server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/resources/cucumber/DownloadEndpoint.feature - james-project - Git at Google

 #***************************************************************
 # Licensed to the Apache Software Foundation (ASF) under one   *
 # or more contributor license agreements.  See the NOTICE file *
 # distributed with this work for additional information        *
 # regarding copyright ownership.  The ASF licenses this file   *
 # to you under the Apache License, Version 2.0 (the            *
 # "License"); you may not use this file except in compliance   *
 # with the License.  You may obtain a copy of the License at   *
 #                                                              *
 #   http://www.apache.org/licenses/LICENSE-2.0                 *
 #                                                              *
 # Unless required by applicable law or agreed to in writing,   *
 # software distributed under the License is distributed on an  *
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
 # KIND, either express or implied.  See the License for the    *
 # specific language governing permissions and limitations      *
 # under the License.                                           *
 # **************************************************************/

 Feature: Download endpoint
   As a James user
   I want to access to the download endpoint

   Background:
     Given a domain named "domain.tld"
     And some users "usera@domain.tld, userb@domain.tld"
     And "usera@domain.tld" has a mailbox "INBOX"
     And "usera@domain.tld" mailbox "INBOX" contains a message "m1" with an attachment "a1"

   Scenario: An unauthenticated user should not have access to the download endpoint
     When un-authenticated user downloads "a1"
     Then the user should not be authorized

   Scenario: An authenticated user should initiate the access to the download endpoint
     Given "usera@domain.tld" is connected
     When "usera@domain.tld" checks for the availability of the attachment endpoint
     Then the user should be authorized

   Scenario: An unauthenticated user should initiate the access to the download endpoint
     When "usera@domain.tld" checks for the availability of the attachment endpoint
     Then the user should be authorized

   Scenario: A user should not have access to the download endpoint without the authentication token
     When "usera@domain.tld" downloads "a1" without any authentication token
     Then the user should not be authorized

   Scenario: A user should not have access to the download endpoint with an empty authentication token
     When "usera@domain.tld" downloads "a1" with an empty authentication token
     Then the user should not be authorized

   Scenario: A user should not have access to the download endpoint with a bad authentication token
     When "usera@domain.tld" downloads "a1" with a bad authentication token
     Then the user should not be authorized

   Scenario: A user should not have access to the download endpoint with an unknown authentication token
     When "usera@domain.tld" downloads "a1" with an invalid authentication token
     Then the user should not be authorized

   Scenario: A user should not have access to the download endpoint when an authentication token has expired
     When "usera@domain.tld" downloads "a1" with an expired token
     Then the user should not be authorized

   Scenario: A user should not have access to the download endpoint without a blobId
     Given "usera@domain.tld" is trusted for attachment "a1"
     When "usera@domain.tld" downloads "a1" without blobId parameter
     Then the user should not be authorized

   Scenario: A user should not retrieve anything when using wrong blobId
     Given "usera@domain.tld" is trusted for attachment "a1"
     When "usera@domain.tld" downloads "a1" with wrong blobId
     Then the user should not be authorized

   @BasicFeature
   Scenario: A user should have access to the download endpoint when an authentication token is valid
     Given "usera@domain.tld" is trusted for attachment "a1"
     When "usera@domain.tld" downloads "a1" using query parameter strategy
     Then the user should be authorized

   Scenario: An authenticated user should have access to the download endpoint
     Given "usera@domain.tld" is connected
     When "usera@domain.tld" downloads "a1"
     Then the user should be authorized

   Scenario: An authenticated user should not have access to someone else attachment
     Given "userb@domain.tld" is connected
     When "userb@domain.tld" downloads "a1"
     Then the user should receive a not found response

   Scenario: A user should have access to an inlined attachment
     Given "usera@domain.tld" is connected
     And "usera@domain.tld" mailbox "INBOX" contains a message "m2" with an inlined attachment "ia1"
     When "usera@domain.tld" downloads "ia1"
     Then the user should be authorized

   Scenario: A user should have access to multiple same inlined attachments
     Given "usera@domain.tld" is connected
     And "usera@domain.tld" mailbox "INBOX" contains a message "m2" with multiple same inlined attachments "ia1"
     When "usera@domain.tld" downloads "ia1"
     And "usera@domain.tld" downloads "ia1"
     Then the user should be authorized
	#***************************************************************
	# Licensed to the Apache Software Foundation (ASF) under one *
	# or more contributor license agreements. See the NOTICE file *
	# distributed with this work for additional information *
	# regarding copyright ownership. The ASF licenses this file *
	# to you under the Apache License, Version 2.0 (the *
	# "License"); you may not use this file except in compliance *
	# with the License. You may obtain a copy of the License at *
	# *
	# http://www.apache.org/licenses/LICENSE-2.0 *
	# *
	# Unless required by applicable law or agreed to in writing, *
	# software distributed under the License is distributed on an *
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
	# KIND, either express or implied. See the License for the *
	# specific language governing permissions and limitations *
	# under the License. *
	# **************************************************************/

	Feature: Download endpoint
	As a James user
	I want to access to the download endpoint

	Background:
	Given a domain named "domain.tld"
	And some users "usera@domain.tld, userb@domain.tld"
	And "usera@domain.tld" has a mailbox "INBOX"
	And "usera@domain.tld" mailbox "INBOX" contains a message "m1" with an attachment "a1"

	Scenario: An unauthenticated user should not have access to the download endpoint
	When un-authenticated user downloads "a1"
	Then the user should not be authorized

	Scenario: An authenticated user should initiate the access to the download endpoint
	Given "usera@domain.tld" is connected
	When "usera@domain.tld" checks for the availability of the attachment endpoint
	Then the user should be authorized

	Scenario: An unauthenticated user should initiate the access to the download endpoint
	When "usera@domain.tld" checks for the availability of the attachment endpoint
	Then the user should be authorized

	Scenario: A user should not have access to the download endpoint without the authentication token
	When "usera@domain.tld" downloads "a1" without any authentication token
	Then the user should not be authorized

	Scenario: A user should not have access to the download endpoint with an empty authentication token
	When "usera@domain.tld" downloads "a1" with an empty authentication token
	Then the user should not be authorized

	Scenario: A user should not have access to the download endpoint with a bad authentication token
	When "usera@domain.tld" downloads "a1" with a bad authentication token
	Then the user should not be authorized

	Scenario: A user should not have access to the download endpoint with an unknown authentication token
	When "usera@domain.tld" downloads "a1" with an invalid authentication token
	Then the user should not be authorized

	Scenario: A user should not have access to the download endpoint when an authentication token has expired
	When "usera@domain.tld" downloads "a1" with an expired token
	Then the user should not be authorized

	Scenario: A user should not have access to the download endpoint without a blobId
	Given "usera@domain.tld" is trusted for attachment "a1"
	When "usera@domain.tld" downloads "a1" without blobId parameter
	Then the user should not be authorized

	Scenario: A user should not retrieve anything when using wrong blobId
	Given "usera@domain.tld" is trusted for attachment "a1"
	When "usera@domain.tld" downloads "a1" with wrong blobId
	Then the user should not be authorized

	@BasicFeature
	Scenario: A user should have access to the download endpoint when an authentication token is valid
	Given "usera@domain.tld" is trusted for attachment "a1"
	When "usera@domain.tld" downloads "a1" using query parameter strategy
	Then the user should be authorized

	Scenario: An authenticated user should have access to the download endpoint
	Given "usera@domain.tld" is connected
	When "usera@domain.tld" downloads "a1"
	Then the user should be authorized

	Scenario: An authenticated user should not have access to someone else attachment
	Given "userb@domain.tld" is connected
	When "userb@domain.tld" downloads "a1"
	Then the user should receive a not found response

	Scenario: A user should have access to an inlined attachment
	Given "usera@domain.tld" is connected
	And "usera@domain.tld" mailbox "INBOX" contains a message "m2" with an inlined attachment "ia1"
	When "usera@domain.tld" downloads "ia1"
	Then the user should be authorized

	Scenario: A user should have access to multiple same inlined attachments
	Given "usera@domain.tld" is connected
	And "usera@domain.tld" mailbox "INBOX" contains a message "m2" with multiple same inlined attachments "ia1"
	When "usera@domain.tld" downloads "ia1"
	And "usera@domain.tld" downloads "ia1"
	Then the user should be authorized