Skip to content

Commit

Permalink
LIME-1114: Updated UnHappy Path scenario for invalid headers
Browse files Browse the repository at this point in the history
to check that when a invalid sessionid is sent to the driving licence endpoint, or authcode is sent in credential issuer endpoint
  • Loading branch information
ChrisBates1 committed Sep 24, 2024
1 parent b7962df commit 98b6c21
Show file tree
Hide file tree
Showing 3 changed files with 137 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

import static org.junit.jupiter.api.Assertions.*;

Expand Down Expand Up @@ -162,6 +163,79 @@ public void postRequestToPassportEndpoint(

LOGGER.info("passportCheckResponse = " + passportCheckResponse);

try {
CheckPassportSuccessResponse checkPassportSuccessResponse =
objectMapper.readValue(
passportCheckResponse, CheckPassportSuccessResponse.class);

STATE = checkPassportSuccessResponse.getState();
SESSION_ID = checkPassportSuccessResponse.getPassportSessionId();

LOGGER.info("Found a CheckPassportSuccessResponse");

} catch (JsonMappingException e) {
LOGGER.info("Not a CheckPassportSuccessResponse");

RETRY = passportCheckResponse;
LOGGER.info("RETRY = {}", RETRY);
}
}

public void postRequestToPassportEndpointWithInvalidSessionId(
String invalidHeaderValue, String passportJsonRequestBody)
throws IOException, InterruptedException, NoSuchFieldException, IllegalAccessException {
postRequestToPassportEndpointWithInvalidSessionId(
invalidHeaderValue, passportJsonRequestBody, "");
}

public void postRequestToPassportEndpointWithInvalidSessionId(
String invalidHeaderValue, String passportJsonRequestBody, String jsonEditsString)
throws IOException, InterruptedException, NoSuchFieldException, IllegalAccessException {
Map<String, String> jsonEdits = new HashMap<>();
if (!StringUtils.isEmpty(jsonEditsString)) {
jsonEdits = objectMapper.readValue(jsonEditsString, Map.class);
}

String privateApiGatewayUrl = configurationService.getPrivateAPIEndpoint();
PassportFormData passportJson =
objectMapper.readValue(
new File("src/test/resources/Data/" + passportJsonRequestBody + ".json"),
PassportFormData.class);

for (Map.Entry<String, String> entry : jsonEdits.entrySet()) {
Field field = passportJson.getClass().getDeclaredField(entry.getKey());
field.setAccessible(true);

field.set(passportJson, entry.getValue());
}
String passportInputJsonString = objectMapper.writeValueAsString(passportJson);

HttpRequest.Builder builder = HttpRequest.newBuilder();
builder.uri(URI.create(privateApiGatewayUrl + "/check-passport"))
.setHeader("Accept", "application/json")
.setHeader("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(passportInputJsonString));

switch (invalidHeaderValue) {
case "invalidSessionId" -> builder.setHeader(
"session_id", UUID.randomUUID().toString());
case "malformedSessionId" -> builder.setHeader("session_id", "&%^$£$%");
case "missingSessionId" -> builder.setHeader("session_id", "");
default -> {
/*Do Nothing - No Header Provided*/
}
}

HttpRequest request = builder.build();
LOGGER.info("passport RequestBody = {}, {}", passportInputJsonString, request.headers());
String passportCheckResponse = sendHttpRequest(request).body();

LOGGER.info("passportCheckResponse = {}", passportCheckResponse);

String expectedResponseForInvalidSessionId =
"{\"oauth_error\":{\"error_description\":\"Session not found\",\"error\":\"access_denied\"}}";
assertEquals(expectedResponseForInvalidSessionId, passportCheckResponse);

try {
CheckPassportSuccessResponse checkPassportSuccessResponse =
objectMapper.readValue(
Expand All @@ -180,6 +254,10 @@ public void postRequestToPassportEndpoint(
}
}

private JSONObject sessionId() {
return null;
}

public void retryValueInPassportCheckResponse(Boolean retry) {
if (!(retry && RETRY.equals("{\"result\":\"retry\"}"))) {
fail("Should have retried");
Expand Down Expand Up @@ -285,6 +363,26 @@ public void postRequestToPassportVCEndpoint()
Assert.assertFalse("The 'kid' field suffix should not be empty", kidSuffix.isEmpty());
}

public void postRequestToPassportVCEndpointWithInvalidAuthCode()
throws IOException, InterruptedException {
String publicApiGatewayUrl = configurationService.getPublicAPIEndpoint();
String randomAccessToken = UUID.randomUUID().toString();
HttpRequest request =
HttpRequest.newBuilder()
.uri(URI.create(publicApiGatewayUrl + "/credential/issue"))
.setHeader("Accept", "application/json")
.setHeader("Content-Type", "application/json")
.setHeader("Authorization", "Bearer " + randomAccessToken)
.POST(HttpRequest.BodyPublishers.ofString(""))
.build();
String requestPassportVCResponse = sendHttpRequest(request).body();
LOGGER.info("requestPassportVCResponse = {}", requestPassportVCResponse);

String expectedResponseForInvalidAuthCode =
"{\"oauth_error\":{\"error_description\":\"Session not found\",\"error\":\"access_denied\"}}";
assertEquals(expectedResponseForInvalidAuthCode, requestPassportVCResponse);
}

public void validityScoreAndStrengthScoreInVC(String validityScore, String strengthScore)
throws IOException, InterruptedException, ParseException {
scoreIs(validityScore, strengthScore, vcBody);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,15 @@ public void passport_user_sends_a_post_request_to_passport_end_point(
postRequestToPassportEndpoint(passportJsonRequestBody);
}

@When(
"Passport user sends a POST request to Passport endpoint with a invalid (.*) using jsonRequest (.*)$")
public void passport_user_sends_a_post_request_to_passport_end_point_with_invalid_sessionId(
String invalidHeaderValue, String passportJsonRequestBody)
throws IOException, InterruptedException, NoSuchFieldException, IllegalAccessException {
postRequestToPassportEndpointWithInvalidSessionId(
invalidHeaderValue, passportJsonRequestBody);
}

@When(
"Passport user sends a editable POST request to Passport endpoint using jsonRequest (.*) with edited fields (.*)$")
public void passport_user_sends_a_post_request_to_passport_end_point(
Expand Down Expand Up @@ -69,6 +78,13 @@ public void user_requests_passport_vc()
postRequestToPassportVCEndpoint();
}

@Then(
"User requests Passport CRI VC from the Credential Issuer Endpoint with a invalid Bearer Token value")
public void user_requests_passport_vc_with_invalid_headers()
throws IOException, InterruptedException {
postRequestToPassportVCEndpointWithInvalidAuthCode();
}

@And("Passport VC should contain validityScore (.*) and strengthScore (.*)$")
public void passport_vc_should_contain_validity_score_and_strength_score(
String validityScore, String strengthScore)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,26 @@ Feature: Passport CRI API
|PassportJsonPayload | CI | Scenario |
|PassportInvalidCI1JsonPayload | D01 | 3 |
|PassportInvalidCI2JsonPayload | D01 | 4 |

@hmpoDVAD @pre-merge @dev
Scenario Outline: Passport Journey Un-Happy path with invalid sessionId on Passport Endpoint
Given Passport user has the user identity in the form of a signed JWT string for CRI Id passport-v1-cri-dev and row number 6
And Passport user sends a POST request to session endpoint
And Passport user gets a session-id
When Passport user sends a POST request to Passport endpoint with a invalid <invalidHeaderValue> using jsonRequest PassportValidKennethJsonPayload
Examples:
|invalidHeaderValue |
| invalidSessionId |
| malformedSessionId |
| missingSessionId |
# | noSessionHeader |

@hmpoDVAD @pre-merge @dev
Scenario: Passport Journey Un-Happy path with invalid authCode on Credential Issuer Endpoint
Given Passport user has the user identity in the form of a signed JWT string for CRI Id passport-v1-cri-dev and row number 6
And Passport user sends a POST request to session endpoint
And Passport user gets a session-id
When Passport user sends a POST request to Passport endpoint using jsonRequest PassportValidKennethJsonPayload
And Passport user gets authorisation code
And Passport user sends a POST request to Access Token endpoint passport-v1-cri-dev
Then User requests Passport CRI VC from the Credential Issuer Endpoint with a invalid Bearer Token value

0 comments on commit 98b6c21

Please sign in to comment.