From 3d894598aecfefc28d041af9c6c0c1d75876fab7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Calvi=C3=B1o=20S=C3=A1nchez?= <danxuliu@gmail.com>
Date: Wed, 14 Aug 2019 14:59:31 +0200
Subject: [PATCH] Add integration tests for self-joined users in files shared
 by link
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Self-joined users and guests can join the room for a file if the file is
shared by link. In order to check that, however, the share token should
have been previously stored in the session, as the room is linked to the
file id and users without direct access to a file can not find out if
the file is shared by link or not. Therefore self-joined users and
guests must get the room for the share (which stores the share token in
the session) before being able to join the room.

Besides that, in the case of self-joined users they must be logged in
too. Otherwise the session is regenerated on each new request, which
prevents getting the share token stored in a previous request.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
---
 .../features/bootstrap/FeatureContext.php     | 45 ++++++++++++++++
 .../features/conversation/files.feature       | 51 +++++++++++++++++++
 2 files changed, 96 insertions(+)

diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php
index d52aec36e..1ce98a883 100644
--- a/tests/integration/features/bootstrap/FeatureContext.php
+++ b/tests/integration/features/bootstrap/FeatureContext.php
@@ -1107,6 +1107,51 @@ class FeatureContext implements Context, SnippetAcceptingContext {
 	 * Requests
 	 */
 
+	/**
+	 * @Given /^user "([^"]*)" logs in$/
+	 */
+	public function userLogsIn(string $user) {
+		$loginUrl = $this->baseUrl . '/login';
+
+		$cookieJar = $this->getUserCookieJar($user);
+
+		// Request a new session and extract CSRF token
+		$client = new Client();
+		$this->response = $client->get(
+			$loginUrl,
+			[
+				'cookies' => $cookieJar,
+			]
+		);
+
+		$requestToken = $this->extractRequestTokenFromResponse($this->response);
+
+		// Login and extract new token
+		$password = ($user === 'admin') ? 'admin' : '123456';
+		$client = new Client();
+		$this->response = $client->post(
+			$loginUrl,
+			[
+				'body' => [
+					'user' => $user,
+					'password' => $password,
+					'requesttoken' => $requestToken,
+				],
+				'cookies' => $cookieJar,
+			]
+		);
+
+		$this->assertStatusCode($this->response, 200);
+	}
+
+	/**
+	 * @param ResponseInterface $response
+	 * @return string
+	 */
+	private function extractRequestTokenFromResponse(ResponseInterface $response): string {
+		return substr(preg_replace('/(.*)data-requesttoken="(.*)">(.*)/sm', '\2', $response->getBody()->getContents()), 0, 89);
+	}
+
 	/**
 	 * @When /^sending "([^"]*)" to "([^"]*)" with$/
 	 * @param string $verb
diff --git a/tests/integration/features/conversation/files.feature b/tests/integration/features/conversation/files.feature
index 71d88a08e..84c22aeda 100644
--- a/tests/integration/features/conversation/files.feature
+++ b/tests/integration/features/conversation/files.feature
@@ -249,6 +249,16 @@ Feature: conversation/files
     When user "participant2" joins room "file last share room" with 200
     Then user "participant2" is participant of room "file last share room"
 
+  Scenario: user without access to a file shared by link can join its room
+    Given user "participant1" shares "welcome.txt" by link with OCS 100
+    # Users without access to a file shared by link need to log in (so further
+    # requests keep the same session) and get the room (so the share token is
+    # stored in the session) to be able to join it.
+    And user "participant2" logs in
+    And user "participant2" gets the room for last share with 200
+    When user "participant2" joins room "file last share room" with 200
+    Then user "participant2" is participant of room "file last share room"
+
   Scenario: guest can join the room of a file shared by link
     Given user "participant1" shares "welcome.txt" by link with OCS 100
     And user "guest" gets the room for last share with 200
@@ -296,6 +306,18 @@ Feature: conversation/files
     When user "participant2" leaves room "file last share room" with 200
     Then user "participant2" is participant of room "file last share room"
 
+  Scenario: user without access to a file shared by link is removed from its room after leaving it
+    Given user "participant1" shares "welcome.txt" by link with OCS 100
+    # Users without access to a file shared by link need to log in (so further
+    # requests keep the same session) and get the room (so the share token is
+    # stored in the session) to be able to join it.
+    And user "participant2" logs in
+    And user "participant2" gets the room for last share with 200
+    And user "participant2" joins room "file last share room" with 200
+    And user "participant2" is participant of room "file last share room"
+    When user "participant2" leaves room "file last share room" with 200
+    Then user "participant2" is not participant of room "file last share room"
+
   Scenario: guest is removed from the room of a file shared by link after leaving it
     Given user "participant1" shares "welcome.txt" by link with OCS 100
     And user "guest" gets the room for last share with 200
@@ -353,6 +375,20 @@ Feature: conversation/files
     And user "participant2" joins room "file last share room" with 200
     Then user "participant2" is participant of room "file last share room"
 
+  Scenario: user without access to a file shared by link can join its room again after removing self from it
+    Given user "participant1" shares "welcome.txt" by link with OCS 100
+    # Users without access to a file shared by link need to log in (so further
+    # requests keep the same session) and get the room (so the share token is
+    # stored in the session) to be able to join it.
+    And user "participant2" logs in
+    And user "participant2" gets the room for last share with 200
+    And user "participant2" joins room "file last share room" with 200
+    And user "participant2" is participant of room "file last share room"
+    When user "participant2" removes themselves from room "file last share room" with 200
+    And user "participant2" is not participant of room "file last share room"
+    And user "participant2" joins room "file last share room" with 200
+    Then user "participant2" is participant of room "file last share room"
+
   # Guests can not remove themselves from a room.
 
 
@@ -409,6 +445,21 @@ Feature: conversation/files
     And user "participant2" joins room "file last share room" with 200
     And user "participant2" is participant of room "file last share room"
 
+  Scenario: user is not participant of room for file no longer shared by link and without access to it
+    Given user "participant1" shares "welcome.txt" by link with OCS 100
+    # Users without access to a file shared by link need to log in (so further
+    # requests keep the same session) and get the room (so the share token is
+    # stored in the session) to be able to join it.
+    And user "participant2" logs in
+    And user "participant2" gets the room for last share with 200
+    And user "participant2" joins room "file last share room" with 200
+    And user "participant2" leaves room "file last share room" with 200
+    And user "participant2" is not participant of room "file last share room"
+    When user "participant1" deletes last share
+    Then user "participant2" is not participant of room "file last share room"
+    And user "participant2" joins room "file last share room" with 404
+    And user "participant2" is not participant of room "file last share room"
+
   Scenario: guest is not participant of room for file no longer shared by link
     Given user "participant1" shares "welcome.txt" by link with OCS 100
     And user "guest" gets the room for last share with 200