mirror of
https://github.com/nextcloud/server.git
synced 2026-06-12 18:21:40 -04:00
Add integration tests for transferring files of a user with a risky name
The files:transfer-ownership performs a sanitization of users with "risky" display names (including characters like "\" or "/"). In order to allow (escaped) double quotes in the display name the regular expression used in the "user XXX with displayname YYY exists" step is not the "standard" one, "([^"]*)". Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This commit is contained in:
Daniel Calviño Sánchez
parent
6eac414740
commit
dfcc14c752
3 changed files with 61 additions and 1 deletions
|
|
@ -25,6 +25,7 @@
|
|||
require __DIR__ . '/../../vendor/autoload.php';
|
||||
|
||||
use Behat\Behat\Hook\Scope\BeforeScenarioScope;
|
||||
use PHPUnit\Framework\Assert;
|
||||
|
||||
class CommandLineContext implements \Behat\Behat\Context\Context {
|
||||
use CommandLine;
|
||||
|
|
@ -127,4 +128,11 @@ class CommandLineContext implements \Behat\Behat\Context\Context {
|
|||
$davPath = rtrim($davPath, '/') . $this->lastTransferPath;
|
||||
$this->featureContext->usingDavPath($davPath);
|
||||
}
|
||||
|
||||
/**
|
||||
* @Then /^transfer folder name contains "([^"]+)"$/
|
||||
*/
|
||||
public function transferFolderNameContains($text) {
|
||||
Assert::assertContains($text, $this->lastTransferPath);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -68,6 +68,23 @@ trait Provisioning {
|
|||
Assert::assertEquals(200, $this->response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given /^user "([^"]*)" with displayname "((?:[^"]|\\")*)" exists$/
|
||||
* @param string $user
|
||||
*/
|
||||
public function assureUserWithDisplaynameExists($user, $displayname) {
|
||||
try {
|
||||
$this->userExists($user);
|
||||
} catch (\GuzzleHttp\Exception\ClientException $ex) {
|
||||
$previous_user = $this->currentUser;
|
||||
$this->currentUser = "admin";
|
||||
$this->creatingTheUser($user, $displayname);
|
||||
$this->currentUser = $previous_user;
|
||||
}
|
||||
$this->userExists($user);
|
||||
Assert::assertEquals(200, $this->response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @Given /^user "([^"]*)" does not exist$/
|
||||
* @param string $user
|
||||
|
|
@ -92,7 +109,7 @@ trait Provisioning {
|
|||
}
|
||||
}
|
||||
|
||||
public function creatingTheUser($user) {
|
||||
public function creatingTheUser($user, $displayname = '') {
|
||||
$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/cloud/users";
|
||||
$client = new Client();
|
||||
$options = [];
|
||||
|
|
@ -104,6 +121,9 @@ trait Provisioning {
|
|||
'userid' => $user,
|
||||
'password' => '123456'
|
||||
];
|
||||
if ($displayname !== '') {
|
||||
$options['form_params']['displayName'] = $displayname;
|
||||
}
|
||||
$options['headers'] = [
|
||||
'OCS-APIREQUEST' => 'true',
|
||||
];
|
||||
|
|
|
|||
|
|
@ -29,6 +29,22 @@ Feature: transfer-ownership
|
|||
And using received transfer folder of "user1" as dav path
|
||||
And as "user1" the folder "/test" exists
|
||||
|
||||
Scenario: transfering ownership from user with risky display name
|
||||
Given user "user0" with displayname "user0 \"risky\"? ヂspḷay 'na|\/|e':.#" exists
|
||||
And user "user1" exists
|
||||
And User "user0" created a folder "/test"
|
||||
And User "user0" uploads file "data/textfile.txt" to "/test/somefile.txt"
|
||||
When transfering ownership from "user0" to "user1"
|
||||
And the command was successful
|
||||
And As an "user1"
|
||||
And using received transfer folder of "user1" as dav path
|
||||
Then Downloaded content when downloading file "/test/somefile.txt" with range "bytes=0-6" should be "This is"
|
||||
And transfer folder name contains "transferred from user0 -risky- ヂspḷay -na|-|e- on"
|
||||
And using old dav path
|
||||
And as "user0" the folder "/test" does not exist
|
||||
And using received transfer folder of "user1" as dav path
|
||||
And as "user1" the folder "/test" exists
|
||||
|
||||
Scenario: transfering ownership of file shares
|
||||
Given user "user0" exists
|
||||
And user "user1" exists
|
||||
|
|
@ -319,6 +335,22 @@ Feature: transfer-ownership
|
|||
And using received transfer folder of "user1" as dav path
|
||||
And as "user1" the folder "/test" exists
|
||||
|
||||
Scenario: transfering ownership from user with risky display name
|
||||
Given user "user0" with displayname "user0 \"risky\"? ヂspḷay 'na|\/|e':.#" exists
|
||||
And user "user1" exists
|
||||
And User "user0" created a folder "/test"
|
||||
And User "user0" uploads file "data/textfile.txt" to "/test/somefile.txt"
|
||||
When transfering ownership of path "test" from "user0" to "user1"
|
||||
And the command was successful
|
||||
And As an "user1"
|
||||
And using received transfer folder of "user1" as dav path
|
||||
Then Downloaded content when downloading file "/test/somefile.txt" with range "bytes=0-6" should be "This is"
|
||||
And transfer folder name contains "transferred from user0 -risky- ヂspḷay -na|-|e- on"
|
||||
And using old dav path
|
||||
And as "user0" the folder "/test" does not exist
|
||||
And using received transfer folder of "user1" as dav path
|
||||
And as "user1" the folder "/test" exists
|
||||
|
||||
Scenario: transfering ownership of file shares
|
||||
Given user "user0" exists
|
||||
And user "user1" exists
|
||||
|
|
|
|||
Loading…
Reference in a new issue