Functional (using Source code) (Java) generated by RoostGPT

Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_account.feature

@@ -0,0 +1,105 @@
+Feature: Create Bank Account via REST API
+
+  As a logged-in user,
+  I want to create a new bank account with a valid name and account type,
+  So that I can manage multiple accounts in my banking application.
+
+  Background:
+    Given the API endpoint "/account/create_account" is available
+    And a user with id "12345" exists in the system
+
+  @smoke
+  Scenario: Successful account creation with valid data
+    Given the user is authenticated with session user id "12345"
+    And the request body contains:
+      | account_name  | account_type |
+      | "Savings"     | "Checking"   |
+    When I POST to "/account/create_account"
+    Then the response status should be 200
+    And the response body should contain a list of accounts including an account with:
+      | account_name  | account_type |
+      | "Savings"     | "Checking"   |
+
+  @regression
+  Scenario: Create account with missing account_name
+    Given the user is authenticated with session user id "12345"
+    And the request body contains:
+      | account_type |
+      | "Checking"   |
+    When I POST to "/account/create_account"
+    Then the response status should be 400
+    And the response body should include an error message indicating account_name is required
+
+  @regression
+  Scenario: Create account with missing account_type
+    Given the user is authenticated with session user id "12345"
+    And the request body contains:
+      | account_name |
+      | "Personal"   |
+    When I POST to "/account/create_account"
+    Then the response status should be 400
+    And the response body should include an error message indicating account_type is required
+
+  @regression
+  Scenario: Create account with completely missing body
+    Given the user is authenticated with session user id "12345"
+    And the request body is empty
+    When I POST to "/account/create_account"
+    Then the response status should be 400
+    And the response body should include an error message indicating required fields are missing
+
+  @regression
+  Scenario: Create account when not authenticated
+    Given the user is not authenticated (no session user)
+    And the request body contains:
+      | account_name  | account_type |
+      | "Savings"     | "Checking"   |
+    When I POST to "/account/create_account"
+    Then the response status should be 401
+    And the response body should include an error message indicating authentication is required
+
+  @regression
+  Scenario: Create account with account_name at boundary length (min/max)
+    Given the user is authenticated with session user id "12345"
+    And the request body contains:
+      | account_name              | account_type |
+      | "A"                       | "Checking"   |
+    When I POST to "/account/create_account"
+    Then the response status should be 200
+    And the response body should contain an account with account_name "A"
+
+    Given the user is authenticated with session user id "12345"
+    And the request body contains:
+      | account_name                              | account_type |
+      | "ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ" | "Savings" |
+    When I POST to "/account/create_account"
+    Then the response status should be 200
+    And the response body should contain an account with account_name "ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+  @regression
+  Scenario: Create account with account_name or account_type as whitespace
+    Given the user is authenticated with session user id "12345"
+    And the request body contains:
+      | account_name  | account_type |
+      | "   "         | "Checking"   |
+    When I POST to "/account/create_account"
+    Then the response status should be 400
+    And the response body should include an error message indicating account_name is invalid
+
+    Given the user is authenticated with session user id "12345"
+    And the request body contains:
+      | account_name  | account_type |
+      | "Home"        | "   "        |
+    When I POST to "/account/create_account"
+    Then the response status should be 400
+    And the response body should include an error message indicating account_type is invalid
+
+  @regression
+  Scenario: Create account with invalid account_type value
+    Given the user is authenticated with session user id "12345"
+    And the request body contains:
+      | account_name  | account_type |
+      | "Investment"  | "InvalidType" |
+    When I POST to "/account/create_account"
+    Then the response status should be 400
+    And the response body should include an error message indicating account_type is invalid

Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_account_transaction_history.feature

@@ -0,0 +1,51 @@
+Feature: Account Transaction History API
+
+  The POST /app/account_transaction_history endpoint returns the transaction history for a specified account.
+  It requires authentication and a valid account_id in the request body.
+
+  @smoke
+  Scenario: Successful retrieval of transaction history for an existing account
+    Given a logged-in user with session "valid_session_token"
+    And the user owns an account with account_id "ACC123"
+    And the account "ACC123" has transactions
+    When the user sends a POST request to "/app/account_transaction_history" with JSON body:
+      | account_id | ACC123 |
+    Then the response status should be 200
+    And the response body should contain a "transaction_history" array
+    And the "transaction_history" array should have at least one transaction
+
+  @regression
+  Scenario: Unauthorized access when session is missing
+    Given no session is present
+    When the user sends a POST request to "/app/account_transaction_history" with JSON body:
+      | account_id | ACC123 |
+    Then the response status should be 401
+    And the response body should contain an error message "Unauthorized"
+
+  @regression
+  Scenario: Missing account_id in request body
+    Given a logged-in user with session "valid_session_token"
+    When the user sends a POST request to "/app/account_transaction_history" with JSON body:
+      | account_id |       |
+    Then the response status should be 400
+    And the response body should contain an error message "Missing account_id"
+
+  @regression
+  Scenario: Invalid account_id not owned by user
+    Given a logged-in user with session "valid_session_token"
+    And the account_id "ACC999" exists but is not owned by the user
+    When the user sends a POST request to "/app/account_transaction_history" with JSON body:
+      | account_id | ACC999 |
+    Then the response status should be 400
+    And the response body should contain an error message "Invalid account_id"
+
+  @regression
+  Scenario: Account with no transactions
+    Given a logged-in user with session "valid_session_token"
+    And the user owns an account with account_id "ACC456"
+    And the account "ACC456" has no transactions
+    When the user sends a POST request to "/app/account_transaction_history" with JSON body:
+      | account_id | ACC456 |
+    Then the response status should be 200
+    And the response body should contain a "transaction_history" array
+    And the "transaction_history" array should be empty

Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_app.feature

@@ -0,0 +1,70 @@
+Feature: Account Data Retrieval
+  As an authenticated user
+  I want to retrieve my dashboard, payment history, and transaction history
+  So that I can view my financial data securely
+
+  @smoke
+  Scenario: Successful dashboard retrieval
+    Given I am an authenticated user with account data
+    When I send a GET request to "/app/dashboard"
+    Then the response status should be 200
+    And the response should contain "userAccounts" as a non-empty array
+    And the response should contain "totalBalance" as a number
+
+  @regression
+  Scenario: Unauthorized dashboard retrieval
+    Given I am not authenticated
+    When I send a GET request to "/app/dashboard"
+    Then the response status should be 401
+    And the response should not contain "userAccounts"
+    And the response should not contain "totalBalance"
+
+  @regression
+  Scenario: Dashboard with no accounts
+    Given I am an authenticated user with no account data
+    When I send a GET request to "/app/dashboard"
+    Then the response status should be 200
+    And the response should contain "userAccounts" as an empty array
+    And the response should contain "totalBalance" as 0
+
+  @smoke
+  Scenario: Payment history with data
+    Given I am an authenticated user with payment history data
+    When I send a GET request to "/app/payment_history"
+    Then the response status should be 200
+    And the response should contain "payment_history" as a non-empty array
+
+  @regression
+  Scenario: Payment history with no data
+    Given I am an authenticated user with no payment history data
+    When I send a GET request to "/app/payment_history"
+    Then the response status should be 200
+    And the response should contain "payment_history" as an empty array
+
+  @regression
+  Scenario: Unauthorized payment history retrieval
+    Given I am not authenticated
+    When I send a GET request to "/app/payment_history"
+    Then the response status should be 401
+    And the response should not contain "payment_history"
+
+  @smoke
+  Scenario: Transaction history with data
+    Given I am an authenticated user with transaction history data
+    When I send a GET request to "/app/transaction_history"
+    Then the response status should be 200
+    And the response should contain "transaction_history" as a non-empty array
+
+  @regression
+  Scenario: Transaction history with no data
+    Given I am an authenticated user with no transaction history data
+    When I send a GET request to "/app/transaction_history"
+    Then the response status should be 200
+    And the response should contain "transaction_history" as an empty array
+
+  @regression
+  Scenario: Unauthorized transaction history retrieval
+    Given I am not authenticated
+    When I send a GET request to "/app/transaction_history"
+    Then the response status should be 401
+    And the response should not contain "transaction_history"

Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_auth.feature

@@ -0,0 +1,111 @@
+Feature: User Login
+
+  Background:
+    Given the API is available
+
+  @smoke
+  Scenario: Successful login with valid credentials
+    Given a registered user with email "test.user@example.com" and password "ValidPassword123"
+    When the user logs in with email "test.user@example.com" and password "ValidPassword123"
+    Then the response status should be 200
+    And the response should contain an access_token and a message
+
+  @regression
+  Scenario: Login with missing email
+    When the user logs in with email "" and password "ValidPassword123"
+    Then the response status should be 400
+    And the response should indicate that the email field is missing
+
+  @regression
+  Scenario: Login with missing password
+    When the user logs in with email "test.user@example.com" and password ""
+    Then the response status should be 400
+    And the response should indicate that the password field is missing
+
+  @regression
+  Scenario: Login with both fields missing
+    When the user logs in with email "" and password ""
+    Then the response status should be 400
+    And the response should indicate that email and password fields are missing
+
+  @regression
+  Scenario: Login with invalid email format
+    When the user logs in with email "invalid-email-format" and password "ValidPassword123"
+    Then the response status should be 400
+    And the response should indicate that the email format is invalid
+
+  @regression
+  Scenario: Login with invalid credentials
+    When the user logs in with email "test.user@example.com" and password "WrongPassword"
+    Then the response status should be 401
+    And the response should indicate bad credentials
+
+  @regression
+  Scenario: Login with unverified account
+    Given the user account is registered but not verified
+    When the user logs in with email "test.unverified@example.com" and password "ValidPassword123"
+    Then the response status should be 403
+    And the response should indicate the account is not verified
+
+  @regression
+  Scenario: Login with unknown email
+    When the user logs in with email "unknown@example.com" and password "AnyPassword"
+    Then the response status should be 500
+    And the response should indicate that the email was not found
+
+  @regression
+  Scenario: Login with blank spaces in email and password fields
+    When the user logs in with email "   " and password "   "
+    Then the response status should be 400
+    And the response should indicate that email and password fields are missing
+
+  @regression
+  Scenario: Login without authentication header
+    When the user logs in with email "test.user@example.com" and password "ValidPassword123" but without authentication header
+    Then the response status should be 401
+    And the response should indicate missing or invalid authentication
+
+  @regression
+  Scenario: Login with excessively long email and password fields
+    When the user logs in with email "longemailuser12345678901234567890123456789012345678901234567890@example.com" and password "VeryLongPasswordThatExceedsMaxLimit12345678901234567890"
+    Then the response status should be 400
+    And the response should indicate field length validation errors
+
+  @regression
+  Scenario: Login with SQL injection attempt in email and password
+    When the user logs in with email "' OR 1=1; -- " and password "' OR 1=1; -- "
+    Then the response status should be 401
+    And the response should indicate bad credentials
+
+Feature: Logout Functionality
+
+  The /logout endpoint allows users to end their session. 
+  These scenarios cover successful and unsuccessful logout attempts under different authentication conditions.
+
+  @smoke @logout
+  Scenario: Successful logout when logged in
+    Given the user is authenticated with a valid session token
+    When the user sends a GET request to /logout with the session token
+    Then the response status should be 200
+    And the response body should contain a confirmation message "You have been logged out successfully."
+
+  @regression @logout
+  Scenario: Logout attempt with no active session
+    Given the user does not have any session token
+    When the user sends a GET request to /logout without authentication headers
+    Then the response status should be 401
+    And the response body should contain an error message "No active session found."
+
+  @regression @logout
+  Scenario: Logout attempt with expired session
+    Given the user is authenticated with an expired session token
+    When the user sends a GET request to /logout with the expired session token
+    Then the response status should be 401
+    And the response body should contain an error message "Session has expired. Please log in again."
+
+  @regression @logout
+  Scenario: Logout attempt with invalid session token
+    Given the user is authenticated with an invalid session token
+    When the user sends a GET request to /logout with the invalid session token
+    Then the response status should be 401
+    And the response body should contain an error message "Invalid session token."