summaryrefslogtreecommitdiff
path: root/features
diff options
context:
space:
mode:
Diffstat (limited to 'features')
-rw-r--r--features/authentication.feature24
-rw-r--r--features/config.feature46
-rw-r--r--features/step_definitions/.gitkeep0
-rw-r--r--features/step_definitions/api_steps.rb131
-rw-r--r--features/step_definitions/auth_steps.rb6
-rw-r--r--features/step_definitions/config_steps.rb6
-rw-r--r--features/support/env.rb58
-rw-r--r--features/support/hooks.rb18
-rw-r--r--features/unauthenticated.feature29
9 files changed, 318 insertions, 0 deletions
diff --git a/features/authentication.feature b/features/authentication.feature
new file mode 100644
index 0000000..52b562f
--- /dev/null
+++ b/features/authentication.feature
@@ -0,0 +1,24 @@
+Feature: Authentication
+
+ Authentication is handled with SRP. Once the SRP handshake has been successful a token will be transmitted. This token is used to authenticate further requests.
+
+ In the scenarios MY_AUTH_TOKEN will serve as a placeholder for the actual token received.
+
+ Background:
+ Given I set headers:
+ | Accept | application/json |
+ | Content-Type | application/json |
+
+ Scenario: Submitting a valid token
+ Given I authenticated
+ And I set headers:
+ | Authorization | Token token="MY_AUTH_TOKEN" |
+ When I send a GET request to "/1/configs.json"
+ Then the response status should be "200"
+
+ Scenario: Submitting an invalid token
+ Given I authenticated
+ And I set headers:
+ | Authorization | Token token="InvalidToken" |
+ When I send a GET request to "/1/configs.json"
+ Then the response status should be "401"
diff --git a/features/config.feature b/features/config.feature
new file mode 100644
index 0000000..6adaed9
--- /dev/null
+++ b/features/config.feature
@@ -0,0 +1,46 @@
+Feature: Download Provider Configuration
+
+ The LEAP Provider exposes parts of its configuration through the API.
+
+ This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. Which is available without authentication (see unauthenticated.feature).
+
+ More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`.
+
+ Background:
+ Given I authenticated
+ Given I set headers:
+ | Accept | application/json |
+ | Content-Type | application/json |
+ | Authorization | Token token="MY_AUTH_TOKEN" |
+
+ @tempfile
+ Scenario: Fetch provider config
+ Given the provider config is:
+ """
+ {"config": "me"}
+ """
+ When I send a GET request to "/provider.json"
+ Then the response status should be "200"
+ And the response should be:
+ """
+ {"config": "me"}
+ """
+
+ Scenario: Missing provider config
+ When I send a GET request to "/provider.json"
+ Then the response status should be "404"
+ And the response should have "error" with "not_found"
+
+ Scenario: Fetch list of available configs
+ When I send a GET request to "/1/configs.json"
+ Then the response status should be "200"
+ And the response should be:
+ """
+ {
+ "services": {
+ "soledad": "/1/configs/soledad-service.json",
+ "eip": "/1/configs/eip-service.json",
+ "smtp": "/1/configs/smtp-service.json"
+ }
+ }
+ """
diff --git a/features/step_definitions/.gitkeep b/features/step_definitions/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/features/step_definitions/.gitkeep
diff --git a/features/step_definitions/api_steps.rb b/features/step_definitions/api_steps.rb
new file mode 100644
index 0000000..a4f369c
--- /dev/null
+++ b/features/step_definitions/api_steps.rb
@@ -0,0 +1,131 @@
+if defined?(Rack)
+
+ # Monkey patch Rack::MockResponse to work properly with response debugging
+ class Rack::MockResponse
+ def to_str
+ body
+ end
+ end
+
+ World(Rack::Test::Methods)
+
+end
+
+Given /^I set headers:$/ do |headers|
+ headers.rows_hash.each do |key,value|
+ value.sub!('MY_AUTH_TOKEN', @my_auth_token.to_s) if @my_auth_token
+ header key, value
+ end
+end
+
+Given /^I send and accept (XML|JSON)$/ do |type|
+ header 'Accept', "application/#{type.downcase}"
+ header 'Content-Type', "application/#{type.downcase}"
+end
+
+Given /^I send and accept HTML$/ do
+ header 'Accept', "text/html"
+ header 'Content-Type', "application/x-www-form-urlencoded"
+end
+
+When /^I authenticate as the user "([^"]*)" with the password "([^"]*)"$/ do |user, pass|
+ authorize user, pass
+end
+
+When /^I digest\-authenticate as the user "(.*?)" with the password "(.*?)"$/ do |user, pass|
+ digest_authorize user, pass
+end
+
+When /^I send a (GET|POST|PUT|DELETE) request (?:for|to) "([^"]*)"(?: with the following:)?$/ do |*args|
+ request_type = args.shift
+ path = args.shift
+ input = args.shift
+
+ request_opts = {method: request_type.downcase.to_sym}
+
+ unless input.nil?
+ if input.class == Cucumber::Ast::Table
+ request_opts[:params] = input.rows_hash
+ else
+ request_opts[:input] = input
+ end
+ end
+
+ request path, request_opts
+end
+
+Then /^show me the (unparsed)?\s?response$/ do |unparsed|
+ if unparsed == 'unparsed'
+ puts last_response.body
+ elsif last_response.headers['Content-Type'] =~ /json/
+ json_response = JSON.parse(last_response.body)
+ puts JSON.pretty_generate(json_response)
+ else
+ puts last_response.headers
+ puts last_response.body
+ end
+end
+
+Then /^the response status should be "([^"]*)"$/ do |status|
+ if self.respond_to? :should
+ last_response.status.should == status.to_i
+ else
+ assert_equal status.to_i, last_response.status
+ end
+end
+
+Then /^the response should (not)?\s?have "([^"]*)"$/ do |negative, key|
+ json = JSON.parse(last_response.body)
+ if self.respond_to?(:should)
+ if negative.present?
+ json[key].should be_blank
+ else
+ json[key].should be_present
+ end
+ else
+ if negative.present?
+ assert json[key].blank?
+ else
+ assert json[key].present?
+ end
+ end
+end
+
+
+Then /^the response should (not)?\s?have "([^"]*)" with(?: the text)? "([^"]*)"$/ do |negative, key, text|
+ json = JSON.parse(last_response.body)
+ if self.respond_to?(:should)
+ if negative.present?
+ json[key].should_not == text
+ else
+ results.should == text
+ end
+ else
+ if negative.present?
+ assert ! json[key] == text
+ else
+ assert_equal text, json[key]
+ end
+ end
+end
+
+Then /^the response should be:$/ do |json|
+ expected = JSON.parse(json)
+ actual = JSON.parse(last_response.body)
+
+ if self.respond_to?(:should)
+ actual.should == expected
+ else
+ assert_equal expected, actual
+ end
+end
+
+Then /^the response should have "([^"]*)" with a length of (\d+)$/ do |json_path, length|
+ json = JSON.parse(last_response.body)
+ results = JsonPath.new(json_path).on(json)
+ if self.respond_to?(:should)
+ results.length.should == length.to_i
+ else
+ assert_equal length.to_i, results.length
+ end
+end
diff --git a/features/step_definitions/auth_steps.rb b/features/step_definitions/auth_steps.rb
new file mode 100644
index 0000000..00d9004
--- /dev/null
+++ b/features/step_definitions/auth_steps.rb
@@ -0,0 +1,6 @@
+
+Given /^I authenticated$/ do
+ @user = FactoryGirl.create(:user)
+ @my_auth_token = Token.create user_id: @user.id
+end
+
diff --git a/features/step_definitions/config_steps.rb b/features/step_definitions/config_steps.rb
new file mode 100644
index 0000000..50ae829
--- /dev/null
+++ b/features/step_definitions/config_steps.rb
@@ -0,0 +1,6 @@
+Given /the provider config is:$/ do |config|
+ @tempfile = Tempfile.new('provider.json')
+ @tempfile.write config
+ @tempfile.close
+ StaticConfigController::PROVIDER_JSON = @tempfile.path
+end
diff --git a/features/support/env.rb b/features/support/env.rb
new file mode 100644
index 0000000..d3067db
--- /dev/null
+++ b/features/support/env.rb
@@ -0,0 +1,58 @@
+# IMPORTANT: This file is generated by cucumber-rails - edit at your own peril.
+# It is recommended to regenerate this file in the future when you upgrade to a
+# newer version of cucumber-rails. Consider adding your own code to a new file
+# instead of editing this one. Cucumber will automatically load all features/**/*.rb
+# files.
+
+require 'cucumber/rails'
+
+# Capybara defaults to CSS3 selectors rather than XPath.
+# If you'd prefer to use XPath, just uncomment this line and adjust any
+# selectors in your step definitions to use the XPath syntax.
+# Capybara.default_selector = :xpath
+
+# By default, any exception happening in your Rails application will bubble up
+# to Cucumber so that your scenario will fail. This is a different from how
+# your application behaves in the production environment, where an error page will
+# be rendered instead.
+#
+# Sometimes we want to override this default behaviour and allow Rails to rescue
+# exceptions and display an error page (just like when the app is running in production).
+# Typical scenarios where you want to do this is when you test your error pages.
+# There are two ways to allow Rails to rescue exceptions:
+#
+# 1) Tag your scenario (or feature) with @allow-rescue
+#
+# 2) Set the value below to true. Beware that doing this globally is not
+# recommended as it will mask a lot of errors for you!
+#
+ActionController::Base.allow_rescue = false
+
+# Remove/comment out the lines below if your app doesn't have a database.
+# For some databases (like MongoDB and CouchDB) you may need to use :truncation instead.
+begin
+ #DatabaseCleaner.strategy = :truncation
+rescue NameError
+ raise "You need to add database_cleaner to your Gemfile (in the :test group) if you wish to use it."
+end
+
+# You may also want to configure DatabaseCleaner to use different strategies for certain features and scenarios.
+# See the DatabaseCleaner documentation for details. Example:
+#
+# Before('@no-txn,@selenium,@culerity,@celerity,@javascript') do
+# # { :except => [:widgets] } may not do what you expect here
+# # as Cucumber::Rails::Database.javascript_strategy overrides
+# # this setting.
+# DatabaseCleaner.strategy = :truncation
+# end
+#
+# Before('~@no-txn', '~@selenium', '~@culerity', '~@celerity', '~@javascript') do
+# DatabaseCleaner.strategy = :transaction
+# end
+#
+
+# Possible values are :truncation and :transaction
+# The :transaction strategy is faster, but might give you threading problems.
+# See https://github.com/cucumber/cucumber-rails/blob/master/features/choose_javascript_database_strategy.feature
+Cucumber::Rails::Database.javascript_strategy = :truncation
+
diff --git a/features/support/hooks.rb b/features/support/hooks.rb
new file mode 100644
index 0000000..19928d8
--- /dev/null
+++ b/features/support/hooks.rb
@@ -0,0 +1,18 @@
+After '@tempfile' do
+ if @tempfile
+ @tempfile.close
+ @tempfile.unlink
+ end
+end
+
+After do |scenario|
+ if scenario.failed?
+ logfile_path = Rails.root + 'tmp'
+ logfile_path += "#{scenario.title.gsub(/\s/, '_')}.log"
+ File.open(logfile_path, 'w') do |test_log|
+ test_log.puts scenario.title
+ test_log.puts "========================="
+ test_log.puts `tail log/test.log -n 200`
+ end
+ end
+end
diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature
new file mode 100644
index 0000000..120274b
--- /dev/null
+++ b/features/unauthenticated.feature
@@ -0,0 +1,29 @@
+Feature: Unauthenticated API endpoints
+
+ Most of the LEAP Provider API requires authentication.
+ However there are a few exceptions - mostly prerequisits of authenticating. This feature and the authentication feature document these.
+
+ Background:
+ Given I set headers:
+ | Accept | application/json |
+ | Content-Type | application/json |
+
+ @tempfile
+ Scenario: Fetch provider config
+ Given the provider config is:
+ """
+ {"config": "me"}
+ """
+ When I send a GET request to "/provider.json"
+ Then the response status should be "200"
+ And the response should be:
+ """
+ {"config": "me"}
+ """
+
+ Scenario: Authentication required for all other API endpoints
+ When I send a GET request to "/1/configs"
+ Then the response status should be "401"
+ And the response should have "error" with "not_authorized_login"
+ And the response should have "message"
+