Tracking testing results for Oauth 0.4.3

[davitol]

OAuth2 app Test Plan

https://github.com/owncloud/QA/blob/master/Server/Test_Plan_OAuth2.md

This aims to be a client-agnostic testplan for the OAuth2 application, centered in the actions available in the webUI and/or occ commands and their impact on ownCloud's core behavior. To test the application from a client standpoint see:

• Desktop Sync client: OAuth2 Desktop Client's integration testplan QA#473
• Mobile client: OAuth2 QA#474

Testing functionality

Test Case	Expected Result	Result	Related Comment
CLI commands
Enable OAuth2 app via CLI using occ app:enable oauth2	- The apps gets enabled - Replies from the WebDAV endpoint includes a new WWW-Authenticate: Bearer... header	✅
Disable OAuth2 app via CLI using occ app:disable oauth2	- The apps gets disabled - Previously mentioned header goes away in further requests	✅
Registered Clients
Default clients	The default Registered clients are included among the "Settings > Admin > User Authentication" OAuth 2.0: Registered Clients	✅	See #38 for the default values
Register new Client	64-character-length client_id and client_secret are generated together with a (optional) Client Name and a (required) Redirection URL	✅
Remove a Client	- Confirmation dialog is prompted before removal - All client sessions opened from those clients get removed	✅
Unregistered Clients
Authentication flow from an unregistered client	Unsuccessful Authorization Request	⚙️	Browser displays the "Request not valid" screen.
Authorized Applications
Login with a Registered Client	The Client Name is displayed amongst the "Personal > Security" OAuth 2.0 Authorized Applications	⚙️
Session Revocation (i.e. delete Authorized Application)	All the sessions opened in the clients are revoked and must be re-authorized	⚙️
User Account Handling
Password change	Open sessions are revoked and new credentials must be used in further login attempts	✅
Authorization Flow
Successful Authorization Request without any session open in the browser	Login form with an additional informative note about the application requesting access to ownCloud is displayed	⚙️
Successful Authorization Request with a valid session in the browser	The "Authorize" screen is displayed	⚙️
Successful Authorization Request in a browser with a different user logged in	The "Switch User" screen is displayed, allowing to modify the current session	⚙️	See use of the additional user parameter in: #67
Failed attempt in the authorization login form	The query parameters for the Authorization Request are preserved in next attempts	⚙️	See original issue in: owncloud/core#28129
Relevant Smoke Tests
Unauthenticated Actions: Public File Drop	Files get uploaded normally	✅	See #100

[davitol]

Changelog

• Improve adding a new client Improve adding a new client #237
• Don't fail if the client was already added Don't fail if the client was already added #234
• Internal Server Error, if you try to add a client with an existing Name/URI Internal Server Error, if you try to add a client with an existing Name/URI #162
• 500 error if add token with same name as existing 500 error if add token with same name as existing #135