diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_accountcontroller.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_accountcontroller.feature new file mode 100644 index 0000000..330e2e9 --- /dev/null +++ b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_accountcontroller.feature @@ -0,0 +1,68 @@ +Feature: Account Creation API + + Background: + Given the API is available + + @smoke + Scenario: Successful account creation + Given a user is authenticated with a valid session cookie + And the user provides "Personal Savings" as account_name + And the user provides "savings" as account_type + When the user sends a POST request to /account/create_account with the account_name and account_type + Then the response status should be 200 + And the response should include the created account with account_name "Personal Savings" and account_type "savings" + + @regression + Scenario: Missing account_name field + Given a user is authenticated with a valid session cookie + And the user provides no account_name + And the user provides "checking" as account_type + When the user sends a POST request to /account/create_account with only account_type + Then the response status should be 400 + And the response should include an error message stating "account_name is required" + + @regression + Scenario: Missing account_type field + Given a user is authenticated with a valid session cookie + And the user provides "Business Account" as account_name + And the user provides no account_type + When the user sends a POST request to /account/create_account with only account_name + Then the response status should be 400 + And the response should include an error message stating "account_type is required" + + @regression + Scenario: Unauthenticated access attempt + Given the user is not authenticated + And the user provides "Vacation Fund" as account_name + And the user provides "savings" as account_type + When the user sends a POST request to /account/create_account without a session cookie + Then the response status should be 401 + And the response should include an error message stating "Authentication required" + + @regression + Scenario: Empty account_name field + Given a user is authenticated with a valid session cookie + And the user provides "" as account_name + And the user provides "checking" as account_type + When the user sends a POST request to /account/create_account with empty account_name + Then the response status should be 400 + And the response should include an error message stating "account_name cannot be empty" + + @regression + Scenario: Empty account_type field + Given a user is authenticated with a valid session cookie + And the user provides "Travel Account" as account_name + And the user provides "" as account_type + When the user sends a POST request to /account/create_account with empty account_type + Then the response status should be 400 + And the response should include an error message stating "account_type cannot be empty" + + @regression + Scenario: Duplicate account_name creation attempt + Given a user is authenticated with a valid session cookie + And the user has already created an account with account_name "Personal Savings" and account_type "savings" + And the user provides "Personal Savings" as account_name + And the user provides "savings" as account_type + When the user sends a POST request to /account/create_account with the same account_name and account_type + Then the response status should be 400 + And the response should include an error message stating "account_name already exists" diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_appcontroller.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_appcontroller.feature new file mode 100644 index 0000000..c207049 --- /dev/null +++ b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_appcontroller.feature @@ -0,0 +1,132 @@ +Feature: AppController Dashboard and History Endpoints + + Background: + Given the API is available + + # + # /app/dashboard endpoint scenarios + # + @smoke + Scenario: Successful dashboard data retrieval with valid session + Given the user has a valid session + When the user sends a GET request to /app/dashboard + Then the response status should be 200 + And the response body should contain the dashboard data + + @regression + Scenario: Unauthorized access to dashboard with no session + Given the user does not have a session + When the user sends a GET request to /app/dashboard + Then the response status should be 401 + And the response body should indicate unauthorized access + + @regression + Scenario: Dashboard returns empty data for boundary condition + Given the user has a valid session and no dashboard data is available + When the user sends a GET request to /app/dashboard + Then the response status should be 200 + And the response body should contain an empty dashboard data set + + @regression + Scenario: Dashboard returns large dataset + Given the user has a valid session and dashboard data contains a large dataset + When the user sends a GET request to /app/dashboard + Then the response status should be 200 + And the response body should contain more than 1000 dashboard items + + # + # /app/payment_history endpoint scenarios + # + @smoke + Scenario: Successful payment history retrieval with valid session + Given the user has a valid session + When the user sends a GET request to /app/payment_history + Then the response status should be 200 + And the response body should contain the payment history + + @regression + Scenario: Unauthorized access to payment history with invalid session + Given the user has an invalid session + When the user sends a GET request to /app/payment_history + Then the response status should be 401 + And the response body should indicate unauthorized access + + @regression + Scenario: Payment history returns empty data for boundary condition + Given the user has a valid session and no payment history exists + When the user sends a GET request to /app/payment_history + Then the response status should be 200 + And the response body should contain an empty payment history list + + @regression + Scenario: Payment history returns large dataset + Given the user has a valid session and payment history contains a large dataset + When the user sends a GET request to /app/payment_history + Then the response status should be 200 + And the response body should contain more than 1000 payment history items + + # + # /app/transaction_history endpoint scenarios + # + @smoke + Scenario: Successful transaction history retrieval with valid session + Given the user has a valid session + When the user sends a GET request to /app/transaction_history + Then the response status should be 200 + And the response body should contain the transaction history + + @regression + Scenario: Unauthorized access to transaction history with no session + Given the user does not have a session + When the user sends a GET request to /app/transaction_history + Then the response status should be 401 + And the response body should indicate unauthorized access + + @regression + Scenario: Transaction history returns empty data for boundary condition + Given the user has a valid session and transaction history is empty + When the user sends a GET request to /app/transaction_history + Then the response status should be 200 + And the response body should contain an empty transaction history list + + @regression + Scenario: Transaction history returns large dataset + Given the user has a valid session and transaction history contains a large dataset + When the user sends a GET request to /app/transaction_history + Then the response status should be 200 + And the response body should contain more than 1000 transaction history items + + # + # /app/account_transaction_history endpoint scenarios + # + @smoke + Scenario: Successful account transaction history retrieval with valid session and account id + Given the user has a valid session + And the user specifies a valid account_id in the request body + When the user sends a POST request to /app/account_transaction_history + Then the response status should be 200 + And the response body should contain the account transaction history + + @regression + Scenario: Unauthorized access to account transaction history with missing session + Given the user does not have a session + And the user specifies a valid account_id in the request body + When the user sends a POST request to /app/account_transaction_history + Then the response status should be 401 + And the response body should indicate unauthorized access + + @regression + Scenario: Account transaction history returns empty data for boundary condition + Given the user has a valid session + And the user specifies an account_id with no transaction history + When the user sends a POST request to /app/account_transaction_history + Then the response status should be 200 + And the response body should contain an empty transaction history list + + @regression + Scenario: Account transaction history returns large dataset + Given the user has a valid session + And the user specifies an account_id with a large transaction history dataset + When the user sends a POST request to /app/account_transaction_history + Then the response status should be 200 + And the response body should contain more than 1000 account transaction history items diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_authcontroller.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_authcontroller.feature new file mode 100644 index 0000000..b2bf266 --- /dev/null +++ b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_authcontroller.feature @@ -0,0 +1,85 @@ +Feature: User Authentication and Logout REST API + + Background: + Given the API is available + + @smoke + Scenario: Successful login with valid credentials + Given a user exists with email "user@example.com" and password "correct_password" and is verified + When the client sends a POST request to "/login" with body: + | email | password | + | user@example.com | correct_password | + Then the response status should be 200 + And the response body should contain "Authentication confirmed" + And a session cookie is set + + @smoke + Scenario: Successful logout with valid session + Given the client is authenticated via a session cookie + When the client sends a GET request to "/logout" with the session cookie + Then the response status should be 200 + And the response body should contain "Logged out" + And the session cookie should be cleared + + @regression + Scenario: Login attempt with incorrect password + Given a user exists with email "user@example.com" and password "correct_password" and is verified + When the client sends a POST request to "/login" with body: + | email | password | + | user@example.com | wrong_password | + Then the response status should be 401 + And the response body should contain "Incorrect credentials" + And no session cookie is set + + @regression + Scenario: Login attempt with missing email and password + When the client sends a POST request to "/login" with body: + | email | password | + | | | + Then the response status should be 400 + And the response body should contain "Username/Password empty" + And no session cookie is set + + @regression + Scenario: Login attempt with unverified user + Given a user exists with email "unverified@example.com" and password "pass1234" and is NOT verified + When the client sends a POST request to "/login" with body: + | email | password | + | unverified@example.com | pass1234 | + Then the response status should be 403 + And the response body should contain "Verification required" + And no session cookie is set + + @regression + Scenario: Login attempt with email not found + Given no user exists with email "nonexistent@example.com" + When the client sends a POST request to "/login" with body: + | email | password | + | nonexistent@example.com | somepass | + Then the response status should be 500 + And the response body should contain "Email not found" + And no session cookie is set + + @regression + Scenario: Logout attempt without session cookie + When the client sends a GET request to "/logout" without a session cookie + Then the response status should be 200 + And the response body should contain "Logged out" + And no session cookie should be present + + @regression + Scenario: Logout attempt with an expired session cookie + Given the client has an expired session cookie + When the client sends a GET request to "/logout" with the expired session cookie + Then the response status should be 200 + And the response body should contain "Logged out" + And the session cookie should be cleared + + @regression + Scenario: Login attempt with invalid email format + When the client sends a POST request to "/login" with body: + | email | password | + | bad-email | test1234 | + Then the response status should be 400 + And the response body should contain "Username/Password empty" + And no session cookie is set diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_registercontroller.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_registercontroller.feature new file mode 100644 index 0000000..724eecc --- /dev/null +++ b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_registercontroller.feature @@ -0,0 +1,76 @@ +Feature: User Registration API + + Background: + Given the API is available + + @smoke + Scenario: Successful user registration + When I send a POST request to /register with the body: + | first_name | last_name | email | password | + | John | Doe | john.doe@email.com | StrongPass1 | + And the query parameter "confirm_password" is "StrongPass1" + Then the response code should be 200 + And the response body should contain: + | success | true | + | message | User registered successfully | + + @regression + Scenario: Registration fails when required fields are missing + When I send a POST request to /register with the body: + | first_name | last_name | email | password | + | | Doe | john.doe@email.com | StrongPass1 | + And the query parameter "confirm_password" is "StrongPass1" + Then the response code should be 400 + And the response body should contain: + | error | "first_name is required" | + + @regression + Scenario: Registration fails when first_name is too short + When I send a POST request to /register with the body: + | first_name | last_name | email | password | + | Jo | Doe | jo.doe@email.com | StrongPass1 | + And the query parameter "confirm_password" is "StrongPass1" + Then the response code should be 400 + And the response body should contain: + | error | "first_name must be at least 3 characters" | + + @regression + Scenario: Registration fails when last_name is too short + When I send a POST request to /register with the body: + | first_name | last_name | email | password | + | John | Do | john.do@email.com | StrongPass1 | + And the query parameter "confirm_password" is "StrongPass1" + Then the response code should be 400 + And the response body should contain: + | error | "last_name must be at least 3 characters" | + + @regression + Scenario: Registration fails with invalid email format + When I send a POST request to /register with the body: + | first_name | last_name | email | password | + | Jane | Smith | janesmith | StrongPass1 | + And the query parameter "confirm_password" is "StrongPass1" + Then the response code should be 400 + And the response body should contain: + | error | "email must be a valid email address" | + + @regression + Scenario: Registration fails when password and confirm_password do not match + When I send a POST request to /register with the body: + | first_name | last_name | email | password | + | Alice | Johnson | alice.j@email.com | StrongPass1 | + And the query parameter "confirm_password" is "WrongPass2" + Then the response code should be 400 + And the response body should contain: + | error | "passwords do not match" | + + @regression + Scenario: Registration fails when email is already registered + Given a user exists with email "bob@example.com" + When I send a POST request to /register with the body: + | first_name | last_name | email | password | + | Bob | Builder | bob@example.com | StrongPass1 | + And the query parameter "confirm_password" is "StrongPass1" + Then the response code should be 400 + And the response body should contain: + | error | "email already registered" | diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_transactcontroller.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_transactcontroller.feature new file mode 100644 index 0000000..2b50fd7 --- /dev/null +++ b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_transactcontroller.feature @@ -0,0 +1,196 @@ +Feature: Money Transactions API + + As a user of the banking application, + I want to be able to deposit, withdraw, transfer, and make payments, + So that I can manage my funds easily and securely. + + Background: + Given the API is available + + ########################## DEPOSIT ########################## + + @smoke + Scenario: Successful deposit to an account + Given a valid session token "valid-session" + And an account exists with ID "ACC123" + When I POST /transact/deposit with body: + | deposit_amount | account_id | session | + | 100.00 | ACC123 | valid-session | + Then the response code should be 200 + And the response body should include "deposited": true + + @regression + Scenario: Attempt to deposit with missing required field (amount) + Given a valid session token "valid-session" + And an account exists with ID "ACC123" + When I POST /transact/deposit with body: + | account_id | session | + | ACC123 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Missing deposit_amount" + + @regression + Scenario: Attempt to deposit zero amount + Given a valid session token "valid-session" + And an account exists with ID "ACC123" + When I POST /transact/deposit with body: + | deposit_amount | account_id | session | + | 0 | ACC123 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Deposit amount must be greater than zero" + + @regression + Scenario: Attempt to deposit with invalid session + Given an account exists with ID "ACC123" + When I POST /transact/deposit with body: + | deposit_amount | account_id | session | + | 100.00 | ACC123 | invalid-session | + Then the response code should be 401 + And the response body should include "error": "Unauthorized" + + ########################## WITHDRAW ########################## + + @smoke + Scenario: Successful withdrawal from account + Given a valid session token "valid-session" + And an account "ACC123" has balance 500.00 + When I POST /transact/withdraw with body: + | withdrawal_amount | account_id | session | + | 200.00 | ACC123 | valid-session | + Then the response code should be 200 + And the response body should include "withdrawn": true + + @regression + Scenario: Withdraw more than available balance + Given a valid session token "valid-session" + And an account "ACC123" has balance 150.00 + When I POST /transact/withdraw with body: + | withdrawal_amount | account_id | session | + | 500.00 | ACC123 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Insufficient funds" + + @regression + Scenario: Withdraw zero or negative amount + Given a valid session token "valid-session" + And an account "ACC123" has balance 100.00 + When I POST /transact/withdraw with body: + | withdrawal_amount | account_id | session | + | 0 | ACC123 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Withdrawal amount must be greater than zero" + + @regression + Scenario: Withdraw with no session (unauthorized) + And an account exists with ID "ACC123" + When I POST /transact/withdraw with body: + | withdrawal_amount | account_id | session | + | 20.00 | ACC123 | | + Then the response code should be 401 + And the response body should include "error": "Unauthorized" + + ########################## TRANSFER ########################## + + @smoke + Scenario: Successful fund transfer between two accounts + Given a valid session token "valid-session" + And an account "SRC123" has balance 500.00 + And an account "DST456" exists + When I POST /transact/transfer with body: + | sourceAccount | targetAccount | amount | session | + | SRC123 | DST456 | 150.00 | valid-session | + Then the response code should be 200 + And the response body should include "transferred": true + + @regression + Scenario: Attempt transfer with insufficient funds + Given a valid session token "valid-session" + And an account "SRC123" has balance 100.00 + And an account "DST456" exists + When I POST /transact/transfer with body: + | sourceAccount | targetAccount | amount | session | + | SRC123 | DST456 | 200.00 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Insufficient funds" + + @regression + Scenario: Transfer to the same account + Given a valid session token "valid-session" + And an account "SRC123" has balance 500.00 + When I POST /transact/transfer with body: + | sourceAccount | targetAccount | amount | session | + | SRC123 | SRC123 | 50.00 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Cannot transfer to the same account" + + @regression + Scenario: Attempt to transfer zero or negative amount + Given a valid session token "valid-session" + And an account "SRC123" has balance 1000.00 + And an account "DST456" exists + When I POST /transact/transfer with body: + | sourceAccount | targetAccount | amount | session | + | SRC123 | DST456 | 0 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Transfer amount must be greater than zero" + + @regression + Scenario: Attempt transfer with invalid session + And an account "SRC123" has balance 200.00 + And an account "DST456" exists + When I POST /transact/transfer with body: + | sourceAccount | targetAccount | amount | session | + | SRC123 | DST456 | 50.00 | invalid-session | + Then the response code should be 401 + And the response body should include "error": "Unauthorized" + + ########################## PAYMENT ########################## + + @smoke + Scenario: Successful payment to a beneficiary + Given a valid session token "valid-session" + And an account "PAYACC123" has balance 500.00 + When I POST /transact/payment with body: + | beneficiary | account_id | account_number | payment_amount | session | + | Alice & Co. Ltd. | PAYACC123 | 789654123 | 120.00 | valid-session | + Then the response code should be 200 + And the response body should include "processed": true + + @regression + Scenario: Payment with insufficient funds + Given a valid session token "valid-session" + And an account "PAYACC124" has balance 10.00 + When I POST /transact/payment with body: + | beneficiary | account_id | account_number | payment_amount | session | + | Widgets Inc. | PAYACC124 | 654321987 | 100.00 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Insufficient funds" + + @regression + Scenario: Payment with zero payment amount + Given a valid session token "valid-session" + And an account "PAYACC125" has balance 1000.00 + When I POST /transact/payment with body: + | beneficiary | account_id | account_number | payment_amount | session | + | Jane Roe | PAYACC125 | 111222333 | 0 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Payment amount must be greater than zero" + + @regression + Scenario: Payment with missing required beneficiary field + Given a valid session token "valid-session" + And an account "PAYACC127" has balance 200.00 + When I POST /transact/payment with body: + | account_id | account_number | payment_amount | session | + | PAYACC127 | 789456123 | 50.00 | valid-session | + Then the response code should be 400 + And the response body should include "error": "Missing beneficiary" + + @regression + Scenario: Payment with unauthorized session + And an account "PAYACC128" has balance 200.00 + When I POST /transact/payment with body: + | beneficiary | account_id | account_number | payment_amount | session | + | John Black | PAYACC128 | 123456789 | 25.00 | invalid-session | + Then the response code should be 401 + And the response body should include "error": "Unauthorized"