Skip to content

Handle accept decline with invalid share id#34622

Merged
phil-davis merged 7 commits into
masterfrom
handle-accept-decline-share
Mar 6, 2019
Merged

Handle accept decline with invalid share id#34622
phil-davis merged 7 commits into
masterfrom
handle-accept-decline-share

Conversation

@phil-davis

@phil-davis phil-davis commented Feb 26, 2019

Copy link
Copy Markdown
Contributor

Description

  1. Catch the case when an accept or decline for a non-existent federated share id is received. Return a STATUS_GONE 410 response. Previously this was not caught in RequestHandlerController and ended up becoming a 500 status. That can cause issues for the remote end, which could think that there was an internal server error for the request - the remote end might then throw an exception itself and not cleanup its view of the now non-existent share id.

  2. Catch the case when an accept or decline for a share id has an invalid shared secret provided. Return a STATUS_FORBIDDEN 403 so that the remote end can at least handle/report that, rather than returning a 500 that might cause the remote server grief.

Related Issue

This is on top of PR #34568 and issue #34566

Motivation and Context

How Has This Been Tested?

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:

Open tasks:

  • Backport (if applicable set "backport-request" label and remove when the backport was done)

@codecov

codecov Bot commented Feb 26, 2019

Copy link
Copy Markdown

Codecov Report

Merging #34622 into master will increase coverage by <.01%.
The diff coverage is 89.21%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #34622      +/-   ##
============================================
+ Coverage     65.23%   65.24%   +<.01%     
- Complexity    18438    18446       +8     
============================================
  Files          1203     1203              
  Lines         69819    69850      +31     
  Branches       1280     1280              
============================================
+ Hits          45548    45572      +24     
- Misses        23899    23906       +7     
  Partials        372      372
Flag Coverage Δ Complexity Δ
#javascript 53.04% <ø> (ø) 0 <ø> (ø) ⬇️
#phpunit 66.64% <89.21%> (ø) 18446 <1> (+8) ⬆️
Impacted Files Coverage Δ Complexity Δ
...e/AppFramework/DependencyInjection/DIContainer.php 73.28% <ø> (ø) 79 <0> (ø) ⬇️
apps/files_sharing/lib/AppInfo/Application.php 50.98% <100%> (ø) 17 <0> (ø) ⬇️
...haring/lib/Controller/RequestHandlerController.php 82.18% <100%> (+2.31%) 30 <0> (+4) ⬆️
...amework/Middleware/Security/SecurityMiddleware.php 93.84% <25%> (-4.52%) 24 <0> (+2)
apps/dav/lib/Connector/Sabre/CorsPlugin.php 89.79% <73.33%> (-7.83%) 19 <1> (+2)
...es_sharing/lib/Controller/Share20OcsController.php 85.31% <93.54%> (ø) 193 <0> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a922eaf...5050903. Read the comment docs.

1 similar comment
@codecov

codecov Bot commented Feb 26, 2019

Copy link
Copy Markdown

Codecov Report

Merging #34622 into master will increase coverage by <.01%.
The diff coverage is 89.21%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #34622      +/-   ##
============================================
+ Coverage     65.23%   65.24%   +<.01%     
- Complexity    18438    18446       +8     
============================================
  Files          1203     1203              
  Lines         69819    69850      +31     
  Branches       1280     1280              
============================================
+ Hits          45548    45572      +24     
- Misses        23899    23906       +7     
  Partials        372      372
Flag Coverage Δ Complexity Δ
#javascript 53.04% <ø> (ø) 0 <ø> (ø) ⬇️
#phpunit 66.64% <89.21%> (ø) 18446 <1> (+8) ⬆️
Impacted Files Coverage Δ Complexity Δ
...e/AppFramework/DependencyInjection/DIContainer.php 73.28% <ø> (ø) 79 <0> (ø) ⬇️
apps/files_sharing/lib/AppInfo/Application.php 50.98% <100%> (ø) 17 <0> (ø) ⬇️
...haring/lib/Controller/RequestHandlerController.php 82.18% <100%> (+2.31%) 30 <0> (+4) ⬆️
...amework/Middleware/Security/SecurityMiddleware.php 93.84% <25%> (-4.52%) 24 <0> (+2)
apps/dav/lib/Connector/Sabre/CorsPlugin.php 89.79% <73.33%> (-7.83%) 19 <1> (+2)
...es_sharing/lib/Controller/Share20OcsController.php 85.31% <93.54%> (ø) 193 <0> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a922eaf...5050903. Read the comment docs.

@codecov

codecov Bot commented Feb 26, 2019

Copy link
Copy Markdown

Codecov Report

Merging #34622 into master will increase coverage by <.01%.
The diff coverage is 88.46%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #34622      +/-   ##
============================================
+ Coverage     65.25%   65.25%   +<.01%     
- Complexity    18458    18467       +9     
============================================
  Files          1207     1207              
  Lines         69895    69928      +33     
  Branches       1280     1280              
============================================
+ Hits          45608    45633      +25     
- Misses        23915    23923       +8     
  Partials        372      372
Flag Coverage Δ Complexity Δ
#javascript 53.04% <ø> (ø) 0 <ø> (ø) ⬇️
#phpunit 66.66% <88.46%> (ø) 18467 <1> (+9) ⬆️
Impacted Files Coverage Δ Complexity Δ
...e/AppFramework/DependencyInjection/DIContainer.php 73.28% <ø> (ø) 79 <0> (ø) ⬇️
apps/files_sharing/lib/AppInfo/Application.php 50.98% <100%> (ø) 17 <0> (ø) ⬇️
...haring/lib/Controller/RequestHandlerController.php 82.18% <100%> (+2.31%) 30 <0> (+4) ⬆️
...amework/Middleware/Security/SecurityMiddleware.php 93.84% <25%> (-4.52%) 24 <0> (+2)
lib/public/AppFramework/OCSController.php 95.45% <50%> (-2.17%) 14 <0> (+1)
apps/dav/lib/Connector/Sabre/CorsPlugin.php 89.79% <73.33%> (-7.83%) 19 <1> (+2)
...es_sharing/lib/Controller/Share20OcsController.php 85.34% <93.54%> (ø) 193 <0> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ec002f4...96f66cf. Read the comment docs.

@PVince81

Copy link
Copy Markdown
Contributor

the code looks fine to me, I'm only worried about the STATUS_GONE addition.

@VicDeo can you evaluate the risk for this change of behavior for existing federation clients that might have expected a 200 OK response with no body instead of an error ?

@VicDeo VicDeo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's what we have from OCM spec https://rawgit.com/GEANT/OCM-API/v1/docs.html

400 Bad request due to invalid parameters, e.g. when type is invalid or missing.
401 Client cannot be authenticated as a trusted service.
403 Trusted service is not authorized to create notifications.
501 The receiver doesn't support notifications.
503 The receiver is temporary unavailable (e.g. due to planned maintenance).

As long as RequestHandlerController is used for our legacy endpoint it should be fine.

@VicDeo

VicDeo commented Feb 27, 2019

Copy link
Copy Markdown
Contributor

@PVince81 according to the implementation this notification will be resent from a background job with TTL = 20.

@phil-davis

Copy link
Copy Markdown
Contributor Author

@VicDeo the list does not have code 410.
Should we just return a 400 Bad Request?

@VicDeo VicDeo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine by me. Just one note.

use OCP\Lock\ILockingProvider;
use OCP\Lock\LockedException;
use OCP\Share;
use function Sodium\crypto_sign_ed25519_pk_to_curve25519;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@phil-davis strange things are going on here :)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

taken care of .... will merge once drone is green and take care of backporting

@PVince81

PVince81 commented Mar 4, 2019

Copy link
Copy Markdown
Contributor
--- Failed scenarios:

    /drone/src/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature:42
    /drone/src/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature:43
    /drone/src/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature:44
    /drone/src/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature:45
    /drone/src/tests/acceptance/features/apiAuth/ocsGETAuth.feature:100
    /drone/src/tests/acceptance/features/apiAuth/ocsGETAuth.feature:101
    /drone/src/tests/acceptance/features/apiAuth/ocsGETAuth.feature:148
    /drone/src/tests/acceptance/features/apiAuth/ocsGETAuth.feature:149
    /drone/src/tests/acceptance/features/apiAuth/ocsPOSTAuth.feature:48
    /drone/src/tests/acceptance/features/apiAuth/ocsPOSTAuth.feature:49
    /drone/src/tests/acceptance/features/apiAuth/ocsPOSTAuth.feature:50
    /drone/src/tests/acceptance/features/apiAuth/ocsPOSTAuth.feature:51
    /drone/src/tests/acceptance/features/apiAuth/ocsPUTAuth.feature:35
/drone/src/tests/acceptance/features/apiAuth/ocsPUTAuth.feature:36

😱

@phil-davis

Copy link
Copy Markdown
Contributor Author

@DeepDiver1975 feel free to keep rebasing... this PR and/or just cherry-pick the useful bits into #34568 or whatever. (I will keep my hands off, so we don't stomp on each other)

@DeepDiver1975

Copy link
Copy Markdown
Member

ohoh ....

  @issue-34626
  Scenario Outline: send DELETE requests to OCS endpoints as admin with wrong password                          # /drone/src/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature:34
    Given using OCS API version "<ocs_api_version>"                                                             # FeatureContext::usingOcsApiVersion()
    When the administrator sends HTTP method "DELETE" to OCS API endpoint "<endpoint>" using password "invalid" # FeatureContext::theAdministratorSendsHttpMethodToOcsApiEndpoint()
    Then the HTTP status code should be "200"                                                                   # FeatureContext::theHTTPStatusCodeShouldBe()
    And the body of the response should be empty                                                                # FeatureContext::theResponseBodyShouldBeEmpty()

    Examples:
      | ocs_api_version | endpoint                                      |
      | 1               | /apps/files_sharing/api/v1/shares/123         |
        Failed asserting that a string is empty.
      | 2               | /apps/files_sharing/api/v1/shares/123         |
        Failed asserting that a string is empty.
      | 1               | /apps/files_sharing/api/v1/shares/pending/123 |
        Failed asserting that a string is empty.
      | 2               | /apps/files_sharing/api/v1/shares/pending/123 |
        Failed asserting that a string is empty.

@phil-davis

Copy link
Copy Markdown
Contributor Author

@DeepDiver1975 there is a fail with the apiAuth suite which is "new".
I will have a look at what has happened in rebase... and sort that out.

@phil-davis phil-davis force-pushed the handle-accept-decline-share branch from 275cf43 to c8b1941 Compare March 5, 2019 10:39
@phil-davis

Copy link
Copy Markdown
Contributor Author

The code looks fine. Weird drone error and we can't see the log file. I force pushed a rebase of the last commit to make drone start fresh.

@phil-davis

Copy link
Copy Markdown
Contributor Author

Running apiAuth suite locally:

make test-acceptance-api BEHAT_SUITE=apiAuth

these scenarios fail:

Feature: auth

  Background:                                                   # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature:4
    Given user "user0" has been created with default attributes # FeatureContext::userHasBeenCreatedWithDefaultAttributes()
    And a new client token for "user0" has been generated       # FeatureContext::aNewClientTokenHasBeenGenerated()

  @issue-32068
  Scenario Outline: send DELETE requests to OCS endpoints as admin with wrong password                          # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsDELETEAuth.feature:9
    Given using OCS API version "<ocs_api_version>"                                                             # FeatureContext::usingOcsApiVersion()
    And group "group1" has been created                                                                         # FeatureContext::groupHasBeenCreated()
    When the administrator sends HTTP method "DELETE" to OCS API endpoint "<endpoint>" using password "invalid" # FeatureContext::theAdministratorSendsHttpMethodToOcsApiEndpoint()
    Then the OCS status code should be "<ocs-code>"                                                             # FeatureContext::theOCSStatusCodeShouldBe()
    And the HTTP status code should be "<http-code>"                                                            # FeatureContext::theHTTPStatusCodeShouldBe()

    Examples:
      | ocs_api_version | endpoint                                             | ocs-code | http-code |
      | 1               | /apps/files_sharing/api/v1/remote_shares/pending/123 | 997      | 401       |
      | 2               | /apps/files_sharing/api/v1/remote_shares/pending/123 | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/remote_shares/123         | 997      | 401       |
      | 2               | /apps/files_sharing/api/v1/remote_shares/123         | 997      | 401       |
      | 1               | /cloud/apps/testing                                  | 997      | 401       |
      | 2               | /cloud/apps/testing                                  | 997      | 401       |
      | 1               | /cloud/groups/group1                                 | 997      | 401       |
      | 2               | /cloud/groups/group1                                 | 997      | 401       |
      | 1               | /cloud/users/user0                                   | 997      | 401       |
      | 2               | /cloud/users/user0                                   | 997      | 401       |
      | 1               | /cloud/users/user0/groups                            | 997      | 401       |
      | 2               | /cloud/users/user0/groups                            | 997      | 401       |
      | 1               | /cloud/users/user0/subadmins                         | 997      | 401       |
      | 2               | /cloud/users/user0/subadmins                         | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/shares/123                | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | 2               | /apps/files_sharing/api/v1/shares/123                | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | 1               | /apps/files_sharing/api/v1/shares/pending/123        | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | 2               | /apps/files_sharing/api/v1/shares/pending/123        | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.

and

Feature: auth

  Background:                                                   # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsGETAuth.feature:3
    Given user "user0" has been created with default attributes # FeatureContext::userHasBeenCreatedWithDefaultAttributes()
    And a new client token for "user0" has been generated       # FeatureContext::aNewClientTokenHasBeenGenerated()

  @issue-32068
  Scenario Outline: using OCS anonymously                              # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsGETAuth.feature:8
    When a user requests "<endpoint>" with "GET" and no authentication # FeatureContext::userRequestsURLWith()
    Then the OCS status code should be "<ocs-code>"                    # FeatureContext::theOCSStatusCodeShouldBe()
    And the HTTP status code should be "<http-code>"                   # FeatureContext::theHTTPStatusCodeShouldBe()

    Examples:
      | endpoint                                                    | ocs-code | http-code |
      | /ocs/v1.php/apps/files_external/api/v1/mounts               | 997      | 401       |
      | /ocs/v2.php/apps/files_external/api/v1/mounts               | 997      | 401       |
      | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares         | 997      | 401       |
      | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares         | 997      | 401       |
      | /ocs/v1.php/apps/files_sharing/api/v1/remote_shares/pending | 997      | 401       |
      | /ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending | 997      | 401       |
      | /ocs/v1.php/cloud/apps                                      | 997      | 401       |
      | /ocs/v2.php/cloud/apps                                      | 997      | 401       |
      | /ocs/v1.php/cloud/groups                                    | 997      | 401       |
      | /ocs/v2.php/cloud/groups                                    | 997      | 401       |
      | /ocs/v1.php/cloud/users                                     | 997      | 401       |
      | /ocs/v2.php/cloud/users                                     | 997      | 401       |
      | /ocs/v1.php/config                                          | 100      | 200       |
      | /ocs/v2.php/config                                          | 200      | 200       |
      | /ocs/v1.php/privatedata/getattribute                        | 997      | 401       |
      | /ocs/v2.php/privatedata/getattribute                        | 997      | 401       |
      | /ocs/v1.php/apps/files_sharing/api/v1/shares                | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | /ocs/v2.php/apps/files_sharing/api/v1/shares                | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.

and

  Scenario Outline: using OCS as normal user with wrong password                                        # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsGETAuth.feature:60
    Given using OCS API version "<ocs_api_version>"                                                     # FeatureContext::usingOcsApiVersion()
    When user "user0" sends HTTP method "GET" to OCS API endpoint "<endpoint>" using password "invalid" # FeatureContext::userSendsToOcsApiEndpoint()
    Then the OCS status code should be "<ocs-code>"                                                     # FeatureContext::theOCSStatusCodeShouldBe()
    And the HTTP status code should be "<http-code>"                                                    # FeatureContext::theHTTPStatusCodeShouldBe()

    Examples:
      | ocs_api_version | endpoint                                         | ocs-code | http-code |
      | 1               | /apps/files_external/api/v1/mounts               | 997      | 401       |
      | 2               | /apps/files_external/api/v1/mounts               | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/remote_shares         | 997      | 401       |
      | 2               | /apps/files_sharing/api/v1/remote_shares         | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/remote_shares/pending | 997      | 401       |
      | 2               | /apps/files_sharing/api/v1/remote_shares/pending | 997      | 401       |
      | 1               | /cloud/apps                                      | 997      | 401       |
      | 2               | /cloud/apps                                      | 997      | 401       |
      | 1               | /cloud/groups                                    | 997      | 401       |
      | 2               | /cloud/groups                                    | 997      | 401       |
      | 1               | /cloud/users                                     | 997      | 401       |
      | 2               | /cloud/users                                     | 997      | 401       |
      | 1               | /config                                          | 100      | 200       |
      | 2               | /config                                          | 200      | 200       |
      | 1               | /privatedata/getattribute                        | 997      | 401       |
      | 2               | /privatedata/getattribute                        | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/shares                | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | 2               | /apps/files_sharing/api/v1/shares                | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.

and

  Scenario Outline: using OCS as admin user with wrong password                                              # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsGETAuth.feature:99
    Given using OCS API version "<ocs_api_version>"                                                          # FeatureContext::usingOcsApiVersion()
    When the administrator sends HTTP method "GET" to OCS API endpoint "<endpoint>" using password "invalid" # FeatureContext::theAdministratorSendsHttpMethodToOcsApiEndpoint()
    Then the OCS status code should be "<ocs-code>"                                                          # FeatureContext::theOCSStatusCodeShouldBe()
    And the HTTP status code should be "<http-code>"                                                         # FeatureContext::theHTTPStatusCodeShouldBe()

    Examples:
      | ocs_api_version | endpoint                                         | ocs-code | http-code |
      | 1               | /apps/files_external/api/v1/mounts               | 997      | 401       |
      | 2               | /apps/files_external/api/v1/mounts               | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/remote_shares         | 997      | 401       |
      | 2               | /apps/files_sharing/api/v1/remote_shares         | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/remote_shares/pending | 997      | 401       |
      | 2               | /apps/files_sharing/api/v1/remote_shares/pending | 997      | 401       |
      | 1               | /cloud/apps                                      | 997      | 401       |
      | 2               | /cloud/apps                                      | 997      | 401       |
      | 1               | /cloud/groups                                    | 997      | 401       |
      | 2               | /cloud/groups                                    | 997      | 401       |
      | 1               | /cloud/users                                     | 997      | 401       |
      | 2               | /cloud/users                                     | 997      | 401       |
      | 1               | /privatedata/getattribute                        | 997      | 401       |
      | 2               | /privatedata/getattribute                        | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/shares                | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | 2               | /apps/files_sharing/api/v1/shares                | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.

and

Feature: auth

  Background:                                                   # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsPOSTAuth.feature:4
    Given user "user0" has been created with default attributes # FeatureContext::userHasBeenCreatedWithDefaultAttributes()
    And a new client token for "user0" has been generated       # FeatureContext::aNewClientTokenHasBeenGenerated()

  @issue-32068
  Scenario Outline: send POST requests to OCS endpoints as normal user with wrong password                         # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsPOSTAuth.feature:9
    Given using OCS API version "<ocs_api_version>"                                                                # FeatureContext::usingOcsApiVersion()
    And user "user1" has been created with default attributes                                                      # FeatureContext::userHasBeenCreatedWithDefaultAttributes()
    When user "user0" sends HTTP method "POST" to OCS API endpoint "<endpoint>" with body using password "invalid" # FeatureContext::userSendsHTTPMethodToOcsApiEndpointWithBodyAndPassword()
      | data | doesnotmatter |
    Then the OCS status code should be "<ocs-code>"                                                                # FeatureContext::theOCSStatusCodeShouldBe()
    And the HTTP status code should be "<http-code>"                                                               # FeatureContext::theHTTPStatusCodeShouldBe()

    Examples:
      | ocs_api_version | endpoint                                             | ocs-code | http-code |
      | 1               | /apps/files_sharing/api/v1/remote_shares/pending/123 | 997      | 401       |
      | 2               | /apps/files_sharing/api/v1/remote_shares/pending/123 | 997      | 401       |
      | 1               | /cloud/apps/testing                                  | 997      | 401       |
      | 2               | /cloud/apps/testing                                  | 997      | 401       |
      | 1               | /cloud/groups                                        | 997      | 401       |
      | 2               | /cloud/groups                                        | 997      | 401       |
      | 1               | /cloud/users                                         | 997      | 401       |
      | 2               | /cloud/users                                         | 997      | 401       |
      | 1               | /cloud/users/user0/groups                            | 997      | 401       |
      | 2               | /cloud/users/user0/groups                            | 997      | 401       |
      | 1               | /cloud/users/user0/subadmins                         | 997      | 401       |
      | 2               | /cloud/users/user0/subadmins                         | 997      | 401       |
      | 1               | /person/check                                        | 101      | 200       |
      | 2               | /person/check                                        | 400      | 400       |
      | 1               | /privatedata/deleteattribute/testing/test            | 997      | 401       |
      | 2               | /privatedata/deleteattribute/testing/test            | 997      | 401       |
      | 1               | /privatedata/setattribute/testing/test               | 997      | 401       |
      | 2               | /privatedata/setattribute/testing/test               | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/shares                    | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | 2               | /apps/files_sharing/api/v1/shares                    | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | 1               | /apps/files_sharing/api/v1/shares/pending/123        | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | 2               | /apps/files_sharing/api/v1/shares/pending/123        | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.

@api @TestAlsoOnExternalUserBackend
Feature: auth

  Background:                                                   # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsPUTAuth.feature:4
    Given user "user0" has been created with default attributes # FeatureContext::userHasBeenCreatedWithDefaultAttributes()
    And a new client token for "user0" has been generated       # FeatureContext::aNewClientTokenHasBeenGenerated()

  @issue-32068
  Scenario Outline: send PUT requests to OCS endpoints as admin with wrong password                                    # /home/phil/git/owncloud/core/tests/acceptance/features/apiAuth/ocsPUTAuth.feature:9
    Given using OCS API version "<ocs_api_version>"                                                                    # FeatureContext::usingOcsApiVersion()
    When the administrator sends HTTP method "PUT" to OCS API endpoint "<endpoint>" with body using password "invalid" # FeatureContext::theAdministratorSendsHttpMethodToOcsApiWithBodyAndPassword()
      | data | doesnotmatter |
    Then the OCS status code should be "<ocs-code>"                                                                    # FeatureContext::theOCSStatusCodeShouldBe()
    And the HTTP status code should be "<http-code>"                                                                   # FeatureContext::theHTTPStatusCodeShouldBe()

    Examples:
      | ocs_api_version | endpoint                              | ocs-code | http-code |
      | 1               | /cloud/users/user0                    | 997      | 401       |
      | 2               | /cloud/users/user0                    | 997      | 401       |
      | 1               | /cloud/users/user0/disable            | 997      | 401       |
      | 2               | /cloud/users/user0/disable            | 997      | 401       |
      | 1               | /cloud/users/user0/enable             | 997      | 401       |
      | 2               | /cloud/users/user0/enable             | 997      | 401       |
      | 1               | /apps/files_sharing/api/v1/shares/123 | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.
      | 2               | /apps/files_sharing/api/v1/shares/123 | 997      | 401       |
        HTTP status code is not the expected value
        Failed asserting that 200 matches expected '401'.

It is not happy.

@phil-davis phil-davis force-pushed the handle-accept-decline-share branch from c8b1941 to c05c178 Compare March 6, 2019 07:04
@phil-davis

Copy link
Copy Markdown
Contributor Author

Rebased - we can see drone logs today, so that will give us test output to look at.

@DeepDiver1975 DeepDiver1975 force-pushed the handle-accept-decline-share branch from c05c178 to 96f66cf Compare March 6, 2019 07:20
@DeepDiver1975

Copy link
Copy Markdown
Member

Acceptance tests revealed another issue ... fixed

@phil-davis phil-davis merged commit c77bc7a into master Mar 6, 2019
@delete-merged-branch delete-merged-branch Bot deleted the handle-accept-decline-share branch March 6, 2019 08:00
@DeepDiver1975

Copy link
Copy Markdown
Member

Thx

@phil-davis

Copy link
Copy Markdown
Contributor Author

I am looking at the backport...

@individual-it

Copy link
Copy Markdown
Member

@DeepDiver1975 were #34664 and #34679 also addressed ?

@phil-davis

Copy link
Copy Markdown
Contributor Author

Backport stable10 #34786

@lock lock Bot locked as resolved and limited conversation to collaborators Mar 27, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants