Commit f90ec879 authored by Siebers, Michael's avatar Siebers, Michael
Browse files

test endpoints against wrong HTTP methods

add error response json schema
parent ed229de9
......@@ -425,6 +425,11 @@ system_test:endpoint_bg@show:
extends: .system_test:run_with_data_and_db
variables:
TEST_NAME: endpoint_bg@show
system_test:robust against wrong method:
extends: .system_test:run_with_data
variables:
TEST_NAME: robust_wrong_method
# If no FORCE_... variable is set to "yes", no pipeline is created for merge
# requests targetting a non-default branch. Thus, the MR cannot be merged. This
......
......@@ -330,6 +330,9 @@ Explains why an irrelevant file is irrelevant.
- `code`: the HTTP status code (400)
- `message`: an error message
In case of an error, the response body follows [this JSON schema](</doc/schema/response-error-schema.json>).
#### Explanation type
TODO
......
{
"$schema": "http://json-schema.org/draft-07/schema",
"$id": "response-error-schema.json",
"type": "object",
"title": "Error Response",
"description": "The response body when the API returns an error.",
"properties": {
"code": {
"type": "integer",
"minimum": 400,
"maxiumum": 599
},
"message": {
"type": "string",
"minimumLength": 1
}
},
"required": [
"code",
"message"
]
}
[
{"endpoint": "bg/show", "forbidden_method": "HEAD"},
{"endpoint": "bg/show", "forbidden_method": "POST"},
{"endpoint": "bg/show", "forbidden_method": "PUT"},
{"endpoint": "bg/show", "forbidden_method": "DELETE"},
{"endpoint": "bg/show", "forbidden_method": "OPTIONS"},
{"endpoint": "bg/show", "forbidden_method": "TRACE"},
{"endpoint": "bg/show", "forbidden_method": "PATCH"},
{"endpoint": "bg/add", "forbidden_method": "GET"},
{"endpoint": "bg/add", "forbidden_method": "HEAD"},
{"endpoint": "bg/add", "forbidden_method": "PUT"},
{"endpoint": "bg/add", "forbidden_method": "DELETE"},
{"endpoint": "bg/add", "forbidden_method": "OPTIONS"},
{"endpoint": "bg/add", "forbidden_method": "TRACE"},
{"endpoint": "bg/add", "forbidden_method": "PATCH"},
{"endpoint": "bg/remove", "forbidden_method": "GET"},
{"endpoint": "bg/remove", "forbidden_method": "HEAD"},
{"endpoint": "bg/remove", "forbidden_method": "PUT"},
{"endpoint": "bg/remove", "forbidden_method": "DELETE"},
{"endpoint": "bg/remove", "forbidden_method": "OPTIONS"},
{"endpoint": "bg/remove", "forbidden_method": "TRACE"},
{"endpoint": "bg/remove", "forbidden_method": "PATCH"},
{"endpoint": "bg/clear", "forbidden_method": "GET"},
{"endpoint": "bg/clear", "forbidden_method": "HEAD"},
{"endpoint": "bg/clear", "forbidden_method": "PUT"},
{"endpoint": "bg/clear", "forbidden_method": "DELETE"},
{"endpoint": "bg/clear", "forbidden_method": "OPTIONS"},
{"endpoint": "bg/clear", "forbidden_method": "TRACE"},
{"endpoint": "bg/clear", "forbidden_method": "PATCH"}
]
{
"info": {
"_postman_id": "04555b14-2668-48b4-bfe5-202d4d1c2fca",
"name": "Robustness Wrong Method",
"description": "This collection tests whether the [Reasoning WebAPI for Dare2Del](https://gitlab.rz.uni-bamberg.de/cogsys/dare2del/demonstrator) (Version 1.0.0) handles requests with a wrong HTTP method gracefully.\n\nThe collection is to be run with data file `robust_wrong_method-data.json`.",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "Forbidden Method",
"event": [
{
"listen": "test",
"script": {
"exec": [
"pm.test(pm.variables.get(\"test_prefix\") + \"Method Not Allowed\", function () {",
" pm.expect(pm.response.code).to.eql(405);",
"});",
"",
"if(pm.request.method != \"HEAD\") // HEAD requests are correctly answered without body",
" pm.test(pm.variables.get(\"test_prefix\") + \"Valid error response body\", function() {",
" pm.response.to.be.withBody;",
" pm.response.to.be.json;",
"",
" var Ajv = require('ajv');",
" ajv = new Ajv();",
" const validate = ajv.compile(JSON.parse(pm.variables.get(\"response-schema:error\")));",
"",
" const jsonData = pm.response.json();",
" pm.expect(validate(jsonData)).to.be.true;",
" pm.expect(jsonData.code).to.eql(405);",
" });"
],
"type": "text/javascript"
}
},
{
"listen": "prerequest",
"script": {
"exec": [
"if(! pm.collectionVariables.get(\"response-schema:error\")) {",
" const schema_url = \"http://\" + pm.environment.get(\"SERVER\") + pm.environment.get(\"SCHEMA_PATH\") ",
" + \"/response-error-schema.json\";",
" pm.sendRequest(schema_url, function(err, response){",
" pm.test(\"Load error response schema: Status code is 200\", function () {",
" pm.expect(err).to.not.be.ok;",
" console.log(response);",
" pm.expect(response.code).to.eql(200);",
" });",
"",
"",
" pm.test(\"Load error response schema: Response is JSON object\", function() {",
" const jsonData = response.json();",
" pm.expect(jsonData).is.an(\"object\");",
"",
" pm.collectionVariables.set(\"response-schema:error\", JSON.stringify(jsonData));",
" });",
" });",
"}",
"",
"pm.request.method=pm.iterationData.get(\"forbidden_method\").toUpperCase();",
"pm.variables.set(\"test_prefix\", pm.request.method + \" \" + pm.iterationData.get(\"endpoint\") + \": \" );"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disabledSystemHeaders": {
"connection": true
}
},
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{SERVER}}/{{endpoint}}",
"protocol": "http",
"host": [
"{{SERVER}}"
],
"path": [
"{{endpoint}}"
]
}
},
"response": []
}
],
"event": [
{
"listen": "prerequest",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
},
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
}
],
"variable": [
{
"key": "response-schema:error",
"value": ""
}
]
}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment