Create unit tests for Orthanc authentication endpoint: oAuth bearer token (session) and API token based
Provide set of tests which demonstrate that web applications require server issued tokens before allowing access.
- Session based tokens (JWT generated)
- HMAC-SHA1 signatures (Access ID/Secret Key)
- Permanent API tokens (issued to users from Sonador)
Test cases:
- Use a valid API token to retrieve a list of servers
- expected result: 200 with list of JSON data
- Attempt to use an invalid API token to retrieve a list of servers
- expected result: 401/403
- Use a valid HAMC-SHA1 to retrieve list of servers
- expected result: 200 with list of servers
- Use a invalid HMAC-SHA1 (randomly generated) to retrieve list of servers
- expected result: 401/403
- Use a valid HMAC-SHA1 to retrieve a session token and use session token to retrieve data from API
- expected result: 200
- Use a session token to upload images to Orthanc and then query for the corresponding studies/series
- Attempt to use an invalid session token to upload images
- expected result: 401/403
- Attempt to use invalid session token to query images
- expected result: 401/403