Update karate tests (#128)

karatetest/build.gradle

@@ -57,22 +57,22 @@ test {
     systemProperty "retryCount", System.properties.getProperty("retryCount")
     systemProperty "retryInterval", System.properties.getProperty("retryInterval")
     systemProperty "test.apiurl", System.properties.getProperty("test.apiurl")
-    systemProperty "test.apiusername", System.properties.getProperty("test.apiusername")
-    systemProperty "test.apipassword", System.properties.getProperty("test.apipassword")
     systemProperty "test.wrongapiurl", System.properties.getProperty("test.wrongapiurl")
     systemProperty "test.checkstatusurl", System.properties.getProperty("test.checkstatusurl")
     systemProperty "test.checkerrorurl", System.properties.getProperty("test.checkerrorurl")
     systemProperty "test.registrationapiurl", System.properties.getProperty("test.registrationapiurl")
     systemProperty "test.tokenurl", System.properties.getProperty("test.tokenurl")
+    systemProperty "test.clientid", System.properties.getProperty("test.clientid")
+    systemProperty "test.clientsecret", System.properties.getProperty("test.clientsecret")
     systemProperty "dev.apiurl", System.properties.getProperty("dev.apiurl")
-    systemProperty "dev.apiusername", System.properties.getProperty("dev.apiusername")
-    systemProperty "dev.apipassword", System.properties.getProperty("dev.apipassword")
     systemProperty "cucumber.options", System.properties.getProperty("cucumber.options")
     systemProperty "dev.wrongapiurl", System.properties.getProperty("dev.wrongapiurl")
     systemProperty "dev.registrationapiurl", System.properties.getProperty("dev.registrationapiurl")
     systemProperty "dev.tokenurl", System.properties.getProperty("dev.tokenurl")
     systemProperty "dev.checkstatusurl", System.properties.getProperty("dev.checkstatusurl")
     systemProperty "dev.checkerrorurl", System.properties.getProperty("dev.checkerrorurl")
+    systemProperty "dev.clientid", System.properties.getProperty("dev.clientid")
+    systemProperty "dev.clientsecret", System.properties.getProperty("dev.clientsecret")
 
 
     outputs.upToDateWhen { false }

karatetest/src/test/java/com/api/dataingestionautomation/API/Token-Generation-API.feature

@@ -2,36 +2,81 @@
 Feature:Before labs and providers can leverage the Data Ingestion APIs, they must first acquire an authentication token. Registered labs and
   providers can obtain this token by providing their client username and secret.
 
-  Background:
-    * def configauth = { username: '#(apiusername)', password: '#(apipassword)' }
-    * def basicAuth = karate.call('classpath:basic-auth.js', configauth)
-    * header Authorization = basicAuth
-
 
   @token
-  Scenario: Allow users to create a new token
+  Scenario: Allow users to create a new token when correct header info is added
+    * configure headers = { clientid: '#(clientid)', clientsecret: '#(clientsecret)' }
     Given url tokenurl
     When method POST
     Then status 200
     * def token = response
 
   @token
-  Scenario: Do not allow users to create a new token when authorization is missing.
-    * header Authorization = null
+  Scenario: Validate that the token is not generated when clientsecret header is missing
+    * configure headers = { clientid: '#(clientid)' }
+    Given url tokenurl
+    When method POST
+    Then status 400
+    Then match response.detail == "Required header 'clientsecret' is not present."
+
+  @token
+  Scenario: Validate that the token is not generated when clientid header is missing
+    * configure headers = { clientsecret: '#(clientsecret)' }
+    Given url tokenurl
+    When method POST
+    Then status 400
+    Then match response.detail == "Required header 'clientid' is not present."
+
+  @token
+  Scenario: Validate that the token is not generated when both clientid and clientsecret headers are missing
+    Given url tokenurl
+    When method POST
+    Then status 400
+    Then match response.detail == "Required header 'clientid' is not present."
+
+  @token
+  Scenario: Validate that the token is not generated when both clientid and clientsecret headers are added but incorrect clientsecret value is entered.
+    * configure headers = { clientid: '#(clientid)', clientsecret: 'dummyclientsecret' }
+    Given url tokenurl
+    When method POST
+    Then status 401
+    Then match karate.toString(response) contains "Invalid client or Invalid client credentials"
+  @token
+  Scenario: Validate that the token is not generated when both clientid and clientsecret headers are added but incorrect clientid value is entered.
+    * configure headers = { clientid: 'dummyclientid', clientsecret: '#(clientsecret)' }
     Given url tokenurl
     When method POST
-    Then status 500
-    Then match response.details == "Cannot invoke \"org.springframework.security.core.Authentication.getName()\" because \"authentication\" is null"
-    Then match response.message == "An internal server error occurred."
-    Then match response.statusCode == 500
+    Then status 401
+    Then match karate.toString(response) contains "Invalid client or Invalid client credentials"
+
+  @token
+  Scenario: Validate that the token is not generated when both clientid and clientsecret headers are added with incorrect values.
+    * configure headers = { clientid: 'dummyclientid', clientsecret: 'dummyclientsecret' }
+    Given url tokenurl
+    When method POST
+    Then status 401
+    Then match karate.toString(response) contains "Invalid client or Invalid client credentials"
+
+  @token
+  Scenario: Validate that the token is not generated when both clientid and clientsecret headers are added with missing values.
+    * configure headers = { clientid: '', clientsecret: '' }
+    Given url tokenurl
+    When method POST
+    Then status 401
+    Then match karate.toString(response) contains "Invalid client or Invalid client credentials"
+
+  @token
+  Scenario: Validate that the token is not generated when both clientid and clientsecret headers are added with missing clientid value.
+    * configure headers = { clientid: '', clientsecret: '#(clientsecret)' }
+    Given url tokenurl
+    When method POST
+    Then status 401
+    Then match karate.toString(response) contains "Invalid client or Invalid client credentials"
 
   @token
-  Scenario: Do not allow users to create a new token with incorrect authorization credentials
-    * def badAuth = karate.call('classpath:basic-auth.js', { username: 'wronguser', password: 'wrongpass' })
-    * header Authorization = badAuth
+  Scenario: Validate that the token is not generated when both clientid and clientsecret headers are added with missing clientsecret value.
+    * configure headers = { clientid: '#(clientid)', clientsecret: '' }
     Given url tokenurl
     When method POST
     Then status 401
-    Then match response.details == "Full authentication is required to access this resource"
-    Then match response.message == "Unauthorized"
-    Then match response.statusCode == 401
+    Then match karate.toString(response) contains "Invalid client or Invalid client credentials"

karatetest/src/test/java/com/api/dataingestionautomation/API/api.feature

@@ -4,25 +4,21 @@ Feature: Test the API functionality scenarios
   Background:
     * callonce read('common.feature')
     * header Authorization = 'Bearer ' + token
-    * def basicAuth = karate.call('classpath:basic-auth.js', configauth)
     * header Content-Type = 'text/plain'
-
+    * configure headers = { clientid: '#(clientid)', clientsecret: '#(clientsecret)' }
 
 @api
   Scenario: Transmit an empty HL7 message via POST method successfully and capture the error response
     * header msgType = 'HL7'
-    * header validationActive = 'true'
     Given url apiurl
     And request ''
     When method POST
     Then status 400
     Then match response.detail == "Failed to read request"
 
-
   @api
   Scenario: Transmit a valid Hl7 message via incorrect endpoint URL and validate the error response
     * header msgType = 'HL7'
-    * header validationActive = 'true'
     Given url wrongapiurl
     And request 'abdef'
     When method POST
@@ -37,33 +33,121 @@ Feature: Test the API functionality scenarios
     Then status 400
     Then match response.detail == "Required header 'msgType' is not present."
 
+
   @api
-  Scenario: System should not let users transmit an HL7 message with missing validationActive header information
+  Scenario: Transmit a valid Hl7 message with just the HL7 header information
     * header msgType = 'HL7'
+    * def FakerHelper = Java.type('com.api.dataingestionautomation.API.FakerHelper')
+    * def oldfirstname = 'LinkLogic'
+    * def randomFirstName = FakerHelper.getRandomFirstName()
+    * def hl7Message = "MSH|^~\&|LinkLogic^^|LABCORP^34D0655059^CLIA|ALDOH^^|AL^^|202305251105||ORU^R01^ORU_R01|202305221034-A|P^|2.5.1"
+    * def modifiedmsg = hl7Message.replace(oldfirstname, randomFirstName)
     Given url apiurl
+    And request modifiedmsg
+    When method POST
+    Then status 200
+
+  @api
+  Scenario: System should not let users transmit an HL7 message with missing clientid and clientsecret header information
+    Given url apiurl
+    * configure headers = {}
     And request 'abdef'
     When method POST
-    Then status 400
-    Then match response.detail == "Required header 'validationActive' is not present."
+    Then status 401
+    Then match response.details == "Client ID and Client Secret are required"
 
   @api
-  Scenario: System should not let users transmit an HL7 message with missing validationActive and msgType header information
+  Scenario: System should not let users transmit an HL7 message with missing clientid header information
     Given url apiurl
+    * configure headers = { clientsecret: '#(clientsecret)' }
     And request 'abdef'
     When method POST
-    Then status 400
-    Then match response.detail == "Required header 'msgType' is not present."
+    Then status 401
+    Then match response.details == "Client ID and Client Secret are required"
 
   @api
-  Scenario: Transmit a valid Hl7 message with just the HL7 header information
+  Scenario: System should not let users transmit an HL7 message with missing clientsecret header information
+    Given url apiurl
+    * configure headers = { clientid: '#(clientid)' }
+    And request 'abdef'
+    When method POST
+    Then status 401
+    Then match response.details == "Client ID and Client Secret are required"
+
+  @api
+  Scenario: System should not let users transmit an HL7 message with incorrect clientid header value
+    Given url apiurl
+    * configure headers = { clientid: 'dummyclientid', clientsecret: '#(clientsecret)' }
+    And request 'abdef'
+    When method POST
+    Then status 401
+    Then match response.details == "Invalid client or Invalid client credentials"
+
+  @api
+  Scenario: System should not let users transmit an HL7 message with incorrect clientsecret header value
+    Given url apiurl
+    * configure headers = { clientid: '#(clientid)', clientsecret: 'dummycleintsecret' }
+    And request 'abdef'
+    When method POST
+    Then status 401
+    Then match response.details == "Invalid client or Invalid client credentials"
+
+
+  @api
+  Scenario: System should not let users transmit an HL7 message with incorrect msgType header value
+    * header msgType = 'dummyvalue'
+    Given url apiurl
+    And request 'abdef'
+    When method POST
+    Then status 500
+    Then match response.details == "Please provide valid value for msgType header"
+
+  @api
+  Scenario: System should not let users transmit an HL7 message with empty msgType header value
+    * header msgType = ''
+    Given url apiurl
+    And request 'abdef'
+    When method POST
+    Then status 500
+    Then match response.details == "Required headers should not be null"
+
+
+  @api
+  Scenario: System should not let users transmit an HL7 message with empty clientid header value
     * header msgType = 'HL7'
-    * header validationActive = 'true'
-    * def FakerHelper = Java.type('com.api.dataingestionautomation.API.FakerHelper')
-    * def oldfirstname = 'LinkLogic'
-    * def randomFirstName = FakerHelper.getRandomFirstName()
-    * def hl7Message = "MSH|^~\&|LinkLogic^^|LABCORP^34D0655059^CLIA|ALDOH^^|AL^^|202305251105||ORU^R01^ORU_R01|202305221034-A|P^|2.5.1"
-    * def modifiedmsg = hl7Message.replace(oldfirstname, randomFirstName)
+    * configure headers = { clientid: '', clientsecret: 'dummycleintsecret' }
     Given url apiurl
-    And request modifiedmsg
+    And request 'abdef'
+    When method POST
+    Then status 401
+    Then match response.details == "Client ID and Client Secret are required"
+
+  @api
+  Scenario: System should not let users transmit an HL7 message with empty clientsecret header value
+    * header msgType = 'HL7'
+    * configure headers = { clientid: '#(clientid)', clientsecret: '' }
+    Given url apiurl
+    And request 'abdef'
+    When method POST
+    Then status 401
+    Then match response.details == "Client ID and Client Secret are required"
+
+  @api
+  Scenario: System should not let users transmit an HL7 message with missing authorization
+    * header msgType = 'HL7'
+    * header Authorization = null
+    Given url apiurl
+    And request 'abdef'
+    When method POST
+    Then status 401
+    Then match response.details == "Full authentication is required to access this resource"
+
+  @api
+  Scenario: System should not let users transmit an HL7 message with incorrect token
+    * header msgType = 'HL7'
+    * header Authorization = 'Bearer ' + 'abcdedgdgdfgdfhgdfhdfhjdfhjdjj'
+    Given url apiurl
+    And request 'abdef'
     When method POST
-    Then status 200
+    Then status 401
+    Then match response.details == "Provided token isn't active"