@toa.io/extensions.exposition 1.0.0-alpha.21 → 1.0.0-alpha.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/components/context.toa.yaml +2 -2
- package/components/identity.basic/manifest.toa.yaml +18 -9
- package/components/identity.basic/operations/authenticate.d.ts +5 -1
- package/components/identity.basic/operations/authenticate.js +2 -2
- package/components/identity.basic/operations/authenticate.js.map +1 -1
- package/components/identity.basic/operations/incept.d.ts +11 -0
- package/components/identity.basic/operations/incept.js +13 -0
- package/components/identity.basic/operations/incept.js.map +1 -0
- package/components/identity.basic/operations/transit.d.ts +3 -3
- package/components/identity.basic/operations/transit.js +5 -3
- package/components/identity.basic/operations/transit.js.map +1 -1
- package/components/identity.basic/operations/tsconfig.tsbuildinfo +1 -1
- package/components/identity.basic/operations/types.d.ts +2 -0
- package/components/identity.basic/source/authenticate.ts +12 -5
- package/components/identity.basic/source/incept.ts +22 -0
- package/components/identity.basic/source/transit.ts +7 -5
- package/components/identity.basic/source/types.ts +2 -0
- package/components/identity.federation/manifest.toa.yaml +28 -11
- package/components/identity.federation/operations/authenticate.d.ts +2 -2
- package/components/identity.federation/operations/authenticate.js +6 -5
- package/components/identity.federation/operations/authenticate.js.map +1 -1
- package/components/identity.federation/operations/incept.d.ts +11 -0
- package/components/identity.federation/operations/{create.js → incept.js} +6 -7
- package/components/identity.federation/operations/incept.js.map +1 -0
- package/components/identity.federation/operations/lib/jwt.js +3 -3
- package/components/identity.federation/operations/lib/jwt.js.map +1 -1
- package/components/identity.federation/operations/schemas.d.ts +7 -3
- package/components/identity.federation/operations/tsconfig.tsbuildinfo +1 -1
- package/components/identity.federation/operations/types.d.ts +5 -0
- package/components/identity.federation/source/authenticate.ts +9 -6
- package/components/identity.federation/source/{create.ts → incept.ts} +10 -9
- package/components/identity.federation/source/lib/jwt.test.ts +2 -2
- package/components/identity.federation/source/lib/jwt.ts +3 -3
- package/components/identity.federation/source/schemas.ts +7 -3
- package/components/identity.federation/source/types.ts +6 -0
- package/components/identity.tokens/manifest.toa.yaml +7 -1
- package/components/identity.tokens/operations/authenticate.d.ts +2 -2
- package/components/identity.tokens/operations/authenticate.js +5 -2
- package/components/identity.tokens/operations/authenticate.js.map +1 -1
- package/components/identity.tokens/operations/decrypt.js +1 -0
- package/components/identity.tokens/operations/decrypt.js.map +1 -1
- package/components/identity.tokens/operations/encrypt.js +1 -0
- package/components/identity.tokens/operations/encrypt.js.map +1 -1
- package/components/identity.tokens/operations/tsconfig.tsbuildinfo +1 -1
- package/components/identity.tokens/operations/types.d.ts +7 -0
- package/components/identity.tokens/source/authenticate.test.ts +11 -4
- package/components/identity.tokens/source/authenticate.ts +7 -3
- package/components/identity.tokens/source/decrypt.test.ts +5 -3
- package/components/identity.tokens/source/decrypt.ts +9 -8
- package/components/identity.tokens/source/encrypt.test.ts +4 -1
- package/components/identity.tokens/source/encrypt.ts +1 -0
- package/components/identity.tokens/source/types.ts +8 -0
- package/components/octets.storage/manifest.toa.yaml +0 -6
- package/documentation/authorities.md +53 -0
- package/documentation/components.md +3 -3
- package/documentation/identity.md +17 -22
- package/documentation/vary.md +5 -11
- package/features/access.feature +55 -7
- package/features/annotation.feature +1 -0
- package/features/authorities.basic.feature +140 -0
- package/features/authorities.feature +32 -0
- package/features/authorities.federation.feature +99 -0
- package/features/authorities.tokens.feature +118 -0
- package/features/body.feature +2 -0
- package/features/cache.feature +39 -5
- package/features/cors.feature +4 -0
- package/features/directives.feature +3 -0
- package/features/dynamic.feature +4 -0
- package/features/errors.feature +12 -1
- package/features/etag.feature +6 -0
- package/features/identity.bans.feature +12 -3
- package/features/identity.basic.feature +34 -15
- package/features/identity.feature +7 -2
- package/features/identity.federation.feature +14 -4
- package/features/identity.roles.feature +29 -17
- package/features/identity.tokens.feature +18 -6
- package/features/io.feature +9 -0
- package/features/octets.entries.feature +8 -0
- package/features/octets.feature +17 -54
- package/features/octets.meta.feature +3 -0
- package/features/octets.workflows.feature +13 -0
- package/features/queries.feature +8 -0
- package/features/require.feature +3 -0
- package/features/response.feature +5 -2
- package/features/routes.feature +7 -0
- package/features/steps/Gateway.ts +23 -6
- package/features/streams.feature +1 -0
- package/features/timing.feature +3 -0
- package/features/vary.feature +49 -0
- package/package.json +7 -7
- package/readme.md +19 -14
- package/schemas/annotation.cos.yaml +1 -1
- package/source/Annotation.ts +3 -3
- package/source/Endpoint.ts +1 -1
- package/source/Factory.ts +8 -10
- package/source/Gateway.ts +2 -6
- package/source/HTTP/Context.ts +3 -1
- package/source/HTTP/Server.ts +23 -26
- package/source/HTTP/exceptions.ts +6 -0
- package/source/Query.ts +9 -5
- package/source/deployment.ts +25 -21
- package/source/directives/auth/Authorization.ts +18 -8
- package/source/directives/auth/Incept.ts +2 -1
- package/source/directives/octets/Octets.ts +0 -2
- package/source/directives/vary/embeddings/Authority.ts +8 -0
- package/source/directives/vary/embeddings/index.ts +3 -1
- package/source/schemas.ts +1 -1
- package/transpiled/Annotation.d.ts +3 -3
- package/transpiled/Endpoint.js +1 -1
- package/transpiled/Endpoint.js.map +1 -1
- package/transpiled/Factory.js +9 -8
- package/transpiled/Factory.js.map +1 -1
- package/transpiled/Gateway.js.map +1 -1
- package/transpiled/HTTP/Context.d.ts +2 -1
- package/transpiled/HTTP/Context.js +3 -1
- package/transpiled/HTTP/Context.js.map +1 -1
- package/transpiled/HTTP/Server.d.ts +8 -1
- package/transpiled/HTTP/Server.js +14 -20
- package/transpiled/HTTP/Server.js.map +1 -1
- package/transpiled/HTTP/exceptions.d.ts +3 -0
- package/transpiled/HTTP/exceptions.js +7 -1
- package/transpiled/HTTP/exceptions.js.map +1 -1
- package/transpiled/Query.js +2 -2
- package/transpiled/Query.js.map +1 -1
- package/transpiled/deployment.d.ts +1 -1
- package/transpiled/deployment.js +21 -19
- package/transpiled/deployment.js.map +1 -1
- package/transpiled/directives/auth/Authorization.js +9 -4
- package/transpiled/directives/auth/Authorization.js.map +1 -1
- package/transpiled/directives/auth/Incept.js +2 -1
- package/transpiled/directives/auth/Incept.js.map +1 -1
- package/transpiled/directives/octets/Octets.js +0 -2
- package/transpiled/directives/octets/Octets.js.map +1 -1
- package/transpiled/directives/vary/embeddings/Authority.d.ts +5 -0
- package/transpiled/directives/vary/embeddings/Authority.js +10 -0
- package/transpiled/directives/vary/embeddings/Authority.js.map +1 -0
- package/transpiled/directives/vary/embeddings/index.js +3 -1
- package/transpiled/directives/vary/embeddings/index.js.map +1 -1
- package/transpiled/schemas.d.ts +1 -1
- package/transpiled/schemas.js +2 -2
- package/transpiled/schemas.js.map +1 -1
- package/transpiled/tsconfig.tsbuildinfo +1 -1
- package/components/identity.basic/operations/create.d.ts +0 -10
- package/components/identity.basic/operations/create.js +0 -10
- package/components/identity.basic/operations/create.js.map +0 -1
- package/components/identity.basic/source/create.ts +0 -18
- package/components/identity.federation/operations/create.d.ts +0 -10
- package/components/identity.federation/operations/create.js.map +0 -1
- package/components/octets.storage/operations/permute.js +0 -7
- package/source/HTTP/Server.test.ts +0 -126
- package/source/directives/octets/Permute.ts +0 -44
- package/transpiled/directives/octets/Permute.d.ts +0 -11
- package/transpiled/directives/octets/Permute.js +0 -58
- package/transpiled/directives/octets/Permute.js.map +0 -1
package/features/errors.feature
CHANGED
|
@@ -8,6 +8,7 @@ Feature: Errors
|
|
|
8
8
|
When the following request is received:
|
|
9
9
|
"""
|
|
10
10
|
GET <path> HTTP/1.1
|
|
11
|
+
host: nex.toa.io
|
|
11
12
|
accept: text/plain
|
|
12
13
|
"""
|
|
13
14
|
Then the following reply is sent:
|
|
@@ -30,6 +31,7 @@ Feature: Errors
|
|
|
30
31
|
When the following request is received:
|
|
31
32
|
"""
|
|
32
33
|
GET /basic/greeter HTTP/1.1
|
|
34
|
+
host: nex.toa.io
|
|
33
35
|
accept: application/json
|
|
34
36
|
"""
|
|
35
37
|
Then the following reply is sent:
|
|
@@ -45,6 +47,7 @@ Feature: Errors
|
|
|
45
47
|
When the following request is received:
|
|
46
48
|
"""
|
|
47
49
|
PATCH /greeter/ HTTP/1.1
|
|
50
|
+
host: nex.toa.io
|
|
48
51
|
accept: application/yaml
|
|
49
52
|
"""
|
|
50
53
|
Then the following reply is sent:
|
|
@@ -56,6 +59,7 @@ Feature: Errors
|
|
|
56
59
|
When the following request is received:
|
|
57
60
|
"""
|
|
58
61
|
COPY /basic/greeter/ HTTP/1.1
|
|
62
|
+
host: nex.toa.io
|
|
59
63
|
accept: application/yaml
|
|
60
64
|
"""
|
|
61
65
|
Then the following reply is sent:
|
|
@@ -73,6 +77,7 @@ Feature: Errors
|
|
|
73
77
|
When the following request is received:
|
|
74
78
|
"""
|
|
75
79
|
POST /pots/ HTTP/1.1
|
|
80
|
+
host: nex.toa.io
|
|
76
81
|
accept: application/yaml
|
|
77
82
|
content-type: application/yaml
|
|
78
83
|
|
|
@@ -97,6 +102,7 @@ Feature: Errors
|
|
|
97
102
|
When the following request is received:
|
|
98
103
|
"""
|
|
99
104
|
GET /pots/?limit=1001 HTTP/1.1
|
|
105
|
+
host: nex.toa.io
|
|
100
106
|
accept: text/plain
|
|
101
107
|
"""
|
|
102
108
|
Then the following reply is sent:
|
|
@@ -120,6 +126,7 @@ Feature: Errors
|
|
|
120
126
|
When the following request is received:
|
|
121
127
|
"""
|
|
122
128
|
GET /pots/hot/?criteria=volume>500 HTTP/1.1
|
|
129
|
+
host: nex.toa.io
|
|
123
130
|
accept: text/plain
|
|
124
131
|
"""
|
|
125
132
|
Then the following reply is sent:
|
|
@@ -127,7 +134,7 @@ Feature: Errors
|
|
|
127
134
|
400 Bad Request
|
|
128
135
|
content-type: text/plain
|
|
129
136
|
|
|
130
|
-
Query criteria is closed
|
|
137
|
+
Query criteria is closed
|
|
131
138
|
"""
|
|
132
139
|
|
|
133
140
|
Scenario: Additional query parameters
|
|
@@ -141,6 +148,7 @@ Feature: Errors
|
|
|
141
148
|
When the following request is received:
|
|
142
149
|
"""
|
|
143
150
|
GET /pots/?foo=bar HTTP/1.1
|
|
151
|
+
host: nex.toa.io
|
|
144
152
|
accept: text/plain
|
|
145
153
|
"""
|
|
146
154
|
Then the following reply is sent:
|
|
@@ -160,6 +168,7 @@ Feature: Errors
|
|
|
160
168
|
When the following request is received:
|
|
161
169
|
"""
|
|
162
170
|
GET / HTTP/1.1
|
|
171
|
+
host: nex.toa.io
|
|
163
172
|
authorization: Basic
|
|
164
173
|
accept: text/plain
|
|
165
174
|
"""
|
|
@@ -182,6 +191,7 @@ Feature: Errors
|
|
|
182
191
|
When the following request is received:
|
|
183
192
|
"""
|
|
184
193
|
GET / HTTP/1.1
|
|
194
|
+
host: nex.toa.io
|
|
185
195
|
accept: text/plain
|
|
186
196
|
"""
|
|
187
197
|
Then the following reply is sent:
|
|
@@ -206,6 +216,7 @@ Feature: Errors
|
|
|
206
216
|
When the following request is received:
|
|
207
217
|
"""
|
|
208
218
|
GET / HTTP/1.1
|
|
219
|
+
host: nex.toa.io
|
|
209
220
|
accept: image/jpeg
|
|
210
221
|
"""
|
|
211
222
|
Then the following reply is sent:
|
package/features/etag.feature
CHANGED
|
@@ -14,6 +14,7 @@ Feature: Optimistic concurrency control
|
|
|
14
14
|
When the following request is received:
|
|
15
15
|
"""
|
|
16
16
|
POST /pots/ HTTP/1.1
|
|
17
|
+
host: nex.toa.io
|
|
17
18
|
accept: application/yaml
|
|
18
19
|
content-type: application/yaml
|
|
19
20
|
|
|
@@ -30,6 +31,7 @@ Feature: Optimistic concurrency control
|
|
|
30
31
|
When the following request is received:
|
|
31
32
|
"""
|
|
32
33
|
GET /pots/${{ id }}/ HTTP/1.1
|
|
34
|
+
host: nex.toa.io
|
|
33
35
|
"""
|
|
34
36
|
Then the following reply is sent:
|
|
35
37
|
"""
|
|
@@ -39,6 +41,7 @@ Feature: Optimistic concurrency control
|
|
|
39
41
|
When the following request is received:
|
|
40
42
|
"""
|
|
41
43
|
GET /pots/${{ id }}/ HTTP/1.1
|
|
44
|
+
host: nex.toa.io
|
|
42
45
|
if-none-match: "1"
|
|
43
46
|
"""
|
|
44
47
|
Then the following reply is sent:
|
|
@@ -49,6 +52,7 @@ Feature: Optimistic concurrency control
|
|
|
49
52
|
When the following request is received:
|
|
50
53
|
"""
|
|
51
54
|
PUT /pots/${{ id }}/ HTTP/1.1
|
|
55
|
+
host: nex.toa.io
|
|
52
56
|
content-type: application/yaml
|
|
53
57
|
if-match: "38"
|
|
54
58
|
|
|
@@ -61,6 +65,7 @@ Feature: Optimistic concurrency control
|
|
|
61
65
|
When the following request is received:
|
|
62
66
|
"""
|
|
63
67
|
PUT /pots/${{ id }}/ HTTP/1.1
|
|
68
|
+
host: nex.toa.io
|
|
64
69
|
content-type: application/yaml
|
|
65
70
|
if-match: "1"
|
|
66
71
|
|
|
@@ -83,6 +88,7 @@ Feature: Optimistic concurrency control
|
|
|
83
88
|
When the following request is received:
|
|
84
89
|
"""
|
|
85
90
|
PUT /pots/fa177da8393544139915795816ad6b97/ HTTP/1.1
|
|
91
|
+
host: nex.toa.io
|
|
86
92
|
accept: text/plain
|
|
87
93
|
content-type: application/yaml
|
|
88
94
|
if-match: "oopsie"
|
|
@@ -5,9 +5,9 @@ Feature: Bans
|
|
|
5
5
|
Given the `identity.basic` database contains:
|
|
6
6
|
# developer:secret
|
|
7
7
|
# user:12345
|
|
8
|
-
| _id | username | password | _deleted |
|
|
9
|
-
| efe3a65ebbee47ed95a73edd911ea328 | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O | null |
|
|
10
|
-
| e8e4f9c2a68d419b861403d71fabc915 | user | $2b$10$Frszmrmsz9iwSXzBbRRMKeDVKsNxozkrLNSsN.SnVC.KPxLtQr/bK | null |
|
|
8
|
+
| _id | authority | username | password | _deleted |
|
|
9
|
+
| efe3a65ebbee47ed95a73edd911ea328 | nex | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O | null |
|
|
10
|
+
| e8e4f9c2a68d419b861403d71fabc915 | nex | user | $2b$10$Frszmrmsz9iwSXzBbRRMKeDVKsNxozkrLNSsN.SnVC.KPxLtQr/bK | null |
|
|
11
11
|
And the `identity.bans` database is empty
|
|
12
12
|
|
|
13
13
|
Scenario: Banning an Identity
|
|
@@ -31,6 +31,7 @@ Feature: Bans
|
|
|
31
31
|
When the following request is received:
|
|
32
32
|
"""
|
|
33
33
|
GET /e8e4f9c2a68d419b861403d71fabc915/ HTTP/1.1
|
|
34
|
+
host: nex.toa.io
|
|
34
35
|
authorization: Basic dXNlcjoxMjM0NQ==
|
|
35
36
|
"""
|
|
36
37
|
Then the following reply is sent:
|
|
@@ -41,6 +42,7 @@ Feature: Bans
|
|
|
41
42
|
When the following request is received:
|
|
42
43
|
"""
|
|
43
44
|
PUT /identity/bans/e8e4f9c2a68d419b861403d71fabc915/ HTTP/1.1
|
|
45
|
+
host: nex.toa.io
|
|
44
46
|
authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
|
|
45
47
|
content-type: application/yaml
|
|
46
48
|
|
|
@@ -55,6 +57,7 @@ Feature: Bans
|
|
|
55
57
|
When the following request is received:
|
|
56
58
|
"""
|
|
57
59
|
GET /e8e4f9c2a68d419b861403d71fabc915/ HTTP/1.1
|
|
60
|
+
host: nex.toa.io
|
|
58
61
|
authorization: Basic dXNlcjoxMjM0NQ==
|
|
59
62
|
"""
|
|
60
63
|
Then the following reply is sent:
|
|
@@ -65,6 +68,7 @@ Feature: Bans
|
|
|
65
68
|
When the following request is received:
|
|
66
69
|
"""
|
|
67
70
|
GET /e8e4f9c2a68d419b861403d71fabc915/ HTTP/1.1
|
|
71
|
+
host: nex.toa.io
|
|
68
72
|
authorization: Token ${{ token }}
|
|
69
73
|
"""
|
|
70
74
|
Then the following reply is sent:
|
|
@@ -74,6 +78,7 @@ Feature: Bans
|
|
|
74
78
|
When the following request is received:
|
|
75
79
|
"""
|
|
76
80
|
PUT /identity/bans/e8e4f9c2a68d419b861403d71fabc915/ HTTP/1.1
|
|
81
|
+
host: nex.toa.io
|
|
77
82
|
authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
|
|
78
83
|
content-type: application/yaml
|
|
79
84
|
|
|
@@ -86,6 +91,7 @@ Feature: Bans
|
|
|
86
91
|
When the following request is received:
|
|
87
92
|
"""
|
|
88
93
|
GET /e8e4f9c2a68d419b861403d71fabc915/ HTTP/1.1
|
|
94
|
+
host: nex.toa.io
|
|
89
95
|
authorization: Basic dXNlcjoxMjM0NQ==
|
|
90
96
|
"""
|
|
91
97
|
Then the following reply is sent:
|
|
@@ -98,6 +104,7 @@ Feature: Bans
|
|
|
98
104
|
When the following request is received:
|
|
99
105
|
"""
|
|
100
106
|
PUT /identity/bans/e8e4f9c2a68d419b861403d71fabc915/ HTTP/1.1
|
|
107
|
+
host: nex.toa.io
|
|
101
108
|
authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
|
|
102
109
|
content-type: application/yaml
|
|
103
110
|
|
|
@@ -110,6 +117,7 @@ Feature: Bans
|
|
|
110
117
|
When the following request is received:
|
|
111
118
|
"""
|
|
112
119
|
GET /e8e4f9c2a68d419b861403d71fabc915/ HTTP/1.1
|
|
120
|
+
host: nex.toa.io
|
|
113
121
|
authorization: Basic dXNlcjoxMjM0NQ==
|
|
114
122
|
"""
|
|
115
123
|
Then the following reply is sent:
|
|
@@ -120,6 +128,7 @@ Feature: Bans
|
|
|
120
128
|
When the following request is received:
|
|
121
129
|
"""
|
|
122
130
|
GET /e8e4f9c2a68d419b861403d71fabc915/ HTTP/1.1
|
|
131
|
+
host: nex.toa.io
|
|
123
132
|
authorization: Token ${{ new_token }}
|
|
124
133
|
"""
|
|
125
134
|
Then the following reply is sent:
|
|
@@ -8,6 +8,7 @@ Feature: Basic authentication
|
|
|
8
8
|
When the following request is received:
|
|
9
9
|
"""
|
|
10
10
|
POST /identity/basic/ HTTP/1.1
|
|
11
|
+
host: nex.toa.io
|
|
11
12
|
content-type: application/yaml
|
|
12
13
|
|
|
13
14
|
username: developer
|
|
@@ -20,6 +21,7 @@ Feature: Basic authentication
|
|
|
20
21
|
When the following request is received:
|
|
21
22
|
"""
|
|
22
23
|
POST /identity/basic/ HTTP/1.1
|
|
24
|
+
host: nex.toa.io
|
|
23
25
|
content-type: application/yaml
|
|
24
26
|
accept: application/yaml
|
|
25
27
|
|
|
@@ -49,6 +51,7 @@ Feature: Basic authentication
|
|
|
49
51
|
When the following request is received:
|
|
50
52
|
"""
|
|
51
53
|
POST /users/ HTTP/1.1
|
|
54
|
+
host: nex.toa.io
|
|
52
55
|
authorization: Basic dXNlcjpwYXNzMTIzNA==
|
|
53
56
|
accept: application/yaml
|
|
54
57
|
content-type: application/yaml
|
|
@@ -66,6 +69,7 @@ Feature: Basic authentication
|
|
|
66
69
|
# basic credentials have been created
|
|
67
70
|
"""
|
|
68
71
|
GET /users/${{ id }}/ HTTP/1.1
|
|
72
|
+
host: nex.toa.io
|
|
69
73
|
authorization: Basic dXNlcjpwYXNzMTIzNA==
|
|
70
74
|
"""
|
|
71
75
|
Then the following reply is sent:
|
|
@@ -76,6 +80,7 @@ Feature: Basic authentication
|
|
|
76
80
|
# valid token has been issued
|
|
77
81
|
"""
|
|
78
82
|
GET /users/${{ id }}/ HTTP/1.1
|
|
83
|
+
host: nex.toa.io
|
|
79
84
|
authorization: Token ${{ token }}
|
|
80
85
|
"""
|
|
81
86
|
Then the following reply is sent:
|
|
@@ -86,6 +91,7 @@ Feature: Basic authentication
|
|
|
86
91
|
When the following request is received:
|
|
87
92
|
"""
|
|
88
93
|
POST /users/ HTTP/1.1
|
|
94
|
+
host: nex.toa.io
|
|
89
95
|
authorization: Basic dXNlcjphbm90aGVycGFzczEyMzQ=
|
|
90
96
|
accept: application/yaml
|
|
91
97
|
content-type: application/yaml
|
|
@@ -100,6 +106,7 @@ Feature: Basic authentication
|
|
|
100
106
|
When the following request is received:
|
|
101
107
|
"""
|
|
102
108
|
POST /users/ HTTP/1.1
|
|
109
|
+
host: nex.toa.io
|
|
103
110
|
authorization: Basic dXNlcjpwYXNzMTIzNA==
|
|
104
111
|
accept: application/yaml
|
|
105
112
|
content-type: application/yaml
|
|
@@ -123,11 +130,12 @@ Feature: Basic authentication
|
|
|
123
130
|
access: granted!
|
|
124
131
|
"""
|
|
125
132
|
And the `identity.basic` database contains:
|
|
126
|
-
| _id | _version | username | password |
|
|
127
|
-
| efe3a65ebbee47ed95a73edd911ea328 | 1 | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
|
|
133
|
+
| _id | _version | authority | username | password |
|
|
134
|
+
| efe3a65ebbee47ed95a73edd911ea328 | 1 | nex | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
|
|
128
135
|
When the following request is received:
|
|
129
136
|
"""
|
|
130
137
|
PATCH /identity/basic/efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
|
|
138
|
+
host: nex.toa.io
|
|
131
139
|
authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
|
|
132
140
|
accept: application/yaml
|
|
133
141
|
content-type: application/yaml
|
|
@@ -142,6 +150,7 @@ Feature: Basic authentication
|
|
|
142
150
|
# old password
|
|
143
151
|
"""
|
|
144
152
|
GET /efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
|
|
153
|
+
host: nex.toa.io
|
|
145
154
|
authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
|
|
146
155
|
"""
|
|
147
156
|
Then the following reply is sent:
|
|
@@ -152,6 +161,7 @@ Feature: Basic authentication
|
|
|
152
161
|
# new password
|
|
153
162
|
"""
|
|
154
163
|
GET /efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
|
|
164
|
+
host: nex.toa.io
|
|
155
165
|
authorization: Basic ZGV2ZWxvcGVyOm5ldy1zZWNyZXQ=
|
|
156
166
|
"""
|
|
157
167
|
Then the following reply is sent:
|
|
@@ -159,14 +169,15 @@ Feature: Basic authentication
|
|
|
159
169
|
200 OK
|
|
160
170
|
"""
|
|
161
171
|
|
|
162
|
-
Scenario: Changing other identity
|
|
172
|
+
Scenario: Changing other identity's password
|
|
163
173
|
Given the `identity.basic` database contains:
|
|
164
|
-
| _id | username | password | _version |
|
|
165
|
-
| efe3a65ebbee47ed95a73edd911ea328 | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O | 1 |
|
|
166
|
-
| 6c0be50cbfb043acafe69cc7d3895f84 | attacker | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O | 1 |
|
|
174
|
+
| _id | authority | username | password | _version |
|
|
175
|
+
| efe3a65ebbee47ed95a73edd911ea328 | nex | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O | 1 |
|
|
176
|
+
| 6c0be50cbfb043acafe69cc7d3895f84 | nex | attacker | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O | 1 |
|
|
167
177
|
When the following request is received:
|
|
168
178
|
"""
|
|
169
179
|
PATCH /identity/basic/efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
|
|
180
|
+
host: nex.toa.io
|
|
170
181
|
authorization: Basic YXR0YWNrZXI6c2VjcmV0
|
|
171
182
|
accept: application/yaml
|
|
172
183
|
content-type: application/yaml
|
|
@@ -182,6 +193,7 @@ Feature: Basic authentication
|
|
|
182
193
|
When the following request is received:
|
|
183
194
|
"""
|
|
184
195
|
POST /identity/basic/ HTTP/1.1
|
|
196
|
+
host: nex.toa.io
|
|
185
197
|
accept: application/yaml
|
|
186
198
|
content-type: application/yaml
|
|
187
199
|
|
|
@@ -190,17 +202,17 @@ Feature: Basic authentication
|
|
|
190
202
|
"""
|
|
191
203
|
Then the following reply is sent:
|
|
192
204
|
"""
|
|
193
|
-
|
|
205
|
+
422 Unprocessable Entity
|
|
194
206
|
|
|
195
207
|
code: <code>
|
|
196
208
|
message: <problem> is not meeting the requirements.
|
|
197
209
|
"""
|
|
198
210
|
Examples:
|
|
199
|
-
| username
|
|
200
|
-
|
|
|
201
|
-
| root
|
|
211
|
+
| username | password | problem | code |
|
|
212
|
+
| zYF8G6obtE3c5ARpZjnMwv0L7lX2dQUyJ1KiHS9ag4fThDPVxCsuIWmNeBqkOrzYF8G6obtE3c5ARpZjnMwv0L7lX2dQUyJ1KiHS9ag4fThDPVxCsuIWmNeBqkOris129 | secret#1234 | Username | INVALID_USERNAME |
|
|
213
|
+
| root | short | Password | INVALID_PASSWORD |
|
|
202
214
|
|
|
203
|
-
Scenario Outline:
|
|
215
|
+
Scenario Outline: <property> is not meeting one of requirements
|
|
204
216
|
Given the `identity.basic` configuration:
|
|
205
217
|
"""yaml
|
|
206
218
|
<property>:
|
|
@@ -208,11 +220,12 @@ Feature: Basic authentication
|
|
|
208
220
|
- ^[^A]{1,16}$ # should not contain 'A'
|
|
209
221
|
"""
|
|
210
222
|
And the `identity.basic` database contains:
|
|
211
|
-
| _id | _version | username | password |
|
|
212
|
-
| efe3a65ebbee47ed95a73edd911ea328 | 1 | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
|
|
223
|
+
| _id | _version | authority | username | password |
|
|
224
|
+
| efe3a65ebbee47ed95a73edd911ea328 | 1 | nex | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
|
|
213
225
|
When the following request is received:
|
|
214
226
|
"""
|
|
215
227
|
PATCH /identity/basic/efe3a65ebbee47ed95a73edd911ea328/ HTTP/1.1
|
|
228
|
+
host: nex.toa.io
|
|
216
229
|
authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
|
|
217
230
|
accept: application/yaml
|
|
218
231
|
content-type: application/yaml
|
|
@@ -221,7 +234,7 @@ Feature: Basic authentication
|
|
|
221
234
|
"""
|
|
222
235
|
Then the following reply is sent:
|
|
223
236
|
"""
|
|
224
|
-
|
|
237
|
+
422 Unprocessable Entity
|
|
225
238
|
"""
|
|
226
239
|
Examples:
|
|
227
240
|
| property |
|
|
@@ -245,6 +258,7 @@ Feature: Basic authentication
|
|
|
245
258
|
When the following request is received:
|
|
246
259
|
"""
|
|
247
260
|
POST /identity/basic/ HTTP/1.1
|
|
261
|
+
host: nex.toa.io
|
|
248
262
|
accept: application/yaml
|
|
249
263
|
content-type: application/yaml
|
|
250
264
|
|
|
@@ -262,6 +276,7 @@ Feature: Basic authentication
|
|
|
262
276
|
When the following request is received:
|
|
263
277
|
"""
|
|
264
278
|
GET /identity/roles/${{ id }}/ HTTP/1.1
|
|
279
|
+
host: nex.toa.io
|
|
265
280
|
authorization: Basic cm9vdDpzZWNyZXQjMTIzNA==
|
|
266
281
|
accept: application/yaml
|
|
267
282
|
"""
|
|
@@ -275,6 +290,7 @@ Feature: Basic authentication
|
|
|
275
290
|
When the following request is received:
|
|
276
291
|
"""
|
|
277
292
|
GET / HTTP/1.1
|
|
293
|
+
host: nex.toa.io
|
|
278
294
|
authorization: Token ${{ token }}
|
|
279
295
|
accept: application/yaml
|
|
280
296
|
"""
|
|
@@ -288,6 +304,7 @@ Feature: Basic authentication
|
|
|
288
304
|
When the following request is received:
|
|
289
305
|
"""
|
|
290
306
|
PATCH /identity/basic/${{ id }}/ HTTP/1.1
|
|
307
|
+
host: nex.toa.io
|
|
291
308
|
authorization: Token ${{ token }}
|
|
292
309
|
accept: application/yaml
|
|
293
310
|
content-type: application/yaml
|
|
@@ -296,7 +313,7 @@ Feature: Basic authentication
|
|
|
296
313
|
"""
|
|
297
314
|
Then the following reply is sent:
|
|
298
315
|
"""
|
|
299
|
-
|
|
316
|
+
422 Unprocessable Entity
|
|
300
317
|
|
|
301
318
|
code: PRINCIPAL_LOCKED
|
|
302
319
|
message: Principal username cannot be changed.
|
|
@@ -318,6 +335,7 @@ Feature: Basic authentication
|
|
|
318
335
|
# identity inception
|
|
319
336
|
"""
|
|
320
337
|
POST /users/ HTTP/1.1
|
|
338
|
+
host: nex.toa.io
|
|
321
339
|
authorization: Basic dXNlcjpwYXNzMTIzNA==
|
|
322
340
|
accept: application/yaml
|
|
323
341
|
content-type: application/yaml
|
|
@@ -332,6 +350,7 @@ Feature: Basic authentication
|
|
|
332
350
|
# same credentials
|
|
333
351
|
"""
|
|
334
352
|
POST /users/ HTTP/1.1
|
|
353
|
+
host: nex.toa.io
|
|
335
354
|
authorization: Basic dXNlcjpwYXNzMTIzNA==
|
|
336
355
|
content-type: text/plain
|
|
337
356
|
|
|
@@ -2,8 +2,8 @@ Feature: Identity resource
|
|
|
2
2
|
|
|
3
3
|
Scenario: Requesting own Identity
|
|
4
4
|
Given the `identity.basic` database contains:
|
|
5
|
-
| _id | username | password |
|
|
6
|
-
| efe3a65ebbee47ed95a73edd911ea328 | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
|
|
5
|
+
| _id | authority | username | password |
|
|
6
|
+
| efe3a65ebbee47ed95a73edd911ea328 | nex | developer | $2b$10$ZRSKkgZoGnrcTNA5w5eCcu3pxDzdTduhteVYXcp56AaNcilNkwJ.O |
|
|
7
7
|
And the `identity.roles` database contains:
|
|
8
8
|
| _id | identity | role |
|
|
9
9
|
| 9c4702490ff84f2a9e1b1da2ab64bdd4 | efe3a65ebbee47ed95a73edd911ea328 | developer |
|
|
@@ -11,6 +11,7 @@ Feature: Identity resource
|
|
|
11
11
|
When the following request is received:
|
|
12
12
|
"""
|
|
13
13
|
GET /identity/ HTTP/1.1
|
|
14
|
+
host: nex.toa.io
|
|
14
15
|
authorization: Basic ZGV2ZWxvcGVyOnNlY3JldA==
|
|
15
16
|
accept: application/yaml
|
|
16
17
|
"""
|
|
@@ -27,6 +28,7 @@ Feature: Identity resource
|
|
|
27
28
|
When the following request is received:
|
|
28
29
|
"""
|
|
29
30
|
GET /identity/ HTTP/1.1
|
|
31
|
+
host: nex.toa.io
|
|
30
32
|
authorization: Token ${{ User.token }}
|
|
31
33
|
accept: application/yaml
|
|
32
34
|
"""
|
|
@@ -43,6 +45,7 @@ Feature: Identity resource
|
|
|
43
45
|
When the following request is received:
|
|
44
46
|
"""
|
|
45
47
|
GET /identity/ HTTP/1.1
|
|
48
|
+
host: nex.toa.io
|
|
46
49
|
authorization: Token ${{ User.token }}
|
|
47
50
|
accept: application/yaml
|
|
48
51
|
"""
|
|
@@ -61,6 +64,7 @@ Feature: Identity resource
|
|
|
61
64
|
When the following request is received:
|
|
62
65
|
"""
|
|
63
66
|
GET /identity/ HTTP/1.1
|
|
67
|
+
host: nex.toa.io
|
|
64
68
|
authorization: Basic dXNlcjpwYXNzMTIzNA==
|
|
65
69
|
"""
|
|
66
70
|
Then the following reply is sent:
|
|
@@ -70,6 +74,7 @@ Feature: Identity resource
|
|
|
70
74
|
When the following request is received:
|
|
71
75
|
"""
|
|
72
76
|
GET /identity/ HTTP/1.1
|
|
77
|
+
host: nex.toa.io
|
|
73
78
|
"""
|
|
74
79
|
Then the following reply is sent:
|
|
75
80
|
"""
|
|
@@ -10,12 +10,13 @@ Feature: Identity Federation
|
|
|
10
10
|
"""yaml
|
|
11
11
|
explicit_identity_creation: false
|
|
12
12
|
trust:
|
|
13
|
-
-
|
|
13
|
+
- iss: http://localhost:44444
|
|
14
14
|
"""
|
|
15
15
|
And the IDP token for User is issued
|
|
16
16
|
When the following request is received:
|
|
17
17
|
"""
|
|
18
18
|
GET /identity/ HTTP/1.1
|
|
19
|
+
host: nex.toa.io
|
|
19
20
|
authorization: Bearer ${{ User.id_token }}
|
|
20
21
|
accept: application/yaml
|
|
21
22
|
content-type: application/yaml
|
|
@@ -32,6 +33,7 @@ Feature: Identity Federation
|
|
|
32
33
|
When the following request is received:
|
|
33
34
|
"""
|
|
34
35
|
GET /identity/ HTTP/1.1
|
|
36
|
+
host: nex.toa.io
|
|
35
37
|
accept: application/yaml
|
|
36
38
|
authorization: Token ${{ User.token }}
|
|
37
39
|
"""
|
|
@@ -45,6 +47,7 @@ Feature: Identity Federation
|
|
|
45
47
|
When the following request is received:
|
|
46
48
|
"""
|
|
47
49
|
GET /identity/ HTTP/1.1
|
|
50
|
+
host: nex.toa.io
|
|
48
51
|
authorization: Bearer ${{ User.id_token }}
|
|
49
52
|
accept: application/yaml
|
|
50
53
|
"""
|
|
@@ -60,7 +63,7 @@ Feature: Identity Federation
|
|
|
60
63
|
"""yaml
|
|
61
64
|
explicit_identity_creation: false
|
|
62
65
|
trust:
|
|
63
|
-
-
|
|
66
|
+
- iss: http://localhost:44444
|
|
64
67
|
secrets:
|
|
65
68
|
HS384:
|
|
66
69
|
k1: the-secret
|
|
@@ -72,6 +75,7 @@ Feature: Identity Federation
|
|
|
72
75
|
When the following request is received:
|
|
73
76
|
"""
|
|
74
77
|
GET /identity/ HTTP/1.1
|
|
78
|
+
host: nex.toa.io
|
|
75
79
|
authorization: Bearer ${{ GoodUser.id_token }}
|
|
76
80
|
accept: application/yaml
|
|
77
81
|
content-type: application/yaml
|
|
@@ -88,7 +92,7 @@ Feature: Identity Federation
|
|
|
88
92
|
Given the `identity.federation` configuration:
|
|
89
93
|
"""yaml
|
|
90
94
|
trust:
|
|
91
|
-
-
|
|
95
|
+
- iss: http://localhost:44444
|
|
92
96
|
"""
|
|
93
97
|
Given the `users` is running with the following manifest:
|
|
94
98
|
"""yaml
|
|
@@ -105,6 +109,7 @@ Feature: Identity Federation
|
|
|
105
109
|
# identity inception
|
|
106
110
|
"""
|
|
107
111
|
POST /users/ HTTP/1.1
|
|
112
|
+
host: nex.toa.io
|
|
108
113
|
authorization: Bearer ${{ Bill.id_token }}
|
|
109
114
|
accept: application/yaml
|
|
110
115
|
content-type: application/yaml
|
|
@@ -122,6 +127,7 @@ Feature: Identity Federation
|
|
|
122
127
|
When the following request is received:
|
|
123
128
|
"""
|
|
124
129
|
GET /identity/ HTTP/1.1
|
|
130
|
+
host: nex.toa.io
|
|
125
131
|
authorization: Token ${{ Bill.token }}
|
|
126
132
|
accept: application/yaml
|
|
127
133
|
"""
|
|
@@ -133,6 +139,7 @@ Feature: Identity Federation
|
|
|
133
139
|
When the following request is received:
|
|
134
140
|
"""
|
|
135
141
|
GET /identity/ HTTP/1.1
|
|
142
|
+
host: nex.toa.io
|
|
136
143
|
authorization: Bearer ${{ Bill.id_token }}
|
|
137
144
|
accept: application/yaml
|
|
138
145
|
"""
|
|
@@ -145,6 +152,7 @@ Feature: Identity Federation
|
|
|
145
152
|
# same credentials
|
|
146
153
|
"""
|
|
147
154
|
POST /users/ HTTP/1.1
|
|
155
|
+
host: nex.toa.io
|
|
148
156
|
authorization: Bearer ${{ Bill.id_token }}
|
|
149
157
|
content-type: text/plain
|
|
150
158
|
|
|
@@ -160,7 +168,7 @@ Feature: Identity Federation
|
|
|
160
168
|
"""yaml
|
|
161
169
|
explicit_identity_creation: false
|
|
162
170
|
trust:
|
|
163
|
-
-
|
|
171
|
+
- iss: http://localhost:44444
|
|
164
172
|
principal:
|
|
165
173
|
iss: http://localhost:44444
|
|
166
174
|
sub: root-mock-id
|
|
@@ -169,6 +177,7 @@ Feature: Identity Federation
|
|
|
169
177
|
When the following request is received:
|
|
170
178
|
"""
|
|
171
179
|
GET /identity/ HTTP/1.1
|
|
180
|
+
host: nex.toa.io
|
|
172
181
|
authorization: Bearer ${{ root.id_token }}
|
|
173
182
|
accept: application/yaml
|
|
174
183
|
content-type: application/yaml
|
|
@@ -185,6 +194,7 @@ Feature: Identity Federation
|
|
|
185
194
|
When the following request is received:
|
|
186
195
|
"""
|
|
187
196
|
GET /identity/ HTTP/1.1
|
|
197
|
+
host: nex.toa.io
|
|
188
198
|
accept: application/yaml
|
|
189
199
|
authorization: Token ${{ root.token }}
|
|
190
200
|
"""
|