TestlumFramework · VadymKostenkoTestlum · Mar 31, 2026 · Apr 1, 2026 · Apr 3, 2026 · Apr 3, 2026
diff --git a/REGRESSION/resources/config-ci-regression-mobile.xml b/REGRESSION/resources/config-ci-regression-mobile.xml
@@ -8,6 +8,9 @@
     <delayBetweenScenarioRuns seconds="1" enabled="true"/>
 
     <runScenariosByTag enabled="true">
+        <tag name="httpGeneral" enabled="true"/>
+        <tag name="httpAuth" enabled="true"/>
+
         <tag name="web" enabled="false"/>
         <tag name="mobilebrowser" enabled="false"/>
         <tag name="mobilebrowser-healthcheck" enabled="true"/>

diff --git a/REGRESSION/resources/config-ci-regression-windows.xml b/REGRESSION/resources/config-ci-regression-windows.xml
@@ -8,6 +8,9 @@
     <delayBetweenScenarioRuns seconds="1" enabled="true"/>
 
     <runScenariosByTag enabled="true">
+        <tag name="httpGeneral" enabled="true"/>
+        <tag name="httpAuth" enabled="true"/>
+
         <tag name="web" enabled="false"/>
         <tag name="mobilebrowser" enabled="false"/>
         <tag name="mobilebrowser-healthcheck" enabled="false"/>

diff --git a/REGRESSION/resources/config-ci-regression.xml b/REGRESSION/resources/config-ci-regression.xml
@@ -8,6 +8,8 @@
     <delayBetweenScenarioRuns seconds="1" enabled="true"/>
 
     <runScenariosByTag enabled="true">
+        <tag name="httpGeneral" enabled="true"/>
+        <tag name="httpAuth" enabled="true"/>
         <tag name="web" enabled="true"/>
         <tag name="mobilebrowser" enabled="false"/>
         <tag name="mobilebrowser-healthcheck" enabled="false"/>

diff --git a/REGRESSION/resources/config-local.xml b/REGRESSION/resources/config-local.xml
@@ -8,6 +8,9 @@
     <delayBetweenScenarioRuns seconds="1" enabled="false"/>
 
     <runScenariosByTag enabled="true">
+        <tag name="httpGeneral" enabled="true"/>
+        <tag name="httpAuth" enabled="true"/>
+
         <tag name="web" enabled="true"/>
         <tag name="mobilebrowser" enabled="false"/>
         <tag name="mobilebrowser-healthcheck" enabled="false"/>

diff --git a/REGRESSION/resources/config/ci-windows/integration.xml b/REGRESSION/resources/config/ci-windows/integration.xml
@@ -11,6 +11,11 @@
         </api>
         <api alias="CAT_FACTS" url="https://catfact.ninja/" enabled="false"/>
         <api alias="MULTIPART" url="https://postman-echo.com" enabled="false"/>
+        <api alias="MEGA_APP_CUSTOM" url="http://mega-test-api:8080/api/v1" enabled="true">
+            <auth authStrategy="custom"
+                  authCustomClassName="com.knubisoft.testlum.testing.framework.auth.CustomAuth"
+                  autoLogout="true"/>
+        </api>
     </apis>
 
     <websockets>

diff --git a/REGRESSION/resources/config/ci/integration.xml b/REGRESSION/resources/config/ci/integration.xml
@@ -11,6 +11,9 @@
         </api>
         <api alias="CAT_FACTS" url="https://catfact.ninja/" enabled="true"/>
         <api alias="MULTIPART" url="https://postman-echo.com" enabled="true"/>
+        <api alias="MEGA_APP_CUSTOM" url="http://mega-test-api:8080/api/v1" enabled="true">
+            <auth authStrategy="custom" authCustomClassName="com.knubisoft.testlum.testing.framework.auth.CustomAuth" autoLogout="true"/>
+        </api>
     </apis>
 
     <websockets>

diff --git a/REGRESSION/resources/config/local/static/integration.xml b/REGRESSION/resources/config/local/static/integration.xml
@@ -11,6 +11,9 @@
         </api>
         <api alias="CAT_FACTS" url="https://catfact.ninja/" enabled="true"/>
         <api alias="MULTIPART" url="https://postman-echo.com" enabled="true"/>
+        <api alias="MEGA_APP_CUSTOM" url="http://localhost:8080/api/v1" enabled="true">
+            <auth authStrategy="custom" authCustomClassName="com.knubisoft.testlum.testing.framework.auth.CustomAuth" autoLogout="true"/>
+        </api>
     </apis>
 
     <websockets>

diff --git a/REGRESSION/resources/config/local/vault/integration.xml b/REGRESSION/resources/config/local/vault/integration.xml
@@ -11,6 +11,9 @@
         </api>
         <api alias="CAT_FACTS" url="https://catfact.ninja/" enabled="true"/>
         <api alias="MULTIPART" url="https://postman-echo.com" enabled="true"/>
+        <api alias="MEGA_APP_CUSTOM" url="http://localhost:8080/api/v1" enabled="true">
+            <auth authStrategy="custom" authCustomClassName="com.knubisoft.testlum.testing.framework.auth.CustomAuth" autoLogout="true"/>
+        </api>
     </apis>
 
     <websockets>

diff --git a/REGRESSION/resources/data/credentials/http-auth-user-basic.json b/REGRESSION/resources/data/credentials/http-auth-user-basic.json
@@ -0,0 +1,4 @@
+{
+  "username": "testlum",
+  "password": "123456"
+}
diff --git a/REGRESSION/resources/data/credentials/http-auth-user-custom.json b/REGRESSION/resources/data/credentials/http-auth-user-custom.json
@@ -0,0 +1,4 @@
+{
+  "clientId": "testlum-client",
+  "clientSecret": "super-secret"
+}
diff --git a/REGRESSION/resources/data/credentials/http-auth-user-jwt.json b/REGRESSION/resources/data/credentials/http-auth-user-jwt.json
@@ -0,0 +1,4 @@
+{
+  "username": "testlum",
+  "password": "123456"
+}
diff --git a/REGRESSION/resources/data/variations/httpRepeat.csv b/REGRESSION/resources/data/variations/httpRepeat.csv
@@ -0,0 +1,4 @@
+name,description,status,category,expectedPost,expectedGet
+RepeatEntity1,Repeat Description 1,NEW,REPEAT,expected_1_1,expected_3_1
+RepeatEntity2,Repeat Description 2,ACTIVE,REPEAT,expected_1_2,expected_3_2
+RepeatEntity3,Repeat Description 3,INACTIVE,REPEAT,expected_1_3,expected_3_3
diff --git a/REGRESSION/resources/data/variations/httpVariations.csv b/REGRESSION/resources/data/variations/httpVariations.csv
@@ -0,0 +1,4 @@
+name,description,status,category,expectedPost,expectedGet
+VarEntity1,Description 1,NEW,VAR,expected_1_1,expected_3_1
+VarEntity2,Description 2,ACTIVE,VAR,expected_1_2,expected_3_2
+VarEntity3,Description 3,INACTIVE,VAR,expected_1_3,expected_3_3
diff --git a/REGRESSION/resources/data/variations/jwtVariations.csv b/REGRESSION/resources/data/variations/jwtVariations.csv
@@ -0,0 +1,4 @@
+username,password,expectedLogin,expectedResource
+testlum1,123456,expected_1_1,expected_3_1
+testlum2,123456,expected_1_2,expected_3_2
+testlum3,123456,expected_1_3,expected_3_3
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthBasic/expected_2.json b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthBasic/expected_2.json
@@ -0,0 +1,6 @@
+[
+  {
+    "username": "testlum",
+    "role": "ADMIN"
+  }
+]
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthBasic/expected_3.json b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthBasic/expected_3.json
@@ -0,0 +1,4 @@
+{
+  "username" : "Ronaldo",
+  "role" : "USER"
+}
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthBasic/expected_4.json b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthBasic/expected_4.json
@@ -0,0 +1,7 @@
+[ {
+  "username" : "testlum",
+  "role" : "ADMIN"
+}, {
+  "username" : "Ronaldo",
+  "role" : "USER"
+} ]
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthBasic/scenario.xml b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthBasic/scenario.xml
@@ -0,0 +1,85 @@
+<scenario xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xmlns="http://www.knubisoft.com/testlum/testing/model/scenario"
+          xsi:schemaLocation="http://www.knubisoft.com/testlum/testing/model/scenario scenario.xsd">
+
+    <overview>
+        <description>
+            This scenario verifies Basic Authentication functionality using the auth command.
+
+            Test flow includes:
+            1. Apply Basic Auth header using credentials from file via auth tag.
+            2. Send GET request to retrieve list of users and verify response status = 200.
+            3. Validate response headers (X-Auth-Type = BASIC).
+            4. Send POST request to create a new user using authenticated context.
+            5. Verify response status = 200 and validate response body.
+            6. Send GET request again to verify that the new user was successfully added.
+            7. Validate updated response body and headers.
+            8. Exit auth block (automatic logout if enabled).
+            9. Send DELETE request to reset test data and ensure test isolation.
+
+            This scenario validates:
+            - Basic Auth header injection via auth command
+            - Authorization handling on protected endpoints
+            - Authenticated access to GET and POST endpoints
+            - Response header validation
+            - State mutation (user creation) under authorized context
+            - Test data cleanup via reset endpoint
+        </description>
+        <name>Auth Basic</name>
+        <developer>Vadym Kostenko</developer>
+    </overview>
+
+    <settings truncateStorages="true">
+        <tags>httpAuth</tags>
+    </settings>
+
+    <auth comment="Apply Basic Auth header"
+          apiAlias="MEGA_APP_BASIC"
+          credentials="http-auth-user-basic.json"
+          loginEndpoint="/ignore">
+
+        <http comment="Check ability to get users inside auth block"
+              alias="MEGA_APP_BASIC">
+            <get endpoint="/api/test/auth/basic/users">
+                <response code="200" file="expected_2.json"/>
+                <header name="X-Auth-Type" data="BASIC"/>
+            </get>
+        </http>
+
+        <http comment="Check ability to create new user inside auth block"
+              alias="MEGA_APP_BASIC">
+            <post endpoint="/api/test/auth/basic/users">
+                <response code="200" file="expected_3.json"/>
+                <header name="Content-Type" data="application/json"/>
+                <header name="X-Auth-Type" data="BASIC"/>
+                <body>
+                    <raw>
+                        {
+                        "username": "Ronaldo",
+                        "password": "kris123",
+                        "role": "USER"
+                        }
+                    </raw>
+                </body>
+            </post>
+        </http>
+
+        <http comment="Check ability to get users list after creating new user"
+              alias="MEGA_APP_BASIC">
+            <get endpoint="/api/test/auth/basic/users">
+                <response code="200" file="expected_4.json"/>
+                <header name="X-Auth-Type" data="BASIC"/>
+            </get>
+        </http>
+
+    </auth>
+
+    <http comment="Reset basic auth test data after auth block"
+          alias="MEGA_APP_BASIC">
+        <delete endpoint="/api/test/auth/basic/reset">
+            <response code="200"/>
+            <header name="X-Auth-Type" data="BASIC"/>
+        </delete>
+    </http>
+
+</scenario>
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCondition/expected_1.json b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCondition/expected_1.json
@@ -0,0 +1,3 @@
+{
+  "token" : "p(any)"
+}
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCondition/expected_4.json b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCondition/expected_4.json
@@ -0,0 +1,3 @@
+{
+  "username" : "testlum"
+}
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCondition/expected_6.json b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCondition/expected_6.json
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCondition/scenario.xml b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCondition/scenario.xml
@@ -0,0 +1,91 @@
+<scenario xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xmlns="http://www.knubisoft.com/testlum/testing/model/scenario"
+          xsi:schemaLocation="http://www.knubisoft.com/testlum/testing/model/scenario scenario.xsd">
+
+    <overview>
+        <name>Auth JWT Condition</name>
+        <description>
+            This scenario verifies interaction between JWT authentication flow and condition command.
+
+            Test flow includes:
+            1. Send POST login request with valid credentials.
+            2. Verify login response = 200.
+            3. Extract JWT token from response.
+            4. Create condition based on extracted token.
+            5. Send GET request to protected resource only if condition is true.
+            6. Verify protected response = 200.
+            7. Create false condition.
+            8. Send GET request with false condition (should be skipped).
+            9. Reset JWT auth state after test.
+
+            This scenario validates:
+            - JWT login flow
+            - Token extraction
+            - Condition creation based on auth result
+            - Conditional execution of protected requests
+        </description>
+        <developer>Vadym Kostenko</developer>
+    </overview>
+
+    <settings truncateStorages="true">
+        <tags>httpAuth</tags>
+    </settings>
+
+    <http comment="Step 1-2. Login and get JWT token"
+          alias="MEGA_APP">
+        <post endpoint="/api/test/auth/jwt/login">
+            <response code="200" file="expected_1.json"/>
+            <header name="Content-Type" data="application/json"/>
+            <body>
+                <raw>
+                    {
+                    "username": "testlum",
+                    "password": "123456"
+                    }
+                </raw>
+            </body>
+        </post>
+    </http>
+
+    <var comment="Step 3. Extract JWT token from login response"
+         name="token">
+        <path value="$.token"/>
+    </var>
+
+    <condition comment="Step 4. Verify token is not empty"
+               name="tokenExists"
+               spel="'{{token}}' != null and '{{token}}' != ''"/>
+
+    <http comment="Step 5-6. Access protected resource only if token exists"
+          alias="MEGA_APP"
+          condition="tokenExists">
+        <get endpoint="/api/test/auth/jwt/resource">
+            <response code="200" file="expected_4.json"/>
+            <header name="Authorization" data="Bearer {{token}}"/>
+            <header name="X-Auth-Type" data="JWT"/>
+        </get>
+    </http>
+
+    <condition comment="Step 7. Create false condition"
+               name="neverExecute"
+               spel="'1' == '2'"/>
+
+    <http comment="Step 8. This request should not execute because condition is false"
+          alias="MEGA_APP"
+          condition="neverExecute">
+        <get endpoint="/api/test/auth/jwt/resource">
+            <response code="200" file="expected_6.json"/>
+            <header name="Authorization" data="Bearer {{token}}"/>
+            <header name="X-Auth-Type" data="JWT"/>
+        </get>
+    </http>
+
+    <http comment="Step 9. Reset JWT auth state after test"
+          alias="MEGA_APP">
+        <delete endpoint="/api/test/auth/jwt/reset">
+            <response code="200"/>
+            <header name="X-Auth-Type" data="JWT"/>
+        </delete>
+    </http>
+
+</scenario>
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCustom/authTag/expected_2.json b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCustom/authTag/expected_2.json
@@ -0,0 +1,4 @@
+{
+  "message" : "Custom auth access granted",
+  "authType" : "CUSTOM"
+}
diff --git a/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCustom/authTag/expected_4.json b/REGRESSION/resources/scenarios/newHttp/httpAuth/httpAuthCustom/authTag/expected_4.json
@@ -0,0 +1,5 @@
+{
+  "status" : "UNAUTHORIZED",
+  "message" : "Missing Authorization header",
+  "timestamp" : "p(any)"
+}