diff --git a/tests/acceptance/bootstrap/AuthAppContext.php b/tests/acceptance/bootstrap/AuthAppContext.php index 07674cd094b..d3dfa6b871d 100644 --- a/tests/acceptance/bootstrap/AuthAppContext.php +++ b/tests/acceptance/bootstrap/AuthAppContext.php @@ -232,7 +232,7 @@ class AuthAppContext implements Context { $this->featureContext->getPasswordForUser($user), [ "expiry" => $expiration, - "userId" => $this->featureContext->getUserIdByUserName($impersonatedUser) + "userID" => $this->featureContext->getUserIdByUserName($impersonatedUser) ], ) ); diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index 3fb76ffa8f2..7bdec076ea1 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -338,10 +338,5 @@ The expected failures in this file are from features in the owncloud/ocis repo. #### [Delete user containing + in username returns 404 but user gets deleted](https://github.com/owncloud/ocis/issues/11027) - [apiGraphUserGroup/deleteUser.feature:28](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraphUserGroup/deleteUser.feature#L28) -#### [creating auth-app token with user-id creates token for the wrong user](https://github.com/owncloud/ocis/issues/11063) -- [apiAuthApp/token.feature:170](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAuthApp/token.feature#L170) -- [apiAuthApp/token.feature:265](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAuthApp/token.feature#L265) -- [apiAuthApp/token.feature:272](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAuthApp/token.feature#L272) - Note: always have an empty line at the end of this file. The bash script that processes this file requires that the last line has a newline on the end. diff --git a/tests/acceptance/features/apiAuthApp/token.feature b/tests/acceptance/features/apiAuthApp/token.feature index c4239b3c13f..21673b11b09 100644 --- a/tests/acceptance/features/apiAuthApp/token.feature +++ b/tests/acceptance/features/apiAuthApp/token.feature @@ -178,7 +178,7 @@ Feature: create auth-app token "required": ["token","expiration_date","created_date","label"], "properties": { "token": { "pattern": "^[a-zA-Z0-9]{16}$" }, - "label": { "const": "Generated via API" } + "label": { "const": "Generated via Impersonation API" } } } """ @@ -205,7 +205,7 @@ Feature: create auth-app token "pattern": "^\\$2a\\$11\\$[A-Za-z0-9./]{53}$" }, "label": { - "const": "Generated via API" + "const": "Generated via Impersonation API" } } } @@ -215,51 +215,10 @@ Feature: create auth-app token """ - Scenario: user creates auth-app token with user-id + Scenario: non-admin user tries to create own auth-app token with user-id using impersonation API + Given the config "AUTH_APP_ENABLE_IMPERSONATION" has been set to "true" When user "Alice" creates app token with user-id for user "Alice" with expiration time "72h" using the auth-app API - Then the HTTP status code should be "200" - And the JSON data of the response should match - """ - { - "type": "object", - "required": ["token","expiration_date","created_date","label"], - "properties": { - "token": { "pattern": "^[a-zA-Z0-9]{16}$" }, - "label": { "const": "Generated via API" } - } - } - """ - When user "Alice" lists all created tokens using the auth-app API - Then the HTTP status code should be "200" - And the JSON data of the response should match - """ - { - "type": "array", - "minItems": 1, - "maxItems": 1, - "items": { - "oneOf": [ - { - "type": "object", - "required": [ - "token", - "expiration_date", - "created_date", - "label" - ], - "properties": { - "token": { - "pattern": "^\\$2a\\$11\\$[A-Za-z0-9./]{53}$" - }, - "label": { - "const": "Generated via API" - } - } - } - ] - } - } - """ + Then the HTTP status code should be "403" @env-config @issue-11063 Scenario: non-admin user tries to creates auth-app token with user-id for an another user