Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2026-03-04 02:20:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9b0610b2cceade2f6b3ca0ab2e70e3bcbf0017d8
Stirling-PDF/testing/cucumber/features/enterprise/audit.feature
Anthony Stirling 30c258ce0b cucumber for days (#5766)
2026-02-21 23:17:28 +00:00

139 lines
6.1 KiB
Gherkin
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
@jwt @auth @audit
Feature: Audit Dashboard API
Tests for the audit dashboard REST API endpoints, which provide
audit log data, statistics, and export capabilities.
All endpoints:
- Require ROLE_ADMIN (JWT authentication)
- Are gated by @EnterpriseEndpoint (may return 403 on non-enterprise builds)
Responses are therefore expected to be one of: 200 (enterprise enabled)
or 403 (enterprise feature not available in this build).
Admin credentials: username=admin, password=stirling
# =========================================================================
# AUDIT DATA
# =========================================================================
@positive
Scenario: Admin can retrieve audit log data
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/data" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit data returns 401
When I send a GET request to "/api/v1/audit/data" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT STATS
# =========================================================================
@positive
Scenario: Admin can retrieve audit statistics
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/stats" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit stats returns 401
When I send a GET request to "/api/v1/audit/stats" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT TYPES
# =========================================================================
@positive
Scenario: Admin can retrieve audit event types
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/types" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit types returns 401
When I send a GET request to "/api/v1/audit/types" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT EXPORT (CSV)
# =========================================================================
@positive
Scenario: Admin can export audit log as CSV
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/export/csv" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit CSV export returns 401
When I send a GET request to "/api/v1/audit/export/csv" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT EXPORT (JSON)
# =========================================================================
@positive
Scenario: Admin can export audit log as JSON
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/export/json" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit JSON export returns 401
When I send a GET request to "/api/v1/audit/export/json" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT CLEANUP
# =========================================================================
@positive
Scenario: Admin can trigger cleanup of old audit records
Given I am logged in as admin
When I send a DELETE request to "/api/v1/audit/cleanup/before" with JWT authentication and params "date=2020-01-01"
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit cleanup returns 401
When I send a DELETE request to "/api/v1/audit/cleanup/before" with no authentication and params "date=2020-01-01"
Then the response status code should be 401
# =========================================================================
# PROPRIETARY UI DATA AUDIT EVENTS (AuditRestController)
# Endpoint base: /api/v1/proprietary/ui-data
# =========================================================================
@positive
Scenario: Admin can retrieve paginated audit events from UI data API
Given I am logged in as admin
When I send a GET request to "/api/v1/proprietary/ui-data/audit-events" with JWT authentication
Then the response status code should be one of "200, 403"
@positive
Scenario: Admin can retrieve audit chart data
Given I am logged in as admin
When I send a GET request to "/api/v1/proprietary/ui-data/audit-charts" with JWT authentication
Then the response status code should be one of "200, 403"
@positive
Scenario: Admin can retrieve list of audit event types from UI data API
Given I am logged in as admin
When I send a GET request to "/api/v1/proprietary/ui-data/audit-event-types" with JWT authentication
Then the response status code should be one of "200, 403"
@positive
Scenario: Admin can retrieve list of audited users
Given I am logged in as admin
When I send a GET request to "/api/v1/proprietary/ui-data/audit-users" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to proprietary audit events returns 401
When I send a GET request to "/api/v1/proprietary/ui-data/audit-events" with no authentication
Then the response status code should be 401
Reference in New Issue View Git Blame Copy Permalink