roost-io · harishagrawal · Mar 24, 2026
diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_accountcontroller.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_accountcontroller.feature
@@ -0,0 +1,68 @@
+Feature: Account Creation API
+
+  Background:
+    Given the API is available
+
+  @smoke
+  Scenario: Successful account creation
+    Given a user is authenticated with a valid session cookie
+    And the user provides "Personal Savings" as account_name
+    And the user provides "savings" as account_type
+    When the user sends a POST request to /account/create_account with the account_name and account_type
+    Then the response status should be 200
+    And the response should include the created account with account_name "Personal Savings" and account_type "savings"
+
+  @regression
+  Scenario: Missing account_name field
+    Given a user is authenticated with a valid session cookie
+    And the user provides no account_name
+    And the user provides "checking" as account_type
+    When the user sends a POST request to /account/create_account with only account_type
+    Then the response status should be 400
+    And the response should include an error message stating "account_name is required"
+
+  @regression
+  Scenario: Missing account_type field
+    Given a user is authenticated with a valid session cookie
+    And the user provides "Business Account" as account_name
+    And the user provides no account_type
+    When the user sends a POST request to /account/create_account with only account_name
+    Then the response status should be 400
+    And the response should include an error message stating "account_type is required"
+
+  @regression
+  Scenario: Unauthenticated access attempt
+    Given the user is not authenticated
+    And the user provides "Vacation Fund" as account_name
+    And the user provides "savings" as account_type
+    When the user sends a POST request to /account/create_account without a session cookie
+    Then the response status should be 401
+    And the response should include an error message stating "Authentication required"
+
+  @regression
+  Scenario: Empty account_name field
+    Given a user is authenticated with a valid session cookie
+    And the user provides "" as account_name
+    And the user provides "checking" as account_type
+    When the user sends a POST request to /account/create_account with empty account_name
+    Then the response status should be 400
+    And the response should include an error message stating "account_name cannot be empty"
+
+  @regression
+  Scenario: Empty account_type field
+    Given a user is authenticated with a valid session cookie
+    And the user provides "Travel Account" as account_name
+    And the user provides "" as account_type
+    When the user sends a POST request to /account/create_account with empty account_type
+    Then the response status should be 400
+    And the response should include an error message stating "account_type cannot be empty"
+
+  @regression
+  Scenario: Duplicate account_name creation attempt
+    Given a user is authenticated with a valid session cookie
+    And the user has already created an account with account_name "Personal Savings" and account_type "savings"
+    And the user provides "Personal Savings" as account_name
+    And the user provides "savings" as account_type
+    When the user sends a POST request to /account/create_account with the same account_name and account_type
+    Then the response status should be 400
+    And the response should include an error message stating "account_name already exists"
diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_appcontroller.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_appcontroller.feature
@@ -0,0 +1,132 @@
+Feature: AppController Dashboard and History Endpoints
+
+  Background:
+    Given the API is available
+
+  #
+  # /app/dashboard endpoint scenarios
+  #
+  @smoke
+  Scenario: Successful dashboard data retrieval with valid session
+    Given the user has a valid session
+    When the user sends a GET request to /app/dashboard
+    Then the response status should be 200
+    And the response body should contain the dashboard data
+
+  @regression
+  Scenario: Unauthorized access to dashboard with no session
+    Given the user does not have a session
+    When the user sends a GET request to /app/dashboard
+    Then the response status should be 401
+    And the response body should indicate unauthorized access
+
+  @regression
+  Scenario: Dashboard returns empty data for boundary condition
+    Given the user has a valid session and no dashboard data is available
+    When the user sends a GET request to /app/dashboard
+    Then the response status should be 200
+    And the response body should contain an empty dashboard data set
+
+  @regression
+  Scenario: Dashboard returns large dataset
+    Given the user has a valid session and dashboard data contains a large dataset
+    When the user sends a GET request to /app/dashboard
+    Then the response status should be 200
+    And the response body should contain more than 1000 dashboard items
+
+  #
+  # /app/payment_history endpoint scenarios
+  #
+  @smoke
+  Scenario: Successful payment history retrieval with valid session
+    Given the user has a valid session
+    When the user sends a GET request to /app/payment_history
+    Then the response status should be 200
+    And the response body should contain the payment history
+
+  @regression
+  Scenario: Unauthorized access to payment history with invalid session
+    Given the user has an invalid session
+    When the user sends a GET request to /app/payment_history
+    Then the response status should be 401
+    And the response body should indicate unauthorized access
+
+  @regression
+  Scenario: Payment history returns empty data for boundary condition
+    Given the user has a valid session and no payment history exists
+    When the user sends a GET request to /app/payment_history
+    Then the response status should be 200
+    And the response body should contain an empty payment history list
+
+  @regression
+  Scenario: Payment history returns large dataset
+    Given the user has a valid session and payment history contains a large dataset
+    When the user sends a GET request to /app/payment_history
+    Then the response status should be 200
+    And the response body should contain more than 1000 payment history items
+
+  #
+  # /app/transaction_history endpoint scenarios
+  #
+  @smoke
+  Scenario: Successful transaction history retrieval with valid session
+    Given the user has a valid session
+    When the user sends a GET request to /app/transaction_history
+    Then the response status should be 200
+    And the response body should contain the transaction history
+
+  @regression
+  Scenario: Unauthorized access to transaction history with no session
+    Given the user does not have a session
+    When the user sends a GET request to /app/transaction_history
+    Then the response status should be 401
+    And the response body should indicate unauthorized access
+
+  @regression
+  Scenario: Transaction history returns empty data for boundary condition
+    Given the user has a valid session and transaction history is empty
+    When the user sends a GET request to /app/transaction_history
+    Then the response status should be 200
+    And the response body should contain an empty transaction history list
+
+  @regression
+  Scenario: Transaction history returns large dataset
+    Given the user has a valid session and transaction history contains a large dataset
+    When the user sends a GET request to /app/transaction_history
+    Then the response status should be 200
+    And the response body should contain more than 1000 transaction history items
+
+  #
+  # /app/account_transaction_history endpoint scenarios
+  #
+  @smoke
+  Scenario: Successful account transaction history retrieval with valid session and account id
+    Given the user has a valid session
+    And the user specifies a valid account_id in the request body
+    When the user sends a POST request to /app/account_transaction_history
+    Then the response status should be 200
+    And the response body should contain the account transaction history
+
+  @regression
+  Scenario: Unauthorized access to account transaction history with missing session
+    Given the user does not have a session
+    And the user specifies a valid account_id in the request body
+    When the user sends a POST request to /app/account_transaction_history
+    Then the response status should be 401
+    And the response body should indicate unauthorized access
+
+  @regression
+  Scenario: Account transaction history returns empty data for boundary condition
+    Given the user has a valid session
+    And the user specifies an account_id with no transaction history
+    When the user sends a POST request to /app/account_transaction_history
+    Then the response status should be 200
+    And the response body should contain an empty transaction history list
+
+  @regression
+  Scenario: Account transaction history returns large dataset
+    Given the user has a valid session
+    And the user specifies an account_id with a large transaction history dataset
+    When the user sends a POST request to /app/account_transaction_history
+    Then the response status should be 200
+    And the response body should contain more than 1000 account transaction history items
diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_authcontroller.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_authcontroller.feature
@@ -0,0 +1,85 @@
+Feature: User Authentication and Logout REST API
+
+  Background:
+    Given the API is available
+
+  @smoke
+  Scenario: Successful login with valid credentials
+    Given a user exists with email "user@example.com" and password "correct_password" and is verified
+    When the client sends a POST request to "/login" with body:
+      | email           | password         |
+      | user@example.com | correct_password |
+    Then the response status should be 200
+    And the response body should contain "Authentication confirmed"
+    And a session cookie is set
+
+  @smoke
+  Scenario: Successful logout with valid session
+    Given the client is authenticated via a session cookie
+    When the client sends a GET request to "/logout" with the session cookie
+    Then the response status should be 200
+    And the response body should contain "Logged out"
+    And the session cookie should be cleared
+
+  @regression
+  Scenario: Login attempt with incorrect password
+    Given a user exists with email "user@example.com" and password "correct_password" and is verified
+    When the client sends a POST request to "/login" with body:
+      | email           | password         |
+      | user@example.com | wrong_password   |
+    Then the response status should be 401
+    And the response body should contain "Incorrect credentials"
+    And no session cookie is set
+
+  @regression
+  Scenario: Login attempt with missing email and password
+    When the client sends a POST request to "/login" with body:
+      | email | password |
+      |       |         |
+    Then the response status should be 400
+    And the response body should contain "Username/Password empty"
+    And no session cookie is set
+
+  @regression
+  Scenario: Login attempt with unverified user
+    Given a user exists with email "unverified@example.com" and password "pass1234" and is NOT verified
+    When the client sends a POST request to "/login" with body:
+      | email                | password  |
+      | unverified@example.com | pass1234 |
+    Then the response status should be 403
+    And the response body should contain "Verification required"
+    And no session cookie is set
+
+  @regression
+  Scenario: Login attempt with email not found
+    Given no user exists with email "nonexistent@example.com"
+    When the client sends a POST request to "/login" with body:
+      | email                | password     |
+      | nonexistent@example.com | somepass      |
+    Then the response status should be 500
+    And the response body should contain "Email not found"
+    And no session cookie is set
+
+  @regression
+  Scenario: Logout attempt without session cookie
+    When the client sends a GET request to "/logout" without a session cookie
+    Then the response status should be 200
+    And the response body should contain "Logged out"
+    And no session cookie should be present
+
+  @regression
+  Scenario: Logout attempt with an expired session cookie
+    Given the client has an expired session cookie
+    When the client sends a GET request to "/logout" with the expired session cookie
+    Then the response status should be 200
+    And the response body should contain "Logged out"
+    And the session cookie should be cleared
+
+  @regression
+  Scenario: Login attempt with invalid email format
+    When the client sends a POST request to "/login" with body:
+      | email      | password   |
+      | bad-email  | test1234   |
+    Then the response status should be 400
+    And the response body should contain "Username/Password empty"
+    And no session cookie is set
diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_registercontroller.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_registercontroller.feature
@@ -0,0 +1,76 @@
+Feature: User Registration API
+
+  Background:
+    Given the API is available
+
+  @smoke
+  Scenario: Successful user registration
+    When I send a POST request to /register with the body:
+      | first_name | last_name | email               | password    |
+      | John       | Doe       | john.doe@email.com  | StrongPass1 |
+    And the query parameter "confirm_password" is "StrongPass1"
+    Then the response code should be 200
+    And the response body should contain:
+      | success | true        |
+      | message | User registered successfully |
+
+  @regression
+  Scenario: Registration fails when required fields are missing
+    When I send a POST request to /register with the body:
+      | first_name | last_name | email               | password |
+      |            | Doe       | john.doe@email.com  | StrongPass1 |
+    And the query parameter "confirm_password" is "StrongPass1"
+    Then the response code should be 400
+    And the response body should contain:
+      | error | "first_name is required" |
+
+  @regression
+  Scenario: Registration fails when first_name is too short
+    When I send a POST request to /register with the body:
+      | first_name | last_name | email              | password    |
+      | Jo         | Doe       | jo.doe@email.com   | StrongPass1 |
+    And the query parameter "confirm_password" is "StrongPass1"
+    Then the response code should be 400
+    And the response body should contain:
+      | error | "first_name must be at least 3 characters" |
+
+  @regression
+  Scenario: Registration fails when last_name is too short
+    When I send a POST request to /register with the body:
+      | first_name | last_name | email              | password    |
+      | John       | Do        | john.do@email.com  | StrongPass1 |
+    And the query parameter "confirm_password" is "StrongPass1"
+    Then the response code should be 400
+    And the response body should contain:
+      | error | "last_name must be at least 3 characters" |
+
+  @regression
+  Scenario: Registration fails with invalid email format
+    When I send a POST request to /register with the body:
+      | first_name | last_name | email      | password    |
+      | Jane       | Smith     | janesmith  | StrongPass1 |
+    And the query parameter "confirm_password" is "StrongPass1"
+    Then the response code should be 400
+    And the response body should contain:
+      | error | "email must be a valid email address" |
+
+  @regression
+  Scenario: Registration fails when password and confirm_password do not match
+    When I send a POST request to /register with the body:
+      | first_name | last_name | email                | password    |
+      | Alice      | Johnson   | alice.j@email.com    | StrongPass1 |
+    And the query parameter "confirm_password" is "WrongPass2"
+    Then the response code should be 400
+    And the response body should contain:
+      | error | "passwords do not match" |
+
+  @regression
+  Scenario: Registration fails when email is already registered
+    Given a user exists with email "bob@example.com"
+    When I send a POST request to /register with the body:
+      | first_name | last_name | email             | password    |
+      | Bob        | Builder   | bob@example.com   | StrongPass1 |
+    And the query parameter "confirm_password" is "StrongPass1"
+    Then the response code should be 400
+    And the response body should contain:
+      | error | "email already registered" |