Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-18 03:01:05 +01:00
Code Issues Packages Projects Releases Activity
Files
941f76d2f1d1b07ee3f4b31eb8dfb9e80dede2e5
SCM-Manager/docs/v2/SCMM-v2-Test-Cases.md

868 lines
21 KiB
Markdown
Raw Normal View History

migrate bitbucket wiki to docs folder
2020-03-09 08:01:43 +01:00
Describes the expected behaviour for SCMM v2 REST Resources using manual tests.
[TOC]
# Test Cases
The following states general test cases per HTTP Method and en expected return code as well as exemplary curl calls.
Resource-specifics are stated
## GET
- Collection Resource (e.g. `/users`)
- Without parameters -> 200
- Parameters
- `?pageSize=1` -> Only one embedded element, pageTotal reflects the correct number of pages, `last` link points to last page.
- `?pageSize=1&page=1` -> `next` link points to page 0 ; `prev` link points to page 2
- `?sortBy=admin` -> Sorted by `admin` field of embedded objects
- `?sortBy=admin&desc=true` -> Invert sorting
- Individual Resource (e.g. `/users/scmadmin`)
- Exists -> 200
- Not Existings -> 404
- Known Field (e.g. `?fields=name`) returns only name field
- Unknown field (e.g. `?fields=nam`) returns empty object
- without permission (individual and collection (TODO)) -> 401
## POST
- not existing -> 204
- existing -> 409
- without permission -> 401
## PUT
- existing -> 204
- lastModified is updated
- lastModified & creationDate cannot be overwritten by client
- not exist -> 404
- Change ID / Name (the one from the URL in the body) -> 400
- Partial PUT (Set only one field, for example) -> Set all other fields to null or return 400?
- without permission -> 401
- Change unmodifiable fields
- ID/Name --> 400
- creationDate, lastModified --> 200 is liberally ignored
- Additional unmodifiable fields per resource, see examples
## DELETE
- existing -> 204
- not existing -> 204
- without permission -> 401
# Exemplary calls & Resource specific test cases
In order to extend those tests to other Resources, have a look at the rest docs. Note that the Content Type is specific to each resource as well.
After calling `mvn -pl scm-webapp compile -P doc` the docs are available at `scm-webapp/target/restdocs/index.html`.
## Users
### GET
#### Collections
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/users?sortBy=admin&desc=true"
```
#### Individual
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/users/scmadmin?fields=name,_links"
```
### POST
```
#!bash
curl -vu scmadmin:scmadmin --data '{
"properties": null,
"active": true,
"admin": false,
"creationDate": 1527510477501,
"displayName": "xyz",
"lastModified": null,
"mail": "x@abcde.cd",
"name": "xyz",
"password": "pwd123",
"type": "xml"
}' \
--header "Content-Type: application/vnd.scmm-user+json;v=2" http://localhost:8081/scm/api/v2/users/
```
### PUT
- Change unmodifiable fields
- type? -> can be overwritten right now
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"properties": null,
"active": true,
"admin": false,
"creationDate": 1527510477501,
"displayName": "xyz",
"lastModified": null,
"mail": "x@abcde.cd",
"name": "xyz",
"password": "pwd123",
"type": "xml"
}' \
--header "Content-Type: application/vnd.scmm-user+json;v=2" http://localhost:8081/scm/api/v2/users/xyz
```
### DELETE
```
#!bash
curl -X DELETE -vu scmadmin:scmadmin http://localhost:8081/scm/api/v2/users/xyz
```
## Groups
### GET
#### Collections
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/groups/?sortBy=name&desc=true"
```
#### Individual
```
#!bash
curl -vu scmadmin:scmadmin http://localhost:8081/scm/api/v2/groups/firstGroup
```
### POST
```
#!bash
curl -vu scmadmin:scmadmin --data '{
"creationDate": "2018-06-28T07:42:45.281Z",
"lastModified": "2018-06-28T07:42:45.281Z",
"description": "descr",
"name": "firstGroup",
"type": "admin",
"members": [ "scmadmin" ],
"properties": {
"pro1": "123",
"pro2": "abc"
},
"links": {
"empty": true
}
}' \
--header "Content-Type: application/vnd.scmm-group+json" http://localhost:8081/scm/api/v2/groups/
```
### PUT
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"creationDate": "2018-06-28T07:42:45.281Z",
"lastModified": "2018-06-28T07:42:45.281Z",
"description": "descr",
"name": "firstGroup",
"type": "admin",
"members": [ "scmadmin" ],
"properties": {
"pro1": "123",
"pro2": "abc"
},
"links": {
"empty": true
}
}' \
--header "Content-Type: application/vnd.scmm-group+json" http://localhost:8081/scm/api/v2/groups/firstGroup
```
### DELETE
```
#!bash
curl -X DELETE -vu scmadmin:scmadmin http://localhost:8081/scm/api/v2/groups/firstGroup
```
## Repositories
### GET
#### Collections
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/?sortBy=name&pageSize=1&desc=true"
```
#### Individual
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/42/arepo"
```
### POST
```
#!bash
curl -vu scmadmin:scmadmin --data '{
"contact": "a@con.tact",
"creationDate": "2018-07-11T08:54:44.569Z",
"description": "Desc",
"name": "arepo",
"type": "git"
}' --header "Content-Type: application/vnd.scmm-repository+json" http://localhost:8081/scm/api/v2/repositories
```
### PUT
- Change unmodifiable fields
- type? -> Leads to 500 right now
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"contact": "anoter@con.tact",
"creationDate": "2017-04-11T08:54:45.569Z",
"description": "NEW",
"namespace": "42",
"name": "arepo",
"type": "git",
"archived": "true"
}' --header "Content-Type: application/vnd.scmm-repository+json" http://localhost:8081/scm/api/v2/repositories/42/arepo
```
### DELETE
```
#!bash
curl -X DELETE -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/42/anSVNRepo"
```
## Repository Permissions
In this test we do not only test the REST endpoints themselves, but also the effect of the different permissions.
### Prerequisites
For these tests we assume that you have created
- a git repository `scmadmin/git`, and
- a user named `user`.
If your entities have other ids, change them according to your data.
### GET
This request should return an empty list of permissions:
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/git/permissions/"
```
### POST / READ permission
```
#!bash
curl -X POST -vu scmadmin:scmadmin --data '{
"name": "user", "type":"READ"
}' --header "Content-Type: application/vnd.scmm-permission+json"
"http://localhost:8081/scm/api/v2/repositories/scmadmin/git/permissions/"
```
After this, you should be able to `GET` the repository with the user `user`:
```
#!bash
curl -vu user:user "http://localhost:8081/scm/api/v2/repositories/scmadmin/git/permissions/"
```
Trying to change the repository using `PUT` with the user `user` should result in `403`:
```
#!bash
curl -vu user:user -X PUT --data '{
"contact": "zaphod.beeblebrox@hitchhiker.com",
"namespace":"scmadmin",
"name": "git",
"archived": false,
"type": "git"
}
' --header "Content-Type: application/vnd.scmm-repository+json" http://localhost:8081/scm/api/v2/repositories/scmadmin/git
```
Reading the permissions of the repository with the user `user` should result in `403`:
```
#!bash
curl -vu user:user "http://localhost:8081/scm/api/v2/repositories/scmadmin/git/permissions/"
```
The user should be able to `clone` the repository:
```
#!bash
git clone http://owner@localhost:8081/scm/git/scmadmin/git
```
The user should *not* be able to `push` to the repository:
```
#!bash
cd git
touch a
git add a
git commit -m a
git push
```
### PUT / WRITE permission
It should be possible to change the permission for a specific user:
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"name": "user",
"type":"WRITE"
}' --header "Content-Type: application/vnd.scmm-permission+json" "http://localhost:8081/scm/api/v2/repositories/scmadmin/git/permissions/user"
```
After this the user `user` should now be able to `push` the repository created and modified beforehand.
```
#!bash
cd git
git push
```
### OWNER permission
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"name": "user",
"type":"OWNER"
}' --header "Content-Type: application/vnd.scmm-permission+json" "http://localhost:8081/scm/api/v2/repositories/scmadmin/git/permissions/user"
```
After this, the user should be able to `GET` the permissions:
```
#!bash
curl -vu user:user "http://localhost:8081/scm/api/v2/repositories/scmadmin/git/permissions/"
```
Additionally, the user should be able to change permissions:
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"name": "user",
"type":"OWNER"
}' --header "Content-Type: application/vnd.scmm-permission+json" "http://localhost:8081/scm/api/v2/repositories/scmadmin/git/permissions/user"
```
### DELETE
Finally, a user with the role `OWNER` should be able to delete permissions:
```
#!bash
curl -X DELETE -vu user:user "http://localhost:8081/scm/api/v2/repositories/scmadmin/git/permissions/user"
```
## Branches
* In advance: POST repo.
* Clone Repo, add Branches
### GET
#### Collections
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/arepo/branches"
```
#### Individual
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/arepo/branches/master"
```
## Configuration
### GET
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/config"
```
### PUT
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"proxyPassword": "pw",
"proxyPort": 8082,
"proxyServer": "proxy.mydomain.com",
"proxyUser": "trillian",
"enableProxy": false,
"realmDescription": "SONIA :: SCM Manager",
"enableRepositoryArchive": true,
"disableGroupingGrid": true,
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"anonymousAccessEnabled": false,
"adminGroups": [ "admin", "plebs" ],
"adminUsers": [ "trillian", "arthur" ],
"baseUrl": "http://localhost:8081/scm",
"forceBaseUrl": true,
"loginAttemptLimit": 1,
"proxyExcludes": [ "ex", "clude" ],
"skipFailedAuthenticators": true,
"pluginUrl": "url",
"loginAttemptLimitTimeout": 0,
"enabledXsrfProtection": false
}' --header "Content-Type: application/vnd.scmm-config+json" http://localhost:8081/scm/api/v2/config
```
## Git Plugin Configuration
### GET
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/config/git"
```
### PUT
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"gcExpression": "0 0 14-6 ? * FRI-MON",
"repositoryDirectory": "new",
"disabled": true
}' --header "Content-Type: application/vnd.scmm-gitConfig+json" http://localhost:8081/scm/api/v2/config/git
```
## Hg Plugin Configuration
### GET
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/config/hg"
```
### PUT
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"repositoryDirectory": "new",
"disabled": true,
"encoding": "UTF-16",
"hgBinary": "/hg",
"pythonBinary": "python3",
"pythonPath": "gf",
"useOptimizedBytecode": true,
"showRevisionInId": true
}' --header "Content-Type: application/vnd.scmm-hgConfig+json" http://localhost:8081/scm/api/v2/config/hg
```
### Auto Config
#### Default
```
#!bash
curl -v -X PUT -u scmadmin:scmadmin "http://localhost:8081/scm/api/v2/config/hg/auto-configuration"
```
#### Specific config
```
#!bash
curl -v -X PUT -u scmadmin:scmadmin --data '{
"repositoryDirectory": "new",
"disabled": true,
"encoding": "UTF-16",
"hgBinary": "/hg",
"pythonBinary": "python3",
"pythonPath": "gf",
"useOptimizedBytecode": true,
"showRevisionInId": true
}' --header "Content-Type: application/vnd.scmm-hgConfig+json" "http://localhost:8081/scm/api/v2/config/hg/auto-configuration"
```
### Installations
#### Hg
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/config/hg/installations/hg"
```
#### Python
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/config/hg/installations/python"
```
### Packages
#### GET
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/config/hg/packages"
```
#### PUT
See [here](https://download.scm-manager.org/pkg/mercurial/packages.xml) for available packages. Will only work on Windows!
```
#!bash
curl -X PUT -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/config/hg/packages/4338c4_x64"
```
## Svn Plugin Configuration
### GET
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/config/svn"
```
### PUT
```
#!bash
curl -X PUT -vu scmadmin:scmadmin --data '{
"repositoryDirectory": "new",
"disabled": true,
"enabledGZip": true,
"compatibility": "PRE15"
}' --header "Content-Type: application/vnd.scmm-svnConfig+json" http://localhost:8081/scm/api/v2/config/svn
```
## Repository Types
### GET
#### Collections
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repository-types"
```
#### Individual
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repository-types/hg"
```
## Tags
### GET
Pre-conditions: the git repository "HeartOfGold-git" exists and contains tags example v1.0 and v1.1
#### Collections
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/HeartOfGold-git/tags/"
```
#### Individual
```
#!bash
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/HeartOfGold-git/tags/v1.1"
```
## Content
### git
#### Prepare
```
#!bash
curl -vu scmadmin:scmadmin --data '{
"contact": "a@con.tact",
"creationDate": "2018-07-11T08:54:44.569Z",
"description": "Desc",
"name": "arepo",
"type": "git"
}' --header "Content-Type: application/vnd.scmm-repository+json" http://localhost:8081/scm/api/v2/repositories
cd /tmp
git clone http://scmadmin:scmadmin@localhost:8081/scm/git/scmadmin/arepo
cd arepo
echo "aaaa" > a
echo "bbb" > b.txt
wget https://bitbucket.org/sdorra/scm-manager/raw/f87655df229a94556aecf7d6b408ec0dcedb4e2a/scm-webapp/src/main/java/sonia/scm/api/RestActionResult.java
git add .
git commit -m 'Msg'
git push
```
#### Query and assert
```
#!bash
# Assert Content type text plain
curl -X HEAD -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/arepo/content/$(git rev-parse HEAD)/b.txt" 2>&1 | grep Content-Type
# Assert file content "bbb"
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/arepo/content/$(git rev-parse HEAD)/b.txt"
# Assert Content type octet stream
curl -X HEAD -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/arepo/content/$(git rev-parse HEAD)/a" 2>&1 | grep Content-Type
# Assert file content "aaa"
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/arepo/content/$(git rev-parse HEAD)/a"
# Assert content type text/x-java-source & Language Header JAVA
curl -X HEAD -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/arepo/content/$(git rev-parse HEAD)/RestActionResult.java" 2>&1 | grep -E 'Content-Type|Language'
# Assert java file content
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/arepo/content/$(git rev-parse HEAD)/RestActionResult.java"
```
### hg
#### Prepare
```
#!bash
curl -vu scmadmin:scmadmin --data '{
"contact": "a@con.tact",
"creationDate": "2018-07-11T08:54:44.569Z",
"description": "Desc",
"name": "hgrepo",
"type": "hg"
}' --header "Content-Type: application/vnd.scmm-repository+json" http://localhost:8081/scm/api/v2/repositories
hg clone http://scmadmin:scmadmin@localhost:8081/scm/hg/scmadmin/hgrepo
cd hgrepo
echo "aaaa" > a
echo "bbb" > b.txt
wget https://bitbucket.org/sdorra/scm-manager/raw/f87655df229a94556aecf7d6b408ec0dcedb4e2a/scm-webapp/src/main/java/sonia/scm/api/RestActionResult.java
hg add
hg commit -m 'msg'
hg push
```
#### Query and assert
```
#!bash
# Assert Content type text plain
curl -X HEAD -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/hgrepo/content/$(hg identify --id)/b.txt" 2>&1 | grep Content-Type
# Assert file content "bbb"
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/hgrepo/content/$(hg identify --id)/b.txt"
# Assert Content type octet stream
curl -X HEAD -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/hgrepo/content/$(hg identify --id)/a" 2>&1 | grep Content-Type
# Assert file content "aaa"
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/hgrepo/content/$(hg identify --id)/a"
# Assert content type text/x-java-source & Language Header JAVA
curl -X HEAD -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/hgrepo/content/$(hg identify --id)/RestActionResult.java" 2>&1 | grep -E 'Content-Type|Language'
# Assert java file content
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/hgrepo/content/$(hg identify --id)/RestActionResult.java"
```
### svn
#### Prepare
```
#!bash
curl -vu scmadmin:scmadmin --data '{
"contact": "a@con.tact",
"creationDate": "2018-07-11T08:54:44.569Z",
"description": "Desc",
"name": "svnrepo",
"type": "svn"
}' --header "Content-Type: application/vnd.scmm-repository+json" http://localhost:8081/scm/api/v2/repositories
svn co --non-interactive --no-auth-cache --username scmadmin --password scmadmin http://localhost:8081/scm/svn/scmadmin/svnrepo
cd svnrepo
echo "aaaa" > a
echo "bbb" > b.txt
wget https://bitbucket.org/sdorra/scm-manager/raw/f87655df229a94556aecf7d6b408ec0dcedb4e2a/scm-webapp/src/main/java/sonia/scm/api/RestActionResult.java
svn add ./*
svn commit --non-interactive --no-auth-cache --username scmadmin --password scmadmin -m 'msg'
```
#### Query and assert
```
#!bash
REVISION=$(svn --non-interactive --no-auth-cache --username scmadmin --password scmadmin info -r 'HEAD' --show-item revision | xargs echo -n)
# Assert Content type text plain
curl -X HEAD -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/svnrepo/content/${REVISION}/b.txt" 2>&1 | grep Content-Type
# Assert file content "bbb"
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/svnrepo/content/${REVISION}/b.txt"
# Assert Content type octet stream
curl -X HEAD -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/svnrepo/content/${REVISION}/a" 2>&1 | grep Content-Type
# Assert file content "aaa"
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/svnrepo/content/${REVISION}/a"
# Assert content type text/x-java-source & Language Header JAVA
curl -X HEAD -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/svnrepo/content/${REVISION}/RestActionResult.java" 2>&1 | grep -E 'Content-Type|Language'
# Assert java file content
curl -vu scmadmin:scmadmin "http://localhost:8081/scm/api/v2/repositories/scmadmin/svnrepo/content/${REVISION}/RestActionResult.java"
```
## Access Token
### Admin
#### Output all links of index resource
```
#!bash
TOKEN=$(curl -s 'http://localhost:8081/scm/api/v2/auth/access_token' -H 'content-type: application/json' --data '{
"cookie": false,
"grant_type": "password",
"username": "scmadmin",
"password": "scmadmin"
}')
curl -s http://localhost:8081/scm/api/v2/ -H "Authorization: Bearer ${TOKEN}" | jq
```
#### Output only "config" and default logged in links
default logged in links = self, uiPlugins, me, logout
```
#!bash
TOKEN=$(curl -s 'http://localhost:8081/scm/api/v2/auth/access_token' -H 'content-type: application/json' --data '{
"cookie": false,
"grant_type": "password",
"username": "scmadmin",
"password": "scmadmin",
"scope": [
"configuration:*"
]
}')
curl -s http://localhost:8081/scm/api/v2/ -H "Authorization: Bearer ${TOKEN}" | jq
```
### non-Admin
Create non-admin user
```
#!bash
curl -vu scmadmin:scmadmin --data '{
"active": true,
"admin": false,
"displayName": "xyz",
"mail": "x@abcde.cd",
"name": "xyz",
"password": "pwd123",
"type": "xml"
}' \
--header "Content-Type: application/vnd.scmm-user+json;v=2" http://localhost:8081/scm/api/v2/users/
```
#### Standard permissions of a logged in user without additional permissions
Standard links of a logged in user = self, uiPlugins, me, logout, autocomplete, repositories
```
#!bash
TOKEN=$(curl -s 'http://localhost:8081/scm/api/v2/auth/access_token' -H 'content-type: application/json' --data '{
"cookie": false,
"grant_type": "password",
"username": "xyz",
"password": "pwd123"
}')
curl -s http://localhost:8081/scm/api/v2/ -H "Authorization: Bearer ${TOKEN}" | jq
```
#### Scope requests permission the user doesn't have
This should not retrun `configuration` links, even though this scope was requested, because the user does not have the configuration permission. Otherwise this would be a major security flaw!
Compare to admin tests above.
```
#!bash
TOKEN=$(curl -s 'http://localhost:8081/scm/api/v2/auth/access_token' -H 'content-type: application/json' --data '{
"cookie": false,
"grant_type": "password",
"username": "xyz",
"password": "pwd123",
"scope": [
"configuration:*"
]
}')
curl -s http://localhost:8081/scm/api/v2/ -H "Authorization: Bearer ${TOKEN}" | jq
```
Reference in New Issue Copy Permalink