Add: management API

author: Lars Wirzenius <liw@liw.fi> 2018-08-01 13:48:44 +0300
committer: Lars Wirzenius <liw@liw.fi> 2018-08-01 15:18:54 +0300
commit: 036a863b00fe079e13bb1640267078ec47e6f9e5 (patch)
tree: 8363e515b4716375aa723f6db37f05611e806399 /yarns
parent: bfd3be221e51f9d140c68a40f72ce38ac3aad7ca (diff)
download: qvisqve-036a863b00fe079e13bb1640267078ec47e6f9e5.tar.gz
3 files changed, 172 insertions, 7 deletions
diff --git a/yarns/400-manage.yarn b/yarns/400-manage.yarn
new file mode 100644
index 0000000..6d60909
--- /dev/null
+++ b/yarns/400-manage.yarn
@@ -0,0 +1,162 @@
+Manage clients, users, applications via API
+=============================================================================
+
+    SCENARIO manage clients, users, applications
+    GIVEN an RSA key pair for token signing
+    AND a Qvisqve configuration for "https://qvisqve.example.com"
+    AND Qvisqve configuration has a token lifetime of 3600
+    AND a running Qvisqve instance
+    AND an access token for admin with scopes
+    ... uapi_clients_post
+    ... uapi_clients_get
+    ... uapi_clients_id_get
+    ... uapi_clients_id_put
+    ... uapi_clients_id_secret_put
+    ... uapi_clients_id_delete
+    ... uapi_users_post
+    ... uapi_users_get
+    ... uapi_users_id_get
+    ... uapi_users_id_put
+    ... uapi_users_id_secret_put
+    ... uapi_users_id_delete
+    ... uapi_applications_post
+    ... uapi_applications_get
+    ... uapi_applications_id_get
+    ... uapi_applications_id_put
+    ... uapi_applications_id_delete
+
+First, manage clients.
+    
+    WHEN client requests GET /clients using token
+    THEN HTTP status code is 200 OK
+    AND Content-Type is application/json
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+    WHEN client requests POST /clients with token and body
+    ... {
+    ...     "id": "james"
+    ... }
+    THEN HTTP status code is 201 Created
+    AND Location is https://qvisqve.example.com/clients/james
+
+    WHEN client requests PUT /clients/james/secret with token and body
+    ... { "secret": "hunter2" }
+    THEN HTTP status code is 200 OK
+
+    WHEN client requests GET /clients using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": ["james"]
+    ... }
+
+    WHEN client requests GET /clients/james using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "id": "james"
+    ... }
+
+    WHEN client requests DELETE /clients/james with token
+    THEN HTTP status code is 200 OK
+    WHEN client requests GET /clients/james using token
+    THEN HTTP status code is 404 Not Found
+    WHEN client requests GET /clients using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+Then, manage users.
+
+    WHEN client requests GET /users using token
+    THEN HTTP status code is 200 OK
+    AND Content-Type is application/json
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+    WHEN client requests POST /users with token and body
+    ... {
+    ...     "id": "sherlock"
+    ... }
+    THEN HTTP status code is 201 Created
+    AND Location is https://qvisqve.example.com/users/sherlock
+
+    WHEN client requests PUT /users/sherlock/secret with token and body
+    ... { "secret": "hunter2" }
+    THEN HTTP status code is 200 OK
+
+    WHEN client requests GET /users using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": ["sherlock"]
+    ... }
+
+    WHEN client requests GET /users/sherlock using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "id": "sherlock"
+    ... }
+
+    WHEN client requests DELETE /users/sherlock with token
+    THEN HTTP status code is 200 OK
+    WHEN client requests GET /users/sherlock using token
+    THEN HTTP status code is 404 Not Found
+    WHEN client requests GET /users using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+Then, manage applications.
+
+    WHEN client requests GET /applications using token
+    THEN HTTP status code is 200 OK
+    AND Content-Type is application/json
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+    WHEN client requests POST /applications with token and body
+    ... {
+    ...     "id": "MI6",
+    ...     "callbacks": ["https://mi6.example.com/callback"]
+    ... }
+    THEN HTTP status code is 201 Created
+    AND Location is https://qvisqve.example.com/applications/MI6
+
+    WHEN client requests GET /applications using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": ["MI6"]
+    ... }
+
+    WHEN client requests GET /applications/MI6 using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "id": "MI6",
+    ...     "callbacks": ["https://mi6.example.com/callback"]
+    ... }
+
+    WHEN client requests DELETE /applications/MI6 with token
+    THEN HTTP status code is 200 OK
+    WHEN client requests GET /applications/MI6 using token
+    THEN HTTP status code is 404 Not Found
+    WHEN client requests GET /applications using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
diff --git a/yarns/900-implements.yarn b/yarns/900-implements.yarn
index 7eea6d8..25a7e11 100644
--- a/yarns/900-implements.yarn
+++ b/yarns/900-implements.yarn
@@ -183,6 +183,11 @@ This chapter shows the scenario step implementations.
     headers = V['headers']
     assertEqual(headers['Content-Type'][:len(wanted)], wanted)
 
+    IMPLEMENTS THEN Location is (\S+)
+    wanted = get_next_match()
+    headers = V['headers']
+    assertEqual(headers['Location'], wanted)
+
     IMPLEMENTS THEN body is a correctly signed JWT token
     resp = json.loads(V['body'])
     assertIn('access_token', resp)
diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn
index ddce8f8..8c9fd1d 100644
--- a/yarns/900-local.yarn
+++ b/yarns/900-local.yarn
@@ -60,13 +60,11 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     IMPLEMENTS GIVEN an access token for (\S+) with scopes (.+)
     user = get_next_match()
     scopes = get_next_match()
-    key = open('token.key').read()
-    argv = [
-        os.path.join(srcdir, 'create-token'),
-        scopes,
-    ]
-    token = cliapp.runcmd(argv, feed_stdin=key)
-    store_token(user, token)
+    key = V['privkey']
+    issuer = V['iss']
+    audience = V['aud']
+    token = create_token(key, issuer, audience, scopes)
+    V['token'] = token
 
 ## Start Qvisqve
author	Lars Wirzenius <liw@liw.fi>	2018-08-01 13:48:44 +0300
committer	Lars Wirzenius <liw@liw.fi>	2018-08-01 15:18:54 +0300
commit	036a863b00fe079e13bb1640267078ec47e6f9e5 (patch)
tree	8363e515b4716375aa723f6db37f05611e806399 /yarns
parent	bfd3be221e51f9d140c68a40f72ce38ac3aad7ca (diff)
download	qvisqve-036a863b00fe079e13bb1640267078ec47e6f9e5.tar.gz