Difference between revisions of "User:Infinity Linden/OGP Test Cases"

From Second Life Wiki
Jump to: navigation, search
m (Authentication Test 2.6 - Select Failure of an Account Identifier with a Multiple Agents and a Hashed Authenticator)
 
(29 intermediate revisions by 2 users not shown)
Line 1: Line 1:
'''note: this is a brief note for informational purposes. it's eventually going to be "cleaned up" and moved to a more appropriate place on this wiki.'''
+
* '''note: this is a brief note for informational purposes. it's eventually going to be "cleaned up" and moved to a more appropriate place on this wiki.'''
 
+
* '''note: this is a branch from the original "OGP" Test Case page. PyOGP Test Cases are defined at [[User:Saijanai_Kuhn/OGP_Test_Cases]]'''
 
= Introduction =
 
= Introduction =
  
Line 13: Line 13:
 
Well... that's how it's supposed to be... In the real world, "running code" trumps written specifications, and probably will continue to do so. And that's one of the reasons we have the interop tests; properly written test cases succinctly communicate abstractions introduced in written specifications. So rather than viewing the SLGOGP spec and these tests as separate, think of them as being two sections of the same document.
 
Well... that's how it's supposed to be... In the real world, "running code" trumps written specifications, and probably will continue to do so. And that's one of the reasons we have the interop tests; properly written test cases succinctly communicate abstractions introduced in written specifications. So rather than viewing the SLGOGP spec and these tests as separate, think of them as being two sections of the same document.
  
= Base Tests =
+
= Base Tests ( Test 0.* ) =
 +
 
 +
Many OGP messages take the form of an LLSD message serialized to XML and POSTed to an URL somewhere via HTTP (or HTTPS.) In the ideal world, HTTP would be free from error. But as it turns out there are many ways in which a HTTP request could fail, especially if your implementation of OGP uses proxies, load balancers, n-tier service architectures, etc. These tests are intended to ensure your client library properly communicates HTTP errors, assuming your client library has a standard technique for handling and recovering from such errors.
 +
 
 +
It is entirely possible that ''your'' client library does not handle such errors cleanly. This is not a failure, per se, but we strongly encourage implementers to expose an interface to client applications allowing exceptional events to be communicated through the client library and to the application.
 +
 
 +
== Base Test 0.0 - Return an Exception when Accessing a Non-Existent Resource ==
 +
 
 +
This test simply posts a properly formatted login request to an URL that does not exist. We anticipate a HTTP 404 result code, or at least that's what ''we'' would return if you sent a request to an undefined URL. In an ideal world we would test a resource from each resource class to ensure client library code handling each message properly propagates the "Not Found" exception. However, in the interests of alacrity we're only describing this test in terms of the agent_login resource class.
 +
 
 +
So, test 0.0 is considered "successful" if after attempting to access the agent_login resource defined for fixture 1.0 (Arthur Crimthande) at the agent domain described in fixture 0.404 (the canonical undefined agent domain), the client library produces a "HTTP Not Found" exception.
 +
 
 +
== Base Test 0.1 - Return an Exception when Accessing a "Broken" Resource ==
 +
 
 +
This test posts a properly formatted login request to an URL that has been preconfigured to return a HTTP 500 result code.
 +
 
 +
So, test 0.1 is considered "successful" if after attempting to access the agent_login resource defined for fixture 1.0 (Arthur Crimthande) at the agent domain described in fixture 0.500 (the canonical broken agent domain), the client library produces a "HTTP Internal Server Error" exception.
 +
 
 +
== Base Test 0.2 - Return an Exception when Accessing an "Unavailable" Resource ==
 +
 
 +
This test posts a properly formatted login request to an URL that has been preconfigured to return a HTTP 503 result code.
 +
 
 +
So, test 0.2 is considered "successful" if after attempting to access the agent_login resource defined for fixture 1.0 (Arthur Crimthande) at the agent domain described in fixture 0.503 (the canonical unavailable agent domain), the client library produces a "HTTP Service Not Available" exception.
 +
 
 +
= LLSD Tests ( Test 1.* ) =
 +
 
 +
These tests exercise concepts introduced in the "LLSD" section of the OGP spec.
 +
 
 +
== LLSD Test 1.0 - Return an Exception when Accessing a Resource with the Wrong HTTP Method ==
 +
 
 +
If an agent domain, region domain or region receives a resource request using an unsupported HTTP method, the resource
 +
SHOULD respond with a HTTP 405 result code.
 +
 
 +
Test 1.0 is considered "successful" if, after attempting sending a HTTP GET to the authentication URL defined in fixture 0.200 (a working agent domain), the client library produces a "LLSD Method Not Allowed" exception.
 +
 
 +
== LLSD Test 1.1 - Return an Exception when Accessing a Resource via GET with an Improper Media Type in Accept ==
 +
 
 +
If an agent domain, region domain or region receives a resource request via a HTTP GET, and the requester uses the 'Accept:' header to specify the media type it will accept, and that media type is not supported by the resource, the resource SHOULD respond with a HTTP 415 result code.
 +
 
 +
''hmm... need to define a canonical resource that accepts GET.''
 +
 
 +
== LLSD Test 1.2 - Return an Exception when Accessing a Resource via POST with an Improper Media Type in Accept Header ==
 +
 
 +
If an agent domain, region domain or region receives a resource request via a HTTP POST, and the requester uses the 'Accept:' header to specify the media type it will accept, and that media type is not supported by the resource, the resource SHOULD respond with a HTTP 415 result code.
 +
 
 +
Test 1.2 is considered "successful" if, after POSTing the following message body to the authentication URL defined in fixture 0.200 (a working agent domain) with the 'Content-Type:' header set to 'application/llsd+xml' and the 'Accept:' header is set to 'application/llsd+foo', the client library produces a "LLSD Unsupported Media Type" exception.
 +
 
 +
<pre>
 +
<?xml version="1.0"?>
 +
<llsd>
 +
  <key>agent_login</key>
 +
  <map>
 +
    <key>credential</key>
 +
    <map>
 +
      <key>identifier</key>
 +
      <map>
 +
        <key>type</key>
 +
        <string>agent</string>
 +
        <key>first_name</key>
 +
        <string>Arthur</string>
 +
        <key>last_name</key>
 +
        <string>Crimthande</string>
 +
      </map>
 +
      <key>authenticator</key>
 +
      <map>
 +
        <key>type</key>
 +
        <string>hash</string>
 +
        <key>algorithm</key>
 +
        <string>md5</string>
 +
        <key>secret</key>
 +
        <binary encoding="base16">c169c172e7a5dafc74f69c476c0a4869</binary>
 +
      </map>
 +
    </map>
 +
  </map>
 +
</llsd>
 +
</pre>
 +
 
 +
== LLSD Test 1.3 - Return an Exception when Accessing a Resource via POST with an Improper Media Type in Content-Type Header ==
 +
 
 +
If an agent domain, region domain or region receives a resource request via a HTTP POST, and the requester uses the 'Content-Type:' header to identify the media type of the the request body, and that media type is not supported by the resource, the resource SHOULD respond with a HTTP 415 result code.
 +
 
 +
Test 1.3 is considered "successful" if, after POSTing the following message body to the authentication URL defined in fixture 0.200 (a working agent domain) with the 'Content-Type:' header set to 'application/llsd+foo', the client library produces a "LLSD Unsupported Media Type" exception.
 +
 
 +
<pre>
 +
<?xml version="1.0"?>
 +
<llsd>
 +
  <key>agent_login</key>
 +
  <map>
 +
    <key>credential</key>
 +
    <map>
 +
      <key>identifier</key>
 +
      <map>
 +
        <key>type</key>
 +
        <string>agent</string>
 +
        <key>first_name</key>
 +
        <string>Arthur</string>
 +
        <key>last_name</key>
 +
        <string>Crimthande</string>
 +
      </map>
 +
      <key>authenticator</key>
 +
      <map>
 +
        <key>type</key>
 +
        <string>hash</string>
 +
        <key>algorithm</key>
 +
        <string>md5</string>
 +
        <key>secret</key>
 +
        <binary encoding="base16">c169c172e7a5dafc74f69c476c0a4869</binary>
 +
      </map>
 +
    </map>
 +
  </map>
 +
</llsd>
 +
</pre>
 +
 
 +
== LLSD Test 1.4 - Return an Exception when POSTing bad XML to a Resource ==
 +
 
 +
If an agent domain, region domain or region receives a resource request via a HTTP POST, and Content-Type header of the request describes the body of the request as being a 'application/llsd+xml' media type, and the body is improperly formed XML, the resource SHOULD respond with a HTTP 400 result code.
 +
 
 +
Test 1.4 is considered "successful" if, after POSTing the following message body to the authentication URL defined in fixture 0.200 (a working agent domain) with the 'Content-Type:' header set to 'application/llsd+xml', the client library produces a "LLSD Bad Request" exception.
 +
 
 +
<pre>
 +
<?xml version="1.0"?>
 +
<llsd>
 +
  <key>agent_login</key>
 +
  <map
 +
    <key>credential</key>
 +
    <map>
 +
      <key>identifier</key>
 +
      <map>
 +
        <key>type</key>
 +
        <string>agent</string>
 +
        <key>first_name</key>
 +
        <string>Arthur</string>
 +
        <key>last_name</key>
 +
        <string>Crimthande</string>
 +
      </map>
 +
      <key>authenticator</key>
 +
      <map>
 +
        <key>type</key>
 +
        <string>hash</string>
 +
        <key>algorithm</key>
 +
        <string>md5</string>
 +
        <key>secret</key>
 +
        <binary encoding="base16">c169c172e7a5dafc74f69c476c0a4869</binary>
 +
      </map>
 +
    </map>
 +
  </map>
 +
</llsd>
 +
</pre>
 +
 
 +
== LLSD Test 1.5 - Return an Exception when POSTing a misshaped request to a Resource ==
 +
 
 +
If an agent domain, region domain or region receives a resource request via a HTTP POST, and the requester uses the 'Content-Type:' header to identify the media type of the the request body, and request is "mis-shaped" with respect to the LLIDL definition of the resource, it (the resource) SHOULD respond with a HTTP 400 result code.
 +
 
 +
Test 1.5 is considered "successful" if, after POSTing the following message body to the authentication URL defined in fixture 0.200 (a working agent domain) with the 'Content-Type:' header set to 'application/llsd+xml', the client library produces a "LLSD Bad Request" exception.
 +
 
 +
<pre>
 +
<?xml version="1.0"?>
 +
<llsd>
 +
  <key>agent_login</key>
 +
  <map>
 +
    <key>identifier</key>
 +
    <string>agent</string>
 +
 
 +
    <key>first_name</key>
 +
    <string>Arthur</string>
 +
 
 +
    <key>last_name</key>
 +
    <string>Crimthande</string>
 +
 
 +
    <key>authenticator</key>
 +
    <string>hash</string>
 +
 
 +
    <key>algorithm</key>
 +
    <string>md5</string>
 +
 
 +
    <key>secret</key>
 +
    <binary encoding="base16">c169c172e7a5dafc74f69c476c0a4869</binary>
 +
  </map>
 +
</llsd>
 +
</pre>
 +
 
 +
 
 +
= Authentication Tests ( Test 2.* ) =
 +
 
 +
== Authentication Test 2.0 - Successful Authentication of an Agent Identifier and a Hashed Authenticator ==
 +
 
 +
Test 2.0 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the agent defined in fixture 1.0 (Arthur Crimthande) using a 'hash' type authenticator and an 'agent' type identifier, a 'success' condition response is returned and the agent_seed_capability URI is subordinate to the seed root defined in fixture 0.200 (a working agent domain).
  
== REST Tests ==
+
== Authentication Test 2.1 - Unsuccessful Authentication of an Agent Identifier and a Hashed Authenticator ==
  
== LLSD (Linden Lab Structured Data) ==
+
Test 2.1 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the agent defined in fixture 1.1 (Bertha Crimthande) using a 'hash' type authenticator and an 'agent' type identifier, a 'key' condition response is returned with the salt, count and duration items undefined.
  
== Event Queue ==
 
  
== Capabilities ==
+
== Authentication Test 2.2 - Successful Authentication of an Account Identifier with a Single Agent and a Hashed Authenticator ==
  
= Resource Tests =
+
Test 2.2 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.0 (cristobal@example.com) using a 'hash' type authenticator and an 'account' type identifier, a 'success' condition response is returned and the agent_seed_capability URI is subordinate to the seed root defined in fixture 0.200 (a working agent domain).
  
== Agent Credential ==
+
== Authentication Test 2.3 - Unsuccessful Authentication of an Account Identifier with a Single Agent and a Hashed Authenticator ==
  
== Account Credential ==
+
Test 2.3 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.1 (dolly@example.com) using a 'hash' type authenticator and an 'account' type identifier, a 'key' condition response is returned with the salt, count and duration items undefined.
  
= Login Tests =
+
== Authentication Test 2.4 - Successful Authentication of an Account Identifier with a Multiple Agents with the Selected Agent in the Request and a Hashed Authenticator ==
  
Login is the process of associating a viewer with an agent domain, then placing the user's avatar in a region managed by a (potentially separate) region domain. The spec describes logging in as the sequence:
+
Test 2.4 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.2 (edouard@example.com) using a 'hash' type authenticator and an 'account' type identifier, with the agent defined in fixture 1.4 (Edouard Crimthande) a 'success' condition response is returned and the agent_seed_capability URI is subordinate to the seed root defined in fixture 0.200 (a working agent domain).
  
# The viewer authenticates to an agent domain for the authorized control of a particular agent.
+
== Authentication Test 2.5 - Unsuccessful Authentication of an Account Identifier with a Multiple Agents with the Selected Agent in the Request and a Hashed Authenticator ==
# The viewer directs the agent domain to to place the agent in a region.
+
# The agent domain contacts the region domain for the region, and negotiates placement of the agent.
+
# The region grants access to the agent domain, which in turn passes some of that granted access on to the viewer.
+
  
Testing the login process means logging each of these steps, in order. We should also test that executing them out of order leads to an error.
+
Test 2.5 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.3 (gustav@example.com) using a 'hash' type authenticator and an 'account' type identifier, with the agent defined in fixture 1.6 (Gustav Crimthande) a 'success' condition response is returned and the agent_seed_capability URI is subordinate to the seed root defined in fixture 0.200 (a working agent domain).
  
We assume the code providing underlying services (such as the event queue, LLSD serialization / deserialization, MD5 Hash production, etc.) is reliable and has been tested.
+
== Authentication Test 2.6 - Select Failure of an Account Identifier with a Multiple Agents and a Hashed Authenticator ==
  
{|style="background:white" width="100%" cellpadding="5"
+
Test 2.6 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.4 (ana@example.com) using a 'hash' type authenticator and an 'account' type identifier, without an agent selected in the response, a 'select' condition response is returned with the 'agents' list set to: [ 'Ana', 'Crimthande', 'Bil', 'Crimthande' ].
|- style="background:lightgrey;"
+
| colspan="3" | '''Viewer to Agent Domain Authentication Tests'''
+
|- style="background:lightgrey;"
+
|
+
| '''expecting?'''
+
| '''test description'''
+
|- style="background:lightgrey;"
+
|
+
| success
+
| authenticate to agent domain using good agent name and password
+
|- style="background:lightgrey;"
+
|
+
| success
+
| authenticate to agent domain using good account name and password, where account name maps to a single agent name
+
|- style="background:lightgrey;"
+
|
+
| failure
+
| authenticate to agent domain using good account name and password, where account name maps to a multiple agent names
+
|- style="background:lightgrey;"
+
|
+
| failure
+
| authenticate to agent domain using known account name but bad password
+
|- style="background:lightgrey;"
+
|
+
| failure
+
| authenticate to agent domain using unknown account name
+
|}
+
  
= Teleport Tests =
+
[[Category: Pyogp]]
 +
[[Category:Pyogp_Kitchen_Sink]]
 +
[[Category:AW Groupies]]
 +
[[Category:Grid Interoperability]]
 +
[[Category:AW Groupies User Pages]]

Latest revision as of 15:44, 18 January 2009

  • note: this is a brief note for informational purposes. it's eventually going to be "cleaned up" and moved to a more appropriate place on this wiki.
  • note: this is a branch from the original "OGP" Test Case page. PyOGP Test Cases are defined at User:Saijanai_Kuhn/OGP_Test_Cases

Contents

Introduction

What is This?

In the development of the Open Grid Protocol and the PyOGP project, it became obvious that there were no canonical lists of use cases and things to test. This page is the first effort to remediate this omission. While we don't go as far as providing use cases here, we do list common functionality and interoperability tests.

About the OGP Test Cases

The objective of the Open Grid Protocol is to specify syntax and semantics of SL Grid messages to the degree that interoperable viewers, agent domains, region domains and regions may be coded without resort to close examination of open source code from Linden Lab or peeking into the interaction between running clients and servers. The Second Life Grid has been developed sufficiently, the reasoning goes, that it should be possible to shine the bright light of inquiry on the process and document the living heck out of how the system works. Moving forward we should see advantages as software developers code to documented requirements and standards. The "OGP Test Cases" are a catalog of tests that demonstrate compatibility with the written spec.

Well... that's how it's supposed to be... In the real world, "running code" trumps written specifications, and probably will continue to do so. And that's one of the reasons we have the interop tests; properly written test cases succinctly communicate abstractions introduced in written specifications. So rather than viewing the SLGOGP spec and these tests as separate, think of them as being two sections of the same document.

Base Tests ( Test 0.* )

Many OGP messages take the form of an LLSD message serialized to XML and POSTed to an URL somewhere via HTTP (or HTTPS.) In the ideal world, HTTP would be free from error. But as it turns out there are many ways in which a HTTP request could fail, especially if your implementation of OGP uses proxies, load balancers, n-tier service architectures, etc. These tests are intended to ensure your client library properly communicates HTTP errors, assuming your client library has a standard technique for handling and recovering from such errors.

It is entirely possible that your client library does not handle such errors cleanly. This is not a failure, per se, but we strongly encourage implementers to expose an interface to client applications allowing exceptional events to be communicated through the client library and to the application.

Base Test 0.0 - Return an Exception when Accessing a Non-Existent Resource

This test simply posts a properly formatted login request to an URL that does not exist. We anticipate a HTTP 404 result code, or at least that's what we would return if you sent a request to an undefined URL. In an ideal world we would test a resource from each resource class to ensure client library code handling each message properly propagates the "Not Found" exception. However, in the interests of alacrity we're only describing this test in terms of the agent_login resource class.

So, test 0.0 is considered "successful" if after attempting to access the agent_login resource defined for fixture 1.0 (Arthur Crimthande) at the agent domain described in fixture 0.404 (the canonical undefined agent domain), the client library produces a "HTTP Not Found" exception.

Base Test 0.1 - Return an Exception when Accessing a "Broken" Resource

This test posts a properly formatted login request to an URL that has been preconfigured to return a HTTP 500 result code.

So, test 0.1 is considered "successful" if after attempting to access the agent_login resource defined for fixture 1.0 (Arthur Crimthande) at the agent domain described in fixture 0.500 (the canonical broken agent domain), the client library produces a "HTTP Internal Server Error" exception.

Base Test 0.2 - Return an Exception when Accessing an "Unavailable" Resource

This test posts a properly formatted login request to an URL that has been preconfigured to return a HTTP 503 result code.

So, test 0.2 is considered "successful" if after attempting to access the agent_login resource defined for fixture 1.0 (Arthur Crimthande) at the agent domain described in fixture 0.503 (the canonical unavailable agent domain), the client library produces a "HTTP Service Not Available" exception.

LLSD Tests ( Test 1.* )

These tests exercise concepts introduced in the "LLSD" section of the OGP spec.

LLSD Test 1.0 - Return an Exception when Accessing a Resource with the Wrong HTTP Method

If an agent domain, region domain or region receives a resource request using an unsupported HTTP method, the resource SHOULD respond with a HTTP 405 result code.

Test 1.0 is considered "successful" if, after attempting sending a HTTP GET to the authentication URL defined in fixture 0.200 (a working agent domain), the client library produces a "LLSD Method Not Allowed" exception.

LLSD Test 1.1 - Return an Exception when Accessing a Resource via GET with an Improper Media Type in Accept

If an agent domain, region domain or region receives a resource request via a HTTP GET, and the requester uses the 'Accept:' header to specify the media type it will accept, and that media type is not supported by the resource, the resource SHOULD respond with a HTTP 415 result code.

hmm... need to define a canonical resource that accepts GET.

LLSD Test 1.2 - Return an Exception when Accessing a Resource via POST with an Improper Media Type in Accept Header

If an agent domain, region domain or region receives a resource request via a HTTP POST, and the requester uses the 'Accept:' header to specify the media type it will accept, and that media type is not supported by the resource, the resource SHOULD respond with a HTTP 415 result code.

Test 1.2 is considered "successful" if, after POSTing the following message body to the authentication URL defined in fixture 0.200 (a working agent domain) with the 'Content-Type:' header set to 'application/llsd+xml' and the 'Accept:' header is set to 'application/llsd+foo', the client library produces a "LLSD Unsupported Media Type" exception.

<?xml version="1.0"?>
<llsd>
  <key>agent_login</key>
  <map>
    <key>credential</key>
    <map>
      <key>identifier</key>
      <map>
        <key>type</key>
        <string>agent</string>
        <key>first_name</key>
        <string>Arthur</string>
        <key>last_name</key>
        <string>Crimthande</string>
      </map>
      <key>authenticator</key>
      <map>
        <key>type</key>
        <string>hash</string>
        <key>algorithm</key>
        <string>md5</string>
        <key>secret</key>
        <binary encoding="base16">c169c172e7a5dafc74f69c476c0a4869</binary>
      </map>
    </map>
  </map>
</llsd>

LLSD Test 1.3 - Return an Exception when Accessing a Resource via POST with an Improper Media Type in Content-Type Header

If an agent domain, region domain or region receives a resource request via a HTTP POST, and the requester uses the 'Content-Type:' header to identify the media type of the the request body, and that media type is not supported by the resource, the resource SHOULD respond with a HTTP 415 result code.

Test 1.3 is considered "successful" if, after POSTing the following message body to the authentication URL defined in fixture 0.200 (a working agent domain) with the 'Content-Type:' header set to 'application/llsd+foo', the client library produces a "LLSD Unsupported Media Type" exception.

<?xml version="1.0"?>
<llsd>
  <key>agent_login</key>
  <map>
    <key>credential</key>
    <map>
      <key>identifier</key>
      <map>
        <key>type</key>
        <string>agent</string>
        <key>first_name</key>
        <string>Arthur</string>
        <key>last_name</key>
        <string>Crimthande</string>
      </map>
      <key>authenticator</key>
      <map>
        <key>type</key>
        <string>hash</string>
        <key>algorithm</key>
        <string>md5</string>
        <key>secret</key>
        <binary encoding="base16">c169c172e7a5dafc74f69c476c0a4869</binary>
      </map>
    </map>
  </map>
</llsd>

LLSD Test 1.4 - Return an Exception when POSTing bad XML to a Resource

If an agent domain, region domain or region receives a resource request via a HTTP POST, and Content-Type header of the request describes the body of the request as being a 'application/llsd+xml' media type, and the body is improperly formed XML, the resource SHOULD respond with a HTTP 400 result code.

Test 1.4 is considered "successful" if, after POSTing the following message body to the authentication URL defined in fixture 0.200 (a working agent domain) with the 'Content-Type:' header set to 'application/llsd+xml', the client library produces a "LLSD Bad Request" exception.

<?xml version="1.0"?>
<llsd>
  <key>agent_login</key>
  <map
    <key>credential</key>
    <map>
      <key>identifier</key>
      <map>
        <key>type</key>
        <string>agent</string>
        <key>first_name</key>
        <string>Arthur</string>
        <key>last_name</key>
        <string>Crimthande</string>
      </map>
      <key>authenticator</key>
      <map>
        <key>type</key>
        <string>hash</string>
        <key>algorithm</key>
        <string>md5</string>
        <key>secret</key>
        <binary encoding="base16">c169c172e7a5dafc74f69c476c0a4869</binary>
      </map>
    </map>
  </map>
</llsd>

LLSD Test 1.5 - Return an Exception when POSTing a misshaped request to a Resource

If an agent domain, region domain or region receives a resource request via a HTTP POST, and the requester uses the 'Content-Type:' header to identify the media type of the the request body, and request is "mis-shaped" with respect to the LLIDL definition of the resource, it (the resource) SHOULD respond with a HTTP 400 result code.

Test 1.5 is considered "successful" if, after POSTing the following message body to the authentication URL defined in fixture 0.200 (a working agent domain) with the 'Content-Type:' header set to 'application/llsd+xml', the client library produces a "LLSD Bad Request" exception.

<?xml version="1.0"?>
<llsd>
  <key>agent_login</key>
  <map>
    <key>identifier</key>
    <string>agent</string>

    <key>first_name</key>
    <string>Arthur</string>

    <key>last_name</key>
    <string>Crimthande</string>

    <key>authenticator</key>
    <string>hash</string>

    <key>algorithm</key>
    <string>md5</string>

    <key>secret</key>
    <binary encoding="base16">c169c172e7a5dafc74f69c476c0a4869</binary>
  </map>
</llsd>


Authentication Tests ( Test 2.* )

Authentication Test 2.0 - Successful Authentication of an Agent Identifier and a Hashed Authenticator

Test 2.0 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the agent defined in fixture 1.0 (Arthur Crimthande) using a 'hash' type authenticator and an 'agent' type identifier, a 'success' condition response is returned and the agent_seed_capability URI is subordinate to the seed root defined in fixture 0.200 (a working agent domain).

Authentication Test 2.1 - Unsuccessful Authentication of an Agent Identifier and a Hashed Authenticator

Test 2.1 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the agent defined in fixture 1.1 (Bertha Crimthande) using a 'hash' type authenticator and an 'agent' type identifier, a 'key' condition response is returned with the salt, count and duration items undefined.


Authentication Test 2.2 - Successful Authentication of an Account Identifier with a Single Agent and a Hashed Authenticator

Test 2.2 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.0 (cristobal@example.com) using a 'hash' type authenticator and an 'account' type identifier, a 'success' condition response is returned and the agent_seed_capability URI is subordinate to the seed root defined in fixture 0.200 (a working agent domain).

Authentication Test 2.3 - Unsuccessful Authentication of an Account Identifier with a Single Agent and a Hashed Authenticator

Test 2.3 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.1 (dolly@example.com) using a 'hash' type authenticator and an 'account' type identifier, a 'key' condition response is returned with the salt, count and duration items undefined.

Authentication Test 2.4 - Successful Authentication of an Account Identifier with a Multiple Agents with the Selected Agent in the Request and a Hashed Authenticator

Test 2.4 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.2 (edouard@example.com) using a 'hash' type authenticator and an 'account' type identifier, with the agent defined in fixture 1.4 (Edouard Crimthande) a 'success' condition response is returned and the agent_seed_capability URI is subordinate to the seed root defined in fixture 0.200 (a working agent domain).

Authentication Test 2.5 - Unsuccessful Authentication of an Account Identifier with a Multiple Agents with the Selected Agent in the Request and a Hashed Authenticator

Test 2.5 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.3 (gustav@example.com) using a 'hash' type authenticator and an 'account' type identifier, with the agent defined in fixture 1.6 (Gustav Crimthande) a 'success' condition response is returned and the agent_seed_capability URI is subordinate to the seed root defined in fixture 0.200 (a working agent domain).

Authentication Test 2.6 - Select Failure of an Account Identifier with a Multiple Agents and a Hashed Authenticator

Test 2.6 is considered "successful" if after requesting the agent_login resource defined in fixture 0.200 (a working agent domain) with the account defined in fixture 2.4 (ana@example.com) using a 'hash' type authenticator and an 'account' type identifier, without an agent selected in the response, a 'select' condition response is returned with the 'agents' list set to: [ 'Ana', 'Crimthande', 'Bil', 'Crimthande' ].