diff --git a/devops-service/routes/v2.0/user.rb b/devops-service/routes/v2.0/user.rb index d94fa11..d37aedf 100644 --- a/devops-service/routes/v2.0/user.rb +++ b/devops-service/routes/v2.0/user.rb @@ -60,6 +60,7 @@ module Version2_0 # - body : # { # "username": "user name", + # "email": "user email", # "password": "user password" # } # @@ -69,7 +70,7 @@ module Version2_0 check_headers :accept, :content_type check_privileges("user", "w") user = create_object_from_json_body - ["username", "password"].each do |p| + ["username", "password", "email"].each do |p| check_string(user[p], "Parameter '#{p}' must be a not empty string") end BaseRoutes.mongo.user_insert User.new(user) diff --git a/devops-service/tests/features/step_definitions/http_queries_steps.rb b/devops-service/tests/features/step_definitions/http_queries_steps.rb index fd8936c..fd0d194 100644 --- a/devops-service/tests/features/step_definitions/http_queries_steps.rb +++ b/devops-service/tests/features/step_definitions/http_queries_steps.rb @@ -37,6 +37,11 @@ When(/^I send POST '(.*)' query with JSON body without header '(.*)'$/) do |path res = post_body(path, body, headers) end +When(/^I send POST '(.*)' query with JSON body with user without privileges$/) do |path, body| + JSON.parse(body) unless body.strip.empty? + res = post_without_privileges(path, body, DEFAULT_HEADERS) +end + When(/^I send DELETE '(.*)' query$/) do |path| delete(path, {}, DEFAULT_HEADERS) end diff --git a/devops-service/tests/features/support/env.rb b/devops-service/tests/features/support/env.rb index 418913b..2ac9a4c 100644 --- a/devops-service/tests/features/support/env.rb +++ b/devops-service/tests/features/support/env.rb @@ -79,6 +79,12 @@ class RequestSender end end + def post_without_privileges path, query, headers={} + user_without_privileges do + post_body(path, query, headers) + end + end + def put path, query, headers={} put_body(path, JSON.pretty_generate(query), headers) end diff --git a/devops-service/tests/generate_tests.rb b/devops-service/tests/generate_tests.rb index b6e6be2..f65b091 100755 --- a/devops-service/tests/generate_tests.rb +++ b/devops-service/tests/generate_tests.rb @@ -33,12 +33,14 @@ templates = { #list "templates/api_v2/00_list/flavor.feature.erb" => "features/api_v2/00_list/flavor.feature", + "templates/api_v2/00_list/10_user.feature.erb" => "features/api_v2/00_list/10_user.feature", #create "templates/api_v2/10_create/00_filter.feature.erb" => "features/api_v2/10_create/00_filter.feature", "templates/api_v2/10_create/10_image.feature.erb" => "features/api_v2/10_create/10_image.feature", "templates/api_v2/10_create/20_project.feature.erb" => "features/api_v2/10_create/20_project.feature", "templates/api_v2/10_create/30_script.feature.erb" => "features/api_v2/10_create/30_script.feature", + "templates/api_v2/10_create/00_user.feature.erb" => "features/api_v2/10_create/00_user.feature", #update "templates/api_v2/20_update/10_image.feature.erb" => "features/api_v2/20_update/10_image.feature", @@ -47,7 +49,8 @@ templates = { "templates/api_v2/90_delete/10_script.feature.erb" => "features/api_v2/90_delete/10_script.feature", "templates/api_v2/90_delete/80_project.feature.erb" => "features/api_v2/90_delete/80_project.feature", "templates/api_v2/90_delete/90_image.feature.erb" => "features/api_v2/90_delete/90_image.feature", - "templates/api_v2/90_delete/99_filter.feature.erb" => "features/api_v2/90_delete/99_filter.feature" + "templates/api_v2/90_delete/99_filter.feature.erb" => "features/api_v2/90_delete/99_filter.feature", + "templates/api_v2/90_delete/90_user.feature.erb" => "features/api_v2/90_delete/90_user.feature" } generator = Generator.new diff --git a/devops-service/tests/params.yml b/devops-service/tests/params.yml index c8f7b72..7650035 100644 --- a/devops-service/tests/params.yml +++ b/devops-service/tests/params.yml @@ -23,3 +23,7 @@ ec2: script: name: "cucumber_test_script" + +user: + name: "cucumber_test" + diff --git a/devops-service/tests/templates/api_v2/00_list/10_user.feature.erb b/devops-service/tests/templates/api_v2/00_list/10_user.feature.erb new file mode 100644 index 0000000..985888e --- /dev/null +++ b/devops-service/tests/templates/api_v2/00_list/10_user.feature.erb @@ -0,0 +1,44 @@ +@user +Feature: list user + + Scenario: Get list of all users + When I send GET '/v2.0/users' query + Then response should be '200' + And the Content-Type header should include 'application/json' + And the JSON response should be an array + And response array should contains elements like: + """ + [ + { + "email": "test@test.test", + "privileges": { + "flavor": "rwx", + "group": "rwx", + "image": "rwx", + "project": "rwx", + "server": "rwx", + "key": "rwx", + "user": "rwx", + "filter": "rwx", + "network": "rwx", + "provider": "rwx", + "script": "rwx", + "templates": "rwx" + }, + "id": "test" + } + ] + """ + + Scenario: Get list of all users without header 'Accept' + When I send GET '/v2.0/users' query without headers 'Accept' + Then response should be '406' + + Scenario: Get list of all users without privileges + When I send GET '/v2.0/users' query with user without privileges + Then response should be '401' + + Scenario: Get list of all users - invalid path + When I send GET '/v2.0/users/foo' query + Then response should be '404' + diff --git a/devops-service/tests/templates/api_v2/10_create/00_user.feature.erb b/devops-service/tests/templates/api_v2/10_create/00_user.feature.erb new file mode 100644 index 0000000..d813ed7 --- /dev/null +++ b/devops-service/tests/templates/api_v2/10_create/00_user.feature.erb @@ -0,0 +1,134 @@ +@user +Feature: create user + + Scenario: create user with user without privileges + When I send POST '/v2.0/user' query with JSON body with user without privileges + """ + { + "username": "<%= @config["user"]["name"] %>", + "email": "<%= @config["user"]["name"] %>@test.test", + "password": "<%= @config["user"]["name"] %>" + } + """ + Then response should be '401' + + Scenario: create user without header 'Accept' + When I send POST '/v2.0/user' query with JSON body without header 'Accept' + """ + { + "username": "<%= @config["user"]["name"] %>", + "email": "<%= @config["user"]["name"] %>@test.test", + "password": "<%= @config["user"]["name"] %>" + } + """ + Then response should be '406' + + Scenario: create user without header 'Content-Type' + When I send POST '/v2.0/user' query with JSON body without header 'Content-Type' + """ + { + "username": "<%= @config["user"]["name"] %>", + "email": "<%= @config["user"]["name"] %>@test.test", + "password": "<%= @config["user"]["name"] %>" + } + """ + Then response should be '415' + + Scenario: create user, invalid body: empty + When I send POST '/v2.0/user' query with JSON body + """ + """ + Then response should be '400' + + <% ["{}", "[]"].each do |k| %> + Scenario: create user, invalid body: body is a '<%= k %>' + When I send POST '/v2.0/user' query with JSON body + """ + <%= k %> + """ + Then response should be '400' + + <% end %> + <% elements = ["{}", "[]", "null" ] %> + <% elements.each do |k| %> + Scenario: create user, invalid body: username is a '<%= k %>' + When I send POST '/v2.0/user' query with JSON body + """ + { + "username": <%= k %>, + "email": "<%= @config["user"]["name"] %>@test.test", + "password": "<%= @config["user"]["name"] %>" + } + """ + Then response should be '400' + + <% end %> + <% elements.each do |k| %> + Scenario: create user, invalid body: password is a '<%= k %>' + When I send POST '/v2.0/user' query with JSON body + """ + { + "username": "<%= @config["user"]["name"] %>", + "email": "<%= @config["user"]["name"] %>@test.test", + "password": <%= k %> + } + """ + Then response should be '400' + + <% end %> + <% elements.each do |k| %> + Scenario: create user, invalid body: email is a '<%= k %>' + When I send POST '/v2.0/user' query with JSON body + """ + { + "username": "<%= @config["user"]["name"] %>", + "email": <%= k %>, + "password": "<%= @config["user"]["name"] %>" + } + """ + Then response should be '400' + + <% end %> + + Scenario: create user, invalid body: without username + When I send POST '/v2.0/user' query with JSON body + """ + { + "email": "<%= @config["user"]["name"] %>@test.test", + "password": "<%= @config["user"]["name"] %>" + } + """ + Then response should be '400' + + Scenario: create user, invalid body: without email + When I send POST '/v2.0/user' query with JSON body + """ + { + "username": "<%= @config["user"]["name"] %>", + "password": "<%= @config["user"]["name"] %>" + } + """ + Then response should be '400' + + Scenario: create user, invalid body: without password + When I send POST '/v2.0/user' query with JSON body + """ + { + "email": "<%= @config["user"]["name"] %>@test.test", + "username": "<%= @config["user"]["name"] %>" + } + """ + Then response should be '400' + + Scenario: create user + When I send POST '/v2.0/user' query with JSON body + """ + { + "username": "<%= @config["user"]["name"] %>", + "email": "<%= @config["user"]["name"] %>@test.test", + "password": "<%= @config["user"]["name"] %>" + } + """ + Then response should be '201' + And the Content-Type header should include 'application/json' + diff --git a/devops-service/tests/templates/api_v2/90_delete/90_user.feature.erb b/devops-service/tests/templates/api_v2/90_delete/90_user.feature.erb new file mode 100644 index 0000000..2cad5ab --- /dev/null +++ b/devops-service/tests/templates/api_v2/90_delete/90_user.feature.erb @@ -0,0 +1,20 @@ +@user +Feature: delete user + + Scenario: delete user with user without privileges + When I send DELETE '/v2.0/user/<%= @config["user"]["name"] %>' query with user without privileges + Then response should be '401' + + Scenario: delete user without header 'Accept' + When I send DELETE '/v2.0/user/<%= @config["user"]["name"] %>' query without header 'Accept' + Then response should be '406' + + Scenario: delete unknown user + When I send DELETE '/v2.0/user/unknown' query + Then response should be '404' + + Scenario: delete user + When I send DELETE '/v2.0/user/<%= @config["user"]["name"] %>' query + Then response should be '200' + And the Content-Type header should include 'application/json' +