From 1711534051e91705a9c4c0b48cf515719a5a8c53 Mon Sep 17 00:00:00 2001 From: Prasanna Dangalla Date: Fri, 10 Mar 2023 14:42:48 +0530 Subject: [PATCH 1/2] Added test case to validate both basic auth and auth2 enable api through basic auth. --- .../api/lifecycle/APISecurityTestCase.java | 42 ++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java index 45f03f682c..3d7ffdd7b3 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java @@ -104,7 +104,9 @@ public class APISecurityTestCase extends APIManagerLifecycleBaseTest { private final String OauthEnabledAPIContext = "OauthEnabledAPI"; private final String apiKeySecuredAPIContext = "apiKeySecuredAPI"; private final String basicAuthSecuredAPI = "BasicAuthSecuredAPI"; + private final String basicAuthAndOauth2SecuredAPI = "BasicAuthAndOauth2SecuredAPI"; private final String basicAuthSecuredAPIContext = "BasicAuthSecuredAPI"; + private final String basicAuthSecuredAPIContext = "BasicAuthAndOauth2SecuredAPI"; private final String API_END_POINT_METHOD = "/customers/123"; private final String API_VERSION_1_0_0 = "1.0.0"; private final String APPLICATION_NAME = "AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase"; @@ -119,6 +121,7 @@ public class APISecurityTestCase extends APIManagerLifecycleBaseTest { private String apiId5; private String apiId6; private String apiId7; + private String apiId8; private SubscriptionDTO subscriptionDTO; private final String API_RESPONSE_DATA = "123John"; String users[] = {"apisecUser", "apisecUser2@wso2.com", "apisecUser2@abc.com"}; @@ -353,6 +356,33 @@ public void initialize() HttpResponse response7 = restAPIPublisher.addAPI(apiRequest7); apiId7 = response7.getData(); + + APIRequest apiRequest8 = new APIRequest(basicAuthAndOauth2SecuredAPI, basicAuthSecuredAPIContext, + new URL(apiEndPointUrl)); + apiRequest8.setVersion(API_VERSION_1_0_0); + apiRequest8.setTiersCollection(APIMIntegrationConstants.API_TIER.UNLIMITED); + apiRequest8.setTier(APIMIntegrationConstants.API_TIER.UNLIMITED); + apiRequest8.setTags(API_TAGS); + apiRequest8.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue()); + apiRequest8.setOperationsDTOS(operationsDTOS); + apiRequest8.setProvider(user.getUserName()); + + List securitySchemes8 = new ArrayList<>(); + securitySchemes8.add("basic_auth"); + securitySchemes8.add("oauth_basic_auth_api_key_mandatory"); + securitySchemes8.add("oauth2"); + apiRequest8.setSecurityScheme(securitySchemes5); + apiRequest8.setDefault_version("true"); + apiRequest8.setHttps_checked("https"); + apiRequest8.setHttp_checked(null); + HttpResponse response8 = restAPIPublisher.addAPI(apiRequest8); + apiId8 = response8.getData(); + createAPIRevisionAndDeployUsingRest(apiId8, restAPIPublisher); + restAPIPublisher.changeAPILifeCycleStatusToPublish(apiId8, false); + waitForAPIDeploymentSync(apiRequest5.getProvider(), apiRequest5.getName(), apiRequest5.getVersion(), + APIMIntegrationConstants.IS_API_EXISTS); + + } @Test(description = "This test case tests the behaviour of internal Key token on Created API with authentication " + @@ -999,7 +1029,7 @@ public void testInvokeBasicAuth() throws Exception { String user1 = users[0]; Map requestHeaders1 = new HashMap<>(); requestHeaders1.put("Authorization", - "Basic " + Base64.encodeBase64String(user1.concat("@").concat(this.user.getUserDomain()).concat(":") + e "Basic " + Base64.encodeBase64String(user1.concat("@").concat(this.user.getUserDomain()).concat(":") .concat("randomPassword1").getBytes())); HttpResponse response = HttpRequestUtil.doGet(getAPIInvocationURLHttps(basicAuthSecuredAPIContext, API_VERSION_1_0_0) + API_END_POINT_METHOD, requestHeaders1); @@ -1199,6 +1229,16 @@ public void testInvocationWithApiKeysWithoutSubscription() throws Exception { ", but got " + invocationResponseAfterSubscriptionRemoved.getResponseCode()); } + @Test(description = "Testing the invocation with Basic Auth for APIKey Only API", dependsOnMethods = { + "testInvokeBasicAuthAfterCredentialsInvalid"}) + public void testInvocationWithBasicAuthandOauth2ForAPIKey() throws Exception { + Map requestHeaders = new HashMap<>(); + requestHeaders.put("accept", "text/xml"); + requestHeaders.put("Authorization", "Basic abcce"); + HttpResponse response = HTTPSClientUtils.doGet(getAPIInvocationURLHttps(basicAuthSecuredAPIContext, + API_VERSION_1_0_0) + API_END_POINT_METHOD, requestHeaders); + Assert.assertEquals(response.getResponseCode(), HttpStatus.SC_OK); + } @AfterClass(alwaysRun = true) public void cleanUpArtifacts() throws Exception { restAPIStore.deleteApplication(applicationId); From ac400b61c7808acd1964bd603153f0d3246ea2f8 Mon Sep 17 00:00:00 2001 From: Prasanna Dangalla Date: Tue, 14 Mar 2023 00:10:17 +0530 Subject: [PATCH 2/2] Added suggested fixes in PR> --- .../tests/api/lifecycle/APISecurityTestCase.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java index 3d7ffdd7b3..40eae3bcdc 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java @@ -106,7 +106,7 @@ public class APISecurityTestCase extends APIManagerLifecycleBaseTest { private final String basicAuthSecuredAPI = "BasicAuthSecuredAPI"; private final String basicAuthAndOauth2SecuredAPI = "BasicAuthAndOauth2SecuredAPI"; private final String basicAuthSecuredAPIContext = "BasicAuthSecuredAPI"; - private final String basicAuthSecuredAPIContext = "BasicAuthAndOauth2SecuredAPI"; + private final String basicAuthAndOauth2SecuredAPI = "BasicAuthAndOauth2SecuredAPI"; private final String API_END_POINT_METHOD = "/customers/123"; private final String API_VERSION_1_0_0 = "1.0.0"; private final String APPLICATION_NAME = "AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase"; @@ -357,7 +357,7 @@ public void initialize() HttpResponse response7 = restAPIPublisher.addAPI(apiRequest7); apiId7 = response7.getData(); - APIRequest apiRequest8 = new APIRequest(basicAuthAndOauth2SecuredAPI, basicAuthSecuredAPIContext, + APIRequest apiRequest8 = new APIRequest(basicAuthAndOauth2SecuredAPI, basicAuthAndOauth2SecuredAPI, new URL(apiEndPointUrl)); apiRequest8.setVersion(API_VERSION_1_0_0); apiRequest8.setTiersCollection(APIMIntegrationConstants.API_TIER.UNLIMITED); @@ -1029,7 +1029,7 @@ public void testInvokeBasicAuth() throws Exception { String user1 = users[0]; Map requestHeaders1 = new HashMap<>(); requestHeaders1.put("Authorization", - e "Basic " + Base64.encodeBase64String(user1.concat("@").concat(this.user.getUserDomain()).concat(":") + "Basic " + Base64.encodeBase64String(user1.concat("@").concat(this.user.getUserDomain()).concat(":") .concat("randomPassword1").getBytes())); HttpResponse response = HttpRequestUtil.doGet(getAPIInvocationURLHttps(basicAuthSecuredAPIContext, API_VERSION_1_0_0) + API_END_POINT_METHOD, requestHeaders1); @@ -1249,6 +1249,7 @@ public void cleanUpArtifacts() throws Exception { restAPIPublisher.deleteAPI(apiId5); restAPIPublisher.deleteAPI(apiId6); restAPIPublisher.deleteAPI(apiId7); + restAPIPublisher.deleteAPI(apiId8); removeUsers(); }