From d347f8fcae9cdc714d3c988b3e955b4107a2607b Mon Sep 17 00:00:00 2001
From: Parajuli Kiran <kiranparajuli589@gmail.com>
Date: Mon, 13 Sep 2021 13:54:14 +0545
Subject: [PATCH] Added cli acceptance tests for encrpytion command
---
.drone.star | 324 ++----------------
tests/acceptance/config/behat.yml | 10 +
.../features/bootstrap/OccContext.php | 44 +++
.../features/cliEncryption/encryption.feature | 71 ++++
4 files changed, 145 insertions(+), 304 deletions(-)
create mode 100644 tests/acceptance/features/cliEncryption/encryption.feature
diff --git a/.drone.star b/.drone.star
index c77bfdc2b83a..bba8702ca1f0 100644
--- a/.drone.star
+++ b/.drone.star
@@ -12,317 +12,33 @@ config = {
"branches": [
"master",
],
- "dependencies": True,
- "codestyle": True,
- "phpstan": True,
- "phan": True,
- "javascript": True,
- "litmus": True,
- "dav": True,
- "phpunit": {
- "mostDatabases": {
- "phpVersions": [
- "7.3",
- ],
- # Gather coverage for all databases except Oracle
- "coverage": True,
- "databases": [
- "sqlite",
- "mariadb:10.2",
- "mariadb:10.3",
- "mariadb:10.4",
- "mariadb:10.5",
- "mariadb:10.6",
- "mysql:5.5",
- "mysql:5.7",
- "mysql:8.0",
- "postgres:9.4",
- "postgres:10.3",
- ],
- },
- "slowDatabases": {
- "phpVersions": [
- "7.3",
- ],
- # Oracle takes a long time to start and run
- # So do not collect coverage for that
- # This helps the SonarCloud analysis to be ready much more quickly
- "coverage": False,
- "databases": [
- "oracle",
- ],
- },
- "reducedDatabases": {
- "phpVersions": [
- "7.4",
- ],
- "databases": [
- "sqlite",
- "mariadb:10.2",
- ],
- },
- "external-samba-windows": {
- "phpVersions": [
- "7.3",
- "7.4",
- ],
- "databases": [
- "sqlite",
- ],
- "externalTypes": [
- "samba",
- "windows",
- ],
- "coverage": True,
- "extraCommandsBeforeTestRun": [
- "ls -l /var/cache",
- "mkdir /var/cache/samba",
- "ls -l /var/cache",
- "ls -l /var/cache/samba",
- ],
- },
- "external-other": {
- "phpVersions": [
- "7.3",
- "7.4",
- ],
- "databases": [
- "sqlite",
- ],
- "externalTypes": [
- "webdav",
- "sftp",
- "scality",
- "owncloud",
- ],
- "coverage": True,
- },
- },
"acceptance": {
- "api": {
+ "cliEncryption": {
"suites": [
- "apiAuth",
- "apiAuthOcs",
- "apiAuthWebDav",
- "apiCapabilities",
- "apiComments",
- "apiFavorites",
- "apiMain",
- "apiProvisioning-v1",
- "apiProvisioning-v2",
- "apiProvisioningGroups-v1",
- "apiProvisioningGroups-v2",
- "apiShareCreateSpecialToRoot1",
- "apiShareCreateSpecialToShares1",
- "apiShareCreateSpecialToRoot2",
- "apiShareCreateSpecialToShares2",
- "apiSharees",
- "apiShareManagementToRoot",
- "apiShareManagementToShares",
- "apiShareManagementBasicToRoot",
- "apiShareManagementBasicToShares",
- "apiShareOperationsToRoot1",
- "apiShareOperationsToRoot2",
- "apiShareOperationsToShares1",
- "apiShareOperationsToShares2",
- "apiSharePublicLink1",
- "apiSharePublicLink2",
- "apiShareReshareToRoot1",
- "apiShareReshareToShares1",
- "apiShareReshareToRoot2",
- "apiShareReshareToShares2",
- "apiShareReshareToRoot3",
- "apiShareReshareToShares3",
- "apiShareUpdateToRoot",
- "apiShareUpdateToShares",
- "apiTags",
- "apiTranslation",
- "apiTrashbin",
- "apiTrashbinRestore",
- "apiVersions",
- "apiWebdavEtagPropagation1",
- "apiWebdavEtagPropagation2",
- "apiWebdavLocks",
- "apiWebdavLocks2",
- "apiWebdavLocks3",
- "apiWebdavLocksUnlock",
- "apiWebdavMove1",
- "apiWebdavMove2",
- "apiWebdavOperations",
- "apiWebdavPreviews",
- "apiWebdavProperties1",
- "apiWebdavProperties2",
- "apiWebdavUpload1",
- "apiWebdavUpload2",
- ],
- },
- "apiNotifications": {
- "suites": [
- "apiSharingNotificationsToRoot",
- "apiSharingNotificationsToShares",
+ "cliEncryption",
],
"extraApps": {
- "notifications": 'if [ -f "composer.json" ]; then composer install; fi',
+ "encryption": "composer install",
},
- },
- "apiFederation": {
- "suites": [
- "apiFederationToRoot1",
- "apiFederationToRoot2",
- "apiFederationToShares1",
- "apiFederationToShares2",
- ],
- "federatedServerNeeded": True,
- "federatedServerVersions": ["git", "latest", "10.7.0"],
- },
- "cli": {
- "suites": [
- "cliBackground",
- "cliLocalStorage",
- "cliMain",
- "cliProvisioning",
- "cliTrashbin",
- ],
- "emailNeeded": True,
- },
- "cliAppManagement": {
- "suites": [
- "cliAppManagement",
- ],
"testingRemoteSystem": False,
- },
- "cliExternalStorage": {
- "suites": [
- "cliExternalStorage",
- ],
- "federatedServerNeeded": True,
- "federatedServerVersions": ["git", "latest", "10.7.0"],
- },
- "webUI": {
- "suites": {
- "webUIAddUsers": "",
- "webUIAdminSettings": "",
- "webUIComments": "",
- "webUICreateDelete": "",
- "webUIFavorites": "",
- "webUIFiles": "",
- "webUILogin": "",
- "webUIManageQuota": "",
- "webUIManageUsersGroups": "webUIManageUsersGrps",
- "webUIMoveFilesFolders": "webUIMoveFilesFolder",
- "webUIPersonalSettings": "webUIPersonalSetting",
- "webUIRenameFiles": "",
- "webUIRenameFolders": "",
- "webUIRestrictSharing": "",
- "webUISettingsMenu": "",
- "webUISharingAcceptShares": "webUISharingAcceptSh",
- "webUISharingAutocompletion1": "webUISharingAutocomp1",
- "webUISharingAutocompletion2": "webUISharingAutocomp2",
- "webUISharingInternalGroups1": "webUISharingIntGroup1",
- "webUISharingInternalGroups2": "webUISharingIntGroup2",
- "webUISharingInternalUsers1": "webUISharingIntUsers1",
- "webUISharingInternalUsers2": "webUISharingIntUsers2",
- "webUISharingPublic1": "",
- "webUISharingPublic2": "",
- "webUITags": "",
- "webUITrashbin": "",
- "webUIUpload": "",
- "webUIWebdavLockProtection": "webUIWebdavLockProt",
- "webUIWebdavLocks": "",
- },
- "emailNeeded": True,
- "useHttps": False,
- },
- "webUINotifications": {
- "suites": {
- "webUISharingNotifications": "webUISharingNotify",
- },
- "emailNeeded": True,
- "useHttps": False,
- "extraApps": {
- "notifications": "composer install",
- },
- },
- "webUIFileActionsMenu": {
- "suites": {
- "webUIFileActionsMenu": "",
- },
- "useHttps": False,
- "extraApps": {
- "files_texteditor": "make vendor",
- "richdocuments": "make vendor",
- },
- },
- "webUIFederation": {
- "suites": {
- "webUISharingExternal1": "webUISharingExt1",
- "webUISharingExternal2": "webUISharingExt2",
- },
- "federatedServerNeeded": True,
- "federatedServerVersions": ["git", "latest", "10.7.0"],
- },
- "webUIFirefox": {
- "suites": {
- "webUIFirefoxSmoketest": "webUIFfSmoke",
- },
- "browsers": [
- "firefox",
- ],
- "emailNeeded": True,
- "useHttps": False,
- "filterTags": "@smokeTest&&~@notifications-app-required",
- "runAllSuites": True,
- "numberOfParts": 3,
- },
- "webUIProxy": {
- "suites": {
- "webUIProxySmoketest": "webUIProxySmoke",
- },
- "browsers": [
- "chrome",
- ],
- "emailNeeded": True,
- "proxyNeeded": True,
- "useHttps": False,
- "filterTags": "@smokeTest&&~@notifications-app-required",
- "runAllSuites": True,
- "numberOfParts": 3,
- },
- "webUIMobileSize": {
- "suites": {
- "webUIMobileSize": "",
- },
- "browsers": [
- "chrome",
+ "extraSetup": [{
+ "name": "configure-encryption",
+ "image": "owncloudci/php:7.4",
+ "pull": "always",
+ "commands": [
+ "php occ maintenance:singleuser --on",
+ "php occ encryption:enable",
+ "php occ encryption:select-encryption-type masterkey --yes",
+ "php occ encryption:encrypt-all --yes",
+ "php occ encryption:status",
+ "php occ maintenance:singleuser --off",
+ ],
+ }],
+ "extraCommandsBeforeTestRun": [
+ "mkdir data/owncloud-keys",
+ "chown -R www-data data/owncloud-keys",
+ "chmod -R 0770 data/owncloud-keys",
],
- "emailNeeded": True,
- "useHttps": False,
- "filterTags": "@mobileResolutionTest&&~@notifications-app-required",
- "runAllSuites": True,
- "numberOfParts": 3,
- "extraEnvironment": {
- "MOBILE_RESOLUTION": "375x812",
- "OC_LANGUAGE": "en-EN",
- },
- },
- "apiProxy": {
- "suites": {
- "apiProxySmoketest": "apiProxySmoke",
- },
- "proxyNeeded": True,
- "useHttps": False,
- "filterTags": "@smokeTest&&~@notifications-app-required",
- "runAllSuites": True,
- "numberOfParts": 8,
- },
- "apiOnSqlite": {
- "suites": {
- "apiOnSqlite": "apiOnSqlite",
- },
- "databases": ["sqlite"],
- "useHttps": False,
- "filterTags": "@sqliteDB",
- "runAllSuites": True,
},
},
}
diff --git a/tests/acceptance/config/behat.yml b/tests/acceptance/config/behat.yml
index 2f2949cf022a..f96bfb25ac5d 100644
--- a/tests/acceptance/config/behat.yml
+++ b/tests/acceptance/config/behat.yml
@@ -692,6 +692,16 @@ default:
- FeatureContext: *common_feature_context_params
- OccContext:
+ cliEncryption:
+ paths:
+ - '%paths.base%/../features/cliEncryption'
+ context: *common_ldap_suite_context
+ contexts:
+ - FeatureContext: *common_feature_context_params
+ - OccContext:
+ - WebDavPropertiesContext:
+ - EncryptionContext:
+
cliExternalStorage:
paths:
- '%paths.base%/../features/cliExternalStorage'
diff --git a/tests/acceptance/features/bootstrap/OccContext.php b/tests/acceptance/features/bootstrap/OccContext.php
index 271d75700785..4c797024f94f 100644
--- a/tests/acceptance/features/bootstrap/OccContext.php
+++ b/tests/acceptance/features/bootstrap/OccContext.php
@@ -639,6 +639,16 @@ public function theAdministratorHasInvokedOccCommand(string $cmd):void {
$this->theCommandShouldHaveBeenSuccessful();
}
+ /**
+ * @Given the administrator has selected master key encryption type using the occ command
+ *
+ * @return void
+ * @throws Exception
+ */
+ public function theAdministratorHasSelectedMasterKeyEncryptionTypeUsingTheOccCommand():void {
+ $this->featureContext->runOcc(['encryption:select-encryption-type', "masterkey --yes"]);
+ }
+
/**
* @When the administrator imports security certificate from file :filename in temporary storage on the system under test
*
@@ -735,6 +745,40 @@ public function theAdministratorRunsUpgradeRoutinesOnLocalServerUsingTheOccComma
}
}
+ /**
+ * @Given the administrator has decrypted everything
+ *
+ * @return void
+ * @throws Exception
+ */
+ public function theAdministratorHasDecryptedEverything():void {
+ $this->theAdministratorRunsEncryptionDecryptAllUsingTheOccCommand();
+ $this->theCommandShouldHaveBeenSuccessful();
+ }
+
+ /**
+ * @When the administrator disables encryption using the occ command
+ *
+ * @return void
+ * @throws Exception
+ */
+ public function theAdministratorDisablesEncryptionUsingTheOccCommand():void {
+ $this->invokingTheCommand("encryption:disable");
+ }
+
+ /**
+ * @When the administrator runs encryption decrypt all using the occ command
+ *
+ * @return void
+ */
+ public function theAdministratorRunsEncryptionDecryptAllUsingTheOccCommand():void {
+ \system("./occ maintenance:singleuser --on");
+ \system("./occ encryption:decrypt-all -c yes", $status);
+
+ $this->featureContext->setResultOfOccCommand(["code" => $status, "stdOut" => null, "stdErr" => null]);
+ \system("./occ maintenance:singleuser --off");
+ }
+
/**
* @return bool
*/
diff --git a/tests/acceptance/features/cliEncryption/encryption.feature b/tests/acceptance/features/cliEncryption/encryption.feature
new file mode 100644
index 000000000000..839a6d0b0b6a
--- /dev/null
+++ b/tests/acceptance/features/cliEncryption/encryption.feature
@@ -0,0 +1,71 @@
+@cli @skipWhenTestingRemoteSystems
+Feature: encryption command
+ As an admin
+ I want to encrypt-decrypt my data
+ So that users' resources are protected
+
+
+ Scenario: view current encryption status
+ When the administrator invokes occ command "encryption:status"
+ Then the command should have been successful
+ And the command output should contain the text "enabled: true"
+ And the command output should contain the text "defaultModule: OC_DEFAULT_MODULE"
+
+
+ Scenario: list available encryption modules
+ When the administrator invokes occ command "encryption:list-modules"
+ Then the command should have been successful
+ And the command output should contain the text "OC_DEFAULT_MODULE: Default encryption module [default*]"
+
+
+ Scenario: show current key storage root
+ When the administrator invokes occ command "encryption:show-key-storage-root"
+ Then the command should have been successful
+ And the command output should contain the text "Current key storage root: default storage location (data/)"
+
+
+ Scenario: it should be possible to disable encryption after decrypting all of the encrypted files
+ Given the administrator has uploaded file with content "uploaded content" to "/lorem.txt"
+ And the administrator has decrypted everything
+ When the administrator disables encryption using the occ command
+ Then the command should have been successful
+ And the command output should contain the text "Cleaned up config"
+ And the command output should contain the text "Encryption is already disabled"
+ When the administrator invokes occ command "encryption:status"
+ Then the command should have been successful
+ And the command output should contain the text "enabled: false"
+
+
+ Scenario: data file contents should be encrypted
+ Given user "Alice" has been created with default attributes and without skeleton files
+ When user "Alice" uploads file with content "file to upload" to "/fileToUpload.txt" using the WebDAV API
+ Then file "fileToUpload.txt" of user "Alice" should be encrypted
+
+
+ Scenario: downloaded content of an uploaded file should not be encrypted
+ Given user "brand-new-user" has been created with default attributes and without skeleton files
+ When user "brand-new-user" uploads file with content "uploaded content" to "fileToUpload.txt" using the WebDAV API
+ Then the content of file "fileToUpload.txt" for user "brand-new-user" should be "uploaded content"
+
+
+ Scenario: it should not be possible to disable encryption without decrypting encrypted uploaded files
+ Given the administrator has uploaded file with content "uploaded content" to "/lorem.txt"
+ When the administrator disables encryption using the occ command
+ Then the command should have failed with exit code 1
+ And the command output should contain the text "The system still have encrypted files. Please decrypt them all before disabling encryption."
+
+
+ Scenario: move encryption keys to a different folder
+ When the administrator invokes occ command "encryption:change-key-storage-root owncloud-keys"
+ Then the command should have been successful
+ When the administrator invokes occ command "encryption:show-key-storage-root"
+ Then the command output should contain the text "Current key storage root: owncloud-keys"
+
+ # this scenario is dependant with the scenario just above it i.e moving keys to different folder
+ # please remove the scenario after the issue is fixed
+ @skipOnOcV10 @issue-encryption-303
+ Scenario: it should not be possible to disable encryption even after decrypting all encrypted files if keys root has been changed
+ Given the administrator has decrypted everything
+ When the administrator disables encryption using the occ command
+ Then the command should have failed with exit code 1
+ And the command output should contain the text "The system still have encrypted files. Please decrypt them all before disabling encryption"