586: Restrict access to only authenticated users via password
Test Case #: 586 | Test Case Name:Restrict access to only authenticated users via password |
System: OpenLMIS | Subsystem: requisition |
Test case designed by: Paulina Borowa | Design Date:17.08.2016 |
Short description: As a User, I must first be authenticated with my username and password before I can use OpenLMIS APIs. Acceptance:
|
|
Pre – conditions: |
Step | Action | Expected system response | Comment |
1 | Run the service with gradle bootRun | ||
2 | Request a token from authentication service with some rest client:
|
| |
3 | Copy the token from response (e.g. {"access_token":"151a02ed-b6b4-4233-9566-cac2b7a1aec9"...)
|
| |
4 | Verify that service name endpoint is accessible without authorization: GET http://localhost:8080/ | Status 200 OK |
|
5 | Verify that any other endpoint is secured, an example for api/geographicLevels: GET http://localhost:8080/api/geographicLevels | Status 401 Unauthorized
| |
6 | GET http://localhost:8080/api/geographicLevels/?access_token=668ad6dd-d322-4649-9da0-55583ebafa70 | Status 200 OK
|
|
OpenLMIS: the global initiative for powerful LMIS software