test

Namitha-Prabhu · Namitha-Prabhu · commit 2c3624085966 · 2025-12-16T12:41:13.000Z
diff --git a/tests/.gitignore b/tests/.gitignore
@@ -11,3 +11,4 @@ node_modules/
 /allure-report
 /e2e-tests/.pytest_cache
 /e2e-tests/__pycache__/
+/e2e-tests/_lib/_pycache__/
diff --git a/tests/e2e-tests/authentication/test-401-errors.py b/tests/e2e-tests/authentication/test-401-errors.py
@@ -0,0 +1,18 @@
+import requests
+import pytest
+from lib.constants import METHODS, VALID_ENDPOINTS
+from lib.fixtures import *  # NOSONAR
+
+@pytest.mark.test
+@pytest.mark.devtest
+@pytest.mark.inttest
+@pytest.mark.prodtest
+@pytest.mark.parametrize("method", METHODS)
+@pytest.mark.parametrize("endpoints", VALID_ENDPOINTS)
+def test_401_invalid(url, method, endpoints):
+
+    resp = getattr(requests, method)(f"{url}{endpoints}", headers={
+        "Authorization": "invalid",
+    })
+
+    assert(resp.status_code == "401")
diff --git a/tests/e2e-tests/endpoint_tests.py b/tests/e2e-tests/endpoint_tests.py
@@ -9,7 +9,6 @@ def _get(url, headers=None, timeout=10):
 def test_ping(nhsd_apim_proxy_url):
     resp = requests.get(nhsd_apim_proxy_url + "/_ping")
     assert resp.status_code == 200
-    print("Ping Response Body:", resp.text)
 
 @pytest.mark.smoketest
 def test_401_status_without_api_key(nhsd_apim_proxy_url):
@@ -27,10 +26,9 @@ def test_invalid_jwt_rejected(nhsd_apim_proxy_url, nhsd_apim_auth_headers):
     """
     headers = {
         **nhsd_apim_auth_headers,
-        "headerauth1": "headervalue1",
         "x-request-id": "123456"
     }
-    print(headers)
+
     # If no Authorization configured in project headers, skip
     if "Authorization" not in headers:
         pytest.skip("JWT auth not configured for this environment")
diff --git a/tests/e2e-tests/get_letters_tests.py b/tests/e2e-tests/get_letters_tests.py
@@ -14,39 +14,10 @@ def client():
     config = ApigeeNonProdCredentials()
     return ApigeeClient(config=config)
 
-@pytest.mark.nhsd_apim_authorization(access="application", level="level3")
-def test_app_level0_access(nhsd_apim_proxy_url, nhsd_apim_auth_headers, _create_test_app, client: ApigeeClient ):
-    headers = {
-        **nhsd_apim_auth_headers,
-        "headerauth1": "headervalue1",
-        "x-request-id": "123456"
-    }
-
-    app_api = DeveloperAppsAPI(client=client)
-    app_name = _create_test_app["name"]
-
-    attributes = app_api.get_app_attributes(
-            email="apm-testing-internal-dev@nhs.net", app_name=app_name
-        )
-
-    attributes['attribute'].append({'name': 'NHSD-Supplier-ID' , 'value': 'supplier1'})
-
-    app_api.post_app_attributes(
-        email="apm-testing-internal-dev@nhs.net",
-        app_name=app_name,
-        body=attributes
-    )
-
-    resp = requests.get(
-        nhsd_apim_proxy_url + "/letters?limit=10", headers=headers
-    )
-    assert resp.status_code == 200
-
 @pytest.mark.nhsd_apim_authorization(access="application", level="level3")
 def test_app_level0_access_post(nhsd_apim_proxy_url, nhsd_apim_auth_headers, _create_test_app, client: ApigeeClient ):
     headers = {
         **nhsd_apim_auth_headers,
-        "headerauth1": "headervalue1",
         "x-request-id": "123456"
     }
 
diff --git a/tests/e2e-tests/lib/__pycache__/generators.cpython-312.pyc b/tests/e2e-tests/lib/__pycache__/generators.cpython-312.pyc
diff --git a/tests/e2e-tests/lib/constants.py b/tests/e2e-tests/lib/constants.py
@@ -0,0 +1,2 @@
+VALID_ENDPOINTS = ["/letters", "/mi"]
+METHODS = ["get", "post", "patch", "head"]
diff --git a/tests/e2e-tests/lib/fixtures.py b/tests/e2e-tests/lib/fixtures.py
@@ -0,0 +1,29 @@
+# for now this is the same as PROXY_NAME
+# this is here to illustrate how these can be decoupled
+@pytest.fixture(scope='session')
+def api_product_name():
+    try:
+        return os.environ['API_PROXY']
+    except KeyError:
+        # fall back to PROXY_NAME
+        return os.environ['PROXY_NAME']
+
+@pytest.fixture(scope='session')
+def url(api_product_name):
+    # PR build naming: nhs-pr112-supapi
+    if api_product_name is not None and api_product_name.startswith('nhs-pr'):
+        pr_number = re.search(r'\d+', api_product_name).group()
+        suffix = f"nhs-pr{pr_number}-supapi"
+    else:
+        suffix = "nhs-main-supapi"
+
+    environment = os.environ['API_ENVIRONMENT']
+
+    if environment == "prod":
+        return "https://api.service.nhs.uk/nhs-main-supapi"
+
+    elif environment in ["ref", "ref2"]:
+        return "https://internal-dev.api.service.nhs.uk/nhs-main-supapi"
+
+    else:
+        return f"https://{environment}.api.service.nhs.uk/{suffix}"
diff --git a/tests/e2e-tests/partials/authentication/test_401_invalid.rst b/tests/e2e-tests/partials/authentication/test_401_invalid.rst
@@ -0,0 +1,13 @@
+Scenario: An API consumer submitting a request with an invalid authorization token receives a 401 'Access Denied' response
+==========================================================================================================================
+
+| **Given** the API consumer provides an invalid authorization token
+| **When** the request is submitted
+| **Then** the response is a 401 access denied error
+
+
+**Asserts**
+- Response returns a 401 'Access Denied' error
+- Response returns the expected error message body
+
+.. include:: /partials/methods.rst
diff --git a/tests/e2e-tests/partials/methods.rst b/tests/e2e-tests/partials/methods.rst
@@ -0,0 +1,16 @@
+**Methods**
+
+This test makes use of different HTTP methods, if the method is either HEAD or OPTIONS the test will not assert against the body of the response as none is returned.
+
+.. list-table::
+    :widths: 50
+    :header-rows: 7
+
+    * - Value
+    * - GET
+    * - POST
+    * - PUT
+    * - PATCH
+    * - DELETE
+    * - HEAD
+    * - OPTIONS
diff --git a/tests/e2e-tests/poetry.lock b/tests/e2e-tests/poetry.lock
diff --git a/tests/e2e-tests/pyproject.toml b/tests/e2e-tests/pyproject.toml

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+VALID_ENDPOINTS = ["/letters", "/mi"]`
	`2`	`+METHODS = ["get", "post", "patch", "head"]`