diff options
Diffstat (limited to 'features')
-rw-r--r-- | features/authentication.feature | 24 | ||||
-rw-r--r-- | features/config.feature | 46 | ||||
-rw-r--r-- | features/step_definitions/.gitkeep | 0 | ||||
-rw-r--r-- | features/step_definitions/api_steps.rb | 131 | ||||
-rw-r--r-- | features/step_definitions/auth_steps.rb | 6 | ||||
-rw-r--r-- | features/step_definitions/config_steps.rb | 6 | ||||
-rw-r--r-- | features/support/env.rb | 58 | ||||
-rw-r--r-- | features/support/hooks.rb | 18 | ||||
-rw-r--r-- | features/unauthenticated.feature | 29 |
9 files changed, 318 insertions, 0 deletions
diff --git a/features/authentication.feature b/features/authentication.feature new file mode 100644 index 0000000..52b562f --- /dev/null +++ b/features/authentication.feature @@ -0,0 +1,24 @@ +Feature: Authentication + + Authentication is handled with SRP. Once the SRP handshake has been successful a token will be transmitted. This token is used to authenticate further requests. + + In the scenarios MY_AUTH_TOKEN will serve as a placeholder for the actual token received. + + Background: + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + + Scenario: Submitting a valid token + Given I authenticated + And I set headers: + | Authorization | Token token="MY_AUTH_TOKEN" | + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + + Scenario: Submitting an invalid token + Given I authenticated + And I set headers: + | Authorization | Token token="InvalidToken" | + When I send a GET request to "/1/configs.json" + Then the response status should be "401" diff --git a/features/config.feature b/features/config.feature new file mode 100644 index 0000000..6adaed9 --- /dev/null +++ b/features/config.feature @@ -0,0 +1,46 @@ +Feature: Download Provider Configuration + + The LEAP Provider exposes parts of its configuration through the API. + + This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. Which is available without authentication (see unauthenticated.feature). + + More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`. + + Background: + Given I authenticated + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + | Authorization | Token token="MY_AUTH_TOKEN" | + + @tempfile + Scenario: Fetch provider config + Given the provider config is: + """ + {"config": "me"} + """ + When I send a GET request to "/provider.json" + Then the response status should be "200" + And the response should be: + """ + {"config": "me"} + """ + + Scenario: Missing provider config + When I send a GET request to "/provider.json" + Then the response status should be "404" + And the response should have "error" with "not_found" + + Scenario: Fetch list of available configs + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + And the response should be: + """ + { + "services": { + "soledad": "/1/configs/soledad-service.json", + "eip": "/1/configs/eip-service.json", + "smtp": "/1/configs/smtp-service.json" + } + } + """ diff --git a/features/step_definitions/.gitkeep b/features/step_definitions/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/features/step_definitions/.gitkeep diff --git a/features/step_definitions/api_steps.rb b/features/step_definitions/api_steps.rb new file mode 100644 index 0000000..a4f369c --- /dev/null +++ b/features/step_definitions/api_steps.rb @@ -0,0 +1,131 @@ +if defined?(Rack) + + # Monkey patch Rack::MockResponse to work properly with response debugging + class Rack::MockResponse + def to_str + body + end + end + + World(Rack::Test::Methods) + +end + +Given /^I set headers:$/ do |headers| + headers.rows_hash.each do |key,value| + value.sub!('MY_AUTH_TOKEN', @my_auth_token.to_s) if @my_auth_token + header key, value + end +end + +Given /^I send and accept (XML|JSON)$/ do |type| + header 'Accept', "application/#{type.downcase}" + header 'Content-Type', "application/#{type.downcase}" +end + +Given /^I send and accept HTML$/ do + header 'Accept', "text/html" + header 'Content-Type', "application/x-www-form-urlencoded" +end + +When /^I authenticate as the user "([^"]*)" with the password "([^"]*)"$/ do |user, pass| + authorize user, pass +end + +When /^I digest\-authenticate as the user "(.*?)" with the password "(.*?)"$/ do |user, pass| + digest_authorize user, pass +end + +When /^I send a (GET|POST|PUT|DELETE) request (?:for|to) "([^"]*)"(?: with the following:)?$/ do |*args| + request_type = args.shift + path = args.shift + input = args.shift + + request_opts = {method: request_type.downcase.to_sym} + + unless input.nil? + if input.class == Cucumber::Ast::Table + request_opts[:params] = input.rows_hash + else + request_opts[:input] = input + end + end + + request path, request_opts +end + +Then /^show me the (unparsed)?\s?response$/ do |unparsed| + if unparsed == 'unparsed' + puts last_response.body + elsif last_response.headers['Content-Type'] =~ /json/ + json_response = JSON.parse(last_response.body) + puts JSON.pretty_generate(json_response) + else + puts last_response.headers + puts last_response.body + end +end + +Then /^the response status should be "([^"]*)"$/ do |status| + if self.respond_to? :should + last_response.status.should == status.to_i + else + assert_equal status.to_i, last_response.status + end +end + +Then /^the response should (not)?\s?have "([^"]*)"$/ do |negative, key| + json = JSON.parse(last_response.body) + if self.respond_to?(:should) + if negative.present? + json[key].should be_blank + else + json[key].should be_present + end + else + if negative.present? + assert json[key].blank? + else + assert json[key].present? + end + end +end + + +Then /^the response should (not)?\s?have "([^"]*)" with(?: the text)? "([^"]*)"$/ do |negative, key, text| + json = JSON.parse(last_response.body) + if self.respond_to?(:should) + if negative.present? + json[key].should_not == text + else + results.should == text + end + else + if negative.present? + assert ! json[key] == text + else + assert_equal text, json[key] + end + end +end + +Then /^the response should be:$/ do |json| + expected = JSON.parse(json) + actual = JSON.parse(last_response.body) + + if self.respond_to?(:should) + actual.should == expected + else + assert_equal expected, actual + end +end + +Then /^the response should have "([^"]*)" with a length of (\d+)$/ do |json_path, length| + json = JSON.parse(last_response.body) + results = JsonPath.new(json_path).on(json) + if self.respond_to?(:should) + results.length.should == length.to_i + else + assert_equal length.to_i, results.length + end +end diff --git a/features/step_definitions/auth_steps.rb b/features/step_definitions/auth_steps.rb new file mode 100644 index 0000000..00d9004 --- /dev/null +++ b/features/step_definitions/auth_steps.rb @@ -0,0 +1,6 @@ + +Given /^I authenticated$/ do + @user = FactoryGirl.create(:user) + @my_auth_token = Token.create user_id: @user.id +end + diff --git a/features/step_definitions/config_steps.rb b/features/step_definitions/config_steps.rb new file mode 100644 index 0000000..50ae829 --- /dev/null +++ b/features/step_definitions/config_steps.rb @@ -0,0 +1,6 @@ +Given /the provider config is:$/ do |config| + @tempfile = Tempfile.new('provider.json') + @tempfile.write config + @tempfile.close + StaticConfigController::PROVIDER_JSON = @tempfile.path +end diff --git a/features/support/env.rb b/features/support/env.rb new file mode 100644 index 0000000..d3067db --- /dev/null +++ b/features/support/env.rb @@ -0,0 +1,58 @@ +# IMPORTANT: This file is generated by cucumber-rails - edit at your own peril. +# It is recommended to regenerate this file in the future when you upgrade to a +# newer version of cucumber-rails. Consider adding your own code to a new file +# instead of editing this one. Cucumber will automatically load all features/**/*.rb +# files. + +require 'cucumber/rails' + +# Capybara defaults to CSS3 selectors rather than XPath. +# If you'd prefer to use XPath, just uncomment this line and adjust any +# selectors in your step definitions to use the XPath syntax. +# Capybara.default_selector = :xpath + +# By default, any exception happening in your Rails application will bubble up +# to Cucumber so that your scenario will fail. This is a different from how +# your application behaves in the production environment, where an error page will +# be rendered instead. +# +# Sometimes we want to override this default behaviour and allow Rails to rescue +# exceptions and display an error page (just like when the app is running in production). +# Typical scenarios where you want to do this is when you test your error pages. +# There are two ways to allow Rails to rescue exceptions: +# +# 1) Tag your scenario (or feature) with @allow-rescue +# +# 2) Set the value below to true. Beware that doing this globally is not +# recommended as it will mask a lot of errors for you! +# +ActionController::Base.allow_rescue = false + +# Remove/comment out the lines below if your app doesn't have a database. +# For some databases (like MongoDB and CouchDB) you may need to use :truncation instead. +begin + #DatabaseCleaner.strategy = :truncation +rescue NameError + raise "You need to add database_cleaner to your Gemfile (in the :test group) if you wish to use it." +end + +# You may also want to configure DatabaseCleaner to use different strategies for certain features and scenarios. +# See the DatabaseCleaner documentation for details. Example: +# +# Before('@no-txn,@selenium,@culerity,@celerity,@javascript') do +# # { :except => [:widgets] } may not do what you expect here +# # as Cucumber::Rails::Database.javascript_strategy overrides +# # this setting. +# DatabaseCleaner.strategy = :truncation +# end +# +# Before('~@no-txn', '~@selenium', '~@culerity', '~@celerity', '~@javascript') do +# DatabaseCleaner.strategy = :transaction +# end +# + +# Possible values are :truncation and :transaction +# The :transaction strategy is faster, but might give you threading problems. +# See https://github.com/cucumber/cucumber-rails/blob/master/features/choose_javascript_database_strategy.feature +Cucumber::Rails::Database.javascript_strategy = :truncation + diff --git a/features/support/hooks.rb b/features/support/hooks.rb new file mode 100644 index 0000000..19928d8 --- /dev/null +++ b/features/support/hooks.rb @@ -0,0 +1,18 @@ +After '@tempfile' do + if @tempfile + @tempfile.close + @tempfile.unlink + end +end + +After do |scenario| + if scenario.failed? + logfile_path = Rails.root + 'tmp' + logfile_path += "#{scenario.title.gsub(/\s/, '_')}.log" + File.open(logfile_path, 'w') do |test_log| + test_log.puts scenario.title + test_log.puts "=========================" + test_log.puts `tail log/test.log -n 200` + end + end +end diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature new file mode 100644 index 0000000..120274b --- /dev/null +++ b/features/unauthenticated.feature @@ -0,0 +1,29 @@ +Feature: Unauthenticated API endpoints + + Most of the LEAP Provider API requires authentication. + However there are a few exceptions - mostly prerequisits of authenticating. This feature and the authentication feature document these. + + Background: + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + + @tempfile + Scenario: Fetch provider config + Given the provider config is: + """ + {"config": "me"} + """ + When I send a GET request to "/provider.json" + Then the response status should be "200" + And the response should be: + """ + {"config": "me"} + """ + + Scenario: Authentication required for all other API endpoints + When I send a GET request to "/1/configs" + Then the response status should be "401" + And the response should have "error" with "not_authorized_login" + And the response should have "message" + |