<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.6.4">
</HEAD>
<BODY>
@Bruno Thanks for writing down these security scenarios.<BR>
<BR>
I have updated the integration tests to reflect the latest AG-Unified-Push-Server changes. The mentioned scenarios have been added [1]<BR>
<BR>
[1]: <A HREF="https://github.com/aerogear/aerogear-unifiedpush-server-integration-tests/blob/master/src/test/groovy/org/jboss/aerogear/unifiedpush/rest/security/AuthenticationEndpointSpecification.groovy">https://github.com/aerogear/aerogear-unifiedpush-server-integration-tests/blob/master/src/test/groovy/org/jboss/aerogear/unifiedpush/rest/security/AuthenticationEndpointSpecification.groovy</A><BR>
<BR>
<BR>
On Mon, 2013-08-12 at 07:38 -0300, Bruno Oliveira wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
Good morning all, on the last week I promised to Karel some scenarios to
improve our integration tests on Unified Push server. There we go with cUrl:
# Login with the default credential on push server and verify if the
server will return HTTP 403
curl -v -b cookies.txt -c cookies.txt \
-H "Accept: application/json" -H "Content-type: application/json" \
-X POST -d '{"loginName": "admin", "password":"123"}' \
<A HREF="http://localhost:8080/ag-push/rest/auth/login">http://localhost:8080/ag-push/rest/auth/login</A>
# Try to change the password providing a wrong old password and the
server MUST return HTTP 401 (This is the fix provided on PicketLink
beta7 and a good reason to update all projects on AeroGear).
curl -v -b cookies.txt -c cookies.txt \
-H "Accept: application/json" -H "Content-type: application/json" \
-X PUT -d '{"loginName": "admin", "password":"meh",
"newPassword":"ahoy"}' \
<A HREF="http://localhost:8080/ag-push/rest/auth/update">http://localhost:8080/ag-push/rest/auth/update</A>
# Try to change the password providing a correct old password and the
server will return HTTP 200
curl -v -b cookies.txt -c cookies.txt \
-H "Accept: application/json" -H "Content-type: application/json" \
-X PUT -d '{"loginName": "admin", "password":"123",
"newPassword":"ahoy"}' \
<A HREF="http://localhost:8080/ag-push/rest/auth/update">http://localhost:8080/ag-push/rest/auth/update</A>
# Try to login with incorrect credentials and the server must return
HTTP 401
curl -v -b cookies.txt -c cookies.txt \
-H "Accept: application/json" -H "Content-type: application/json" \
-X POST -d '{"loginName": "admin", "password":"123"}' \
<A HREF="http://localhost:8080/ag-push/rest/auth/login">http://localhost:8080/ag-push/rest/auth/login</A>
# Try to login with correct credentials and the server must return HTTP 200
curl -v -b cookies.txt -c cookies.txt \
-H "Accept: application/json" -H "Content-type: application/json" \
-X POST -d '{"loginName": "admin", "password":"ahoy"}'
<A HREF="http://localhost:8080/ag-push/rest/auth/login">http://localhost:8080/ag-push/rest/auth/login</A>
Let me know if I missed something.
_______________________________________________
aerogear-dev mailing list
<A HREF="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</A>
<A HREF="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</A>
</PRE>
</BLOCKQUOTE>
<BR>
</BODY>
</HTML>