]> git.aero2k.de Git - tmp/jakarta-migration.git/commitdiff
projects / tmp / jakarta-migration.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6bb115f)
DRYD-22: Add XmlReplay tests.
authorRay Lee <rhlee@berkeley.edu>
Wed, 20 Jul 2016 17:59:20 +0000 (10:59 -0700)
committerRay Lee <rhlee@berkeley.edu>
Fri, 22 Jul 2016 23:48:10 +0000 (16:48 -0700)
services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplay.java patch | blob | history
services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplayTransport.java patch | blob | history
services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth.xml [new file with mode: 0644] patch | blob
services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/password-grant-admin.txt [new file with mode: 0644] patch | blob
services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/password-grant-bad-password.txt [new file with mode: 0644] patch | blob
services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/refresh-token-grant.txt [new file with mode: 0644] patch | blob
services/IntegrationTests/src/test/resources/test-data/xmlreplay/xml-replay-master.xml patch | blob | history

diff --git a/services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplay.java b/services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplay.java
index 7c042acb2fbed460f3cc256ffba9dafcf0154ebc..2a58de2cc30433206858400528b891e2c9d44ca3 100644 (file)
--- a/services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplay.java
+++ b/services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplay.java
@@ -566,11 +566,28 @@ public class XmlReplay {
                     String testID = testNode.valueOf("@ID");
                     String testIDLabel = Tools.notEmpty(testID) ? (testGroupID+'.'+testID) : (testGroupID+'.'+testElementIndex);
                     String method = testNode.valueOf("method");
+                    String contentType = testNode.valueOf("contentType");
                     String uri = testNode.valueOf("uri");
                     String fullURL = Tools.glue(protoHostPort, "/", uri);
 
+                    if (contentType == null || contentType.equals("")) {
+                        contentType = XmlReplayTransport.APPLICATION_XML;
+                    }
+                    
+                    String currentAuthForTest = null;
                     String authIDForTest = testNode.valueOf("@auth");
-                    String currentAuthForTest = authsMap.map.get(authIDForTest);
+                    
+                    if (Tools.notEmpty(authIDForTest)){
+                        currentAuthForTest = authsMap.map.get(authIDForTest);
+                    }
+                    else {
+                        String tokenAuthExpression = testNode.valueOf("@tokenauth");
+                        
+                        if (Tools.notEmpty(tokenAuthExpression)){
+                            currentAuthForTest = "Bearer " + evalStruct.eval(tokenAuthExpression, serviceResultsMap, null, jexl, jc);
+                        }
+                    }
+                    
                     if (Tools.notEmpty(currentAuthForTest)){
                         authForTest = currentAuthForTest; //else just run with current from last loop;
                     }
@@ -619,7 +636,7 @@ public class XmlReplay {
                         if (parts.varsList.size()>0){
                             vars = parts.varsList.get(0);
                         }
-                        serviceResult = XmlReplayTransport.doPOST_PUTFromXML(parts.responseFilename, vars, protoHostPort, uri, method, XmlReplayTransport.APPLICATION_XML, evalStruct, authForTest, testIDLabel);
+                        serviceResult = XmlReplayTransport.doPOST_PUTFromXML(parts.responseFilename, vars, protoHostPort, uri, method, contentType, evalStruct, authForTest, testIDLabel);
                         if (vars!=null) {
                             serviceResult.addVars(vars);
                         }
diff --git a/services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplayTransport.java b/services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplayTransport.java
index 0cf0cd4d363a35f6f48c9c17bad08968db4ef33c..efd9cbed4a51cb33805774fa60f1d85f67c53b66 100644 (file)
--- a/services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplayTransport.java
+++ b/services/IntegrationTests/src/main/java/org/collectionspace/services/IntegrationTests/xmlreplay/XmlReplayTransport.java
@@ -51,6 +51,14 @@ public class XmlReplayTransport {
         private static String DD = "--";
         private static String CRLF = "\r\n";
 
+    private static String formatAuth(String authForTest) {
+        if (authForTest.startsWith("Bearer ")) {
+            return authForTest;
+        }
+        
+        return ("Basic " + authForTest);
+    }
+    
     public static ServiceResult doGET(String urlString, String authForTest, String fromTestID) throws Exception {
         ServiceResult pr = new ServiceResult();
         pr.fromTestID = fromTestID;
@@ -64,7 +72,7 @@ public class XmlReplayTransport {
         GetMethod getMethod = new GetMethod(urlString);
         getMethod.addRequestHeader("Accept", "multipart/mixed");
         getMethod.addRequestHeader("Accept", "application/xml");
-        getMethod.setRequestHeader("Authorization", "Basic " + authForTest); //"dGVzdDp0ZXN0");
+        getMethod.setRequestHeader("Authorization", formatAuth(authForTest)); //"dGVzdDp0ZXN0");
         getMethod.setRequestHeader("X-XmlReplay-fromTestID", fromTestID);
         try {
             int statusCode1 = client.executeMethod(getMethod);
@@ -101,7 +109,7 @@ public class XmlReplayTransport {
         DeleteMethod deleteMethod = new DeleteMethod(urlString);
         deleteMethod.setRequestHeader("Accept", "multipart/mixed");
         deleteMethod.addRequestHeader("Accept", "application/xml");
-        deleteMethod.setRequestHeader("Authorization", "Basic " + authForTest);
+        deleteMethod.setRequestHeader("Authorization", formatAuth(authForTest));
         deleteMethod.setRequestHeader("X-XmlReplay-fromTestID", fromTestID);
         int statusCode1 = 0;
         String res = "";
@@ -222,7 +230,7 @@ public class XmlReplayTransport {
                 conn.setRequestProperty("Accept", "application/xml");
                 conn.setRequestProperty("content-type", contentType);
             }
-            conn.setRequestProperty("Authorization", "Basic " + authForTest);  //TODO: remove test user : hard-coded as "dGVzdDp0ZXN0"
+            conn.setRequestProperty("Authorization", formatAuth(authForTest));  //TODO: remove test user : hard-coded as "dGVzdDp0ZXN0"
             conn.setRequestProperty("Connection", "close");
             conn.setRequestProperty("X-XmlReplay-fromTestID", fromTestID);
             conn.setDoOutput(true);
@@ -278,7 +286,7 @@ public class XmlReplayTransport {
             PostMethod postMethod = new PostMethod(urlString);
             postMethod.setRequestHeader("Accept", "multipart/mixed");
             postMethod.addRequestHeader("Accept", "application/xml");
-            postMethod.setRequestHeader("Authorization", "Basic " + authForTest);
+            postMethod.setRequestHeader("Authorization", formatAuth(authForTest));
             postMethod.setRequestHeader("X-XmlReplay-fromTestID", fromTestID);
             //this method takes an array of params.  Not sure what they expect us to do with a raw post:
             //   postMethod.setRequestBody();
diff --git a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth.xml b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth.xml
new file mode 100644 (file)
index 0000000..f54773b
--- /dev/null
+++ b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xmlReplay>
+    <auths>
+        <!-- IMPORTANT: THESE ARE STICKY :: THEY STICK AROUND UNTIL RESET, IN EXEC ORDER OF THIS FILE. -->
+        <auth ID="cspace-ui">Y3NwYWNlLXVpOg==</auth> <!-- cspace-ui: -->
+        <auth ID="bad">w3NwaWNlLXVpOg==</auth>
+    </auths>
+    
+    <testGroup ID="tokenGranting">
+        <!-- GET, PUT, and DELETE requests should not be supported -->
+        <test ID="tokenGet" auth="cspace-ui">
+            <method>GET</method>
+            <uri>/cspace-services/oauth/token</uri>
+            <expectedCodes>405</expectedCodes>
+        </test>
+        <test ID="tokenPut" auth="cspace-ui">
+            <method>PUT</method>
+            <contentType>application/x-www-form-urlencoded</contentType>
+            <uri>/cspace-services/oauth/token</uri>
+            <filename>security-oauth/password-grant-admin.txt</filename>
+            <expectedCodes>405</expectedCodes>
+        </test>
+        <test ID="tokenDelete" auth="cspace-ui">
+            <method>DELETE</method>
+            <uri>/cspace-services/oauth/token</uri>
+            <expectedCodes>405</expectedCodes>
+        </test>
+        <!-- POST should fail when client credentials are incorrect -->
+        <test ID="tokenPostBadClientCreds" auth="bad">
+            <method>POST</method>
+            <contentType>application/x-www-form-urlencoded</contentType>
+            <uri>/cspace-services/oauth/token</uri>
+            <filename>security-oauth/password-grant-admin.txt</filename>
+            <expectedCodes>401</expectedCodes>
+        </test>
+        <!-- POST should when user credentials are incorrect -->
+        <test ID="tokenPostBadUserCreds" auth="cspace-ui">
+            <method>POST</method>
+            <contentType>application/x-www-form-urlencoded</contentType>
+            <uri>/cspace-services/oauth/token</uri>
+            <filename>security-oauth/password-grant-bad-password.txt</filename>
+            <expectedCodes>400</expectedCodes>
+        </test>
+        <!-- Token grant should succeed -->
+        <test ID="tokenPostSuccess" auth="cspace-ui">
+            <method>POST</method>
+            <contentType>application/x-www-form-urlencoded</contentType>
+            <uri>/cspace-services/oauth/token</uri>
+            <filename>security-oauth/password-grant-admin.txt</filename>
+            <expectedCodes>200</expectedCodes>
+        </test>
+    </testGroup>
+    
+    <testGroup ID="tokenUsage">
+        <!-- Token grant with password should succeed-->
+        <test ID="tokenGrant" auth="cspace-ui">
+            <method>POST</method>
+            <contentType>application/x-www-form-urlencoded</contentType>
+            <uri>/cspace-services/oauth/token</uri>
+            <filename>security-oauth/password-grant-admin.txt</filename>
+            <expectedCodes>200</expectedCodes>
+        </test>
+        <!-- Getting a resource with the granted access token should succeed -->
+        <test ID="getWithToken" tokenauth='${tokenGrant.got("//access_token")}'>
+            <method>GET</method>
+            <uri>/cspace-services/collectionobjects</uri>
+            <expectedCodes>200</expectedCodes>
+        </test>
+        <!-- Posting a resource with the granted access token should succeed -->
+        <test ID="postWithToken" tokenauth='${tokenGrant.got("//access_token")}'>
+            <method>POST</method>
+            <uri>/cspace-services/collectionobjects</uri>
+            <filename>collectionobject/co1.xml</filename>
+            <expectedCodes>200,201</expectedCodes>
+        </test>
+        <!-- Getting a resource with a forged token should fail -->
+        <test ID="getWithForgedToken" tokenauth='${tokenGrant.got("//access_token")}xyz'>
+            <method>GET</method>
+            <uri>/cspace-services/collectionobjects</uri>
+            <expectedCodes>401</expectedCodes>
+        </test>
+        <!-- Getting a resource with a refresh token should fail -->
+        <test ID="getWithBadToken" tokenauth='${tokenGrant.got("//refresh_token")}'>
+            <method>GET</method>
+            <uri>/cspace-services/collectionobjects</uri>
+            <expectedCodes>401</expectedCodes>
+        </test>
+        <!-- Getting a new access token with the refresh token should succeed -->
+        <test ID="refreshTokenGrant" auth="cspace-ui">
+            <method>POST</method>
+            <contentType>application/x-www-form-urlencoded</contentType>
+            <uri>/cspace-services/oauth/token</uri>
+            <filename>security-oauth/refresh-token-grant.txt</filename>
+            <expectedCodes>200</expectedCodes>
+        </test>
+        <!-- Posting a resource with the new access token should succeed -->
+        <test ID="postWithNewToken" tokenauth='${refreshTokenGrant.got("//access_token")}'>
+            <method>POST</method>
+            <uri>/cspace-services/collectionobjects</uri>
+            <filename>collectionobject/co1.xml</filename>
+            <expectedCodes>200,201</expectedCodes>
+        </test>
+    </testGroup>
+</xmlReplay>
diff --git a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/password-grant-admin.txt b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/password-grant-admin.txt
new file mode 100644 (file)
index 0000000..0bf3069
--- /dev/null
+++ b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/password-grant-admin.txt
@@ -0,0 +1 @@
+grant_type=password&username=admin@core.collectionspace.org&password=Administrator
\ No newline at end of file
diff --git a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/password-grant-bad-password.txt b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/password-grant-bad-password.txt
new file mode 100644 (file)
index 0000000..1a5022c
--- /dev/null
+++ b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/password-grant-bad-password.txt
@@ -0,0 +1 @@
+grant_type=password&username=admin@core.collectionspace.org&password=NotThePassword
\ No newline at end of file
diff --git a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/refresh-token-grant.txt b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/refresh-token-grant.txt
new file mode 100644 (file)
index 0000000..0b951ea
--- /dev/null
+++ b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security-oauth/refresh-token-grant.txt
@@ -0,0 +1 @@
+grant_type=refresh_token&refresh_token=${tokenGrant.got("//refresh_token")}
\ No newline at end of file
diff --git a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/xml-replay-master.xml b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/xml-replay-master.xml
index 26f4e37068b33c35cffcf1e86749ba856ee75dc2..7ed8392e3067b125a08efaa8f32a026651c38b51 100644 (file)
--- a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/xml-replay-master.xml
+++ b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/xml-replay-master.xml
@@ -12,6 +12,7 @@
     
     
     
+    <run controlFile="./security-oauth.xml" />
     <run controlFile="./security.xml" testGroup="deleteBug" />
     <run controlFile="objectexit/object-exit.xml" testGroup="makeone" />
     <run controlFile="objectexit/object-exit.xml" testGroup="checkList" />