From b3037b5e10918b96eee0c9a9fdf515f54bead59a Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Thu, 2 Apr 2020 14:30:14 +0200
Subject: [PATCH] Refactor behave tests

---
 .../test/behave/features/login.feature        | 58 -------------------
 .../reject_unauthorized_logins.feature        | 31 ++++++++++
 .../test/behave/features/remember_me.feature  | 37 ++++++++++++
 .../{login.py => compare_json_values.py}      | 32 +---------
 .../steps/webdriver_with_variables.py         | 27 +++++++++
 5 files changed, 97 insertions(+), 88 deletions(-)
 create mode 100644 test/login_logout/test/behave/features/reject_unauthorized_logins.feature
 create mode 100644 test/login_logout/test/behave/features/remember_me.feature
 rename test/login_logout/test/behave/features/steps/{login.py => compare_json_values.py} (52%)
 create mode 100644 test/login_logout/test/behave/features/steps/webdriver_with_variables.py

diff --git a/test/login_logout/test/behave/features/login.feature b/test/login_logout/test/behave/features/login.feature
index 9aa5248..93da304 100644
--- a/test/login_logout/test/behave/features/login.feature
+++ b/test/login_logout/test/behave/features/login.feature
@@ -26,61 +26,3 @@ Scenario: Logout
     Then I wait on element "input#username" for 1000ms to be visible
     And I expect that element "input#password" is visible
     And I expect that element "input#submit" is visible
-
-Scenario: Login with a valid user without access to an application
-    Given the oauth client "home" URL was opened
-    And the element "input#username" is visible
-    When I enter the "username2" in the inputfield "input#username"
-    And I enter the "password" in the inputfield "input#password"
-    And I click on the button "input#submit"
-    Then I wait on element "input#password" for 1000ms to not exist
-    And I expect that element "input#username" does not exist
-    And I expect that the path is "/callback"
-    And I expect that element "body" contains the text "error"
-    And I expect that element "body" contains the text "Permission denied"
-    And I expect that element "body" contains the text "missing application permission"
-
-Scenario: Login with an invalid user without
-    Given the oauth client "home" URL was opened
-    And the element "input#username" is visible
-    When I set "not_a_valid_user" to the inputfield "input#username"
-    And I set "password" to the inputfield "input#password"
-    And I click on the button "input#submit"
-    Then I wait on element "input#password" for 1000ms to not exist
-    And I expect that element "input#username" does not exist
-    And I expect that the path is "/callback"
-    And I expect that element "body" contains the text "error"
-    And I expect that element "body" contains the text "Login denied"
-    And I expect that element "body" contains the text "Invalid username or password"
-
-Scenario: Login with a valid user and remember session
-    Given the oauth client "home" URL was opened
-    And the element "input#username" is visible
-    And the element "input#remember" is visible
-    When I enter the "username" in the inputfield "input#username"
-    And I enter the "password" in the inputfield "input#password"
-    And I click on the element "input#remember"
-    And I click on the button "input#submit"
-    Then I wait on element "input#password" for 1000ms to not exist
-    And I expect that element "input#username" does not exist
-    And I expect that the path is "/callback"
-    And I expect that element "body" contains the text "access_token"
-
-Scenario: Login without providing credentials
-    Given the oauth client "logout" URL was opened
-    And I pause for 1000ms
-    And there is no element "input#username" on the page
-    And there is no element "input#password" on the page
-    And the element "button#continue" is visible
-    When I click on the element "button#continue"
-    Then I wait on element "button#continue" for 1000ms to not exist
-    And I expect that the path is "/callback"
-    And I expect that element "body" contains the text "access_token"
-
-Scenario: Terminate single sign-on session
-    Given the oauth client "logout" URL was opened
-    And I pause for 1000ms
-    And the element "button#logout" is visible
-    When I click on the element "button#logout"
-    Then I expect that the "error" in the json output is "Login cancelled"
-    And I expect that the "error_description" in the json output is "Login was cancelled and user session was terminated"
diff --git a/test/login_logout/test/behave/features/reject_unauthorized_logins.feature b/test/login_logout/test/behave/features/reject_unauthorized_logins.feature
new file mode 100644
index 0000000..c95b995
--- /dev/null
+++ b/test/login_logout/test/behave/features/reject_unauthorized_logins.feature
@@ -0,0 +1,31 @@
+@oauth
+Feature: Test features that prohibit unauthorized access
+    As an attacker or unauthorized user
+    I want to to login to an OAS App
+    And the single sign-on will block my login attempts
+
+Scenario: Login with a valid user without access to an application
+    Given the oauth client "home" URL was opened
+    And the element "input#username" is visible
+    When I enter the "username2" in the inputfield "input#username"
+    And I enter the "password" in the inputfield "input#password"
+    And I click on the button "input#submit"
+    Then I wait on element "input#password" for 1000ms to not exist
+    And I expect that element "input#username" does not exist
+    And I expect that the path is "/callback"
+    And I expect that element "body" contains the text "error"
+    And I expect that element "body" contains the text "Permission denied"
+    And I expect that element "body" contains the text "missing application permission"
+
+Scenario: Login with an invalid user
+    Given the oauth client "home" URL was opened
+    And the element "input#username" is visible
+    When I set "not_a_valid_user" to the inputfield "input#username"
+    And I set "password" to the inputfield "input#password"
+    And I click on the button "input#submit"
+    Then I wait on element "input#password" for 1000ms to not exist
+    And I expect that element "input#username" does not exist
+    And I expect that the path is "/callback"
+    And I expect that element "body" contains the text "error"
+    And I expect that element "body" contains the text "Login denied"
+    And I expect that element "body" contains the text "Invalid username or password"
diff --git a/test/login_logout/test/behave/features/remember_me.feature b/test/login_logout/test/behave/features/remember_me.feature
new file mode 100644
index 0000000..81ad49e
--- /dev/null
+++ b/test/login_logout/test/behave/features/remember_me.feature
@@ -0,0 +1,37 @@
+@oauth
+Feature: Testing single sign-on sessions
+    As an OAS user
+    I want to login once to use an application
+    And I use my active single sign-on session to login again without providing credentials
+
+Scenario: Login with a valid user and remember session
+    Given the oauth client "home" URL was opened
+    And the element "input#username" is visible
+    And the element "input#remember" is visible
+    When I enter the "username" in the inputfield "input#username"
+    And I enter the "password" in the inputfield "input#password"
+    And I click on the element "input#remember"
+    And I click on the button "input#submit"
+    Then I wait on element "input#password" for 1000ms to not exist
+    And I expect that element "input#username" does not exist
+    And I expect that the path is "/callback"
+    And I expect that element "body" contains the text "access_token"
+
+Scenario: Login without providing credentials
+    Given the oauth client "logout" URL was opened
+    And I pause for 1000ms
+    And there is no element "input#username" on the page
+    And there is no element "input#password" on the page
+    And the element "button#continue" is visible
+    When I click on the element "button#continue"
+    Then I wait on element "button#continue" for 1000ms to not exist
+    And I expect that the path is "/callback"
+    And I expect that element "body" contains the text "access_token"
+
+Scenario: Terminate single sign-on session
+    Given the oauth client "logout" URL was opened
+    And I pause for 1000ms
+    And the element "button#logout" is visible
+    When I click on the element "button#logout"
+    Then I expect that the "error" in the json output is "Login cancelled"
+    And I expect that the "error_description" in the json output is "Login was cancelled and user session was terminated"
diff --git a/test/login_logout/test/behave/features/steps/login.py b/test/login_logout/test/behave/features/steps/compare_json_values.py
similarity index 52%
rename from test/login_logout/test/behave/features/steps/login.py
rename to test/login_logout/test/behave/features/steps/compare_json_values.py
index f7ff2b6..da73242 100644
--- a/test/login_logout/test/behave/features/steps/login.py
+++ b/test/login_logout/test/behave/features/steps/compare_json_values.py
@@ -1,35 +1,8 @@
-"""Custom steps for login tests."""
-
-import string
+"""Custom steps for tests that anaylize a website that returns a json object."""
 import json
-
-from behave import given, when
+from behave import given, when, then
 from behave_webdriver.steps import *
 
-
-def before_all(context):
-    pass  # login and save cookies here
-
-@when(u'I open the oauth client "{url}" URL')
-@given(u'The oauth client "{url}" URL was opened')
-def step_impl(context, url):
-    context.behave_driver.get(context.oauth[url])
-
-@when(u'I enter the "{attribute}" in the inputfield "{element}"')
-def step_impl(context, attribute,  element):
-    """Enter value into login inputfields."""
-    elem = context.behave_driver.get_element(element)
-    elem.clear()
-    value = context.oauth[attribute]
-    elem.send_keys(value)
-
-@then(u'I expect that element "{element}" contains the value of var "{variable}"')
-def step_impl(context, element, variable):
-    """Check if value is in field"""
-    elem = context.behave_driver.get_element(element)
-    value = context.oauth[variable]
-    assert value in elem.text
-
 @then(u'I expect that the "{variable}" in the json output is the same as oauth variable "{value}"')
 def step_impl(context, variable, value):
     assert context.oauth[value] == get_value_from_json_body(context, variable)
@@ -49,4 +22,3 @@ def step_impl(context, variable, value):
 def get_value_from_json_body(context, key):
     obj_serialized = context.behave_driver.get_element("body").text
     return json.loads(obj_serialized)[key]
-
diff --git a/test/login_logout/test/behave/features/steps/webdriver_with_variables.py b/test/login_logout/test/behave/features/steps/webdriver_with_variables.py
new file mode 100644
index 0000000..e913d60
--- /dev/null
+++ b/test/login_logout/test/behave/features/steps/webdriver_with_variables.py
@@ -0,0 +1,27 @@
+"""Custom steps for login tests that use oauth environment variables"""
+from behave import given, when, then
+from behave_webdriver.steps import *
+
+
+def before_all(context):
+    pass  # login and save cookies here
+
+@when(u'I open the oauth client "{url}" URL')
+@given(u'The oauth client "{url}" URL was opened')
+def step_impl(context, url):
+    context.behave_driver.get(context.oauth[url])
+
+@when(u'I enter the "{attribute}" in the inputfield "{element}"')
+def step_impl(context, attribute,  element):
+    """Enter value into login inputfields."""
+    elem = context.behave_driver.get_element(element)
+    elem.clear()
+    value = context.oauth[attribute]
+    elem.send_keys(value)
+
+@then(u'I expect that element "{element}" contains the value of var "{variable}"')
+def step_impl(context, element, variable):
+    """Check if value is in field"""
+    elem = context.behave_driver.get_element(element)
+    value = context.oauth[variable]
+    assert value in elem.text
-- 
GitLab