From 73cbaa677fce7b9a20790b347b448df6cebfb2fa Mon Sep 17 00:00:00 2001 From: Isuru Maduranga Date: Tue, 2 May 2023 02:54:16 +0530 Subject: [PATCH] Add System Wide Custom ApiKey Header test case --- .../tests/header/CustomHeaderTestCase.java | 35 +++++++++++++++++++ .../customHeaderTest/deployment.toml | 1 + 2 files changed, 36 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java index 7317efda3e..2d0303a68e 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/header/CustomHeaderTestCase.java @@ -23,6 +23,7 @@ import org.testng.annotations.DataProvider; import org.testng.annotations.Factory; import org.testng.annotations.Test; +import org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO; import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO; @@ -38,6 +39,7 @@ import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNotNull; import static org.wso2.am.integration.tests.restapi.RESTAPITestConstants.APPLICATION_JSON_CONTENT; import static org.wso2.am.integration.tests.restapi.RESTAPITestConstants.AUTHORIZATION_KEY; @@ -46,12 +48,14 @@ import java.net.URL; import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; public class CustomHeaderTestCase extends APIManagerLifecycleBaseTest { private ServerConfigurationManager serverConfigurationManager; private final String CUSTOM_AUTHORIZATION_HEADER = "Test-Custom-Header"; + private final String CUSTOM_API_KEY_HEADER = "Custom-ApiKey-Header"; private final String API1_NAME = "CustomAuthHeaderTestAPI1"; private final String API1_CONTEXT = "customAuthHeaderTest1"; private final String API1_VERSION = "1.0.0"; @@ -97,6 +101,10 @@ public void setEnvironment() throws Exception { apiRequest.setVersion(API1_VERSION); apiRequest.setProvider(user.getUserName()); apiRequest.setTiersCollection(TIER_UNLIMITED); + List securitySchemes = new ArrayList<>(); + securitySchemes.add("oauth2"); + securitySchemes.add("api_key"); + apiRequest.setSecurityScheme(securitySchemes); invocationUrl = getAPIInvocationURLHttps(API1_CONTEXT, API1_VERSION) + "/" + API_END_POINT_METHOD; apiId = createPublishAndSubscribeToAPIUsingRest(apiRequest, restAPIPublisher, restAPIStore, applicationId, APIMIntegrationConstants.API_TIER.UNLIMITED); @@ -133,6 +141,33 @@ public void testSystemWideCustomAuthHeader() throws Exception { "Response code mismatched"); } + @Test(groups = {"wso2.am"}, description = "Set a custom Api key header for all APIs in the system.") + public void testSystemWideCustomApiKeyHeader() throws Exception { + + // Genarate API Keys for the application + APIKeyDTO apiKeyDTO = restAPIStore + .generateAPIKeys(applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), + -1, null, null); + assertNotNull(apiKeyDTO, "API Key generation failed"); + String apiKey = apiKeyDTO.getApikey(); + + // Test whether a request can be made with the correct custom API Key header + Map requestHeaders1 = new HashMap<>(); + requestHeaders1.put("accept", APPLICATION_JSON_CONTENT); + requestHeaders1.put(CUSTOM_API_KEY_HEADER, apiKey); + HttpResponse apiResponse1 = HttpRequestUtil.doGet(invocationUrl, requestHeaders1); + assertEquals(apiResponse1.getResponseCode(), Response.Status.OK.getStatusCode(), + "Response code mismatched"); + + // Test whether the 401 Unauthorized Response is returned with default API Key header + Map requestHeaders2 = new HashMap<>(); + requestHeaders2.put("accept", APPLICATION_JSON_CONTENT); + requestHeaders2.put("apiKey", apiKey); + HttpResponse apiResponse2 = HttpRequestUtil.doGet(invocationUrl, requestHeaders2); + assertEquals(apiResponse2.getResponseCode(), Response.Status.UNAUTHORIZED.getStatusCode(), + "Response code mismatched"); + } + @AfterClass(alwaysRun = true) public void destroy() throws Exception { SubscriptionListDTO subsDTO = restAPIStore.getAllSubscriptionsOfApplication(applicationId); diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml index 7127c39abd..238e4ec003 100755 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/customHeaderTest/deployment.toml @@ -71,6 +71,7 @@ DevAccountName = "devPortTestEnv" [apim.oauth_config] auth_header = "Test-Custom-Header" +api_key_header = "Custom-APIKey-Header" [apim.cors] allow_origins = "*"