Tests for accessing webDav endpoints with invalid authentication

tests/TestHelpers/WebDavHelper.php

@@ -305,7 +305,6 @@ public static function makeDavRequest(
 				}
 			}
 		}
-
 		return HttpRequestHelper::sendRequest(
 			$fullUrl, $method, $user, $password, $headers, $body, $config, null,
 			$stream, $timeout, $client

tests/acceptance/features/apiAuthWebDav/webDavMKCOLAuth.feature

@@ -0,0 +1,40 @@
+@api @TestAlsoOnExternalUserBackend
+Feature: get file info using MKCOL
+
+  Background:
+    Given user "user0" has been created with default attributes and skeleton files
+    And user "user1" has been created with default attributes and without skeleton files
+
+  Scenario: send MKCOL requests to webDav endpoints as normal user with wrong password
+    When user "user0" requests these endpoints with "MKCOL" including body using password "invalid" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |
+
+  Scenario: send MKCOL requests to webDav endpoints as normal user with no password
+    When user "user0" requests these endpoints with "MKCOL" including body using password "" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |
+
+  Scenario: send MKCOL requests to another user's webDav endpoints as normal user
+    When user "user1" requests these endpoints with "MKCOL" including body then the status codes should be as listed
+      | endpoint                                      | http-code | body |
+      | /remote.php/dav/files/user0/textfile0.txt     | 403       |      |
+      | /remote.php/dav/files/user0/PARENT            | 403       |      |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 409       |      |
+
+  Scenario: send MKCOL requests to webDav endpoints using invalid username but correct password
+    When user "usero" requests these endpoints with "MKCOL" including body using the password of user "user0" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |

tests/acceptance/features/apiAuthWebDav/webDavPOSTAuth.feature

@@ -0,0 +1,40 @@
+@api @TestAlsoOnExternalUserBackend
+Feature: get file info using POST
+
+  Background:
+    Given user "user0" has been created with default attributes and skeleton files
+    And user "user1" has been created with default attributes and without skeleton files
+
+  Scenario: send POST requests to webDav endpoints as normal user with wrong password
+    When user "user0" requests these endpoints with "POST" including body using password "invalid" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |
+
+  Scenario: send POST requests to webDav endpoints as normal user with no password
+    When user "user0" requests these endpoints with "POST" including body using password "" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |
+
+  Scenario: send POST requests to another user's webDav endpoints as normal user
+    When user "user1" requests these endpoints with "POST" including body then the status codes should be as listed
+      | endpoint                                       | http-code | body          |
+      | /remote.php/dav/files/user0/textfile1.txt      | 404       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENTS            | 404       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENTS/parent.txt | 404       | doesnotmatter |
+
+  Scenario: send POST requests to webDav endpoints using invalid username but correct password
+    When user "usero" requests these endpoints with "POST" including body using the password of user "user0" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |

tests/acceptance/features/apiAuthWebDav/webDavPROPFINDAuth.feature

@@ -0,0 +1,40 @@
+@api @TestAlsoOnExternalUserBackend
+Feature: get file info using PROPFIND
+
+  Background:
+    Given user "user0" has been created with default attributes and skeleton files
+    And user "user1" has been created with default attributes and without skeleton files
+
+  Scenario: send PROPFIND requests to webDav endpoints as normal user with wrong password
+    When user "user0" requests these endpoints with "PROPFIND" including body using password "invalid" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |
+
+  Scenario: send PROPFIND requests to webDav endpoints as normal user with no password
+    When user "user0" requests these endpoints with "PROPFIND" including body using password "" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |
+
+  Scenario: send PROPFIND requests to another user's webDav endpoints as normal user
+    When user "user1" requests these endpoints with "PROPFIND" including body then the status codes should be as listed
+      | endpoint                                      | http-code | body                                                                                                                           |
+      | /remote.php/dav/files/user0/textfile0.txt     | 404       | <?xml version="1.0"?><d:propfind  xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns"><d:prop><d:getetag /></d:prop></d:propfind> |
+      | /remote.php/dav/files/user0/PARENT            | 404       | <?xml version="1.0"?><d:propfind  xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns"><d:prop><d:getetag /></d:prop></d:propfind> |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 404       | <?xml version="1.0"?><d:propfind  xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns"><d:prop><d:getetag /></d:prop></d:propfind> |
+
+  Scenario: send PROPFIND requests to webDav endpoints using invalid username but correct password
+    When user "usero" requests these endpoints with "PROPFIND" including body using the password of user "user0" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |

tests/acceptance/features/apiAuthWebDav/webDavPUTAuth.feature

@@ -0,0 +1,40 @@
+@api @TestAlsoOnExternalUserBackend
+Feature: get file info using PUT
+
+  Background:
+    Given user "user0" has been created with default attributes and skeleton files
+    And user "user1" has been created with default attributes and without skeleton files
+
+  Scenario: send PUT requests to webDav endpoints as normal user with wrong password
+    When user "user0" requests these endpoints with "PUT" including body using password "invalid" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |
+
+  Scenario: send PUT requests to webDav endpoints as normal user with no password
+    When user "user0" requests these endpoints with "PUT" including body using password "" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |
+
+  Scenario: send PUT requests to another user's webDav endpoints as normal user
+    When user "user1" requests these endpoints with "PUT" including body then the status codes should be as listed
+      | endpoint                                       | http-code | body          |
+      | /remote.php/dav/files/user0/textfile1.txt      | 403       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENTS            | 403       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENTS/parent.txt | 404       | doesnotmatter |
+
+  Scenario: send PUT requests to webDav endpoints using invalid username but correct password
+    When user "usero" requests these endpoints with "PUT" including body using the password of user "user0" then the status codes should be as listed
+      | endpoint                                      | http-code | body          |
+      | /remote.php/webdav/textfile0.txt              | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/textfile0.txt     | 401       | doesnotmatter |
+      | /remote.php/webdav/PARENT                     | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT            | 401       | doesnotmatter |
+      | /remote.php/dav/files/user0/PARENT/parent.txt | 401       | doesnotmatter |