586: Restrict access to only authenticated users via password

 Test Case #: 586

Test Case Name:Restrict access to only authenticated users via password

System: OpenLMIS

Subsystem: requisition

Test case designed by: Paulina Borowa

Design Date:17.08.2016

Short description

As a User, I must first be authenticated with my username and password before I can use OpenLMIS APIs.

Acceptance:

  • any use of OpenLMIS APIs must be in the context of an authenticated user
  • authentication is via confirmation of a user's password, which is associated to a user (and encrypted!)
    -

                                                                                                                                                   

Pre – conditions:

                                                                                                                                                                                                                                                       


Step 

Action

Expected system response

Comment

1

                                        Run the service with gradle bootRun                                                                                                                                                                                                                                                                  

2

Request a token from authentication service with some rest client:
POST http://localhost:8081/oauth/token?grant_type=password&username=admin&password=password 

 

 

 

3

 Copy the token from response (e.g. {"access_token":"151a02ed-b6b4-4233-9566-cac2b7a1aec9"...)

 

 

 

4

Verify that service name endpoint is accessible without authorization:
GET http://localhost:8080/ 

 Status 200 OK

 

5

 Verify that any other endpoint is secured, an example for api/geographicLevels:
GET http://localhost:8080/api/geographicLevels

 

Status 401 Unauthorized

 

 

6

 GET http://localhost:8080/api/geographicLevels/?access_token=668ad6dd-d322-4649-9da0-55583ebafa70

 

 Status 200 OK

 

 

OpenLMIS: the global initiative for powerful LMIS software