-
Notifications
You must be signed in to change notification settings - Fork 2.1k
/
Copy pathuploadFileToExcludedDirectory.feature
71 lines (64 loc) · 3.99 KB
/
uploadFileToExcludedDirectory.feature
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
@api
Feature: users cannot upload a file to or into an excluded directory
As an administrator
I want to be able to exclude directories (folders) from being processed. Any attempt to upload a file to one of those names should be refused.
So that I can have directories on my cloud server storage that are not available for syncing.
Background:
Given using OCS API version "1"
And user "Alice" has been created with default attributes and without skeleton files
Scenario Outline: upload a file to an excluded directory name
Given using <dav_version> DAV path
And the administrator has updated system config key "excluded_directories" with value '[".github"]' and type "json"
When user "Alice" uploads file with content "uploaded content" to ".github" using the WebDAV API
Then the HTTP status code should be "403"
And as "Alice" file ".github" should not exist
Examples:
| dav_version |
| old |
| new |
Scenario Outline: upload a file to an excluded directory name inside a parent directory
Given using <dav_version> DAV path
And user "Alice" has created folder "FOLDER"
And the administrator has updated system config key "excluded_directories" with value '[".github"]' and type "json"
When user "Alice" uploads file with content "uploaded content" to "/FOLDER/.github" using the WebDAV API
Then the HTTP status code should be "403"
And as "Alice" folder "/FOLDER" should exist
But as "Alice" file "/FOLDER/.github" should not exist
Examples:
| dav_version |
| old |
| new |
Scenario Outline: upload a file to a filename that matches (or not) excluded_directories_regex
Given using <dav_version> DAV path
And user "Alice" has created folder "FOLDER"
# Note: we have to write JSON for the value, and to get a backslash in the double-quotes we have to escape it
# The actual regular expressions end up being endswith\.bad$ and ^\.git
And the administrator has updated system config key "excluded_directories_regex" with value '["endswith\\.bad$","^\\.git","containsvirusinthename"]' and type "json"
When user "Alice" uploads to these filenames with content "uploaded content" using the webDAV API then the results should be as listed
| filename | http-code | exists |
| endswith.bad | 403 | no |
| thisendswith.bad | 403 | no |
| .git | 403 | no |
| .github | 403 | no |
| containsvirusinthename | 403 | no |
| this-containsvirusinthename.txt | 403 | no |
| /FOLDER/endswith.bad | 403 | no |
| /FOLDER/thisendswith.bad | 403 | no |
| /FOLDER/.git | 403 | no |
| /FOLDER/.github | 403 | no |
| /FOLDER/containsvirusinthename | 403 | no |
| /FOLDER/this-containsvirusinthename.txt | 403 | no |
| endswith.badandotherstuff | 201 | yes |
| thisendswith.badandotherstuff | 201 | yes |
| name.git | 201 | yes |
| name.github | 201 | yes |
| not-contains-virus-in-the-name.txt | 201 | yes |
| /FOLDER/endswith.badandotherstuff | 201 | yes |
| /FOLDER/thisendswith.badandotherstuff | 201 | yes |
| /FOLDER/name.git | 201 | yes |
| /FOLDER/name.github | 201 | yes |
| /FOLDER/not-contains-virus-in-the-name.txt | 201 | yes |
Examples:
| dav_version |
| old |
| new |