Files
MilkyShots/Lactose/WepApiTest.http

479 lines
12 KiB
HTTP

@WepApiTest_HostAddress = http://localhost:5162
###
# @name Register rng user
< {%
client.global.set("rngUser", $random.alphabetic(15));
client.global.set("rngEmail", $random.alphabetic(5) + "@redcode.com");
client.global.set("rngPassword", "test" + $random.alphabetic(5));
%}
POST {{WepApiTest_HostAddress}}/api/auth/register
Content-Type: application/json
{
"username": "{{rngUser}}",
"email": "{{rngEmail}}",
"password": "{{rngPassword}}"
}
> {%
client.test("Register rng user", function () {
client.assert(response.status === 200)
});
%}
### Login rng user
POST {{WepApiTest_HostAddress}}/api/auth/login
Content-Type: application/json
{
"identifier": "{{rngUser}}",
"password": "{{rngPassword}}"
}
> {%
client.global.set("auth_token", jsonPath(response.body, "$.token"));
client.test("Login rng user", function () {
client.assert(response.status === 200)
//client.assert(jsonPath(response.body, "$.success") != true,jsonPath(response.body, "$.errorMessage")??"null")
});
%}
### API Authenticated Empty (wrong route should 404)
POST {{WepApiTest_HostAddress}}/api/auth
Content-Type: application/json
{}
> {%
client.test("API Authenticated Empty", function () {
client.assert(response.status === 404)
});
%}
### API Rng User Authenticated (correct route)
POST {{WepApiTest_HostAddress}}/api/auth/login
Authorization: Bearer {{auth_token}}
Accept: application/json
Content-Type: application/json
{"identifier": "{{rngUser}}", "password": "{{rngPassword}}"}
> {%
client.test("API Rng User Authenticated", function () {
client.assert(response.status === 200)
});
%}
### API Logout
POST {{WepApiTest_HostAddress}}/api/auth/logout
Authorization: Bearer {{auth_token}}
Accept: application/json
> {%
client.test("API Logout", function () {
client.assert(response.status === 200)
});
%}
### API Login as admin
POST {{WepApiTest_HostAddress}}/api/auth/login
Content-Type: application/json
{
"identifier": "admin",
"password": "admin"
}
> {%
client.global.set("admin_token", jsonPath(response.body, "$.token"));
client.test("Login as admin", function () {
client.assert(response.status === 200)
//client.assert(jsonPath(response.body, "$.success") != true,jsonPath(response.body, "$.errorMessage")??"null")
});
%}
### API Authenticated as admin
POST {{WepApiTest_HostAddress}}/api/auth/login
Authorization: Bearer {{admin_token}}
Accept: application/json
Content-Type: application/json
{"identifier": "admin", "password": "admin"}
> {%
client.test("API Authenticated as admin", function () {
client.assert(response.status === 200)
});
%}
### Try User create as rng user
PUT {{WepApiTest_HostAddress}}/api/user
Authorization: Bearer {{auth_token}}
Content-Type: application/json
{
"username": "thisUserShouldNotBeCreated",
"email": "nope@nope.cope",
"password": "qwertyu",
"accessLevel": 0
}
> {%
client.test("User create as rng user", function () {
client.assert(response.status === 403)
});
%}
### Try User create as admin
PUT {{WepApiTest_HostAddress}}/api/user
Authorization: Bearer {{admin_token}}
Accept: application/json
Content-Type: application/json
{
"username": "thisUserShouldBeCreated",
"email": "thisUserWillBeDeleted@gmai.com",
"password": "qwertyu",
"accessLevel": 1
}
> {%
client.global.set("createdUser", jsonPath(response.body, "$"));
client.test("User create as admin", function () {
client.assert(response.status === 200)
});
%}
### Try get the user as rng user
GET {{WepApiTest_HostAddress}}/api/user/{{createdUser}}
Authorization: Bearer {{auth_token}}
Accept: application/json
//TODO: check what data is returned
> {%
client.test("Get the user as rng user", function () {
client.assert(response.status === 200)
});
%}
### Try get the user as admin
GET {{WepApiTest_HostAddress}}/api/user/{{createdUser}}
Authorization: Bearer {{admin_token}}
Accept: application/json
//TODO: check what data is returned
> {%
client.test("Get the user as admin", function () {
client.assert(response.status === 200)
});
%}
### Try Delete user as rng user
DELETE {{WepApiTest_HostAddress}}/api/user/{{createdUser}}
Authorization: Bearer {{auth_token}}
> {%
client.test("Delete user as rng user", function () {
client.assert(response.status === 403)
});
%}
### Delete created user
DELETE {{WepApiTest_HostAddress}}/api/user/{{createdUser}}
Authorization: Bearer {{admin_token}}
> {%
client.test("Delete created user", function () {
client.assert(response.status === 200)
});
%}
### Get all people as rng user
GET {{WepApiTest_HostAddress}}/api/person
Authorization: Bearer {{auth_token}}
Accept: application/json
> {%
client.global.set("personId", jsonPath(response.body, "$[0].id"));
client.test("Get all people as rng user", function () {
client.assert(response.status === 200)
});
%}
### Get all people as admin
GET {{WepApiTest_HostAddress}}/api/person
Authorization: Bearer {{admin_token}}
Accept: application/json
> {%
client.test("Get all people as admin", function () {
client.assert(response.status === 200)
});
%}
### Get person by ID as rng user
GET {{WepApiTest_HostAddress}}/api/person/{{personId}}
Authorization: Bearer {{auth_token}}
Accept: application/json
> {%
client.test("Get person by ID as rng user", function () {
client.assert(response.status === 200 || response.status === 404)
});
%}
### Try update person as rng user (should be 403)
POST {{WepApiTest_HostAddress}}/api/person/{{personId}}
Authorization: Bearer {{auth_token}}
Content-Type: application/json
{
"name": "hacker_attempt",
"profileAssetId": null
}
> {%
client.test("Try update person as rng user", function () {
client.assert(response.status === 403)
});
%}
### Try delete person as rng user (should be 403)
DELETE {{WepApiTest_HostAddress}}/api/person/{{personId}}
Authorization: Bearer {{auth_token}}
> {%
client.test("Try delete person as rng user", function () {
client.assert(response.status === 403)
});
%}
### Create person as rng user (should be 403)
PUT {{WepApiTest_HostAddress}}/api/person
Authorization: Bearer {{auth_token}}
Content-Type: application/json
{
"name": "hacker_create",
"profileAssetId": null
}
> {%
client.test("Create person as rng user", function () {
client.assert(response.status === 403)
});
%}
### Create person as admin
PUT {{WepApiTest_HostAddress}}/api/person
Authorization: Bearer {{admin_token}}
Content-Type: application/json
{
"name": "Test Cosplayer Created"
}
> {%
client.global.set("createdPersonId", jsonPath(response.body, "$"));
client.test("Create person as admin", function () {
client.assert(response.status === 200)
client.assert(jsonPath(response.body, "$") != null)
});
%}
### Update created person name as admin
POST {{WepApiTest_HostAddress}}/api/person/{{createdPersonId}}
Authorization: Bearer {{admin_token}}
Content-Type: application/json
{
"name": "Updated via API Test",
"profileAssetId": null
}
> {%
client.test("Update created person name as admin", function () {
client.assert(response.status === 200)
});
%}
### Get created person by ID as admin
GET {{WepApiTest_HostAddress}}/api/person/{{createdPersonId}}
Authorization: Bearer {{admin_token}}
Accept: application/json
> {%
client.test("Get created person by ID as admin", function () {
client.assert(response.status === 200)
client.assert(jsonPath(response.body, "$.name") === "Updated via API Test")
});
%}
### Get non-existent person (should be 404)
GET {{WepApiTest_HostAddress}}/api/person/00000000-0000-0000-0000-000000000000
Authorization: Bearer {{admin_token}}
Accept: application/json
> {%
client.test("Get non-existent person", function () {
client.assert(response.status === 404)
});
%}
### Update non-existent person as admin (should be 404)
POST {{WepApiTest_HostAddress}}/api/person/00000000-0000-0000-0000-000000000000
Authorization: Bearer {{admin_token}}
Content-Type: application/json
{
"name": "ghost"
}
> {%
client.test("Update non-existent person", function () {
client.assert(response.status === 404)
});
%}
### Try bulk update person as rng user (should be 403)
POST {{WepApiTest_HostAddress}}/api/person
Authorization: Bearer {{auth_token}}
Content-Type: application/json
{
"ids": ["{{personId}}"],
"data": { "name": "hacker_bulk" }
}
> {%
client.test("Bulk update person as rng user", function () {
client.assert(response.status === 403)
});
%}
### Bulk update created person as admin
POST {{WepApiTest_HostAddress}}/api/person
Authorization: Bearer {{admin_token}}
Content-Type: application/json
{
"ids": ["{{createdPersonId}}"],
"data": { "name": "Bulk Updated Person" }
}
> {%
client.test("Bulk update person as admin", function () {
client.assert(response.status === 200)
});
%}
### Try bulk delete person as rng user (should be 403)
DELETE {{WepApiTest_HostAddress}}/api/person
Authorization: Bearer {{auth_token}}
Content-Type: application/json
["{{createdPersonId}}"]
> {%
client.test("Bulk delete person as rng user", function () {
client.assert(response.status === 403)
});
%}
### Create test album as admin
PUT {{WepApiTest_HostAddress}}/api/album
Authorization: Bearer {{admin_token}}
Content-Type: application/json
{
"name": "Test Album for E2E"
}
> {%
client.global.set("testAlbumId", jsonPath(response.body, "$"));
client.test("Create test album as admin", function () {
client.assert(response.status === 200)
client.assert(jsonPath(response.body, "$") != null)
});
%}
### Assign test album to created person
POST {{WepApiTest_HostAddress}}/api/album/{{testAlbumId}}
Authorization: Bearer {{admin_token}}
Content-Type: application/json
{
"person": "{{createdPersonId}}"
}
> {%
client.test("Assign album to person", function () {
client.assert(response.status === 200)
});
%}
### Update test album without removePerson field (should not affect person link)
POST {{WepApiTest_HostAddress}}/api/album/{{testAlbumId}}
Authorization: Bearer {{admin_token}}
Content-Type: application/json
{
"name": "Test Album Updated"
}
> {%
client.test("Update album without removePerson", function () {
client.assert(response.status === 200)
});
%}
### Remove person assignment from test album
POST {{WepApiTest_HostAddress}}/api/album/{{testAlbumId}}
Authorization: Bearer {{admin_token}}
Content-Type: application/json
{
"removePerson": true
}
> {%
client.test("Unlink person from album", function () {
client.assert(response.status === 200)
});
%}
### Delete test album
DELETE {{WepApiTest_HostAddress}}/api/album/{{testAlbumId}}
Authorization: Bearer {{admin_token}}
> {%
client.test("Delete test album", function () {
client.assert(response.status === 200)
});
%}
### Delete created person as admin
DELETE {{WepApiTest_HostAddress}}/api/person/{{createdPersonId}}
Authorization: Bearer {{admin_token}}
> {%
client.test("Delete created person as admin", function () {
client.assert(response.status === 200)
});
%}
### Verify created person is gone
GET {{WepApiTest_HostAddress}}/api/person/{{createdPersonId}}
Authorization: Bearer {{admin_token}}
Accept: application/json
> {%
client.test("Verify created person is deleted", function () {
client.assert(response.status === 404)
});
%}