[QA] 0.5.2 Testplan

[jnweiger]

Setup

Setup details (click to expand)

References: * https://github.com/owncloud/oauth2/wiki/OAuth-code-Flow-Sequence-Diagram

OAuth2 app Test Plan

This aims to be a client-agnostic testplan for the OAuth2 application, centered in the actions available in the webUI and/or occ commands and their impact on ownCloud's core behavior. To test the application from a client standpoint see:

• Desktop Sync client: https://github.com/owncloud/QA/pull/473
• Mobile client: https://github.com/owncloud/QA/pull/474

Testing functionality

Test Case	Expected Result	Result	Related Comment
CLI commands
Enable OAuth2 app via CLI using occ app:enable oauth2	- The apps gets enabled - Replies from the WebDAV endpoint includes a new WWW-Authenticate: Bearer... header	:heavy_check_mark:
Disable OAuth2 app via CLI using occ app:disable oauth2	- The apps gets disabled - Previously mentioned header goes away in further requests	:heavy_check_mark:
Registered Clients
Default clients	The default Registered clients are included among the "Settings > Admin > User Authentication" OAuth 2.0: Registered Clients	:heavy_check_mark:	See https://github.com/owncloud/oauth2/pull/38 for the default values
Register new Client via WebUI (Branded Desktop client with custom client_id)	64-character-length client_id and client_secret are generated together with a (required) Client Name and a (required) Redirection URL	:heavy_check_mark:
Remove a Client	- Confirmation dialog is prompted before removal - All client sessions opened from those clients get removed	:heavy_check_mark:
Unregistered Clients
Authentication flow from an unregistered client	Unsuccessful Authorization Request	:heavy_check_mark:	Browser displays the "Request not valid" screen.
Authorized Applications
Login with a Registered Client	The Client Name is displayed amongst the "Personal > Security" OAuth 2.0 Authorized Applications	:heavy_check_mark:
Session Revocation (i.e. delete Authorized Application)	All the sessions opened in the clients are revoked and must be re-authorized	:heavy_check_mark:
User Account Handling
Password change	Open sessions are revoked and new credentials must be used in further login attempts	:heavy_check_mark:
Authorization Flow
Successful Authorization Request without any session open in the browser	Login form with an additional informative note about the application requesting access to ownCloud is displayed	:heavy_check_mark:
Successful Authorization Request with a valid session in the browser	The "Authorize" screen is displayed	:heavy_check_mark:
Successful Authorization Request in a browser with a different user logged in	The "Switch User" screen is displayed, allowing to modify the current session	:heavy_check_mark:	See use of the additional user parameter in: https://github.com/owncloud/oauth2/pull/67
Failed attempt in the authorization login form	The query parameters for the Authorization Request are preserved in next attempts	:heavy_check_mark:	See original issue in: https://github.com/owncloud/core/issues/28129
Relevant Smoke Tests
Unauthenticated Actions: Public File Drop	Files get uploaded normally	:heavy_check_mark:	See https://github.com/owncloud/oauth2/pull/100
OAuth with new Web App
Register Web app via CLI	occ app:enable web client_id="$(tr -dc 'a-z0-9' < /dev/urandom \| head -c 32)" client_secret="$(tr -dc 'a-z0-9' < /dev/urandom \| head -c 32)" web_baseurl="https://$oc10_fqdn/index.php/apps/web" occ config:system:set web.baseUrl --value $web_baseurl occ oauth:add-client "ownCloud Web" $client_id $client_secret $web_baseurl/oidc-callback.html	:heavy_check_mark:
Successful Authorization Request without any session open in the browser	Login form with an additional informative note about the application requesting access to ownCloud is displayed	:heavy_check_mark:
Successful Authorization Request with a valid session in the browser	The "Authorize" screen is displayed	:heavy_check_mark:

---

[jnweiger]

old release was done