Successful Logon and Logoff
1. Create a Web Socket connection with Web API server.
2. Send Logon message with valid credentials - user_name, password, client_app_id, private_label, client_version, protocol_version_minor, protocol_version_major.
3. Receive LogonResult with result_code='SUCCESS', session_token, base_time, user_id, and server_time.
4. (Note that time attributes that are 64-bit signed integers contain offset in milliseconds from base_time attribute of the logon and session restore/join results. E.g. your logon_time=base_time+server_time. Find more API rules in webapi_2.proto)
5. Send Logoff message.
6. Receive LoggedOff with logoff_reason=’ BY_REQUEST’.
7. (Note: the session_token in the LogonResult is a key information to provide in trouble shootings.)
Invalid Logon
1. Send Logon message with invalid credentials - user_name, password, client_app_id, private_label.
2. Receive LogonResult with result_code='FAILURE'.
Expired Password
(This test should be skipped, but clients must catch the exception.)
1. Send a Logon message with expired password.
2. Receive LogonResult with result_code='PASSWORD_EXPIRED'.
Concurrent Session
1. Send Logon message with valid credentials - user_name, password, client_app_id, private_label, client_version, protocol_version_minor, protocol_version_major.
2. Receive LogonResult with result_code='SUCCESS'.
3. Send a Logon message with the same credentials and drop_concurrent_session=true.
4. Receive LogonResult with result_code='SUCCESS'.
5. Expect the concurrent session to be disconnected.
6. Send Logoff message.
Successful Session Restoration After Disconnect
1. Send Logon message with valid credentials - user_name, password, client_app_id, private_label, client_version, session_settings=1(SESSION_SETTING_ALLOW_SESSION_RESTORE) , protocol_version_minor, protocol_version_major.
2. Disconnect the user ungracefully.
3. Send RestoreOrJoinSession message with previously obtained session token and client_app_id, protocol_version_minor, protocol_version_major within 60 seconds.
4. Receive RestoreOrJoinSessionResult with result_code='RESULT_CODE_SUCCESS'.
Restore Session with Invalid Session Token
1. Send Logon message with valid credentials - user_name, password, client_app_id, private_label, client_version, session_settings=1 (SESSION_SETTING_ALLOW_SESSION_RESTORE) , protocol_version_minor, protocol_version_major.
2. Disconnect the user ungracefully.
3. Send RestoreOrJoinSession message with an invalid session token and client_app_id, protocol_version_minor, protocol_version_major within 60 seconds.
4. Receive RestoreOrJoinSessionResult with result_code='RESULT_CODE_UNKNOWN_SESSION'.
Successful Password Change
1. Send Logon message with valid credentials - user_name, password, client_app_id, private_label, client_version, protocol_version_minor, protocol_version_major.
2. Receive LogonResult with result_code='SUCCESS'.
3. Send PasswordChange with oldPassword and newPassword.
4. Receive PasswordChangeResult with result_code='SUCCESS'.
Invalid Password Change
1. Send Logon message with valid credentials - user_name, password, client_app_id, private_label, client_version, protocol_version_minor, protocol_version_major.
2. Receive LogonResult with result_code='SUCCESS'.
3. Send PasswordChange with invalid oldPassword and newPassword.
4. Receive PasswordChangeResult with result_code= ‘FAILURE’.
Ping Pong Messages
1. Send Logon message with valid credentials - user_name, password, client_app_id, private_label, client_version, protocol_version_minor, protocol_version_major.
2. Receive LogonResult with result_code='SUCCESS'.
3. Receive Ping with token='WebAPI Server Heartbeat' and ping_utc_time after 30 seconds
4. Send Pong with token='WebAPI Server Heartbeat', ping_utc_time, and pong_utc_time.
5. Receive UserMessages with message_type='MESSAGE_TYPE_LOG' and text= 'No response to server ping request sent 30 seconds ago.' if failed to respond within 30 seconds.
User Messages
This is an untestable feature, but clients must catch the messages. Please find the UserMessage in user_session_2.proto.
Applications need to log all UserMessages, display CRITICAL_ERROR, WARNING, and INFO types, but hide LOG type to users.
Successful Logon with One-Time Password
This test can be skipped if a client does not need to use ‘one_time_password’ parameter.
1. Send a Logon message for a user that requires one time password with correct credentials - user_name, password, oneTimePassword, client_app_id, private_label, client_version, protocol_version_minor, protocol_version_major.
2. Receive LogonResult with result_code='SUCCESS'.
3. Send Logoff message.
4. Receive LoggedOff with logoff_reason=’ BY_REQUEST’.
5. Send a Logon message without specifying oneTimePassword.
6. Receive LogonResult with result_code=’NO_ONETIME_PASSWORD’.