22# SPDX-License-Identifier: AGPL-3.0-or-later
33Feature : FilesDrop
44
5+ # Scenarios using shareType 3 (public link drop) do not require a nickname.
6+ # Scenarios using shareType 4 (file request / email share) require a nickname
7+ # when the fileRequest attribute is enabled, and files are stored under a
8+ # per-nickname subdirectory.
9+
510 Scenario : Put file via files drop
611 Given user "user0" exists
712 And As an "user0"
813 And user "user0" created a folder "/drop"
914 And as "user0" creating a share with
10- | path | drop |
11- | shareType | 3 |
15+ | path | drop |
16+ | shareType | 3 |
1217 | publicUpload | true |
1318 And Updating last share with
1419 | permissions | 4 |
1520 When Dropping file "/a.txt" with "abc"
1621 And Downloading file "/drop/a.txt"
1722 Then Downloaded content should be "abc"
1823
19- Scenario : Put file same file multiple times via files drop
24+ Scenario : Put same file multiple times via files drop (public link)
2025 Given user "user0" exists
2126 And As an "user0"
2227 And user "user0" created a folder "/drop"
2328 And as "user0" creating a share with
24- | path | drop |
25- | shareType | 3 |
29+ | path | drop |
30+ | shareType | 3 |
2631 | publicUpload | true |
2732 And Updating last share with
2833 | permissions | 4 |
@@ -38,37 +43,37 @@ Feature: FilesDrop
3843 And As an "user0"
3944 And user "user0" created a folder "/drop"
4045 And as "user0" creating a share with
41- | path | drop |
42- | shareType | 3 |
43- | publicUpload | true |
44- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
46+ | path | drop |
47+ | shareType | 3 |
48+ | publicUpload | true |
49+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
4550 And Updating last share with
4651 | permissions | 4 |
4752 When Dropping file "/folder/a.txt" with "abc"
4853 Then the HTTP status code should be "400"
4954
50- Scenario : Files drop allow MKCOL without a nickname
51- Given user "user0" exists
52- And As an "user0"
53- And user "user0" created a folder "/drop"
54- And as "user0" creating a share with
55- | path | drop |
56- | shareType | 3 |
57- | publicUpload | true |
58- And Updating last share with
59- | permissions | 4 |
60- When Creating folder "folder" in drop
61- Then the HTTP status code should be "201"
62-
63- Scenario : Files request forbid MKCOL without a nickname
55+ Scenario : Files drop allow MKCOL without a nickname
6456 Given user "user0" exists
6557 And As an "user0"
6658 And user "user0" created a folder "/drop"
6759 And as "user0" creating a share with
68- | path | drop |
69- | shareType | 3 |
60+ | path | drop |
61+ | shareType | 3 |
7062 | publicUpload | true |
71- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
63+ And Updating last share with
64+ | permissions | 4 |
65+ When Creating folder "folder" in drop
66+ Then the HTTP status code should be "201"
67+
68+ Scenario : Files request forbid MKCOL without a nickname
69+ Given user "user0" exists
70+ And As an "user0"
71+ And user "user0" created a folder "/drop"
72+ And as "user0" creating a share with
73+ | path | drop |
74+ | shareType | 3 |
75+ | publicUpload | true |
76+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
7277 And Updating last share with
7378 | permissions | 4 |
7479 When Creating folder "folder" in drop
@@ -79,10 +84,10 @@ Scenario: Files drop allow MKCOL without a nickname
7984 And As an "user0"
8085 And user "user0" created a folder "/drop"
8186 And as "user0" creating a share with
82- | path | drop |
83- | shareType | 3 |
84- | publicUpload | true |
85- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
87+ | path | drop |
88+ | shareType | 3 |
89+ | publicUpload | true |
90+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
8691 And Updating last share with
8792 | permissions | 4 |
8893 When Creating folder "folder" in drop as "nickname"
@@ -93,10 +98,10 @@ Scenario: Files drop allow MKCOL without a nickname
9398 And As an "user0"
9499 And user "user0" created a folder "/drop"
95100 And as "user0" creating a share with
96- | path | drop |
97- | shareType | 3 |
98- | publicUpload | true |
99- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
101+ | path | drop |
102+ | shareType | 3 |
103+ | publicUpload | true |
104+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
100105 And Updating last share with
101106 | permissions | 4 |
102107 When dropping file "/folder/a.txt" with "abc"
@@ -107,25 +112,30 @@ Scenario: Files drop allow MKCOL without a nickname
107112 And As an "user0"
108113 And user "user0" created a folder "/drop"
109114 And as "user0" creating a share with
110- | path | drop |
111- | shareType | 4 |
112- | permissions | 4 |
113- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
114- | shareWith | |
115+ | path | drop |
116+ | shareType | 4 |
117+ | permissions | 4 |
118+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
119+ | shareWith | |
115120 When Dropping file "/folder/a.txt" with "abc" as "Alice"
116121 And Downloading file "/drop/Alice/folder/a.txt"
117122 Then Downloaded content should be "abc"
118123
119124 Scenario : File drop uploading folder with name of file
125+ # When a file and a directory share the same name, the first upload keeps
126+ # the original name. Here "/folder" is uploaded as a plain file first, so
127+ # it retains the name "folder". The subsequent upload of "/folder/a.txt"
128+ # requires a directory also named "folder", which is deduplicated to
129+ # "folder (2)" because the plain file already occupies that name.
120130 Given user "user0" exists
121131 And As an "user0"
122132 And user "user0" created a folder "/drop"
123133 And as "user0" creating a share with
124- | path | drop |
125- | shareType | 4 |
126- | permissions | 4 |
127- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
128- | shareWith | |
134+ | path | drop |
135+ | shareType | 4 |
136+ | permissions | 4 |
137+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
138+ | shareWith | |
129139 When Dropping file "/folder" with "its a file" as "Alice"
130140 Then the HTTP status code should be "201"
131141 When Dropping file "/folder/a.txt" with "abc" as "Alice"
@@ -137,15 +147,19 @@ Scenario: Files drop allow MKCOL without a nickname
137147 Then Downloaded content should be "abc"
138148
139149 Scenario : File drop uploading file with name of folder
150+ # Mirror of the previous scenario: the directory "/folder" is created first
151+ # by uploading "/folder/a.txt", so it retains the name "folder". The
152+ # subsequent upload of a plain file also named "/folder" is deduplicated
153+ # to "folder (2)".
140154 Given user "user0" exists
141155 And As an "user0"
142156 And user "user0" created a folder "/drop"
143157 And as "user0" creating a share with
144- | path | drop |
145- | shareType | 4 |
146- | permissions | 4 |
147- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
148- | shareWith | |
158+ | path | drop |
159+ | shareType | 4 |
160+ | permissions | 4 |
161+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
162+ | shareWith | |
149163 When Dropping file "/folder/a.txt" with "abc" as "Alice"
150164 Then the HTTP status code should be "201"
151165 When Dropping file "/folder" with "its a file" as "Alice"
@@ -157,20 +171,21 @@ Scenario: Files drop allow MKCOL without a nickname
157171 Then the HTTP status code should be "200"
158172 And Downloaded content should be "its a file"
159173
160- Scenario : Put file same file multiple times via files drop
174+ Scenario : Put same file multiple times via files drop (file request with nickname)
175+ # Only files are deduplicated across repeated uploads from the same nickname.
176+ # Folders are merged, not duplicated: "Mallory (2)" and "folder (2)" must
177+ # not be created; only the conflicting file gets a "(2)" suffix.
161178 Given user "user0" exists
162179 And As an "user0"
163180 And user "user0" created a folder "/drop"
164181 And as "user0" creating a share with
165- | path | drop |
166- | shareType | 4 |
167- | permissions | 4 |
168- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
169- | shareWith | |
182+ | path | drop |
183+ | shareType | 4 |
184+ | permissions | 4 |
185+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
186+ | shareWith | |
170187 When Dropping file "/folder/a.txt" with "abc" as "Mallory"
171188 And Dropping file "/folder/a.txt" with "def" as "Mallory"
172- # Ensure folder structure and that we only checked
173- # for files duplicates, but merged the existing folders
174189 Then as "user0" the folder "/drop/Mallory" exists
175190 Then as "user0" the folder "/drop/Mallory/folder" exists
176191 Then as "user0" the folder "/drop/Mallory (2)" does not exist
@@ -187,17 +202,19 @@ Scenario: Files drop allow MKCOL without a nickname
187202 And As an "user0"
188203 And user "user0" created a folder "/drop"
189204 And as "user0" creating a share with
190- | path | drop |
191- | shareType | 4 |
192- | permissions | 4 |
193- | shareWith | |
194- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
205+ | path | drop |
206+ | shareType | 4 |
207+ | permissions | 4 |
208+ | shareWith | |
209+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
195210 When Dropping file "/folder/a.txt" with "abc" as "Mallory"
196211 When as "user0" the file "/drop/Mallory/folder/a.txt" exists
212+ # Directory listings are blocked (405 Method Not Allowed)
197213 And Downloading public folder "Mallory"
198214 Then the HTTP status code should be "405"
199215 And Downloading public folder "Mallory/folder"
200216 Then the HTTP status code should be "405"
217+ # Individual files are not exposed at all (404 Not Found)
201218 And Downloading public file "Mallory/folder/a.txt"
202219 Then the HTTP status code should be "404"
203220
@@ -206,49 +223,54 @@ Scenario: Files drop allow MKCOL without a nickname
206223 And As an "user0"
207224 And user "user0" created a folder "/drop"
208225 And as "user0" creating a share with
209- | path | drop |
210- | shareType | 4 |
211- | permissions | 4 |
212- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
213- | shareWith | |
226+ | path | drop |
227+ | shareType | 4 |
228+ | permissions | 4 |
229+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
230+ | shareWith | |
214231 When Dropping file "/folder/a.txt" with "abc"
215232 Then the HTTP status code should be "400"
216233
217- Scenario : Files request drop with invalid nickname with slashes
234+ Scenario : Files request drop with invalid nickname containing slashes
218235 Given user "user0" exists
219236 And As an "user0"
220237 And user "user0" created a folder "/drop"
221238 And as "user0" creating a share with
222- | path | drop |
223- | shareType | 4 |
224- | permissions | 4 |
225- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
226- | shareWith | |
239+ | path | drop |
240+ | shareType | 4 |
241+ | permissions | 4 |
242+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
243+ | shareWith | |
227244 When Dropping file "/folder/a.txt" with "abc" as "Alice/Bob/Mallory"
228245 Then the HTTP status code should be "400"
229246
230- Scenario : Files request drop with invalid nickname with forbidden characters
247+ Scenario : Files request drop with invalid nickname matching a server file (.htaccess)
248+ # Nicknames that match web-server reserved filenames are blocked to prevent
249+ # accidental or malicious overwrite of server configuration files.
231250 Given user "user0" exists
232251 And As an "user0"
233252 And user "user0" created a folder "/drop"
234253 And as "user0" creating a share with
235- | path | drop |
236- | shareType | 4 |
237- | permissions | 4 |
238- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
239- | shareWith | |
254+ | path | drop |
255+ | shareType | 4 |
256+ | permissions | 4 |
257+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
258+ | shareWith | |
240259 When Dropping file "/folder/a.txt" with "abc" as ".htaccess"
241260 Then the HTTP status code should be "400"
242261
243- Scenario : Files request drop with invalid nickname with forbidden characters
262+ Scenario : Files request drop with invalid nickname starting with a dot
263+ # Dot-prefixed nicknames are blocked because they would create hidden
264+ # directories on POSIX filesystems, which is undesirable regardless of
265+ # the name being otherwise harmless (e.g. ".Mallory").
244266 Given user "user0" exists
245267 And As an "user0"
246268 And user "user0" created a folder "/drop"
247269 And as "user0" creating a share with
248- | path | drop |
249- | shareType | 4 |
250- | permissions | 4 |
251- | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
252- | shareWith | |
270+ | path | drop |
271+ | shareType | 4 |
272+ | permissions | 4 |
273+ | attributes | [{"scope ":"fileRequest ","key ":"enabled ","value ":true }] |
274+ | shareWith | |
253275 When Dropping file "/folder/a.txt" with "abc" as ".Mallory"
254276 Then the HTTP status code should be "400"
0 commit comments