP status code of responses on all endpoints should be "201"
Scenario: send POST requests to webDav endpoints with 2 slashes
When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "%regular%" about user "Alice"
| endpoint |
| //webdav/textfile0.txt |
| //dav//files/%username%/textfile1.txt |
| /dav//files/%username%/PARENT/parent.txt |
| /webdav//PARENT |
| //dav/files//%username%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "412"
Scenario: send POST requests to webDav endpoints with 2 slashes using the spaces WebDAV API
When user "Alice" requests these endpoints with "POST" including body "doesnotmatter" using password "%regular%" about user "Alice"
| endpoint |
| //dav//spaces/%spaceid%/textfile1.txt |
| /dav//spaces/%spaceid%/PARENT/parent.txt |
| /dav//spaces/%spaceid%/PARENT |
| //dav//spaces/%spaceid%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "412"
Scenario: send PROPFIND requests to webDav endpoints with 2 slashes
When user "Alice" requests these endpoints with "PROPFIND" to get property "d:href" about user "Alice"
| endpoint |
| //webdav/textfile0.txt |
| //dav//files/%username%/textfile1.txt |
| /dav//files/%username%/PARENT/parent.txt |
| /webdav//PARENT |
| //dav/files//%username%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "207"
Scenario: send PROPFIND requests to webDav endpoints with 2 slashes using the spaces WebDAV API
When user "Alice" requests these endpoints with "PROPFIND" to get property "d:href" about user "Alice"
| endpoint |
| //dav//spaces/%spaceid%/textfile1.txt |
| /dav//spaces/%spaceid%/PARENT/parent.txt |
| /dav//spaces/%spaceid%/PARENT |
| //dav/spaces//%spaceid%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "207"
Scenario: send PROPPATCH requests to webDav endpoints with 2 slashes
When user "Alice" requests these endpoints with "PROPPATCH" to set property "d:getlastmodified" about user "Alice"
| endpoint |
| //webdav/textfile0.txt |
| //dav//files/%username%/textfile1.txt |
| /dav//files/%username%/PARENT/parent.txt |
| /webdav//PARENT |
| //dav//files/%username%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "400"
Scenario: send PROPPATCH requests to webDav endpoints with 2 slashes using the spaces WebDAV API
When user "Alice" requests these endpoints with "PROPPATCH" to set property "d:getlastmodified" about user "Alice"
| endpoint |
| //dav//spaces/%spaceid%/textfile1.txt |
| /dav//spaces/%spaceid%/PARENT/parent.txt |
| /dav//spaces/%spaceid%/PARENT |
| //dav/spaces//%spaceid%//FOLDER |
Then the HTTP status code of responses on all endpoints should be "400"
Scenario: send PUT requests to webDav endpoints with 2 slashes
When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "%regular%" about user "Alice"
| endpoint |
| //webdav/textfile0.txt |
| /webdav//textfile1.txt |
| //dav//files/%username%/textfile1.txt |
| /dav/files//%username%/textfile7.txt |
| //dav//files/%username%/PARENT//parent.txt |
Then the HTTP status code of responses on each endpoint should be "204,204,204,201,204" respectively
Scenario: send PUT requests to webDav endpoints with 2 slashes using the spaces WebDAV API
When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "%regular%" about user "Alice"
| endpoint |
| //dav/spaces/%spaceid%/textfile0.txt |
| /dav//spaces/%spaceid%/textfile1.txt |
| //dav//spaces/%spaceid%/textfile1.txt |
| /dav/spaces//%spaceid%/textfile7.txt |
| //dav/spaces//%spaceid%/PARENT//parent.txt |
Then the HTTP status code of responses on each endpoint should be "204,204,204,201,204" respectively