diff --git a/docs/testing/smoke_testing.md b/docs/testing/smoke_testing.md index f62ee2ab2..c6d3c2aee 100644 --- a/docs/testing/smoke_testing.md +++ b/docs/testing/smoke_testing.md @@ -19,8 +19,9 @@ The need for this smoke testing (manual) is that we do not have e2e test setup t - [2. Link/Unlink a work package for a file/folder from OpenProject](#2-linkunlink-a-work-package-for-a-filefolder-from-openproject) - [3. Direct upload file/folder from OpenProject to Nextcloud](#3-direct-upload-filefolder-from-openproject-to-nextcloud) - [4. Create a WorkPackage from Nextcloud](#4-create-a-workpackage-from-nextcloud) - - [5. Check notification in `OpenProject` widget in Nextcloud](#5-check-notification-in-openproject-widget-in-nextcloud) - - [6. Check New folder with automatically managed permissions in OpenProject](#6-check-new-folder-with-automatically-managed-permissions-in-openproject) + - [5. Check notification in `OpenProject` widget in Nextcloud](#5-check-notification-in-openproject-widget-in-nextcloud) + - [6. Setup and check project folder in Nextcloud (with project folder setup)](#6-setup-and-check-project-folder-in-nextcloud-with-project-folder-setup) + - [7. Setup and Check New folder with automatically managed permissions in OpenProject](#7-setup-and-check-new-folder-with-automatically-managed-permissions-in-openproject) - [App Upgrade Testing](#app-upgrade-testing) - [Upgrade Steps](#upgrade-steps) @@ -33,18 +34,27 @@ The need for this smoke testing (manual) is that we do not have e2e test setup t ## Section A: Two-Way OAuth 2.0 Authorization Code Flow -### A1. Oauth configuration -- [ ] In `OpenProject`, navigate to `Administration > Files`. -- [ ] Create a file storage type `Nextcloud` and name it as `Nextcloud` in `OpenProject`. -- [ ] In admin setting of `Nextcloud`, navigate to `Administration Settings > OpenProject`. -- [ ] Copy `OpenProject` Oauth Credential (client_id and client_secret) and save them in `Nextcloud`. -- [ ] Copy `Nextcloud` Oauth Credential (client_id and client_secret) and save them in `OpenProject`. -- [ ] Disable project folder (automatically managed folder). +### A1. OAuth configuration +- [ ] Keep two browser tabs open: one for `OpenProject` and one for `Nextcloud`. +- [ ] In `OpenProject`, as a user `admin`, navigate to `Administration > Files` and add a new `Nextcloud` storage: + - Add name to `Nextcloud` and host to ``. + - Select `Two-way OAuth 2.0 authorization code flow` as the authentication method. + - Click `Save and Continue` — note the generated `OpenProject OAuth Client ID` and `Client Secret`. +- [ ] In `Nextcloud`, as a user `admin`, navigate to `Administration Settings > OpenProject`: + - Set `OpenProject server` to ``. + - Select `Two-way OAuth 2.0 authorization code flow` as the authentication method. + - Enter the `OpenProject OAuth Client ID` and `Client Secret` copied from the previous step. + - Click `Save` — note the generated `Nextcloud OAuth Client ID` and `Client Secret`. +- [ ] Back in `OpenProject`: + - Enter the `Nextcloud OAuth Client ID` and `Client Secret`, then click `Save and Continue`. + - Uncheck the `Automatically managed folders` and click on `Finish setup`. +- [ ] Back in `Nextcloud`, click `Yes, I have copied these values`. +- [ ] Disable `Automatically managed project folders` and click `Complete without Project Folders`. ### A2. Connect Nextcloud with OpenProject - [ ] Complete step [Test No A1](#a1-oauth-configuration). -- [ ] In `Nextcloud`, navigate to `Personal Settings > Openproject` and click on `Connect to OpenProject` button. +- [ ] In `Nextcloud`, navigate to `Personal Settings > OpenProject` and click on `Connect to OpenProject` button. - [ ] `Nextcloud` admin should be connected as an `OpenProject` admin. - [ ] Also, create a user in both `Nextcloud` as well as `OpenProject`. - [ ] From the personal section of the created user in `Nextcloud`, connect to `OpenProject`. @@ -52,102 +62,105 @@ The need for this smoke testing (manual) is that we do not have e2e test setup t ### A3. Add File storage (Nextcloud) to an OpenProject project - [ ] Complete step [Test No A1](#a1-oauth-configuration). -- [ ] Select an `OpenProject` Project (for example, `Demo Project`) in `OpenProject`. +- [ ] As a user `admin`, select any `OpenProject` Project (for example, `Demo Project`) in `OpenProject`. - [ ] Navigate to `Project settings > Files` of `Demo Project`. - [ ] Add a file storage name `Nextcloud`( choose `No specific Folder` option ) for `Demo Project`. ### A4. Connect OpenProject with Nextcloud - [ ] Complete step [Test No A1](#a1-oauth-configuration). -- [ ] Complete step [Test No A3](#A3-Add-File-storage-Nextcloud-to-an-OpenProject-project). -- [ ] Navigate to `Demo Project > Work Packages` and double click any one of the work packages available. +- [ ] Complete step [Test No A3](#a3-add-file-storage-nextcloud-to-an-openproject-project). +- [ ] As a user `admin`, navigate to `Demo Project > Work Packages` and open any work package by clicking its ID. - [ ] Navigate to `Files` tab, and login to `Nextcloud`. - [ ] `OpenProject` admin is connected to `Nextcloud` as a `Nextcloud` admin. -- [ ] Also, create a user in both `Nextcloud` as well as `OpenProject`. - [ ] Add the created `OpenProject` user as the member of `Demo Project` project (admin can add members to a project). +- [ ] Login as created user in both `OpenProject` and `Nextcloud`. - [ ] Try to connect the created `OpenProject` user as created `Nextcloud` user. - [ ] `OpenProject` user should be connected as a `Nextcloud` user. -### A5. Setup and check project folder in Nextcloud (with project folder setup) -- [ ] Complete step [Test No A1](#a1-oauth-configuration). -- [ ] Enable `groupfolders` application in `Nextcloud`. -- [ ] Enable `Automatically managed folders` switch in admin setting and set project folder. -- [ ] Application password should be generated. -- [ ] Verify that `OpenProject` user and group are created with user `OpenProject` as sub-admin of the group. -- [ ] Verify that `OpenProjectNoAutomaticProjectFolders` group is also created with user `OpenProject` as sub-admin. -- [ ] Try deleting `OpenProject` user and group, those should not be deleted. -- [ ] Try deleting `OpenProjectNoAutomaticProjectFolders` group, it should not be possible to delete. -- [ ] Test group management (as user `OpenProject`): - - Login as `OpenProject` user - - Add a test user `user1` to the `OpenProject` group - - Remove `user1` from the `OpenProject` group - - Verify that `user1` is automatically moved to the `OpenProjectNoAutomaticProjectFolders` group - -### A6. Complete the common smoke tests -- [ ] Complete [smoke tests 1-6](#common-smoke-test-steps). +### A5. Complete the common smoke tests +- [ ] Complete [smoke tests 1-7](#common-smoke-test-steps). -### A7. Check the integration script for oauth set up +### A6. Check the integration script for oauth set up -> Before Running the script make sure that your `Nextcloud` and `OpenProject` instance is up and running +> Before running the script, make sure that your `Nextcloud` and `OpenProject` instances are up and running. - [ ] Run the `integration_setup.sh` script to set up integration without project folder with the following command: ```bash -SETUP_PROJECT_FOLDER=true \ +SETUP_PROJECT_FOLDER=false \ NEXTCLOUD_HOST= \ OPENPROJECT_HOST= \ OP_ADMIN_USERNAME=admin \ -OP_ADMIN_PASSWORD=admin \ -NC_ADMIN_USERNAME=admin \ -NC_ADMIN_PASSWORD=admin \ -OPENPROJECT_STORAGE_NAME=Nextcloud \ +OP_ADMIN_PASSWORD=admin \ +NC_ADMIN_USERNAME=admin \ +NC_ADMIN_PASSWORD=admin \ +OPENPROJECT_STORAGE_NAME=Nextcloud \ bash integration_setup.sh ``` -- [ ] Upon success, try step [Test No A2](#A2-Connect-Nextcloud-with-OpenProject) (Skip first check). +- [ ] Upon success, try step [Test No A2](#a2-connect-nextcloud-with-openproject) (Skip first check). - [ ] Upon success, try step [Test No A4](#a4-connect-openproject-with-nextcloud) (Skip first check). - [ ] Also, to set up the integration configuration with project folder setup, just set environment `SETUP_PROJECT_FOLDER=true` and run the script. - [ ] Re-run the script again after it is already setup (Should not give any error). ## Section B: Single-Sign-On through OpenID Connect Identity Provider +> **Note**: `OpenProject` must be an Enterprise edition to use SSO setup. + ### B.1: Nextcloud Hub as IDP #### B.1.1. Configure Nextcloud -- [ ] In Nextcloud, install and enable `oidc` and `user_oidc` apps. -- [ ] Create a new user( with username, display name, password, and email) -- [ ] Run following command: - - `php occ config:system:set user_oidc --type boolean --value="true" oidc_provider_bearer_validation` +- [ ] In `Nextcloud`, log in as a user `admin`. +- [ ] Install and enable `OIDC Identity Provider`(`oidc`) and `OpenID Connect user backend`(`user_oidc`) apps. +- [ ] Create a new user ( with username, display name, password, and email). +- [ ] Check whether `oidc_provider_bearer_validation` exists and is set to `true` by running `php occ config:list`. + > **Note:** This requires the OIDC Identity Provider app >= v1.4.0. Access tokens and JWT tokens can be validated. + - [ ] If the setting does not exist or is set to `false`, run: + - `php occ config:system:set user_oidc --type boolean --value="true" oidc_provider_bearer_validation` - [ ] Go to `Administration > OpenID Connect` and enable `store login tokens` option. -- [ ] Go to `Administation > Security` -- [ ] Add OIDC client ("OpenID Connect clients" section): - - Add a client name (not an identifier) - - Add a redirect URL : `/auth/oidc-/callback` - - After adding, choose `Access Token Type` as `JWT Access Token (RFC9068)`. - - Set `Refresh Token Expire Time` to `Never` - - Save - - Copy the Client ID and Client secret (you will need these later in OpenProject and integration_openproject) - -#### B.1.2. Add Nextcloud IDP in OpenProject -- [ ] In OpenProject, go to `Administration > Authentication > OpenID providers` +- [ ] Go to `Administration > OpenID Connect Provider`. + - Click the button `+ Add client`. + - Add a client name (not an identifier) such as `openproject`. + - Add a redirect URL: `/auth/oidc-/callback`. + - Choose Signing Algorithm option as `RS256`. + - Choose Client Type as `Confidential` and click on `Add` button. + - After clicking `add` button, click on the recently created client. + - Choose `Access Token Type` as `JWT Access Token (RFC9068)` and click on `save` button. + - Go to `settings` section. + - Set `Refresh Token Expire Time` to `Never`. + - Save. + - Copy the Client ID and Client secret (you will need these later in OpenProject and integration_openproject). + +#### B.1.2. Add Nextcloud IDP in OpenProject (Without project folder setup) +- [ ] In `OpenProject`, log in as a user `admin`. +- [ ] Go to `Administration > Authentication > OpenID providers`. - [ ] Add a new custom OpenID provider: - - Display name: `nextcloud` (use this name as redirect URL in Nextcloud: ) + - Display name: `nextcloud` (use this name as redirect URL in Nextcloud: ) - Discovery URL: `/index.php/.well-known/openid-configuration` - Client ID: Client ID copied earlier from Nextcloud - Client secret: Client secret copied earlier from Nextcloud -- [ ] Go to `Administration > Files` -- [ ] Select the file storage type called Nextcloud (created earlier in previous test) -- [ ] Under `OAuth configuration`, select `Use access token obtained during user log in` + - Keep all other options as default and click on `save`. +- [ ] Then, go to `Administration > Files`. +- [ ] Create a file storage type `Nextcloud` by clicking the button `+ Storage` and choosing `Nextcloud`. +- [ ] Set the name to `Nextcloud`. +- [ ] Set Host to ``. +- [ ] Set authentication Method to `Single-Sign-On through OpenID Connect Identity Provider`. +- [ ] Then, select the option `Use access token obtained during user log in`. +- [ ] Uncheck project folder (automatically managed folder). +- [ ] Click on button `Finish setup`. #### B.1.3. Setup integration (Without project folder setup) -- [ ] Complete step [Test No B.1.1](#B11-Configure-Nextcloud). -- [ ] Complete step [Test No B.1.2](#B12-Add-Nextcloud-Idp-in-OpenProject). -- [ ] In nextcloud, go to `Administration > OpenProject`. +- [ ] Complete step [Test No B.1.1](#b11-configure-nextcloud). +- [ ] Complete step [Test No B.1.2](#b12-add-nextcloud-idp-in-openproject-without-project-folder-setup). +- [ ] In `Nextcloud`, as a user `admin`, go to `Administration > OpenProject`. +- [ ] Add openproject host. - [ ] Under `Authentication Method`, select `Single-Sign-On through OpenID Connect Identity Provider`. - [ ] In `Authentication settings`, select `provider Type` as `Nextcloud Hub`. -- [ ] Set Openproject `client ID` by Client ID copied earlier in **Test No B1**. +- [ ] Set OpenProject `client ID` by Client ID copied earlier in **Test No B1**. +- [ ] Uncheck `project folder (automatically managed folder)`. #### B.1.4. Login to OpenProject using Nextcloud user -- [ ] Complete step [Test No B.1.1](#B11-Configure-Nextcloud) -- [ ] Complete step [Test No B.1.2](#B12-Add-Nextcloud-Idp-in-OpenProject). -- [ ] Complete step [Test No B.1.3](#b13-Setup-integration-Without-project-folder-setup). +- [ ] Complete step [Test No B.1.1](#B11-Configure-Nextcloud). +- [ ] Complete step [Test No B.1.2](#b12-add-nextcloud-idp-in-openproject-without-project-folder-setup). +- [ ] Complete step [Test No B.1.3](#b13-setup-integration-without-project-folder-setup). - [ ] In `nextcloud`, login as nextcloud-created user. - [ ] In `openproject`, use the SSO button on the login page to sign in as the nextcloud-created user. - [ ] Login should be successful in `openproject`. @@ -156,90 +169,99 @@ bash integration_setup.sh #### B.1.5. Verify Connection of Nextcloud user with OpenProject - [ ] Complete step [Test No B.1.1](#B11-Configure-Nextcloud). -- [ ] Complete step [Test No B.1.2](#B12-Add-Nextcloud-Idp-in-OpenProject). -- [ ] Complete step [Test No B.1.3](#b13-Setup-integration-Without-project-folder-setup). -- [ ] Complete step [Test No B.1.4](#b14-Login-to-OpenProject-using-Nextcloud-user). +- [ ] Complete step [Test No B.1.2](#b12-add-nextcloud-idp-in-openproject-without-project-folder-setup). +- [ ] Complete step [Test No B.1.3](#b13-setup-integration-without-project-folder-setup). +- [ ] Complete step [Test No B.1.4](#b14-login-to-openProject-using-nextcloud-user). - [ ] In nextcloud, login as nextcloud-created user. -- [ ] Navigate to `Settings > Openproject` +- [ ] Navigate to `Settings > OpenProject`. - [ ] Should show user is connected as an OpenProject user. #### B.1.6. Complete the common smoke tests -- [ ] Complete [smoke tests 1-6](#common-smoke-test-steps). +- [ ] Complete [smoke tests 1-7](#common-smoke-test-steps). ### B.2: External Provider > Here, keycloak is an External Provider #### B.2.1. Configure Keycloak -- [ ] Set up Keycloak using this guide: [Keycloak Setup](https://www.openproject-edge.com/docs/system-admin-guide/integrations/nextcloud/oidc-sso/#keycloak) +- [ ] Set up Keycloak using this guide: [Keycloak Setup](https://www.openproject-edge.com/docs/system-admin-guide/integrations/nextcloud/oidc-sso/#keycloak). #### B.2.2. Configure Nextcloud -- [ ] In **nextcloud**, go to `Administration > OpenID Connect`. +- [ ] In **nextcloud**, as an admin go to `Administration > OpenID Connect`. - [ ] Enable `store login tokens` options. -- [ ] Register a new providers with following data: +- [ ] Register a new providers with the following data: - Identifier: `keycloak` - Client ID: nextcloud client id from keycloak - Client Secret: nextcloud client secret from keycloak - - Discovery endpoint: `/realms//.well-known/openid-configuration` + - Discovery endpoint: `/realms//.well-known/openid-configuration` (for example realm name can be `opnc`) - Scope: `openid email profile api_v3` - submit - [ ] Login as keycloak-created user in `Nextcloud`. -- [ ] Login Should be successful -- [ ] Logout +- [ ] Login should be successful. +- [ ] Logout. #### B.2.3. Add Keycloak IDP in OpenProject -- [ ] In **OpenProject**, go to `Administration > Authentication > OpenID providers` +- [ ] In `OpenProject`, as a user `admin`, go to `Administration > Authentication > OpenID providers`. - [ ] Add a new custom OpenID provider: - Display name: `keycloak` - Discovery URL: `/realms//.well-known/openid-configuration` - - Client ID: Client ID of openproject from keycloak + - Client ID: Client ID of openproject provided by keycloak in the realm. - Client secret: Client secret of openproject from keycloak -- [ ] Login as keycloak-created user in `Openproject`. -- [ ] Log out, then Login as admin in `Openproject`. -- [ ] As an `OpenProject` admin, add keycloak-created user as a member in one of the project. - -#### B.2.4. Setup integration (token exchange disabled) -- [ ] In nextcloud, go to `Administration > OpenProject`. +- [ ] Go to Administration > Files. + - [ ] Create a file storage type `Nextcloud` by clicking the button `+ Storage` and choosing Nextcloud + - [ ] Add name as `Nextcloud`. + - [ ] Add Host as `` + - [ ] Set authentication method to `Single-Sign-On through OpenID Connect Identity Provider`. + - [ ] Then, select the option `Use access token obtained during user log in`. + - [ ] Uncheck project folder (automatically managed folder). + - [ ] Click on button `Finish setup`. +- [ ] Navigate to `Project settings > Files` of a project (for example, `Demo Project`) and add `Nextcloud` as a file storage. +- [ ] If you are using [Docker setup](../../dev/), default `Keycloak` users already exist (`alice` and `brian`, password: `1234`), so you can skip the user-creation steps below and go directly to step [B.2.4](#b24-setup-integration-token-exchange-disabled-in-nextcloud). +- [ ] In Keycloak, go to the user management section. For example, if your realm name is `opnc`, navigate to: `opnc > Users`. +- [ ] Then create a user. +- [ ] In `OpenProject`, login as keycloak-created user. +- [ ] In `OpenProject`, log out, then log in as a user `admin`. +- [ ] As an `OpenProject` admin, add keycloak-created user as a member in one of the project (for example, `Demo Project`). + +#### B.2.4. Setup integration (token exchange disabled) in Nextcloud +- [ ] As a user `admin`, go to `Administration > OpenProject`. - [ ] Under `Authentication Method`, select `Single-Sign-On through OpenID Connect Identity Provider`. - [ ] In `Authentication settings`, select `provider Type` as `Keycloak`. -- [ ] Disable `token exchange` +- [ ] Disable `token exchange`. #### B.2.5. Verify Connection in nextcloud -- [ ] Complete step [Test No B.2.1](#b21-Configure-Keycloak). -- [ ] Complete step [Test No B.2.2](#b22-Configure-Nextcloud). -- [ ] Complete step [Test No B.2.3](#b23-Add-Keycloak-IDP-in-OpenProject). -- [ ] Complete step [Test No B.2.4](#b24-Setup-integration-token-exchange-disabled). +- [ ] First, complete steps **B.2.1** to **B.2.4**. - [ ] In nextcloud, login as keycloak-created user. -- [ ] Navigate to `Settings > Openproject` +- [ ] Navigate to `Settings > OpenProject`. - [ ] Should show user is connected as an OpenProject user. #### B.2.6. Complete the common smoke tests -- [ ] Complete [smoke tests 1-6](#common-smoke-test-steps). - -#### B.2.7.Setup integration (token exchange enabled) -- [ ] Complete step [Test No B.2.1](#b21-Configure-Keycloak). -- [ ] Complete step [Test No B.2.2](#b22-Configure-Nextcloud). -- [ ] Complete step [Test No B.2.3](#b23-Add-Keycloak-IDP-in-OpenProject). -- [ ] Go to `Administration > OpenProject` in nextcloud -- [ ] Under `Authentication Method`, select `Single-Sign-On through OpenID Connect Identity Provider` -- [ ] In `Authentication settings`, select `provider Type` as `Keycloak` -- [ ] Enable `token exchange` -- [ ] Set `OpenProject client ID *` as `Openproject` +- [ ] Complete [smoke tests 1-7](#common-smoke-test-steps). + +#### B.2.7. Setup integration (token exchange enabled) +- [ ] Complete step [Test No B.2.1](#b21-configure-keycloak). +- [ ] Complete step [Test No B.2.2](#b22-configure-nextcloud). +- [ ] Complete step [Test No B.2.3](#b23-Add-Keycloak-idp-in-openoroject). +- [ ] Go to `Administration > OpenProject` in nextcloud. +- [ ] Under `Authentication Method`, select `Single-Sign-On through OpenID Connect Identity Provider`. +- [ ] In `Authentication settings`, select `provider Type` as `Keycloak`. +- [ ] Enable `token exchange`. +- [ ] Set `OpenProject client ID *` as `openproject`. #### B.2.8. Verify Connection in nextcloud -- [ ] Complete step [Test No B.2.1](#b21-Configure-Keycloak). -- [ ] Complete step [Test No B.2.2](#b22-Configure-Nextcloud). -- [ ] Complete step [Test No B.2.3](#b23-Add-Keycloak-IDP-in-OpenProject). -- [ ] Complete step [Test No B.2.5](#b25-Verify-Connection-in-nextcloud). +- [ ] Complete step [Test No B.2.1](#b21-configure-keycloak). +- [ ] Complete step [Test No B.2.2](#b22-configure-nextcloud). +- [ ] Complete step [Test No B.2.3](#b23-add-keycloak-idp-in-openproject). +- [ ] Complete step [Test No B.2.5](#b25-verify-connection-in-nextcloud). - [ ] In nextcloud, login as keycloak-created user. -- [ ] Navigate to `settings > Openproject` +- [ ] Navigate to `Settings > OpenProject`. - [ ] Should show user is connected as an OpenProject user. #### B.2.9. Complete the common smoke tests -- [ ] Complete [smoke tests 1-6](#common-smoke-test-steps). +- [ ] Complete [smoke tests 1-7](#common-smoke-test-steps). ### Check the integration script for sso setup (Nextcloud Hub) -> Before Running the script make sure that your `Nextcloud` and `OpenProject` instance is up and running +> Before running the script, make sure that your `Nextcloud` and `OpenProject` instances are up and running. > If you're using Nextcloud as the Identity Provider (OIDC), make sure the following apps are installed and enabled in Nextcloud: > - oidc > - integration_openproject @@ -250,8 +272,8 @@ bash integration_setup.sh > > To add the Nextcloud storage, delete the 'nextcloud' file storage from OpenProject, reset the Nextcloud config, and run the script again. -- [ ] Complete step [Test No B.1.1](#B11-Configure-Nextcloud) (only the first , second and thrid steps are required). -- [ ] Complete step [Test No B.1.2](#B12-Add-Nextcloud-Idp-in-OpenProject) (only the first and second steps are required). +- [ ] Complete step [Test No B.1.1](#b11-configure-nextcloud) (only the first , second and third steps are required). +- [ ] Complete step [Test No B.1.2](#b12-add-nextcloud-idp-in-openProject-without-project-folder-setup) (only the first and second steps are required). - [ ] Run the `integration_oidc_setup.sh` script to set up integration without project folder with the following command: ```bash @@ -269,20 +291,20 @@ OP_USE_LOGIN_TOKEN=true \ bash integration_oidc_setup.sh ``` -- [ ] Upon success, try step [Test No B.1.4](#b14-Login-to-OpenProject-using-Nextcloud-user). -- [ ] Upon success, try step [Test No B.1.5](#b15-Verify-Connection-of-Nextcloud-user-with-OpenProject). +- [ ] Upon success, try step [Test No B.1.4](#b14-login-to-openproject-using-nextcloud-user). +- [ ] Upon success, try step [Test No B.1.5](#b15-verify-connection-of-nextcloud-user-with-openproject). - [ ] Also, to set up the integration configuration with project folder setup, at first delete 'nextcloud' file storage from OpenProject. - [ ] In nextcloud, delete the `OpenProject` user, group and team folder from the nextcloud (if they exist). - [ ] Then, reset the Nextcloud config. -- [ ] set environment `SETUP_PROJECT_FOLDER=true` and run the script. +- [ ] Set environment `SETUP_PROJECT_FOLDER=true` and run the script. - [ ] Run the script again after it is already setup (Should not give any error). ### Check the integration script for sso setup (External provider without token exchange) > Before running the script make sure that you delete the 'nextcloud' file storage from OpenProject and reset the integration settings in Nextcloud. -- [ ] Complete step [Test No B.2.1](#b21-Configure-Keycloak). -- [ ] Complete step [Test No B.2.2](#b22-Configure-Nextcloud). -- [ ] Complete step [Test No B.2.3](#b23-Add-Keycloak-IDP-in-OpenProject). +- [ ] Complete step [Test No B.2.1](#b21-configure-keycloak). +- [ ] Complete step [Test No B.2.2](#b22-configure-nextcloud). +- [ ] Complete step [Test No B.2.3](#b23-add-keycloak-idp-in-openproject). - [ ] Run the `integration_oidc_setup.sh` script to set up integration without project folder with the following command: ```bash @@ -304,20 +326,20 @@ bash integration_oidc_setup.sh ``` -- [ ] Upon success, try step [Test No B.2.5](#B25-Verify-Connection-in-nextcloud). +- [ ] Upon success, try step [Test No B.2.5](#b25-verify-connection-in-nextcloud). - [ ] Also, to set up the integration configuration with project folder setup, at first delete 'nextcloud' file storage from OpenProject. - [ ] In nextcloud, delete the `OpenProject` user, group and team folder from the nextcloud (if they exist). - [ ] Then, reset the Nextcloud config. -- [ ] set environment `SETUP_PROJECT_FOLDER=true` and run the script. +- [ ] Set environment `SETUP_PROJECT_FOLDER=true` and run the script. - [ ] Run the script again after it is already setup (Should not give any error). ### Check the integration script for sso setup (External provider with token exchange) -> Before Running the below script make sure that you delete the 'nextcloud' file storage from OpenProject and reset the Nextcloud config. +> Before running the script below, make sure that you delete the 'nextcloud' file storage from OpenProject and reset the Nextcloud config. -- [ ] Complete step [Test No B.2.1](#b21-Configure-Keycloak). -- [ ] Complete step [Test No B.2.2](#b22-Configure-Nextcloud). -- [ ] Complete step [Test No B.2.3](#b23-Add-Keycloak-IDP-in-OpenProject). +- [ ] Complete step [Test No B.2.1](#b21-configure-keycloak). +- [ ] Complete step [Test No B.2.2](#b22-configure-nextcloud). +- [ ] Complete step [Test No B.2.3](#b23-add-keycloak-idp-in-openproject). - [ ] Run the `integration_oidc_setup.sh` script to set up integration without project folder with the following command: ```bash @@ -338,17 +360,17 @@ OP_STORAGE_AUDIENCE=nextcloud \ bash integration_oidc_setup.sh ``` -- [ ] Upon success, try step [Test No B.2.8](#B28-Verify-Connection-in-nextcloud). +- [ ] Upon success, try step [Test No B.2.8](#b28-verify-connection-in-nextcloud). - [ ] Also, to set up the integration configuration with project folder setup, at first delete 'nextcloud' file storage from OpenProject. - [ ] In nextcloud, delete the `OpenProject` user, group and team folder from the nextcloud (if they exist). - [ ] Then, reset the Nextcloud config. -- [ ] set environment `SETUP_PROJECT_FOLDER=true` and run the script. +- [ ] Set environment `SETUP_PROJECT_FOLDER=true` and run the script. - [ ] Run the script again after it is already setup (Should not give any error). ## Common Smoke Test Steps -### 1. Link/Unlink a work package for a file/folder in Nextcloud -- [ ] In openproject, Select a file, navigate to sidebar `OpenProject` tab. +### 1. Link/Unlink a work package for a file/folder in nextcloud +- [ ] Select a file, navigate to sidebar `OpenProject` tab. - [ ] Search for any of the work packages in the `Demo Project`. - [ ] Work packages are listed. - [ ] Link to any one of the work packages appeared in the search lists. @@ -358,19 +380,20 @@ bash integration_oidc_setup.sh - [ ] Unlink a work package and it should be deleted from the `OpenProject` Tab with a successful message. ### 2. Link/Unlink a work package for a file/folder from OpenProject -- [ ] Navigate to `Demo Project > Work Packages` and double click any one of the work packages available. +- [ ] In OpenProject, navigate to `Demo Project > Work Packages` and double click any one of the work packages available. - [ ] Navigate to `Files` tab, click `link existing files`, select available files (for example, welcome.txt) from Nextcloud and link it to the work package. -- [ ] Selected file is linked to the work package in `OpenProject` +- [ ] Selected file is linked to the work package in `OpenProject`. - [ ] Also Navigate to nextcloud and see in the `OpenProject` tab for file (welcome.txt), the work package should be linked. ### 3. Direct upload file/folder from OpenProject to Nextcloud -- [ ] Navigate to `Demo Project > Work Packages` and double click any one of the work packages available. +- [ ] In OpenProject, navigate to `Demo Project > Work Packages` and double click any one of the work packages available. - [ ] Navigate to `Files` tab, click `Upload files`, select available files from your local system (for example, local.txt) and upload choosing the upload location. -- [ ] Uploaded file is linked to the work package in `OpenProject` +- [ ] Uploaded file is linked to the work package in `OpenProject`. - [ ] Also Navigate to `Nextcloud` and see in the `OpenProject` tab for file (local.txt), the work package should be linked. ### 4. Create a WorkPackage from Nextcloud -- [ ] Open the form to create work package from Nextcloud in the `OpenProject` tab for a file/folder. +- [ ] In `Nextcloud`, select a file and open the sidebar `OpenProject` tab. +- [ ] Click `Create and link new work package`. - [ ] Select `Demo Project`, fill up the modal form and create. - [ ] Work package should be created and linked to the selected file. @@ -381,20 +404,37 @@ bash integration_oidc_setup.sh - [ ] Now as an `OpenProject` admin, assign any of the `Demo Project` work packages to the created `OpenProject` user. - [ ] The `Nextcloud` user should receive a notification regarding the assignment. -### 6. Check New folder with automatically managed permissions in OpenProject +### 6. Setup and check project folder in Nextcloud (with project folder setup) +- [ ] Enable the Nextcloud `groupfolders` app (`Team folders`) in `Nextcloud`. +- [ ] Enable `Automatically managed folders` switch in admin setting and set project folder. +- [ ] Application password should be generated (copy this password as this will be needed in the next step). +- [ ] Verify that `OpenProject` user and `OpenProject` group are created with user `OpenProject` as sub-admin of the group. +- [ ] Verify that `OpenProjectNoAutomaticProjectFolders` group is also created with user `OpenProject` as sub-admin. +- [ ] Try deleting `OpenProject` user and `OpenProject` group, those should not be deleted. +- [ ] Try deleting `OpenProjectNoAutomaticProjectFolders` group, it should not be possible to delete. +- [ ] Test group management (as a user `OpenProject`): + - Login as `OpenProject` user + - Add a test user `user1` to the `OpenProject` group + - Remove `user1` from the `OpenProject` group + - Verify that `user1` is automatically moved to the `OpenProjectNoAutomaticProjectFolders` group + +### 7. Setup and Check New folder with automatically managed permissions in OpenProject +- [ ] In `OpenProject`, navigate to `Administration > Files > Nextcloud`. +- [ ] On `Automatically managed folders` section, click on Edit. +- [ ] Enable the `Automatically managed folders` option. +- [ ] Enter the application password generated from `Nextcloud` and click on `Finish setup`. - [ ] Navigate to `Demo Project > Work Packages` and double click any one of the work packages available. - [ ] Navigate to `Files` tab, click `link existing files`. - [ ] In a modal, `Nextcloud > OpenProject > Demo project(1)` should be visible. - [ ] Also Navigate to `Nextcloud` and in Files `OpenProject > Demo project(1)` folder is created. -- [ ] Try to delete `OpenProject` or `OpenProject > Demo project(1)`. They should not be deleted. ## App Upgrade Testing ### Upgrade Steps -- [ ] **Check update is available**: `php occ app:update --showonly integration_openproject` -- [ ] **Run upgrade**: `php occ app:update --allow-unstable integration_openproject` -- [ ] **Verify upgrade**: Confirm no errors and version updated +- [ ] **Check update is available**: `php occ app:update --showonly integration_openproject`. +- [ ] **Run upgrade**: `php occ app:update --allow-unstable integration_openproject`. +- [ ] **Verify upgrade**: Confirm no errors and version updated. > **Important**: When upgrading from old versions, the upgrade might fail with "Undefined constant" error due to a known cache issue in Nextcloud. To fix this, please run the following commands: > @@ -406,28 +446,28 @@ bash integration_oidc_setup.sh ### Upgrade Test Cases #### Existing OAuth 2.0 Setup -- [ ] **Before upgrade**: Perform complete setup with OAuth2 method (Project folder enabled) -- [ ] Perform [Upgrade steps](#upgrade-steps) -- [ ] **After upgrade**: Check that the integration setup and other changes are preserved +- [ ] **Before upgrade**: Perform complete setup with OAuth2 method (Project folder enabled). +- [ ] Perform [Upgrade steps](#upgrade-steps). +- [ ] **After upgrade**: Check that the integration setup and other changes are preserved. #### Existing SSO Setup ##### Nextcloud Hub as IDP -- [ ] **Before upgrade**: Perform complete setup with sso method (Nextcloud Hub as IDP, Project folder enabled) -- [ ] Perform [Upgrade steps](#upgrade-steps) -- [ ] **After upgrade**: Check that the integration setup and other changes are preserved +- [ ] **Before upgrade**: Perform complete setup with sso method (Nextcloud Hub as IDP, Project folder enabled). +- [ ] Perform [Upgrade steps](#upgrade-steps). +- [ ] **After upgrade**: Check that the integration setup and other changes are preserved. #### External Provider (Keycloak) ##### Token Exchange Disabled -- [ ] **Before upgrade**: Perform complete setup with sso method (Keycloak as IDP, Token exchange disable, Project folder enabled) -- [ ] Perform [Upgrade steps](#upgrade-steps) -- [ ] **After upgrade**: Check that the integration setup and other changes are preserved +- [ ] **Before upgrade**: Perform complete setup with sso method (Keycloak as IDP, Token exchange disable, Project folder enabled). +- [ ] Perform [Upgrade steps](#upgrade-steps). +- [ ] **After upgrade**: Check that the integration setup and other changes are preserved. ##### Token Exchange Enabled -- [ ] **Before upgrade**: Perform complete setup with sso method (Keycloak as IDP, Token exchange enable, Project folder enabled) -- [ ] Perform [Upgrade steps](#upgrade-steps) -- [ ] **After upgrade**: Check that the integration setup and other changes are preserved +- [ ] **Before upgrade**: Perform complete setup with sso method (Keycloak as IDP, Token exchange enable, Project folder enabled). +- [ ] Perform [Upgrade steps](#upgrade-steps). +- [ ] **After upgrade**: Check that the integration setup and other changes are preserved.