[aerogear-dev] Testing scenarios for Authorization/Authentication
Bruno Oliveira
bruno at abstractj.org
Mon Aug 12 13:59:18 EDT 2013
Coolio! Thanks!
Apostolos Emmanouilidis wrote:
> @Bruno Thanks for writing down these security scenarios.
>
> I have updated the integration tests to reflect the latest
> AG-Unified-Push-Server changes. The mentioned scenarios have been added [1]
>
> [1]:
> https://github.com/aerogear/aerogear-unifiedpush-server-integration-tests/blob/master/src/test/groovy/org/jboss/aerogear/unifiedpush/rest/security/AuthenticationEndpointSpecification.groovy
>
>
> On Mon, 2013-08-12 at 07:38 -0300, Bruno Oliveira wrote:
>> Good morning all, on the last week I promised to Karel some scenarios to
>> improve our integration tests on Unified Push server. There we go with cUrl:
>>
>> # Login with the default credential on push server and verify if the
>> server will return HTTP 403
>>
>> curl -v -b cookies.txt -c cookies.txt \
>> -H "Accept: application/json" -H "Content-type: application/json" \
>> -X POST -d '{"loginName": "admin", "password":"123"}' \
>> http://localhost:8080/ag-push/rest/auth/login
>>
>> # Try to change the password providing a wrong old password and the
>> server MUST return HTTP 401 (This is the fix provided on PicketLink
>> beta7 and a good reason to update all projects on AeroGear).
>>
>> curl -v -b cookies.txt -c cookies.txt \
>> -H "Accept: application/json" -H "Content-type: application/json" \
>> -X PUT -d '{"loginName": "admin", "password":"meh",
>> "newPassword":"ahoy"}' \
>> http://localhost:8080/ag-push/rest/auth/update
>>
>> # Try to change the password providing a correct old password and the
>> server will return HTTP 200
>>
>> curl -v -b cookies.txt -c cookies.txt \
>> -H "Accept: application/json" -H "Content-type: application/json" \
>> -X PUT -d '{"loginName": "admin", "password":"123",
>> "newPassword":"ahoy"}' \
>> http://localhost:8080/ag-push/rest/auth/update
>>
>> # Try to login with incorrect credentials and the server must return
>> HTTP 401
>>
>> curl -v -b cookies.txt -c cookies.txt \
>> -H "Accept: application/json" -H "Content-type: application/json" \
>> -X POST -d '{"loginName": "admin", "password":"123"}' \
>> http://localhost:8080/ag-push/rest/auth/login
>>
>> # Try to login with correct credentials and the server must return HTTP 200
>>
>> curl -v -b cookies.txt -c cookies.txt \
>> -H "Accept: application/json" -H "Content-type: application/json" \
>> -X POST -d '{"loginName": "admin", "password":"ahoy"}'
>> http://localhost:8080/ag-push/rest/auth/login
>>
>>
>> Let me know if I missed something.
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130812/b2dc2c07/attachment.bin
More information about the aerogear-dev
mailing list