From aa186476167c4ef38cee139adf3efb5cc6214db6 Mon Sep 17 00:00:00 2001 From: "pastripodi@owncloud.com" Date: Wed, 18 Dec 2019 22:28:28 +0100 Subject: [PATCH 1/4] use rawurldecode for allowing "+" in guests emails --- lib/Controller/UsersController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Controller/UsersController.php b/lib/Controller/UsersController.php index a450cf87..be501ae3 100644 --- a/lib/Controller/UsersController.php +++ b/lib/Controller/UsersController.php @@ -114,7 +114,7 @@ public function __construct( */ public function create($email, $displayName) { $errorMessages = []; - $email = \trim(\urldecode($email)); + $email = \trim(\rawurldecode($email)); $username = \strtolower($email); if (empty($email) || !$this->mailer->validateMailAddress($email)) { From 84a5ba85ffea8312ad671a6e1c5569134fcd57fd Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Wed, 4 Mar 2020 11:25:22 +0545 Subject: [PATCH 2/4] Add test scenarios for "+" in guest emails --- .../features/apiGuests/guests.feature | 28 +++++++++++++------ .../features/bootstrap/GuestsContext.php | 14 ++++++---- .../features/webUIGuests/guests.feature | 25 ++++++++++++----- 3 files changed, 47 insertions(+), 20 deletions(-) diff --git a/tests/acceptance/features/apiGuests/guests.feature b/tests/acceptance/features/apiGuests/guests.feature index aedf0621..3bcb2515 100644 --- a/tests/acceptance/features/apiGuests/guests.feature +++ b/tests/acceptance/features/apiGuests/guests.feature @@ -5,10 +5,16 @@ Feature: Guests Given using OCS API version "1" And using new dav path - Scenario: Creating a guest user works fine - When the administrator creates guest user "guest" with email "guest@example.com" using the API + Scenario Outline: Creating a guest user works fine + When the administrator creates guest user "" with email "" using the API Then the HTTP status code should be "201" - And user "guest" should be a guest user + And user "" should be a guest user + And the email address of user "" should be "" + Examples: + | email-address | user | + | guest@example.com | guest | + | john.smith@email.com | john.smith | + | betty_anne+bob-burns@email.com | betty_anne+bob-burns | Scenario: Cannot create a guest if a user with the same email address exists Given user "existing-user" has been created with default attributes and skeleton files @@ -37,15 +43,21 @@ Feature: Guests And as "user0" file "/textfile.txt" should not exist @mailhog - Scenario: A guest user can upload files to a folder shared with them + Scenario Outline: A guest user can upload files to a folder shared with them Given user "user0" has been created with default attributes and skeleton files - And the administrator has created guest user "guest" with email "guest@example.com" + And the administrator has created guest user "" with email "" And the HTTP status code should be "201" And user "user0" has created folder "/tmp" - And user "user0" has shared folder "/tmp" with user "guest@example.com" - And guest user "guest" has registered - When user "guest@example.com" uploads file "textfile.txt" from the guests test data folder to "/tmp/textfile.txt" using the WebDAV API + And user "user0" has shared folder "/tmp" with user "" + And guest user "" has registered + When user "" uploads file "textfile.txt" from the guests test data folder to "/tmp/textfile.txt" using the WebDAV API Then the HTTP status code should be "201" + And as "user0" file "/tmp/textfile.txt" should exist + Examples: + | email-address | user | + | guest@example.com | guest | + | john.smith@email.com | john.smith | + | betty_anne+bob-burns@email.com | betty_anne+bob-burns | @mailhog Scenario: A guest user can upload chunked files to a folder shared with them diff --git a/tests/acceptance/features/bootstrap/GuestsContext.php b/tests/acceptance/features/bootstrap/GuestsContext.php index 3622fd2f..9d7d41e9 100644 --- a/tests/acceptance/features/bootstrap/GuestsContext.php +++ b/tests/acceptance/features/bootstrap/GuestsContext.php @@ -24,6 +24,7 @@ use Behat\Behat\Context\Context; use Behat\Behat\Context\SnippetAcceptingContext; use Behat\Behat\Hook\Scope\BeforeScenarioScope; +use PHPUnit\Framework\Assert; use TestHelpers\EmailHelper; use TestHelpers\HttpRequestHelper; use TestHelpers\SetupHelper; @@ -126,7 +127,7 @@ private function setCSRFDotDisabledFromGuestsScenario($setting) { * @return string */ public function prepareUserNameAsFrontend($guestEmail) { - return \strtolower(\trim(\urldecode($guestEmail))); + return \str_replace('+', '%2B', \strtolower(\trim($guestEmail))); } /** @@ -265,7 +266,7 @@ public function userCreatesAGuestUser( $userName = $this->prepareUserNameAsFrontend($guestEmail); $fullUrl = $fullUrl - . "?displayName=$guestDisplayName&email=$guestEmail&username=$userName"; + . "?displayName=$guestDisplayName&email=$userName&username=$userName"; $headers = []; $headers['Content-Type'] = 'application/x-www-form-urlencoded'; @@ -382,6 +383,11 @@ public function theAdministratorCreatesAGuestUser( * @return void */ public function checkGuestUser($guestDisplayName) { + Assert::assertArrayHasKey( + $guestDisplayName, + $this->createdGuests, + __METHOD__ . " guest user '$guestDisplayName' has not been successfully created by this scenario" + ); $userName = $this->prepareUserNameAsFrontend( $this->createdGuests[$guestDisplayName] ); @@ -462,9 +468,7 @@ public function getRegistrationUrl($address) { */ public function registerGuestUser($guestDisplayName, $password = null) { $oldCSRFSetting = $this->disableCSRFFromGuestsScenario(); - $userName = $this->prepareUserNameAsFrontend( - $this->createdGuests[$guestDisplayName] - ); + $userName = $this->createdGuests[$guestDisplayName]; $fullRegisterUrl = $this->getRegistrationUrl($userName); $explodedFullRegisterUrl = \explode('/', $fullRegisterUrl); $sizeOfExplodedFullRegisterUrl = \count($explodedFullRegisterUrl); diff --git a/tests/acceptance/features/webUIGuests/guests.feature b/tests/acceptance/features/webUIGuests/guests.feature index 4455e35a..e33bc5b9 100644 --- a/tests/acceptance/features/webUIGuests/guests.feature +++ b/tests/acceptance/features/webUIGuests/guests.feature @@ -28,11 +28,16 @@ Feature: Guests And a warning should be displayed on the set-password-page saying "The token is invalid" @mailhog @skipOnOcV10.2 - Scenario: User uses valid email to create a guest user + Scenario Outline: User uses valid email to create a guest user Given user "user0" has been created with default attributes and skeleton files And user "user0" has logged in using the webUI - When the user shares file "data.zip" with guest user with email "valid@email.com" using the webUI - Then user "valid@email.com" should exist + When the user shares file "data.zip" with guest user with email "" using the webUI + Then user "" should exist + Examples: + | email-address | + | valid@email.com | + | John.Smith@email.com | + | Betty_Anne+Bob-Burns@email.com | @mailhog Scenario: User uses some random string email to create a guest user @@ -140,16 +145,22 @@ Feature: Guests Then the user should not have permission to upload or create files @mailhog - Scenario: Guest user is able to upload or create files inside the received share(with change permission) + Scenario Outline: Guest user is able to upload or create files inside the received share(with change permission) Given user "user0" has been created with default attributes and skeleton files And user "user0" has logged in using the webUI - When the user shares folder "simple-folder" with guest user with email "guest@example.com" using the webUI + When the user shares folder "simple-folder" with guest user with email "" using the webUI And the user logs out of the webUI - And guest user "guest@example.com" registers with email "guest@example.com" and sets password to "password" using the webUI - And user "guest@example.com" logs in using the webUI + And guest user "" registers with email "" and sets password to "password" using the webUI + And user "" logs in using the webUI And the user opens folder "simple-folder" using the webUI And the user uploads file "new-lorem.txt" using the webUI Then file "new-lorem.txt" should be listed on the webUI + And as "user0" file "/simple-folder/new-lorem.txt" should exist + Examples: + | email-address | + | guest@example.com | + | John.Smith@email.com | + | Betty_Anne+Bob-Burns@email.com | @mailhog Scenario: Guest user tries to upload or create files inside the received share(read only permission) From c941d17065bd4c614db1314654dc5c0035247299 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Wed, 4 Mar 2020 11:49:22 +0545 Subject: [PATCH 3/4] skipOnOcV10.3 changed-new test scenarios --- tests/acceptance/features/apiGuests/guests.feature | 3 ++- tests/acceptance/features/webUIGuests/guests.feature | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/acceptance/features/apiGuests/guests.feature b/tests/acceptance/features/apiGuests/guests.feature index 3bcb2515..467a3055 100644 --- a/tests/acceptance/features/apiGuests/guests.feature +++ b/tests/acceptance/features/apiGuests/guests.feature @@ -5,6 +5,7 @@ Feature: Guests Given using OCS API version "1" And using new dav path + @skipOnOcV10.3 Scenario Outline: Creating a guest user works fine When the administrator creates guest user "" with email "" using the API Then the HTTP status code should be "201" @@ -42,7 +43,7 @@ Feature: Guests And as "guest@example.com" file "/textfile.txt" should not exist And as "user0" file "/textfile.txt" should not exist - @mailhog + @mailhog @skipOnOcV10.3 Scenario Outline: A guest user can upload files to a folder shared with them Given user "user0" has been created with default attributes and skeleton files And the administrator has created guest user "" with email "" diff --git a/tests/acceptance/features/webUIGuests/guests.feature b/tests/acceptance/features/webUIGuests/guests.feature index e33bc5b9..c5022252 100644 --- a/tests/acceptance/features/webUIGuests/guests.feature +++ b/tests/acceptance/features/webUIGuests/guests.feature @@ -27,7 +27,7 @@ Feature: Guests Then the user should be redirected to a webUI page with the title "%productname%" And a warning should be displayed on the set-password-page saying "The token is invalid" - @mailhog @skipOnOcV10.2 + @mailhog @skipOnOcV10.2 @skipOnOcV10.3 Scenario Outline: User uses valid email to create a guest user Given user "user0" has been created with default attributes and skeleton files And user "user0" has logged in using the webUI @@ -144,7 +144,7 @@ Feature: Guests And user "guest@example.com" logs in using the webUI Then the user should not have permission to upload or create files - @mailhog + @mailhog @skipOnOcV10.3 Scenario Outline: Guest user is able to upload or create files inside the received share(with change permission) Given user "user0" has been created with default attributes and skeleton files And user "user0" has logged in using the webUI From 0bd4d32189adef4783a2a5479e685bd6117fe692 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Wed, 4 Mar 2020 12:12:31 +0545 Subject: [PATCH 4/4] Enable password change notification step - issue-332 is fixed --- tests/acceptance/features/webUIGuests/guests.feature | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/acceptance/features/webUIGuests/guests.feature b/tests/acceptance/features/webUIGuests/guests.feature index c5022252..5bd9487d 100644 --- a/tests/acceptance/features/webUIGuests/guests.feature +++ b/tests/acceptance/features/webUIGuests/guests.feature @@ -83,15 +83,15 @@ Feature: Guests And user "valid@email.com" should exist # And user "valid@email.com" should not exist - @mailhog @issue-332 @skipOnOcV10.2 @skipOnFIREFOX + @mailhog @skipOnOcV10.2 @skipOnFIREFOX Scenario: Administrator changes the guest user's password in users menu Given user "admin" has uploaded file with content "new content" to "new-file.txt" And the administrator has logged in using the webUI And the user shares file "new-file.txt" with guest user with email "valid@email.com" using the webUI And the administrator has browsed to the users page When the administrator changes the password of user "valid@email.com" to "newpassword" using the webUI - #Then notifications should be displayed on the webUI with the text - # | Password successfully changed | + Then notifications should be displayed on the webUI with the text + | Password successfully changed | When the administrator logs out of the webUI And the user logs in with username "valid@email.com" and password "newpassword" using the webUI Then the user should be redirected to a webUI page with the title "Files - %productname%"