ability to enable bruteforce protection for ExApp routes #1313
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests Special | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: tests-special-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| env: | |
| NEXTCLOUD_URL: "http://localhost:8080/" | |
| APP_ID: "nc_py_api" | |
| APP_PORT: 9009 | |
| APP_VERSION: "1.0.0" | |
| APP_SECRET: "tC6vkwPhcppjMykD1r0n9NlI95uJMBYjs5blpIcA1PAdoPDmc5qoAjaBAkyocZ6E" | |
| jobs: | |
| auth-tests-no-init: | |
| runs-on: ubuntu-22.04 | |
| name: Auth tests (no Init endpoint) | |
| services: | |
| postgres: | |
| image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest | |
| ports: | |
| - 4444:5432/tcp | |
| env: | |
| POSTGRES_USER: root | |
| POSTGRES_PASSWORD: rootpassword | |
| POSTGRES_DB: nextcloud | |
| options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5 | |
| steps: | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Set app env | |
| run: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV | |
| - name: Checkout server | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| submodules: true | |
| repository: nextcloud/server | |
| ref: 'stable28' | |
| - name: Checkout AppAPI | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| path: apps/${{ env.APP_NAME }} | |
| - name: Set up php | |
| uses: shivammathur/setup-php@4bd44f22a98a19e0950cbad5f31095157cc9621b # v2 | |
| with: | |
| php-version: '8.1' | |
| extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, pgsql, pdo_pgsql | |
| coverage: none | |
| ini-file: development | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check composer file existence | |
| id: check_composer | |
| uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2 | |
| with: | |
| files: apps/${{ env.APP_NAME }}/composer.json | |
| - name: Set up dependencies | |
| if: steps.check_composer.outputs.files_exists == 'true' | |
| working-directory: apps/${{ env.APP_NAME }} | |
| run: composer i | |
| - name: Set up Nextcloud | |
| env: | |
| DB_PORT: 4444 | |
| run: | | |
| mkdir data | |
| ./occ maintenance:install --verbose --database=pgsql --database-name=nextcloud --database-host=127.0.0.1 \ | |
| --database-port=$DB_PORT --database-user=root --database-pass=rootpassword \ | |
| --admin-user admin --admin-pass admin | |
| ./occ app:enable --force ${{ env.APP_NAME }} | |
| - name: Run Nextcloud | |
| run: PHP_CLI_SERVER_WORKERS=2 php -S 127.0.0.1:8080 & | |
| - name: Checkout NcPyApi | |
| uses: actions/checkout@v3 | |
| with: | |
| path: nc_py_api | |
| repository: cloud-py-api/nc_py_api | |
| - name: Install NcPyApi | |
| working-directory: nc_py_api | |
| run: python3 -m pip -v install ".[dev]" | |
| - name: Register App | |
| run: | | |
| python3 apps/${{ env.APP_NAME }}/tests/install_no_init.py & | |
| echo $! > /tmp/_install.pid | |
| sleep 5s | |
| php occ app_api:daemon:register manual_install "Manual Install" manual-install http localhost 0 | |
| php occ app_api:app:register $APP_ID manual_install --json-info \ | |
| "{\"appid\":\"$APP_ID\",\"name\":\"$APP_ID\",\"daemon_config_name\":\"manual_install\",\"version\":\"$APP_VERSION\",\"secret\":\"$APP_SECRET\",\"port\":$APP_PORT,\"scopes\":[\"ALL\"],\"system_app\":1}" \ | |
| --force-scopes --wait-finish | |
| kill -15 $(cat /tmp/_install.pid) | |
| timeout 3m tail --pid=$(cat /tmp/_install.pid) -f /dev/null | |
| - name: Check logs | |
| run: grep -q 'Hello from ' data/nextcloud.log || error | |
| - name: Test ALL Scope | |
| run: python3 apps/${{ env.APP_NAME }}/tests/auth_scopes_system.py 0 | |
| - name: Re-Register App | |
| run: | | |
| php occ app_api:app:unregister $APP_ID --silent --force || true | |
| python3 apps/${{ env.APP_NAME }}/tests/install_no_init.py & | |
| echo $! > /tmp/_install.pid | |
| sleep 5s | |
| php occ app_api:app:register $APP_ID manual_install --json-info \ | |
| "{\"appid\":\"$APP_ID\",\"name\":\"$APP_ID\",\"daemon_config_name\":\"manual_install\",\"version\":\"$APP_VERSION\",\"secret\":\"$APP_SECRET\",\"port\":$APP_PORT,\"scopes\":[\"SYSTEM\"],\"system_app\":1}" \ | |
| --force-scopes --wait-finish | |
| kill -15 $(cat /tmp/_install.pid) | |
| timeout 3m tail --pid=$(cat /tmp/_install.pid) -f /dev/null | |
| - name: Test NO ALL Scope | |
| run: python3 apps/${{ env.APP_NAME }}/tests/auth_scopes_system.py 1 | |
| - name: Upload NC logs | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: install_no_init.log | |
| path: data/nextcloud.log | |
| if-no-files-found: warn | |
| tests-special-success: | |
| permissions: | |
| contents: none | |
| runs-on: ubuntu-22.04 | |
| needs: [auth-tests-no-init] | |
| name: TestsSpecial-OK | |
| steps: | |
| - run: echo "Tests special passed successfully" |