Storyboard 04

From Alistair Mann / csi18n
Jump to: navigation, search

Demonstrating handling a cors-origin record.

All work here by user "test05". Although not mentioned here, use of "*" and "null" as origins are allowed.

  1. Obtain html form describing what to upload
  2. POST original cors-origin record and retrieve its location
  3. Confirm record with a GET from that location
  4. PUT update to that record
  5. GET that record back and confirm updated
  6. Confirm CORS functionality
    1. Unknown domain will be denied by CORS
    2. Original domain above will be denied by CORS
    3. Updated domain above will be approved by CORS
    4. Non-CORS request will be treated as approved by CORS
  7. Confirm DELETE of updated record accepted
  8. GET of the record now returns as 404
#!/bin/bash
source acceptance_tests/predefined_codes.sh
 
echo "First GET should 200 with upload form";
RV=$(curl -i -X GET -H 'Accept: text/html' -H 'X-Track-Security: true' -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' -u 'test05:test' https://rest.mpsvr.com:443/subscribers/me/CORS | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "200" ]]; then
    echo ""
    echo "First GET failed :-(";
    echo $RV
    exit;
fi;
 
echo "First POST to visit link should 201 and provide location";
curl -i -X POST -H 'Connection: close' -H 'X-Track-Security: true' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' -H 'Content-Type: application/json;v=1.0' -u 'test05:test' --data '{"csi18n_cors_origin_resource":{"visitsid":"1","origin":"http://ww.example.com"}}' https://rest.mpsvr.com:443/subscribers/me/CORS >/tmp/x
RV=$(cat /tmp/x | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "201"  &&  "$RV" != "301" ]]; then
    echo ""
    echo "First POST failed :-(";
    echo $RV
    exit;
fi;
LOCATION=$(cat /tmp/x | grep "Location: " | sed 's|Location: ||' | sed 's|.$||')
if [[ "$LOCATION" == "" ]]; then
    echo ""
    echo "\nFirst POST didn't find a Location :-(\n";
    cat /tmp/x
    exit;
fi;
 
echo "Second GET should 200 with uploaded resource";
curl -i -X GET -H 'Accept: application/json' -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' -u 'test05:test' $LOCATION >/tmp/x
RV=$(cat /tmp/x | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "200" ]]; then
    echo ""
    echo "Second GET failed :-(";
    echo $RV $LOCATION
    exit;
fi;
DATA=$(cat /tmp/x | perl -0777 -pe 's/HTTP.*\r\n\r\n//igs')
 
echo "First PUT should 201";
DATA2=$(echo $DATA | perl -0777 -pe 's|"origin":"[^"]+"|"origin":"http:\\/\\/www.example.com"|')
curl -i -X PUT -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' -H 'Content-Type: application/json;v=1.0' -u 'test05:test' --data "$DATA2" $LOCATION >/tmp/x
RV=$(cat /tmp/x | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "201" && "$RV" != "409" ]]; then
    echo ""
    echo "First PUT failed :-(\n";
    echo $DATA2
    echo $LOCATION
    exit;
fi;
 
echo "Third GET should 200 with uploaded resource";
curl -i -X GET -H 'Accept: application/json' -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' -u 'test05:test' $LOCATION >/tmp/x
RV=$(cat /tmp/x | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "200" ]]; then
    echo ""
    echo "Third GET failed :-(";
    echo $RV $LOCATION
    exit;
fi;
RV=$(cat /tmp/x | grep -c 'http:\\/\\/www.example.com')
if [[ "$RV" != "1" ]]; then
    echo ""
    echo "Third GET didn't see correction";
    echo $RV $LOCATION
    exit;
fi;
 
# =======================
 
echo "Testing effect of CORS";
echo "CORS test #1: Request with CORS at unknown domain should fail CORS";
CURLLOC='https://rest.mpsvr.com/xlates/1/Hello,-world/en-CA/anonymous/2311';
curl -i -X OPTIONS -H 'Accept: application/json' -H 'Accept-Language: en-CA' -H 'Origin: http://somewhereelse.com' -H 'Access-Control-Request-Method: GET' -H 'Access-Control-Request-Headers: x-track-security, authorization , x-apikey' -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' $CURLLOC >/tmp/x
RV=$(cat /tmp/x | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "403" ]]; then
    echo ""
    echo "CORS test #1 failed :-(\n";
    echo $RV
    exit;
fi;
RV=$(cat /tmp/x | grep -c "CORS request denied")
if [[ "$RV" != "1" ]]; then
    echo ""
    echo "CORS test #1 didn't see CORS failure";
    echo $RV $LOCATION
    exit;
fi;
 
echo "CORS test #2: Request with CORS at superceded domain should fail CORS";
curl -i -X OPTIONS -H 'Accept: application/json' -H 'Accept-Language: en-CA' -H 'Origin: http://ww.example.com' -H 'Access-Control-Request-Method: GET' -H 'Access-Control-Request-Headers: x-track-security, authorization , x-apikey' -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' $CURLLOC >/tmp/x
RV=$(cat /tmp/x | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "403" ]]; then
    echo ""
    echo "CORS test #2 failed :-(\n";
    echo $RV
    exit;
fi;
RV=$(cat /tmp/x | grep -c "CORS request denied")
if [[ "$RV" != "1" ]]; then
    echo ""
    echo "CORS test #2 didn't see CORS failure";
    echo $RV $LOCATION
    exit;
fi;
 
echo "CORS test #3: Request with CORS at known domain should pass CORS";
curl -i -X OPTIONS -H 'Accept: application/json' -H 'Accept-Language: en-CA' -H 'Origin: http://www.example.com' -H 'Access-Control-Request-Method: GET' -H 'Access-Control-Request-Headers: x-track-security, authorization , x-apikey' -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' $CURLLOC >/tmp/x
RV=$(cat /tmp/x | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "200" ]]; then
    echo ""
    echo "CORS test #3 failed :-(\n";
    echo $CURLLOC
    echo $RV
    exit;
fi;
 
echo "CORS test #4: Request without CORS should pass CORS";
curl -i -X OPTIONS -H 'Accept: application/json' -H 'Accept-Language: en-CA' -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' $CURLLOC >/tmp/x
RV=$(cat /tmp/x | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "401" ]]; then
    echo ""
    echo "CORS test #4 failed :-(\n";
    echo $CURLLOC $RV
    exit;
fi;
RV=$(cat /tmp/x | grep -c "Username or password incorrect. Your papers are not in order")
if [[ "$RV" != "1" ]]; then
    echo ""
    echo "CORS test #4 didn't see CORS failure";
    echo $RV $LOCATION
    exit;
fi;
 
# =======================
 
echo "First DELETE should see 204";
RV=$(curl -i -X DELETE -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' -u 'test05:test' $LOCATION | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "204" ]]; then
    echo ""
    echo "First DELETE failed :-(\n";
    echo $RV
    exit;
fi;
 
echo "Fourth GET should 404";
curl -i -X GET -H 'Accept: application/json' -H 'Connection: close' -H 'X-APIKey: 798e31c43d6b9f03aa504a6f88cb4550' -u 'test05:test' $LOCATION >/tmp/x
RV=$(cat /tmp/x | grep "HTTP/1.1" | grep -v "X-Testing-Dupe: " | cut -c 10-12)
if [[ "$RV" != "404" ]]; then
    echo ""
    echo "Fourth GET failed :-(";
    echo $RV $LOCATION
    exit;
fi;
 
echo "Completed successfully"

And a sample run:

$  acceptance_tests/bash_storyboard_04.sh
First GET should 200 with upload form
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   289  100   289    0     0   2758      0 --:--:-- --:--:-- --:--:--  2919
First POST to visit link should 201 and provide location
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   277  100   196  100    81   1242    513 --:--:-- --:--:-- --:--:--  1272
Second GET should 200 with uploaded resource
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   266  100   266    0     0   2458      0 --:--:-- --:--:-- --:--:--  2607
First PUT should 201
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   410  100   144  100   266    950   1755 --:--:-- --:--:-- --:--:--  1821
Third GET should 200 with uploaded resource
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   267  100   267    0     0   2575      0 --:--:-- --:--:-- --:--:--  2670
Testing effect of CORS
CORS test #1: Request with CORS at unknown domain should fail CORS
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    67  100    67    0     0   1242      0 --:--:-- --:--:-- --:--:--  1395
CORS test #2: Request with CORS at superceded domain should fail CORS
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    67  100    67    0     0   1121      0 --:--:-- --:--:-- --:--:--  1240
CORS test #3: Request with CORS at known domain should pass CORS
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
CORS test #4: Request without CORS should pass CORS
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    62  100    62    0     0   1282      0 --:--:-- --:--:-- --:--:--  1441
First DELETE should see 204
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Fourth GET should 404
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    48  100    48    0     0    463      0 --:--:-- --:--:-- --:--:--   480
Completed successfully
$