diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-11-19 18:11:34 +0100 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-11-19 18:11:34 +0100 |
commit | db4b1d3822daf0a0da0ba6e838231251950f3f2e (patch) | |
tree | 1384ce2356308d15cc2c466558f427dc6050f297 /yarns/900-implements.yarn | |
parent | 196e9c65b6ed1a488a7163148a75b72aea3d07fe (diff) | |
download | ick2-db4b1d3822daf0a0da0ba6e838231251950f3f2e.tar.gz |
Add: scenario for testing unauthorized access
Diffstat (limited to 'yarns/900-implements.yarn')
-rw-r--r-- | yarns/900-implements.yarn | 48 |
1 files changed, 45 insertions, 3 deletions
diff --git a/yarns/900-implements.yarn b/yarns/900-implements.yarn index 5fb476c..d08cbc9 100644 --- a/yarns/900-implements.yarn +++ b/yarns/900-implements.yarn @@ -32,7 +32,18 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. vars['headers'] = headers vars['body'] = body - IMPLEMENTS WHEN (\S+) makes request POST (\S+) (.+) + IMPLEMENTS WHEN (\S+) makes request GET (\S+) with an invalid token + user = get_next_match() + path = get_next_match() + token = get_token(user) + url = vars['url'] + status, content_type, headers, body = get(url + path, 'invalid') + vars['status_code'] = status + vars['content_type'] = content_type + vars['headers'] = headers + vars['body'] = body + + IMPLEMENTS WHEN (\S+) makes request POST (\S+) with a valid token and body (.+) user = get_next_match() path = get_next_match() body_text = get_next_match() @@ -46,12 +57,28 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. vars['headers'] = headers vars['body'] = body - IMPLEMENTS WHEN user makes request PUT (\S+) (.+) + IMPLEMENTS WHEN (\S+) makes request POST (\S+) with an invalid token and body (.+) + user = get_next_match() + path = get_next_match() + body_text = get_next_match() + print('path', path) + print('body', body_text) + token = get_token(user) + url = vars['url'] + status, content_type, headers, body = post(url + path, body_text, 'invalid') + vars['status_code'] = status + vars['content_type'] = content_type + vars['headers'] = headers + vars['body'] = body + + IMPLEMENTS WHEN (\S+) makes request PUT (\S+) with a valid token and body (.+) + user = get_next_match() path = get_next_match() body_text = get_next_match() + print('user', user) print('path', path) print('body', body_text) - token = get_token('user') + token = get_token(user) url = vars['url'] status, content_type, headers, body = put(url + path, body_text, token) vars['status_code'] = status @@ -59,6 +86,21 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. vars['headers'] = headers vars['body'] = body + IMPLEMENTS WHEN (\S+) makes request PUT (\S+) with an invalid token + user = get_next_match() + path = get_next_match() + body_text = '{}' + print('user', user) + print('path', path) + print('body', body_text) + token = get_token(user) + url = vars['url'] + status, content_type, headers, body = put(url + path, body_text, 'invalid') + vars['status_code'] = status + vars['content_type'] = content_type + vars['headers'] = headers + vars['body'] = body + IMPLEMENTS WHEN (\S+) makes request DELETE (\S+) user = get_next_match() path = get_next_match() |