Open mattyplo opened 4 years ago
The purpose of this test is to test the Roles and permissions that were setup via Cognito and implemented through the API Gateway. There are three roles that were created that need to be test: Admin, Employee, and Keyholder. Each role has a specific level of permissions which allows them to access certain information from the database and that information only.
AWS conveniently lets you test role based authorized access through API Gateway. This was the method I used to test the three roles mentioned above to see if they were implemented correctly.
Expected & Actual Test Results
{
"at_hash": "UHI2_rZg4lVsP77isIs-YA",
"aud": "72glcbibfefumdab16h54lff9q",
"auth_time": "1583854910",
"cognito:groups": "Keyholder,Employee,Administrator",
"cognito:preferred_role": "arn:aws:iam::061431082068:role/cognito_userpool_admin",
"cognito:roles": "arn:aws:iam::061431082068:role/cognito_userpool_admin,arn:aws:iam::061431082068:role/cognito_userpool_keyholder,arn:aws:iam::061431082068:role/cognito_userpool_employee",
"cognito:username": "admin",
"email": "syatwork@outlook.com",
"email_verified": "true",
"event_id": "dc1046a0-a66b-4d9b-a10a-3e1e3d869cd2",
"exp": "Tue Mar 10 16:41:50 UTC 2020",
"iat": "Tue Mar 10 15:41:50 UTC 2020",
"iss": "https://cognito-idp.us-west-2.amazonaws.com/us-west-2_xV6TGf7xl",
"sub": "a4653ad7-8b86-4aa0-bd26-cdfcae45e540",
"token_use": "id"
}
Expected & Actual Test Results
Expected & Actual Test Results Test #1.3
Expected & Actual Test Results
{
"at_hash": "z-Fg7tAGhu1_svNMFjxMrw",
"aud": "72glcbibfefumdab16h54lff9q",
"auth_time": "1583942026",
"cognito:groups": "Employee",
"cognito:preferred_role": "arn:aws:iam::061431082068:role/cognito_userpool_employee",
"cognito:roles": "arn:aws:iam::061431082068:role/cognito_userpool_employee",
"cognito:username": "employee",
"email": "e1508340@urhen.com",
"email_verified": "true",
"event_id": "7b4ae765-4ad1-4013-ae9f-c634cf59148c",
"exp": "Wed Mar 11 16:53:46 UTC 2020",
"iat": "Wed Mar 11 15:53:46 UTC 2020",
"iss": "https://cognito-idp.us-west-2.amazonaws.com/us-west-2_xV6TGf7xl",
"sub": "ed14b030-e723-471a-b649-f45679169b93",
"token_use": "id"
}
Expected & Actual Test Results
Expected & Actual Test Results
Expected & Actual Test Results
{
"at_hash": "gNV_0wiMs46wnfczOzKYVA",
"aud": "72glcbibfefumdab16h54lff9q",
"auth_time": "1583856393",
"cognito:groups": "Keyholder",
"cognito:preferred_role": "arn:aws:iam::061431082068:role/cognito_userpool_keyholder",
"cognito:roles": "arn:aws:iam::061431082068:role/cognito_userpool_keyholder",
"cognito:username": "keyholder",
"email": "e1509118@urhen.com",
"email_verified": "true",
"event_id": "a04cb8c3-fa9e-4485-b132-7137b49777c7",
"exp": "Tue Mar 10 17:06:33 UTC 2020",
"iat": "Tue Mar 10 16:06:33 UTC 2020",
"iss": "https://cognito-idp.us-west-2.amazonaws.com/us-west-2_xV6TGf7xl",
"sub": "cf758434-5560-4f9b-b252-4b475fbeb643",
"token_use": "id"
}
##### Test 3.2
_Expected & Actual Test Results_
- Under same sign in, try the test with the access_token or other random token.
- response:
Response Code = 401
Unauthorized request: Unauthorized request: c136079d-473a-4e7f-ade5-b160f99c773f
##### Test 3.3
_Expected & Actual Test Results_
- Try the token again after an hour when it should've expired.
- response:
Response Code = 401
Unauthorized request: 377b03e8-cbf9-4c5c-88d8-875a999f4df5
test #194