Oleksandr Bezdieniezhnykh
12 KiB
Blackbox Tests
Positive Scenarios
FT-P-01: Successful Login
Summary: User with valid credentials receives a JWT token. Traces to: AC-1 Category: Authentication
Preconditions:
- Seed user
admin@azaion.comexists in database
Input data: Valid email/password for seed admin user
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /login with valid email and password | HTTP 200, body contains non-empty token string |
Expected outcome: HTTP 200 with JWT token in response body Max execution time: 5s
FT-P-02: Successful User Registration
Summary: ApiAdmin creates a new user account. Traces to: AC-5, AC-6, AC-7 Category: User Management
Preconditions:
- Caller authenticated as ApiAdmin
Input data: {"email":"newuser@test.com","password":"validpwd1","role":"Operator"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | Login as admin to get JWT | HTTP 200, JWT token |
| 2 | POST /users with valid registration data and ApiAdmin JWT | HTTP 200 |
Expected outcome: HTTP 200, user created Max execution time: 5s
FT-P-03: JWT Token Structure Validation
Summary: JWT token contains correct issuer, audience, and lifetime claims. Traces to: AC-4 Category: Authentication
Preconditions:
- Valid login completed
Input data: JWT token from login response
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | Login to get JWT | HTTP 200, JWT token |
| 2 | Decode JWT payload (Base64) | Claims contain iss, aud, exp |
| 3 | Validate iss == "AzaionApi" |
Match |
| 4 | Validate aud == "Annotators/OrangePi/Admins" |
Match |
| 5 | Validate exp - iat ≈ 14400s (4 hours) |
Within ± 60s |
Expected outcome: All JWT claims match expected values Max execution time: 5s
FT-P-04: First Hardware Check Stores Fingerprint
Summary: On first hardware check, the fingerprint is stored for the user. Traces to: AC-10 Category: Hardware Binding
Preconditions:
- User exists with no hardware bound
Input data: {"hardware":"test-hw-fingerprint-001"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | Register new user, login to get JWT | HTTP 200 |
| 2 | POST /resources/check with hardware string | HTTP 200, body true |
Expected outcome: HTTP 200, hardware stored Max execution time: 5s
FT-P-05: Subsequent Hardware Check Matches
Summary: Same hardware fingerprint passes validation on subsequent calls. Traces to: AC-11 Category: Hardware Binding
Preconditions:
- User with hardware already bound (from FT-P-04)
Input data: Same hardware string as initial binding
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /resources/check with same hardware | HTTP 200, body true |
Expected outcome: HTTP 200 Max execution time: 5s
FT-P-06: List All Users
Summary: ApiAdmin retrieves the user list. Traces to: AC-9 Category: User Management
Preconditions:
- Caller authenticated as ApiAdmin
Input data: GET /users with ApiAdmin JWT
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | GET /users with ApiAdmin JWT | HTTP 200, JSON array with >= 1 user |
Expected outcome: HTTP 200, array containing at least seed users Max execution time: 5s
FT-P-07: Filter Users by Email
Summary: ApiAdmin filters users by email substring. Traces to: AC-9 Category: User Management
Preconditions:
- Caller authenticated as ApiAdmin, seed users exist
Input data: GET /users?email=admin
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | GET /users?email=admin with ApiAdmin JWT | HTTP 200, all returned emails contain "admin" |
Expected outcome: HTTP 200, filtered list Max execution time: 5s
FT-P-08: Upload Resource File
Summary: Authenticated user uploads a file to a resource folder. Traces to: AC-13 Category: Resource Distribution
Preconditions:
- Caller authenticated
Input data: Multipart form upload with 1 KB text file
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /resources/testfolder with multipart file | HTTP 200 |
Expected outcome: HTTP 200, file stored Max execution time: 5s
FT-P-09: Download Encrypted Resource
Summary: Authenticated user downloads an encrypted resource file. Traces to: AC-14, AC-18 Category: Resource Distribution
Preconditions:
- User authenticated, hardware bound, resource file uploaded
Input data: {"password":"validpwd1","hardware":"test-hw-001","fileName":"test.txt"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /resources/get with credentials | HTTP 200, Content-Type: application/octet-stream, non-empty body |
Expected outcome: HTTP 200 with encrypted binary content Max execution time: 10s
FT-P-10: Encryption Round-Trip Verification
Summary: Downloaded encrypted resource decrypts to original file content. Traces to: AC-15, AC-19 Category: Resource Distribution
Preconditions:
- Known file uploaded, user credentials known
Input data: Original file content, user email, password, hardware hash
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | Upload known file | HTTP 200 |
| 2 | Download encrypted file via API | HTTP 200, encrypted bytes |
| 3 | Derive AES key from email + password + hwHash | Key bytes |
| 4 | Decrypt downloaded content with derived key | Decrypted bytes |
| 5 | Compare decrypted bytes with original | Byte-level equality |
Expected outcome: Decrypted content matches original file exactly Max execution time: 10s
FT-P-11: Change User Role
Summary: ApiAdmin changes a user's role. Traces to: AC-9 Category: User Management
Preconditions:
- Target user exists, caller is ApiAdmin
Input data: {"email":"testuser@test.com","role":"Admin"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | PUT /users/role with ApiAdmin JWT | HTTP 200 |
Expected outcome: HTTP 200, role updated Max execution time: 5s
FT-P-12: Disable User Account
Summary: ApiAdmin disables a user account. Traces to: AC-9 Category: User Management
Preconditions:
- Target user exists, caller is ApiAdmin
Input data: {"email":"testuser@test.com","isEnabled":false}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | PUT /users/enable with ApiAdmin JWT | HTTP 200 |
Expected outcome: HTTP 200, account disabled Max execution time: 5s
FT-P-13: Delete User
Summary: ApiAdmin deletes a user account. Traces to: AC-9 Category: User Management
Preconditions:
- Target user exists, caller is ApiAdmin
Input data: DELETE /users?email=testuser@test.com
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | DELETE /users?email=testuser@test.com with ApiAdmin JWT | HTTP 200 |
Expected outcome: HTTP 200, user deleted Max execution time: 5s
Negative Scenarios
FT-N-01: Login with Unknown Email
Summary: Login attempt with non-existent email returns appropriate error. Traces to: AC-2 Category: Authentication
Preconditions:
- Email does not exist in database
Input data: {"email":"nonexistent@test.com","password":"anypass1"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /login with unknown email | HTTP 409, ExceptionEnum code 10 (NoEmailFound) |
Expected outcome: HTTP 409 with error code 10 Max execution time: 5s
FT-N-02: Login with Wrong Password
Summary: Login attempt with correct email but wrong password returns error. Traces to: AC-3 Category: Authentication
Preconditions:
- User exists in database
Input data: {"email":"admin@azaion.com","password":"wrongpassword123"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /login with wrong password | HTTP 409, ExceptionEnum code 30 (WrongPassword) |
Expected outcome: HTTP 409 with error code 30 Max execution time: 5s
FT-N-03: Register with Short Email
Summary: Registration with email shorter than 8 characters is rejected. Traces to: AC-5 Category: User Management
Preconditions:
- Caller authenticated as ApiAdmin
Input data: {"email":"short","password":"validpwd1","role":"Operator"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /users with short email | HTTP 400, validation error |
Expected outcome: HTTP 400 with email length validation error Max execution time: 5s
FT-N-04: Register with Invalid Email Format
Summary: Registration with invalid email format (>= 8 chars but not email) is rejected. Traces to: AC-6 Category: User Management
Preconditions:
- Caller authenticated as ApiAdmin
Input data: {"email":"notanemail","password":"validpwd1","role":"Operator"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /users with invalid email format | HTTP 400, validation error |
Expected outcome: HTTP 400 with email format validation error Max execution time: 5s
FT-N-05: Upload Empty File
Summary: Upload request with no file attached returns error. Traces to: AC-16 Category: Resource Distribution
Preconditions:
- Caller authenticated
Input data: POST /resources/testfolder with no file
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /resources/testfolder with empty request | HTTP 409, ExceptionEnum code 70 (NoFileProvided) |
Expected outcome: HTTP 409 with error code 70 Max execution time: 5s
FT-N-06: Hardware Mismatch
Summary: Hardware check with different fingerprint after binding returns error. Traces to: AC-12 Category: Hardware Binding
Preconditions:
- User has hardware already bound to a different fingerprint
Input data: {"hardware":"different-hardware-xyz"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /resources/check with different hardware | HTTP 409, ExceptionEnum code 40 (HardwareIdMismatch) |
Expected outcome: HTTP 409 with error code 40 Max execution time: 5s
FT-N-07: Register Duplicate Email
Summary: Registration with already-existing email returns error. Traces to: AC-8 Category: User Management
Preconditions:
- User with target email already exists
Input data: {"email":"admin@azaion.com","password":"validpwd1","role":"Operator"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /users with existing email | HTTP 409, ExceptionEnum code 20 (EmailExists) |
Expected outcome: HTTP 409 with error code 20 Max execution time: 5s
FT-N-08: Register with Short Password
Summary: Registration with password shorter than 8 characters is rejected. Traces to: AC-7 Category: User Management
Preconditions:
- Caller authenticated as ApiAdmin
Input data: {"email":"newuser@test.com","password":"short","role":"Operator"}
Steps:
| Step | Consumer Action | Expected System Response |
|---|---|---|
| 1 | POST /users with short password | HTTP 400, validation error |
Expected outcome: HTTP 400 with password length validation error Max execution time: 5s