fix: add missing PAT documetantion (#3618)

* apidoc for generate and validate, return correct status code Signed-off-by: ac892247 <[email protected]> * remaining PAT documentation Signed-off-by: ac892247 <[email protected]> * expect correct status code Signed-off-by: ac892247 <[email protected]> * fix remaining tests Signed-off-by: ac892247 <[email protected]> * authorization details Signed-off-by: ac892247 <[email protected]> --------- Signed-off-by: ac892247 <[email protected]> Co-authored-by: Pablo Carle <[email protected]>
zowe · Jun 28, 2024 · 224f897 · 224f897
1 parent 4f78c91
commit 224f897
Show file tree

Hide file tree

Showing 5 changed files with 373 additions and 34 deletions.
diff --git a/api-catalog-ui/frontend/cypress/e2e/detail-page/swagger-try-out-and-code-snippets.cy.js b/api-catalog-ui/frontend/cypress/e2e/detail-page/swagger-try-out-and-code-snippets.cy.js
@@ -33,7 +33,7 @@ describe('>>> Swagger Try Out and Code Snippets Test', () => {
         {
             tile: 'API Gateway',
             id: 'gateway',
-            selectOp: '#operations-Security-RefreshTokenUsingPOST',
+            selectOp: '#operations-Diagnostic-VersionInfoUsingGET',
             auth: true,
         }
     ].forEach((test) => {
@@ -52,7 +52,9 @@ describe('>>> Swagger Try Out and Code Snippets Test', () => {
                 cy.visit(`${Cypress.env('catalogHomePage')}/#/service/${test.id}`);
                 cy.get('.authorization__btn').should('exist');
 
-                cy.get('.authorization__btn').eq(0).click();
+                cy.get('#operations-Security-loginUsingPOST .authorization__btn').should('exist');
+
+                cy.get('#operations-Security-loginUsingPOST .authorization__btn').eq(0).click();
 
                 cy.get('input[name=username]').type('non-valid');
                 cy.get('input[name=password]').type('non-valid');
@@ -61,7 +63,7 @@ describe('>>> Swagger Try Out and Code Snippets Test', () => {
 
                 cy.get('.close-modal').click();
 
-                cy.get('.opblock-summary').eq(0).click();
+                cy.get('#operations-Security-loginUsingPOST .opblock-summary').eq(0).click();
 
                 cy.get('.try-out').click();
 
@@ -75,7 +77,7 @@ describe('>>> Swagger Try Out and Code Snippets Test', () => {
             cy.log(`Visiting ${test.tile}, ${test.id}`);
             cy.contains(test.tile).click();
             cy.visit(`${Cypress.env('catalogHomePage')}/#/service/${test.id}`);
-            cy.get('.opblock-summary').eq(1).click();
+            cy.get(`${test.selectOp} .arrow`).eq(0).click();
             cy.get('.try-out').should('exist');
             cy.get('.try-out').click();
 

diff --git a/gateway-service/src/main/java/org/zowe/apiml/gateway/controllers/AuthController.java b/gateway-service/src/main/java/org/zowe/apiml/gateway/controllers/AuthController.java
@@ -29,14 +29,7 @@
 import org.springframework.lang.Nullable;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import org.zowe.apiml.gateway.security.service.AuthenticationService;
 import org.zowe.apiml.gateway.security.service.JwtSecurity;
 import org.zowe.apiml.gateway.security.service.token.OIDCTokenProvider;
@@ -53,15 +46,9 @@
 import java.io.IOException;
 import java.io.StringWriter;
 import java.security.PublicKey;
-import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
+import java.util.*;
 
-import static org.apache.http.HttpStatus.SC_NO_CONTENT;
-import static org.apache.http.HttpStatus.SC_OK;
-import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE;
+import static org.apache.http.HttpStatus.*;
 
 /**
  * Controller offer method to control security. It can contains method for user and also method for calling services
@@ -127,7 +114,7 @@ public ResponseEntity<String> revokeAccessToken(@RequestBody() Map<String, Strin
             return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
         }
         tokenProvider.invalidateToken(body.get(TOKEN_KEY));
-        return new ResponseEntity<>(HttpStatus.OK);
+        return new ResponseEntity<>(HttpStatus.NO_CONTENT);
     }
 
     @DeleteMapping(path = ACCESS_TOKEN_REVOKE_MULTIPLE)
@@ -195,7 +182,7 @@ public ResponseEntity<String> validateAccessToken(@RequestBody ValidateRequestMo
         String serviceId = validateRequestModel.getServiceId();
         if (tokenProvider.isValidForScopes(token, serviceId) &&
             !tokenProvider.isInvalidated(token)) {
-            return new ResponseEntity<>(HttpStatus.OK);
+            return new ResponseEntity<>(HttpStatus.NO_CONTENT);
         }
         return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
     }