mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-16 11:23:10 +02:00
cucumber for days (#5766)
This commit is contained in:
@@ -0,0 +1,80 @@
|
||||
@jwt @auth @team
|
||||
Feature: Teams API
|
||||
|
||||
Tests for the teams REST API, which provides multi-user grouping
|
||||
functionality (a @PremiumEndpoint feature).
|
||||
|
||||
Endpoints:
|
||||
- POST /api/v1/teams/create (admin only, query param: name)
|
||||
- POST /api/v1/teams/rename (admin only, query params: teamId, name)
|
||||
- POST /api/v1/teams/delete (admin only, query param: teamId)
|
||||
- POST /api/v1/teams/addUser (admin only, query params: teamId, username)
|
||||
|
||||
Because this is a @PremiumEndpoint, responses may be 200 (premium enabled)
|
||||
or 403 (premium not available in this build).
|
||||
|
||||
There is no GET /teams endpoint, so full CRUD lifecycle cannot be verified
|
||||
via ID-based lookup. Tests are limited to exercising each endpoint and
|
||||
checking the response is not a security bypass.
|
||||
|
||||
Admin credentials: username=admin, password=stirling
|
||||
|
||||
# =========================================================================
|
||||
# CREATE TEAM
|
||||
# =========================================================================
|
||||
|
||||
@positive
|
||||
Scenario: Admin can attempt to create a new team
|
||||
Given I am logged in as admin
|
||||
When I send a POST request to "/api/v1/teams/create" with JWT authentication and params "name=bdd_test_team"
|
||||
Then the response status code should be one of "200, 201, 403"
|
||||
|
||||
@negative
|
||||
Scenario: Unauthenticated request to create team returns 401
|
||||
When I send a POST request to "/api/v1/teams/create" with no authentication and params "name=evil_team"
|
||||
Then the response status code should be 401
|
||||
|
||||
# =========================================================================
|
||||
# RENAME TEAM
|
||||
# =========================================================================
|
||||
|
||||
@positive
|
||||
Scenario: Admin can attempt to rename a team
|
||||
Given I am logged in as admin
|
||||
When I send a POST request to "/api/v1/teams/rename" with JWT authentication and params "teamId=1&newName=bdd_renamed_team"
|
||||
Then the response status code should be one of "200, 400, 403, 404"
|
||||
|
||||
@negative
|
||||
Scenario: Unauthenticated request to rename team returns 401
|
||||
When I send a POST request to "/api/v1/teams/rename" with no authentication and params "teamId=1&newName=evil_renamed"
|
||||
Then the response status code should be 401
|
||||
|
||||
# =========================================================================
|
||||
# ADD USER TO TEAM
|
||||
# =========================================================================
|
||||
|
||||
@positive
|
||||
Scenario: Admin can attempt to add a user to a team
|
||||
Given I am logged in as admin
|
||||
When I send a POST request to "/api/v1/teams/addUser" with JWT authentication and params "teamId=1&userId=1"
|
||||
Then the response status code should be one of "200, 400, 403, 404"
|
||||
|
||||
@negative
|
||||
Scenario: Unauthenticated request to add user to team returns 401
|
||||
When I send a POST request to "/api/v1/teams/addUser" with no authentication and params "teamId=1&userId=1"
|
||||
Then the response status code should be 401
|
||||
|
||||
# =========================================================================
|
||||
# DELETE TEAM
|
||||
# =========================================================================
|
||||
|
||||
@positive
|
||||
Scenario: Admin can attempt to delete a team
|
||||
Given I am logged in as admin
|
||||
When I send a POST request to "/api/v1/teams/delete" with JWT authentication and params "teamId=999"
|
||||
Then the response status code should be one of "200, 400, 403, 404"
|
||||
|
||||
@negative
|
||||
Scenario: Unauthenticated request to delete team returns 401
|
||||
When I send a POST request to "/api/v1/teams/delete" with no authentication and params "teamId=1"
|
||||
Then the response status code should be 401
|
||||
Reference in New Issue
Block a user