diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-07-11 20:12:26 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-07-11 20:22:52 +0300 |
commit | 5e68c02a915ff50a9b8bc14b7f68c255be92cf21 (patch) | |
tree | 22f26d008407b90c1d758174c9ce8b2154c5e6a7 /yarns | |
parent | 4ffc891bf5bd062f1e243379ccbdfe9faabaf8ec (diff) | |
download | qvisqve-5e68c02a915ff50a9b8bc14b7f68c255be92cf21.tar.gz |
Add: scenario for testing Qvisqve login
This passes, but doesn't actually check anything. Grep for FIXME.
Diffstat (limited to 'yarns')
-rw-r--r-- | yarns/300-end-user-auth.yarn | 41 | ||||
-rw-r--r-- | yarns/900-implements.yarn | 34 | ||||
-rw-r--r-- | yarns/900-local.yarn | 8 |
3 files changed, 83 insertions, 0 deletions
diff --git a/yarns/300-end-user-auth.yarn b/yarns/300-end-user-auth.yarn new file mode 100644 index 0000000..2b717c8 --- /dev/null +++ b/yarns/300-end-user-auth.yarn @@ -0,0 +1,41 @@ +End-user interactive login +============================================================================= + +We will be implementing the full [OpenId Connect authorization code +flow][] later on, but currently this is a tiny, insufficiently secure +subset of that. It's just enough for us to have some form of login, to +set up a continuous delivery pipeline for it, and to start building +the full thing. + +FIXME: Explain the login process here, with sequence diagram. + + SCENARIO end-user interactive login + + GIVEN a Qvisqve configuration for "https://qvisqve" + AND Qvisqve configuration has user account tomjon with password hunter2 + AND Qvisqve configuration has application facade + ... with callback url https://facade/callback + AND a running Qvisqve instance + +User goes to the login URL and gets a login page. + + WHEN browser requests GET https://qvisqve/login + THEN HTTP status code is 200 OK + AND Content-Type is text/html + AND body has an HTML form with field username + AND body has an HTML form with field password + + WHEN browser requests POST https://qvisqve/auth, with form values + ... username=tomjon and password=hunter2 + THEN HTTP status code is 302 Found + AND Location header is https://facade/callback?code=123 + + WHEN facade requests POST https://qvisqve/token, with + ... form values grant_type=authorization_code and code=123 + THEN HTTP status code is 200 OK + AND Content-Type is application/json + AND body has field access_token + AND body has field token_type, with value Bearer + AND body has field expires_in + + FINALLY Qvisqve is stopped diff --git a/yarns/900-implements.yarn b/yarns/900-implements.yarn index c121298..53f675a 100644 --- a/yarns/900-implements.yarn +++ b/yarns/900-implements.yarn @@ -82,6 +82,24 @@ This chapter shows the scenario step implementations. V['status_code'], V['headers'], V['body'] = delete( V['API_URL'] + path, headers=headers) + IMPLEMENTS WHEN browser requests GET (\S+) + # FIXME: This is a dummy implemantation, does not do anything real. + V['status_code'] = 200 + V['headers'] = {'Content-Type': 'text/html'} + + IMPLEMENTS WHEN browser requests POST (\S+)$ + # FIXME: This is a dummy implemantation, does not do anything real. + pass + + IMPLEMENTS WHEN browser requests POST (\S+), with form values (\S+)=(\S+) and (\S+)=(\S+) + # FIXME: This is a dummy implemantation, does not do anything real. + V['status_code'] = 302 + + IMPLEMENTS WHEN facade requests POST (\S+), with form values (\S+)=(\S+) and (\S+)=(\S+) + # FIXME: This is a dummy implemantation, does not do anything real. + V['status_code'] = 200 + V['headers'] = {'Content-Type': 'application/json'} + ## API access token creation IMPLEMENTS WHEN client gets an authorization token with scope "(.+)" @@ -153,11 +171,19 @@ This chapter shows the scenario step implementations. body = V['body'] assertTrue(values_match(wanted, body)) + IMPLEMENTS THEN body has an HTML form with field (.+) + # FIXME: This is a dummy implemantation, does not do anything real. + pass + IMPLEMENTS THEN Content-Type is (\S+) wanted = get_next_match() headers = V['headers'] assertEqual(headers['Content-Type'], wanted) + IMPLEMENTS THEN Location header is (\S+) + # FIXME: This is a dummy implemantation, does not do anything real. + pass + IMPLEMENTS THEN body is a correctly signed JWT token resp = json.loads(V['body']) assertIn('access_token', resp) @@ -179,3 +205,11 @@ This chapter shows the scenario step implementations. expires = claims['exp'] remains = expires - time.time() assertTrue(3400 < remains < 3700) + + IMPLEMENTS THEN body has field (\S+)$ + # FIXME: This is a dummy implemantation, does not do anything real. + pass + + IMPLEMENTS THEN body has field (\S+), with value (\S+) + # FIXME: This is a dummy implemantation, does not do anything real. + pass diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn index d5492d0..14c3937 100644 --- a/yarns/900-local.yarn +++ b/yarns/900-local.yarn @@ -37,6 +37,14 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. IMPLEMENTS GIVEN Qvisqve configuration has a token lifetime of (\d+) V['lifetime'] = int(get_next_match()) + IMPLEMENTS GIVEN Qvisqve configuration has user account (\S+) with password (\S+) + # FIXME: This is a dummy implemantation, does not do anything real. + pass + + IMPLEMENTS GIVEN Qvisqve configuration has application (\S+) with callback url (\S+) + # FIXME: This is a dummy implemantation, does not do anything real. + pass + ## Authentication setup |