Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
Browse Source

chore(federation): add trusted server auto accept integration tests 

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
pull/49973/head
skjnldsv 10 months ago
parent
f6f66d74e2
commit
b434750cb2
9 changed files with 2073 additions and 88 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      apps/federation/appinfo/routes.php
  2. 102
      apps/federation/lib/Controller/SettingsController.php
  3. 384
      apps/federation/openapi-administration.json
  4. 511
      apps/federation/openapi-federation.json
  5. 863
      apps/federation/openapi-full.json
  6. 29
      apps/federation/tests/Controller/SettingsControllerTest.php
  7. 45
      build/integration/features/bootstrap/FederationContext.php
  8. 219
      build/integration/federation_features/federated.feature
  9. 3
      build/integration/run.sh

5
apps/federation/appinfo/routes.php
View File

@ -31,6 +31,11 @@ return [
'url' => '/shared-secret',
'verb' => 'POST',
],
[
'name' => 'Settings#getServers',
'url' => '/trusted-servers',
'verb' => 'GET'
],
[
'name' => 'Settings#addServer',
'url' => '/trusted-servers',

102
apps/federation/lib/Controller/SettingsController.php
View File

@ -11,10 +11,8 @@ use OCA\Federation\Settings\Admin;
use OCA\Federation\TrustedServers;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\OCSController;
use OCP\HintException;
use OCP\IL10N;
use OCP\IRequest;
@ -30,26 +28,26 @@ class SettingsController extends OCSController {
/**
* Add server to the list of trusted Nextclouds.
* Add server to the list of trusted Nextcloud servers
*
* @param string $url The URL of the server to add
* @return JSONResponse<Http::STATUS_OK, array{data: array{id: int, message: string, url: string}, status: 'ok'}, array{}>|JSONResponse<Http::STATUS_NOT_FOUND|Http::STATUS_CONFLICT, array{data: array{hint: string, message: string}, status: 'error'}, array{}>
*
* 200: Server added successfully
* 404: Server not found at the given URL
* 409: Server is already in the list of trusted servers
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function addServer(string $url): JSONResponse {
try {
$this->checkServer(trim($url));
} catch (HintException $e) {
return new JSONResponse([
'message' => 'error',
'data' => [
'message' => $e->getMessage(),
'hint' => $e->getHint(),
],
], $e->getCode());
$check = $this->checkServer(trim($url));
if ($check instanceof JSONResponse) {
return $check;
}
// Add the server to the list of trusted servers, all is well
$id = $this->trustedServers->addServer(trim($url));
return new JSONResponse([
'message' => 'ok',
'status' => 'ok',
'data' => [
'url' => $url,
'id' => $id,
@ -59,36 +57,94 @@ class SettingsController extends OCSController {
}
/**
* Add server to the list of trusted Nextclouds.
* Add server to the list of trusted Nextcloud servers
*
* @param int $id The ID of the trusted server to remove
* @return JSONResponse<Http::STATUS_OK, array{data: array{id: int}, status: 'ok'}, array{}>|JSONResponse<Http::STATUS_NOT_FOUND, array{data: array{message: string}, status: 'error'}, array{}>
*
* 200: Server removed successfully
* 404: Server not found at the given ID
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function removeServer(int $id): JSONResponse {
$this->trustedServers->removeServer($id);
try {
$this->trustedServers->removeServer($id);
return new JSONResponse([
'status' => 'ok',
'data' => ['id' => $id],
]);
} catch (\Exception $e) {
return new JSONResponse([
'status' => 'error',
'data' => [
'message' => $e->getMessage(),
],
], Http::STATUS_NOT_FOUND);
}
}
/**
* List all trusted servers
*
* @return JSONResponse<Http::STATUS_OK, array{data: list<array{id: int, status: int, url: string}>, status: 'ok'}, array{}>
*
* 200: List of trusted servers
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function getServers(): JSONResponse {
$servers = $this->trustedServers->getServers();
// obfuscate the shared secret
$servers = array_map(function ($server) {
return [
'url' => $server['url'],
'id' => $server['id'],
'status' => $server['status'],
];
}, $servers);
// return the list of trusted servers
return new JSONResponse([
'message' => 'ok',
'data' => ['id' => $id],
'status' => 'ok',
'data' => $servers,
]);
}
/**
* Check if the server should be added to the list of trusted servers or not.
*
* @throws HintException
* @return JSONResponse<Http::STATUS_NOT_FOUND|Http::STATUS_CONFLICT, array{data: array{hint: string, message: string}, status: 'error'}, array{}>|null
*
* 404: Server not found at the given URL
* 409: Server is already in the list of trusted servers
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
protected function checkServer(string $url): bool {
protected function checkServer(string $url): ?JSONResponse {
if ($this->trustedServers->isTrustedServer($url) === true) {
$message = 'Server is already in the list of trusted servers.';
$hint = $this->l->t('Server is already in the list of trusted servers.');
throw new HintException($message, $hint, Http::STATUS_CONFLICT);
return new JSONResponse([
'status' => 'error',
'data' => [
'message' => $message,
'hint' => $hint,
],
], Http::STATUS_CONFLICT);
}
if ($this->trustedServers->isNextcloudServer($url) === false) {
$message = 'No server to federate with found';
$hint = $this->l->t('No server to federate with found');
throw new HintException($message, $hint, Http::STATUS_NOT_FOUND);
return new JSONResponse([
'status' => 'error',
'data' => [
'message' => $message,
'hint' => $hint,
],
], Http::STATUS_NOT_FOUND);
}
return true;
return null;
}
}

384
apps/federation/openapi-administration.json
View File

@ -0,0 +1,384 @@
{
"openapi": "3.0.3",
"info": {
"title": "federation-administration",
"version": "0.0.1",
"description": "Federation allows you to connect with other trusted servers to exchange the account directory.",
"license": {
"name": "agpl"
}
},
"components": {
"securitySchemes": {
"basic_auth": {
"type": "http",
"scheme": "basic"
},
"bearer_auth": {
"type": "http",
"scheme": "bearer"
}
},
"schemas": {}
},
"paths": {
"/ocs/v2.php/apps/federation/trusted-servers": {
"get": {
"operationId": "settings-get-servers",
"summary": "List all trusted servers",
"description": "This endpoint requires admin access",
"tags": [
"settings"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "List of trusted servers",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "array",
"items": {
"type": "object",
"required": [
"id",
"status",
"url"
],
"properties": {
"id": {
"type": "integer",
"format": "int64"
},
"status": {
"type": "integer",
"format": "int64"
},
"url": {
"type": "string"
}
}
}
},
"status": {
"type": "string",
"enum": [
"ok"
]
}
}
}
}
}
}
}
},
"post": {
"operationId": "settings-add-server",
"summary": "Add server to the list of trusted Nextcloud servers",
"description": "This endpoint requires admin access",
"tags": [
"settings"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"url"
],
"properties": {
"url": {
"type": "string",
"description": "The URL of the server to add"
}
}
}
}
}
},
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Server added successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"id",
"message",
"url"
],
"properties": {
"id": {
"type": "integer",
"format": "int64"
},
"message": {
"type": "string"
},
"url": {
"type": "string"
}
}
},
"status": {
"type": "string",
"enum": [
"ok"
]
}
}
}
}
}
},
"404": {
"description": "Server not found at the given URL",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"hint",
"message"
],
"properties": {
"hint": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"status": {
"type": "string",
"enum": [
"error"
]
}
}
}
}
}
},
"409": {
"description": "Server is already in the list of trusted servers",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"hint",
"message"
],
"properties": {
"hint": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"status": {
"type": "string",
"enum": [
"error"
]
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/federation/trusted-servers/{id}": {
"delete": {
"operationId": "settings-remove-server",
"summary": "Add server to the list of trusted Nextcloud servers",
"description": "This endpoint requires admin access",
"tags": [
"settings"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The ID of the trusted server to remove",
"required": true,
"schema": {
"type": "integer",
"format": "int64"
}
},
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Server removed successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "integer",
"format": "int64"
}
}
},
"status": {
"type": "string",
"enum": [
"ok"
]
}
}
}
}
}
},
"404": {
"description": "Server not found at the given ID",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string"
}
}
},
"status": {
"type": "string",
"enum": [
"error"
]
}
}
}
}
}
}
}
}
}
},
"tags": [
{
"name": "ocs_authapi",
"description": "Class OCSAuthAPI\nOCS API end-points to exchange shared secret between two connected Nextclouds"
}
]
}

511
apps/federation/openapi-federation.json
View File

@ -0,0 +1,511 @@
{
"openapi": "3.0.3",
"info": {
"title": "federation-federation",
"version": "0.0.1",
"description": "Federation allows you to connect with other trusted servers to exchange the account directory.",
"license": {
"name": "agpl"
}
},
"components": {
"securitySchemes": {
"basic_auth": {
"type": "http",
"scheme": "basic"
},
"bearer_auth": {
"type": "http",
"scheme": "bearer"
}
},
"schemas": {
"OCSMeta": {
"type": "object",
"required": [
"status",
"statuscode"
],
"properties": {
"status": {
"type": "string"
},
"statuscode": {
"type": "integer"
},
"message": {
"type": "string"
},
"totalitems": {
"type": "string"
},
"itemsperpage": {
"type": "string"
}
}
}
}
},
"paths": {
"/ocs/v2.php/apps/federation/api/v1/shared-secret": {
"get": {
"operationId": "ocs_authapi-get-shared-secret-legacy",
"summary": "Create shared secret and return it, for legacy end-points",
"tags": [
"ocs_authapi"
],
"security": [
{},
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "url",
"in": "query",
"description": "URL of the server",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "token",
"in": "query",
"description": "Token of the server",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Shared secret returned",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": [
"sharedSecret"
],
"properties": {
"sharedSecret": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"403": {
"description": "Getting shared secret is not allowed",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/federation/api/v1/request-shared-secret": {
"post": {
"operationId": "ocs_authapi-request-shared-secret-legacy",
"summary": "Request received to ask remote server for a shared secret, for legacy end-points",
"tags": [
"ocs_authapi"
],
"security": [
{},
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"url",
"token"
],
"properties": {
"url": {
"type": "string",
"description": "URL of the server"
},
"token": {
"type": "string",
"description": "Token of the server"
}
}
}
}
}
},
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Shared secret requested successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
},
"403": {
"description": "Requesting shared secret is not allowed",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/cloud/shared-secret": {
"get": {
"operationId": "ocs_authapi-get-shared-secret",
"summary": "Create shared secret and return it",
"tags": [
"ocs_authapi"
],
"security": [
{},
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "url",
"in": "query",
"description": "URL of the server",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "token",
"in": "query",
"description": "Token of the server",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Shared secret returned",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": [
"sharedSecret"
],
"properties": {
"sharedSecret": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"403": {
"description": "Getting shared secret is not allowed",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
},
"post": {
"operationId": "ocs_authapi-request-shared-secret",
"summary": "Request received to ask remote server for a shared secret",
"tags": [
"ocs_authapi"
],
"security": [
{},
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"url",
"token"
],
"properties": {
"url": {
"type": "string",
"description": "URL of the server"
},
"token": {
"type": "string",
"description": "Token of the server"
}
}
}
}
}
},
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Shared secret requested successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
},
"403": {
"description": "Requesting shared secret is not allowed",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
}
},
"tags": [
{
"name": "ocs_authapi",
"description": "Class OCSAuthAPI\nOCS API end-points to exchange shared secret between two connected Nextclouds"
}
]
}

863
apps/federation/openapi-full.json
View File

@ -0,0 +1,863 @@
{
"openapi": "3.0.3",
"info": {
"title": "federation-full",
"version": "0.0.1",
"description": "Federation allows you to connect with other trusted servers to exchange the account directory.",
"license": {
"name": "agpl"
}
},
"components": {
"securitySchemes": {
"basic_auth": {
"type": "http",
"scheme": "basic"
},
"bearer_auth": {
"type": "http",
"scheme": "bearer"
}
},
"schemas": {
"OCSMeta": {
"type": "object",
"required": [
"status",
"statuscode"
],
"properties": {
"status": {
"type": "string"
},
"statuscode": {
"type": "integer"
},
"message": {
"type": "string"
},
"totalitems": {
"type": "string"
},
"itemsperpage": {
"type": "string"
}
}
}
}
},
"paths": {
"/ocs/v2.php/apps/federation/api/v1/shared-secret": {
"get": {
"operationId": "ocs_authapi-get-shared-secret-legacy",
"summary": "Create shared secret and return it, for legacy end-points",
"tags": [
"ocs_authapi"
],
"security": [
{},
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "url",
"in": "query",
"description": "URL of the server",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "token",
"in": "query",
"description": "Token of the server",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Shared secret returned",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": [
"sharedSecret"
],
"properties": {
"sharedSecret": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"403": {
"description": "Getting shared secret is not allowed",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/federation/api/v1/request-shared-secret": {
"post": {
"operationId": "ocs_authapi-request-shared-secret-legacy",
"summary": "Request received to ask remote server for a shared secret, for legacy end-points",
"tags": [
"ocs_authapi"
],
"security": [
{},
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"url",
"token"
],
"properties": {
"url": {
"type": "string",
"description": "URL of the server"
},
"token": {
"type": "string",
"description": "Token of the server"
}
}
}
}
}
},
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Shared secret requested successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
},
"403": {
"description": "Requesting shared secret is not allowed",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/cloud/shared-secret": {
"get": {
"operationId": "ocs_authapi-get-shared-secret",
"summary": "Create shared secret and return it",
"tags": [
"ocs_authapi"
],
"security": [
{},
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "url",
"in": "query",
"description": "URL of the server",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "token",
"in": "query",
"description": "Token of the server",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Shared secret returned",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": [
"sharedSecret"
],
"properties": {
"sharedSecret": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"403": {
"description": "Getting shared secret is not allowed",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
},
"post": {
"operationId": "ocs_authapi-request-shared-secret",
"summary": "Request received to ask remote server for a shared secret",
"tags": [
"ocs_authapi"
],
"security": [
{},
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"url",
"token"
],
"properties": {
"url": {
"type": "string",
"description": "URL of the server"
},
"token": {
"type": "string",
"description": "Token of the server"
}
}
}
}
}
},
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Shared secret requested successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
},
"403": {
"description": "Requesting shared secret is not allowed",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/federation/trusted-servers": {
"get": {
"operationId": "settings-get-servers",
"summary": "List all trusted servers",
"description": "This endpoint requires admin access",
"tags": [
"settings"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "List of trusted servers",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "array",
"items": {
"type": "object",
"required": [
"id",
"status",
"url"
],
"properties": {
"id": {
"type": "integer",
"format": "int64"
},
"status": {
"type": "integer",
"format": "int64"
},
"url": {
"type": "string"
}
}
}
},
"status": {
"type": "string",
"enum": [
"ok"
]
}
}
}
}
}
}
}
},
"post": {
"operationId": "settings-add-server",
"summary": "Add server to the list of trusted Nextcloud servers",
"description": "This endpoint requires admin access",
"tags": [
"settings"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"url"
],
"properties": {
"url": {
"type": "string",
"description": "The URL of the server to add"
}
}
}
}
}
},
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Server added successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"id",
"message",
"url"
],
"properties": {
"id": {
"type": "integer",
"format": "int64"
},
"message": {
"type": "string"
},
"url": {
"type": "string"
}
}
},
"status": {
"type": "string",
"enum": [
"ok"
]
}
}
}
}
}
},
"404": {
"description": "Server not found at the given URL",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"hint",
"message"
],
"properties": {
"hint": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"status": {
"type": "string",
"enum": [
"error"
]
}
}
}
}
}
},
"409": {
"description": "Server is already in the list of trusted servers",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"hint",
"message"
],
"properties": {
"hint": {
"type": "string"
},
"message": {
"type": "string"
}
}
},
"status": {
"type": "string",
"enum": [
"error"
]
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/federation/trusted-servers/{id}": {
"delete": {
"operationId": "settings-remove-server",
"summary": "Add server to the list of trusted Nextcloud servers",
"description": "This endpoint requires admin access",
"tags": [
"settings"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "The ID of the trusted server to remove",
"required": true,
"schema": {
"type": "integer",
"format": "int64"
}
},
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Server removed successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "integer",
"format": "int64"
}
}
},
"status": {
"type": "string",
"enum": [
"ok"
]
}
}
}
}
}
},
"404": {
"description": "Server not found at the given ID",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data",
"status"
],
"properties": {
"data": {
"type": "object",
"required": [
"message"
],
"properties": {
"message": {
"type": "string"
}
}
},
"status": {
"type": "string",
"enum": [
"error"
]
}
}
}
}
}
}
}
}
}
},
"tags": [
{
"name": "ocs_authapi",
"description": "Class OCSAuthAPI\nOCS API end-points to exchange shared secret between two connected Nextclouds"
}
]
}

29
apps/federation/tests/Controller/SettingsControllerTest.php
View File

@ -9,8 +9,7 @@ namespace OCA\Federation\Tests\Controller;
use OCA\Federation\Controller\SettingsController;
use OCA\Federation\TrustedServers;
use OCP\AppFramework\Http\DataResponse;
use OCP\HintException;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IL10N;
use OCP\IRequest;
use Test\TestCase;
@ -56,20 +55,18 @@ class SettingsControllerTest extends TestCase {
->willReturn(true);
$result = $this->controller->addServer('url');
$this->assertTrue($result instanceof DataResponse);
$this->assertTrue($result instanceof JSONResponse);
$data = $result->getData();
$this->assertSame(200, $result->getStatus());
$this->assertSame('url', $data['url']);
$this->assertArrayHasKey('id', $data);
$this->assertSame('url', $data['data']['url']);
$this->assertArrayHasKey('id', $data['data']);
}
/**
* @dataProvider checkServerFails
*/
public function testAddServerFail(bool $isTrustedServer, bool $isNextcloud): void {
$this->expectException(HintException::class);
$this->trustedServers
->expects($this->any())
->method('isTrustedServer')
@ -81,7 +78,15 @@ class SettingsControllerTest extends TestCase {
->with('url')
->willReturn($isNextcloud);
$this->controller->addServer('url');
$result = $this->controller->addServer('url');
$this->assertTrue($result instanceof JSONResponse);
if ($isTrustedServer) {
$this->assertSame(409, $result->getStatus());
}
if (!$isNextcloud) {
$this->assertSame(404, $result->getStatus());
}
}
public function testRemoveServer(): void {
@ -89,7 +94,7 @@ class SettingsControllerTest extends TestCase {
->method('removeServer')
->with(1);
$result = $this->controller->removeServer(1);
$this->assertTrue($result instanceof DataResponse);
$this->assertTrue($result instanceof JSONResponse);
$this->assertSame(200, $result->getStatus());
}
@ -106,7 +111,7 @@ class SettingsControllerTest extends TestCase {
->willReturn(true);
$this->assertTrue(
$this->invokePrivate($this->controller, 'checkServer', ['url'])
$this->invokePrivate($this->controller, 'checkServer', ['url']) === null
);
}
@ -114,8 +119,6 @@ class SettingsControllerTest extends TestCase {
* @dataProvider checkServerFails
*/
public function testCheckServerFail(bool $isTrustedServer, bool $isNextcloud): void {
$this->expectException(HintException::class);
$this->trustedServers
->expects($this->any())
->method('isTrustedServer')
@ -128,7 +131,7 @@ class SettingsControllerTest extends TestCase {
->willReturn($isNextcloud);
$this->assertTrue(
$this->invokePrivate($this->controller, 'checkServer', ['url'])
$this->invokePrivate($this->controller, 'checkServer', ['url']) instanceof JSONResponse
);
}

45
build/integration/features/bootstrap/FederationContext.php
View File

@ -7,6 +7,7 @@
use Behat\Behat\Context\Context;
use Behat\Behat\Context\SnippetAcceptingContext;
use Behat\Gherkin\Node\TableNode;
use PHPUnit\Framework\Assert;
require __DIR__ . '/../../vendor/autoload.php';
@ -168,8 +169,52 @@ class FederationContext implements Context, SnippetAcceptingContext {
self::$phpFederatedServerPid = '';
}
/**
* @BeforeScenario @TrustedFederation
*/
public function theServersAreTrustingEachOther() {
$this->asAn('admin');
// Trust the remote server on the local server
$this->usingServer('LOCAL');
$this->sendRequestForJSON('POST', '/apps/federation/trusted-servers', ['url' => 'http://localhost:' . getenv('PORT')]);
Assert::assertTrue(($this->response->getStatusCode() === 200 || $this->response->getStatusCode() === 409));
// Trust the local server on the remote server
$this->usingServer('REMOTE');
$this->sendRequestForJSON('POST', '/apps/federation/trusted-servers', ['url' => 'http://localhost:' . getenv('PORT_FED')]);
// If the server is already trusted, we expect a 409
Assert::assertTrue(($this->response->getStatusCode() === 200 || $this->response->getStatusCode() === 409));
}
/**
* @AfterScenario @TrustedFederation
*/
public function theServersAreNoLongerTrustingEachOther() {
$this->asAn('admin');
// Untrust the remote servers on the local server
$this->usingServer('LOCAL');
$this->sendRequestForJSON('GET', '/apps/federation/trusted-servers');
$this->theHTTPStatusCodeShouldBe('200');
$trustedServersIDs = array_map(fn ($server) => $server->id, json_decode($this->response->getBody())->data);
foreach ($trustedServersIDs as $id) {
$this->sendRequestForJSON('DELETE', '/apps/federation/trusted-servers/' . $id);
$this->theHTTPStatusCodeShouldBe('200');
}
// Untrust the local server on the remote server
$this->usingServer('REMOTE');
$this->sendRequestForJSON('GET', '/apps/federation/trusted-servers');
$this->theHTTPStatusCodeShouldBe('200');
$trustedServersIDs = array_map(fn ($server) => $server->id, json_decode($this->response->getBody())->data);
foreach ($trustedServersIDs as $id) {
$this->sendRequestForJSON('DELETE', '/apps/federation/trusted-servers/' . $id);
$this->theHTTPStatusCodeShouldBe('200');
}
}
protected function resetAppConfigs() {
$this->deleteServerConfig('files_sharing', 'incoming_server2server_group_share_enabled');
$this->deleteServerConfig('files_sharing', 'outgoing_server2server_group_share_enabled');
$this->deleteServerConfig('files_sharing', 'federated_trusted_share_auto_accept');
}
}

219
build/integration/federation_features/federated.feature
View File

@ -8,7 +8,7 @@ Feature: federated
Scenario: Federate share a file with another server
Given Using server "REMOTE"
And user "user1" exists
And Using server "LOCAL"
Given Using server "LOCAL"
And user "user0" exists
When User "user0" from server "LOCAL" shares "/textfile0.txt" with user "user1" from server "REMOTE"
Then the OCS status code should be "100"
@ -30,6 +30,12 @@ Feature: federated
| displayname_owner | user0 |
| share_with | user1@REMOTE |
| share_with_displayname | user1 |
Given Using server "REMOTE"
And As an "user1"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 0 shares
When sending "GET" to "/apps/files_sharing/api/v1/remote_shares/pending"
Then the list of returned shares has 1 shares
Scenario: Federated group share a file with another server
Given Using server "REMOTE"
@ -40,7 +46,7 @@ Feature: federated
And As an "admin"
And Add user "gs-user1" to the group "group1"
And Add user "gs-user2" to the group "group1"
And Using server "LOCAL"
Given Using server "LOCAL"
And parameter "outgoing_server2server_group_share_enabled" of app "files_sharing" is set to "yes"
And user "gs-user0" exists
When User "gs-user0" from server "LOCAL" shares "/textfile0.txt" with group "group1" from server "REMOTE"
@ -64,11 +70,10 @@ Feature: federated
| share_with | group1@REMOTE |
| share_with_displayname | group1@REMOTE |
Scenario: Federate share a file with local server
Given Using server "LOCAL"
And user "user0" exists
And Using server "REMOTE"
Given Using server "REMOTE"
And user "user1" exists
When User "user1" from server "REMOTE" shares "/textfile0.txt" with user "user0" from server "LOCAL"
Then the OCS status code should be "100"
@ -94,10 +99,10 @@ Feature: federated
Scenario: Remote sharee can see the pending share
Given Using server "REMOTE"
And user "user1" exists
And Using server "LOCAL"
Given Using server "LOCAL"
And user "user0" exists
And User "user0" from server "LOCAL" shares "/textfile0.txt" with user "user1" from server "REMOTE"
And Using server "REMOTE"
Given Using server "REMOTE"
And As an "user1"
When sending "GET" to "/apps/files_sharing/api/v1/remote_shares/pending"
Then the OCS status code should be "100"
@ -122,11 +127,11 @@ Feature: federated
And As an "admin"
And Add user "gs-user1" to the group "group1"
And Add user "gs-user2" to the group "group1"
And Using server "LOCAL"
Given Using server "LOCAL"
And parameter "outgoing_server2server_group_share_enabled" of app "files_sharing" is set to "yes"
And user "gs-user0" exists
When User "gs-user0" from server "LOCAL" shares "/textfile0.txt" with group "group1" from server "REMOTE"
And Using server "REMOTE"
Given Using server "REMOTE"
And As an "gs-user1"
When sending "GET" to "/apps/files_sharing/api/v1/remote_shares/pending"
Then the OCS status code should be "100"
@ -159,7 +164,7 @@ Feature: federated
Scenario: accept a pending remote share
Given Using server "REMOTE"
And user "user1" exists
And Using server "LOCAL"
Given Using server "LOCAL"
And user "user0" exists
And User "user0" from server "LOCAL" shares "/textfile0.txt" with user "user1" from server "REMOTE"
When User "user1" from server "REMOTE" accepts last pending share
@ -175,7 +180,7 @@ Feature: federated
And As an "admin"
And Add user "gs-user1" to the group "group1"
And Add user "gs-user2" to the group "group1"
And Using server "LOCAL"
Given Using server "LOCAL"
And parameter "outgoing_server2server_group_share_enabled" of app "files_sharing" is set to "yes"
And user "gs-user0" exists
When User "gs-user0" from server "LOCAL" shares "/textfile0.txt" with group "group1" from server "REMOTE"
@ -187,45 +192,45 @@ Feature: federated
Given Using server "REMOTE"
And user "user1" exists
And user "user2" exists
And Using server "LOCAL"
Given Using server "LOCAL"
And user "user0" exists
And User "user0" from server "LOCAL" shares "/textfile0.txt" with user "user1" from server "REMOTE"
And User "user1" from server "REMOTE" accepts last pending share
And Using server "REMOTE"
Given Using server "REMOTE"
And As an "user1"
When creating a share with
| path | /textfile0 (2).txt |
| shareType | 0 |
| shareWith | user2 |
| permissions | 19 |
#Then the OCS status code should be "100"
#And the HTTP status code should be "200"
#And Share fields of last share match with
# | id | A_NUMBER |
# | item_type | file |
# | item_source | A_NUMBER |
# | share_type | 0 |
# | file_source | A_NUMBER |
# | path | /textfile0 (2).txt |
# | permissions | 19 |
# | stime | A_NUMBER |
# | storage | A_NUMBER |
# | mail_send | 1 |
# | uid_owner | user1 |
# | file_parent | A_NUMBER |
# | displayname_owner | user1 |
# | share_with | user2 |
# | share_with_displayname | user2 |
# Then the OCS status code should be "100"
# And the HTTP status code should be "200"
# And Share fields of last share match with
# | id | A_NUMBER |
# | item_type | file |
# | item_source | A_NUMBER |
# | share_type | 0 |
# | file_source | A_NUMBER |
# | path | /textfile0 (2).txt |
# | permissions | 19 |
# | stime | A_NUMBER |
# | storage | A_NUMBER |
# | mail_send | 1 |
# | uid_owner | user1 |
# | file_parent | A_NUMBER |
# | displayname_owner | user1 |
# | share_with | user2 |
# | share_with_displayname | user2 |
Scenario: Overwrite a federated shared file as recipient
Given Using server "REMOTE"
And user "user1" exists
And user "user2" exists
And Using server "LOCAL"
Given Using server "LOCAL"
And user "user0" exists
And User "user0" from server "LOCAL" shares "/textfile0.txt" with user "user1" from server "REMOTE"
And User "user1" from server "REMOTE" accepts last pending share
And Using server "REMOTE"
Given Using server "REMOTE"
And As an "user1"
And User "user1" modifies text of "/textfile0.txt" with text "BLABLABLA"
When User "user1" uploads file "../../data/user1/files/textfile0.txt" to "/textfile0 (2).txt"
@ -236,16 +241,16 @@ Feature: federated
Given Using server "REMOTE"
And user "user1" exists
And user "user2" exists
And Using server "LOCAL"
Given Using server "LOCAL"
And user "user0" exists
And User "user0" from server "LOCAL" shares "/PARENT" with user "user1" from server "REMOTE"
And User "user1" from server "REMOTE" accepts last pending share
And Using server "REMOTE"
Given Using server "REMOTE"
And As an "user1"
And User "user1" modifies text of "/textfile0.txt" with text "BLABLABLA"
#When User "user1" uploads file "../../data/user1/files/textfile0.txt" to "/PARENT (2)/textfile0.txt"
#And Downloading file "/PARENT (2)/textfile0.txt" with range "bytes=0-8"
#Then Downloaded content should be "BLABLABLA"
When User "user1" uploads file "../../data/user1/files/textfile0.txt" to "/PARENT (2)/textfile0.txt"
And Downloading file "/PARENT (2)/textfile0.txt" with range "bytes=0-8"
Then Downloaded content should be "BLABLABLA"
Scenario: List federated share from another server not accepted yet
Given Using server "LOCAL"
@ -256,7 +261,7 @@ Feature: federated
# server may have its own /textfile0.txt" file)
And User "user1" copies file "/textfile0.txt" to "/remote-share.txt"
And User "user1" from server "REMOTE" shares "/remote-share.txt" with user "user0" from server "LOCAL"
And Using server "LOCAL"
Given Using server "LOCAL"
When As an "user0"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
Then the list of returned shares has 0 shares
@ -270,7 +275,7 @@ Feature: federated
# server may have its own /textfile0.txt" file)
And User "user1" copies file "/textfile0.txt" to "/remote-share.txt"
And User "user1" from server "REMOTE" shares "/remote-share.txt" with user "user0" from server "LOCAL"
And Using server "LOCAL"
Given Using server "LOCAL"
And User "user0" from server "LOCAL" accepts last pending share
When As an "user0"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
@ -296,7 +301,7 @@ Feature: federated
# server may have its own /textfile0.txt" file)
And User "user1" copies file "/textfile0.txt" to "/remote-share.txt"
And User "user1" from server "REMOTE" shares "/remote-share.txt" with user "user0" from server "LOCAL"
And Using server "LOCAL"
Given Using server "LOCAL"
And User "user0" from server "LOCAL" accepts last pending share
And remote server is stopped
When As an "user0"
@ -318,7 +323,7 @@ Feature: federated
# server may have its own /textfile0.txt" file)
And User "user1" copies file "/textfile0.txt" to "/remote-share.txt"
And User "user1" from server "REMOTE" shares "/remote-share.txt" with user "user0" from server "LOCAL"
And Using server "LOCAL"
Given Using server "LOCAL"
And User "user0" from server "LOCAL" accepts last pending share
# Checking that the file exists caches the file entry, which causes an
# exception to be thrown when getting the file info if the remote server is
@ -335,8 +340,6 @@ Feature: federated
| user | user0 |
| mountpoint | /remote-share.txt |
Scenario: Delete federated share with another server
Given Using server "LOCAL"
And user "user0" exists
@ -349,13 +352,13 @@ Feature: federated
And As an "user1"
And sending "GET" to "/apps/files_sharing/api/v1/shares"
And the list of returned shares has 1 shares
And Using server "LOCAL"
Given Using server "LOCAL"
And User "user0" from server "LOCAL" accepts last pending share
And as "user0" the file "/remote-share.txt" exists
And As an "user0"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 1 shares
And Using server "REMOTE"
Given Using server "REMOTE"
When As an "user1"
And Deleting last share
Then the OCS status code should be "100"
@ -363,7 +366,7 @@ Feature: federated
And As an "user1"
And sending "GET" to "/apps/files_sharing/api/v1/shares"
And the list of returned shares has 0 shares
And Using server "LOCAL"
Given Using server "LOCAL"
And as "user0" the file "/remote-share.txt" does not exist
And As an "user0"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
@ -381,7 +384,7 @@ Feature: federated
And As an "user1"
And sending "GET" to "/apps/files_sharing/api/v1/shares"
And the list of returned shares has 1 shares
And Using server "LOCAL"
Given Using server "LOCAL"
And User "user0" from server "LOCAL" accepts last pending share
And as "user0" the file "/remote-share.txt" exists
And As an "user0"
@ -394,7 +397,7 @@ Feature: federated
And As an "user0"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 0 shares
And Using server "REMOTE"
Given Using server "REMOTE"
And As an "user1"
And sending "GET" to "/apps/files_sharing/api/v1/shares"
And the list of returned shares has 0 shares
@ -408,7 +411,7 @@ Feature: federated
# server may have its own /textfile0.txt" file)
And User "user1" copies file "/textfile0.txt" to "/remote-share.txt"
And User "user1" from server "REMOTE" shares "/remote-share.txt" with user "user0" from server "LOCAL"
And Using server "LOCAL"
Given Using server "LOCAL"
And User "user0" from server "LOCAL" accepts last pending share
And as "user0" the file "/remote-share.txt" exists
And As an "user0"
@ -435,7 +438,7 @@ Feature: federated
And As an "user1"
And sending "GET" to "/apps/files_sharing/api/v1/shares"
And the list of returned shares has 1 shares
And Using server "LOCAL"
Given Using server "LOCAL"
And User "user0" from server "LOCAL" accepts last pending share
And as "user0" the file "/remote-share.txt" exists
And As an "user0"
@ -447,7 +450,7 @@ Feature: federated
And As an "user0"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 0 shares
And Using server "REMOTE"
Given Using server "REMOTE"
And As an "user1"
And sending "GET" to "/apps/files_sharing/api/v1/shares"
And the list of returned shares has 0 shares
@ -461,7 +464,7 @@ Feature: federated
# server may have its own /textfile0.txt" file)
And User "user1" copies file "/textfile0.txt" to "/remote-share.txt"
And User "user1" from server "REMOTE" shares "/remote-share.txt" with user "user0" from server "LOCAL"
And Using server "LOCAL"
Given Using server "LOCAL"
And User "user0" from server "LOCAL" accepts last pending share
And as "user0" the file "/remote-share.txt" exists
And As an "user0"
@ -474,3 +477,115 @@ Feature: federated
And As an "user0"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 0 shares
Scenario: Share to a non-trusted server will NOT auto accept
Given Using server "LOCAL"
And user "user0" exists
Given Using server "REMOTE"
And user "userfed2" exists
And parameter "federated_trusted_share_auto_accept" of app "files_sharing" is set to "yes"
When As an "user0"
When User "user0" from server "LOCAL" shares "/textfile0.txt" with user "userfed2" from server "REMOTE"
Then the OCS status code should be "100"
And the HTTP status code should be "200"
And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=false"
And the list of returned shares has 1 shares
Given Using server "REMOTE"
And using new dav path
And As an "userfed2"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 0 shares
When sending "GET" to "/apps/files_sharing/api/v1/remote_shares/pending"
And the list of returned shares has 1 shares
And as "userfed2" the file "/textfile0 (2).txt" does not exist
Scenario: Share to a non-trusted server group will NOT auto accept
Given Using server "REMOTE"
And parameter "incoming_server2server_group_share_enabled" of app "files_sharing" is set to "yes"
And parameter "federated_trusted_share_auto_accept" of app "files_sharing" is set to "yes"
And user "gs-userfed3" exists
And user "gs-userfed4" exists
And group "groupfed2" exists
And As an "admin"
And Add user "gs-userfed3" to the group "groupfed2"
And Add user "gs-userfed4" to the group "groupfed2"
Given Using server "LOCAL"
And parameter "outgoing_server2server_group_share_enabled" of app "files_sharing" is set to "yes"
And user "gs-user0" exists
When As an "gs-user0"
When User "gs-user0" from server "LOCAL" shares "/textfile0.txt" with group "groupfed2" from server "REMOTE"
Then the OCS status code should be "100"
And the HTTP status code should be "200"
And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=false"
And the list of returned shares has 1 shares
Given Using server "REMOTE"
And using new dav path
And As an "gs-userfed3"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 0 shares
When sending "GET" to "/apps/files_sharing/api/v1/remote_shares/pending"
And the list of returned shares has 1 shares
And as "gs-userfed3" the file "/textfile0 (2).txt" does not exist
And As an "gs-userfed4"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 0 shares
When sending "GET" to "/apps/files_sharing/api/v1/remote_shares/pending"
And the list of returned shares has 1 shares
And as "gs-userfed4" the file "/textfile0 (2).txt" does not exist
@TrustedFederation
Scenario: Share to a trusted server auto accept
Given Using server "LOCAL"
And user "user0" exists
Given Using server "REMOTE"
And user "userfed1" exists
And parameter "federated_trusted_share_auto_accept" of app "files_sharing" is set to "yes"
When As an "user0"
When User "user0" from server "LOCAL" shares "/textfile0.txt" with user "userfed1" from server "REMOTE"
Then the OCS status code should be "100"
And the HTTP status code should be "200"
And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=false"
And the list of returned shares has 1 shares
Given Using server "REMOTE"
And using new dav path
And As an "userfed1"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 1 shares
When sending "GET" to "/apps/files_sharing/api/v1/remote_shares/pending"
And the list of returned shares has 0 shares
And as "userfed1" the file "/textfile0 (2).txt" exists
@TrustedFederation
Scenario: Share to a trusted server group auto accept
Given Using server "REMOTE"
And parameter "incoming_server2server_group_share_enabled" of app "files_sharing" is set to "yes"
And parameter "federated_trusted_share_auto_accept" of app "files_sharing" is set to "yes"
And user "gs-userfed1" exists
And user "gs-userfed2" exists
And group "groupfed1" exists
And As an "admin"
And Add user "gs-userfed1" to the group "groupfed1"
And Add user "gs-userfed2" to the group "groupfed1"
Given Using server "LOCAL"
And parameter "outgoing_server2server_group_share_enabled" of app "files_sharing" is set to "yes"
And user "gs-user0" exists
When As an "gs-user0"
When User "gs-user0" from server "LOCAL" shares "/textfile0.txt" with group "groupfed1" from server "REMOTE"
Then the OCS status code should be "100"
And the HTTP status code should be "200"
And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=false"
And the list of returned shares has 1 shares
Given Using server "REMOTE"
And using new dav path
And As an "gs-userfed1"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 1 shares
When sending "GET" to "/apps/files_sharing/api/v1/remote_shares/pending"
And the list of returned shares has 0 shares
And as "gs-userfed1" the file "/textfile0 (2).txt" exists
And As an "gs-userfed2"
And sending "GET" to "/apps/files_sharing/api/v1/remote_shares"
And the list of returned shares has 1 shares
When sending "GET" to "/apps/files_sharing/api/v1/remote_shares/pending"
And the list of returned shares has 0 shares
And as "gs-userfed2" the file "/textfile0 (2).txt" exists

3
build/integration/run.sh
View File

@ -22,6 +22,8 @@ if [ "$INSTALLED" == "true" ]; then
$OCC config:system:set auth.bruteforce.protection.enabled --value false --type bool
# Allow local remote urls otherwise we can not share
$OCC config:system:set allow_local_remote_servers --value true --type bool
# Allow self signed certificates
$OCC config:system:set sharing.federation.allowSelfSignedCertificates --value true --type bool
else
if [ "$SCENARIO_TO_RUN" != "setup_features/setup.feature" ]; then
echo "Nextcloud instance needs to be installed" >&2
@ -38,6 +40,7 @@ if [ -z "$EXECUTOR_NUMBER" ]; then
fi
PORT=$((8080 + $EXECUTOR_NUMBER))
echo $PORT
export PORT
echo "" > "${NC_DATADIR}/nextcloud.log"
echo "" > phpserver.log

Write Preview
Loading…
Cancel
Save