@toa.io/extensions.exposition 1.0.0-alpha.0 → 1.0.0-alpha.3

package/features/cors.feature

@@ -0,0 +1,72 @@
+Feature: CORS Support
+
+  Scenario: Using CORS
+    Given the annotation:
+      """yaml
+      /:
+        anonymous: true
+        /foo:
+          GET:
+            dev:stub: Hello
+      """
+    When the following request is received:
+      """
+      OPTIONS / HTTP/1.1
+      origin: https://hello.world
+      """
+    Then the following reply is sent:
+      """
+      204 No Content
+      access-control-allow-origin: https://hello.world
+      access-control-allow-methods: GET, POST, PUT, PATCH, DELETE
+      access-control-allow-headers: accept, authorization, content-type
+      access-control-allow-credentials: true
+      access-control-max-age: 3600
+      cache-control: public, max-age=3600
+      vary: origin
+      """
+    When the following request is received:
+      """
+      GET /foo/ HTTP/1.1
+      origin: https://hello.world
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      access-control-allow-origin: https://hello.world
+      access-control-expose-headers: authorization, content-type, content-length, etag
+      vary: origin
+      """
+
+  Scenario: Errors contain CORS headers
+    Given the annotation:
+      """yaml
+      /:
+        /foo:
+          GET:
+            dev:stub: Hello
+      """
+    When the following request is received:
+      """
+      GET /bar/ HTTP/1.1
+      origin: https://hello.world
+      """
+    Then the following reply is sent:
+      """
+      404 Not Found
+      access-control-allow-origin: https://hello.world
+      access-control-expose-headers: authorization, content-type, content-length, etag
+      vary: origin
+      """
+    When the following request is received:
+      """
+      GET /foo/ HTTP/1.1
+      origin: https://hello.world
+      """
+    Then the following reply is sent:
+      """
+      401 Unauthorized
+      access-control-allow-origin: https://hello.world
+      access-control-expose-headers: authorization, content-type, content-length, etag
+      vary: origin
+      """

package/features/identity.feature

@@ -17,7 +17,7 @@ Feature: Identity resource
     Then the following reply is sent:
       """
       200 OK
-      authorization: Token ${{ token }}
+      authorization: Token ${{ User.token }}
 
       id: efe3a65ebbee47ed95a73edd911ea328
       roles:
@@ -27,14 +27,30 @@ Feature: Identity resource
     When the following request is received:
       """
       GET /identity/ HTTP/1.1
-      authorization: Token ${{ token }}
+      authorization: Token ${{ User.token }}
       accept: application/yaml
       """
     Then the following reply is sent:
       """
       200 OK
 
-      id: efe3a65ebbee47ed95a73edd911ea328
+      id: ${{ User.id }}
+      roles:
+        - developer
+        - system:identity
+      """
+    # checking that it returns the same id for given token
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      authorization: Token ${{ User.token }}
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+
+      id: ${{ User.id }}
       roles:
         - developer
         - system:identity

package/features/identity.federation.feature

@@ -0,0 +1,155 @@
+Feature: Identity Federation
+
+  Background:
+    Given the `identity.federation` database is empty
+    Given local IDP is running
+
+
+  Scenario: Getting identity for a new user
+    Given the `identity.federation` configuration:
+      """yaml
+      explicit_identity_creation: false
+      trust:
+        - issuer: http://localhost:44444
+      """
+    And the IDP token for User is issued
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      authorization: Bearer ${{ User.id_token }}
+      accept: application/yaml
+      content-type: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      authorization: Token ${{ User.token }}
+
+      id: ${{ User.id }}
+      roles: []
+      scheme: bearer
+      """
+    # validate token
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      accept: application/yaml
+      authorization: Token ${{ User.token }}
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      id: ${{ User.id }}
+      """
+    # ensuring identity idemptotency
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      authorization: Bearer ${{ User.id_token }}
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      id: ${{ User.id }}
+      """
+
+  Scenario: Getting identity for a user with symmetric tokens
+    Given the `identity.federation` configuration:
+      """yaml
+      explicit_identity_creation: false
+      trust:
+        - issuer: http://localhost:44444
+          secrets:
+            HS384:
+              k1: the-secret
+      """
+    And the IDP HS384 token for GoodUser is issued with following secret:
+      """
+      the-secret
+      """
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      authorization: Bearer ${{ GoodUser.id_token }}
+      accept: application/yaml
+      content-type: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      authorization: Token ${{ GoodUser.token }}
+
+      id: ${{ GoodUser.id }}
+      scheme: bearer
+      """
+
+  Scenario: Creating an Identity using inception with existing credentials
+    Given the `identity.federation` configuration:
+      """yaml
+      trust:
+        - issuer: http://localhost:44444
+      """
+    Given the `users` is running with the following manifest:
+      """yaml
+      exposition:
+        /:
+          anonymous: true
+          POST:
+            incept: id
+            endpoint: create
+      """
+    And the IDP token for Bill is issued
+    When the following request is received:
+      # identity inception
+      """
+      POST /users/ HTTP/1.1
+      authorization: Bearer ${{ Bill.id_token }}
+      accept: application/yaml
+      content-type: application/yaml
+
+      name: Bill Smith
+      """
+    Then the following reply is sent:
+      """
+      201 Created
+      authorization: Token ${{ Bill.token }}
+
+      id: ${{ Bill.id }}
+      """
+    # check that both tokens corresponds to the same id
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      authorization: Token ${{ Bill.token }}
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      id: ${{ Bill.id }}
+      """
+    When the following request is received:
+      """
+      GET /identity/ HTTP/1.1
+      authorization: Bearer ${{ Bill.id_token }}
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      id: ${{ Bill.id }}
+      """
+    And the following request is received:
+      # same credentials
+      """
+      POST /users/ HTTP/1.1
+      authorization: Bearer ${{ Bill.id_token }}
+      content-type: text/plain
+
+      name: Mary Louis
+      """
+    Then the following reply is sent:
+      """
+      403 Forbidden
+      """

package/features/octets.entries.feature

@@ -0,0 +1,121 @@
+Feature: Accessing entires
+
+  Scenario: Entries are not accessible by default
+    Given the annotation:
+      """yaml
+      /:
+        auth:anonymous: true
+        octets:context: octets
+        POST:
+          octets:store: ~
+        GET:
+          octets:list: ~
+        /*:
+          GET:
+            octets:fetch: ~
+      """
+    When the stream of `lenna.ascii` is received with the following headers:
+      """
+      POST / HTTP/1.1
+      content-type: application/octet-stream
+      """
+    Then the following reply is sent:
+      """
+      201 Created
+      """
+    When the following request is received:
+      """
+      GET / HTTP/1.1
+      accept: application/vnd.toa.octets.entries+yaml
+      """
+    Then the following reply is sent:
+      """
+      403 Forbidden
+
+      Metadata is not accessible.
+      """
+    When the following request is received:
+      """
+      GET /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      accept: text/vnd.toa.octets.entry+plain
+      """
+    Then the following reply is sent:
+      """
+      403 Forbidden
+
+      Metadata is not accessible.
+      """
+
+  Scenario: Accessing entries
+    Given the annotation:
+      """yaml
+      /:
+        auth:anonymous: true
+        octets:context: octets
+        POST:
+          octets:store: ~
+        GET:
+          octets:list:
+            meta: true
+        /*:
+          GET:
+            octets:fetch:
+              meta: true
+      """
+    When the stream of `lenna.ascii` is received with the following headers:
+      """
+      POST / HTTP/1.1
+      accept: application/yaml
+      content-type: application/octet-stream
+      """
+    And the stream of `lenna.png` is received with the following headers:
+      """
+      POST / HTTP/1.1
+      accept: application/yaml
+      content-type: application/octet-stream
+      """
+    When the following request is received:
+      """
+      GET / HTTP/1.1
+      accept: application/yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      content-type: application/yaml
+
+      - 10cf16b458f759e0d617f2f3d83599ff
+      - 814a0034f5549e957ee61360d87457e5
+      """
+    When the following request is received:
+      """
+      GET / HTTP/1.1
+      accept: application/vnd.toa.octets.entries+yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      content-type: application/yaml
+
+      - id: 10cf16b458f759e0d617f2f3d83599ff
+        size: 8169
+        type: application/octet-stream
+      - id: 814a0034f5549e957ee61360d87457e5
+        size: 473831
+        type: image/png
+      """
+    When the following request is received:
+      """
+      GET /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      accept: application/vnd.toa.octets.entry+yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+      content-type: application/yaml
+      content-length: 124
+
+      id: 10cf16b458f759e0d617f2f3d83599ff
+      type: application/octet-stream
+      size: 8169
+      """

package/features/octets.feature

@@ -70,17 +70,6 @@ Feature: Octets directive family
       """
       304 Not Modified
       """
-    When the following request is received:
-      """
-      GET /10cf16b458f759e0d617f2f3d83599ff:meta HTTP/1.1
-      accept: text/plain
-      """
-    Then the following reply is sent:
-      """
-      403 Forbidden
-
-      Metadata is not accessible.
-      """
     When the following request is received:
       """
       GET / HTTP/1.1
@@ -245,10 +234,9 @@ Feature: Octets directive family
       Trailing slash is redundant.
       """
 
-  Scenario: Accessing an Entry and the original BLOLB
+  Scenario: Original BLOLB is not accessible
     Given the annotation:
       """yaml
-      debug: true
       /:
         auth:anonymous: true
         octets:context: octets
@@ -268,24 +256,10 @@ Feature: Octets directive family
       """
       201 Created
       """
-    When the following request is received:
-      """
-      GET /10cf16b458f759e0d617f2f3d83599ff:meta HTTP/1.1
-      accept: application/yaml
-      """
-    Then the following reply is sent:
-      """
-      200 OK
-      content-type: application/yaml
-      content-length: 124
-
-      id: 10cf16b458f759e0d617f2f3d83599ff
-      type: application/octet-stream
-      size: 8169
-      """
     When the following request is received:
       """
       GET /10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      accept: text/plain
       """
     Then the following reply is sent:
       """

package/features/octets.meta.feature

@@ -0,0 +1,65 @@
+Feature: Octets `content-meta` header
+
+  Scenario: Sending `content-meta` header
+    Given the `octets.tester` is running
+    And the annotation:
+      """yaml
+      /:
+        auth:anonymous: true
+        octets:context: octets
+        /*:
+          POST:
+            octets:store: ~
+          /*:
+            GET:
+              octets:fetch:
+                meta: true
+      """
+    When the stream of `lenna.ascii` is received with the following headers:
+      """
+      POST /meta-header/ HTTP/1.1
+      content-type: application/octet-stream
+      content-meta: foo, bar=baz=1
+      content-meta: baz=1
+      """
+    Then the following reply is sent:
+      """
+      201 Created
+      """
+    When the following request is received:
+      """
+      GET /meta-header/10cf16b458f759e0d617f2f3d83599ff HTTP/1.1
+      accept: application/vnd.toa.octets.entry+yaml
+      """
+    Then the following reply is sent:
+      """
+      200 OK
+
+      id: 10cf16b458f759e0d617f2f3d83599ff
+      type: application/octet-stream
+      size: 8169
+      meta:
+        foo: 'true'
+        bar: baz=1
+        baz: '1'
+      """
+
+  Scenario: CORS allows `content-meta` header
+    Given the annotation:
+      """yaml
+      /:
+        octets:context: octets
+        POST:
+          octets:store: ~
+      """
+    When the following request is received:
+      """
+      OPTIONS / HTTP/1.1
+      origin: http://example.com
+      """
+    Then the following reply is sent:
+      """
+      204 No Content
+      access-control-allow-origin: http://example.com
+      access-control-allow-headers: accept, authorization, content-type, content-meta
+      """