Skip to content

Commit

Permalink
Merge pull request #13523 from nisan-abeywickrama/fix-www-authenticate
Browse files Browse the repository at this point in the history
Add test case for validating WWW-Authorization header when invocating an API with API Keys using invalid Authorization header
  • Loading branch information
tgtshanika authored Sep 2, 2024
2 parents efd6ee7 + aeeec6b commit 0641b54
Showing 1 changed file with 34 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1240,6 +1240,40 @@ public void testInvocationWithApiKeysWithoutSubscription() throws Exception {
", but got " + invocationResponseAfterSubscriptionRemoved.getResponseCode());
}

@Test(description = "Testing the WWW-Authorization header when invocating an API with API Keys using invalid Authorization header",
dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
public void testWWWAuthorizationHeaderForApiWithApiKeys() throws Exception{

String expectedValue = "API Key realm=\"WSO2 API Manager\"";

// Validate WWW-Authenticate response header when request is made without Authorization header
Map<String, String> requestHeaders1 = new HashMap<>();
requestHeaders1.put("accept", "application/json");

HttpResponse response1 =
HTTPSClientUtils.doGet(getAPIInvocationURLHttps(mutualSSLandOAuthMandatoryAPIContext, API_VERSION_1_0_0) +
API_END_POINT_METHOD, requestHeaders1);

String wwwAuthenticateHeader = response1.getHeaders().get("WWW-Authenticate");

Assert.assertTrue(wwwAuthenticateHeader.contains(expectedValue),
"The WWW-Authenticate header does not contain the expected API Key value.");

// Validate WWW-Authenticate response header when request is made with invalid Authorization header
Map<String, String> requestHeaders2 = new HashMap<>();
requestHeaders2.put("accept", "application/json");
requestHeaders2.put("Authorization", null);

HttpResponse response2 =
HTTPSClientUtils.doGet(getAPIInvocationURLHttps(mutualSSLandOAuthMandatoryAPIContext, API_VERSION_1_0_0) +
API_END_POINT_METHOD, requestHeaders2);

wwwAuthenticateHeader = response2.getHeaders().get("WWW-Authenticate");

Assert.assertTrue(wwwAuthenticateHeader.contains(expectedValue),
"The WWW-Authenticate header does not contain the expected API Key value.");
}

@AfterClass(alwaysRun = true)
public void cleanUpArtifacts() throws Exception {
restAPIStore.deleteApplication(applicationId);
Expand Down

0 comments on commit 0641b54

Please sign in to comment.