# Step implementations

This chapter shows the scenario step implementations.

## API requests of various kinds

    IMPLEMENTS WHEN client requests GET (/.+) without token
    path = get_next_match()
    path = expand_vars(path, V)
    V['status_code'], V['headers'], V['body'] = get(V['API_URL'] + path)

    IMPLEMENTS WHEN client requests GET (/.+) using token
    path = get_next_match()
    path = expand_vars(path, V)
    headers = {
        'Authorization': 'Bearer {}'.format(V['token']),
    }
    V['status_code'], V['headers'], V['body'] = get(
        V['API_URL'] + path, headers)

    IMPLEMENTS WHEN client requests POST (/.+) with token and body (.+)
    path = get_next_match()
    body = get_next_match()
    headers = {
        'Authorization': 'Bearer {}'.format(V['token']),
        'Content-Type': 'application/json',
    }
    V['status_code'], V['headers'], V['body'] = post(
        V['API_URL'] + path, headers=headers, body=body)

    IMPLEMENTS WHEN client requests POST /token with client_id "(.+)", client_secret "(.+)", and scopes "(.+)"
    client_id = get_next_match()
    client_secret = get_next_match()
    scopes = get_next_match().split()
    V['status_code'], V['headers'], V['body'] = get_token(
        client_id, client_secret, scopes)

    IMPLEMENTS WHEN client requests PUT (/.+) with token and body (.+)
    path = get_next_match()
    path = expand_vars(path, V)
    body = get_next_match()
    body = expand_vars(body, V)
    headers = {
        'Authorization': 'Bearer {}'.format(V['token']),
        'Content-Type': 'application/json',
    }
    V['status_code'], V['headers'], V['body'] = put(
        V['API_URL'] + path, headers=headers, body=body)

    IMPLEMENTS WHEN client requests PUT (/[a-z0-9/${}]+) with token, revision (\S+), content-type (\S+), and empty body
    path = expand_vars(get_next_match(), V)
    revision = expand_vars(get_next_match(), V)
    ctype = expand_vars(get_next_match(), V)
    body = ''
    headers = {
        'Authorization': 'Bearer {}'.format(V['token']),
        'Revision': revision,
        'Content-Type': ctype,
    }
    V['status_code'], V['headers'], V['body'] = put(
        V['API_URL'] + path, headers=headers, body=body)

    IMPLEMENTS WHEN client requests PUT (/[a-z0-9/${}]+) with token, revision (\S+), content-type (\S+), and body "(.+)"
    path = expand_vars(get_next_match(), V)
    revision = expand_vars(get_next_match(), V)
    ctype = expand_vars(get_next_match(), V)
    body = unescape(expand_vars(get_next_match(), V))
    headers = {
        'Authorization': 'Bearer {}'.format(V['token']),
        'Revision': revision,
        'Content-Type': ctype,
    }
    V['status_code'], V['headers'], V['body'] = put(
        V['API_URL'] + path, headers=headers, body=body)

    IMPLEMENTS WHEN client requests DELETE (/.+) with token
    path = get_next_match()
    path = expand_vars(path, V)
    headers = {
        'Authorization': 'Bearer {}'.format(V['token']),
    }
    V['status_code'], V['headers'], V['body'] = delete(
        V['API_URL'] + path, headers=headers)

    IMPLEMENTS WHEN browser requests GET (\S+)
    path = get_next_match()
    V['status_code'], V['headers'], V['body'] = get(V['API_URL'] + path, {})

    IMPLEMENTS WHEN browser requests POST (\S+), with form values (\S+)=(\S+) and (\S+)=(\S+) and (\S+)=(\S+)
    path = get_next_match()
    field1 = get_next_match()
    value1 = expand_vars(get_next_match(), V)
    field2 = get_next_match()
    value2 = expand_vars(get_next_match(), V)
    field3 = get_next_match()
    value3 = expand_vars(get_next_match(), V)
    headers = {}
    body = {
        field1: value1,
        field2: value2,
        field3: value3,
    }
    V['status_code'], V['headers'], V['body'] = post(
        V['API_URL'] + path, headers=headers, body=body)

    IMPLEMENTS WHEN facade requests POST (\S+), with form values (\S+)=(\S+) and (\S+)=(\S+) using Basic Auth with username (\S+), password (\S+)
    path = get_next_match()
    field1 = get_next_match()
    value1 = expand_vars(get_next_match(), V)
    field2 = get_next_match()
    value2 = expand_vars(get_next_match(), V)
    username = get_next_match()
    password = get_next_match()
    headers = {}
    body = {
        field1: value1,
        field2: value2,
    }
    V['status_code'], V['headers'], V['body'] = post(
        V['API_URL'] + path, headers=headers, body=body,
        auth=(username, password))

## API access token creation

    IMPLEMENTS WHEN client gets an authorization token with scope "(.+)"
    scopes = get_next_match()
    print 'privkey', repr(V['privkey'])
    assert V['privkey']
    V['token'] = create_token(V['privkey'], V['iss'], V['aud'], scopes)

## UUID creation

    IMPLEMENTS GIVEN unique random identifier (\S+)
    import uuid
    name = get_next_match()
    V[name] = str(uuid.uuid4())

## API request result checking

    IMPLEMENTS THEN HTTP status code is (\d+) (.*)
    expected = int(get_next_match())
    assertEqual(V['status_code'], expected)

    IMPLEMENTS THEN HTTP (\S+) header starts with (.+)
    header = get_next_match()
    wanted = expand_vars(get_next_match(), V)
    actual = V['headers'].get(header)
    assertTrue(actual.startswith(wanted))

    IMPLEMENTS THEN HTTP (\S+) header is saved as (.+)
    header = get_next_match()
    name = get_next_match()
    V[name] = V['headers'].get(header)

    IMPLEMENTS THEN authorization code from (\S+) is saved as (\S+)
    import urlparse
    var1 = get_next_match()
    var2 = get_next_match()
    parts = urlparse.urlparse(V[var1])
    params = urlparse.parse_qs(parts.query)
    V[var2] = params['code'][0]

    IMPLEMENTS THEN state from (\S+) is (\S+)
    import urlparse
    var1 = get_next_match()
    var2 = get_next_match()
    parts = urlparse.urlparse(V[var1])
    params = urlparse.parse_qs(parts.query)
    assertEqual(params['state'][0], var2)

    IMPLEMENTS THEN remember HTTP (\S+) header as (.+)
    header = get_next_match()
    name = get_next_match()
    V[name] = V['headers'].get(header)

    IMPLEMENTS THEN resource id is (\S+)
    import json
    name = get_next_match()
    print 'body:', repr(V['body'])
    body = json.loads(V['body'])
    V[name] = body['id']

    IMPLEMENTS THEN revision is (\S+)
    import json
    name = get_next_match()
    body = json.loads(V['body'])
    V[name] = body['revision']

    IMPLEMENTS THEN revisions (\S+) and (\S+) are different
    rev1 = get_next_match()
    rev2 = get_next_match()
    assertNotEqual(V[rev1], V[rev2])

    IMPLEMENTS THEN revisions (\S+) and (\S+) match
    rev1 = get_next_match()
    rev2 = get_next_match()
    assertEqual(V[rev1], V[rev2])

    IMPLEMENTS THEN JSON body matches (.+)
    import json
    wanted = get_next_match()
    print 'wanted1', repr(wanted)
    wanted = expand_vars(wanted, V)
    print 'wanted2', repr(wanted)
    wanted = json.loads(wanted)
    actual = json.loads(V['body'])
    print 'actual ', repr(actual)
    print 'wanted3', repr(wanted)
    assertTrue(values_match(wanted, actual))

    IMPLEMENTS THEN body is "(.+)"
    wanted = unescape(expand_vars(get_next_match(), V))
    body = V['body']
    assertTrue(values_match(wanted, body))

    IMPLEMENTS THEN body has an HTML form with field (.+)
    field = get_next_match()
    body = V['body']
    pattern = '<input name="{}"'.format(field)
    assertTrue(pattern in body)

    IMPLEMENTS THEN HTML form field (.+) is saved as (\S+)
    import re
    field = get_next_match()
    name = get_next_match()
    body = V['body']
    pattern = '<input name="{}" value="([^"]+)"'.format(field)
    m = re.search(pattern, body, re.M)
    print('body', repr(body))
    print('pattern:', pattern)
    print('m:', m)
    print('m.groups():', m.groups())
    V[name] = m.groups(0)[0]

    IMPLEMENTS THEN Content-Type is (\S+)
    wanted = get_next_match()
    headers = V['headers']
    assertEqual(headers['Content-Type'][:len(wanted)], wanted)

    IMPLEMENTS THEN Location is (\S+)
    wanted = get_next_match()
    headers = V['headers']
    assertEqual(headers['Location'], wanted)

    IMPLEMENTS THEN body is a correctly signed JWT token
    resp = json.loads(V['body'])
    assertIn('access_token', resp)
    assertIn('token_type', resp)
    assertEqual(resp['token_type'], 'Bearer')
    token = resp['access_token']
    claims = token_decode(token, V['pubkey'])
    assertNotEqual(claims, None)
    V['claims'] = claims

    IMPLEMENTS THEN token has claim (\S+) as "(.*)"
    claim = get_next_match()
    value = get_next_match()
    claims = V['claims']
    assertEqual(claims[claim], value)

    IMPLEMENTS THEN token expires in an hour
    claims = V['claims']
    expires = claims['exp']
    remains = expires - time.time()
    assertTrue(3400 < remains < 3700)

    IMPLEMENTS THEN JSON body has field (\S+)$
    field = get_next_match()
    body = V['body']
    body = json.loads(body)
    assertTrue(field in body)

    IMPLEMENTS THEN JSON body has field (\S+), with value (\S+)
    field = get_next_match()
    value = get_next_match()
    body = V['body']
    body = json.loads(body)
    assertEqual(body.get(field), value)

    IMPLEMENTS THEN access token has a (\S+) field set to (\S+)
    field = get_next_match()
    value = get_next_match()
    body = V['body']
    body = json.loads(body)
    token = body['access_token']
    claims = token_decode(token, V['pubkey'])
    print('claims', claims)
    print('value', value)
    assertEqual(claims.get(field), value)

    IMPLEMENTS THEN access token has an (\S+) field that is not empty
    field = get_next_match()
    value = get_next_match()
    body = V['body']
    body = json.loads(body)
    token = body['access_token']
    claims = token_decode(token)
    tf = token.get(field)
    assertTrue(tf is not None)
    assertTrue(isinstance(tf, str))
    assertTrue(tf != "")