Cucumber UserAuthorization

src/test/cucumber/de/filefighter/rest/UserAuthorization.feature

@@ -0,0 +1,44 @@
+Feature: User Authorization
+  As a user
+  I want to be able to log in with username and password, as well as verify my identity
+  when using the endpoints.
+
+Background:
+  Given database is empty
+  And user with id 1234 exists and has username "user", password "secure_password" and refreshToken "token"
+
+Scenario: Successful login with username and password.
+  When user requests login with username "user" and password "secure_password"
+  Then response contains key "refreshToken" and value "token"
+  And response status code is 200
+  And response contains the user with id 1234
+
+Scenario: Failed login with username and password.
+  When user requests login with username "user" and password "wrong_password"
+  Then response contains key "message" and value "User not authenticated."
+  And response contains key "status" and value "denied"
+  And response status code is 401
+
+Scenario: Successful retrieval of accessToken with refreshToken.
+  When user requests accessToken with refreshToken "token" and userId 1234
+  Then response contains key "userId" and value "1234"
+  And response contains valid accessToken
+  And response status code is 200
+
+Scenario: Failed retrieval of accessToken with wrong refreshToken.
+  When user requests accessToken with refreshToken "not_the_token" and userId 1234
+  Then response contains key "message" and value "User not authenticated."
+  And response contains key "status" and value "denied"
+  And response status code is 401
+
+Scenario: Successful UserInfo request with valid accessToken.
+  Given user 1234 has access token "accessToken"
+  When user requests userInfo with accessToken "accessToken" and userId 1234
+  Then response contains the user with id 1234
+  And response status code is 200
+
+Scenario: Failed UserInfo request with invalid accessToken.
+  When user requests userInfo with accessToken "notTheAccessToken" and userId 1234
+  Then response contains key "message" and value "User not authenticated."
+  And response contains key "status" and value "denied"
+  And response status code is 401

src/test/cucumber/de/filefighter/rest/ViewFolderContents.feature

@@ -22,15 +22,16 @@ Scenario: Folder does not exist
   Given user 1234 has permission of "view" for "folder" with id 42
   When user with token "900000" wants to see the content of folder with path "bla/fasel"
   Then response status code is 400
-  And response message contains "Folder does not exist, or you are not allowed to see the folder."
+  And response contains key "message" and value "Folder does not exist, or you are not allowed to see the folder."
 
 
 Scenario: insufficient authorization
   Given user 9877 exists
   And user 9877 has access token "2345678"
   When user with token "2345678" wants to see the content of folder with path "bla"
   Then response status code is 400
-  And response message contains "Folder does not exist, or you are not allowed to see the folder."
+  And response contains key "message" and value "Folder does not exist, or you are not allowed to see the folder."
+
 
 Scenario: shared file
   Given "folder" exists with id 43 and path "bla"

src/test/cucumber/de/filefighter/rest/crudPermissions.feature

@@ -48,14 +48,14 @@ Scenario: removing not existing permission
   And user 9877 has no permission for "file" with id 111
   When user with token "900000" wants to remove permissions of "file" with id 111 for user 9877
   Then response status code is 400
-  Then response message contains "Couldn't remove permission that does not exit."
+  And response contains key "message" and value "Couldn't remove permission that does not exit."
 
 
 Scenario Outline: Successful interaction adding new permission
   Given "<type>" exists with id <id> and path "<path>"
   And user 1234 is owner of file or folder with id <id>
   And user 9877 has no permission for "<type>" with id <id>
-  When user with token "900000" wants to add permissions of "<type>" with id <id> for user 9877 for "<new_permission>"
+  When user with token "900000" wants to give "<new_permission>" permission for "<type>" with id <id> to user 9877
   Then response status code is 200
   And user 9877 has permission of "<new_permission>" for "<type>" with id <id>
   Examples:
@@ -70,29 +70,29 @@ Scenario: User is not owner of file
   Given "file" exists with id 111 and path "bla.txt"
   And user 3131 exists
   And user 9877 is owner of file or folder with id 111
-  When user with token "900000" wants to add permissions of "file" with id 111 for user 3131 for "edit"
+  When user with token "900000" wants to give "edit" permission for "file" with id 111 to user 3131
   Then response status code is 403
-  And response message contains "User with id 1234 is not owner of file with id 111."
+  And response contains key "message" and value "User with id 1234 is not owner of file with id 111."
 
 
 Scenario: User does not exist
   Given "file" exists with id 111 and path "bla.txt"
   And user 1234 is owner of file or folder with id 111
-  When user with token "900000" wants to add permissions of "file" with id 111 for user 3131 for "edit"
+  When user with token "900000" wants to give "edit" permission for "file" with id 111 to user 3131
   Then response status code is 404
-  And response message contains "User 3131 does not exist."
+  And response contains key "message" and value "User 3131 does not exist."
 
 
 Scenario: File does not exist
   And user 1234 is owner of file or folder with id 111
-  When user with token "900000" wants to add permissions of "file" with id 111 for user 9877 for "edit"
+  When user with token "900000" wants to give "edit" permission for "file" with id 111 to user 9877
   Then response status code is 404
-  And response message contains "No File with id 111 found."
+  And response contains key "message" and value "No File with id 111 found."
 
 
 Scenario: User is already owner
   Given "file" exists with id 111 and path "bla.txt"
   And user 1234 is owner of file or folder with id 111
-  When user with token "900000" wants to add permissions of "file" with id 111 for user 1234 for "edit"
+  When user with token "900000" wants to give "edit" permission for "file" with id 111 to user 1234
   Then response status code is 405
-  And response message contains "User with id 1234 is already owner of file with id 111."
+  And response contains key "message" and value "User with id 1234 is already owner of file with id 111."

src/test/java/de/filefighter/rest/RestApplicationIntegrationTests.java → src/test/java/de/filefighter/rest/RestApplicationIntegrationTest.java

@@ -11,7 +11,7 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 @SpringBootTest
-class RestApplicationIntegrationTests {
+class RestApplicationIntegrationTest {
 
     @Autowired
     SystemHealthRestController healthController;

src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java

@@ -0,0 +1,47 @@
+package de.filefighter.rest.cucumber;
+
+import io.cucumber.java.en.And;
+import io.cucumber.java.en.Given;
+import io.cucumber.java.en.Then;
+
+public class CommonCucumberSteps extends CucumberIntegrationTest {
+
+    @Given("database is empty")
+    public void databaseIsEmpty() {
+    }
+
+    @And("user {long} exists")
+    public void userExists(long userId) {
+    }
+
+    @And("user {long} has access token {string}")
+    public void userHasAccessToken(long userId, String accessTokenValue) {
+    }
+
+    @And("user with id {long} exists and has username {string}, password {string} and refreshToken {string}")
+    public void userWithIdExistsAndHasUsernamePasswordAndRefreshToken(long userId, String username, String password, String refreshTokenValue) {
+    }
+
+    // file / folder
+    @Given("{string} exists with id {long} and path {string}")
+    public void existsWithIdAndPath(String fileOrFolder, long fsItemId, String arg2) {
+    }
+
+    @And("user {long} is owner of file or folder with id {long}")
+    public void userIsOwnerOfFileOrFolderWithId(long userId, long fsItemId) {
+    }
+
+    //key: value for json type response.
+    @Then("response contains key {string} and value {string}")
+    public void responseContainsKeyAndValue(String key, String value) {
+    }
+
+    @And("response contains the user with id {long}")
+    public void responseContainsTheUserWithId(long userId) {
+    }
+
+    @Then("response status code is {int}")
+    public void responseStatusCodeIs(int httpStatusCode) {
+    }
+
+}

src/test/java/de/filefighter/rest/cucumber/CrudPermissionSteps.java

@@ -1,64 +1,32 @@
 package de.filefighter.rest.cucumber;
 
 import io.cucumber.java.en.And;
-import io.cucumber.java.en.Given;
-import io.cucumber.java.en.Then;
 import io.cucumber.java.en.When;
 
-public class CrudPermissionSteps extends SpringIntegrationTest{
+public class CrudPermissionSteps extends CucumberIntegrationTest {
 
-    // TODO: Rearrange the steps, create Shared State Handler.
-
-    @Given("database is empty")
-    public void databaseIsEmpty() {
-    }
-
-    @And("user {int} exists")
-    public void userExists(int arg0) {
-    }
-
-    @And("user {int} has access token {string}")
-    public void userHasAccessToken(int arg0, String arg1) {
-    }
-
-    @And("user {int} has permission of {string} for {string} with id {int}")
-    public void userHasPermissionOfForWithIdId(int arg0, String arg1, String arg2,int arg3) {
-    }
-
-    @When("user with token {string} wants to change permissions of {string} with id {int} for user with id {int} to {string}")
-    public void userWithTokenWantsToChangePermissionsOfWithIdIdForUserWithIdTo(String arg0, String arg1, int fileID,int arg2, String arg3) {
-    }
-
-    @When("user with token {string} wants to remove permissions of {string} with id {int} for user {int}")
-    public void userWithTokenWantsToRemovePermissionsOfWithIdIdForUser(String arg0, String arg1,int fileID, int arg2) {
-    }
-
-    @And("user with id {int} has no permission for {string} with id {int}")
-    public void userWithIdHasNoPermissionForWithIdId(int arg0, String arg1, int fileID) {
-    }
-
-    @Given("{string} exists with id {int} and path {string}")
-    public void existsWithIdAndPath(String arg0, int arg1, String arg2) {
+    @And("user {long} has permission of {string} for {string} with id {long}")
+    public void userHasPermissionOfForWithIdId(long userId, String readOrWrite, String fileOrFolder, long fsItemId) {
     }
 
-    @And("user {int} is owner of file or folder with id {int}")
-    public void userIsOwnerOfFileOrFolderWithId(int arg0, int arg1) {
+    @When("user with token {string} wants to change permissions of {string} with id {long} for user with id {long} to {string}")
+    public void userWithTokenWantsToChangePermissionsOfWithIdIdForUserWithIdTo(String accessTokenValue, String fileOrFolder, long fsItemId, long userId, String newPermission) {
     }
 
-    @And("user {int} has no permission for {string} with id {int}")
-    public void userHasNoPermissionForWithId(int arg0, String arg1, int arg2) {
+    @When("user with token {string} wants to remove permissions of {string} with id {long} for user {long}")
+    public void userWithTokenWantsToRemovePermissionsOfWithIdIdForUser(String accessTokenValue, String fileOrFolder, long fsItemId, long userId) {
     }
 
-    @Then("response status code is {int}")
-    public void responseStatusCodeIs(int arg0) {
+    @And("user with id {long} has no permission for {string} with id {long}")
+    public void userWithIdHasNoPermissionForWithIdId(long userId, String fileOrFolder, long fsItemId) {
     }
 
-    @Then("response message contains {string}")
-    public void responseMessageContains(String arg0) {
+    @And("user {long} has no permission for {string} with id {long}")
+    public void userHasNoPermissionForWithId(long userId, String fileOrFolder, long fsItemId) {
     }
 
-    @When("user with token {string} wants to add permissions of {string} with id {int} for user {int} for {string}")
-    public void userWithTokenWantsToAddPermissionsOfWithIdForUserFor(String arg0, String arg1, int arg2, int arg3, String arg4) {
+    @When("user with token {string} wants to give {string} permission for {string} with id {long} to user {long}")
+    public void userWithTokenWantsToAddPermissionsOfWithIdForUserFor(String accessTokenValue, String permission, String fileOrFolder, long fsItemId, long userId) {
     }
 
 }

src/test/java/de/filefighter/rest/cucumber/CucumberIntegrationTest.java

@@ -2,9 +2,13 @@
 
 import io.cucumber.junit.Cucumber;
 import io.cucumber.junit.CucumberOptions;
+import io.cucumber.spring.CucumberContextConfiguration;
 import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
 
+@CucumberContextConfiguration
+@SpringBootTest
 @RunWith(Cucumber.class)
 @CucumberOptions(features = "src/test/cucumber/de/filefighter/rest/")
 public class CucumberIntegrationTest {
-}
+}

src/test/java/de/filefighter/rest/cucumber/UserAuthorizationSteps.java

@@ -0,0 +1,26 @@
+package de.filefighter.rest.cucumber;
+
+import io.cucumber.java.en.And;
+import io.cucumber.java.en.Then;
+import io.cucumber.java.en.When;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class UserAuthorizationSteps extends CucumberIntegrationTest {
+
+    @When("user requests login with username {string} and password {string}")
+    public void userRequestsLoginWithUsernameAndPassword(String username, String password) {
+    }
+
+    @When("user requests accessToken with refreshToken {string} and userId {long}")
+    public void userRequestsAccessTokenWithRefreshTokenAndUserId(String refreshTokenValue, long userId) {
+    }
+
+    @And("response contains valid accessToken")
+    public void responseContainsValidAccessToken() {
+    }
+
+    @When("user requests userInfo with accessToken {string} and userId {long}")
+    public void userRequestsUserInfoWithAccessTokenAndUserId(String accessTokenValue, long userId) {
+    }
+}

src/test/java/de/filefighter/rest/cucumber/ViewFolderContentsSteps.java

@@ -1,21 +1,15 @@
 package de.filefighter.rest.cucumber;
 
 import io.cucumber.java.en.And;
-import io.cucumber.java.en.Given;
-import io.cucumber.java.en.Then;
 import io.cucumber.java.en.When;
 
-public class ViewFolderContentsSteps extends SpringIntegrationTest{
+public class ViewFolderContentsSteps extends CucumberIntegrationTest {
     @When("user with token {string} wants to see the content of folder with path {string}")
-    public void userWithTokenWantsToSeeTheContentOfFolderWithPath(String arg0, String arg1) {
+    public void userWithTokenWantsToSeeTheContentOfFolderWithPath(String accessTokenValue, String path) {
     }
 
-    @And("the response contains the file with id {int} and name {string}")
-    public void theResponseContainsTheFileWithIdAndName(int arg0, String arg1) {
-    }
-
-    @And("in the response the file with id {int} has true for the property public")
-    public void inTheResponseTheFileWithIdHasTrueForThePropertyPublic(int arg0) {
+    @And("the response contains the file with id {long} and name {string}")
+    public void theResponseContainsTheFileWithIdAndName(long fsItemId , String name) {
     }
 
     @And("the response contains an empty list for files and folders")