Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2026-03-04 02:20:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
340224b40b9c4aa9bf64edb9ed743c7923903ed2
Stirling-PDF/testing/cucumber/features/invite_links.feature
Anthony Stirling 30c258ce0b cucumber for days (#5766)
2026-02-21 23:17:28 +00:00

78 lines
3.6 KiB
Gherkin
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
@jwt @auth @user_mgmt
Feature: Invite Link API
Tests for the invite link REST API, which allows admins to manage
registration invite links.
Endpoints (base: /api/v1/invite from @InviteApi annotation):
- POST /api/v1/invite/generate (admin only, requires MAIL_ENABLEINVITES)
- GET /api/v1/invite/list (admin only)
- GET /api/v1/invite/validate/{token} (public)
- DELETE /api/v1/invite/revoke/{inviteId} (admin only)
- POST /api/v1/invite/cleanup (admin only)
NOTE: The /generate endpoint requires MAIL_ENABLEINVITES=true AND an SMTP
server. Since the CI environment has no SMTP, generate-dependent scenarios
(generate, full lifecycle, revoke-by-id) are omitted. Auth guard tests for
those endpoints are still covered.
Admin credentials: username=admin, password=stirling
# =========================================================================
# GENERATE INVITE LINK auth guard only (no SMTP in CI)
# =========================================================================
@negative
Scenario: Unauthenticated request to generate invite link returns 401
When I send a POST request to "/api/v1/invite/generate" with no authentication and params "role=ROLE_USER&expiryHours=24&sendEmail=false"
Then the response status code should be 401
# =========================================================================
# LIST INVITE LINKS
# =========================================================================
@positive
Scenario: Admin can list all active invite links
Given I am logged in as admin
When I send a GET request to "/api/v1/invite/list" with JWT authentication
Then the response status code should be 200
And the response JSON field "invites" should be a list
@negative
Scenario: Unauthenticated request to list invite links returns 401
When I send a GET request to "/api/v1/invite/list" with no authentication
Then the response status code should be 401
# =========================================================================
# VALIDATE INVITE TOKEN (public endpoint)
# =========================================================================
@negative
Scenario: Validating a non-existent invite token returns 404 or 400
When I send a GET request to "/api/v1/invite/validate/completely-invalid-token-xyz-999" with no authentication
Then the response status code should be one of "400, 404"
# =========================================================================
# REVOKE INVITE LINK auth guard only
# =========================================================================
@negative
Scenario: Unauthenticated request to revoke invite link returns 401
When I send a DELETE request to "/api/v1/invite/revoke/some-id-xyz" with no authentication
Then the response status code should be 401
# =========================================================================
# CLEANUP EXPIRED INVITE LINKS
# =========================================================================
@positive
Scenario: Admin can trigger cleanup of expired invite links
Given I am logged in as admin
When I send a POST request to "/api/v1/invite/cleanup" with JWT authentication
Then the response status code should be 200
@negative
Scenario: Unauthenticated request to cleanup invite links returns 401
When I send a POST request to "/api/v1/invite/cleanup" with no authentication
Then the response status code should be 401
Reference in New Issue View Git Blame Copy Permalink