core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon owncloud

Add API test scenarios for non-existant public links

Open phil-davis opened this issue 2 years ago • 0 comments

See issue https://github.com/owncloud/ocis/issues/4442

The existing tests create public links and test that the access rights to them work correctly - good.

But we also want to test what happens when some just "makes up" a random "token" value, and tries to use that on the end of the various public link endpoints. HTTP status 404 should be returned.

See WebDavHelper.php getDavPath for some ideas of paths to try:

		if ($type === "public-files" || $type === "public-files-old") {
			return "public.php/webdav/";
		}
		if ($type === "public-files-new") {
			return "remote.php/dav/public-files/$user/";
		}

The linked issue uses the /s/token path.

A feature file can probably be added to the apiAuth suite. It can hard-code some made-up "token" values that will not exist.

There is a step:

    When a user requests "/remote.php/webdav" with "PROPFIND" and no authentication

That is probably a step that will be useful - we can write the actual URLs there, like /public.php/webdav/Lv742zlpi1K28C or /s/Lv742zlpi1K28C and use a few request methods like GET, PUT, PROPFIND to check that they all return 404 "not found".

phil-davis avatar Aug 23 '22 13:08 phil-davis