Open ozerugae opened 6 years ago
@nitronarcosis @shan916 Please add onto this checklist anything that you think is missing or needs more details.
Ran the OWASP dependency check. We should upgrade to Spring Boot 1.5.8 which updates Tomcat to 8.5.23.
http://jenkins.codeteam6.io/job/asi-saferides/ws/dependency-check-vulnerability.html https://nvd.nist.gov/vuln/detail/CVE-2017-12617 https://github.com/spring-projects/spring-boot/milestone/91?closed=1
Oh wow! What's up with the mysql connector lol?
Things to test for now. Missing conditions should be added as we go:
[x] Test unauthenticated user (invalid token, no token, expired token)
[x] Test roles access (rider, driver, coordinator, admin)
[ ] Riders:
[ ] Drivers:
[ ] Coordinator:
[ ] Admin:
Planning to test with postman and its collection and test features. I believe the tests and collections are shareable (exportable) from postman which will be great for reproducibility.
ROUTE | METHOD | ROLE |
---|---|---|
/cas/validate | POST | UNAUTHENTICATED |
/config/isLive | GET | UNAUTHENTICATED |
/config/current | GET | COORDINATOR |
/config/update | PUT | COORDINATOR |
/config/message | GET | UNAUTHENTICATED |
/drivers | POST | COORDINATOR |
/drivers | GET | COORDINATOR |
/drivers/{id} | PUT | COORDINATOR |
/drivers/{id} | GET | COORDINATOR |
/drivers/{id} | DELETE | COORDINATOR |
/drivers/me | GET | DRIVER |
/drivers/location | POST | DRIVER |
/drivers/{id}/endofnight | GET | COORDINATOR |
/reports | GET | COORDINATOR |
/reports | POST | COORDINATOR |
/rides | POST | RIDER |
/rides | GET | COORDINATOR |
/rides/{id} | PUT | RIDER |
/rides/{id} | GET | COORDINATOR |
/rides/mine | GET | RIDER |
/users | GET | COORDINATOR |
/users/{id} | PUT | ADMIN |
/users/{id} | GET | ADMIN |
/users/me | GET | RIDER |
JWTs:
First Header | Second Header |
---|---|
ADMIN: Valid | eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImNyZWF0ZWQiOjE1MTA1MzE3OTc3NzcsImV4cCI6MTU1MzczMTc5NywiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifSx7ImF1dGhvcml0eSI6IlJPTEVfRFJJVkVSIn0seyJhdXRob3JpdHkiOiJST0xFX0NPT1JESU5BVE9SIn0seyJhdXRob3JpdHkiOiJST0xFX0FETUlOIn1dfQ.TPzU_cTxP7jkySPBjh-d9G632AW3nLBCiZ1XI2X1Hrf-Yf7uYR1biezqW7qUJ5tXk2MopueQlG7mpw41b1-Ixg |
ADMIN: Expired | eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImNyZWF0ZWQiOjE1MTA1MzE5OTQxOTIsImV4cCI6MTUxMDUzMTk5NSwiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifSx7ImF1dGhvcml0eSI6IlJPTEVfRFJJVkVSIn0seyJhdXRob3JpdHkiOiJST0xFX0NPT1JESU5BVE9SIn0seyJhdXRob3JpdHkiOiJST0xFX0FETUlOIn1dfQ.6v-d0MyUOBuWssVfwiRnTYnf1ZKTdnQz-q0Gp8ufFyfUBSJGlcKKHUkeahFt9U-mZrrHjzYP285ivATDfBI7rQ |
COORDINATOR: Valid | eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJjb29yZGluYXRvciIsImNyZWF0ZWQiOjE1MTA1MzE3OTc4MTYsImV4cCI6MTU1MzczMTc5NywiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifSx7ImF1dGhvcml0eSI6IlJPTEVfRFJJVkVSIn0seyJhdXRob3JpdHkiOiJST0xFX0NPT1JESU5BVE9SIn1dfQ.cdXzUILANSU9UCSTQRNOF1qjklxMyhC_g7Z0Ab2FvLnApbTQqu2q5sJ6wT4ljorKBLNXyVDwipkpfwAgwe1CeQ |
COORDINATOR: Expired | eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJjb29yZGluYXRvciIsImNyZWF0ZWQiOjE1MTA1MzE5OTQyMzEsImV4cCI6MTUxMDUzMTk5NSwiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifSx7ImF1dGhvcml0eSI6IlJPTEVfRFJJVkVSIn0seyJhdXRob3JpdHkiOiJST0xFX0NPT1JESU5BVE9SIn1dfQ.F8AscEEuWoi1M3X0SXJgtkBYQZu01JavJHGOaD_KPvrdZ1hKKFLsPsnMypyDyy4R5CL9a0DxTWgJxjMam3RtKw |
DRIVER: Valid | eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJkcml2ZXIiLCJjcmVhdGVkIjoxNTEwNTMxNzk3ODE3LCJleHAiOjE1NTM3MzE3OTcsImF1dGhvcml0aWVzIjpbeyJhdXRob3JpdHkiOiJST0xFX1JJREVSIn0seyJhdXRob3JpdHkiOiJST0xFX0RSSVZFUiJ9XX0.7JQ5iHTMCsQsgktW_Nv8OtJkclwCt1nRsVa2vq6_mpzM0Fs5BnJyx3fJ4XBT7FQhvG4kJVoFs8Yk2p2VUKuOSw |
DRIVER: Expired | eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJkcml2ZXIiLCJjcmVhdGVkIjoxNTEwNTMxOTk0MjMxLCJleHAiOjE1MTA1MzE5OTUsImF1dGhvcml0aWVzIjpbeyJhdXRob3JpdHkiOiJST0xFX1JJREVSIn0seyJhdXRob3JpdHkiOiJST0xFX0RSSVZFUiJ9XX0.ShIRsUoKevxmf32vZrc_nsVm_WHXTmFb_XTvKKLxELM2hxN1dG8kejUDrGaCo-BLdgXfjwjzZDr-FFqXZXjNnQ |
RIDER: Valid | eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJrd2ludGVycyIsImNyZWF0ZWQiOjE1MTA1MzE3OTc4MTcsImV4cCI6MTU1MzczMTc5NywiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifV19.sXRiAKzG9sln7SXr3VUgb2CvNK7jUj6DyW8-Sx5IInCWWdwylwAHM7qBtFhYQvJuTvGj-2pqJi4eKcRVElJYjw |
RIDER: Expired | eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJrd2ludGVycyIsImNyZWF0ZWQiOjE1MTA1MzE5OTQyMzEsImV4cCI6MTUxMDUzMTk5NSwiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifV19.UYh0TlmFtapYCLHJZpUxgcrvXjTz30KkspsoZjRNtgz4Mgy7p_xQ_Eidl_Qa91O_JEP8xEfg5tGX0hQagwH9fQ |
Unauthenticated Tests: Unauthenticated Tests.zip
Authenticated Tests: Authenticated Tests.zip
/rides/mine is iffy
Beginnings of the maintenance document: https://github.com/shan916/safe-rides/wiki/Production-Install
The following final steps should be performed. Preferably in order. Things in italics are optional