search

owncloud / brute_force_protection

Brute-force protection app for ownCloud
GNU General Public License v2.0
6 stars 5 forks source link

[tests-only] Test the fix for issue-112 #140

Closed phil-davis closed 3 years ago

phil-davis commented 3 years ago

https://drone.owncloud.com/owncloud/brute_force_protection/1186/17/4 installs core from branch loginexception

phil-davis commented 3 years ago

Sadly, the test scenario still gets the 500 errors: https://drone.owncloud.com/owncloud/brute_force_protection/1186/17/10

  Scenario: access to public link is not blocked after too many invalid requests                                                                              # /var/www/owncloud/testrunner/apps/brute_force_protection/tests/acceptance/features/apiBruteForceProtection/bruteforceprotection.feature:91
    Given user "Alice" has uploaded file with content "user1 file" to "/PARENT/randomfile.txt"                                                                # FeatureContext::userHasUploadedAFileWithContentTo()
    When user "Alice" creates a public link share using the sharing API with settings                                                                         # FeatureContext::userCreatesAPublicLinkShareWithSettings()
      | path     | PARENT   |
      | password | %public% |
    Then the public download of the last publicly shared file using the new public WebDAV API with password "abcdef" should fail with HTTP status code "401"  # PublicWebDavContext::theLastPublicSharedFileShouldNotBeAbleToBeDownloadedWithPassword()
    And the public download of the last publicly shared file using the new public WebDAV API with password "123abc" should fail with HTTP status code "401"   # PublicWebDavContext::theLastPublicSharedFileShouldNotBeAbleToBeDownloadedWithPassword()
    And the public download of the last publicly shared file using the new public WebDAV API with password "abc123" should fail with HTTP status code "401"   # PublicWebDavContext::theLastPublicSharedFileShouldNotBeAbleToBeDownloadedWithPassword()
      HTTP status code 500 is not the expected value 401
      Failed asserting that 500 matches expected '401'.
    And the public download of the last publicly shared file using the new public WebDAV API with password "%public%" should fail with HTTP status code "401" # PublicWebDavContext::theLastPublicSharedFileShouldNotBeAbleToBeDownloadedWithPassword()

  Scenario: access to public link is blocked after too many invalid requests                                                                                                 # /var/www/owncloud/testrunner/apps/brute_force_protection/tests/acceptance/features/apiBruteForceProtection/bruteforceprotection.feature:101
    Given user "Alice" has uploaded file with content "user1 file" to "/randomfile.txt"                                                                                      # FeatureContext::userHasUploadedAFileWithContentTo()
    When user "Alice" creates a public link share using the sharing API with settings                                                                                        # FeatureContext::userCreatesAPublicLinkShareWithSettings()
      | path     | randomfile.txt |
      | password | %public%       |
    Then the public should be able to download the last publicly shared file using the new public WebDAV API with password "%public%" and the content should be "user1 file" # PublicWebDavContext::checkLastPublicSharedFileWithPasswordDownload()
    And the public download of the last publicly shared file using the new public WebDAV API with password "abcdef" should fail with HTTP status code "401"                  # PublicWebDavContext::theLastPublicSharedFileShouldNotBeAbleToBeDownloadedWithPassword()
    And the public download of the last publicly shared file using the new public WebDAV API with password "123abc" should fail with HTTP status code "401"                  # PublicWebDavContext::theLastPublicSharedFileShouldNotBeAbleToBeDownloadedWithPassword()
    And the public download of the last publicly shared file using the new public WebDAV API with password "abc123" should fail with HTTP status code "401"                  # PublicWebDavContext::theLastPublicSharedFileShouldNotBeAbleToBeDownloadedWithPassword()
      HTTP status code 500 is not the expected value 401
      Failed asserting that 500 matches expected '401'.
    And the public download of the last publicly shared file using the new public WebDAV API with password "%public%" should fail with HTTP status code "401"                # PublicWebDavContext::theLastPublicSharedFileShouldNotBeAbleToBeDownloadedWithPassword()

--- Failed scenarios:

    /var/www/owncloud/testrunner/apps/brute_force_protection/tests/acceptance/features/apiBruteForceProtection/bruteforceprotection.feature:91
    /var/www/owncloud/testrunner/apps/brute_force_protection/tests/acceptance/features/apiBruteForceProtection/bruteforceprotection.feature:101

35 scenarios (33 passed, 2 failed)
231 steps (227 passed, 2 failed, 2 skipped)
karakayasemi commented 3 years ago

Tests have passed in https://github.com/owncloud/brute_force_protection/pull/139, we can continue in there. Closing this one. @phil-davis thank you for your help one more time.