test: add functional tests

atsign-foundation · Oct 2, 2023 · 7c6d614 · 7c6d614
1 parent 6df3bc4
commit 7c6d614
Show file tree

Hide file tree

Showing 3 changed files with 120 additions and 17 deletions.
diff --git a/packages/at_secondary_server/lib/src/exception/global_exception_handler.dart b/packages/at_secondary_server/lib/src/exception/global_exception_handler.dart
@@ -63,7 +63,6 @@ class GlobalExceptionHandler {
         exception is HandShakeException ||
         exception is UnAuthenticatedException ||
         exception is UnAuthorizedException ||
-        exception is AtEnrollmentException ||
         exception is OutBoundConnectionInvalidException ||
         exception is KeyNotFoundException ||
         exception is AtConnectException ||

diff --git a/packages/at_secondary_server/test/enroll_verb_test.dart b/packages/at_secondary_server/test/enroll_verb_test.dart
@@ -332,9 +332,9 @@ void main() {
       String enrollId = await createAndApproveEnrollment();
       // set the enrollment status as expired
       String enrollmentKey =
-      enrollVerbHandler.getEnrollmentKey(enrollId, currentAtsign: '@alice');
+          enrollVerbHandler.getEnrollmentKey(enrollId, currentAtsign: '@alice');
       EnrollDataStoreValue existingEnrollValue =
-      await enrollVerbHandler.getEnrollDataStoreValue(enrollmentKey);
+          await enrollVerbHandler.getEnrollDataStoreValue(enrollmentKey);
       // set the existing state as revoked
       existingEnrollValue.approval!.state = EnrollStatus.revoked.name;
       AtData atData = AtData();
@@ -346,7 +346,7 @@ void main() {
       String command =
           'enroll:update:{"enrollmentId":"$enrollId","namespaces":{"update":"r"}}';
       HashMap<String, String?> verbParams =
-      getVerbParam(VerbSyntax.enroll, command);
+          getVerbParam(VerbSyntax.enroll, command);
       Response response = Response();
       await enrollVerbHandler.processVerb(
           response, verbParams, inboundConnection);
@@ -361,9 +361,9 @@ void main() {
       String enrollId = await createAndApproveEnrollment();
       // set the enrollment status as expired
       String enrollmentKey =
-      enrollVerbHandler.getEnrollmentKey(enrollId, currentAtsign: '@alice');
+          enrollVerbHandler.getEnrollmentKey(enrollId, currentAtsign: '@alice');
       EnrollDataStoreValue existingEnrollValue =
-      await enrollVerbHandler.getEnrollDataStoreValue(enrollmentKey);
+          await enrollVerbHandler.getEnrollDataStoreValue(enrollmentKey);
       existingEnrollValue.approval!.state = EnrollStatus.denied.name;
       AtData atData = AtData();
       atData.data = jsonEncode(existingEnrollValue);
@@ -373,7 +373,7 @@ void main() {
       String command =
           'enroll:update:{"enrollmentId":"$enrollId","namespaces":{"update":"r"}}';
       HashMap<String, String?> verbParams =
-      getVerbParam(VerbSyntax.enroll, command);
+          getVerbParam(VerbSyntax.enroll, command);
       Response response = Response();
       await enrollVerbHandler.processVerb(
           response, verbParams, inboundConnection);
@@ -569,12 +569,12 @@ void main() {
       Response response = Response();
       EnrollVerbHandler enrollVerbHandler =
           EnrollVerbHandler(secondaryKeyStore);
+      await enrollVerbHandler.processVerb(
+          response, verbParams, inboundConnection);
+      expect(response.isError, true);
+      expect(response.errorCode, 'AT0026');
       expect(
-          () async => await enrollVerbHandler.processVerb(
-              response, verbParams, inboundConnection),
-          throwsA(predicate((dynamic e) =>
-              e is AtEnrollmentException &&
-              e.message == 'Invalid otp. Cannot process enroll request')));
+          response.errorMessage, 'Invalid otp. Cannot process enroll request');
     });
 
     tearDown(() async => await verbTestsTearDown());
@@ -1107,12 +1107,14 @@ void main() {
     test(
         'verify behaviour of method: validateEnrollmentRequest() - case not apkam authenticated',
         () {
-      EnrollParams enrollParams = EnrollParams()..otp = 'abcd'..namespaces={"abdc": "rw"};
+      EnrollParams enrollParams = EnrollParams()
+        ..otp = 'abcd'
+        ..namespaces = {"abdc": "rw"};
       expect(
           () => enrollVerbHandler.validateEnrollmentRequest(
               enrollParams, inboundConnection, 'update'),
           throwsA(predicate((dynamic e) =>
-              e is AtEnrollmentException &&
+              e is UnAuthenticatedException &&
               e.toString().contains(
                   'Apkam authentication required to update enrollment'))));
     });
@@ -1160,8 +1162,11 @@ void main() {
       enrollParams.enrollmentId = enrollId;
       enrollParams.namespaces = {'dummy_namespace': 'rw'};
       String enrollmentKeyResponse = await enrollVerbHandler
-          .handleEnrollmentUpdateRequest(enrollParams, atsign);
-      expect(enrollmentKeyResponse, enrollVerbHandler.getEnrollmentKey(enrollId, isSupplementaryKey: true));
+          .handleUpdateEnrollmentRequest(enrollParams, atsign);
+      expect(
+          enrollmentKeyResponse,
+          enrollVerbHandler.getEnrollmentKey(enrollId,
+              isSupplementaryKey: true));
       expect(enrollParams.namespaces, {'dummy_namespace': 'rw'});
       expect(enrollParams.deviceName, enrollDataStoreValue.deviceName);
       expect(enrollParams.appName, enrollDataStoreValue.appName);

diff --git a/tests/at_functional_test/test/enroll_verb_test.dart b/tests/at_functional_test/test/enroll_verb_test.dart
@@ -3,6 +3,7 @@
 import 'dart:convert';
 import 'dart:io';
 
+import 'package:at_commons/at_builders.dart';
 import 'package:at_demo_data/at_demo_data.dart' as at_demos;
 import 'package:at_functional_test/conf/config_util.dart';
 import 'package:test/test.dart';
@@ -157,7 +158,7 @@ void main() {
       var enrollResponse = await read();
       enrollResponse = enrollResponse.replaceFirst('data:', '');
       expect(enrollResponse,
-          'error:AT0011-Exception: Invalid otp. Cannot process enroll request\n');
+          'error:AT0026:Invalid otp. Cannot process enroll request\n');
     });
 
     // Purpose of the tests
@@ -645,6 +646,9 @@ void main() {
   });
 
   group('verify different cases of enroll:update', () {
+
+    /// Creates a new enrollment request and approves the request
+    /// returns the newly approved enrollment_id
     Future<String> getApprovedEnrollment() async {
       await _connect();
       await prepare(socketConnection1!, firstAtsign);
@@ -664,6 +668,20 @@ void main() {
       return enrollId;
     }
 
+    /// Inserts provided key into the secondary server
+    Future<void> updateKey(
+        String key, String namespace, String atsign, String value) async {
+      await _connect();
+      await prepare(socketConnection1!, atsign);
+      UpdateVerbBuilder updateVerbBuilder = UpdateVerbBuilder()
+        ..sharedBy = atsign
+        ..atKey = '$key.$namespace'
+        ..value = value;
+      await socket_writer(socketConnection1!, updateVerbBuilder.buildCommand());
+      assert((await read()).contains('data:'));
+      await socketConnection1?.close();
+    }
+
     test('test enroll:update on an unauthenticated connection', () async {
       await _connect();
       await socket_writer(
@@ -741,6 +759,87 @@ void main() {
       assert(fetchUpdatedEnrollment.contains(enrollId) &&
           fetchUpdatedEnrollment.contains('{"buzz":"rw"}'));
     });
+
+    test('verify enroll:update actually provides access to updated namespaces',
+        () async {
+      // insert keys into secondary server
+      await updateKey('apkam_update_wavi', 'wavi', firstAtsign, 'data_1');
+      await updateKey('apkam_update_buzz', 'buzz', firstAtsign, 'data_2');
+      // create an new enrollment and approve it. Default access 'wavi:rw'
+      String enrollId = await getApprovedEnrollment();
+      await socketConnection1?.close();
+      // create new connection with apkam auth
+      await _connect();
+      await prepare(socketConnection1!, firstAtsign,
+          isApkam: true, enrollmentId: enrollId);
+      // scan keys with only access to 'wavi' namespace
+      socket_writer(socketConnection1!, 'scan');
+      var scanResponse = await read();
+      assert(scanResponse.contains('apkam_update_wavi.wavi$firstAtsign'));
+      // scan should not contain keys with 'buzz' namespace
+      assert(!scanResponse.contains('apkam_update_buzz.buzz$firstAtsign'));
+      // create an enrollment update request
+      await socket_writer(socketConnection1!,
+          'enroll:update:{"enrollmentId":"$enrollId","namespaces":{"wavi":"rw","buzz":"rw"}}');
+      var updateResponse = await read();
+      updateResponse = updateResponse.replaceFirst('data:', '');
+      expect(jsonDecode(updateResponse)['status'], 'pending');
+      expect(jsonDecode(updateResponse)['enrollmentId'], enrollId);
+      // approve the enrollment update request
+      await socket_writer(
+          socketConnection1!, 'enroll:approve:{"enrollmentId":"$enrollId"}');
+      updateResponse = await read();
+      updateResponse = updateResponse.replaceFirst('data:', '');
+      expect(jsonDecode(updateResponse)['status'], 'approved');
+      expect(jsonDecode(updateResponse)['enrollmentId'], enrollId);
+      // assert scan now contains both the keys
+      socket_writer(socketConnection1!, 'scan');
+      scanResponse = await read();
+      print(scanResponse);
+      assert(scanResponse.contains('apkam_update_wavi.wavi$firstAtsign'));
+      assert(scanResponse.contains('apkam_update_buzz.buzz$firstAtsign'));
+    });
+
+    test(
+        'verify that denial of enroll:update request does NOT provides access to updated namespaces',
+        () async {
+      // insert keys into secondary server
+      await updateKey('apkam_update_wavi', 'wavi', firstAtsign, 'data_1');
+      await updateKey('apkam_update_buzz', 'buzz', firstAtsign, 'data_2');
+      // create an new enrollment and approve it. Default access 'wavi:rw'
+      String enrollId = await getApprovedEnrollment();
+      await socketConnection1?.close();
+      // create new connection with apkam auth
+      await _connect();
+      await prepare(socketConnection1!, firstAtsign,
+          isApkam: true, enrollmentId: enrollId);
+      // scan keys with only access to 'wavi' namespace
+      socket_writer(socketConnection1!, 'scan');
+      var scanResponse = await read();
+      assert(scanResponse.contains('apkam_update_wavi.wavi$firstAtsign'));
+      // scan should not contain keys with 'buzz' namespace
+      assert(!scanResponse.contains('apkam_update_buzz.buzz$firstAtsign'));
+      // create an enrollment update request
+      await socket_writer(socketConnection1!,
+          'enroll:update:{"enrollmentId":"$enrollId","namespaces":{"wavi":"rw","buzz":"rw"}}');
+      var updateResponse = await read();
+      updateResponse = updateResponse.replaceFirst('data:', '');
+      expect(jsonDecode(updateResponse)['status'], 'pending');
+      expect(jsonDecode(updateResponse)['enrollmentId'], enrollId);
+      // deny the enrollment update request
+      await socket_writer(
+          socketConnection1!, 'enroll:deny:{"enrollmentId":"$enrollId"}');
+      updateResponse = await read();
+      updateResponse = updateResponse.replaceFirst('data:', '');
+      expect(jsonDecode(updateResponse)['status'], 'denied');
+      expect(jsonDecode(updateResponse)['enrollmentId'], enrollId);
+
+      socket_writer(socketConnection1!, 'scan');
+      scanResponse = await read();
+      assert(scanResponse.contains('apkam_update_wavi.wavi$firstAtsign'));
+      // scan should not contain keys with 'buzz' namespace
+      assert(!scanResponse.contains('apkam_update_buzz.buzz$firstAtsign'));
+    });
   });
 
   group('A group of negative tests on enroll verb', () {