From 8b5cf558aecce11806df7ba69f5e52d03c352061 Mon Sep 17 00:00:00 2001 From: Isuru Maduranga Date: Mon, 1 May 2023 22:15:17 +0530 Subject: [PATCH 1/4] Refactor CustomHeaderTestCase --- .../tests/header/CustomHeaderTestCase.java | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java index 9648c1e3bf..7317efda3e 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java @@ -55,15 +55,11 @@ public class CustomHeaderTestCase extends APIManagerLifecycleBaseTest { private final String API1_NAME = "CustomAuthHeaderTestAPI1"; private final String API1_CONTEXT = "customAuthHeaderTest1"; private final String API1_VERSION = "1.0.0"; - private final String APPLICATION1_NAME = "CustomHeaderTest-Application"; private final String API_END_POINT_METHOD = "customers/123"; - - private final String API2_NAME = "CustomAuthHeaderTestAPI2"; - private final String API2_CONTEXT = "customAuthHeaderTest2"; - private final String API2_VERSION = "1.0.0"; private String accessToken; private String applicationId; private String apiId; + String invocationUrl; @Factory(dataProvider = "userModeDataProvider") public CustomHeaderTestCase(TestUserMode userMode) { @@ -94,22 +90,21 @@ public void setEnvironment() throws Exception { APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, ApplicationDTO.TokenTypeEnum.JWT); applicationId = applicationResponse.getData(); - } - - @Test(groups = {"wso2.am"}, description = "Set a customer Auth header for all APIs in the system. (Test ID: 3.1.1.5, 3.1.1.14)") - public void testSystemWideCustomAuthHeader() throws Exception { - - APIIdentifier apiIdentifier1 = new APIIdentifier(user.getUserName(), API1_NAME, API1_VERSION); + // Create API String url = getGatewayURLHttp() + "jaxrs_basic/services/customers/customerservice"; APIRequest apiRequest = new APIRequest(API1_NAME, API1_CONTEXT, new URL(url), new URL(url)); apiRequest.setVersion(API1_VERSION); apiRequest.setProvider(user.getUserName()); apiRequest.setTiersCollection(TIER_UNLIMITED); - String invocationUrl = getAPIInvocationURLHttps(API1_CONTEXT, API1_VERSION) + "/" + API_END_POINT_METHOD; + invocationUrl = getAPIInvocationURLHttps(API1_CONTEXT, API1_VERSION) + "/" + API_END_POINT_METHOD; apiId = createPublishAndSubscribeToAPIUsingRest(apiRequest, restAPIPublisher, restAPIStore, applicationId, APIMIntegrationConstants.API_TIER.UNLIMITED); waitForAPIDeploymentSync(user.getUserName(), API1_NAME, API1_VERSION, APIMIntegrationConstants.IS_API_EXISTS); + } + + @Test(groups = {"wso2.am"}, description = "Set a customer Auth header for all APIs in the system. (Test ID: 3.1.1.5, 3.1.1.14)") + public void testSystemWideCustomAuthHeader() throws Exception { //get access token ArrayList grantTypes = new ArrayList<>(); From 8b2664a4c536891ca5d8ef898a2395867b1bc107 Mon Sep 17 00:00:00 2001 From: Isuru Maduranga Date: Tue, 2 May 2023 02:54:16 +0530 Subject: [PATCH 2/4] Add System Wide Custom ApiKey Header test case --- .../tests/header/CustomHeaderTestCase.java | 35 +++++++++++++++++++ .../customHeaderTest/deployment.toml | 1 + 2 files changed, 36 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java index 7317efda3e..2d0303a68e 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java @@ -23,6 +23,7 @@ import org.testng.annotations.DataProvider; import org.testng.annotations.Factory; import org.testng.annotations.Test; +import org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO; @@ -38,6 +39,7 @@ import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNotNull; import static org.wso2.am.integration.tests.restapi.RESTAPITestConstants.APPLICATION_JSON_CONTENT; import static org.wso2.am.integration.tests.restapi.RESTAPITestConstants.AUTHORIZATION_KEY; @@ -46,12 +48,14 @@ import java.net.URL; import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; public class CustomHeaderTestCase extends APIManagerLifecycleBaseTest { private ServerConfigurationManager serverConfigurationManager; private final String CUSTOM_AUTHORIZATION_HEADER = "Test-Custom-Header"; + private final String CUSTOM_API_KEY_HEADER = "Custom-ApiKey-Header"; private final String API1_NAME = "CustomAuthHeaderTestAPI1"; private final String API1_CONTEXT = "customAuthHeaderTest1"; private final String API1_VERSION = "1.0.0"; @@ -97,6 +101,10 @@ public void setEnvironment() throws Exception { apiRequest.setVersion(API1_VERSION); apiRequest.setProvider(user.getUserName()); apiRequest.setTiersCollection(TIER_UNLIMITED); + List securitySchemes = new ArrayList<>(); + securitySchemes.add("oauth2"); + securitySchemes.add("api_key"); + apiRequest.setSecurityScheme(securitySchemes); invocationUrl = getAPIInvocationURLHttps(API1_CONTEXT, API1_VERSION) + "/" + API_END_POINT_METHOD; apiId = createPublishAndSubscribeToAPIUsingRest(apiRequest, restAPIPublisher, restAPIStore, applicationId, APIMIntegrationConstants.API_TIER.UNLIMITED); @@ -133,6 +141,33 @@ public void testSystemWideCustomAuthHeader() throws Exception { "Response code mismatched"); } + @Test(groups = {"wso2.am"}, description = "Set a custom Api key header for all APIs in the system.") + public void testSystemWideCustomApiKeyHeader() throws Exception { + + // Genarate API Keys for the application + APIKeyDTO apiKeyDTO = restAPIStore + .generateAPIKeys(applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), + -1, null, null); + assertNotNull(apiKeyDTO, "API Key generation failed"); + String apiKey = apiKeyDTO.getApikey(); + + // Test whether a request can be made with the correct custom API Key header + Map requestHeaders1 = new HashMap<>(); + requestHeaders1.put("accept", APPLICATION_JSON_CONTENT); + requestHeaders1.put(CUSTOM_API_KEY_HEADER, apiKey); + HttpResponse apiResponse1 = HttpRequestUtil.doGet(invocationUrl, requestHeaders1); + assertEquals(apiResponse1.getResponseCode(), Response.Status.OK.getStatusCode(), + "Response code mismatched"); + + // Test whether the 401 Unauthorized Response is returned with default API Key header + Map requestHeaders2 = new HashMap<>(); + requestHeaders2.put("accept", APPLICATION_JSON_CONTENT); + requestHeaders2.put("apiKey", apiKey); + HttpResponse apiResponse2 = HttpRequestUtil.doGet(invocationUrl, requestHeaders2); + assertEquals(apiResponse2.getResponseCode(), Response.Status.UNAUTHORIZED.getStatusCode(), + "Response code mismatched"); + } + @AfterClass(alwaysRun = true) public void destroy() throws Exception { SubscriptionListDTO subsDTO = restAPIStore.getAllSubscriptionsOfApplication(applicationId); diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml index 7127c39abd..238e4ec003 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml @@ -71,6 +71,7 @@ DevAccountName = "devPortTestEnv" [apim.oauth_config] auth_header = "Test-Custom-Header" +api_key_header = "Custom-APIKey-Header" [apim.cors] allow_origins = "*" From 11713bff6936c1aa2693784a072ac6e775593b38 Mon Sep 17 00:00:00 2001 From: Isuru Wijesiri Date: Wed, 16 Aug 2023 00:29:21 +0530 Subject: [PATCH 3/4] Update custom api key header tests --- .../src/main/resources/publisher-api.yaml | 12 +++++ .../tests/header/CustomHeaderTestCase.java | 46 +++++++++++++++++-- .../customHeaderTest/deployment.toml | 1 - 3 files changed, 54 insertions(+), 5 deletions(-) diff --git a/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml b/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml index 948d499988..de67456fcb 100644 --- a/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml +++ b/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml @@ -8707,6 +8707,12 @@ components: Name of the Authorization header used for invoking the API. If it is not set, Authorization header name specified in tenant or system level will be used. example: Authorization + apiKeyHeader: + type: string + pattern: '(^[^~!@#;:%^*()+={}|\\<>"'',&$\s+]*$)' + description: | + Name of the API key header used for invoking the API. If it is not set, default value `apiKey` will be used. + example: apiKey securityScheme: type: array description: | @@ -9354,6 +9360,12 @@ components: Name of the Authorization header used for invoking the API. If it is not set, Authorization header name specified in tenant or system level will be used. example: Authorization + apiKeyHeader: + type: string + pattern: '(^[^~!@#;:%^*()+={}|\\<>"'',&$\s+]*$)' + description: | + Name of the API key header used for invoking the API. If it is not set, default value `apiKey` will be used. + example: apiKey securityScheme: type: array description: | diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java index 2d0303a68e..f0c066c44e 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java @@ -23,6 +23,7 @@ import org.testng.annotations.DataProvider; import org.testng.annotations.Factory; import org.testng.annotations.Test; +import org.wso2.am.integration.clients.publisher.api.v1.dto.APIDTO; import org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO; @@ -55,6 +56,7 @@ public class CustomHeaderTestCase extends APIManagerLifecycleBaseTest { private ServerConfigurationManager serverConfigurationManager; private final String CUSTOM_AUTHORIZATION_HEADER = "Test-Custom-Header"; + private final String DEFAULT_API_KEY_HEADER = "ApiKey"; private final String CUSTOM_API_KEY_HEADER = "Custom-ApiKey-Header"; private final String API1_NAME = "CustomAuthHeaderTestAPI1"; private final String API1_CONTEXT = "customAuthHeaderTest1"; @@ -141,8 +143,9 @@ public void testSystemWideCustomAuthHeader() throws Exception { "Response code mismatched"); } - @Test(groups = {"wso2.am"}, description = "Set a custom Api key header for all APIs in the system.") - public void testSystemWideCustomApiKeyHeader() throws Exception { + @Test(groups = {"wso2.am"}, description = "Invoke an API with default API Key header", + dependsOnMethods = "testSystemWideCustomAuthHeader") + public void testInvokeAPIWIthDefaultApiKeyHeader() throws Exception { // Genarate API Keys for the application APIKeyDTO apiKeyDTO = restAPIStore @@ -151,7 +154,42 @@ public void testSystemWideCustomApiKeyHeader() throws Exception { assertNotNull(apiKeyDTO, "API Key generation failed"); String apiKey = apiKeyDTO.getApikey(); - // Test whether a request can be made with the correct custom API Key header + // Test whether a request can be made with the default API Key header + Map requestHeaders1 = new HashMap<>(); + requestHeaders1.put("accept", APPLICATION_JSON_CONTENT); + requestHeaders1.put(DEFAULT_API_KEY_HEADER, apiKey); + HttpResponse apiResponse1 = HttpRequestUtil.doGet(invocationUrl, requestHeaders1); + assertEquals(apiResponse1.getResponseCode(), Response.Status.OK.getStatusCode(), + "Response code mismatched"); + + // Test whether the 401 Unauthorized Response is returned with incorrect API Key header + Map requestHeaders2 = new HashMap<>(); + requestHeaders2.put("accept", APPLICATION_JSON_CONTENT); + requestHeaders2.put(CUSTOM_API_KEY_HEADER, apiKey); + HttpResponse apiResponse2 = HttpRequestUtil.doGet(invocationUrl, requestHeaders2); + assertEquals(apiResponse2.getResponseCode(), Response.Status.UNAUTHORIZED.getStatusCode(), + "Response code mismatched"); + } + + @Test(groups = {"wso2.am"}, description = "Invoke an API with custom API Key header", + dependsOnMethods = "testInvokeAPIWIthDefaultApiKeyHeader") + public void testInvokeAPIWIthCustomApiKeyHeader() throws Exception { + + // Genarate API Keys for the application + APIKeyDTO apiKeyDTO = restAPIStore + .generateAPIKeys(applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), + -1, null, null); + assertNotNull(apiKeyDTO, "API Key generation failed"); + String apiKey = apiKeyDTO.getApikey(); + + // Update the API with custom API Key header + APIDTO apidto = restAPIPublisher.getAPIByID(apiId); + apidto.setApiKeyHeader(CUSTOM_API_KEY_HEADER); + restAPIPublisher.updateAPI(apidto); + createAPIRevisionAndDeployUsingRest(apiId, restAPIPublisher); + Thread.sleep(10000); + + // Test whether a request can be made with the custom API Key header Map requestHeaders1 = new HashMap<>(); requestHeaders1.put("accept", APPLICATION_JSON_CONTENT); requestHeaders1.put(CUSTOM_API_KEY_HEADER, apiKey); @@ -162,7 +200,7 @@ public void testSystemWideCustomApiKeyHeader() throws Exception { // Test whether the 401 Unauthorized Response is returned with default API Key header Map requestHeaders2 = new HashMap<>(); requestHeaders2.put("accept", APPLICATION_JSON_CONTENT); - requestHeaders2.put("apiKey", apiKey); + requestHeaders2.put(DEFAULT_API_KEY_HEADER, apiKey); HttpResponse apiResponse2 = HttpRequestUtil.doGet(invocationUrl, requestHeaders2); assertEquals(apiResponse2.getResponseCode(), Response.Status.UNAUTHORIZED.getStatusCode(), "Response code mismatched"); diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml index 238e4ec003..7127c39abd 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml @@ -71,7 +71,6 @@ DevAccountName = "devPortTestEnv" [apim.oauth_config] auth_header = "Test-Custom-Header" -api_key_header = "Custom-APIKey-Header" [apim.cors] allow_origins = "*" From ae2b74ca139defad83456cc44ee062ad67e64783 Mon Sep 17 00:00:00 2001 From: Isuru Wijesiri Date: Fri, 18 Aug 2023 19:19:04 +0530 Subject: [PATCH 4/4] Fixes for failing test cases --- .../wso2/am/integration/tests/header/CORSHeadersTestCase.java | 2 +- .../tests-backend/src/test/resources/oas/v2/oas_publisher.json | 1 + .../tests-backend/src/test/resources/oas/v3/oas_publisher.json | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CORSHeadersTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CORSHeadersTestCase.java index 0d554a13f8..c249f6a082 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CORSHeadersTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CORSHeadersTestCase.java @@ -83,7 +83,7 @@ public class CORSHeadersTestCase extends APIManagerLifecycleBaseTest { private static final String ACCESS_CONTROL_ALLOW_METHODS_HEADER_VALUE = "DELETE,POST,PUT,PATCH,GET"; private static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER = "Access-Control-Allow-Headers"; private static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER_VALUE - = "authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,Authorization"; + = "authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,Authorization,ApiKey"; private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER = "Access-Control-Allow-Credentials"; private String accessToken; diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/oas/v2/oas_publisher.json b/modules/integration/tests-integration/tests-backend/src/test/resources/oas/v2/oas_publisher.json index 61216a59a7..1969fcfa1c 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/oas/v2/oas_publisher.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/oas/v2/oas_publisher.json @@ -71,6 +71,7 @@ } } }, + "x-wso2-api-key-header": "ApiKey", "securityDefinitions" : { "default" : { "type" : "oauth2", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/oas/v3/oas_publisher.json b/modules/integration/tests-integration/tests-backend/src/test/resources/oas/v3/oas_publisher.json index 4c41d21f1e..804582e773 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/oas/v3/oas_publisher.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/oas/v3/oas_publisher.json @@ -94,6 +94,7 @@ } } }, + "x-wso2-api-key-header": "ApiKey", "x-throttling-tier" : "Unlimited", "x-wso2-cors" : { "corsConfigurationEnabled" : true,