@Bruno Thanks for writing down these security scenarios.
I have updated the integration tests to reflect the latest
AG-Unified-Push-Server changes. The mentioned scenarios have been added [1]
[1]:
https://github.com/aerogear/aerogear-unifiedpush-server-integration-tests...
On Mon, 2013-08-12 at 07:38 -0300, Bruno Oliveira wrote:
> Good morning all, on the last week I promised to Karel some scenarios to
> improve our integration tests on Unified Push server. There we go with cUrl:
>
> # Login with the default credential on push server and verify if the
> server will return HTTP 403
>
> curl -v -b cookies.txt -c cookies.txt \
> -H "Accept: application/json" -H "Content-type:
application/json" \
> -X POST -d '{"loginName": "admin",
"password":"123"}' \
>
http://localhost:8080/ag-push/rest/auth/login
>
> # Try to change the password providing a wrong old password and the
> server MUST return HTTP 401 (This is the fix provided on PicketLink
> beta7 and a good reason to update all projects on AeroGear).
>
> curl -v -b cookies.txt -c cookies.txt \
> -H "Accept: application/json" -H "Content-type:
application/json" \
> -X PUT -d '{"loginName": "admin",
"password":"meh",
> "newPassword":"ahoy"}' \
>
http://localhost:8080/ag-push/rest/auth/update
>
> # Try to change the password providing a correct old password and the
> server will return HTTP 200
>
> curl -v -b cookies.txt -c cookies.txt \
> -H "Accept: application/json" -H "Content-type:
application/json" \
> -X PUT -d '{"loginName": "admin",
"password":"123",
> "newPassword":"ahoy"}' \
>
http://localhost:8080/ag-push/rest/auth/update
>
> # Try to login with incorrect credentials and the server must return
> HTTP 401
>
> curl -v -b cookies.txt -c cookies.txt \
> -H "Accept: application/json" -H "Content-type:
application/json" \
> -X POST -d '{"loginName": "admin",
"password":"123"}' \
>
http://localhost:8080/ag-push/rest/auth/login
>
> # Try to login with correct credentials and the server must return HTTP 200
>
> curl -v -b cookies.txt -c cookies.txt \
> -H "Accept: application/json" -H "Content-type:
application/json" \
> -X POST -d '{"loginName": "admin",
"password":"ahoy"}'
>
http://localhost:8080/ag-push/rest/auth/login
>
>
> Let me know if I missed something.
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org <mailto:aerogear-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev