Authentication test plan #529
Comments
|
Some interesting scenarios to be tested:
|
|
|
If you need help with regression tests, I have a test installation ready except for shibboleth/LDAP/AD external auth providers. |
|
Tarball is ready for testing: https://download.owncloud.org/community/testing/owncloud-10.0.7RC1.tar.bz2 |
|
first glimpse: carddav syncing on android works again, detailed report follows later today... |
|
| Login Type | Result | Comments |
|---|---|---|
| Cadaver (no sessions) | ||
| Browser + Uploads | ✅ | - |
| Desktop client (new endpoint) | ✅ | - |
| Mobile clients (old endpoints) | ||
| Shibboleth | ||
| OAuth2 | ❌ | There's still one 'Login failed' entry See owncloud/core#30157 (comment) |
Lock-out specific scenarios
🔒 We still need infrastructure support cc/ @owncloud/devops
About the orthogonal scenarios described on #529 (comment)
- Is covered by the previous tests
- Delete an auth item:
- Password (change)
- OAuth2 "Authorized Clients" ✅
- Application Passwords ❌ - "Disconnect" application password should kill its open sessions core#28553 still valid
- 🔒 On hold, until Bugfix/owncloud/oauth2#103 core#30365 + Throw an exception if the Bearer header holds an invalid token oauth2#112 are tested
what do you exactly need? |
|
@patrickjahns see #529 (comment) 's " |
|
Can someone check if I got the test cases right, I would do the tests this evening:
Mobile Client CalDav/Carddav is https://play.google.com/store/apps/details?id=org.dmfs.caldav.lib&hl=de and https://play.google.com/store/apps/details?id=org.dmfs.carddav.sync&hl=de. All tests will be against an installation with encryption module. |
|
@thommierother that's pretty much it, yup! Just remember to apply the owncloud/core#30398 patch on the tarball contents to go over the OAuth2 scenarios. |
|
Test results for https://download.owncloud.org/community/testing/owncloud-10.0.7RC1.tar.bz2 including owncloud/core#30398, with activated encryption
Only partly successful. The user story for „activated Oauth2 & TOTP and login through app password“ is still not correct. In this case, the mobile client should require no TOTP when the app password is used instead. Moreover, encryption should still be possible for these scenarios. Upon creation of the account, the client should request the standard password AND the app password once. The app password should disable the TOTP requirement for the client. The client should still send the standard password to allow server encryption/decryption. The linking between standard and app password should be active as long as the app password is valid. |
Your failed scenarios can be attributed to owncloud/oauth2#105; do not assess OAuth2 together with encryption just yet, please. |
|
I thought that already ... IMHO owncloud/oauth2#105 should have high priority because installations that used encryption in earlier releases would not like to switch back again (like me) ... |
|
Current testing status: 10.0.7 RC1 + owncloud/core#30398 + owncloud/core#30365 + owncloud/oauth2#112 = Still raises one (1) |
|
good luck ;-) |
Reason: https://github.com/owncloud/core/pull/30365/files#diff-9c47cee6ac987e5256aeee509f91ddb1R291 |
|
I see activity on the https://github.com/owncloud/core/tree/bugfix/owncloud/oauth2%23103 for example. Will there be a RC2 tarball this week for testing? |
|
@thommierother yes. The PR is currently going through CI and after it's merged we'll build RC2 |
|
RC2 built, it will appear here shortly once mirrors catch up: https://download.owncloud.org/community/testing/owncloud-10.0.7RC2.tar.bz2 |
|
Re-tested for 10.0.7. RC2. owncloud/oauth2#105 is still open and blocks these use cases: Client Upload to crypted storage with Oauth2 & TOTP activated, Sync is blocked with „503 Service Unavailable“ Mobile Client Upload with same settings shows „Encryption not ready, Private key missing for user“ message |
|
added entry in original post: "impersonate app" |
Based on what needs to be retested for owncloud/core#30157
The text was updated successfully, but these errors were encountered: