diff --git a/.woodpecker.star b/.woodpecker.star index fb14c356d9..baa2d7f32a 100644 --- a/.woodpecker.star +++ b/.woodpecker.star @@ -201,13 +201,6 @@ config = { ], "skip": False, }, - "accountsHashDifficulty": { - "skip": False, - "suites": [ - "apiAccountsHashDifficulty", - ], - "accounts_hash_difficulty": "default", - }, "notification": { "suites": [ "apiNotification", @@ -667,10 +660,10 @@ def testPipelines(ctx): storage = "decomposed" if "skip" not in config["cs3ApiTests"] or not config["cs3ApiTests"]["skip"]: - pipelines += cs3ApiTests(ctx, storage, "default") + pipelines += cs3ApiTests(ctx, storage) if "skip" not in config["wopiValidatorTests"] or not config["wopiValidatorTests"]["skip"]: - pipelines += wopiValidatorTests(ctx, storage, "builtin", "default") - pipelines += wopiValidatorTests(ctx, storage, "cs3", "default") + pipelines += wopiValidatorTests(ctx, storage, "builtin") + pipelines += wopiValidatorTests(ctx, storage, "cs3") pipelines += localApiTestPipeline(ctx) pipelines += coreApiTestPipeline(ctx) @@ -1059,12 +1052,12 @@ def codestyle(ctx): return pipelines -def cs3ApiTests(ctx, storage, accounts_hash_difficulty = 4): +def cs3ApiTests(ctx, storage): pipeline = { "name": "test-cs3-API-%s" % storage, "steps": evaluateWorkflowStep() + restoreBuildArtifactCache(ctx, dirs["opencloudBinArtifact"], dirs["opencloudBinPath"]) + - opencloudServer(storage, accounts_hash_difficulty, deploy_type = "cs3api_validator") + + opencloudServer(storage, deploy_type = "cs3api_validator") + [ { "name": "cs3ApiTests", @@ -1095,7 +1088,7 @@ def cs3ApiTests(ctx, storage, accounts_hash_difficulty = 4): ]) return [pipeline] -def wopiValidatorTests(ctx, storage, wopiServerType, accounts_hash_difficulty = 4): +def wopiValidatorTests(ctx, storage, wopiServerType): testgroups = [ "BaseWopiViewing", "CheckFileInfoSchema", @@ -1173,7 +1166,7 @@ def wopiValidatorTests(ctx, storage, wopiServerType, accounts_hash_difficulty = "steps": evaluateWorkflowStep() + restoreBuildArtifactCache(ctx, dirs["opencloudBinArtifact"], dirs["opencloudBinPath"]) + waitForServices("fake-office", ["fakeoffice:8080"]) + - opencloudServer(storage, accounts_hash_difficulty, deploy_type = "wopi_validator", extra_server_environment = extra_server_environment) + + opencloudServer(storage, deploy_type = "wopi_validator", extra_server_environment = extra_server_environment) + wopiServer + waitForServices("wopi-fakeoffice", ["wopi-fakeoffice:9300"]) + [ @@ -1224,7 +1217,6 @@ def localApiTestPipeline(ctx): "extraTestEnvironment": {}, "extraServerEnvironment": {}, "storages": ["posix"], - "accounts_hash_difficulty": 4, "emailNeeded": False, "antivirusNeeded": False, "tikaNeeded": False, @@ -1281,13 +1273,12 @@ def localApiTestPipeline(ctx): (waitForLdapService() if params["ldapNeeded"] else []) + opencloudServer( storage, - params["accounts_hash_difficulty"], extra_server_environment = params["extraServerEnvironment"], with_wrapper = True, tika_enabled = params["tikaNeeded"], watch_fs_enabled = run_with_watch_fs_enabled, ) + - (opencloudServer(storage, params["accounts_hash_difficulty"], deploy_type = "federation", extra_server_environment = params["extraServerEnvironment"], watch_fs_enabled = run_with_watch_fs_enabled) if params["federationServer"] else []) + + (opencloudServer(storage, deploy_type = "federation", extra_server_environment = params["extraServerEnvironment"], watch_fs_enabled = run_with_watch_fs_enabled) if params["federationServer"] else []) + ((wopiCollaborationService("fakeoffice") + wopiCollaborationService("collabora") + wopiCollaborationService("onlyoffice")) if params["collaborationServiceNeeded"] else []) + (openCloudHealthCheck("wopi", ["wopi-collabora:9304", "wopi-onlyoffice:9304", "wopi-fakeoffice:9304"]) if params["collaborationServiceNeeded"] else []) + localApiTest(params["suites"], storage, params["extraTestEnvironment"], run_with_remote_php, params["generateVirusFiles"]) + @@ -1366,7 +1357,6 @@ def coreApiTestPipeline(ctx): "numberOfParts": 7, "skipExceptParts": [], "skip": False, - "accounts_hash_difficulty": 4, } pipelines = [] @@ -1412,7 +1402,6 @@ def coreApiTestPipeline(ctx): restoreBuildArtifactCache(ctx, dirs["opencloudBinArtifact"], dirs["opencloudBinPath"]) + opencloudServer( storage, - params["accounts_hash_difficulty"], with_wrapper = True, watch_fs_enabled = run_with_watch_fs_enabled, ) + @@ -2330,7 +2319,7 @@ def notifyMatrix(ctx): return result -def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depends_on = [], deploy_type = "", extra_server_environment = {}, with_wrapper = False, tika_enabled = False, watch_fs_enabled = False): +def opencloudServer(storage = "decomposed", depends_on = [], deploy_type = "", extra_server_environment = {}, with_wrapper = False, tika_enabled = False, watch_fs_enabled = False): user = "0:0" container_name = OC_SERVER_NAME environment = { @@ -2426,13 +2415,6 @@ def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depend if watch_fs_enabled: environment["STORAGE_USERS_POSIX_WATCH_FS"] = True - # Pass in "default" accounts_hash_difficulty to not set this environment variable. - # That will allow OpenCloud to use whatever its built-in default is. - # Otherwise pass in a value from 4 to about 11 or 12 (default 4, for making regular tests fast) - # The high values cause lots of CPU to be used when hashing passwords, and really slow down the tests. - if accounts_hash_difficulty != "default": - environment["ACCOUNTS_HASH_DIFFICULTY"] = accounts_hash_difficulty - for item in extra_server_environment: environment[item] = extra_server_environment[item] diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml index 7894cc1880..1cbbe49187 100644 --- a/tests/acceptance/config/behat.yml +++ b/tests/acceptance/config/behat.yml @@ -3,9 +3,9 @@ default: "": "%paths.base%/../bootstrap" suites: - apiAccountsHashDifficulty: + apiSpaces: paths: - - "%paths.base%/../features/apiAccountsHashDifficulty" + - "%paths.base%/../features/apiSpaces" context: &common_ldap_suite_context parameters: ldapAdminPassword: admin @@ -18,21 +18,6 @@ default: adminPassword: admin regularUserPassword: 123456 - SettingsContext: - - GraphContext: - - SpacesContext: - - CapabilitiesContext: - - FilesVersionsContext: - - NotificationContext: - - OCSContext: - - PublicWebDavContext: - - apiSpaces: - paths: - - "%paths.base%/../features/apiSpaces" - context: *common_ldap_suite_context - contexts: - - FeatureContext: *common_feature_context_params - - SettingsContext: - SpacesContext: - CapabilitiesContext: - FilesVersionsContext: @@ -442,7 +427,7 @@ default: - AuthAppContext: - CliContext: - OcConfigContext: - + apiTenancy: paths: - "%paths.base%/../features/apiTenancy" diff --git a/tests/acceptance/docker/src/opencloud-base.yml b/tests/acceptance/docker/src/opencloud-base.yml index 2e5c76e5fd..3cd02a0f55 100644 --- a/tests/acceptance/docker/src/opencloud-base.yml +++ b/tests/acceptance/docker/src/opencloud-base.yml @@ -14,7 +14,6 @@ services: SHARING_USER_JSON_FILE: /srv/app/tmp/opencloud/shares.json PROXY_ENABLE_BASIC_AUTH: "true" WEB_UI_CONFIG_FILE: /woodpecker/src/github.com/opencloud-eu/opencloud/tests/config/woodpecker/opencloud-config.json - ACCOUNTS_HASH_DIFFICULTY: 4 OC_INSECURE: "true" IDM_CREATE_DEMO_USERS: "true" IDM_ADMIN_PASSWORD: "admin" diff --git a/tests/acceptance/expected-failures-decomposed-storage.md b/tests/acceptance/expected-failures-decomposed-storage.md index 11384990e6..1fd60d34f2 100644 --- a/tests/acceptance/expected-failures-decomposed-storage.md +++ b/tests/acceptance/expected-failures-decomposed-storage.md @@ -19,8 +19,6 @@ #### [Settings service user can list other peoples assignments](https://github.com/owncloud/ocis/issues/5032) -- [apiAccountsHashDifficulty/assignRole.feature:27](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L27) -- [apiAccountsHashDifficulty/assignRole.feature:28](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L28) - [apiGraph/getAssignedRole.feature:31](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L31) - [apiGraph/getAssignedRole.feature:32](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L32) - [apiGraph/getAssignedRole.feature:33](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L33) diff --git a/tests/acceptance/expected-failures-posix-storage.md b/tests/acceptance/expected-failures-posix-storage.md index bf72df4d16..93feeadc6b 100644 --- a/tests/acceptance/expected-failures-posix-storage.md +++ b/tests/acceptance/expected-failures-posix-storage.md @@ -19,8 +19,6 @@ #### [Settings service user can list other peoples assignments](https://github.com/owncloud/ocis/issues/5032) -- [apiAccountsHashDifficulty/assignRole.feature:27](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L27) -- [apiAccountsHashDifficulty/assignRole.feature:28](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L28) - [apiGraph/getAssignedRole.feature:31](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L31) - [apiGraph/getAssignedRole.feature:32](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L32) - [apiGraph/getAssignedRole.feature:33](https://github.com/opencloud-eu/opencloud/blob/main/tests/acceptance/features/apiGraph/getAssignedRole.feature#L33) diff --git a/tests/acceptance/features/apiAccountsHashDifficulty/addUser.feature b/tests/acceptance/features/apiAccountsHashDifficulty/addUser.feature deleted file mode 100644 index ca9218fe81..0000000000 --- a/tests/acceptance/features/apiAccountsHashDifficulty/addUser.feature +++ /dev/null @@ -1,16 +0,0 @@ -@skipOnReva -Feature: add user - As an admin - I want to be able to add users and store their password with the full hash difficulty - So that I can give people controlled individual access to resources on the OpenCloud server - - - Scenario: admin creates a user - When the user "Admin" creates a new user with the following attributes using the Graph API: - | userName | brand-new-user | - | displayName | Brand New User | - | email | new@example.org | - | password | %alt1% | - Then the HTTP status code should be "201" - And user "brand-new-user" should exist - And user "brand-new-user" should be able to upload file "filesForUpload/lorem.txt" to "lorem.txt" diff --git a/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature b/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature deleted file mode 100644 index 4154cb2ca9..0000000000 --- a/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature +++ /dev/null @@ -1,64 +0,0 @@ -Feature: assign role - As an admin, - I want to assign roles to users - So that I can provide them different authority - - - Scenario Outline: only admin user can see all existing roles - Given user "Alice" has been created with default attributes - And the administrator has given "Alice" the role "" using the settings api - When user "Alice" tries to get all existing roles using the settings API - Then the HTTP status code should be "" - Examples: - | user-role | http-status-code | - | Admin | 201 | - | Space Admin | 201 | - | User | 201 | - - @issue-5032 - Scenario Outline: only admin user can see assignments list - Given user "Alice" has been created with default attributes - And the administrator has given "Alice" the role "" using the settings api - When user "Alice" tries to get list of assignment using the settings API - Then the HTTP status code should be "" - Examples: - | user-role | http-status-code | - | Admin | 201 | - | Space Admin | 401 | - | User | 401 | - - - Scenario Outline: a user cannot change own role - Given user "Alice" has been created with default attributes - And the administrator has given "Alice" the role "" using the settings api - When user "Alice" changes his own role to "" - Then the HTTP status code should be "400" - And user "Alice" should have the role "" - Examples: - | user-role | desired-role | - | Admin | User | - | Admin | Space Admin | - | Space Admin | Admin | - | Space Admin | Space Admin | - | User | Admin | - | User | Space Admin | - - - Scenario Outline: only admin user can change the role for another user - Given these users have been created with default attributes: - | username | - | Alice | - | Brian | - And the administrator has given "Alice" the role "" using the settings api - When user "Alice" changes the role "" for user "Brian" - Then the HTTP status code should be "" - And user "Brian" should have the role "" - Examples: - | user-role | desired-role | http-status-code | expected-role | - | Admin | User | 201 | User | - | Admin | Space Admin | 201 | Space Admin | - | Admin | Admin | 201 | Admin | - | Space Admin | Admin | 400 | User | - | Space Admin | Space Admin | 400 | User | - | User | Admin | 400 | User | - | User | Space Admin | 400 | User | diff --git a/tests/acceptance/features/apiAccountsHashDifficulty/createShareToSharesFolder.feature b/tests/acceptance/features/apiAccountsHashDifficulty/createShareToSharesFolder.feature deleted file mode 100644 index d774757b51..0000000000 --- a/tests/acceptance/features/apiAccountsHashDifficulty/createShareToSharesFolder.feature +++ /dev/null @@ -1,18 +0,0 @@ -@skipOnReva -Feature: sharing - As a user - I want to be able to share files when passwords are stored with the full hash difficulty - So that I can give people secure controlled access to my data - - - Scenario Outline: creating a share of a file with a user - Given using OCS API version "" - And user "Alice" has been created with default attributes - And user "Alice" has uploaded file with content "OpenCloud test text file 0" to "/textfile0.txt" - And user "Brian" has been created with default attributes - When user "Alice" shares file "textfile0.txt" with user "Brian" using the sharing API - And the content of file "/Shares/textfile0.txt" for user "Brian" should be "OpenCloud test text file 0" - Examples: - | ocs-api-version | - | 1 | - | 2 | diff --git a/tests/acceptance/features/apiAccountsHashDifficulty/uploadFile.feature b/tests/acceptance/features/apiAccountsHashDifficulty/uploadFile.feature deleted file mode 100644 index b043ded69e..0000000000 --- a/tests/acceptance/features/apiAccountsHashDifficulty/uploadFile.feature +++ /dev/null @@ -1,21 +0,0 @@ -@skipOnReva -Feature: upload file - As a user - I want to be able to upload files when passwords are stored with the full hash difficulty - So that I can store and share files securely between multiple client systems - - - Scenario Outline: upload a file and check download content - Given using OCS API version "" - And user "Alice" has been created with default attributes - And using DAV path - When user "Alice" uploads file with content "uploaded content" to "/upload.txt" using the WebDAV API - Then the content of file "/upload.txt" for user "Alice" should be "uploaded content" - Examples: - | ocs-api-version | dav-path-version | - | 1 | old | - | 1 | new | - | 1 | spaces | - | 2 | old | - | 2 | new | - | 2 | spaces | diff --git a/tests/acceptance/features/apiAccountsHashDifficulty/webDavPUTAuthInvalid.feature b/tests/acceptance/features/apiAccountsHashDifficulty/webDavPUTAuthInvalid.feature deleted file mode 100644 index 7d7ca85f69..0000000000 --- a/tests/acceptance/features/apiAccountsHashDifficulty/webDavPUTAuthInvalid.feature +++ /dev/null @@ -1,31 +0,0 @@ -@skipOnReva -Feature: attempt to PUT files with invalid password - As an admin - I want the system to be secure when passwords are stored with the full hash difficulty - So that unauthorised users do not have access to data - - Background: - Given user "Alice" has been created with default attributes - And user "Alice" has created folder "/PARENT" - - - Scenario: send PUT requests to webDav endpoints as normal user with wrong password - When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "invalid" about user "Alice" - | endpoint | - | /webdav/textfile0.txt | - | /dav/files/%username%/textfile0.txt | - | /webdav/PARENT | - | /dav/files/%username%/PARENT | - | /dav/files/%username%/PARENT/parent.txt | - Then the HTTP status code of responses on all endpoints should be "401" - - - Scenario: send PUT requests to webDav endpoints as normal user with no password - When user "Alice" requests these endpoints with "PUT" including body "doesnotmatter" using password "" about user "Alice" - | endpoint | - | /webdav/textfile0.txt | - | /dav/files/%username%/textfile0.txt | - | /webdav/PARENT | - | /dav/files/%username%/PARENT | - | /dav/files/%username%/PARENT/parent.txt | - Then the HTTP status code of responses on all endpoints should be "401" diff --git a/tests/acceptance/scripts/run_api_tests.sh b/tests/acceptance/scripts/run_api_tests.sh index 9a7068c356..fc310a5409 100755 --- a/tests/acceptance/scripts/run_api_tests.sh +++ b/tests/acceptance/scripts/run_api_tests.sh @@ -64,7 +64,6 @@ SUITES=( "apiSharingNgShareInvitation" "apiSharingNgLinkSharePermission" "apiSharingNgLinkShareRoot" - "apiAccountsHashDifficulty" "apiSearchContent" "apiNotification" )