wso2 · ThaminduR · Nov 1, 2023 · Nov 2, 2023 · Nov 2, 2023 · Nov 2, 2023
diff --git a/...va/org/wso2/identity/integration/test/api/access/mgt/APIAccessManagementBaseTestCase.java b/...va/org/wso2/identity/integration/test/api/access/mgt/APIAccessManagementBaseTestCase.java
@@ -0,0 +1,123 @@
+package org.wso2.identity.integration.test.api.access.mgt;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.BeforeMethod;
+import org.wso2.carbon.automation.engine.context.AutomationContext;
+import org.wso2.carbon.automation.engine.context.TestUserMode;
+import org.wso2.carbon.identity.application.common.model.APIResource;
+import org.wso2.carbon.identity.application.common.model.Scope;
+import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager;
+import org.wso2.identity.integration.test.rest.api.common.RESTTestBase;
+
+import java.io.IOException;
+
+import javax.xml.xpath.XPathExpressionException;
+
+public class APIAccessManagementBaseTestCase extends RESTTestBase {
+
+    public static final String SERVER_URL = "https://localhost:9853";
+    public static final String API_RESOURCE_ENDPOINT = "/api/server/v1/api-resources";
+    public static final String SCOPE_PATH = "/scopes";
+
+    public static final String API_RESOURCE_SCOPE_ENDPOINT = "/api/server/v1/scopes";
+    public static final String APPLICATION_ENDPOINT = "/api/server/v1/applications";
+    public static final String BUSINESS_API_FILTER_QUERY = "?filter=type+eq+BUSINESS";
+    public static final String API_ID_ATTRIBUTE = "id";
+    public static final String API_NAME_ATTRIBUTE = "name";
+    public static final String API_DESCRIPTION_ATTRIBUTE = "description";
+    public static final String API_IDENTIFIER_ATTRIBUTE = "identifier";
+    public static final String API_IS_REQUIRED_AUTHORIZATION_ATTRIBUTE = "requiresAuthorization";
+    public static final String API_SCOPE_ATTRIBUTE = "scopes";
+    public static final String API_SCOPE_ID_ATTRIBUTE = "id";
+    public static final String API_SCOPE_NAME_ATTRIBUTE = "name";
+    public static final String API_SCOPE_DISPLAY_NAME_ATTRIBUTE = "displayName";
+    public static final String API_SCOPE_DESCRIPTION_ATTRIBUTE = "description";
+    public static final String ADDED_SCOPE_ATTRIBUTE = "addedScopes";
+
+
+    protected CloseableHttpClient client;
+    protected String adminUsername;
+    protected String password;
+    protected String tenant;
+
+    private ServerConfigurationManager serverConfigurationManager;
+
+    public APIAccessManagementBaseTestCase(TestUserMode userMode) throws XPathExpressionException {
+
+        AutomationContext context = new AutomationContext("IDENTITY", userMode);
+        this.adminUsername = context.getContextTenant().getTenantAdmin().getUserName();
+        this.password = context.getContextTenant().getTenantAdmin().getPassword();
+        this.tenant = context.getContextTenant().getDomain();
+    }
+
+    @BeforeMethod(alwaysRun = true)
+    public void initTest() throws Exception {
+
+        client = HttpClients.createDefault();
+
+    }
+
+    @AfterMethod(alwaysRun = true)
+    public void concludeTest() throws Exception {
+
+        client.close();
+    }
+
+    protected HttpResponse createAPIResource(APIResource apiResource) throws JSONException, IOException {
+
+        HttpPost request = new HttpPost(SERVER_URL + API_RESOURCE_ENDPOINT);
+        request.setHeader("Content-Type", "application/json");
+        request.setHeader("Authorization", getAuthzHeader());
+        JSONObject rootObject = new JSONObject();
+        rootObject.put(API_NAME_ATTRIBUTE, apiResource.getName());
+        rootObject.put(API_IDENTIFIER_ATTRIBUTE, apiResource.getIdentifier());
+        rootObject.put(API_DESCRIPTION_ATTRIBUTE, apiResource.getDescription());
+        rootObject.put(API_IS_REQUIRED_AUTHORIZATION_ATTRIBUTE, apiResource.isAuthorizationRequired());
+        JSONArray scopeArray = new JSONArray();
+        for (Scope scope : apiResource.getScopes()) {
+            JSONObject scopeObject = new JSONObject();
+            scopeObject.put(API_SCOPE_NAME_ATTRIBUTE, scope.getName());
+            scopeObject.put(API_SCOPE_DISPLAY_NAME_ATTRIBUTE, scope.getDisplayName());
+            scopeObject.put(API_SCOPE_DESCRIPTION_ATTRIBUTE, scope.getDescription());
+            scopeArray.put(scopeObject);
+        }
+        rootObject.put(API_SCOPE_ATTRIBUTE, scopeArray);
+        StringEntity entity = new StringEntity(rootObject.toString());
+        request.setEntity(entity);
+        return client.execute(request);
+    }
+
+    protected HttpResponse getAPIResource(String apiId) throws IOException {
+
+        HttpGet request = new HttpGet(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiId);
+        request.setHeader("Content-Type", "application/json");
+        request.setHeader("Authorization", getAuthzHeader());
+        return client.execute(request);
+    }
+
+    protected HttpResponse getAPIScopes(String apiId) throws IOException {
+
+        HttpGet request = new HttpGet(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiId + SCOPE_PATH);
+        request.setHeader("Content-Type", "application/json");
+        request.setHeader("Authorization", getAuthzHeader());
+        return client.execute(request);
+    }
+
+    protected String getAuthzHeader() {
+
+        return "Basic " + Base64.encodeBase64String((adminUsername + ":" + password).getBytes()).trim();
+    }
+}
diff --git a/...g/wso2/identity/integration/test/api/access/mgt/APIResourceManagementFailureTestCase.java b/...g/wso2/identity/integration/test/api/access/mgt/APIResourceManagementFailureTestCase.java
@@ -0,0 +1,140 @@
+package org.wso2.identity.integration.test.api.access.mgt;
+
+import io.netty.util.internal.StringUtil;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.util.EntityUtils;
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Factory;
+import org.testng.annotations.Test;
+import org.wso2.carbon.automation.engine.context.TestUserMode;
+import org.wso2.carbon.identity.application.common.model.APIResource;
+import org.wso2.carbon.identity.application.common.model.Scope;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertNotNull;
+
+public class APIResourceManagementFailureTestCase extends APIAccessManagementBaseTestCase {
+
+    private static final String API_1_NAME = "Files API";
+    private static final String API_1_DESCRIPTION = "This is a test API created by an integration test";
+    private static final String API_1_IDENTIFIER = "/files";
+    private static final boolean API_REQUIRES_AUTHORIZATION = true;
+    private static final String SCOPE_1_DISPLAY_NAME = "Read Files";
+    private static final String SCOPE_1_DESCRIPTION = "Read all the files in the system";
+
+    @BeforeClass(alwaysRun = true)
+    public void init() throws Exception {
+
+        super.init();
+    }
+
+    @AfterClass(alwaysRun = true)
+    public void testConclude() {
+
+        super.conclude();
+    }
+
+    @DataProvider(name = "APIResourceMgtConfigProvider")
+    public static Object[][] APIResourceMgtConfigProvider() {
+
+        return new Object[][]{
+                {TestUserMode.SUPER_TENANT_ADMIN}
+        };
+    }
+
+    @Factory(dataProvider = "APIResourceMgtConfigProvider")
+    public APIResourceManagementFailureTestCase(TestUserMode userMode) throws Exception {
+
+        super(userMode);
+    }
+
+    @Test(priority = 0)
+    public void testAddAPIWithInvalidScope() throws JSONException, IOException {
+
+        List<Scope> scopeList = new ArrayList<>();
+
+        Scope scope1 = new Scope.ScopeBuilder()
+                .name(null)
+                .displayName(SCOPE_1_DISPLAY_NAME)
+                .description(SCOPE_1_DESCRIPTION)
+                .build();
+
+        scopeList.add(scope1);
+
+        APIResource apiResource = new APIResource.APIResourceBuilder()
+                .name(API_1_NAME)
+                .identifier(API_1_IDENTIFIER)
+                .description(API_1_DESCRIPTION)
+                .requiresAuthorization(API_REQUIRES_AUTHORIZATION)
+                .scopes(scopeList)
+                .build();
+
+        HttpResponse response = createAPIResource(apiResource);
+        assertNotNull(response, "API resource creation request failed");
+        assertEquals(response.getStatusLine().getStatusCode(), 400, "Expected status code not received");
+    }
+
+    @Test(priority = 1)
+    public void testAddInvalidAPIResource() throws JSONException, IOException {
+
+        APIResource apiResource = new APIResource.APIResourceBuilder()
+                .name(API_1_NAME)
+                .identifier(null)
+                .description(API_1_DESCRIPTION)
+                .requiresAuthorization(API_REQUIRES_AUTHORIZATION)
+                .scopes(new ArrayList<>())
+                .build();
+
+        HttpResponse response = createAPIResource(apiResource);
+        assertNotNull(response, "API resource creation request failed");
+        assertEquals(response.getStatusLine().getStatusCode(), 400, "Expected status code not received");
+    }
+
+    @Test(priority = 2)
+    public void testPutInvalidScope() throws JSONException, IOException {
+
+        APIResource apiResource = new APIResource.APIResourceBuilder()
+                .name(API_1_NAME)
+                .identifier(API_1_IDENTIFIER)
+                .description(API_1_DESCRIPTION)
+                .requiresAuthorization(API_REQUIRES_AUTHORIZATION)
+                .scopes(new ArrayList<>())
+                .build();
+        HttpResponse response = createAPIResource(apiResource);
+        assertNotNull(response, "API resource creation request failed");
+        assertEquals(response.getStatusLine().getStatusCode(), 201, "Expected status code not received");
+        JSONObject responseObj = new JSONObject(EntityUtils.toString(response.getEntity()));
+        EntityUtils.consume(response.getEntity());
+        String apiResourceId = responseObj.getString(API_ID_ATTRIBUTE);
+
+        HttpPut request = getHttpPut(apiResourceId);
+        response = client.execute(request);
+        assertNotNull(response, "API resource update request failed");
+        assertEquals(response.getStatusLine().getStatusCode(), 400, "Expected status code not received");
+    }
+
+    private HttpPut getHttpPut(String apiResourceId) throws JSONException, UnsupportedEncodingException {
+        HttpPut request = new HttpPut(SERVER_URL + API_RESOURCE_ENDPOINT + "/" + apiResourceId + "/" + SCOPE_PATH);
+        request.setHeader("Content-Type", "application/json");
+        request.setHeader("Authorization", getAuthzHeader());
+        JSONObject scopeObject = new JSONObject();
+        scopeObject.put(API_SCOPE_NAME_ATTRIBUTE, StringUtil.EMPTY_STRING);
+        scopeObject.put(API_SCOPE_DISPLAY_NAME_ATTRIBUTE, StringUtil.EMPTY_STRING);
+        scopeObject.put(API_SCOPE_DESCRIPTION_ATTRIBUTE, StringUtil.EMPTY_STRING);
+
+        StringEntity entity = new StringEntity(scopeObject.toString());
+        request.setEntity(entity);
+        return request;
+    }
+}