blob: a914ab99212364a5ec128e05e7b4dbc40ddea2b5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
---
title: apifw integration tests
...
# Introduction
This is an integration test suite for the Python `apifw` module, using
`yarn`. It starts a little test application, `apitest.py` using
`gunicorn3` and verifies that it can do HTTP requests to it. It then
kills the test application. Very simple, but it makes sure the
interaction between `gunicorn3`, `bottle.py`, and the `apifw` module
works correctly.
`apifw` is short for "application programming interface framework".
It's a silly name. Please suggest something better.
# Basic scenario
SCENARIO runs apitest OK
GIVEN a running apitest using gunicorn3
WHEN client requests GET /version without token
THEN HTTP status code is 200 OK
WHEN client gets an authorization token with scope "no_version_scope"
AND client requests GET /version using token
THEN HTTP status code is 200 OK
WHEN client gets an authorization token with scope "uapi_version_get"
AND client requests GET /version using token
THEN HTTP status code is 200 OK
AND HTTP body is "version: 4.2"
WHEN client gets an authorization token with scope "uapi_upload_put"
AND client uploads a fake jpg
THEN HTTP status code is 200 OK
AND HTTP body is "thank you for fake jpg"
FINALLY stop apitest
# Step implementations
IMPLEMENTS GIVEN a running apitest using gunicorn3
# Set the "aud" field for access tokens.
export APITEST_AUD=test-audience
echo "$APITEST_AUD" > "$DATADIR/aud"
# Set the "iss" field for access tokens.
export APITEST_ISS=test-issuer
echo "$APITEST_ISS" > "$DATADIR/iss"
# Generate an RSA key for signing access tokens for the API. Key
# generation is disabled, to make test suite faster. Using
# pre-generated key instead.
#./generate-rsa-key "$DATADIR/signing-key"
export APITEST_PUBKEY="$(cat "$SRCDIR/apitest.key.pub")"
# FIXME: It would be good for the test suite to pick a random free
# port. But that's not simple.
export APITEST_LOG="$DATADIR/apitest.log"
"$SRCDIR/randport" > "$DATADIR/port"
port="$(cat "$DATADIR/port")"
gunicorn3 --daemon --bind "127.0.0.1:$port" -p "$DATADIR/pid" \
--log-file "$DATADIR/log" --log-level=debug \
apitest:app
while ! curl -s "http://127.0.0.1:$port/version" > /dev/null
do
# Sleep in Debian can take a fractional second arg.
sleep 0.1
done
IMPLEMENTS FINALLY stop apitest
kill "$(cat "$DATADIR/pid")"
IMPLEMENTS WHEN client requests GET /version without token
port="$(cat "$DATADIR/port")"
curl -sv "http://127.0.0.1:$port/version" > "$DATADIR/out" 2> "$DATADIR/err"
IMPLEMENTS WHEN client requests GET /version using token
token="$(cat "$DATADIR/token")"
port="$(cat "$DATADIR/port")"
curl -sv -H "Authorization: Bearer $token" \
"http://127.0.0.1:$port/version" > "$DATADIR/out" 2> "$DATADIR/err"
IMPLEMENTS WHEN client uploads a fake jpg
token="$(cat "$DATADIR/token")"
port="$(cat "$DATADIR/port")"
curl -sv -H "Authorization: Bearer $token" \
-H "Content-type: application/jpeg" \
-d "fake jpg" \
-X PUT \
"http://127.0.0.1:$port/upload" > "$DATADIR/out" 2> "$DATADIR/err"
IMPLEMENTS WHEN client gets an authorization token with scope "(.+)"
iss="$(cat "$DATADIR/iss")"
aud="$(cat "$DATADIR/aud")"
./create-token "$SRCDIR/apitest.key" "$iss" "$aud" "$MATCH_1" > "$DATADIR/token"
IMPLEMENTS THEN HTTP status code is (.+)
cat "$DATADIR/err"
tr -d '\r' < "$DATADIR/err" |
grep -Fx "< HTTP/1.1 $MATCH_1"
IMPLEMENTS THEN HTTP body is "(.+)"
grep -Fx "$MATCH_1" "$DATADIR/out"
IMPLEMENTS THEN response has header WWW-Authenticate containing "(.+)"
cat "$DATADIR/err"
tr -d '\r' < "$DATADIR/err" |
grep -Fix "< WWW-Authenticate: $MATCH_1"
|