North-Seattle-College / ad440-winter2020-thursday-repo

Repository for AD440 Thursday Class in Winter 2020
Apache License 2.0
10 stars 5 forks source link

Test Roles & Permissions for the Application #199

Open mattyplo opened 4 years ago

mattyplo commented 4 years ago

test #194

mattyplo commented 4 years ago

Test Objective:

The purpose of this test is to test the Roles and permissions that were setup via Cognito and implemented through the API Gateway. There are three roles that were created that need to be test: Admin, Employee, and Keyholder. Each role has a specific level of permissions which allows them to access certain information from the database and that information only.

Test Methodology:

Testing specific roles

AWS conveniently lets you test role based authorized access through API Gateway. This was the method I used to test the three roles mentioned above to see if they were implemented correctly.

Test Suite 1

Test 1 - Admin

Expected & Actual Test Results

Test 1.2

Expected & Actual Test Results

Test 1.3

Expected & Actual Test Results Test #1.3

Test 2 - Employee

Expected & Actual Test Results

Test 2.2

Expected & Actual Test Results

Test 2.3

Expected & Actual Test Results

Test 3 - keyholder

Expected & Actual Test Results


##### Test 3.2
_Expected & Actual Test Results_
- Under same sign in, try the test with the access_token or other random token.
- response:
Response Code = 401
Unauthorized request: Unauthorized request: c136079d-473a-4e7f-ade5-b160f99c773f

##### Test 3.3
_Expected & Actual Test Results_
- Try the token again after an hour when it should've expired.
- response:
Response Code = 401
Unauthorized request: 377b03e8-cbf9-4c5c-88d8-875a999f4df5