veritrade/api-tests.http at develop · Poison-Iveey/veritrade · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
### AUTHENTICATION TESTS

### Test 1: Register Buyer
POST http://localhost:5000/api/auth/register
Content-Type: application/json

{
  "name": "John Buyer",
  "email": "buyer@veritrade.com",
  "password": "TestPassword123",
  "role": "buyer"
}

###

### Test 2: Register Admin
POST http://localhost:5000/api/auth/register
Content-Type: application/json

{
  "name": "Admin User",
  "email": "admin@veritrade.com",
  "password": "AdminPassword123",
  "role": "admin"
}

###

### Test 3: Login as Buyer
# @name loginBuyer
POST http://localhost:5000/api/auth/login
Content-Type: application/json

{
  "email": "buyer@veritrade.com",
  "password": "TestPassword123"
}

###

### Test 3b: Login as Admin
# @name loginAdmin
POST http://localhost:5000/api/auth/login
Content-Type: application/json

{
  "email": "admin@veritrade.com",
  "password": "AdminPassword123"
}

###

### BUYER ENDPOINTS (Require Buyer Role + JWT)

### Test 4: Submit Verification Request
POST http://localhost:5000/api/verifications/submit
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiZW1haWwiOiJidXllckB2ZXJpdHJhZGUuY29tIiwicm9sZSI6ImJ1eWVyIiwiaWF0IjoxNzcxOTg4MzQ5LCJleHAiOjE3NzI1OTMxNDl9.LkW46rl3r9Fykh8A2X8i_OR4807jN1YoCriajrAgbn4

{
  "business_name": "EcoTech Solutions Ltd",
  "registration_number": "RC999988"
}

###

### Test 5: Get My Verification Requests
GET http://localhost:5000/api/verifications/my-requests
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiZW1haWwiOiJidXllckB2ZXJpdHJhZGUuY29tIiwicm9sZSI6ImJ1eWVyIiwiaWF0IjoxNzcxOTg4MzQ5LCJleHAiOjE3NzI1OTMxNDl9.LkW46rl3r9Fykh8A2X8i_OR4807jN1YoCriajrAgbn4

###

### Test 6: Get Single Verification Request
GET http://localhost:5000/api/verifications/1
Authorization: Bearer YOUR_BUYER_TOKEN_HERE

###

### Test 7: Cancel Verification Request
PATCH http://localhost:5000/api/verifications/6/cancel
Authorization: Bearer YOUR_BUYER_TOKEN_HERE

###

### ADMIN ENDPOINTS (Require Admin Role + JWT)

### Test 8: Get All Pending Verifications (Admin)
GET http://localhost:5000/api/admin/verifications/pending
Authorization: Bearer YOUR_ADMIN_TOKEN_HERE

###

### Test 9: Get All Verifications (Admin)
GET http://localhost:5000/api/admin/verifications
Authorization: Bearer YOUR_ADMIN_TOKEN_HERE

###

### Test 9b: Get Verified Verifications Only (Admin)
GET http://localhost:5000/api/admin/verifications?status=verified
Authorization: Bearer YOUR_ADMIN_TOKEN_HERE

###

### Test 10: Verify Request (Admin Approve)
PATCH http://localhost:5000/api/admin/verifications/1/verify
Content-Type: application/json
Authorization: Bearer YOUR_ADMIN_TOKEN_HERE

{
  "admin_notes": "Business verified successfully"
}

###

### Test 11: Reject Request (Admin)
PATCH http://localhost:5000/api/admin/verifications/2/reject
Content-Type: application/json
Authorization: Bearer YOUR_ADMIN_TOKEN_HERE

{
  "admin_notes": "Invalid registration number"
}

###

### Test 12: Flag Request (Admin)
PATCH http://localhost:5000/api/admin/verifications/3/flag
Content-Type: application/json
Authorization: Bearer YOUR_ADMIN_TOKEN_HERE

{
  "admin_notes": "Requires further investigation"
}

###

### TESTING WITHOUT TOKEN (Should Fail with 401)

### Test 13: Try Submitting Without Token (Should Return 401)
POST http://localhost:5000/api/verifications/submit
Content-Type: application/json

{
  "business_name": "Test Company",
  "registration_number": "RC111111"
}

###

### Test 14: Try Admin Action as Buyer (Should Return 403)
PATCH http://localhost:5000/api/admin/verifications/1/verify
Content-Type: application/json
Authorization: Bearer YOUR_BUYER_TOKEN_HERE

{
  "admin_notes": "Trying to verify as buyer"
}

###

### INSTRUCTIONS FOR TESTING

# Step 1: Run Test 3 (Login as Buyer)
# Step 2: Copy the token from the response
# Step 3: Replace YOUR_BUYER_TOKEN_HERE with your actual token in Tests 4-7

# Step 4: Run Test 3b (Login as Admin)
# Step 5: Copy the token from the response
# Step 6: Replace YOUR_ADMIN_TOKEN_HERE with your actual token in Tests 8-12

# Tests 13-14 verify that authentication and authorization work correctly