Skip to content

Commit

Permalink
Add test case for validating WWW-Authenticate header during unauthori…
Browse files Browse the repository at this point in the history
…zed invocation of API with Api keys
  • Loading branch information
nisan-abeywickrama committed Aug 26, 2024
1 parent efd6ee7 commit 6e32a54
Showing 1 changed file with 32 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1240,6 +1240,38 @@ public void testInvocationWithApiKeysWithoutSubscription() throws Exception {
", but got " + invocationResponseAfterSubscriptionRemoved.getResponseCode());
}

@Test(description = "Testing the WWW-Authorization header when invocating an API with API Keys using invalid Authorization header",
dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
public void testApiKeyResponseHeader() throws Exception{

String expectedValue = "API Key realm=\"WSO2 API Manager\"";

Map<String, String> requestHeaders1 = new HashMap<>();
requestHeaders1.put("accept", "application/json");

HttpResponse response1 =
HTTPSClientUtils.doGet(getAPIInvocationURLHttps(mutualSSLandOAuthMandatoryAPIContext, API_VERSION_1_0_0) +
API_END_POINT_METHOD, requestHeaders1);

String wwwAuthenticateHeader = response1.getHeaders().get("WWW-Authenticate");

Assert.assertTrue(wwwAuthenticateHeader.contains(expectedValue),
"The WWW-Authenticate header does not contain the expected API Key value.");

Map<String, String> requestHeaders2 = new HashMap<>();
requestHeaders2.put("accept", "application/json");
requestHeaders2.put("Authorization", null);

HttpResponse response2 =
HTTPSClientUtils.doGet(getAPIInvocationURLHttps(mutualSSLandOAuthMandatoryAPIContext, API_VERSION_1_0_0) +
API_END_POINT_METHOD, requestHeaders2);

wwwAuthenticateHeader = response2.getHeaders().get("WWW-Authenticate");

Assert.assertTrue(wwwAuthenticateHeader.contains(expectedValue),
"The WWW-Authenticate header does not contain the expected API Key value.");
}

@AfterClass(alwaysRun = true)
public void cleanUpArtifacts() throws Exception {
restAPIStore.deleteApplication(applicationId);
Expand Down

0 comments on commit 6e32a54

Please sign in to comment.