From 2fafc5c83a1327117bdf6e3e78b5e2bda7522aa8 Mon Sep 17 00:00:00 2001 From: Samuel Alfageme Date: Mon, 14 Aug 2017 10:36:01 +0200 Subject: [PATCH] PR https://github.com/owncloud/QA/pull/474 codereview changes. Basically, it introduces 3 new test-cases: - Switching the URL after connection, - OAuth2 multi-tenancy installations ... And modifies one: 'Basic Auth. multi-tenancy setup' [Regression]. It also adds a couple of missing col.delimiters on the tables. --- Mobile/Android/Release_2.5.0/2013-oauth2.md | 24 ++-- .../{xxxx-oauth2.md => 2013-oauth2.md} | 127 +++++++++--------- 2 files changed, 77 insertions(+), 74 deletions(-) rename Mobile/Android/Templates/Release_2.5.0/{xxxx-oauth2.md => 2013-oauth2.md} (55%) diff --git a/Mobile/Android/Release_2.5.0/2013-oauth2.md b/Mobile/Android/Release_2.5.0/2013-oauth2.md index f3a84e12..3eadebeb 100644 --- a/Mobile/Android/Release_2.5.0/2013-oauth2.md +++ b/Mobile/Android/Release_2.5.0/2013-oauth2.md @@ -11,16 +11,16 @@ Server: v10.0.2 + OAuth2 ([`ca8b8fc`](https://github.com/owncloud/oauth2/commit/ | TestID | Test Case | Steps | Expected Result | Result | Related Comment | | :----: | :-------- | :---- | :-------------- | :----: | :-------------- | |**Login View**||||||| -| 1 | Initial look | Open the app. Check both orientations | Correct view. Only URL and connect button are shown | | | -| 2 | OAuth2 URL http | 1. Set an URL of a http server with OAuth2
2. Tap on connect.
Check both orientations | Redirected to webview. No more options shown | | | -| 3 | OAuth2 URL https trusted | 1. Set an URL of a https trusted server with OAuth2
2. Tap on connect.
Check both orientations | Redirected to webview. No more options shown | | | -| 4 | OAuth2 URL https non-trusted | 1. Set an URL of a https non-trusted server with OAuth2
2. Tap on connect.
Check both orientations | Redirected to webview. No more options shown | | | -| 5 | Basic Auth http URL | 1. Set an URL of a http server without OAuth2
2. Tap on connect.
Check both orientations | Fields username and password are shown | | | -| 6 | Basic Auth https trusted URL | 1. Set an URL of a https trusted server without OAuth2
2. Tap on connect.
Check both orientations | Fields username and password are shown | | | -| 7 | Basic Auth https non-trusted URL | 1. Set an URL of a https non-trusted server without OAuth2
2. Tap on connect.
Check both orientations | Fields username and password are shown | | | -| 8 | Redirected URL | 1. Set a redirection URL
2. Tap on connect.
Check both orientations | Fields username and password are shown | | -| 9 | SAML URL | Set an SAML URL (not supported by the app)
Check both orientations | Correct error messaege | | | -| 10 | Wrong URL | Set an incorrect URL.
Check both orientations | Correct error messaege | | | +| 1 | Initial look | Open the app. Check both orientations | Correct view. Only URL and connect button are shown | P t5 m7 | | +| 2 | OAuth2 URL http | 1. Set an URL of a http server with OAuth2
2. Tap on connect.
Check both orientations | Redirected to webview. No more options shown | P t5 m7 | | +| 3 | OAuth2 URL https trusted | 1. Set an URL of a https trusted server with OAuth2
2. Tap on connect.
Check both orientations | Redirected to webview. No more options shown | P t5 m7 | | +| 4 | OAuth2 URL https non-trusted | 1. Set an URL of a https non-trusted server with OAuth2
2. Tap on connect.
Check both orientations | Redirected to webview. No more options shown | P t5 m7 | | +| 5 | Basic Auth http URL | 1. Set an URL of a http server without OAuth2
2. Tap on connect.
Check both orientations | Fields username and password are shown | P t5 m7 | | +| 6 | Basic Auth https trusted URL | 1. Set an URL of a https trusted server without OAuth2
2. Tap on connect.
Check both orientations | Fields username and password are shown | P t5 m7 | | +| 7 | Basic Auth https non-trusted URL | 1. Set an URL of a https non-trusted server without OAuth2
2. Tap on connect.
Check both orientations | Fields username and password are shown | P t5 m7 | | +| 8 | Redirected URL | 1. Set a redirection URL
2. Tap on connect.
Check both orientations | Fields username and password are shown | :construction: | Similar behavior on 301 to https://github.com/owncloud/client/issues/5954 | +| 9 | SAML URL | Set an SAML URL (not supported by the app)
Check both orientations | Correct error messaege | P t5 m7 | | +| 10 | Wrong URL | Set an incorrect URL.
Check both orientations | Correct error messaege | P t5 m7 | | | 11 | Wrong Authorizathion endpoint | 1. In customization file, change auth endpoint for a incorrect one
2. Enter OAuth2 URL and connect.
Check both orientations | Correct error handling | | | |**Branding**||||||| | 12 | OAuth2 URL hardcoded | Open the app.
Check both orientations | Correct view | | | @@ -35,8 +35,8 @@ Server: v10.0.2 + OAuth2 ([`ca8b8fc`](https://github.com/owncloud/oauth2/commit/ | 20 | Wrong redirection url | 1. In customization file, change redirection url for a incorrect one
2. Enter OAuth2 URL and connect.
3. Input correct credentials
Check both orientations | Correct error handling | | | | 21 | Wrong token endpoint | 1. In customization file, change token endpoint for a incorrect one
2. Enter OAuth2 URL and connect.
3. Input correct credentials
Check both orientations | Correct error handling | | | |**OAuth2 internal flow**||||||| -| 22 | Auth request | With mitmproxy, check the OAuth2 GET authorization code request | The URL contains the parameters: response_type=code, redirect_uri=\, client_id=\ | | | -| 23 | Token request | With mitmproxy, check the OAuth2 POST token request | The POST request contains in the body the parameters: grant_type=authorization_code, code=\, redirect_uri=\, client_id=\.
Header Content Type = application/x-www-form-urlencoded.
Header www-authorization = Basic + client id + : + secretid | | | +| 22 | Auth request | With mitmproxy, check the OAuth2 GET authorization code request | The URL contains the parameters: response_type=code, redirect_uri=\, client_id=\ | P t5 m7 | | +| 23 | Token request | With mitmproxy, check the OAuth2 POST token request | The POST request contains in the body the parameters: grant_type=authorization_code, code=\, redirect_uri=\, client_id=\.
Header Content Type = application/x-www-form-urlencoded.
Header www-authorization = Basic + client id + : + secretid | P t5 m7 | | | 24 | Token refresh | With mitmproxy, check the OAuth2 POST token request | The POST request contains in the body the parameters: grant_type=authorization_code, code=\, redirect_uri=\, client_id=\.
Header Content Type = application/x-www-form-urlencoded.
Header www-authorization = Basic | | | |**OAuth2 session**||||||| | 25 | Create folder | With OAuth2 session active, create folder | Success | | | diff --git a/Mobile/Android/Templates/Release_2.5.0/xxxx-oauth2.md b/Mobile/Android/Templates/Release_2.5.0/2013-oauth2.md similarity index 55% rename from Mobile/Android/Templates/Release_2.5.0/xxxx-oauth2.md rename to Mobile/Android/Templates/Release_2.5.0/2013-oauth2.md index f06521d8..f65b9893 100644 --- a/Mobile/Android/Templates/Release_2.5.0/xxxx-oauth2.md +++ b/Mobile/Android/Templates/Release_2.5.0/2013-oauth2.md @@ -1,6 +1,6 @@ ### OAuth2 -#### Pr: https://github.com/owncloud/android/pull/XXX +#### Pr: https://github.com/owncloud/android/pull/2013 --- @@ -15,74 +15,77 @@ | 5 | Basic Auth http URL | 1. Set an URL of a http server without OAuth2
2. Tap on connect.
Check both orientations | Fields username and password are shown | | | | 6 | Basic Auth https trusted URL | 1. Set an URL of a https trusted server without OAuth2
2. Tap on connect.
Check both orientations | Fields username and password are shown | | | | 7 | Basic Auth https non-trusted URL | 1. Set an URL of a https non-trusted server without OAuth2
2. Tap on connect.
Check both orientations | Fields username and password are shown | | | -| 8 | Redirected URL | 1. Set a redirection URL
2. Tap on connect.
Check both orientations | Fields username and password are shown | | -| 9 | SAML URL | Set an SAML URL (not supported by the app)
Check both orientations | Correct error messaege | | | -| 10 | Wrong URL | Set an incorrect URL.
Check both orientations | Correct error messaege | | | -| 11 | Wrong Authorizathion endpoint | 1. In customization file, change auth endpoint for a incorrect one
2. Enter OAuth2 URL and connect.
Check both orientations | Correct error handling | | | +| 8 | Swith a Basic Auth URL for an OAuth2 URL after the connection check | 1. Set an URL of a server with OAuth2
2. Tap on connect.
3. Edit the URL to point to a server without OAuth2 support
Check both orientations |Redirected to webview. No more options shown | | | +| 9 | Switch an OAuth2 Auth URL for a Basic Auth URL after the connection check | 1. Set an URL of a server without OAuth2
2. Tap on connect.
3. Edit the URL to point to a server with OAuth2 support
Check both orientations | Fields username and password are shown | | | +| 10 | Redirected URL on Basic Auth. server | 1. Set URL to a multi-tenancy installation
2. Tap on connect.
Check both orientations | Fields username and password are shown
Login gets the user redirected to the right instance | | | +| 11 | Redirected URL on OAuth2 server | 1. Set URL to an OAuth2 multi-tenancy installation
2. Tap on connect.
Check both orientations | Webview displayed. No more options shown
Login gets the user redirected to the right instance | | | +| 12 | SAML URL | Set an SAML URL (not supported by the app)
Check both orientations | Correct error messaege | | | +| 13 | Wrong URL | Set an incorrect URL.
Check both orientations | Correct error messaege | | | +| 14 | Wrong Authorizathion endpoint | 1. In customization file, change auth endpoint for a incorrect one
2. Enter OAuth2 URL and connect.
Check both orientations | Correct error handling | | | |**Branding**||||||| -| 12 | OAuth2 URL hardcoded | Open the app.
Check both orientations | Correct view | | | -| 13 | OAuth2 URL hardcoded and hidden | Open the app.
Check both orientations | Correct view | | | -| 14 | Help link hidden | Open the app.
Check both orientations | Correct view | | +| 15 | OAuth2 URL hardcoded | Open the app.
Check both orientations | Correct view | | | +| 16 | OAuth2 URL hardcoded and hidden | Open the app.
Check both orientations | Correct view | | | +| 17 | Help link hidden | Open the app.
Check both orientations | Correct view | | | |**OAuth2 UI flow**||||||| -| 15 | Webview | Enter OAuth2 URL and connect.
Check both orientations | Correct webview | | | -| 16 | Correct credentials | 1. Enter OAuth2 URL and connect.
2. Enter correct credentials.
Check both orientations | 1. Webview is opened
2. Credentials are checked and webview is closed | | | -| 17 | Wrong credentials | 1. Enter OAuth2 URL and connect.
2. Enter wrong credentials.
Check both orientations | 1. Webview is opened
2. Webview can be closed | | | -| 18 | Wrong client id | 1. In customization file, change client id for a incorrect one
2. Enter OAuth2 URL and connect.
Check both orientations | Correct error handling | | | -| 19 | Wrong secret id | 1. In customization file, change secret id for a incorrect one
2. Enter OAuth2 URL and connect.
Check both orientations | Correct error handling | | | -| 20 | Wrong redirection url | 1. In customization file, change redirection url for a incorrect one
2. Enter OAuth2 URL and connect.
3. Input correct credentials
Check both orientations | Correct error handling | | | -| 21 | Wrong token endpoint | 1. In customization file, change token endpoint for a incorrect one
2. Enter OAuth2 URL and connect.
3. Input correct credentials
Check both orientations | Correct error handling | | | +| 18 | Webview | Enter OAuth2 URL and connect.
Check both orientations | Correct webview | | | +| 19 | Correct credentials | 1. Enter OAuth2 URL and connect.
2. Enter correct credentials.
Check both orientations | 1. Webview is opened
2. Credentials are checked and webview is closed | | | +| 10 | Wrong credentials | 1. Enter OAuth2 URL and connect.
2. Enter wrong credentials.
Check both orientations | 1. Webview is opened
2. Webview can be closed | | | +| 21 | Wrong client id | 1. In customization file, change client id for a incorrect one
2. Enter OAuth2 URL and connect.
Check both orientations | Correct error handling | | | +| 22 | Wrong secret id | 1. In customization file, change secret id for a incorrect one
2. Enter OAuth2 URL and connect.
Check both orientations | Correct error handling | | | +| 23 | Wrong redirection url | 1. In customization file, change redirection url for a incorrect one
2. Enter OAuth2 URL and connect.
3. Input correct credentials
Check both orientations | Correct error handling | | | +| 24 | Wrong token endpoint | 1. In customization file, change token endpoint for a incorrect one
2. Enter OAuth2 URL and connect.
3. Input correct credentials
Check both orientations | Correct error handling | | | |**OAuth2 internal flow**||||||| -| 22 | Auth request | With mitmproxy, check the OAuth2 GET authorization code request | The URL contains the parameters: response_type=code, redirect_uri=\, client_id=\ | | | -| 23 | Token request | With mitmproxy, check the OAuth2 POST token request | The POST request contains in the body the parameters: grant_type=authorization_code, code=\, redirect_uri=\, client_id=\.
Header Content Type = application/x-www-form-urlencoded.
Header www-authorization = Basic + client id + : + secretid | | | -| 24 | Token refresh | With mitmproxy, check the OAuth2 POST token request | The POST request contains in the body the parameters: grant_type=authorization_code, code=\, redirect_uri=\, client_id=\.
Header Content Type = application/x-www-form-urlencoded.
Header www-authorization = Basic | | | +| 25 | Auth request | With mitmproxy, check the OAuth2 GET authorization code request | The URL contains the parameters: response_type=code, redirect_uri=\, client_id=\ | | | +| 26 | Token request | With mitmproxy, check the OAuth2 POST token request | The POST request contains in the body the parameters: grant_type=authorization_code, code=\, redirect_uri=\, client_id=\.
Header Content Type = application/x-www-form-urlencoded.
Header www-authorization = Basic + client id + : + secretid | | | +| 27 | Token refresh | With mitmproxy, check the OAuth2 POST token request | The POST request contains in the body the parameters: grant_type=authorization_code, code=\, redirect_uri=\, client_id=\.
Header Content Type = application/x-www-form-urlencoded.
Header www-authorization = Basic | | | |**OAuth2 session**||||||| -| 25 | Create folder | With OAuth2 session active, create folder | Success | | | -| 26 | Upload files | With OAuth2 session active, upload files | Success | | | -| 27 | Download files | With OAuth2 session active, upload files | Success | | | -| 28 | Remove files | With OAuth2 session active, remove files | Success | | | -| 29 | Rename files | With OAuth2 session active, rename files | Success | | | -| 30 | Av. offline files | With OAuth2 session active,set files as av.offline | Success | | | -| 31 | Instant uploads | With OAuth2 session active, upload files | Success | | | -| 32 | Share with users | With OAuth2 session active, share with users | Success | | | -| 33 | Share public| With OAuth2 session active, share public | Success | | | -| 34 | Open from | With OAuth2 session active, open from an external app | Success | | | -| 35 | Sync account | With OAuth2 session active, sync the whole account | Success | | | -| 36 | Share with oC | With OAuth2 session active, share content from an external app | Success | | | -| 37 | Send text | With OAuth2 session active, send text from an external app to oC | Success | | | -| 38 | Sync account from settings | With OAuth2 session active, sync the whole account from device settings | Success | | | +| 28 | Create folder | With OAuth2 session active, create folder | Success | | | +| 29 | Upload files | With OAuth2 session active, upload files | Success | | | +| 30 | Download files | With OAuth2 session active, upload files | Success | | | +| 31 | Remove files | With OAuth2 session active, remove files | Success | | | +| 32 | Rename files | With OAuth2 session active, rename files | Success | | | +| 33 | Av. offline files | With OAuth2 session active,set files as av.offline | Success | | | +| 34 | Instant uploads | With OAuth2 session active, upload files | Success | | | +| 35 | Share with users | With OAuth2 session active, share with users | Success | | | +| 36 | Share public| With OAuth2 session active, share public | Success | | | +| 37 | Open from | With OAuth2 session active, open from an external app | Success | | | +| 38 | Sync account | With OAuth2 session active, sync the whole account | Success | | | +| 39 | Share with oC | With OAuth2 session active, share content from an external app | Success | | | +| 40 | Send text | With OAuth2 session active, send text from an external app to oC | Success | | | +| 41 | Sync account from settings | With OAuth2 session active, sync the whole account from device settings | Success | | | |**Session ends/refresh**|||||| -| 39 | Session Expired | 1. Wait until token is refreshed
2. Perform actions (download, upload, delete, move, remove) | New token is used in the requests and the action is performed| | | -| 40 | Session Expired - external | 1. Wait until token is refreshed out of the app
2. From an external app, send content once the token is expired | New token is used in the requests and the action is performed| | | +| 42 | Session Expired | 1. Wait until token is refreshed
2. Perform actions (download, upload, delete, move, remove) | New token is used in the requests and the action is performed| | | +| 43 | Session Expired - external | 1. Wait until token is refreshed out of the app
2. From an external app, send content once the token is expired | New token is used in the requests and the action is performed| | | |**Multiaccount**||||||| -| 41 | Several OAuth2 same server | Attach several OAuth2 accounts of the same server on the same device. Check correct expirations. | All correct | | | -| 42 | Several OAuth2 different server | Attach several OAuth2 accounts of different servers on the same device | All correct | | | -| 43 | Several OAuth2 expiration | 1. Attach several OAuth2 accounts of different servers on the same device
2. Wait until one session expires. | Expired session is refresed. The other sessions keep alive | | | -| 44 | OAuth2 + basic | Attach an OAuth2 and a basic auth accounts to the same device | All correct | | | -| 45 | OAuth2 + SAML | Attach an OAuth2 and a SAML auth accounts to the same device | Not posible | | | +| 44 | Several OAuth2 same server | Attach several OAuth2 accounts of the same server on the same device. Check correct expirations. | All correct | | | +| 45 | Several OAuth2 different server | Attach several OAuth2 accounts of different servers on the same device | All correct | | | +| 46 | Several OAuth2 expiration | 1. Attach several OAuth2 accounts of different servers on the same device
2. Wait until one session expires. | Expired session is refresed. The other sessions keep alive | | | +| 47 | OAuth2 + basic | Attach an OAuth2 and a basic auth accounts to the same device | All correct | | | +| 48 | OAuth2 + SAML | Attach an OAuth2 and a SAML auth accounts to the same device | Not posible | | | |**External actions**||||||| -| 46 | Refresh Token revoked | 1. After login, remove refresh token in DB
2. Wait until session expires| Session is not refreshed. User redirected to login view | | | -| 47 | Token revoked | After login, remove token | Session ends. User redirected to login view | | | -| 48 | Change credentials | 1. In webUI, change password
2. In app, after login, in settings view, go to edit credentials and enter new credentials | New token is received | | | -| 49 | Edit credentials with other account | 1. In app, after login, in settings view, go to edit credentials and enter other user credentials | Account updated / Error shown | | | -| 50 | User deleted | 1. In webUI, remove user | Session ends. User redirected to login view and can not login anymore | | | -| 51 | Manage Space | In device Settings, clear cache and manage space of the app | Session does not end | | | -| 52 | Remove client | In webUI, remove client | Not posible to authenticate anymore | | | -| 53 | Remove OAuth2 app | In webUI, disable app | basic auth? | | | +| 49 | Refresh Token revoked | 1. After login, remove refresh token in DB
2. Wait until session expires| Session is not refreshed. User redirected to login view | | | +| 50 | Token revoked | After login, remove token | Session ends. User redirected to login view | | | +| 51 | Change credentials | 1. In webUI, change password
2. In app, after login, in settings view, go to edit credentials and enter new credentials | New token is received | | | +| 52 | Edit credentials with other account | 1. In app, after login, in settings view, go to edit credentials and enter other user credentials | Account updated / Error shown | | | +| 53 | User deleted | 1. In webUI, remove user | Session ends. User redirected to login view and can not login anymore | | | +| 54 | Manage Space | In device Settings, clear cache and manage space of the app | Session does not end | | | +| 55 | Remove client | In webUI, remove client | Not posible to authenticate anymore | | | +| 56 | Remove OAuth2 app | In webUI, disable app | basic auth? | | | |**Errors**||||||| -| 54 | No internet connection | 1. Disable internet connection in device
2. Try to login in OAuth2 | Correct error | | | -| 55 | No server connection | 1. Switch server off in device
2. Try to login in OAuth2 | Correct error | | | -| 56 | Maintenance mode login | 1. Enable maintenance mode
2. Try to login in OAuth2 | Correct error | | | -| 57 | Firewall mode login | Enable a firewall rule to ban the login
2. Try to login in OAuth2 | Correct error | | | +| 57 | No internet connection | 1. Disable internet connection in device
2. Try to login in OAuth2 | Correct error | | | +| 58 | No server connection | 1. Switch server off in device
2. Try to login in OAuth2 | Correct error | | | +| 59 | Maintenance mode login | 1. Enable maintenance mode
2. Try to login in OAuth2 | Correct error | | | +| 60 | Firewall mode login | Enable a firewall rule to ban the login
2. Try to login in OAuth2 | Correct error | | | |**Regression**||||||| -| 58 | Basic Auth server | Open a session in a basic auth server and perform some actions (create folder, update, download, share...) | Success | | | -| 59 | SAML server | Open a session in a SAML server and perform some actions (create folder, update, download, share...) | Success | | | -| 60 | SAML expiration | Open a session in a SAML server and wait until it expires | Redirected to iDP credentials view | | | -| 61 | Redirected | Open a session in a redirected server and perform some actions (create folder, update, download, share...) | Success | | | -| 62 | Redirected with subfolder| Open a session in a redirected server with subfolder and perform some actions (create folder, update, download, share...) | Success | | | -| 63 | VideoStreaming | Stream a video in a OAuth2 server | Video is streamed | | | +| 61 | Basic Auth server | Open a session in a basic auth server and perform some actions (create folder, update, download, share...) | Success | | | +| 62 | SAML server | Open a session in a SAML server and perform some actions (create folder, update, download, share...) | Success | | | +| 63 | SAML expiration | Open a session in a SAML server and wait until it expires | Redirected to iDP credentials view | | | +| 64 | Redirected | Open a session in a redirected server and perform some actions (create folder, update, download, share...) | Success | | | +| 65 | Redirected with subfolder| Open a session in a redirected server with subfolder and perform some actions (create folder, update, download, share...) | Success | | | +| 66 | VideoStreaming | Stream a video in a OAuth2 server | Video is streamed | | | |**Upgrade**||||||| -| 64 | Upgrade app from older version with basic | 1. Install an older version (basic auth)
2. Upgrade to this one without changes in server| Correct upgrade | | | -| 65 | Upgrade auth method server (to OAuth2)| 1. Login in a server without OAuth2
2. Enable OAuth2 in server
3. Login with OAuth2 | 1. Correct login
2. Correct login | | | -| 66 | Upgrade auth method server (to basic)| 1. Login in a server with OAuth2
2. Disable OAuth2 in server
3. Login with basic | 1. Correct login
2. Correct login | | | -| 67 | Migrate basic to OAuth2| 1. Login in a basic older server
2. Upgrade by enabling OAuth2 in server | Migration OK. Users access to the account without re-login | | | -| 68 | Migrate OAuth2 to basic| 1. Login in a OAuth2 server
2. Upgrade by disabling OAuth2 in server | Migration OK. Users access to the account without re-login | | | \ No newline at end of file +| 67 | Upgrade app from older version with basic | 1. Install an older version (basic auth)
2. Upgrade to this one without changes in server| Correct upgrade | | | +| 68 | Upgrade auth method server (to OAuth2)| 1. Login in a server without OAuth2
2. Enable OAuth2 in server
3. Login with OAuth2 | 1. Correct login
2. Correct login | | | +| 69 | Upgrade auth method server (to basic)| 1. Login in a server with OAuth2
2. Disable OAuth2 in server
3. Login with basic | 1. Correct login
2. Correct login | | | +| 70 | Migrate basic to OAuth2| 1. Login in a basic older server
2. Upgrade by enabling OAuth2 in server | Migration OK. Users access to the account without re-login | | | +| 71 | Migrate OAuth2 to basic| 1. Login in a OAuth2 server
2. Upgrade by disabling OAuth2 in server | Migration OK. Users access to the account without re-login | | | \ No newline at end of file