479 lines
12 KiB
HTTP
479 lines
12 KiB
HTTP
@WepApiTest_HostAddress = http://localhost:5162
|
|
|
|
###
|
|
# @name Register rng user
|
|
< {%
|
|
client.global.set("rngUser", $random.alphabetic(15));
|
|
client.global.set("rngEmail", $random.alphabetic(5) + "@redcode.com");
|
|
client.global.set("rngPassword", "test" + $random.alphabetic(5));
|
|
%}
|
|
|
|
POST {{WepApiTest_HostAddress}}/api/auth/register
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"username": "{{rngUser}}",
|
|
"email": "{{rngEmail}}",
|
|
"password": "{{rngPassword}}"
|
|
}
|
|
|
|
> {%
|
|
client.test("Register rng user", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Login rng user
|
|
|
|
POST {{WepApiTest_HostAddress}}/api/auth/login
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"identifier": "{{rngUser}}",
|
|
"password": "{{rngPassword}}"
|
|
}
|
|
|
|
> {%
|
|
client.global.set("auth_token", jsonPath(response.body, "$.token"));
|
|
client.test("Login rng user", function () {
|
|
client.assert(response.status === 200)
|
|
//client.assert(jsonPath(response.body, "$.success") != true,jsonPath(response.body, "$.errorMessage")??"null")
|
|
});
|
|
%}
|
|
|
|
|
|
### API Authenticated Empty (wrong route should 404)
|
|
POST {{WepApiTest_HostAddress}}/api/auth
|
|
Content-Type: application/json
|
|
|
|
{}
|
|
|
|
> {%
|
|
client.test("API Authenticated Empty", function () {
|
|
client.assert(response.status === 404)
|
|
});
|
|
%}
|
|
|
|
### API Rng User Authenticated (correct route)
|
|
POST {{WepApiTest_HostAddress}}/api/auth/login
|
|
Authorization: Bearer {{auth_token}}
|
|
Accept: application/json
|
|
Content-Type: application/json
|
|
|
|
{"identifier": "{{rngUser}}", "password": "{{rngPassword}}"}
|
|
|
|
> {%
|
|
client.test("API Rng User Authenticated", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### API Logout
|
|
POST {{WepApiTest_HostAddress}}/api/auth/logout
|
|
Authorization: Bearer {{auth_token}}
|
|
Accept: application/json
|
|
|
|
> {%
|
|
client.test("API Logout", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### API Login as admin
|
|
POST {{WepApiTest_HostAddress}}/api/auth/login
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"identifier": "admin",
|
|
"password": "admin"
|
|
}
|
|
|
|
> {%
|
|
client.global.set("admin_token", jsonPath(response.body, "$.token"));
|
|
client.test("Login as admin", function () {
|
|
client.assert(response.status === 200)
|
|
//client.assert(jsonPath(response.body, "$.success") != true,jsonPath(response.body, "$.errorMessage")??"null")
|
|
});
|
|
%}
|
|
|
|
### API Authenticated as admin
|
|
POST {{WepApiTest_HostAddress}}/api/auth/login
|
|
Authorization: Bearer {{admin_token}}
|
|
Accept: application/json
|
|
Content-Type: application/json
|
|
|
|
{"identifier": "admin", "password": "admin"}
|
|
|
|
> {%
|
|
client.test("API Authenticated as admin", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Try User create as rng user
|
|
PUT {{WepApiTest_HostAddress}}/api/user
|
|
Authorization: Bearer {{auth_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"username": "thisUserShouldNotBeCreated",
|
|
"email": "nope@nope.cope",
|
|
"password": "qwertyu",
|
|
"accessLevel": 0
|
|
}
|
|
|
|
> {%
|
|
client.test("User create as rng user", function () {
|
|
client.assert(response.status === 403)
|
|
});
|
|
%}
|
|
|
|
### Try User create as admin
|
|
PUT {{WepApiTest_HostAddress}}/api/user
|
|
Authorization: Bearer {{admin_token}}
|
|
Accept: application/json
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"username": "thisUserShouldBeCreated",
|
|
"email": "thisUserWillBeDeleted@gmai.com",
|
|
"password": "qwertyu",
|
|
"accessLevel": 1
|
|
}
|
|
|
|
> {%
|
|
client.global.set("createdUser", jsonPath(response.body, "$"));
|
|
client.test("User create as admin", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Try get the user as rng user
|
|
GET {{WepApiTest_HostAddress}}/api/user/{{createdUser}}
|
|
Authorization: Bearer {{auth_token}}
|
|
Accept: application/json
|
|
|
|
//TODO: check what data is returned
|
|
> {%
|
|
client.test("Get the user as rng user", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Try get the user as admin
|
|
GET {{WepApiTest_HostAddress}}/api/user/{{createdUser}}
|
|
Authorization: Bearer {{admin_token}}
|
|
Accept: application/json
|
|
|
|
//TODO: check what data is returned
|
|
> {%
|
|
client.test("Get the user as admin", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Try Delete user as rng user
|
|
DELETE {{WepApiTest_HostAddress}}/api/user/{{createdUser}}
|
|
Authorization: Bearer {{auth_token}}
|
|
|
|
> {%
|
|
client.test("Delete user as rng user", function () {
|
|
client.assert(response.status === 403)
|
|
});
|
|
%}
|
|
|
|
### Delete created user
|
|
DELETE {{WepApiTest_HostAddress}}/api/user/{{createdUser}}
|
|
Authorization: Bearer {{admin_token}}
|
|
|
|
> {%
|
|
client.test("Delete created user", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Get all people as rng user
|
|
GET {{WepApiTest_HostAddress}}/api/person
|
|
Authorization: Bearer {{auth_token}}
|
|
Accept: application/json
|
|
|
|
> {%
|
|
client.global.set("personId", jsonPath(response.body, "$[0].id"));
|
|
client.test("Get all people as rng user", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Get all people as admin
|
|
GET {{WepApiTest_HostAddress}}/api/person
|
|
Authorization: Bearer {{admin_token}}
|
|
Accept: application/json
|
|
|
|
> {%
|
|
client.test("Get all people as admin", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Get person by ID as rng user
|
|
GET {{WepApiTest_HostAddress}}/api/person/{{personId}}
|
|
Authorization: Bearer {{auth_token}}
|
|
Accept: application/json
|
|
|
|
> {%
|
|
client.test("Get person by ID as rng user", function () {
|
|
client.assert(response.status === 200 || response.status === 404)
|
|
});
|
|
%}
|
|
|
|
### Try update person as rng user (should be 403)
|
|
POST {{WepApiTest_HostAddress}}/api/person/{{personId}}
|
|
Authorization: Bearer {{auth_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"name": "hacker_attempt",
|
|
"profileAssetId": null
|
|
}
|
|
|
|
> {%
|
|
client.test("Try update person as rng user", function () {
|
|
client.assert(response.status === 403)
|
|
});
|
|
%}
|
|
|
|
### Try delete person as rng user (should be 403)
|
|
DELETE {{WepApiTest_HostAddress}}/api/person/{{personId}}
|
|
Authorization: Bearer {{auth_token}}
|
|
|
|
> {%
|
|
client.test("Try delete person as rng user", function () {
|
|
client.assert(response.status === 403)
|
|
});
|
|
%}
|
|
|
|
### Create person as rng user (should be 403)
|
|
PUT {{WepApiTest_HostAddress}}/api/person
|
|
Authorization: Bearer {{auth_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"name": "hacker_create",
|
|
"profileAssetId": null
|
|
}
|
|
|
|
> {%
|
|
client.test("Create person as rng user", function () {
|
|
client.assert(response.status === 403)
|
|
});
|
|
%}
|
|
|
|
### Create person as admin
|
|
PUT {{WepApiTest_HostAddress}}/api/person
|
|
Authorization: Bearer {{admin_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"name": "Test Cosplayer Created"
|
|
}
|
|
|
|
> {%
|
|
client.global.set("createdPersonId", jsonPath(response.body, "$"));
|
|
client.test("Create person as admin", function () {
|
|
client.assert(response.status === 200)
|
|
client.assert(jsonPath(response.body, "$") != null)
|
|
});
|
|
%}
|
|
|
|
### Update created person name as admin
|
|
POST {{WepApiTest_HostAddress}}/api/person/{{createdPersonId}}
|
|
Authorization: Bearer {{admin_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"name": "Updated via API Test",
|
|
"profileAssetId": null
|
|
}
|
|
|
|
> {%
|
|
client.test("Update created person name as admin", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Get created person by ID as admin
|
|
GET {{WepApiTest_HostAddress}}/api/person/{{createdPersonId}}
|
|
Authorization: Bearer {{admin_token}}
|
|
Accept: application/json
|
|
|
|
> {%
|
|
client.test("Get created person by ID as admin", function () {
|
|
client.assert(response.status === 200)
|
|
client.assert(jsonPath(response.body, "$.name") === "Updated via API Test")
|
|
});
|
|
%}
|
|
|
|
### Get non-existent person (should be 404)
|
|
GET {{WepApiTest_HostAddress}}/api/person/00000000-0000-0000-0000-000000000000
|
|
Authorization: Bearer {{admin_token}}
|
|
Accept: application/json
|
|
|
|
> {%
|
|
client.test("Get non-existent person", function () {
|
|
client.assert(response.status === 404)
|
|
});
|
|
%}
|
|
|
|
### Update non-existent person as admin (should be 404)
|
|
POST {{WepApiTest_HostAddress}}/api/person/00000000-0000-0000-0000-000000000000
|
|
Authorization: Bearer {{admin_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"name": "ghost"
|
|
}
|
|
|
|
> {%
|
|
client.test("Update non-existent person", function () {
|
|
client.assert(response.status === 404)
|
|
});
|
|
%}
|
|
|
|
### Try bulk update person as rng user (should be 403)
|
|
POST {{WepApiTest_HostAddress}}/api/person
|
|
Authorization: Bearer {{auth_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"ids": ["{{personId}}"],
|
|
"data": { "name": "hacker_bulk" }
|
|
}
|
|
|
|
> {%
|
|
client.test("Bulk update person as rng user", function () {
|
|
client.assert(response.status === 403)
|
|
});
|
|
%}
|
|
|
|
### Bulk update created person as admin
|
|
POST {{WepApiTest_HostAddress}}/api/person
|
|
Authorization: Bearer {{admin_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"ids": ["{{createdPersonId}}"],
|
|
"data": { "name": "Bulk Updated Person" }
|
|
}
|
|
|
|
> {%
|
|
client.test("Bulk update person as admin", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Try bulk delete person as rng user (should be 403)
|
|
DELETE {{WepApiTest_HostAddress}}/api/person
|
|
Authorization: Bearer {{auth_token}}
|
|
Content-Type: application/json
|
|
|
|
["{{createdPersonId}}"]
|
|
|
|
> {%
|
|
client.test("Bulk delete person as rng user", function () {
|
|
client.assert(response.status === 403)
|
|
});
|
|
%}
|
|
|
|
### Create test album as admin
|
|
PUT {{WepApiTest_HostAddress}}/api/album
|
|
Authorization: Bearer {{admin_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"name": "Test Album for E2E"
|
|
}
|
|
|
|
> {%
|
|
client.global.set("testAlbumId", jsonPath(response.body, "$"));
|
|
client.test("Create test album as admin", function () {
|
|
client.assert(response.status === 200)
|
|
client.assert(jsonPath(response.body, "$") != null)
|
|
});
|
|
%}
|
|
|
|
### Assign test album to created person
|
|
POST {{WepApiTest_HostAddress}}/api/album/{{testAlbumId}}
|
|
Authorization: Bearer {{admin_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"person": "{{createdPersonId}}"
|
|
}
|
|
|
|
> {%
|
|
client.test("Assign album to person", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Update test album without removePerson field (should not affect person link)
|
|
POST {{WepApiTest_HostAddress}}/api/album/{{testAlbumId}}
|
|
Authorization: Bearer {{admin_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"name": "Test Album Updated"
|
|
}
|
|
|
|
> {%
|
|
client.test("Update album without removePerson", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Remove person assignment from test album
|
|
POST {{WepApiTest_HostAddress}}/api/album/{{testAlbumId}}
|
|
Authorization: Bearer {{admin_token}}
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"removePerson": true
|
|
}
|
|
|
|
> {%
|
|
client.test("Unlink person from album", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Delete test album
|
|
DELETE {{WepApiTest_HostAddress}}/api/album/{{testAlbumId}}
|
|
Authorization: Bearer {{admin_token}}
|
|
|
|
> {%
|
|
client.test("Delete test album", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Delete created person as admin
|
|
DELETE {{WepApiTest_HostAddress}}/api/person/{{createdPersonId}}
|
|
Authorization: Bearer {{admin_token}}
|
|
|
|
> {%
|
|
client.test("Delete created person as admin", function () {
|
|
client.assert(response.status === 200)
|
|
});
|
|
%}
|
|
|
|
### Verify created person is gone
|
|
GET {{WepApiTest_HostAddress}}/api/person/{{createdPersonId}}
|
|
Authorization: Bearer {{admin_token}}
|
|
Accept: application/json
|
|
|
|
> {%
|
|
client.test("Verify created person is deleted", function () {
|
|
client.assert(response.status === 404)
|
|
});
|
|
%}
|