diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/api/access/mgt/APIAccessManagementBaseTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/api/access/mgt/APIAccessManagementBaseTestCase.java new file mode 100644 index 00000000000..114b73a2e52 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/api/access/mgt/APIAccessManagementBaseTestCase.java @@ -0,0 +1,123 @@ +package org.wso2.identity.integration.test.api.access.mgt; + +import org.apache.commons.codec.binary.Base64; +import org.apache.http.HttpResponse; +import org.apache.http.client.HttpClient; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.entity.StringEntity; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.json.JSONArray; +import org.json.JSONException; +import org.json.JSONObject; +import org.testng.annotations.AfterClass; +import org.testng.annotations.AfterMethod; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.BeforeMethod; +import org.wso2.carbon.automation.engine.context.AutomationContext; +import org.wso2.carbon.automation.engine.context.TestUserMode; +import org.wso2.carbon.identity.application.common.model.APIResource; +import org.wso2.carbon.identity.application.common.model.Scope; +import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; +import org.wso2.identity.integration.test.rest.api.common.RESTTestBase; + +import java.io.IOException; + +import javax.xml.xpath.XPathExpressionException; + +public class APIAccessManagementBaseTestCase extends RESTTestBase { + + public static final String SERVER_URL = "https://localhost:9853"; + public static final String API_RESOURCE_ENDPOINT = "/api/server/v1/api-resources"; + public static final String SCOPE_PATH = "/scopes"; + + public static final String API_RESOURCE_SCOPE_ENDPOINT = "/api/server/v1/scopes"; + public static final String APPLICATION_ENDPOINT = "/api/server/v1/applications"; + public static final String BUSINESS_API_FILTER_QUERY = "?filter=type+eq+BUSINESS"; + public static final String API_ID_ATTRIBUTE = "id"; + public static final String API_NAME_ATTRIBUTE = "name"; + public static final String API_DESCRIPTION_ATTRIBUTE = "description"; + public static final String API_IDENTIFIER_ATTRIBUTE = "identifier"; + public static final String API_IS_REQUIRED_AUTHORIZATION_ATTRIBUTE = "requiresAuthorization"; + public static final String API_SCOPE_ATTRIBUTE = "scopes"; + public static final String API_SCOPE_ID_ATTRIBUTE = "id"; + public static final String API_SCOPE_NAME_ATTRIBUTE = "name"; + public static final String API_SCOPE_DISPLAY_NAME_ATTRIBUTE = "displayName"; + public static final String API_SCOPE_DESCRIPTION_ATTRIBUTE = "description"; + public static final String ADDED_SCOPE_ATTRIBUTE = "addedScopes"; + + + protected CloseableHttpClient client; + protected String adminUsername; + protected String password; + protected String tenant; + + private ServerConfigurationManager serverConfigurationManager; + + public APIAccessManagementBaseTestCase(TestUserMode userMode) throws XPathExpressionException { + + AutomationContext context = new AutomationContext("IDENTITY", userMode); + this.adminUsername = context.getContextTenant().getTenantAdmin().getUserName(); + this.password = context.getContextTenant().getTenantAdmin().getPassword(); + this.tenant = context.getContextTenant().getDomain(); + } + + @BeforeMethod(alwaysRun = true) + public void initTest() throws Exception { + + client = HttpClients.createDefault(); + + } + + @AfterMethod(alwaysRun = true) + public void concludeTest() throws Exception { + + client.close(); + } + + protected HttpResponse createAPIResource(APIResource apiResource) throws JSONException, IOException { + + HttpPost request = new HttpPost(SERVER_URL + API_RESOURCE_ENDPOINT); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + JSONObject rootObject = new JSONObject(); + rootObject.put(API_NAME_ATTRIBUTE, apiResource.getName()); + rootObject.put(API_IDENTIFIER_ATTRIBUTE, apiResource.getIdentifier()); + rootObject.put(API_DESCRIPTION_ATTRIBUTE, apiResource.getDescription()); + rootObject.put(API_IS_REQUIRED_AUTHORIZATION_ATTRIBUTE, apiResource.isAuthorizationRequired()); + JSONArray scopeArray = new JSONArray(); + for (Scope scope : apiResource.getScopes()) { + JSONObject scopeObject = new JSONObject(); + scopeObject.put(API_SCOPE_NAME_ATTRIBUTE, scope.getName()); + scopeObject.put(API_SCOPE_DISPLAY_NAME_ATTRIBUTE, scope.getDisplayName()); + scopeObject.put(API_SCOPE_DESCRIPTION_ATTRIBUTE, scope.getDescription()); + scopeArray.put(scopeObject); + } + rootObject.put(API_SCOPE_ATTRIBUTE, scopeArray); + StringEntity entity = new StringEntity(rootObject.toString()); + request.setEntity(entity); + return client.execute(request); + } + + protected HttpResponse getAPIResource(String apiId) throws IOException { + + HttpGet request = new HttpGet(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiId); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + return client.execute(request); + } + + protected HttpResponse getAPIScopes(String apiId) throws IOException { + + HttpGet request = new HttpGet(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiId + SCOPE_PATH); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + return client.execute(request); + } + + protected String getAuthzHeader() { + + return "Basic " + Base64.encodeBase64String((adminUsername + ":" + password).getBytes()).trim(); + } +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/api/access/mgt/APIResourceManagementFailureTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/api/access/mgt/APIResourceManagementFailureTestCase.java new file mode 100644 index 00000000000..69137842669 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/api/access/mgt/APIResourceManagementFailureTestCase.java @@ -0,0 +1,140 @@ +package org.wso2.identity.integration.test.api.access.mgt; + +import io.netty.util.internal.StringUtil; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpPut; +import org.apache.http.entity.StringEntity; +import org.apache.http.util.EntityUtils; +import org.json.JSONException; +import org.json.JSONObject; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Factory; +import org.testng.annotations.Test; +import org.wso2.carbon.automation.engine.context.TestUserMode; +import org.wso2.carbon.identity.application.common.model.APIResource; +import org.wso2.carbon.identity.application.common.model.Scope; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; + +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNotNull; + +public class APIResourceManagementFailureTestCase extends APIAccessManagementBaseTestCase { + + private static final String API_1_NAME = "Files API"; + private static final String API_1_DESCRIPTION = "This is a test API created by an integration test"; + private static final String API_1_IDENTIFIER = "/files"; + private static final boolean API_REQUIRES_AUTHORIZATION = true; + private static final String SCOPE_1_DISPLAY_NAME = "Read Files"; + private static final String SCOPE_1_DESCRIPTION = "Read all the files in the system"; + + @BeforeClass(alwaysRun = true) + public void init() throws Exception { + + super.init(); + } + + @AfterClass(alwaysRun = true) + public void testConclude() { + + super.conclude(); + } + + @DataProvider(name = "APIResourceMgtConfigProvider") + public static Object[][] APIResourceMgtConfigProvider() { + + return new Object[][]{ + {TestUserMode.SUPER_TENANT_ADMIN} + }; + } + + @Factory(dataProvider = "APIResourceMgtConfigProvider") + public APIResourceManagementFailureTestCase(TestUserMode userMode) throws Exception { + + super(userMode); + } + + @Test(priority = 0) + public void testAddAPIWithInvalidScope() throws JSONException, IOException { + + List scopeList = new ArrayList<>(); + + Scope scope1 = new Scope.ScopeBuilder() + .name(null) + .displayName(SCOPE_1_DISPLAY_NAME) + .description(SCOPE_1_DESCRIPTION) + .build(); + + scopeList.add(scope1); + + APIResource apiResource = new APIResource.APIResourceBuilder() + .name(API_1_NAME) + .identifier(API_1_IDENTIFIER) + .description(API_1_DESCRIPTION) + .requiresAuthorization(API_REQUIRES_AUTHORIZATION) + .scopes(scopeList) + .build(); + + HttpResponse response = createAPIResource(apiResource); + assertNotNull(response, "API resource creation request failed"); + assertEquals(response.getStatusLine().getStatusCode(), 400, "Expected status code not received"); + } + + @Test(priority = 1) + public void testAddInvalidAPIResource() throws JSONException, IOException { + + APIResource apiResource = new APIResource.APIResourceBuilder() + .name(API_1_NAME) + .identifier(null) + .description(API_1_DESCRIPTION) + .requiresAuthorization(API_REQUIRES_AUTHORIZATION) + .scopes(new ArrayList<>()) + .build(); + + HttpResponse response = createAPIResource(apiResource); + assertNotNull(response, "API resource creation request failed"); + assertEquals(response.getStatusLine().getStatusCode(), 400, "Expected status code not received"); + } + + @Test(priority = 2) + public void testPutInvalidScope() throws JSONException, IOException { + + APIResource apiResource = new APIResource.APIResourceBuilder() + .name(API_1_NAME) + .identifier(API_1_IDENTIFIER) + .description(API_1_DESCRIPTION) + .requiresAuthorization(API_REQUIRES_AUTHORIZATION) + .scopes(new ArrayList<>()) + .build(); + HttpResponse response = createAPIResource(apiResource); + assertNotNull(response, "API resource creation request failed"); + assertEquals(response.getStatusLine().getStatusCode(), 201, "Expected status code not received"); + JSONObject responseObj = new JSONObject(EntityUtils.toString(response.getEntity())); + EntityUtils.consume(response.getEntity()); + String apiResourceId = responseObj.getString(API_ID_ATTRIBUTE); + + HttpPut request = getHttpPut(apiResourceId); + response = client.execute(request); + assertNotNull(response, "API resource update request failed"); + assertEquals(response.getStatusLine().getStatusCode(), 400, "Expected status code not received"); + } + + private HttpPut getHttpPut(String apiResourceId) throws JSONException, UnsupportedEncodingException { + HttpPut request = new HttpPut(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiResourceId + "/" + SCOPE_PATH); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + JSONObject scopeObject = new JSONObject(); + scopeObject.put(API_SCOPE_NAME_ATTRIBUTE, StringUtil.EMPTY_STRING); + scopeObject.put(API_SCOPE_DISPLAY_NAME_ATTRIBUTE, StringUtil.EMPTY_STRING); + scopeObject.put(API_SCOPE_DESCRIPTION_ATTRIBUTE, StringUtil.EMPTY_STRING); + + StringEntity entity = new StringEntity(scopeObject.toString()); + request.setEntity(entity); + return request; + } +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/api/access/mgt/APIResourceManagementTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/api/access/mgt/APIResourceManagementTestCase.java new file mode 100644 index 00000000000..4487977e743 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/api/access/mgt/APIResourceManagementTestCase.java @@ -0,0 +1,366 @@ +package org.wso2.identity.integration.test.api.access.mgt; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpDelete; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPatch; +import org.apache.http.client.methods.HttpPut; +import org.apache.http.entity.StringEntity; +import org.apache.http.util.EntityUtils; +import org.json.JSONArray; +import org.json.JSONException; +import org.json.JSONObject; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Factory; +import org.testng.annotations.Test; +import org.wso2.carbon.automation.engine.context.TestUserMode; +import org.wso2.carbon.identity.application.common.model.APIResource; +import org.wso2.carbon.identity.application.common.model.Scope; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNotNull; + +public class APIResourceManagementTestCase extends APIAccessManagementBaseTestCase { + + private static final Log LOG = LogFactory.getLog(APIResourceManagementTestCase.class); + private static final String API_1_NAME = "Booking API"; + private static final String API_1_EDITED_NAME = "Bookings API Edited"; + private static final String API_1_DESCRIPTION = "This is a test API created by an integration test"; + private static final String API_1_DESCRIPTION_EDITED = "This is a test API created by an integration test"; + private static final String API_1_IDENTIFIER = "/bookings"; + private static final String API_2_NAME = "Flight API"; + private static final String API_2_EDITED_NAME = "Flight API Edited"; + private static final String API_2_DESCRIPTION = "This is a test API created by an integration test"; + private static final String API_2_DESCRIPTION_EDITED = "This is a test API created by an integration test"; + private static final String API_2_IDENTIFIER = "/flight"; + private static final boolean API_REQUIRES_AUTHORIZATION = true; + private static final String SCOPE_1_NAME = "read_bookings"; + private static final String SCOPE_1_DISPLAY_NAME = "Read Bookings"; + private static final String SCOPE_1_DESCRIPTION = "Read all the bookings in the system"; + private static final String SCOPE_2_NAME = "write_bookings"; + private static final String SCOPE_2_DISPLAY_NAME = "Write Bookings"; + private static final String SCOPE_2_DESCRIPTION = "Write bookings to the system"; + private static final String SCOPE_3_NAME = "delete_bookings"; + private static final String SCOPE_3_DISPLAY_NAME = "Delete Bookings"; + private static final String SCOPE_3_DESCRIPTION = "Delete bookings from the system"; + private static final String SCOPE_4_NAME = "read_flights"; + private static final String SCOPE_4_DISPLAY_NAME = "Read Flights"; + private static final String SCOPE_4_DESCRIPTION = "Read flights from the system"; + + private String apiResourceId; + private String scope1Id; + private String scope2Id; + + @BeforeClass(alwaysRun = true) + public void init() throws Exception { + + super.init(); + } + + @AfterClass(alwaysRun = true) + public void testConclude() { + + super.conclude(); + } + + @DataProvider(name = "APIResourceMgtConfigProvider") + public static Object[][] APIResourceMgtConfigProvider() { + + return new Object[][]{ + {TestUserMode.SUPER_TENANT_ADMIN} + }; + } + + @Factory(dataProvider = "APIResourceMgtConfigProvider") + public APIResourceManagementTestCase(TestUserMode userMode) throws Exception { + + super(userMode); + } + + @Test + public void testAddAPIResource() throws Exception { + + List scopeList = new ArrayList<>(); + + Scope scope1 = new Scope.ScopeBuilder() + .name(SCOPE_1_NAME) + .displayName(SCOPE_1_DISPLAY_NAME) + .description(SCOPE_1_DESCRIPTION) + .build(); + + Scope scope2 = new Scope.ScopeBuilder() + .name(SCOPE_2_NAME) + .displayName(SCOPE_2_DISPLAY_NAME) + .description(SCOPE_2_DESCRIPTION) + .build(); + + scopeList.add(scope1); + scopeList.add(scope2); + + APIResource apiResource = new APIResource.APIResourceBuilder() + .name(API_1_NAME) + .identifier(API_1_IDENTIFIER) + .description(API_1_DESCRIPTION) + .requiresAuthorization(API_REQUIRES_AUTHORIZATION) + .scopes(scopeList) + .build(); + + HttpResponse response = createAPIResource(apiResource); + assertNotNull(response, "API resource creation failed"); + assertEquals(response.getStatusLine().getStatusCode(), 201, "API resource creation failed"); + JSONObject responseObj = new JSONObject(EntityUtils.toString(response.getEntity())); + EntityUtils.consume(response.getEntity()); + apiResourceId = responseObj.getString(API_ID_ATTRIBUTE); + JSONArray scopeArray = responseObj.getJSONArray(API_SCOPE_ATTRIBUTE); + for (int i = 0; i < scopeArray.length(); i++) { + JSONObject scopeObj = (JSONObject) scopeArray.get(i); + if (scopeObj.getString(API_SCOPE_NAME_ATTRIBUTE).equals(SCOPE_1_NAME)) { + scope1Id = scopeObj.getString(API_SCOPE_ID_ATTRIBUTE); + } else if (scopeObj.getString(API_SCOPE_NAME_ATTRIBUTE).equals(SCOPE_2_NAME)) { + scope2Id = scopeObj.getString(API_SCOPE_ID_ATTRIBUTE); + } + } + HttpResponse getResponse = getAPIResource(apiResourceId); + assertNotNull(getResponse, "API resource retrieval failed"); + assertEquals(getResponse.getStatusLine().getStatusCode(), 200, "API resource retrieval failed"); + JSONObject getResponseObj = new JSONObject(EntityUtils.toString(getResponse.getEntity())); + EntityUtils.consume(getResponse.getEntity()); + assertEquals(getResponseObj.getString(API_ID_ATTRIBUTE), apiResourceId, "API resource retrieval failed"); + } + + @Test(dependsOnMethods = "testAddAPIResource") + public void testAddDuplicateAPIResource() throws JSONException, IOException { + + APIResource apiResource = new APIResource.APIResourceBuilder() + .name(API_1_NAME) + .identifier(API_1_IDENTIFIER) + .description(API_1_DESCRIPTION) + .requiresAuthorization(API_REQUIRES_AUTHORIZATION) + .scopes(new ArrayList<>()) + .build(); + + HttpResponse response = createAPIResource(apiResource); + assertNotNull(response, "API resource creation request failed"); + assertEquals(response.getStatusLine().getStatusCode(), 409, "Expected status code not received"); + } + + @Test(dependsOnMethods = "testAddDuplicateAPIResource") + public void testAddAPIWithDuplicateScope() throws JSONException, IOException { + + List scopeList = new ArrayList<>(); + + Scope scope1 = new Scope.ScopeBuilder() + .name(SCOPE_1_NAME) + .displayName(SCOPE_1_DISPLAY_NAME) + .description(SCOPE_1_DESCRIPTION) + .build(); + + scopeList.add(scope1); + + APIResource apiResource = new APIResource.APIResourceBuilder() + .name(API_1_NAME) + .identifier(API_1_IDENTIFIER) + .description(API_1_DESCRIPTION) + .requiresAuthorization(API_REQUIRES_AUTHORIZATION) + .scopes(scopeList) + .build(); + + HttpResponse response = createAPIResource(apiResource); + assertNotNull(response, "API resource creation request failed"); + assertEquals(response.getStatusLine().getStatusCode(), 409, "Expected status code not received"); + } + + @Test(dependsOnMethods = "testAddAPIResource") + public void testGetAPIResources() throws JSONException, IOException { + + HttpGet request = new HttpGet(SERVER_URL + API_RESOURCE_ENDPOINT + BUSINESS_API_FILTER_QUERY); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + HttpResponse response = client.execute(request); + assertNotNull(response, "API resource retrieval failed"); + assertEquals(response.getStatusLine().getStatusCode(), 200, "API resource retrieval failed"); + JSONObject responseObj = new JSONObject(EntityUtils.toString(response.getEntity())); + EntityUtils.consume(response.getEntity()); + JSONArray apiResourceArray = responseObj.getJSONArray("apiResources"); + assertEquals(apiResourceArray.length(), 1, "API resource count expected to be 1"); + JSONObject apiResource = apiResourceArray.getJSONObject(0); + assertEquals(apiResource.getString(API_ID_ATTRIBUTE), apiResourceId, "API resource retrieval failed"); + } + + @Test(dependsOnMethods = "testGetAPIResources") + public void testGetAPIScopes() throws IOException, JSONException { + + HttpGet request = new HttpGet(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiResourceId + SCOPE_PATH); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + HttpResponse response = null; + response = client.execute(request); + assertNotNull(response, "API scope retrieval failed"); + assertEquals(response.getStatusLine().getStatusCode(), 200, "API scope retrieval failed"); + JSONArray scopeArray = new JSONArray(EntityUtils.toString(response.getEntity())); + EntityUtils.consume(response.getEntity()); + assertEquals(scopeArray.length(), 2, "API scope count expected to be 2"); + for (int i = 0; i < scopeArray.length(); i++) { + JSONObject scopeObj = (JSONObject) scopeArray.get(i); + if (scopeObj.getString(API_SCOPE_NAME_ATTRIBUTE).equals(SCOPE_1_NAME)) { + assertEquals(scopeObj.getString(API_SCOPE_ID_ATTRIBUTE), scope1Id, "API scope retrieval failed"); + } else if (scopeObj.getString(API_SCOPE_NAME_ATTRIBUTE).equals(SCOPE_2_NAME)) { + assertEquals(scopeObj.getString(API_SCOPE_ID_ATTRIBUTE), scope2Id, "API scope retrieval failed"); + } + } + } + + @Test(dependsOnMethods = "testAddAPIResource") + public void testPatchAPIResource() throws JSONException, IOException { + + HttpPatch request = new HttpPatch(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiResourceId); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + JSONObject rootObject = new JSONObject(); + rootObject.put(API_NAME_ATTRIBUTE, API_1_EDITED_NAME); + rootObject.put(API_DESCRIPTION_ATTRIBUTE, API_1_DESCRIPTION_EDITED); + JSONArray scopeArray = new JSONArray(); + JSONObject scopeObject = new JSONObject(); + scopeObject.put(API_SCOPE_NAME_ATTRIBUTE, SCOPE_3_NAME); + scopeObject.put(API_SCOPE_DISPLAY_NAME_ATTRIBUTE, SCOPE_3_DISPLAY_NAME); + scopeObject.put(API_SCOPE_DESCRIPTION_ATTRIBUTE, SCOPE_3_DESCRIPTION); + scopeArray.put(scopeObject); + rootObject.put(ADDED_SCOPE_ATTRIBUTE, scopeArray); + StringEntity entity = new StringEntity(rootObject.toString()); + request.setEntity(entity); + HttpResponse response = client.execute(request); + assertNotNull(response, "API resource update failed"); + assertEquals(response.getStatusLine().getStatusCode(), 204, "API resource update failed"); + // Check whether the API resource is updated. + HttpResponse getResponse = getAPIResource(apiResourceId); + JSONObject responseObj = new JSONObject(EntityUtils.toString(getResponse.getEntity())); + EntityUtils.consume(response.getEntity()); + assertEquals(responseObj.getString(API_ID_ATTRIBUTE), apiResourceId, "API resource update failed"); + assertEquals(responseObj.getString(API_NAME_ATTRIBUTE), API_1_EDITED_NAME, "API resource update failed"); + assertEquals(responseObj.getString(API_DESCRIPTION_ATTRIBUTE), API_1_DESCRIPTION_EDITED, + "API resource update failed"); + JSONArray scopeResponseArray = responseObj.getJSONArray(API_SCOPE_ATTRIBUTE); + assertEquals(scopeResponseArray.length(), 3, "API scope count expected to be 3"); + for (int i = 0; i < scopeResponseArray.length(); i++) { + JSONObject scopeObj = (JSONObject) scopeResponseArray.get(i); + if (scopeObj.getString(API_SCOPE_NAME_ATTRIBUTE).equals(SCOPE_1_NAME)) { + assertEquals(scopeObj.getString(API_SCOPE_ID_ATTRIBUTE), scope1Id, "API scope retrieval failed"); + } else if (scopeObj.getString(API_SCOPE_NAME_ATTRIBUTE).equals(SCOPE_2_NAME)) { + assertEquals(scopeObj.getString(API_SCOPE_ID_ATTRIBUTE), scope2Id, "API scope retrieval failed"); + } else if (scopeObj.getString(API_SCOPE_NAME_ATTRIBUTE).equals(SCOPE_3_NAME)) { + assertEquals(scopeObj.getString(API_SCOPE_DISPLAY_NAME_ATTRIBUTE), SCOPE_3_DISPLAY_NAME, + "API scope retrieval failed"); + } + } + } + + @Test(dependsOnMethods = "testPatchAPIResource") + public void testPutScopes() throws IOException, JSONException { + + HttpPut request = new HttpPut(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiResourceId + SCOPE_PATH); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + JSONArray scopeArray = new JSONArray(); + + // Remove existing scopes from the API resource. + StringEntity entity = new StringEntity(scopeArray.toString()); + request.setEntity(entity); + HttpResponse response = client.execute(request); + assertNotNull(response, "API scope update failed"); + assertEquals(response.getStatusLine().getStatusCode(), 204, "API scope update failed"); + + // Put scopes to the API resource. + JSONObject scopeObject = new JSONObject(); + scopeObject.put(API_SCOPE_NAME_ATTRIBUTE, SCOPE_1_NAME); + scopeObject.put(API_SCOPE_DISPLAY_NAME_ATTRIBUTE, SCOPE_1_DISPLAY_NAME); + scopeObject.put(API_SCOPE_DESCRIPTION_ATTRIBUTE, SCOPE_1_DESCRIPTION); + scopeArray.put(scopeObject); + scopeObject = new JSONObject(); + scopeObject.put(API_SCOPE_NAME_ATTRIBUTE, SCOPE_2_NAME); + scopeObject.put(API_SCOPE_DISPLAY_NAME_ATTRIBUTE, SCOPE_2_DISPLAY_NAME); + scopeObject.put(API_SCOPE_DESCRIPTION_ATTRIBUTE, SCOPE_2_DESCRIPTION); + scopeArray.put(scopeObject); + + entity = new StringEntity(scopeArray.toString()); + request.setEntity(entity); + response = client.execute(request); + assertNotNull(response, "API scope update failed"); + assertEquals(response.getStatusLine().getStatusCode(), 204, "API scope update failed"); + + // Get API Scopes. + HttpResponse getResponse = getAPIScopes(apiResourceId); + JSONArray scopeResponseArray = new JSONArray(EntityUtils.toString(getResponse.getEntity())); + EntityUtils.consume(response.getEntity()); + assertEquals(scopeResponseArray.length(), 2, "API scope count expected to be 2"); + for (int i = 0; i < scopeResponseArray.length(); i++) { + JSONObject scopeObj = (JSONObject) scopeResponseArray.get(i); + if (scopeObj.getString(API_SCOPE_NAME_ATTRIBUTE).equals(SCOPE_1_NAME)) { + assertEquals(scopeObj.getString(API_SCOPE_DISPLAY_NAME_ATTRIBUTE), SCOPE_1_DISPLAY_NAME, "API scope retrieval failed"); + } else if (scopeObj.getString(API_SCOPE_NAME_ATTRIBUTE).equals(SCOPE_2_NAME)) { + assertEquals(scopeObj.getString(API_SCOPE_DISPLAY_NAME_ATTRIBUTE), SCOPE_2_DISPLAY_NAME, "API scope retrieval failed"); + } + } + } + + @Test(dependsOnMethods = "testPutScopes") + public void testPutDuplicateScopes() throws IOException, JSONException { + + Scope scope = new Scope.ScopeBuilder() + .name(SCOPE_4_NAME) + .displayName(SCOPE_4_DISPLAY_NAME) + .description(SCOPE_4_DESCRIPTION) + .build(); + HttpResponse createResponse = createAPIResource(new APIResource.APIResourceBuilder() + .name(API_2_NAME) + .identifier(API_2_IDENTIFIER) + .description(API_2_DESCRIPTION) + .requiresAuthorization(API_REQUIRES_AUTHORIZATION) + .scopes(Collections.singletonList(scope)) + .build()); + + assertNotNull(createResponse, "API resource creation failed"); + assertEquals(createResponse.getStatusLine().getStatusCode(), 201, "API resource creation failed"); + + HttpPut request = new HttpPut(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiResourceId + SCOPE_PATH); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + JSONArray scopeArray = new JSONArray(); + JSONObject scopeObject = new JSONObject(); + scopeObject.put(API_SCOPE_NAME_ATTRIBUTE, SCOPE_4_NAME); + scopeObject.put(API_SCOPE_DISPLAY_NAME_ATTRIBUTE, SCOPE_4_DISPLAY_NAME); + scopeObject.put(API_SCOPE_DESCRIPTION_ATTRIBUTE, SCOPE_4_DESCRIPTION); + scopeArray.put(scopeObject); + + StringEntity entity = new StringEntity(scopeArray.toString()); + request.setEntity(entity); + HttpResponse response = client.execute(request); + assertNotNull(response, "API scope update failed"); + assertEquals(response.getStatusLine().getStatusCode(), 409, "API scope update failed"); + } + + @Test(dependsOnMethods = "testPutScopes") + public void testDeleteScope() throws IOException, JSONException { + + HttpDelete request = new HttpDelete(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiResourceId + SCOPE_PATH + "/" + SCOPE_1_NAME); + request.setHeader("Content-Type", "application/json"); + request.setHeader("Authorization", getAuthzHeader()); + HttpResponse response = client.execute(request); + assertNotNull(response, "API scope deletion failed"); + assertEquals(response.getStatusLine().getStatusCode(), 204, "API scope deletion failed"); + + // Get API Scopes. + HttpResponse getResponse = getAPIScopes(apiResourceId); + JSONArray scopeResponseArray = new JSONArray(EntityUtils.toString(getResponse.getEntity())); + EntityUtils.consume(response.getEntity()); + assertEquals(scopeResponseArray.length(), 1, "API scope count expected to be 1"); + } +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml index 2366d96c52e..2f17efe22b5 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml @@ -27,346 +27,353 @@ - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + - - - - - - - - - - - - + + + + + + + + + + + + - - + + - - - - - + + + + + - - - - - - - - - - - + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - + + + + + + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - + + + + + + + - - - - - - - - + + + + + + + + + - + + + - To minimize the number of restarts, at each test, additional instance is started before all the tests in the - below tag and stopped at the end. - ==================================================================================================================== - --> + + + + - - - - - - - - - - - - - - + + + + + + + + + + + + + + - + + + - To minimize the number of restarts, at each test, do the configuration update and restart. Then do the test - and finally restore the configuration without restarting. The next test will perform the restart with the - configuration changes required for it. + + + - If multiple tests can be run with one configuration change, group them into a test group and do the above at - @BeforeTest, and @AfterTest. See 'is-tests-jdbc-userstore' for example. - ==================================================================================================================== - --> + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + - - + - - + +