diff options
| author | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2019-08-14 15:59:31 +0300 |
|---|---|---|
| committer | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2019-09-26 11:45:01 +0300 |
| commit | 3d894598aecfefc28d041af9c6c0c1d75876fab7 (patch) | |
| tree | 0f5477997f0568e8b46b1e79df1da2adfd6e41cf /tests | |
| parent | 8de6a11bc7813a979ccfc9aeae00d8642f61db19 (diff) | |
Add integration tests for self-joined users in files shared by link
Self-joined users and guests can join the room for a file if the file is
shared by link. In order to check that, however, the share token should
have been previously stored in the session, as the room is linked to the
file id and users without direct access to a file can not find out if
the file is shared by link or not. Therefore self-joined users and
guests must get the room for the share (which stores the share token in
the session) before being able to join the room.
Besides that, in the case of self-joined users they must be logged in
too. Otherwise the session is regenerated on each new request, which
prevents getting the share token stored in a previous request.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/integration/features/bootstrap/FeatureContext.php | 45 | ||||
| -rw-r--r-- | tests/integration/features/conversation/files.feature | 51 |
2 files changed, 96 insertions, 0 deletions
diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php index d52aec36e..1ce98a883 100644 --- a/tests/integration/features/bootstrap/FeatureContext.php +++ b/tests/integration/features/bootstrap/FeatureContext.php @@ -1108,6 +1108,51 @@ class FeatureContext implements Context, SnippetAcceptingContext { */ /** + * @Given /^user "([^"]*)" logs in$/ + */ + public function userLogsIn(string $user) { + $loginUrl = $this->baseUrl . '/login'; + + $cookieJar = $this->getUserCookieJar($user); + + // Request a new session and extract CSRF token + $client = new Client(); + $this->response = $client->get( + $loginUrl, + [ + 'cookies' => $cookieJar, + ] + ); + + $requestToken = $this->extractRequestTokenFromResponse($this->response); + + // Login and extract new token + $password = ($user === 'admin') ? 'admin' : '123456'; + $client = new Client(); + $this->response = $client->post( + $loginUrl, + [ + 'body' => [ + 'user' => $user, + 'password' => $password, + 'requesttoken' => $requestToken, + ], + 'cookies' => $cookieJar, + ] + ); + + $this->assertStatusCode($this->response, 200); + } + + /** + * @param ResponseInterface $response + * @return string + */ + private function extractRequestTokenFromResponse(ResponseInterface $response): string { + return substr(preg_replace('/(.*)data-requesttoken="(.*)">(.*)/sm', '\2', $response->getBody()->getContents()), 0, 89); + } + + /** * @When /^sending "([^"]*)" to "([^"]*)" with$/ * @param string $verb * @param string $url diff --git a/tests/integration/features/conversation/files.feature b/tests/integration/features/conversation/files.feature index 71d88a08e..84c22aeda 100644 --- a/tests/integration/features/conversation/files.feature +++ b/tests/integration/features/conversation/files.feature @@ -249,6 +249,16 @@ Feature: conversation/files When user "participant2" joins room "file last share room" with 200 Then user "participant2" is participant of room "file last share room" + Scenario: user without access to a file shared by link can join its room + Given user "participant1" shares "welcome.txt" by link with OCS 100 + # Users without access to a file shared by link need to log in (so further + # requests keep the same session) and get the room (so the share token is + # stored in the session) to be able to join it. + And user "participant2" logs in + And user "participant2" gets the room for last share with 200 + When user "participant2" joins room "file last share room" with 200 + Then user "participant2" is participant of room "file last share room" + Scenario: guest can join the room of a file shared by link Given user "participant1" shares "welcome.txt" by link with OCS 100 And user "guest" gets the room for last share with 200 @@ -296,6 +306,18 @@ Feature: conversation/files When user "participant2" leaves room "file last share room" with 200 Then user "participant2" is participant of room "file last share room" + Scenario: user without access to a file shared by link is removed from its room after leaving it + Given user "participant1" shares "welcome.txt" by link with OCS 100 + # Users without access to a file shared by link need to log in (so further + # requests keep the same session) and get the room (so the share token is + # stored in the session) to be able to join it. + And user "participant2" logs in + And user "participant2" gets the room for last share with 200 + And user "participant2" joins room "file last share room" with 200 + And user "participant2" is participant of room "file last share room" + When user "participant2" leaves room "file last share room" with 200 + Then user "participant2" is not participant of room "file last share room" + Scenario: guest is removed from the room of a file shared by link after leaving it Given user "participant1" shares "welcome.txt" by link with OCS 100 And user "guest" gets the room for last share with 200 @@ -353,6 +375,20 @@ Feature: conversation/files And user "participant2" joins room "file last share room" with 200 Then user "participant2" is participant of room "file last share room" + Scenario: user without access to a file shared by link can join its room again after removing self from it + Given user "participant1" shares "welcome.txt" by link with OCS 100 + # Users without access to a file shared by link need to log in (so further + # requests keep the same session) and get the room (so the share token is + # stored in the session) to be able to join it. + And user "participant2" logs in + And user "participant2" gets the room for last share with 200 + And user "participant2" joins room "file last share room" with 200 + And user "participant2" is participant of room "file last share room" + When user "participant2" removes themselves from room "file last share room" with 200 + And user "participant2" is not participant of room "file last share room" + And user "participant2" joins room "file last share room" with 200 + Then user "participant2" is participant of room "file last share room" + # Guests can not remove themselves from a room. @@ -409,6 +445,21 @@ Feature: conversation/files And user "participant2" joins room "file last share room" with 200 And user "participant2" is participant of room "file last share room" + Scenario: user is not participant of room for file no longer shared by link and without access to it + Given user "participant1" shares "welcome.txt" by link with OCS 100 + # Users without access to a file shared by link need to log in (so further + # requests keep the same session) and get the room (so the share token is + # stored in the session) to be able to join it. + And user "participant2" logs in + And user "participant2" gets the room for last share with 200 + And user "participant2" joins room "file last share room" with 200 + And user "participant2" leaves room "file last share room" with 200 + And user "participant2" is not participant of room "file last share room" + When user "participant1" deletes last share + Then user "participant2" is not participant of room "file last share room" + And user "participant2" joins room "file last share room" with 404 + And user "participant2" is not participant of room "file last share room" + Scenario: guest is not participant of room for file no longer shared by link Given user "participant1" shares "welcome.txt" by link with OCS 100 And user "guest" gets the room for last share with 200 |