features/2/keys.feature


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257

Feature: Handle current users collection of keys

  LEAP currently uses OpenPGP and is working on implementing katzenpost.
  Both systems require public keys of a user to be available for retrival.

  The /2/keys endpoint allows the client to manage the public keys
  registered for their users email address.

  You need to specify the type of the key when publishing it. Some
  keytypes such as 'openpgp' and 'katzenpost_id' will only allow a
  single key to be published. Others such as 'katzenpost_link' allow
  multiple keys to be registered at the same time. We deal with this
  by allowing arbitrary json data to be specified as the value of the
  key. So katzenpost_link keys can be combined in a json data structure.

  POST request will register a new key. In order to replace an existing
  key you need to send a PATCH request to /keys/:type including the last
  revision (rev) of the key. This way we can detect conflicts between
  concurrend updates.

  Background:
    Given I authenticated
    Given I set headers:
      | Accept       | application/json |
      | Content-Type | application/json |
      | Authorization | Token token="MY_AUTH_TOKEN" |

  Scenario: Get initial empty set of keys
    When I send a GET request to "2/keys"
    Then the response status should be "200"
    And the response should be:
    """
      {}
    """

  Scenario: Get all the keys
    Given I have published a "openpgp" key
    And I have published "katzenpost_link" keys
    When I send a GET request to "2/keys"
    Then the response status should be "200"
    And the response should be:
    """
    {
    "openpgp": {
      "type": "openpgp",
      "value": "DUMMY_KEY",
      "rev": "DUMMY_REV"
      },
    "katzenpost_link": {
      "type": "katzenpost_link",
      "value": {
        "one": "DUMMY_KEY",
        "two": "DUMMY_KEY"
      },
      "rev": "DUMMY_REV"
      }
    }
    """

  Scenario: Get a single key
    Given I have published a "openpgp" key
    When I send a GET request to "2/keys/openpgp"
    Then the response status should be "200"
    And the response should be:
    """
    {
      "type": "openpgp",
      "value": "DUMMY_KEY",
      "rev": "DUMMY_REV"
    }
    """

  Scenario: Get a set of keys for one type
    Given I have published "katzenpost_link" keys
    When I send a GET request to "2/keys/katzenpost_link"
    Then the response status should be "200"
    And the response should be:
    """
      {
        "type": "katzenpost_link",
        "value": {
          "one": "DUMMY_KEY",
          "two": "DUMMY_KEY"
          },
        "rev": "DUMMY_REV"
      }
    """

  Scenario: Publish an initial OpenPGP key
    When I send a POST request to "2/keys" with the following:
    """
      {
      "type": "openpgp",
      "value": "ASDF"
      }
    """
    Then the response status should be "204"
    And I should have published a "openpgp" key

  Scenario: Do not overwrite an existing key
    Given I have published a "openpgp" key
    When I send a POST request to "2/keys" with the following:
    """
      {
      "type": "openpgp",
      "value": "QWER"
      }
    """
    Then the response status should be "422"
    And the response should be:
    """
      {
      "error": "key already exists"
      }
    """

  Scenario: Publishing an empty key fails
    When I send a POST request to "2/keys" with the following:
    """
      {}
    """
    Then the response status should be "422"
    And the response should be:
    """
      {
      "error": "param is missing or the value is empty: type"
      }
    """

  Scenario: Updating an existing key
    Given I have published a "openpgp" key
    When I send a PATCH request to "2/keys/openpgp" with the following:
    """
      {
      "type": "openpgp",
      "value": "QWER",
      "rev": "DUMMY_REV"
      }
    """
    Then the response status should be "204"
    And I should have published a "openpgp" key with value "QWER"

  Scenario: Updating a missing key raises
    When I send a PATCH request to "2/keys/openpgp" with the following:
    """
      {
      "type": "openpgp",
      "value": "QWER",
      "rev": "DUMMY_REV"
      }
    """
    Then the response status should be "404"
    And the response should be:
    """
      {
      "error": "no such key: openpgp"
      }
    """
    And I should not have published a "openpgp" key

  Scenario: Updating an existing key require revision
    Given I have published a "openpgp" key
    When I send a PATCH request to "2/keys/openpgp" with the following:
    """
      {
      "type": "openpgp",
      "value": "QWER"
      }
    """
    Then the response status should be "422"
    And the response should be:
    """
      {
      "error": "param is missing or the value is empty: rev"
      }
    """

  Scenario: Updating an existing key require right revision
    Given I have published a "openpgp" key
    When I send a PATCH request to "2/keys/openpgp" with the following:
    """
      {
      "type": "openpgp",
      "value": "QWER",
      "rev": "WRONG_REV"
      }
    """
    Then the response status should be "422"
    And the response should be:
    """
      {
      "error": "wrong revision: WRONG_REV"
      }
    """

  Scenario: Deleting an existing key
    Given I have published a "openpgp" key
    When I send a DELETE request to "2/keys/openpgp" with the following:
    """
      {
      "type": "openpgp",
      "rev": "DUMMY_REV"
      }
    """
    Then the response status should be "204"
    And I should not have published a "openpgp" key

  Scenario: Deleting a missing key raises
    When I send a DELETE request to "2/keys/openpgp" with the following:
    """
      {
      "type": "openpgp",
      "rev": "DUMMY_REV"
      }
    """
    Then the response status should be "404"
    And the response should be:
    """
      {
      "error": "no such key: openpgp"
      }
    """

  Scenario: Deleting an existing key require revision
    Given I have published a "openpgp" key
    When I send a DELETE request to "2/keys/openpgp" with the following:
    """
      {
      "type": "openpgp"
      }
    """
    Then the response status should be "422"
    And the response should be:
    """
      {
      "error": "param is missing or the value is empty: rev"
      }
    """
    And I should have published a "openpgp" key

  Scenario: Deleting an existing key require right revision
    Given I have published a "openpgp" key
    When I send a DELETE request to "2/keys/openpgp" with the following:
    """
      {
      "type": "openpgp",
      "rev": "WRONG_REV"
      }
    """
    Then the response status should be "422"
    And the response should be:
    """
      {
      "error": "wrong revision: WRONG_REV"
      }
    """
    And I should have published a "openpgp" key