Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2 test for 0.4.1RC1 #205

Closed
dpakach opened this issue Apr 30, 2019 · 1 comment
Closed

OAuth2 test for 0.4.1RC1 #205

dpakach opened this issue Apr 30, 2019 · 1 comment
Assignees
@dpakach
Labels
QA:ready QA:team

Comments

@dpakach
Copy link
Contributor

dpakach commented Apr 30, 2019

OAuth2 app Test Plan

https://github.com/owncloud/QA/blob/master/Server/Test_Plan_OAuth2.md

This aims to be a client-agnostic testplan for the OAuth2 application, centered in the actions available in the webUI and/or occ commands and their impact on ownCloud's core behavior. To test the application from a client standpoint see:

Testing functionality

Test Case Expected Result Result Related Comment
CLI commands
Enable OAuth2 app via CLI using occ app:enable oauth2 - The apps gets enabled
- Replies from the WebDAV endpoint includes a new WWW-Authenticate: Bearer... header		 ✔️
Disable OAuth2 app via CLI using occ app:disable oauth2 - The apps gets disabled
- Previously mentioned header goes away in further requests		 ✔️
Registered Clients
Default clients The default Registered clients are included among the "Settings > Admin > User Authentication" OAuth 2.0: Registered Clients ✔️ See #38 for the default values
Register new Client 64-character-length client_id and client_secret are generated together with a (optional) Client Name and a (required) Redirection URL ✔️
Remove a Client - Confirmation dialog is prompted before removal
- All client sessions opened from those clients get removed		 ✔️
Unregistered Clients
Authentication flow from an unregistered client Unsuccessful Authorization Request ⚙️ Browser displays the "Request not valid" screen.
Authorized Applications
Login with a Registered Client The Client Name is displayed amongst the "Personal > Security" OAuth 2.0 Authorized Applications ⚙️
Session Revocation (i.e. delete Authorized Application) All the sessions opened in the clients are revoked and must be re-authorized ⚙️
User Account Handling
Password change Open sessions are revoked and new credentials must be used in further login attempts ✔️
Authorization Flow
Successful Authorization Request without any session open in the browser Login form with an additional informative note about the application requesting access to ownCloud is displayed ⚙️
Successful Authorization Request with a valid session in the browser The "Authorize" screen is displayed ⚙️
Successful Authorization Request in a browser with a different user logged in The "Switch User" screen is displayed, allowing to modify the current session ⚙️ See use of the additional user parameter in: #67
Failed attempt in the authorization login form The query parameters for the Authorization Request are preserved in next attempts ⚙️ See original issue in: owncloud/core#28129
Relevant Smoke Tests
Unauthenticated Actions: Public File Drop Files get uploaded normally ✔️ See #100
@dpakach dpakach mentioned this issue Apr 30, 2019
Closed
25 tasks
@patrickjahns
Copy link
Contributor

closing as app was released

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dpakach dpakach

Labels
QA:ready QA:team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@individual-it @patrickjahns @dpakach