From db4b1d3822daf0a0da0ba6e838231251950f3f2e Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 19 Nov 2017 18:11:34 +0100
Subject: Add: scenario for testing unauthorized access

---
 yarns/900-implements.yarn | 48 ++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 45 insertions(+), 3 deletions(-)

(limited to 'yarns/900-implements.yarn')

diff --git a/yarns/900-implements.yarn b/yarns/900-implements.yarn
index 5fb476c..d08cbc9 100644
--- a/yarns/900-implements.yarn
+++ b/yarns/900-implements.yarn
@@ -32,7 +32,18 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     vars['headers'] = headers
     vars['body'] = body
 
-    IMPLEMENTS WHEN (\S+) makes request POST (\S+) (.+)
+    IMPLEMENTS WHEN (\S+) makes request GET (\S+) with an invalid token
+    user = get_next_match()
+    path = get_next_match()
+    token = get_token(user)
+    url = vars['url']
+    status, content_type, headers, body = get(url + path, 'invalid')
+    vars['status_code'] = status
+    vars['content_type'] = content_type
+    vars['headers'] = headers
+    vars['body'] = body
+
+    IMPLEMENTS WHEN (\S+) makes request POST (\S+) with a valid token and body (.+)
     user = get_next_match()
     path = get_next_match()
     body_text = get_next_match()
@@ -46,12 +57,28 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     vars['headers'] = headers
     vars['body'] = body
 
-    IMPLEMENTS WHEN user makes request PUT (\S+) (.+)
+    IMPLEMENTS WHEN (\S+) makes request POST (\S+) with an invalid token and body (.+)
+    user = get_next_match()
+    path = get_next_match()
+    body_text = get_next_match()
+    print('path', path)
+    print('body', body_text)
+    token = get_token(user)
+    url = vars['url']
+    status, content_type, headers, body = post(url + path, body_text, 'invalid')
+    vars['status_code'] = status
+    vars['content_type'] = content_type
+    vars['headers'] = headers
+    vars['body'] = body
+
+    IMPLEMENTS WHEN (\S+) makes request PUT (\S+) with a valid token and body (.+)
+    user = get_next_match()
     path = get_next_match()
     body_text = get_next_match()
+    print('user', user)
     print('path', path)
     print('body', body_text)
-    token = get_token('user')
+    token = get_token(user)
     url = vars['url']
     status, content_type, headers, body = put(url + path, body_text, token)
     vars['status_code'] = status
@@ -59,6 +86,21 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     vars['headers'] = headers
     vars['body'] = body
 
+    IMPLEMENTS WHEN (\S+) makes request PUT (\S+) with an invalid token
+    user = get_next_match()
+    path = get_next_match()
+    body_text = '{}'
+    print('user', user)
+    print('path', path)
+    print('body', body_text)
+    token = get_token(user)
+    url = vars['url']
+    status, content_type, headers, body = put(url + path, body_text, 'invalid')
+    vars['status_code'] = status
+    vars['content_type'] = content_type
+    vars['headers'] = headers
+    vars['body'] = body
+
     IMPLEMENTS WHEN (\S+) makes request DELETE (\S+)
     user = get_next_match()
     path = get_next_match()
-- 
cgit v1.2.1