589: Session expiration

Test Case #:589	Test Case Name:Session expiration
System: OpenLMIS	Subsystem: auth
Test case designed by: Paulina Borowa	Design Date:18.08.2016
Short description: A user's authentication with OpenLMIS should expire after a period of inactivity. Acceptance: once authenticated, a user's access to OpenLMIS may timeout after a period of inactivity. After this timeout, any session token or other identifier (e.g. a cookie) is no longer valid for access to OpenLMIS and authenticated is again required. the activity timeout is configurable (for the entire system, not per user), defaulted to 30 minutes. (Should we include a max limit, like 24 hours?)

Pre – conditions:

Step	Action	Expected system response	Comment
1	Generate access token	access_token=1dffba06-76bd-444f-ba63-bccfb81e600a
2	Create user In URL: http://localhost:8080/api/users?access_token=1dffba06-76bd-444f-ba63-bccfb81e600a Method: Post Example Body: { "referenceDataUserId":"35316636-6264-6331-2d34-3933322d3462", "username":"Name", "password":"123qwe", "email":"soldev@op.pl", "role":"USER" }	Status 201 Created
3	Wait 30 minutes
4	Create user In URL: http://localhost:8080/api/users?access_token=1dffba06-76bd-444f-ba63-bccfb81e600a Method: Post Example Body: { "referenceDataUserId":"35316636-6264-6331-2d34-3933322d3462", "username":"Name2", "password":"123qwe1", "email":"soldev@op.pl", "role":"USER" }	Status 401 Unauthorized	same access token as before

OpenLMIS