From 4ce500cff50af4fbf613e8bdb60c9097fa3dca6b Mon Sep 17 00:00:00 2001 From: ThorodanBrom Date: Tue, 11 Jul 2023 13:19:59 +0530 Subject: [PATCH] Removed trustee role from server code - NOT FROM DATABASE - **DATABASE REMOVAL NEEDS MORE WORK/DISCUSSION** - Removed all trustee related flows from the code - Registration and user management - Policy creation - policies with item type APD - Updated unit tests, integration tests - Updated OpenAPI spec for both APD API changes and trustee changes --- Jenkinsfile | 2 +- docs/openapi.yaml | 234 +- .../java/iudx/aaa/server/apiserver/Roles.java | 2 +- .../aaa/server/policy/PolicyServiceImpl.java | 116 +- .../iudx/aaa/server/policy/createPolicy.java | 30 - .../registration/RegistrationServiceImpl.java | 24 +- .../server/policy/CreateApdPolicyTest.java | 106 +- .../policy/CreatePolicyNotificationTest.java | 17 +- .../policy/ListPolicyNotificationTest.java | 18 +- .../policy/UpdatePolicyNotificationTest.java | 17 +- .../server/registration/CreateUserTest.java | 72 +- .../server/registration/SearchUserTest.java | 90 +- .../server/registration/UpdateUserTest.java | 197 +- .../Integration_Test.postman_collection.json | 2076 +---------------- 14 files changed, 165 insertions(+), 2836 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9b3a6abd..8b2b01a2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -31,7 +31,7 @@ pipeline { sh 'docker compose -f docker-compose-test.yml up test' } xunit ( - thresholds: [ skipped(failureThreshold: '14'), failed(failureThreshold: '0') ], + thresholds: [ skipped(failureThreshold: '15'), failed(failureThreshold: '0') ], tools: [ JUnit(pattern: 'target/surefire-reports/*.xml') ] ) jacoco classPattern: 'target/classes', execPattern: 'target/jacoco.exec', sourcePattern: 'src/main/java', exclusionPattern:'**/*VertxEBProxy.class,**/Constants.class,**/*VertxProxyHandler.class,**/*Verticle.class,iudx/aaa/server/deploy/*.class,iudx/aaa/server/registration/KcAdmin.class,iudx/aaa/server/apiserver/*,iudx/aaa/server/apiserver/util/*,iudx/aaa/server/admin/AdminService.class,iudx/aaa/server/apd/ApdService.class,iudx/aaa/server/auditing/AuditingService.class,iudx/aaa/server/auditing/AuditingService.class,iudx/aaa/server/registration/RegistrationService.class,iudx/aaa/server/token/TokenService.class,iudx/aaa/server/policy/PolicyService.class' diff --git a/docs/openapi.yaml b/docs/openapi.yaml index 12926189..814b5586 100644 --- a/docs/openapi.yaml +++ b/docs/openapi.yaml @@ -207,7 +207,6 @@ paths: - delegate - consumer - admin - - trustee context: type: object required: @@ -250,11 +249,6 @@ paths: itemId: apd.iudx.org.in itemType: resource_server role: consumer - identity token for APD as trustee: - value: - itemId: apd.iudx.org.in - itemType: resource_server - role: trustee identity token for resource_server as provider: value: itemId: rs.iudx.org.in @@ -286,7 +280,7 @@ paths: - Item ID - URL of the server or APD - Users with any role can get an identity token for either a resource server or APD - **NOTE : If role is `admin` or `trustee`, the user must own the resource server or APD respectively.** + **NOTE : If role is `admin`, the user must own the resource server.** **NOTE : Users can be permitted to obtain identity tokens with the `admin` role if required.** @@ -312,9 +306,6 @@ paths: ## Tokens for admins **Admins are only permitted to get identity tokens.** - ## Tokens for trustees - **Trustees are only permitted to get identity tokens.** - ## JWT Access Token Response Structure The JWT is signed using the ES256 algorithm (`alg:ES256`). @@ -863,7 +854,6 @@ paths: - manage catalogue items - manage data on resource servers - manage policies - - **trustee**, which allows a user to manage an Access Policy Domain (APD) ## Client ID and Client Secret On successful creation of the user profile, the user would receive a client ID and a client secret. The client ID and client secret can be used instead of the OIDC flow to request for tokens. **The client secret is ONLY shown to the user here and can never be obtained again.** @@ -887,7 +877,6 @@ paths: - provider - consumer - delegate - - trustee minLength: 5 maxLength: 10 orgId: @@ -914,7 +903,7 @@ paths: orgId: 123e4567-e89b-12d3-a456-426614174000 description: |- - `orgId` is a valid organization ID obtain from the `GET /auth/v1/organizations` API - - **`orgId` is required for `provider`, `delegate` and `trustee` roles** + - **`orgId` is required for `provider` and `delegate` roles** - **The domain of the email address of the registering user must match the organization domain** required: true tags: @@ -1177,8 +1166,6 @@ paths: A user with either - `provider` role - `admin` role - - `trustee` role **with valid Auth admin policy** - - An auth admin policy is automatically created when an APD belonging to a trustee is set to _active_ state by the IUDX AAA admin - is an **auth delegate** may search for a user by providing the email address and role of said user. If a user exists, then the user ID `userId`, email, name and organization details (if applicable) is returned. @@ -1311,7 +1298,6 @@ paths: roles: - consumer - delegate - - trustee userId: 67194fc9-495e-40f7-b016-4470c1d4397f clients: - clientName: default @@ -1404,7 +1390,7 @@ paths: **NOTE: The operations cannot be done simultaneously.** ## Add roles - A user may add `consumer`, `delegate` and `trustee` roles to their user profile. **The `provider` role cannot be added**. + A user may add `consumer` and `delegate` roles to their user profile. **The `provider` role cannot be added**. ## Regenerate client secret A user may regenerate a client secret corresponding to a client ID in case they have lost the client secret or it has been compromised. A new client secret will be generated and sent as part of the output **and will not be shown again.** @@ -1446,7 +1432,6 @@ paths: enum: - consumer - delegate - - trustee minLength: 5 maxLength: 10 orgId: @@ -1475,14 +1460,13 @@ paths: roles: - consumer - delegate - - trustee orgId: 123e4567-e89b-12d3-a456-426614174000 Regenerate client secret: value: clientId: 25b2c2d5-a7fc-47d0-89e4-8709a1560bfa description: |- - `orgId` is a valid organization ID obtain from the `GET /auth/v1/organizations` API - - **`orgId` is required for `delegate` or `trustee` roles** + - **`orgId` is required for `delegate` role** - `clientId` is a valid client ID (belonging to the user) whose corresponding client secret needs to be generate required: true tags: @@ -2351,28 +2335,6 @@ paths: firstName: Bob lastName: Provider id: 844e251b-574b-46e6-9247-f76f1f70a637 - Listing of policies set by a trustee for a provider: - value: - type: 'urn:dx:as:Success' - title: policy read - results: - - policyId: 21abcc77-8917-4a12-8a48-42016552ed30 - itemType: apd - expiryTime: '2027-03-22T00:00' - constraints: {} - itemId: apd-test.datakaveri.org - user: - email: provider@datakaveri.org - name: - firstName: Provider - lastName: DK - id: 1d4e251b-514b-46e6-9547-f7661f70ae37 - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DK - id: a3be2d18-24cb-40d6-8a5e-f073aacbe519 Listing of APD policies: value: type: 'urn:dx:as:Success' @@ -2391,12 +2353,6 @@ paths: lastName: DK id: 1d4e251b-514b-46e6-9547-f7661f70ae37 apd: - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DK - id: a3be2d18-24cb-40d6-8a5e-f073aacbe519 url: apd-testing.datakaveri.org status: active name: Test APD @@ -2412,7 +2368,7 @@ paths: - `provider` : returns all policies created by the provider/auth delegate of the provider and the policies set for the provider. Also returns any **APD policies** set by the provider. - `delegate` : returns all policies set for the delegate - `consumer` : returns the policies set for the consumer - - `trustee` or `admin` : returns all policies set by them + - `admin` : returns all policies set by them ## Auth delegate An auth delegate may use the API to view policies on behalf of their provider. This is done by passing the user ID of the provider as a header called `providerId`. @@ -2598,8 +2554,8 @@ paths: description: application/json '403': description: |- - - If the user trying to set a policy does not have an `admin`, `provider`, `trustee` or `delegate` role - - If the user trying to set a policy does not have a policy by the AAA admin or trustee (in case of APD policies) + - If the user trying to set a policy does not have an `admin`, `provider` or `delegate` role + - If the user trying to set a policy does not have a policy by the AAA admin - If the user is neither the owner of the resource item/group or a delegate to the owner of the resource - If a valid policy already exists content: @@ -2615,14 +2571,8 @@ paths: ## Policies created by admin - Valid item types - `resource_server`. - - An `admin` can set **user policies** for a `provider`,`delegate` or `trustee` for their server. + - An `admin` can set **user policies** for a `provider` or `delegate` for their server. - **A policy is automatically set by the AAA admin for a provider when they are approved.** - - **A policy is automatically set by the AAA admin for a trustee when their APD is set to active state.** - - ## Policies created by trustee - - Valid item types - `apd`. - - A `trustee` can write **user policies** for `providers` for APDs they own. - - This policy allows providers to be able to use the APD for APD policies on their own resources. ## Policies created by provider @@ -2633,8 +2583,6 @@ paths: ### APD Policies - Valid item types - `resource`, `resource_group` - A `provider` can set **APD policies** for the resources owned by the `provider.` Access is granted if the user belongs to a `userClass` defined by the APD. - - **Providers must have a policy set by the concerned trustee to be able to set APD policies using a particular APD.** - - **The trustee policy also allows auth delegates working on behalf of the provider to set APD policies.** - **The concerned APD must be in `active` state.** ## Policies created by delegate @@ -2649,7 +2597,6 @@ paths: ### APD Policies - Valid item types - `resource`, `resource_group` - A `delegate` can set **APD policies** for the resources owned by the `provider`. - - The `provider` for whom the auth delegate is operating **must have a policy set by the concerned trustee for the particular APD**. The `delegate` need not have any such policy. - **The concerned APD must be in `active` state.** parameters: @@ -2717,7 +2664,6 @@ paths: - resource - resource_group - resource_server - - apd expiryTime: type: string minLength: 1 @@ -2808,14 +2754,6 @@ paths: access: - api - sub - Single request for trustee 'apd' itemType policy: - value: - request: - - userId: 2c4a230c-5085-4924-a3e1-25fb4fc5965b - itemId: apd-testing.datakaveri.org - itemType: apd - expiryTime: '2022-10-10T04:00:19' - constraints: {} Single request for APD policy: value: request: @@ -4211,31 +4149,6 @@ paths: status: type: string minLength: 1 - owner: - type: object - properties: - email: - type: string - minLength: 1 - name: - type: object - properties: - firstName: - type: string - minLength: 1 - lastName: - type: string - minLength: 1 - required: - - firstName - - lastName - id: - type: string - minLength: 1 - required: - - email - - name - - id required: - type - title @@ -4249,22 +4162,10 @@ paths: name: DataKaveri APD url: apd.datakaveri.org status: pending - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DataKaveri - id: 28c387e8-5807-44f7-830f-998e595d1bbe - apdId: 540972fd-43df-43c1-9627-df2402a6b731 name: IISc APD url: apd.iisc.ac.in status: active - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: IISc - id: 7d379bda-c204-4a97-918f-c24590b0cd6f examples: Example: value: @@ -4275,22 +4176,10 @@ paths: name: DataKaveri APD url: apd.datakaveri.org status: pending - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DataKaveri - id: 28c387e8-5807-44f7-830f-998e595d1bbe - apdId: 540972fd-43df-43c1-9627-df2402a6b731 name: IISc APD url: apd.iisc.ac.in status: active - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: IISc - id: 7d379bda-c204-4a97-918f-c24590b0cd6f '401': description: '- Unauthorized - `token` invalid/expired' content: @@ -4319,7 +4208,6 @@ paths: description: |- Returns registered APDs. - If called by the AAA admin, returns all APD registrations - - If called by a user with `trustee` role, returns all APDs in the **active** state and all the APDs the user has registered - If called by a user with any other roles, returns all APDs in the **active** state security: - authorization: [] @@ -4330,7 +4218,7 @@ paths: operationId: post-auth-v1-apd responses: '200': - description: The APD has been successfully registered and is pending AAA Admin approval + description: The APD has been successfully registered content: application/json: schema: @@ -4358,37 +4246,11 @@ paths: status: type: string minLength: 1 - owner: - type: object - properties: - email: - type: string - minLength: 1 - name: - type: object - properties: - firstName: - type: string - minLength: 1 - lastName: - type: string - minLength: 1 - required: - - firstName - - lastName - id: - type: string - minLength: 1 - required: - - email - - name - - id required: - apdId - name - url - status - - owner required: - type - title @@ -4401,13 +4263,7 @@ paths: apdId: 5d019ee7-e1d4-4f65-9a14-2e3b656b7296 name: zppcw url: zppcw.com - status: pending - owner: - email: vgmwddiczi@gmail.com - name: - firstName: uirsxfqyuj - lastName: lgbbcwgcax - id: 28c387e8-5807-44f7-830f-998e595d1bbe + status: active examples: Example: value: @@ -4417,13 +4273,7 @@ paths: apdId: 5d019ee7-e1d4-4f65-9a14-2e3b656b7296 name: DataKaveri APD url: apd.datakaveri.org - status: pending - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DataKaveri - id: 28c387e8-5807-44f7-830f-998e595d1bbe + status: active '400': description: |- - Malformed or missing data @@ -4457,7 +4307,7 @@ paths: title: Token authentication failed detail: Inactive Token '403': - description: '- User does not have the `trustee` role' + description: '- User is not admin of AAA server' content: application/json: schema: @@ -4466,8 +4316,8 @@ paths: Example: value: type: 'urn:dx:as:InvalidRole' - title: Not a trustee - detail: Use does not have the trustee role + title: Not admin + detail: Use does not have the admin '404': description: '- A user profile for the user does not exist' content: @@ -4493,7 +4343,7 @@ paths: title: URL already exists detail: An APD with the requested URL already exists description: |- - A registered trustee can register an Access Policy Domain. The AAA admin must approve the registration and set the APD into the **active** state, after which policies can be written using the APD. + The AAA admin can add new APDs to the server. These APDs will be in the **active** state by default and once added, polcieis can be written for the APDs. ## APD Requirements during registration The APD URL must be provided during registration. The URL must be **reachable** as well as: @@ -4530,7 +4380,7 @@ paths: url: apd.datakaveri.org required: true description: |- - - Registered users with the `trustee` role are permitted to call the API + - AAA admin permitted to call the API. - `url` must be a **valid reachable domain/hostname**. Examples of invalid `url`s are: - `https://example.com` - `example.com:8080` @@ -4578,27 +4428,6 @@ paths: status: type: string minLength: 1 - owner: - type: object - properties: - email: - type: string - minLength: 1 - name: - type: object - properties: - firstName: - type: string - minLength: 1 - lastName: - type: string - minLength: 1 - required: - - firstName - - lastName - id: - type: string - minLength: 1 required: - email - name @@ -4616,12 +4445,6 @@ paths: name: zwcev url: zwcev.com status: inactive - owner: - email: iisjnaawjw@gmail.com - name: - firstName: dxzptlevqi - lastName: yfuwqntzmg - id: 55530f92-7d84-428c-8c0d-f8b37818ac13 examples: Example: value: @@ -4632,22 +4455,10 @@ paths: name: DataKaveri APD url: apd.datakaveri.org status: active - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: DataKaveri - id: 28c387e8-5807-44f7-830f-998e595d1bbe - apdId: 540972fd-43df-43c1-9627-df2402a6b731 name: IISc APD url: apd.iisc.ac.in status: inactive - owner: - email: trustee@datakaveri.org - name: - firstName: Trustee - lastName: IISc - id: 7d379bda-c204-4a97-918f-c24590b0cd6f '400': description: |- - Malformed or missing data @@ -4682,7 +4493,7 @@ paths: detail: Inactive Token '403': description: |- - - User is not AAA admin or does not have `trustee` role + - User is not AAA admin - Cannot change status of a particular APD content: application/json: @@ -4693,7 +4504,7 @@ paths: value: type: 'urn:dx:as:InvalidRole' title: Invalid roles to call API - detail: Trustees and Auth Server Admin may call the API + detail: Auth Server Admin may call the API Cannot change status of an APD: value: type: 'urn:dx:as:InvalidInput' @@ -4712,16 +4523,12 @@ paths: title: User profile does not exist detail: Please register to create user profile description: |- - Allows the AAA admins and trustees who have registered APDs to update status. + Allows the AAA admins to update status of APDs. - The AAA admin may change status: - - from **pending** to **active**, to allow policies to be written for the APD. + The AAA admin may change status : - from **active** to **inactive**, in case the APD is not responsive or has been compromised - from **inactive** to **active** - The trustee may change status of APDs they have registered: - - from **active** to **inactive**, to indicate that no new policies may be written using the APD. - - from **inactive** to **pending**, to allow the AAA admin to reconsider activating the APD requestBody: required: true content: @@ -4757,7 +4564,6 @@ paths: enum: - active - inactive - - pending description: The status to be changed to required: - apdId diff --git a/src/main/java/iudx/aaa/server/apiserver/Roles.java b/src/main/java/iudx/aaa/server/apiserver/Roles.java index 0e7e415d..c3a78ff4 100644 --- a/src/main/java/iudx/aaa/server/apiserver/Roles.java +++ b/src/main/java/iudx/aaa/server/apiserver/Roles.java @@ -8,7 +8,7 @@ * Enum that defines all valid roles recognized by the AAA server. */ public enum Roles { - PROVIDER, DELEGATE, TRUSTEE, CONSUMER, ADMIN; + PROVIDER, DELEGATE, CONSUMER, ADMIN; static List rolesAsStrings = Arrays.stream(Roles.values()).map(r -> r.name()).collect(Collectors.toList()); diff --git a/src/main/java/iudx/aaa/server/policy/PolicyServiceImpl.java b/src/main/java/iudx/aaa/server/policy/PolicyServiceImpl.java index b98cf464..c8144182 100644 --- a/src/main/java/iudx/aaa/server/policy/PolicyServiceImpl.java +++ b/src/main/java/iudx/aaa/server/policy/PolicyServiceImpl.java @@ -159,8 +159,7 @@ public PolicyService createPolicy( if (!roles.contains(Roles.ADMIN) && !roles.contains(Roles.PROVIDER) - && !roles.contains(Roles.DELEGATE) - && !roles.contains(Roles.TRUSTEE)) { + && !roles.contains(Roles.DELEGATE)) { Response r = new Response.ResponseBuilder() @@ -218,15 +217,6 @@ public PolicyService createPolicy( .map(CreatePolicyRequest::getItemId) .collect(Collectors.toList()); - // getApdInfo for all apdIds - // if itemType is apdIds, getApdInfo - List apdUrls = - userPolicyRequests.stream() - .filter( - tagObject -> tagObject.getItemType().toUpperCase().equals(itemTypes.APD.toString())) - .map(CreatePolicyRequest::getItemId) - .collect(Collectors.toList()); - List resGrpIds = request.stream() .filter( @@ -249,7 +239,6 @@ public PolicyService createPolicy( Map> catItem = new HashMap<>(); // check if resServer itemType, All requests must be resServer, role must contain admin - // if itemType is Apd, all req must be Apd,role must contain Trustee // if item type neither, for request may have both apd and user policies (catalogueFetch) if (resServerIds.size() > 0) { // if request has itemType resourceServer, then all request should be for resource server @@ -276,32 +265,6 @@ public PolicyService createPolicy( return this; } else catItem.put(RES_SERVER, resServerIds); } else { - // check if user policy for apd exists - if (apdUrls.size() > 0) { - if (apdUrls.size() != request.size()) { - Response r = - new Response.ResponseBuilder() - .type(URN_INVALID_INPUT) - .title(INVALID_INPUT) - .detail("All requests must be for APD") - .status(400) - .build(); - handler.handle(Future.succeededFuture(r.toJson())); - return this; - } - if (!roles.contains(Roles.TRUSTEE)) { - Response r = - new Response.ResponseBuilder() - .type(URN_INVALID_ROLE) - .title(INVALID_ROLE) - .detail(INVALID_ROLE) - .status(403) - .build(); - handler.handle(Future.succeededFuture(r.toJson())); - return this; - } - catItem.put(APD, apdUrls); - } else { if (!roles.contains(Roles.PROVIDER) && !roles.contains(Roles.DELEGATE)) { Response r = new Response.ResponseBuilder() @@ -316,53 +279,11 @@ public PolicyService createPolicy( if (resGrpIds.size() > 0) catItem.put(RES_GRP, resGrpIds); if (resIds.size() > 0) catItem.put(RES, resIds); } - } + Future> reqItemDetail; if (catItem.containsKey(RES_SERVER)) { reqItemDetail = createPolicy.getResSerDetails(catItem.get(RES_SERVER), user.getUserId()); } else { - if (catItem.containsKey(APD)) { - List urls = catItem.get(APD); - Promise promise = Promise.promise(); - apdService.getApdDetails(urls, List.of(), promise); - reqItemDetail = - promise - .future() - .compose( - apdDetail -> { - Map apdMap = new HashMap<>(); - List failedUrl = new ArrayList<>(); - urls.forEach( - url -> { - if (!apdDetail.containsKey(url)) failedUrl.add(url); - else { - JsonObject detail = apdDetail.getJsonObject(url); - //status of the apd is not validated for creating policy by the trustee - JsonObject resObj = new JsonObject(); - resObj.put(ITEMTYPE, APD); - resObj.put(ID, detail.getString(ID)); - resObj.put(CAT_ID, detail.getString(URL)); - resObj.put( - OWNER_ID, detail.getJsonObject(OWNER_DETAILS).getString(ID)); - resObj.put("resource_server_id",NIL_UUID); - resObj.put("resource_group_id",NIL_UUID); - apdMap.put(resObj.getString(CAT_ID), new ResourceObj(resObj)); - } - }); - - if (failedUrl.size() > 0) { - Response r = - new ResponseBuilder() - .status(400) - .type(URN_INVALID_INPUT) - .title(INVALID_INPUT) - .detail(failedUrl.toString()) - .build(); - return Future.failedFuture(new ComposeException(r)); - } - return Future.succeededFuture(apdMap); - }); - } else // For both apdPolicy and userPolicy reqItemDetail = catalogueClient.checkReqItems(catItem); } @@ -415,28 +336,7 @@ public PolicyService createPolicy( return createPolicy.checkAuthPolicy(user.getUserId()); }); - // to create a policy in the apd_polcies table, user must have a policy by the dataTrustee for the apdId - Future checkTrusteeAuthPolicy = - ItemChecks.compose(obj -> - { - if(validApd.result().isEmpty()) - return Future.succeededFuture(true); - else - { - Set apdIds = new HashSet(); - List urls = - apdPolicyRequests.stream().map(CreatePolicyRequest::getApdId).collect(Collectors.toList()); - urls.forEach(url -> - { - apdIds.add(UUID.fromString(validApd.result().getJsonObject(url).getString(ID))); - }); - return createPolicy.checkAuthTrusteePolicy(providerId, apdIds); - } - } - ); - - - Future> checkDelegate = CompositeFuture.all(checkAuthPolicy,checkTrusteeAuthPolicy).compose( + Future> checkDelegate = checkAuthPolicy.compose( checkAut -> { if (checkAut.equals(false)) return Future.succeededFuture(new ArrayList<>()); List resourceObj = new ArrayList<>(reqItemDetail.result().values()); @@ -537,7 +437,7 @@ public PolicyService deletePolicy(JsonArray request, User user, JsonObject data, List roles = user.getRoles(); if (!roles.contains(Roles.ADMIN) && !roles.contains(Roles.PROVIDER) - && !roles.contains(Roles.DELEGATE) && ! roles.contains(Roles.TRUSTEE)) { + && !roles.contains(Roles.DELEGATE)) { // cannot create policy Response r = new Response.ResponseBuilder().type(URN_INVALID_ROLE).title(INVALID_ROLE) .detail(INVALID_ROLE).status(401).build(); @@ -637,14 +537,8 @@ public PolicyService listPolicy(User user, JsonObject data, List userIds = new ArrayList(userIdSet); - /* - * For APD IDs get IDs from policies where the item type is APD and from the APD IDs in - * APD policies - */ - Set apdIdSet = itemTypeToIds.get(itemTypes.APD).stream().map(id -> id.toString()) + Set apdIdSet = apdPolicies.result().stream().map(j -> j.getString(APD_ID)) .collect(Collectors.toSet()); - apdIdSet.addAll(apdPolicies.result().stream().map(j -> j.getString(APD_ID)) - .collect(Collectors.toSet())); List apdIds = new ArrayList(apdIdSet); diff --git a/src/main/java/iudx/aaa/server/policy/createPolicy.java b/src/main/java/iudx/aaa/server/policy/createPolicy.java index 77acc063..fa2a0850 100644 --- a/src/main/java/iudx/aaa/server/policy/createPolicy.java +++ b/src/main/java/iudx/aaa/server/policy/createPolicy.java @@ -369,36 +369,6 @@ public Future checkAuthPolicy(String userId) { return p.future(); } - public Future checkAuthTrusteePolicy(String providerId, Set apdIds) { - Promise p = Promise.promise(); - pool.withConnection( - conn -> - conn.preparedQuery(CHECK_TRUSTEE_POLICY) - .execute(Tuple.of(providerId, status.ACTIVE, apdIds.toArray(UUID[]::new))) - .onFailure( - obj -> { - LOGGER.error( - "checkAuthTrusteePolicy db fail :: " + obj.getLocalizedMessage()); - p.fail(INTERNALERROR); - }) - .onSuccess( - obj -> { - if (obj.rowCount() == apdIds.size()) p.complete(true); - else { - Response r = - new Response.ResponseBuilder() - .type(URN_INVALID_INPUT) - .title(NO_AUTH_TRUSTEE_POLICY) - .detail(NO_AUTH_TRUSTEE_POLICY) - .status(403) - .build(); - p.fail(new ComposeException(r)); - } - })); - - return p.future(); - } - public Future> userPolicyDuplicate( List req, Map resourceObj, User user) { Promise> p = Promise.promise(); diff --git a/src/main/java/iudx/aaa/server/registration/RegistrationServiceImpl.java b/src/main/java/iudx/aaa/server/registration/RegistrationServiceImpl.java index 5f671c9a..ed53af87 100644 --- a/src/main/java/iudx/aaa/server/registration/RegistrationServiceImpl.java +++ b/src/main/java/iudx/aaa/server/registration/RegistrationServiceImpl.java @@ -140,8 +140,7 @@ public RegistrationService createUser(RegistrationRequest request, User user, UUID orgId = UUID.fromString(request.getOrgId()); final String phone = request.getPhone(); - if (requestedRoles.contains(Roles.PROVIDER) || requestedRoles.contains(Roles.DELEGATE) - || requestedRoles.contains(Roles.TRUSTEE)) { + if (requestedRoles.contains(Roles.PROVIDER) || requestedRoles.contains(Roles.DELEGATE)) { if (orgId.toString().equals(NIL_UUID)) { Response r = new ResponseBuilder().status(400).type(URN_MISSING_INFO) .title(ERR_TITLE_ORG_ID_REQUIRED).detail(ERR_DETAIL_ORG_ID_REQUIRED).build(); @@ -169,8 +168,7 @@ public RegistrationService createUser(RegistrationRequest request, User user, Future checkOrgExist; String orgIdToSet; - if (roles.containsKey(Roles.PROVIDER) || roles.containsKey(Roles.DELEGATE) - || roles.containsKey(Roles.TRUSTEE)) { + if (roles.containsKey(Roles.PROVIDER) || roles.containsKey(Roles.DELEGATE)) { orgIdToSet = request.getOrgId(); checkOrgExist = pool.withConnection( conn -> conn.preparedQuery(SQL_GET_ORG_DETAILS).execute(Tuple.of(orgId.toString())).map( @@ -615,7 +613,7 @@ public void addRoles(User user, UpdateProfileRequest request, Promise roles = user.getRoles(); - /* - * If the user is a trustee, check for auth admin policy. This is to prevent any user registered - * as a trustee to perform search. Currently, the auth admin policy is set when an APD owned by - * the trustee is set to active for the first time. - */ - Future trusteeAuthPolicyCheck; if (roles.contains(Roles.PROVIDER) || roles.contains(Roles.ADMIN)) { - trusteeAuthPolicyCheck = Future.succeededFuture(); } else if (roles.contains(Roles.DELEGATE) && isAuthDelegate) { - trusteeAuthPolicyCheck = Future.succeededFuture(); - - } else if (roles.contains(Roles.TRUSTEE)) { - Promise authPolPromise = Promise.promise(); - /* checkAuthPolicy sends ComposeException with correct response, can pass the future as is */ - policyService.checkAuthPolicy(user.getUserId(), authPolPromise); - trusteeAuthPolicyCheck = authPolPromise.future(); } else { Response r = new ResponseBuilder().status(401).type(URN_INVALID_ROLE) @@ -857,7 +841,7 @@ public void searchUser(User user, JsonObject searchUserDetails, Boolean isAuthDe String email = searchUserDetails.getString("email").toLowerCase(); Roles role = Roles.valueOf(searchUserDetails.getString("role").toUpperCase()); - Future foundUser = trusteeAuthPolicyCheck.compose(res -> kc.findUserByEmail(email)); + Future foundUser = kc.findUserByEmail(email); Future exists = foundUser.compose(res -> { if (res.isEmpty()) { diff --git a/src/test/java/iudx/aaa/server/policy/CreateApdPolicyTest.java b/src/test/java/iudx/aaa/server/policy/CreateApdPolicyTest.java index 51914bd4..c3dfae19 100644 --- a/src/test/java/iudx/aaa/server/policy/CreateApdPolicyTest.java +++ b/src/test/java/iudx/aaa/server/policy/CreateApdPolicyTest.java @@ -47,7 +47,6 @@ import static iudx.aaa.server.policy.Constants.ID; import static iudx.aaa.server.policy.Constants.INVALID_ROLE; import static iudx.aaa.server.policy.Constants.ITEMNOTFOUND; -import static iudx.aaa.server.policy.Constants.NO_AUTH_TRUSTEE_POLICY; import static iudx.aaa.server.policy.Constants.STATUS; import static iudx.aaa.server.policy.Constants.URL; import static iudx.aaa.server.registration.Utils.SQL_CREATE_APD; @@ -82,7 +81,6 @@ public class CreateApdPolicyTest { private static Future providerUser; private static Future authDelUser; private static Future consumerUser; - private static Future trusteeUser; private static JsonObject catOptions; private static UUID authSerId; private static String authServerURL; @@ -178,16 +176,6 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { Map.of(Roles.ADMIN, RoleStatus.APPROVED), false)); - trusteeUser = - orgIdFut.compose( - orgId -> - Utils.createFakeUser( - pgclient, - orgId.toString(), - "", - Map.of(Roles.TRUSTEE, RoleStatus.APPROVED), - false)); - authDelUser = orgIdFut.compose( orgId -> @@ -207,7 +195,7 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { Map.of(Roles.CONSUMER, RoleStatus.APPROVED), false)); - CompositeFuture.all(adminUser, providerUser, authDelUser, consumerUser,trusteeUser) + CompositeFuture.all(adminUser, providerUser, authDelUser, consumerUser) .onSuccess( succ -> { // create all servers @@ -216,8 +204,7 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { resourceGrpID = UUID.randomUUID(); apdId = UUID.randomUUID(); //create APD with id,name,url,owner_id(admin user),status,created_at,updated_at - Tuple apdTuple = Tuple.of(apdId,RandomStringUtils.randomAlphabetic(5),apdURL, - UUID.fromString(trusteeUser.result().getString("userId")), Constants.status.ACTIVE); + Tuple apdTuple = Tuple.of(apdId,RandomStringUtils.randomAlphabetic(5),apdURL, Constants.status.ACTIVE); pgclient.withConnection(conn -> conn.preparedQuery(SQL_CREATE_APD).execute(apdTuple)) .compose(ar-> Utils.createFakeResourceServer(pgclient, adminUser.result(), authSerId, authServerURL)) @@ -276,15 +263,6 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { UUID.fromString(authDelUser.result().getString("userId")), UUID.fromString(providerUser.result().getString("userId")), authSerId)) - .compose( - proPol -> - Utils.createFakePolicy( - pgclient, - UUID.fromString(providerUser.result().getString("userId")), - Constants.itemTypes.RESOURCE_SERVER, - UUID.fromString(trusteeUser.result().getString("userId")), - apdId)) - .onSuccess( success -> { policyService = @@ -311,13 +289,11 @@ public static void finish(VertxTestContext testContext){ UUID adminId = UUID.fromString(adminUser.result().getString("userId")); UUID providerId = UUID.fromString(providerUser.result().getString("userId")); UUID delegateId = UUID.fromString(authDelUser.result().getString("userId")); - UUID trusteeId = UUID.fromString(authDelUser.result().getString("userId")); - Tuple policyOwners = Tuple.of(List.of(adminId, providerId, delegateId,trusteeId).toArray(UUID[]::new)); + Tuple policyOwners = Tuple.of(List.of(adminId, providerId, delegateId).toArray(UUID[]::new)); List users = List.of( - providerUser.result(), authDelUser.result(), consumerUser.result(), adminUser.result(), - trusteeUser.result()); + providerUser.result(), authDelUser.result(), consumerUser.result(), adminUser.result()); pgclient.withConnection( conn -> conn.preparedQuery(SQL_DELETE_APD).execute(policyOwners)) .compose(resGrp -> Utils.deleteFakeResourceServer(pgclient, users)) @@ -497,79 +473,7 @@ void invalidAPDPolicyItemId(VertxTestContext testContext) } @Test - @DisplayName("Testing apd Policy table - user does not have policy by trustee ") - void noTrusteePolicy(VertxTestContext testContext) - { - - JsonObject userJson = authDelUser.result(); - User user = - new User.UserBuilder() - .keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.PROVIDER)) - .build(); - - - JsonObject validCatItem = - new JsonObject() - .put("cat_id", "") - .put("itemType", "resource_group") - .put("owner_id", providerUser.result().getString("userId")) - .put("id",resourceGrpID) - .put("resource_group_id", resourceGrpID) - .put("resource_server_id", otherSerId.toString()); - - ResourceObj resourceObj = new ResourceObj(validCatItem); - Map resp = new HashMap<>(); - resp.put(resourceObj.getId().toString(), resourceObj); - Mockito.when(catalogueClient.checkReqItems(any())).thenReturn(Future.succeededFuture(resp)); - - String randomAPD = RandomStringUtils.randomAlphabetic(5); - Mockito.doAnswer( - i -> { - Promise p = i.getArgument(2); - JsonObject result = new JsonObject(); - List ids = i.getArgument(0); - for (String x : ids) { - result.put( - x, - new JsonObject() - .put(URL, "") - .put(STATUS, "active") - .put(STATUS, "active") - .put(STATUS, "active") - .put(ID,apdId) - ); - } - p.complete(result); - return i.getMock(); - }) - .when(apdService) - .getApdDetails(any(), any(), any()); - - JsonObject obj = new JsonObject(); - obj.put("itemId",resourceGrpID.toString()).put("itemType","RESOURCE_GROUP").put("apdId",randomAPD) - .put("userClass","").put("constraints",new JsonObject()); - List req = - CreatePolicyRequest.jsonArrayToList(new JsonArray().add(obj)); - policyService.createPolicy( - req, - user, - new JsonObject(), - testContext.succeeding( - response -> - testContext.verify( - () -> { - assertEquals(URN_INVALID_INPUT.toString(), response.getString("type")); - assertEquals(NO_AUTH_TRUSTEE_POLICY, response.getString("title")); - assertEquals(403, response.getInteger("status")); - testContext.completeNow(); - }))); - } - - @Test - @DisplayName("Testing apd Policy table - user does not have policy by trustee ") + @DisplayName("Testing apd Policy table - successful creation") void successApdPolicyCreation(VertxTestContext testContext) { diff --git a/src/test/java/iudx/aaa/server/policy/CreatePolicyNotificationTest.java b/src/test/java/iudx/aaa/server/policy/CreatePolicyNotificationTest.java index 4bdcdc09..34acc2e8 100644 --- a/src/test/java/iudx/aaa/server/policy/CreatePolicyNotificationTest.java +++ b/src/test/java/iudx/aaa/server/policy/CreatePolicyNotificationTest.java @@ -194,11 +194,10 @@ void failCreateNotifNoRoles(VertxTestContext testContext) { } @Test - @DisplayName("User with admin/provider/trustee/delegate role cannot create notification") + @DisplayName("User with admin/provider/delegate role cannot create notification") void failOtherRolesCreateNotif(VertxTestContext testContext) { Checkpoint checkAdmin = testContext.checkpoint(); Checkpoint checkProvider = testContext.checkpoint(); - Checkpoint checkTrustee = testContext.checkpoint(); Checkpoint checkDelegate = testContext.checkpoint(); JsonObject userJson = consumer.result(); @@ -239,20 +238,6 @@ void failOtherRolesCreateNotif(VertxTestContext testContext) { checkProvider.flag(); }))); - User trusteeUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); - - policyService.createPolicyNotification(request, trusteeUser, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(403, response.getInteger("status")); - assertEquals(URN_INVALID_ROLE.toString(), response.getString(TYPE)); - assertEquals(INVALID_ROLE, response.getString("detail")); - assertEquals(INVALID_ROLE, response.getString(TITLE)); - checkTrustee.flag(); - }))); - User delegateUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")) .userId(userJson.getString("userId")) .name(userJson.getString("firstName"), userJson.getString("lastName")) diff --git a/src/test/java/iudx/aaa/server/policy/ListPolicyNotificationTest.java b/src/test/java/iudx/aaa/server/policy/ListPolicyNotificationTest.java index b7c5d353..9736830e 100644 --- a/src/test/java/iudx/aaa/server/policy/ListPolicyNotificationTest.java +++ b/src/test/java/iudx/aaa/server/policy/ListPolicyNotificationTest.java @@ -298,11 +298,10 @@ void failNotRegisteredUser(VertxTestContext testContext) { } @Test - @DisplayName("Test admin/trustee calling API") + @DisplayName("Test admin calling API") void failDisallowedRoles(VertxTestContext testContext) { // same as the create notification tests here Checkpoint checkAdmin = testContext.checkpoint(); - Checkpoint checkTrustee = testContext.checkpoint(); JsonObject admin = consumer.result(); String randomUserId = UUID.randomUUID().toString(); User userAdmin = new UserBuilder().keycloakId(admin.getString("keycloakId")).userId(randomUserId) @@ -317,21 +316,6 @@ void failDisallowedRoles(VertxTestContext testContext) { assertEquals(401, response.getInteger("status")); checkAdmin.flag(); }))); - - JsonObject trustee = consumer.result(); - User trusteeUser = new UserBuilder().keycloakId(trustee.getString("keycloakId")).userId(randomUserId) - .name(trustee.getString("firstName"), trustee.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)).build(); - - policyService.listPolicyNotification(trusteeUser, new JsonObject(), - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(URN_INVALID_ROLE.toString(), response.getString(TYPE)); - assertEquals(ERR_DETAIL_LIST_DELEGATE_ROLES, response.getString("detail")); - assertEquals(ERR_TITLE_INVALID_ROLES, response.getString("title")); - assertEquals(401, response.getInteger("status")); - checkTrustee.flag(); - }))); - } @Test diff --git a/src/test/java/iudx/aaa/server/policy/UpdatePolicyNotificationTest.java b/src/test/java/iudx/aaa/server/policy/UpdatePolicyNotificationTest.java index 41f32365..33f24ed3 100644 --- a/src/test/java/iudx/aaa/server/policy/UpdatePolicyNotificationTest.java +++ b/src/test/java/iudx/aaa/server/policy/UpdatePolicyNotificationTest.java @@ -356,13 +356,12 @@ void failNotRegisteredUser(VertxTestContext testContext) { } @Test - @DisplayName("Test admin/trustee/consumer calling API") + @DisplayName("Test admin/consumer calling API") void failDisallowedRoles(VertxTestContext testContext) { // creake fake request // try with different users with checkpoints Checkpoint checkAdmin = testContext.checkpoint(); Checkpoint checkConsumer = testContext.checkpoint(); - Checkpoint checkTrustee = testContext.checkpoint(); JsonObject userJson = provider.result(); User adminUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")).userId(NIL_UUID) @@ -385,20 +384,6 @@ void failDisallowedRoles(VertxTestContext testContext) { checkAdmin.flag(); }))); - User trusteeUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")).userId(NIL_UUID) - .name(userJson.getString("firstName"), userJson.getString("lastName")) - .roles(List.of(Roles.TRUSTEE)) - .build(); - - policyService.updatePolicyNotification(request, trusteeUser, new JsonObject(), - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(URN_INVALID_ROLE.toString(), response.getString(TYPE)); - assertEquals(ERR_DETAIL_LIST_DELEGATE_ROLES, response.getString("detail")); - assertEquals(ERR_TITLE_INVALID_ROLES, response.getString("title")); - assertEquals(401, response.getInteger("status")); - checkTrustee.flag(); - }))); - User consumerUser = new UserBuilder().keycloakId(userJson.getString("keycloakId")).userId(NIL_UUID) .name(userJson.getString("firstName"), userJson.getString("lastName")) .roles(List.of(Roles.CONSUMER)) diff --git a/src/test/java/iudx/aaa/server/registration/CreateUserTest.java b/src/test/java/iudx/aaa/server/registration/CreateUserTest.java index 88a8b4be..096d571d 100644 --- a/src/test/java/iudx/aaa/server/registration/CreateUserTest.java +++ b/src/test/java/iudx/aaa/server/registration/CreateUserTest.java @@ -276,48 +276,6 @@ void createDelegateSuccess(VertxTestContext testContext) { }))); } - @Test - @DisplayName("Test successful trustee registration") - void createTrusteeSuccess(VertxTestContext testContext) { - - String orgId = orgIdFut.result().toString(); - String email = RandomStringUtils.randomAlphabetic(5).toLowerCase() + "@" + url; - String keycloakId = UUID.randomUUID().toString(); - - Mockito.when(kc.getEmailId(any())).thenReturn(Future.succeededFuture(email)); - - JsonObject jsonReq = - new JsonObject().put("roles", new JsonArray().add("trustee")).put("orgId", orgId); - RegistrationRequest request = new RegistrationRequest(jsonReq); - - User user = new UserBuilder().keycloakId(keycloakId).name("Foo", "Bar").build(); - - registrationService.createUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(201, response.getInteger("status")); - - JsonObject result = response.getJsonObject("results"); - - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - assertEquals(SUCC_TITLE_CREATED_USER, response.getString("title")); - assertTrue(result.getJsonArray("roles").contains(Roles.TRUSTEE.name().toLowerCase())); - assertEquals(result.getString("email"), email); - assertEquals(result.getString("keycloakId"), keycloakId); - assertTrue(result.getString("userId").matches(UUID_REGEX)); - assertEquals(result.getJsonObject("name").getString("firstName"), "Foo"); - assertEquals(result.getJsonObject("name").getString("lastName"), "Bar"); - assertTrue(!result.containsKey("phone")); - assertEquals(result.getJsonObject("organization").getString("url"), url); - - JsonObject client = result.getJsonArray("clients").getJsonObject(0); - assertTrue(client.getString(RESP_CLIENT_ID).matches(UUID_REGEX)); - assertTrue(client.getString(RESP_CLIENT_SC).matches(CLIENT_SECRET_REGEX)); - assertEquals(client.getString(RESP_CLIENT_NAME), DEFAULT_CLIENT); - - testContext.completeNow(); - }))); - } - @Test @DisplayName("Test successful registration of all roles") void allRolesRegister(VertxTestContext testContext) { @@ -329,7 +287,7 @@ void allRolesRegister(VertxTestContext testContext) { Mockito.when(kc.getEmailId(any())).thenReturn(Future.succeededFuture(email)); JsonObject jsonReq = new JsonObject() - .put("roles", new JsonArray().add("delegate").add("provider").add("consumer").add("trustee")) + .put("roles", new JsonArray().add("delegate").add("provider").add("consumer")) .put("orgId", orgId).put("phone", "9989989980"); RegistrationRequest request = new RegistrationRequest(jsonReq); @@ -347,8 +305,7 @@ void allRolesRegister(VertxTestContext testContext) { @SuppressWarnings("unchecked") List roles = result.getJsonArray("roles").getList(); assertTrue(roles.containsAll( - List.of(Roles.DELEGATE.name().toLowerCase(), Roles.CONSUMER.name().toLowerCase(), - Roles.TRUSTEE.name().toLowerCase()))); + List.of(Roles.DELEGATE.name().toLowerCase(), Roles.CONSUMER.name().toLowerCase()))); assertEquals(result.getString("email"), email); assertEquals(result.getString("keycloakId"), keycloakId); @@ -418,31 +375,6 @@ void noOrgForProviderReg(VertxTestContext testContext) { }))); } - @Test - @DisplayName("Testing no organization ID for trustee reg") - void noOrgForTrusteeReg(VertxTestContext testContext) { - String email = RandomStringUtils.randomAlphabetic(5).toLowerCase() + "@" + url; - String keycloakId = UUID.randomUUID().toString(); - - Mockito.when(kc.getEmailId(any())).thenReturn(Future.succeededFuture(email)); - - JsonObject jsonReq = - new JsonObject().put("roles", new JsonArray().add("trustee")); - RegistrationRequest request = new RegistrationRequest(jsonReq); - - User user = new UserBuilder().keycloakId(keycloakId).name("Foo", "Bar").build(); - - registrationService.createUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(URN_MISSING_INFO.toString(), response.getString("type")); - assertEquals(400, response.getInteger("status")); - assertEquals(ERR_DETAIL_ORG_ID_REQUIRED, response.getString("detail")); - assertEquals(ERR_TITLE_ORG_ID_REQUIRED, response.getString("title")); - - testContext.completeNow(); - }))); - } - @Test @DisplayName("Test org-domain mismatch") void orgDomainNotMatch(VertxTestContext testContext) { diff --git a/src/test/java/iudx/aaa/server/registration/SearchUserTest.java b/src/test/java/iudx/aaa/server/registration/SearchUserTest.java index 6f28c6bf..92ab4e00 100644 --- a/src/test/java/iudx/aaa/server/registration/SearchUserTest.java +++ b/src/test/java/iudx/aaa/server/registration/SearchUserTest.java @@ -86,7 +86,6 @@ public class SearchUserTest { static Future providerDeleg; static Future consumerAdmin; - static Future trustee; static Future orgIdFut; @BeforeAll @@ -125,7 +124,7 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { options.put(CONFIG_AUTH_URL, dbConfig.getString(CONFIG_AUTH_URL)).put(CONFIG_OMITTED_SERVERS, dbConfig.getJsonArray(CONFIG_OMITTED_SERVERS)); /* - * create fake organization, and create 3 mock users. One user has an organization + phone + * create fake organization, and create 2 mock users. One user has an organization + phone * number other does not */ @@ -140,15 +139,11 @@ static void startVertx(Vertx vertx, VertxTestContext testContext) { rolesB.put(Roles.CONSUMER, RoleStatus.APPROVED); rolesB.put(Roles.ADMIN, RoleStatus.APPROVED); - Map rolesC = new HashMap(); - rolesC.put(Roles.TRUSTEE, RoleStatus.APPROVED); - providerDeleg = orgIdFut.compose(id -> Utils.createFakeUser(pool, id.toString(), url, rolesA, true)); consumerAdmin = Utils.createFakeUser(pool, Constants.NIL_UUID, "", rolesB, false); - trustee = Utils.createFakeUser(pool, Constants.NIL_UUID, "", rolesC, false); - CompositeFuture.all(providerDeleg, consumerAdmin, trustee).onSuccess(res -> { + CompositeFuture.all(providerDeleg, consumerAdmin).onSuccess(res -> { registrationService = new RegistrationServiceImpl(pool, kc, tokenService, policyService, options); testContext.completeNow(); @@ -161,7 +156,7 @@ public static void finish(VertxTestContext testContext) { Utils .deleteFakeUser(pool, - List.of(consumerAdmin.result(), providerDeleg.result(), trustee.result())) + List.of(consumerAdmin.result(), providerDeleg.result())) .compose(success -> pool.withConnection( conn -> conn.preparedQuery(SQL_DELETE_ORG).execute(Tuple.of(orgIdFut.result())))) .onComplete(x -> { @@ -467,83 +462,4 @@ void searchNoRole(VertxTestContext testContext) { testContext.completeNow(); }))); } - - @Test - @DisplayName("Test search - trustee does not have auth admin policy") - void searchTrusteeNoAuthAdminPolicy(VertxTestContext testContext) { - JsonObject userJson = trustee.result(); - List roles = List.of(Roles.TRUSTEE); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - p.fail(new ComposeException(403, URN_INVALID_INPUT, NO_AUTH_POLICY, NO_AUTH_ADMIN_POLICY)); - return i.getMock(); - }).when(policyService).checkAuthPolicy(Mockito.eq(userJson.getString("userId")), any()); - - JsonObject consumerUser = consumerAdmin.result(); - - JsonObject searchUser = new JsonObject().put("email", consumerUser.getString("email")) - .put("role", Roles.CONSUMER.toString().toLowerCase()); - - registrationService.listUser(user, searchUser, new JsonObject(), - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(403, response.getInteger("status")); - assertEquals(NO_AUTH_POLICY, response.getString("title")); - assertEquals(NO_AUTH_ADMIN_POLICY, response.getString("detail")); - assertEquals(URN_INVALID_INPUT.toString(), response.getString("type")); - testContext.completeNow(); - }))); - } - - @Test - @DisplayName("Test search - trustee finds consumer successfully") - void searchTrusteeFindConsumer(VertxTestContext testContext) { - JsonObject userJson = trustee.result(); - List roles = List.of(Roles.TRUSTEE); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - JsonObject consumerUser = consumerAdmin.result(); - - Mockito.doAnswer(i -> { - Promise p = i.getArgument(1); - p.complete(); - return i.getMock(); - }).when(policyService).checkAuthPolicy(Mockito.eq(userJson.getString("userId")), any()); - - JsonObject kcResult = new JsonObject().put("keycloakId", consumerUser.getString("keycloakId")) - .put("email", consumerUser.getString("email")) - .put("name", new JsonObject().put("firstName", consumerUser.getString("firstName")) - .put("lastName", consumerUser.getString("lastName"))); - - Mockito.when(kc.findUserByEmail(consumerUser.getString("email"))) - .thenReturn(Future.succeededFuture(kcResult)); - - JsonObject searchUser = new JsonObject().put("email", consumerUser.getString("email")) - .put("role", Roles.CONSUMER.toString().toLowerCase()); - - registrationService.listUser(user, searchUser, new JsonObject(), - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(200, response.getInteger("status")); - assertEquals(SUCC_TITLE_USER_FOUND, response.getString("title")); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - - JsonObject result = response.getJsonObject("results"); - - JsonObject name = result.getJsonObject("name"); - assertEquals(name.getString("firstName"), consumerUser.getString("firstName")); - assertEquals(name.getString("lastName"), consumerUser.getString("lastName")); - - assertTrue(result.getJsonObject(RESP_ORG) == null); - assertEquals(result.getString("userId"), consumerUser.getString("userId")); - - testContext.completeNow(); - }))); - } } diff --git a/src/test/java/iudx/aaa/server/registration/UpdateUserTest.java b/src/test/java/iudx/aaa/server/registration/UpdateUserTest.java index d52317be..e6146fb1 100644 --- a/src/test/java/iudx/aaa/server/registration/UpdateUserTest.java +++ b/src/test/java/iudx/aaa/server/registration/UpdateUserTest.java @@ -224,77 +224,6 @@ void userDoesNotExist(VertxTestContext testContext) { }))); } - @Test - @DisplayName("[Update roles] Test no org ID when delegate requesting trustee") - void delegateNoOrgId(VertxTestContext testContext) { - JsonObject req = new JsonObject().put("roles", new JsonArray().add("trustee")); - - UpdateProfileRequest request = new UpdateProfileRequest(req); - - List roles = List.of(Roles.DELEGATE); - Map cons = new HashMap(); - cons.put(Roles.DELEGATE, RoleStatus.APPROVED); - - Future delegate = - Utils.createFakeUser(pool, orgIdFut.result().toString(), "", cons, false); - - delegate.onSuccess(userJson -> { - createdUsers.add(userJson); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.when(kc.getEmailId(any())) - .thenReturn(Future.succeededFuture(userJson.getString("email"))); - - registrationService.updateUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(400, response.getInteger("status")); - assertEquals(ERR_TITLE_ORG_ID_REQUIRED, response.getString("title")); - assertEquals(URN_MISSING_INFO.toString(), response.getString("type")); - assertEquals(ERR_DETAIL_ORG_ID_REQUIRED, response.getString("detail")); - testContext.completeNow(); - }))); - }); - } - - @Test - @DisplayName("[Update roles] Test invalid org Id when delegate getting trustee") - void delegateInvalidOrg(VertxTestContext testContext) { - JsonObject req = new JsonObject().put("roles", new JsonArray().add("trustee")).put("orgId", - UUID.randomUUID().toString()); - - UpdateProfileRequest request = new UpdateProfileRequest(req); - - List roles = List.of(Roles.DELEGATE); - Map cons = new HashMap(); - cons.put(Roles.DELEGATE, RoleStatus.APPROVED); - - Future consumer = - Utils.createFakeUser(pool, orgIdFut.result().toString(), "", cons, false); - - consumer.onSuccess(userJson -> { - createdUsers.add(userJson); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.when(kc.getEmailId(any())) - .thenReturn(Future.succeededFuture(userJson.getString("email"))); - - registrationService.updateUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(400, response.getInteger("status")); - assertEquals(ERR_TITLE_ORG_NO_EXIST, response.getString("title")); - assertEquals(URN_INVALID_INPUT.toString(), response.getString("type")); - assertEquals(ERR_DETAIL_ORG_NO_EXIST, response.getString("detail")); - testContext.completeNow(); - }))); - }); - } - @Test @DisplayName("[Update roles] Test no org ID when consumer requesting delegate") void consumerNoOrgId(VertxTestContext testContext) { @@ -399,10 +328,10 @@ void emailNotFoundOnKeycloak(VertxTestContext testContext) { } @Test - @DisplayName("[Update roles] Test consumer with gmail email cannot become delegate, trustee") + @DisplayName("[Update roles] Test consumer with gmail email cannot become delegate") void consumerDomainMismatch(VertxTestContext testContext) { - JsonObject req = new JsonObject().put("roles", new JsonArray().add("delegate").add("trustee")) + JsonObject req = new JsonObject().put("roles", new JsonArray().add("delegate")) .put("orgId", orgIdFut.result().toString()); UpdateProfileRequest request = new UpdateProfileRequest(req); @@ -497,128 +426,6 @@ void consumerAddProvDele(VertxTestContext testContext) { }); } - @Test - @DisplayName("[Update roles] Test trustee get delegate role (orgId needed)") - void trusteeAddDele(VertxTestContext testContext) { - - JsonObject req = new JsonObject().put("roles", new JsonArray().add("delegate")).put("orgId", - orgIdFut.result().toString()); - - UpdateProfileRequest request = new UpdateProfileRequest(req); - - List roles = List.of(Roles.TRUSTEE); - Map cons = new HashMap(); - cons.put(Roles.TRUSTEE, RoleStatus.APPROVED); - - Future trustee = - Utils.createFakeUser(pool, orgIdFut.result().toString(), url, cons, false); - - trustee.onSuccess(userJson -> { - createdUsers.add(userJson); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.when(kc.getEmailId(any())) - .thenReturn(Future.succeededFuture(userJson.getString("email"))); - - registrationService.updateUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(200, response.getInteger("status")); - assertEquals(SUCC_TITLE_UPDATED_USER_ROLES, response.getString("title")); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - - JsonObject result = response.getJsonObject("results"); - - JsonObject name = result.getJsonObject("name"); - assertEquals(name.getString("firstName"), userJson.getString("firstName")); - assertEquals(name.getString("lastName"), userJson.getString("lastName")); - - @SuppressWarnings("unchecked") - List returnedRoles = result.getJsonArray("roles").getList(); - List rolesString = - List.of(Roles.TRUSTEE.name().toLowerCase(), Roles.DELEGATE.name().toLowerCase()); - assertTrue( - returnedRoles.containsAll(rolesString) && rolesString.containsAll(returnedRoles)); - - JsonArray clients = result.getJsonArray(RESP_CLIENT_ARR); - JsonObject defaultClient = clients.getJsonObject(0); - assertTrue(clients.size() > 0); - assertEquals(defaultClient.getString(RESP_CLIENT_ID), userJson.getString("clientId")); - - JsonObject org = result.getJsonObject(RESP_ORG); - assertEquals(org.getString("url"), userJson.getString("url")); - - assertEquals(result.getString(RESP_EMAIL), userJson.getString("email")); - assertEquals(result.getString("userId"), userJson.getString("userId")); - assertEquals(result.getString("keycloakId"), userJson.getString("keycloakId")); - - testContext.completeNow(); - }))); - }); - } - - @Test - @DisplayName("[Update roles] Test trustee get consumer role") - void trusteeAddCons(VertxTestContext testContext) { - - JsonObject req = new JsonObject().put("roles", new JsonArray().add("consumer"));; - - UpdateProfileRequest request = new UpdateProfileRequest(req); - - List roles = List.of(Roles.TRUSTEE); - Map cons = new HashMap(); - cons.put(Roles.TRUSTEE, RoleStatus.APPROVED); - - Future trustee = - Utils.createFakeUser(pool, orgIdFut.result().toString(), url, cons, false); - - trustee.onSuccess(userJson -> { - createdUsers.add(userJson); - - User user = new UserBuilder().keycloakId(userJson.getString("keycloakId")) - .userId(userJson.getString("userId")).roles(roles) - .name(userJson.getString("firstName"), userJson.getString("lastName")).build(); - - Mockito.when(kc.getEmailId(any())) - .thenReturn(Future.succeededFuture(userJson.getString("email"))); - - registrationService.updateUser(request, user, - testContext.succeeding(response -> testContext.verify(() -> { - assertEquals(200, response.getInteger("status")); - assertEquals(SUCC_TITLE_UPDATED_USER_ROLES, response.getString("title")); - assertEquals(URN_SUCCESS.toString(), response.getString("type")); - - JsonObject result = response.getJsonObject("results"); - - JsonObject name = result.getJsonObject("name"); - assertEquals(name.getString("firstName"), userJson.getString("firstName")); - assertEquals(name.getString("lastName"), userJson.getString("lastName")); - - @SuppressWarnings("unchecked") - List returnedRoles = result.getJsonArray("roles").getList(); - List rolesString = - List.of(Roles.TRUSTEE.name().toLowerCase(), Roles.CONSUMER.name().toLowerCase()); - assertTrue( - returnedRoles.containsAll(rolesString) && rolesString.containsAll(returnedRoles)); - - JsonArray clients = result.getJsonArray(RESP_CLIENT_ARR); - JsonObject defaultClient = clients.getJsonObject(0); - assertTrue(clients.size() > 0); - assertEquals(defaultClient.getString(RESP_CLIENT_ID), userJson.getString("clientId")); - - JsonObject org = result.getJsonObject(RESP_ORG); - assertEquals(org.getString("url"), userJson.getString("url")); - - assertEquals(result.getString(RESP_EMAIL), userJson.getString("email")); - assertEquals(result.getString("userId"), userJson.getString("userId")); - assertEquals(result.getString("keycloakId"), userJson.getString("keycloakId")); - - testContext.completeNow(); - }))); - }); - } @Test @DisplayName("[Update roles] Test existing role request") diff --git a/src/test/resources/Integration_Test.postman_collection.json b/src/test/resources/Integration_Test.postman_collection.json index c0e4ab98..7810f213 100644 --- a/src/test/resources/Integration_Test.postman_collection.json +++ b/src/test/resources/Integration_Test.postman_collection.json @@ -261,69 +261,6 @@ }, "response": [] }, - { - "name": "Token for postman.trustee@datakaveri.org", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "let access_token = pm.response.json().access_token", - "pm.environment.set(\"POSTMAN_TRUSTEE_TOKEN\",access_token);" - ], - "type": "text/javascript" - } - } - ], - "request": { - "auth": { - "type": "noauth" - }, - "method": "POST", - "header": [], - "body": { - "mode": "urlencoded", - "urlencoded": [ - { - "key": "grant_type", - "value": "password", - "type": "text" - }, - { - "key": "username", - "value": "postman.trustee@datakaveri.org", - "type": "text" - }, - { - "key": "password", - "value": "password", - "type": "text" - }, - { - "key": "client_id", - "value": "account", - "type": "text" - } - ] - }, - "url": { - "raw": "https://{{KEYCLOAK_ENDPOINT}}/auth/realms/{{KEYCLOAK_REALM}}/protocol/openid-connect/token", - "protocol": "https", - "host": [ - "{{KEYCLOAK_ENDPOINT}}" - ], - "path": [ - "auth", - "realms", - "{{KEYCLOAK_REALM}}", - "protocol", - "openid-connect", - "token" - ] - } - }, - "response": [] - }, { "name": "Token for no.profile@datakaveri.org", "event": [ @@ -1051,65 +988,6 @@ }, "response": [] }, - { - "name": "orgId needed for trustee role - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:MissingInformation\");", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"roles\": [\n \"trustee\"\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] - }, { "name": "orgId needed for provider role - [400] Copy", "event": [ @@ -1383,7 +1261,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"roles\":[\"provider\", \"trustee\"],\n \"orgId\":\"{{$randomUUID}}\"\n}", + "raw": "{\n \"roles\":[\"provider\"],\n \"orgId\":\"{{$randomUUID}}\"\n}", "options": { "raw": { "language": "json" @@ -1487,7 +1365,7 @@ "response": [] }, { - "name": "Successful delegate, trustee and provider registration registration - [201] (All roles)", + "name": "Successful delegate and provider registration registration - [201] (All roles)", "event": [ { "listen": "test", @@ -1513,7 +1391,7 @@ " pm.expect(result).to.have.property(\"name\");", " pm.expect(result).to.have.property(\"keycloakId\");", " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"delegate\", \"trustee\"]);", + " pm.expect(result.roles).to.have.members([\"delegate\"]);", "", " const clients = result.clients;", " pm.expect(clients).length.greaterThan(0);", @@ -1542,7 +1420,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"roles\": [\n \"delegate\",\n \"provider\",\n \"trustee\"\n ],\n \"orgId\": \"3a054e6a-220d-4d49-8cbd-25447dfaa8ed\",\n \"phone\": \"9989989981\"\n}", + "raw": "{\n \"roles\": [\n \"delegate\",\n \"provider\"\n ],\n \"orgId\": \"3a054e6a-220d-4d49-8cbd-25447dfaa8ed\",\n \"phone\": \"9989989981\"\n}", "options": { "raw": { "language": "json" @@ -4976,7 +4854,7 @@ " pm.expect(result).to.have.property(\"name\");", " pm.expect(result).to.have.property(\"keycloakId\");", " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"delegate\", \"consumer\", \"provider\", \"trustee\"]);", + " pm.expect(result.roles).to.have.members([\"delegate\", \"consumer\", \"provider\"]);", "", " const clients = result.clients;", " pm.expect(clients).length.greaterThan(0);", @@ -5143,63 +5021,6 @@ }, "response": [] }, - { - "name": "orgId required for trustee role - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:MissingInformation\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"roles\": [\n \"trustee\"\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] - }, { "name": "OrgId does not match domain - [400]", "event": [ @@ -5333,79 +5154,6 @@ } }, "response": [] - }, - { - "name": "Add trustee role for rejected provider - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " const result = body.results;", - "", - " pm.expect(result).to.have.property(\"userId\");", - " pm.expect(result).to.have.property(\"email\");", - " pm.expect(result).to.have.property(\"name\");", - " pm.expect(result).to.have.property(\"keycloakId\");", - " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"delegate\", \"trustee\"]);", - "", - " const clients = result.clients;", - " pm.expect(clients).length.greaterThan(0);", - " pm.expect(clients[0]).to.have.property(\"clientId\");", - " pm.expect(clients[0]).to.not.have.property(\"clientSecret\");", - " pm.expect(clients[0]).to.have.property(\"clientName\");", - "", - " pm.expect(result).to.have.property(\"organization\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"roles\": [\n \"trustee\"\n ],\n \"orgId\": \"3a054e6a-220d-4d49-8cbd-25447dfaa8ed\"\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] } ] }, @@ -6207,7 +5955,7 @@ " pm.expect(result).to.have.property(\"name\");", " pm.expect(result).to.have.property(\"keycloakId\");", " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"consumer\",\"delegate\",\"provider\", \"trustee\"]);", + " pm.expect(result.roles).to.have.members([\"consumer\",\"delegate\",\"provider\"]);", "", " const clients = result.clients;", " pm.expect(clients).length.greaterThan(0);", @@ -6315,7 +6063,7 @@ "response": [] }, { - "name": "List User rejected provider, delegate, trustee", + "name": "List User rejected provider, delegate", "event": [ { "listen": "test", @@ -6341,7 +6089,7 @@ " pm.expect(result).to.have.property(\"name\");", " pm.expect(result).to.have.property(\"keycloakId\");", " pm.expect(result).to.have.property(\"clients\");", - " pm.expect(result.roles).to.have.members([\"delegate\", \"trustee\"]);", + " pm.expect(result.roles).to.have.members([\"delegate\"]);", "", " const clients = result.clients;", " pm.expect(clients).length.greaterThan(0);", @@ -7027,14 +6775,14 @@ "response": [] }, { - "name": "Trustee (with no auth admin policy) searching", + "name": "Delegate searching without providerId header", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(401);", "});", "", "pm.test(\"Check response header\", function () {", @@ -7043,7 +6791,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", "});", "", "" @@ -7057,7 +6805,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{POSTMAN_DELEGATE_TOKEN}}", "type": "text" }, { @@ -7087,74 +6835,14 @@ "response": [] }, { - "name": "Delegate searching without providerId header", + "name": "Admin search for provider", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(401);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_DELEGATE_TOKEN}}", - "type": "text" - }, - { - "key": "email", - "value": "consumer@gmail.com", - "type": "text" - }, - { - "key": "role", - "value": "consumer", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] - }, - { - "name": "Admin search for provider", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(200);", "});", "", "pm.test(\"Check response header\", function () {", @@ -7280,73 +6968,6 @@ }, "response": [] }, - { - "name": "Trustee with auth admin policy searching", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " pm.expect(body.title).to.be.eq(\"User found\");", - " const result = body.results;", - " pm.expect(result).to.have.property(\"email\", \"consumer@gmail.com\");", - " pm.expect(result).to.have.property(\"userId\", pm.environment.get(\"CONSUMER_GMAIL_USERID\"));", - " pm.expect(result.name).to.not.be.empty;", - " pm.expect(result.organization).to.not.exist;", - " ", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - }, - { - "key": "email", - "value": "consumer@gmail.com", - "type": "text" - }, - { - "key": "role", - "value": "consumer", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/user/profile", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "user", - "profile" - ] - } - }, - "response": [] - }, { "name": "Auth delegate searching for delegate", "event": [ @@ -21138,7 +20759,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21185,7 +20806,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21241,7 +20862,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21297,7 +20918,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21548,62 +21169,6 @@ }, "response": [] }, - { - "name": "Calling API as admin - [403]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{AUTH_ADMIN_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"name\":\"Example\",\n \"url\":\"example.com\"\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, { "name": "Invalid URL (http) - [400]", "event": [ @@ -21633,7 +21198,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21689,7 +21254,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21773,14 +21338,14 @@ "response": [] }, { - "name": "Invalid URL (invalid TLD) - [400]", + "name": "Invalid URL (invalid TLD) - [200] - invalid TLD ignored for now", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", + " pm.response.to.have.status(200);", "});", "", "pm.test(\"Check response header\", function () {", @@ -21789,7 +21354,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", "});" ], "type": "text/javascript" @@ -21801,7 +21366,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21850,10 +21415,8 @@ " pm.environment.set(\"TEST_APD_ID\", res.apdId);", " pm.expect(res.name).to.be.eq(\"Integration APD\");", " let url = pm.environment.get(\"TEST_APD_URL\");", - " let id = pm.environment.get(\"REJPROVIDER_DELEGATE_USERID\");", " pm.expect(res.url).to.be.eq(url);", - " pm.expect(res.status).to.be.eq(\"pending\");", - " pm.expect(res.owner.id).to.be.eq(id);", + " pm.expect(res.status).to.be.eq(\"active\");", "});" ], "type": "text/javascript" @@ -21865,7 +21428,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -21921,7 +21484,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22095,7 +21658,7 @@ "response": [] }, { - "name": "Listing as postman.trustee - [200]", + "name": "Listing as consumer - [200]", "event": [ { "listen": "test", @@ -22115,10 +21678,8 @@ " pm.expect(body.results).to.not.be.empty;", " pm.expect(body.results.length).to.be.eq(3);", " body.results.forEach((r) => {", - " pm.expect(r.status).to.be.oneOf([\"active\", \"inactive\",\"pending\"]);", - " pm.expect(r.owner.id).to.be.eq(\"1d086d89-db81-4959-ae5b-a760ef5c15fb\");", + " pm.expect(r.status).to.be.oneOf([\"active\"]);", " })", - "", "});" ], "type": "text/javascript" @@ -22130,7 +21691,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{CONSUMER_GMAIL_TOKEN}}", "type": "text" } ], @@ -22149,7 +21710,7 @@ "response": [] }, { - "name": "Listing as other trustee (rejprovider.delegate user) - [200]", + "name": "Listing as provider - [200]", "event": [ { "listen": "test", @@ -22167,13 +21728,9 @@ " const body = pm.response.json();", " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", " pm.expect(body.results).to.not.be.empty;", - " pm.expect(body.results.length).to.be.eq(2);", + " pm.expect(body.results.length).to.be.eq(3);", " body.results.forEach((r) => {", - " pm.expect(r.status).to.be.oneOf([\"active\", \"pending\"]);", - " if(r.status == 'pending')", - " pm.expect(r.owner.id).to.be.eq(pm.environment.get(\"REJPROVIDER_DELEGATE_USERID\"));", - " if(r.status == 'active')", - " pm.expect(r.owner.id).to.be.eq(\"1d086d89-db81-4959-ae5b-a760ef5c15fb\"); ", + " pm.expect(r.status).to.be.oneOf([\"active\"]);", " })", "});" ], @@ -22186,7 +21743,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", "type": "text" } ], @@ -22205,7 +21762,7 @@ "response": [] }, { - "name": "Listing as consumer - [200]", + "name": "Listing as other admin - [200]", "event": [ { "listen": "test", @@ -22223,7 +21780,7 @@ " const body = pm.response.json();", " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", " pm.expect(body.results).to.not.be.empty;", - " pm.expect(body.results.length).to.be.eq(1);", + " pm.expect(body.results.length).to.be.eq(3);", " body.results.forEach((r) => {", " pm.expect(r.status).to.be.oneOf([\"active\"]);", " })", @@ -22238,7 +21795,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{CONSUMER_GMAIL_TOKEN}}", + "value": "Bearer {{OTHER_ADMIN_TOKEN}}", "type": "text" } ], @@ -22255,16 +21812,21 @@ } }, "response": [] - }, + } + ] + }, + { + "name": "Update APD", + "item": [ { - "name": "Listing as provider - [200]", + "name": "No Token - [401]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(401);", "});", "", "pm.test(\"Check response header\", function () {", @@ -22273,12 +21835,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " pm.expect(body.results).to.not.be.empty;", - " pm.expect(body.results.length).to.be.eq(1);", - " body.results.forEach((r) => {", - " pm.expect(r.status).to.be.oneOf([\"active\"]);", - " })", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:MissingAuthenticationToken\");", "});" ], "type": "text/javascript" @@ -22286,14 +21843,17 @@ } ], "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" + "method": "PUT", + "header": [], + "body": { + "mode": "raw", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"{{$randomUUID}}\",\n \"status\": \"active\"\n }\n ]\n}", + "options": { + "raw": { + "language": "json" + } } - ], + }, "url": { "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", "host": [ @@ -22309,121 +21869,14 @@ "response": [] }, { - "name": "Listing as other admin - [200]", + "name": "No profile - [404]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " pm.expect(body.results).to.not.be.empty;", - " pm.expect(body.results.length).to.be.eq(1);", - " body.results.forEach((r) => {", - " pm.expect(r.status).to.be.oneOf([\"active\"]);", - " })", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{OTHER_ADMIN_TOKEN}}", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Update APD", - "item": [ - { - "name": "No Token - [401]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(401);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:MissingAuthenticationToken\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"{{$randomUUID}}\",\n \"status\": \"active\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "No profile - [404]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(404);", + " pm.response.to.have.status(404);", "});", "", "pm.test(\"Check response header\", function () {", @@ -22500,7 +21953,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22547,7 +22000,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22603,7 +22056,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22659,7 +22112,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22715,7 +22168,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22771,7 +22224,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22827,7 +22280,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -22883,7 +22336,7 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], @@ -23079,64 +22532,7 @@ "response": [] }, { - "name": "Other trustee (rejprovider.delegate) calling API on APD ID they do not own - [403]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - " pm.expect(body.detail).to.be.eq(\"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\")", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "Auth admin change pending -> active, active -> inactive, inactive -> active, for postman.trustee APDs - [200]", + "name": "Auth admin change active -> inactive, inactive -> active - [200]", "event": [ { "listen": "test", @@ -23156,10 +22552,6 @@ " let res = body.results;", " count = 0;", " res.forEach(obj => {", - " if(obj.apdId === '8e2741ad-34a3-4de2-a9e5-b97631f2fd8f'){", - " pm.expect(obj.status).to.be.eq(\"active\");", - " count++;", - " }", " if(obj.apdId === '4f51cee5-e6ce-4e31-8c30-66d298c7d4a6'){", " pm.expect(obj.status).to.be.eq(\"inactive\");", " count++;", @@ -23169,7 +22561,7 @@ " count++;", " }", " })", - " pm.expect(count).to.be.eq(3);", + " pm.expect(count).to.be.eq(2);", "", "});" ], @@ -23188,7 +22580,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23244,7 +22636,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23266,7 +22658,7 @@ "response": [] }, { - "name": "postman.trustee changing 2 actives -> inactive and inactive -> active (not allowed) - [403]", + "name": "Auth admin setting inactive -> inactive (not allowed) and test APD active -> inactive - [403]", "event": [ { "listen": "test", @@ -23294,13 +22686,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"inactive\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23322,14 +22714,14 @@ "response": [] }, { - "name": "postman.trustee changing 2 actives -> inactive and inactive -> pending - [200]", + "name": "Auth admin setting inactive -> active and test APD active -> active (not allowed) - [403]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(403);", "});", "", "pm.test(\"Check response header\", function () {", @@ -23338,25 +22730,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " let res = body.results;", - " count = 0;", - " res.forEach(obj => {", - " if(obj.apdId === '8e2741ad-34a3-4de2-a9e5-b97631f2fd8f'){", - " pm.expect(obj.status).to.be.eq(\"inactive\");", - " count++;", - " }", - " if(obj.apdId === '4f51cee5-e6ce-4e31-8c30-66d298c7d4a6'){", - " pm.expect(obj.status).to.be.eq(\"pending\");", - " count++;", - " }", - " if(obj.apdId === '1b988be6-cc13-422b-bca0-9ccb98a5b30f'){", - " pm.expect(obj.status).to.be.eq(\"inactive\");", - " count++;", - " }", - " })", - " pm.expect(count).to.be.eq(3);", - "", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", "});" ], "type": "text/javascript" @@ -23368,13 +22742,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{AUTH_ADMIN_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"inactive\"\n },\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"pending\"\n },\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"inactive\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23396,14 +22770,14 @@ "response": [] }, { - "name": "Auth admin setting inactive -> pending (not allowed) and test APD pending -> active - [403]", + "name": "Cleanup - auth.admin setting activeapd.integration-iudx.io to active - [200]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(200);", "});", "", "pm.test(\"Check response header\", function () {", @@ -23412,7 +22786,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", "});" ], "type": "text/javascript" @@ -23430,7 +22804,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"pending\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"active\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"active\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23452,14 +22826,14 @@ "response": [] }, { - "name": "Auth admin setting inactive -> active and test APD pending -> inactive (not allowed) - [403]", + "name": "Cleanup - auth.admin setting inactiveapd.integration-iudx.io to inactive - [200]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(200);", "});", "", "pm.test(\"Check response header\", function () {", @@ -23468,7 +22842,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", "});" ], "type": "text/javascript" @@ -23486,7 +22860,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"inactive\"\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"apdId\": \"1b988be6-cc13-422b-bca0-9ccb98a5b30f\",\n \"status\": \"inactive\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -23506,254 +22880,15 @@ } }, "response": [] - }, + } + ] + }, + { + "name": "Create APD Policy and Trustee-Provider policies", + "item": [ { - "name": "Auth admin setting inactive -> active and test APD pending -> active - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " let apdId = pm.environment.get(\"TEST_APD_ID\");", - " let res = body.results;", - " count = 0;", - " res.forEach(obj => {", - " if(obj.apdId === '8e2741ad-34a3-4de2-a9e5-b97631f2fd8f'){", - " pm.expect(obj.status).to.be.eq(\"active\");", - " count++;", - " }", - " if(obj.apdId === apdId){", - " pm.expect(obj.status).to.be.eq(\"active\");", - " count++;", - " }", - " })", - " pm.expect(count).to.be.eq(2);", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{AUTH_ADMIN_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"active\"\n },\n {\n \"apdId\": \"{{TEST_APD_ID}}\",\n \"status\": \"active\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "Cleanup - postman.trustee setting pendingapd.integration-iudx.io to inactive - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"inactive\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "Cleanup - postman.trustee setting pendingapd.integration-iudx.io to pending - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"8e2741ad-34a3-4de2-a9e5-b97631f2fd8f\",\n \"status\": \"pending\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - }, - { - "name": "Cleanup - auth.admin setting activeapd.integration-iudx.io to active - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "PUT", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{AUTH_ADMIN_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"apdId\": \"4f51cee5-e6ce-4e31-8c30-66d298c7d4a6\",\n \"status\": \"active\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/apd", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "apd" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Create APD Policy and Trustee-Provider policies", - "item": [ - { - "name": "Setup", - "item": [ + "name": "Setup", + "item": [ { "name": "Setup - Get all existing policies for consumer", "event": [ @@ -24443,746 +23578,7 @@ "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\":\"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": []\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Invalid userClass - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"?\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Missing userClass - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Invalid expiryTime - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {},\n \"expiryTime\": \"2133231-23-232T90320\"\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Duplicate requests - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "Trustee APD item Type policies", - "item": [ - { - "name": "Admin setting 'apd' policy - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{AUTH_ADMIN_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"{{TEST_APD_URL}}\",\n \"itemType\": \"apd\",\n \"userId\":\"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Provider setting 'apd' policy - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidRole\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"{{TEST_APD_URL}}\",\n \"itemType\": \"apd\",\n \"userId\":\"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Duplicate requests - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - " pm.expect(body).to.have.property(\"title\", \"Request must be unique\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Setting many policies w/ different item types - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"resource_server\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman trustee setting policy for non existent APD - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"thisdoesnotexist.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman trustee setting policy for provider for inactive APD - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Existing policy - [409]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(409);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:AlreadyExists\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"inactiveapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"activeapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n },\n {\n \"itemId\": \"pendingapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman trustee setting policy for provider for pending APD - [200]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"pendingapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman trustee setting policy for provider for TEST_APD_URL does not own - [400]", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(400);", "});", "", "pm.test(\"Check response header\", function () {", @@ -25192,7 +23588,6 @@ "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - " pm.expect(body).to.have.property(\"title\", \"Not allowed to create policies for resource\");", "});" ], "type": "text/javascript" @@ -25204,13 +23599,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"{{TEST_APD_URL}}\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\":\"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": []\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25232,14 +23627,14 @@ "response": [] }, { - "name": "Other trustee setting policy for provider for TEST_APD_URL - [200]", + "name": "Invalid userClass - [400]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(400);", "});", "", "pm.test(\"Check response header\", function () {", @@ -25248,8 +23643,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", "});" ], "type": "text/javascript" @@ -25261,13 +23655,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{REJPROVIDER_DELEGATE_TOKEN}}", + "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"{{TEST_APD_URL}}\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"?\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25287,21 +23681,16 @@ } }, "response": [] - } - ] - }, - { - "name": "Provider setting APD policies", - "item": [ + }, { - "name": "Provider cannot set APD policy for activeapd.integration-iudx.io - no trustee policy - [400]", + "name": "Missing userClass - [400]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(403);", + " pm.response.to.have.status(400);", "});", "", "pm.test(\"Check response header\", function () {", @@ -25311,7 +23700,6 @@ "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - " pm.expect(body).to.have.property(\"title\", \"No auth policy for user by trustee\");", "});" ], "type": "text/javascript" @@ -25329,7 +23717,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"4b367af2-ad55-4017-9e19-35a5fa37e9b8\",\n \"itemType\": \"resource_group\",\n \"apdId\": \"activeapd.integration-iudx.io\",\n \"userClass\": \"TestAllow\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"aec83a80-61ec-4ae0-8671-80194f2ce73e\",\n \"itemType\": \"resource_group\",\n \"apdId\": \"{{TEST_APD_URL}}\",\n \"userClass\": \"TestAllow\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25351,14 +23739,14 @@ "response": [] }, { - "name": "Postman trustee setting policy for provider for active APD - [200]", + "name": "Invalid expiryTime - [400]", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", + " pm.response.to.have.status(400);", "});", "", "pm.test(\"Check response header\", function () {", @@ -25367,8 +23755,7 @@ "", "pm.test(\"Check response body\", function () { ", " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "", + " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", "});" ], "type": "text/javascript" @@ -25380,13 +23767,13 @@ "header": [ { "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", + "value": "Bearer {{POSTMAN_PROVIDER_TOKEN}}", "type": "text" } ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"activeapd.integration-iudx.io\",\n \"itemType\": \"apd\",\n \"userId\": \"746442f5-18a7-44fd-8c8f-3e39e5026fae\",\n \"constraints\": {}\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {},\n \"expiryTime\": \"2133231-23-232T90320\"\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25408,7 +23795,7 @@ "response": [] }, { - "name": "Provider cannot set APD policy for pendingapd.integration-iudx.io - [400]", + "name": "Duplicate requests - [400]", "event": [ { "listen": "test", @@ -25442,7 +23829,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"request\": [\n {\n \"itemId\": \"4b367af2-ad55-4017-9e19-35a5fa37e9b8\",\n \"itemType\": \"resource_group\",\n \"apdId\": \"pendingapd.integration-iudx.io\",\n \"userClass\": \"TestAllow\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"aec83a80-61ec-4ae0-8671-80194f2ce73e\",\n \"itemType\": \"resource_group\",\n \"apdId\": \"{{TEST_APD_URL}}\",\n \"userClass\": \"TestAllow\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", + "raw": "{\n \"request\": [\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n },\n {\n \"itemId\": \"2923c77f-741b-4c3a-b010-183efbd43dee\",\n \"itemType\": \"resource\",\n \"apdId\": \"example.com\",\n \"userClass\": \"userClass\",\n \"constraints\": {\n \"access\": [\n \"api\"\n ]\n }\n }\n ]\n}", "options": { "raw": { "language": "json" @@ -25462,7 +23849,12 @@ } }, "response": [] - }, + } + ] + }, + { + "name": "Provider setting APD policies", + "item": [ { "name": "Provider cannot set APD policy for inactiveapd.integration-iudx.io - [400]", "event": [ @@ -27198,69 +25590,6 @@ { "name": "List APD policies", "item": [ - { - "name": "Postman.trustee viewing policies", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " let apdcount = 0;", - " let id_array = [];", - " pm.expect(body.results).to.not.be.empty;", - " body.results.forEach((r) => {", - " if(r.itemType === 'apd'){", - " pm.expect(r.user.id).to.be.eq(\"746442f5-18a7-44fd-8c8f-3e39e5026fae\");", - " pm.expect(r.user.email).to.be.eq(\"postman.provider-admin@datakaveri.org\");", - " pm.expect(r.constraints).to.exist;", - " pm.expect(r.policyId).to.exist;", - " pm.expect(r.expiryTime).to.exist;", - " apdcount++;", - " id_array.push({id:r.policyId});", - " }", - " })", - " pm.environment.set(\"TRUSTEE_POLICY_IDS\", JSON.stringify(id_array));", - " pm.expect(apdcount).to.be.eq(3);", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, { "name": "Consumer cannot see any apd policies", "event": [ @@ -27691,122 +26020,6 @@ }, "response": [] }, - { - "name": "Postman.trustee deleting trustee policies", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": {{TRUSTEE_POLICY_IDS}}\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Postman.trustee deleting same again", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(400);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:InvalidInput\");", - "});", - "", - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "DELETE", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"request\": {{TRUSTEE_POLICY_IDS}}\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] - }, { "name": "Postman.provider viewing policies after delete", "event": [ @@ -27858,57 +26071,6 @@ } }, "response": [] - }, - { - "name": "Postman.trustee viewing policies after delete", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"Response status\", function () {", - " pm.response.to.have.status(200);", - "});", - "", - "pm.test(\"Check response header\", function () {", - " pm.response.to.have.header(\"Content-Type\",\"application/json\");", - "});", - "", - "pm.test(\"Check response body\", function () { ", - " const body = pm.response.json();", - " pm.expect(body).to.have.property(\"type\", \"urn:dx:as:Success\");", - " pm.expect(body.results).to.not.be.empty;", - " body.results.forEach((r) => {", - " pm.expect(r.itemType).to.not.be.eq(\"apd\");", - " })", - "});" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "GET", - "header": [ - { - "key": "Authorization", - "value": "Bearer {{POSTMAN_TRUSTEE_TOKEN}}", - "type": "text" - } - ], - "url": { - "raw": "{{AUTH_ENDPOINT}}/auth/v1/policies", - "host": [ - "{{AUTH_ENDPOINT}}" - ], - "path": [ - "auth", - "v1", - "policies" - ] - } - }, - "response": [] } ] },