From f3be5c9da3df2e587b6383f3e827841751abe2ce Mon Sep 17 00:00:00 2001 From: open-schnick Date: Sat, 31 Oct 2020 22:51:01 +0100 Subject: [PATCH 1/2] added UserAuthorization cucumber test --- .../rest/UserAuthorization.feature | 44 +++++++++++++++++++ .../rest/cucumber/UserAuthorizationSteps.java | 43 ++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 src/test/cucumber/de/filefighter/rest/UserAuthorization.feature create mode 100644 src/test/java/de/filefighter/rest/cucumber/UserAuthorizationSteps.java diff --git a/src/test/cucumber/de/filefighter/rest/UserAuthorization.feature b/src/test/cucumber/de/filefighter/rest/UserAuthorization.feature new file mode 100644 index 00000000..5235ceca --- /dev/null +++ b/src/test/cucumber/de/filefighter/rest/UserAuthorization.feature @@ -0,0 +1,44 @@ +Feature: User Authorization + As a user + I want to be able to log in with username and password, as well as verify my identity + when using the endpoints. + +Background: + Given database is empty + And user with id 1234 exists and has username "user", password "secure_password" and refreshToken "token" + +Scenario: Successful login with username and password. + When user requests login with username "user" and password "secure_password" + Then response contains key "refreshToken" and value "token" + And response status code is 200 + And response contains the user with id 1234 + +Scenario: Failed login with username and password. + When user requests login with username "user" and password "wrong_password" + Then response message contains "User not authenticated." + And response status contains "denied" + And response status code is 401 + +Scenario: Successful retrieval of accessToken with refreshToken. + When user requests accessToken with refreshToken "token" and userId 1234 + Then response contains key "userId" and value 1234 + And response contains valid accessToken + And response status code is 200 + +Scenario: Failed retrieval of accessToken with wrong refreshToken. + When user requests accessToken with refreshToken "not_the_token" and userId 1234 + Then response message contains "User not authenticated." + And response status contains "denied" + And response status code is 401 + +Scenario: Successful UserInfo request with valid accessToken. + Given user 1234 has access token "accessToken" + When user requests userInfo with accessToken "accessToken" and userId 1234 + Then response contains the user with id 1234 + And response status code is 200 + +Scenario: Failed UserInfo request with invalid accessToken. + When user requests userInfo with accessToken "notTheAccessToken" and userId 1234 + Then response message contains "User not authenticated." + And response status contains "denied" + And response status code is 401 \ No newline at end of file diff --git a/src/test/java/de/filefighter/rest/cucumber/UserAuthorizationSteps.java b/src/test/java/de/filefighter/rest/cucumber/UserAuthorizationSteps.java new file mode 100644 index 00000000..c8af8753 --- /dev/null +++ b/src/test/java/de/filefighter/rest/cucumber/UserAuthorizationSteps.java @@ -0,0 +1,43 @@ +package de.filefighter.rest.cucumber; + +import io.cucumber.java.en.And; +import io.cucumber.java.en.Then; +import io.cucumber.java.en.When; + +public class UserAuthorizationSteps { + @And("user with id {int} exists and has username {string}, password {string} and refreshToken {string}") + public void userWithIdExistsAndHasUsernamePasswordAndRefreshToken(int arg0, String arg1, String arg2, String arg3) { + } + + @When("user requests login with username {string} and password {string}") + public void userRequestsLoginWithUsernameAndPassword(String arg0, String arg1) { + } + + @Then("response contains key {string} and value {string}") + public void responseContainsKeyAndValue(String arg0, String arg1) { + } + + @And("response contains the user with id {int}") + public void responseContainsTheUserWithId(int arg0) { + } + + @And("response status contains {string}") + public void responseStatusContains(String arg0) { + } + + @When("user requests accessToken with refreshToken {string} and userId {int}") + public void userRequestsAccessTokenWithRefreshTokenAndUserId(String arg0, int arg1) { + } + + @Then("response contains key {string} and value {int}") + public void responseContainsKeyAndValue(String arg0, int arg1) { + } + + @And("response contains valid accessToken") + public void responseContainsValidAccessToken() { + } + + @When("user requests userInfo with accessToken {string} and userId {int}") + public void userRequestsUserInfoWithAccessTokenAndUserId(String arg0, int arg1) { + } +} From 475fffdea3dab2ec3f06f1d04483ab91b0b56019 Mon Sep 17 00:00:00 2001 From: open-schnick Date: Sun, 1 Nov 2020 12:39:07 +0100 Subject: [PATCH 2/2] FF-65 rewrote some steps, rearranged steps, create CommonCucumberSteps.java --- .../rest/UserAuthorization.feature | 14 ++--- .../rest/ViewFolderContents.feature | 5 +- .../filefighter/rest/crudPermissions.feature | 20 +++---- ...va => RestApplicationIntegrationTest.java} | 2 +- .../rest/cucumber/CommonCucumberSteps.java | 47 +++++++++++++++ .../rest/cucumber/CrudPermissionSteps.java | 58 +++++-------------- .../cucumber/CucumberIntegrationTest.java | 6 +- .../rest/cucumber/SpringIntegrationTest.java | 9 --- .../rest/cucumber/UserAuthorizationSteps.java | 33 +++-------- .../cucumber/ViewFolderContentsSteps.java | 14 ++--- 10 files changed, 98 insertions(+), 110 deletions(-) rename src/test/java/de/filefighter/rest/{RestApplicationIntegrationTests.java => RestApplicationIntegrationTest.java} (96%) create mode 100644 src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java delete mode 100644 src/test/java/de/filefighter/rest/cucumber/SpringIntegrationTest.java diff --git a/src/test/cucumber/de/filefighter/rest/UserAuthorization.feature b/src/test/cucumber/de/filefighter/rest/UserAuthorization.feature index 5235ceca..4754e7b9 100644 --- a/src/test/cucumber/de/filefighter/rest/UserAuthorization.feature +++ b/src/test/cucumber/de/filefighter/rest/UserAuthorization.feature @@ -15,20 +15,20 @@ Scenario: Successful login with username and password. Scenario: Failed login with username and password. When user requests login with username "user" and password "wrong_password" - Then response message contains "User not authenticated." - And response status contains "denied" + Then response contains key "message" and value "User not authenticated." + And response contains key "status" and value "denied" And response status code is 401 Scenario: Successful retrieval of accessToken with refreshToken. When user requests accessToken with refreshToken "token" and userId 1234 - Then response contains key "userId" and value 1234 + Then response contains key "userId" and value "1234" And response contains valid accessToken And response status code is 200 Scenario: Failed retrieval of accessToken with wrong refreshToken. When user requests accessToken with refreshToken "not_the_token" and userId 1234 - Then response message contains "User not authenticated." - And response status contains "denied" + Then response contains key "message" and value "User not authenticated." + And response contains key "status" and value "denied" And response status code is 401 Scenario: Successful UserInfo request with valid accessToken. @@ -39,6 +39,6 @@ Scenario: Successful UserInfo request with valid accessToken. Scenario: Failed UserInfo request with invalid accessToken. When user requests userInfo with accessToken "notTheAccessToken" and userId 1234 - Then response message contains "User not authenticated." - And response status contains "denied" + Then response contains key "message" and value "User not authenticated." + And response contains key "status" and value "denied" And response status code is 401 \ No newline at end of file diff --git a/src/test/cucumber/de/filefighter/rest/ViewFolderContents.feature b/src/test/cucumber/de/filefighter/rest/ViewFolderContents.feature index 89f48921..a26a931c 100644 --- a/src/test/cucumber/de/filefighter/rest/ViewFolderContents.feature +++ b/src/test/cucumber/de/filefighter/rest/ViewFolderContents.feature @@ -22,7 +22,7 @@ Scenario: Folder does not exist Given user 1234 has permission of "view" for "folder" with id 42 When user with token "900000" wants to see the content of folder with path "bla/fasel" Then response status code is 400 - And response message contains "Folder does not exist, or you are not allowed to see the folder." + And response contains key "message" and value "Folder does not exist, or you are not allowed to see the folder." Scenario: insufficient authorization @@ -30,7 +30,8 @@ Scenario: insufficient authorization And user 9877 has access token "2345678" When user with token "2345678" wants to see the content of folder with path "bla" Then response status code is 400 - And response message contains "Folder does not exist, or you are not allowed to see the folder." + And response contains key "message" and value "Folder does not exist, or you are not allowed to see the folder." + Scenario: shared file Given "folder" exists with id 43 and path "bla" diff --git a/src/test/cucumber/de/filefighter/rest/crudPermissions.feature b/src/test/cucumber/de/filefighter/rest/crudPermissions.feature index 75d34700..22ca4f1a 100644 --- a/src/test/cucumber/de/filefighter/rest/crudPermissions.feature +++ b/src/test/cucumber/de/filefighter/rest/crudPermissions.feature @@ -48,14 +48,14 @@ Scenario: removing not existing permission And user 9877 has no permission for "file" with id 111 When user with token "900000" wants to remove permissions of "file" with id 111 for user 9877 Then response status code is 400 - Then response message contains "Couldn't remove permission that does not exit." + And response contains key "message" and value "Couldn't remove permission that does not exit." Scenario Outline: Successful interaction adding new permission Given "" exists with id and path "" And user 1234 is owner of file or folder with id And user 9877 has no permission for "" with id - When user with token "900000" wants to add permissions of "" with id for user 9877 for "" + When user with token "900000" wants to give "" permission for "" with id to user 9877 Then response status code is 200 And user 9877 has permission of "" for "" with id Examples: @@ -70,29 +70,29 @@ Scenario: User is not owner of file Given "file" exists with id 111 and path "bla.txt" And user 3131 exists And user 9877 is owner of file or folder with id 111 - When user with token "900000" wants to add permissions of "file" with id 111 for user 3131 for "edit" + When user with token "900000" wants to give "edit" permission for "file" with id 111 to user 3131 Then response status code is 403 - And response message contains "User with id 1234 is not owner of file with id 111." + And response contains key "message" and value "User with id 1234 is not owner of file with id 111." Scenario: User does not exist Given "file" exists with id 111 and path "bla.txt" And user 1234 is owner of file or folder with id 111 - When user with token "900000" wants to add permissions of "file" with id 111 for user 3131 for "edit" + When user with token "900000" wants to give "edit" permission for "file" with id 111 to user 3131 Then response status code is 404 - And response message contains "User 3131 does not exist." + And response contains key "message" and value "User 3131 does not exist." Scenario: File does not exist And user 1234 is owner of file or folder with id 111 - When user with token "900000" wants to add permissions of "file" with id 111 for user 9877 for "edit" + When user with token "900000" wants to give "edit" permission for "file" with id 111 to user 9877 Then response status code is 404 - And response message contains "No File with id 111 found." + And response contains key "message" and value "No File with id 111 found." Scenario: User is already owner Given "file" exists with id 111 and path "bla.txt" And user 1234 is owner of file or folder with id 111 - When user with token "900000" wants to add permissions of "file" with id 111 for user 1234 for "edit" + When user with token "900000" wants to give "edit" permission for "file" with id 111 to user 1234 Then response status code is 405 - And response message contains "User with id 1234 is already owner of file with id 111." \ No newline at end of file + And response contains key "message" and value "User with id 1234 is already owner of file with id 111." \ No newline at end of file diff --git a/src/test/java/de/filefighter/rest/RestApplicationIntegrationTests.java b/src/test/java/de/filefighter/rest/RestApplicationIntegrationTest.java similarity index 96% rename from src/test/java/de/filefighter/rest/RestApplicationIntegrationTests.java rename to src/test/java/de/filefighter/rest/RestApplicationIntegrationTest.java index 236434a7..46c20a77 100644 --- a/src/test/java/de/filefighter/rest/RestApplicationIntegrationTests.java +++ b/src/test/java/de/filefighter/rest/RestApplicationIntegrationTest.java @@ -11,7 +11,7 @@ import static org.assertj.core.api.Assertions.assertThat; @SpringBootTest -class RestApplicationIntegrationTests { +class RestApplicationIntegrationTest { @Autowired SystemHealthRestController healthController; diff --git a/src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java b/src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java new file mode 100644 index 00000000..7dba534f --- /dev/null +++ b/src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java @@ -0,0 +1,47 @@ +package de.filefighter.rest.cucumber; + +import io.cucumber.java.en.And; +import io.cucumber.java.en.Given; +import io.cucumber.java.en.Then; + +public class CommonCucumberSteps extends CucumberIntegrationTest { + + @Given("database is empty") + public void databaseIsEmpty() { + } + + @And("user {long} exists") + public void userExists(long userId) { + } + + @And("user {long} has access token {string}") + public void userHasAccessToken(long userId, String accessTokenValue) { + } + + @And("user with id {long} exists and has username {string}, password {string} and refreshToken {string}") + public void userWithIdExistsAndHasUsernamePasswordAndRefreshToken(long userId, String username, String password, String refreshTokenValue) { + } + + // file / folder + @Given("{string} exists with id {long} and path {string}") + public void existsWithIdAndPath(String fileOrFolder, long fsItemId, String arg2) { + } + + @And("user {long} is owner of file or folder with id {long}") + public void userIsOwnerOfFileOrFolderWithId(long userId, long fsItemId) { + } + + //key: value for json type response. + @Then("response contains key {string} and value {string}") + public void responseContainsKeyAndValue(String key, String value) { + } + + @And("response contains the user with id {long}") + public void responseContainsTheUserWithId(long userId) { + } + + @Then("response status code is {int}") + public void responseStatusCodeIs(int httpStatusCode) { + } + +} diff --git a/src/test/java/de/filefighter/rest/cucumber/CrudPermissionSteps.java b/src/test/java/de/filefighter/rest/cucumber/CrudPermissionSteps.java index 55626176..d6591ad4 100644 --- a/src/test/java/de/filefighter/rest/cucumber/CrudPermissionSteps.java +++ b/src/test/java/de/filefighter/rest/cucumber/CrudPermissionSteps.java @@ -1,64 +1,32 @@ package de.filefighter.rest.cucumber; import io.cucumber.java.en.And; -import io.cucumber.java.en.Given; -import io.cucumber.java.en.Then; import io.cucumber.java.en.When; -public class CrudPermissionSteps extends SpringIntegrationTest{ +public class CrudPermissionSteps extends CucumberIntegrationTest { - // TODO: Rearrange the steps, create Shared State Handler. - - @Given("database is empty") - public void databaseIsEmpty() { - } - - @And("user {int} exists") - public void userExists(int arg0) { - } - - @And("user {int} has access token {string}") - public void userHasAccessToken(int arg0, String arg1) { - } - - @And("user {int} has permission of {string} for {string} with id {int}") - public void userHasPermissionOfForWithIdId(int arg0, String arg1, String arg2,int arg3) { - } - - @When("user with token {string} wants to change permissions of {string} with id {int} for user with id {int} to {string}") - public void userWithTokenWantsToChangePermissionsOfWithIdIdForUserWithIdTo(String arg0, String arg1, int fileID,int arg2, String arg3) { - } - - @When("user with token {string} wants to remove permissions of {string} with id {int} for user {int}") - public void userWithTokenWantsToRemovePermissionsOfWithIdIdForUser(String arg0, String arg1,int fileID, int arg2) { - } - - @And("user with id {int} has no permission for {string} with id {int}") - public void userWithIdHasNoPermissionForWithIdId(int arg0, String arg1, int fileID) { - } - - @Given("{string} exists with id {int} and path {string}") - public void existsWithIdAndPath(String arg0, int arg1, String arg2) { + @And("user {long} has permission of {string} for {string} with id {long}") + public void userHasPermissionOfForWithIdId(long userId, String readOrWrite, String fileOrFolder, long fsItemId) { } - @And("user {int} is owner of file or folder with id {int}") - public void userIsOwnerOfFileOrFolderWithId(int arg0, int arg1) { + @When("user with token {string} wants to change permissions of {string} with id {long} for user with id {long} to {string}") + public void userWithTokenWantsToChangePermissionsOfWithIdIdForUserWithIdTo(String accessTokenValue, String fileOrFolder, long fsItemId, long userId, String newPermission) { } - @And("user {int} has no permission for {string} with id {int}") - public void userHasNoPermissionForWithId(int arg0, String arg1, int arg2) { + @When("user with token {string} wants to remove permissions of {string} with id {long} for user {long}") + public void userWithTokenWantsToRemovePermissionsOfWithIdIdForUser(String accessTokenValue, String fileOrFolder, long fsItemId, long userId) { } - @Then("response status code is {int}") - public void responseStatusCodeIs(int arg0) { + @And("user with id {long} has no permission for {string} with id {long}") + public void userWithIdHasNoPermissionForWithIdId(long userId, String fileOrFolder, long fsItemId) { } - @Then("response message contains {string}") - public void responseMessageContains(String arg0) { + @And("user {long} has no permission for {string} with id {long}") + public void userHasNoPermissionForWithId(long userId, String fileOrFolder, long fsItemId) { } - @When("user with token {string} wants to add permissions of {string} with id {int} for user {int} for {string}") - public void userWithTokenWantsToAddPermissionsOfWithIdForUserFor(String arg0, String arg1, int arg2, int arg3, String arg4) { + @When("user with token {string} wants to give {string} permission for {string} with id {long} to user {long}") + public void userWithTokenWantsToAddPermissionsOfWithIdForUserFor(String accessTokenValue, String permission, String fileOrFolder, long fsItemId, long userId) { } } diff --git a/src/test/java/de/filefighter/rest/cucumber/CucumberIntegrationTest.java b/src/test/java/de/filefighter/rest/cucumber/CucumberIntegrationTest.java index 28ff7916..a1de13f8 100644 --- a/src/test/java/de/filefighter/rest/cucumber/CucumberIntegrationTest.java +++ b/src/test/java/de/filefighter/rest/cucumber/CucumberIntegrationTest.java @@ -2,9 +2,13 @@ import io.cucumber.junit.Cucumber; import io.cucumber.junit.CucumberOptions; +import io.cucumber.spring.CucumberContextConfiguration; import org.junit.runner.RunWith; +import org.springframework.boot.test.context.SpringBootTest; +@CucumberContextConfiguration +@SpringBootTest @RunWith(Cucumber.class) @CucumberOptions(features = "src/test/cucumber/de/filefighter/rest/") public class CucumberIntegrationTest { -} +} \ No newline at end of file diff --git a/src/test/java/de/filefighter/rest/cucumber/SpringIntegrationTest.java b/src/test/java/de/filefighter/rest/cucumber/SpringIntegrationTest.java deleted file mode 100644 index fdf4f0c6..00000000 --- a/src/test/java/de/filefighter/rest/cucumber/SpringIntegrationTest.java +++ /dev/null @@ -1,9 +0,0 @@ -package de.filefighter.rest.cucumber; - -import io.cucumber.spring.CucumberContextConfiguration; -import org.springframework.boot.test.context.SpringBootTest; - -@CucumberContextConfiguration -@SpringBootTest -public class SpringIntegrationTest { -} \ No newline at end of file diff --git a/src/test/java/de/filefighter/rest/cucumber/UserAuthorizationSteps.java b/src/test/java/de/filefighter/rest/cucumber/UserAuthorizationSteps.java index c8af8753..9ec09598 100644 --- a/src/test/java/de/filefighter/rest/cucumber/UserAuthorizationSteps.java +++ b/src/test/java/de/filefighter/rest/cucumber/UserAuthorizationSteps.java @@ -4,40 +4,23 @@ import io.cucumber.java.en.Then; import io.cucumber.java.en.When; -public class UserAuthorizationSteps { - @And("user with id {int} exists and has username {string}, password {string} and refreshToken {string}") - public void userWithIdExistsAndHasUsernamePasswordAndRefreshToken(int arg0, String arg1, String arg2, String arg3) { - } - - @When("user requests login with username {string} and password {string}") - public void userRequestsLoginWithUsernameAndPassword(String arg0, String arg1) { - } - - @Then("response contains key {string} and value {string}") - public void responseContainsKeyAndValue(String arg0, String arg1) { - } +import static org.junit.jupiter.api.Assertions.assertTrue; - @And("response contains the user with id {int}") - public void responseContainsTheUserWithId(int arg0) { - } +public class UserAuthorizationSteps extends CucumberIntegrationTest { - @And("response status contains {string}") - public void responseStatusContains(String arg0) { - } - - @When("user requests accessToken with refreshToken {string} and userId {int}") - public void userRequestsAccessTokenWithRefreshTokenAndUserId(String arg0, int arg1) { + @When("user requests login with username {string} and password {string}") + public void userRequestsLoginWithUsernameAndPassword(String username, String password) { } - @Then("response contains key {string} and value {int}") - public void responseContainsKeyAndValue(String arg0, int arg1) { + @When("user requests accessToken with refreshToken {string} and userId {long}") + public void userRequestsAccessTokenWithRefreshTokenAndUserId(String refreshTokenValue, long userId) { } @And("response contains valid accessToken") public void responseContainsValidAccessToken() { } - @When("user requests userInfo with accessToken {string} and userId {int}") - public void userRequestsUserInfoWithAccessTokenAndUserId(String arg0, int arg1) { + @When("user requests userInfo with accessToken {string} and userId {long}") + public void userRequestsUserInfoWithAccessTokenAndUserId(String accessTokenValue, long userId) { } } diff --git a/src/test/java/de/filefighter/rest/cucumber/ViewFolderContentsSteps.java b/src/test/java/de/filefighter/rest/cucumber/ViewFolderContentsSteps.java index 0762af33..d803bc06 100644 --- a/src/test/java/de/filefighter/rest/cucumber/ViewFolderContentsSteps.java +++ b/src/test/java/de/filefighter/rest/cucumber/ViewFolderContentsSteps.java @@ -1,21 +1,15 @@ package de.filefighter.rest.cucumber; import io.cucumber.java.en.And; -import io.cucumber.java.en.Given; -import io.cucumber.java.en.Then; import io.cucumber.java.en.When; -public class ViewFolderContentsSteps extends SpringIntegrationTest{ +public class ViewFolderContentsSteps extends CucumberIntegrationTest { @When("user with token {string} wants to see the content of folder with path {string}") - public void userWithTokenWantsToSeeTheContentOfFolderWithPath(String arg0, String arg1) { + public void userWithTokenWantsToSeeTheContentOfFolderWithPath(String accessTokenValue, String path) { } - @And("the response contains the file with id {int} and name {string}") - public void theResponseContainsTheFileWithIdAndName(int arg0, String arg1) { - } - - @And("in the response the file with id {int} has true for the property public") - public void inTheResponseTheFileWithIdHasTrueForThePropertyPublic(int arg0) { + @And("the response contains the file with id {long} and name {string}") + public void theResponseContainsTheFileWithIdAndName(long fsItemId , String name) { } @And("the response contains an empty list for files and folders")