2FA Authorization Test

n/n	Description	Inputs	Expected Result	Step by Step Script	Actual Result
WS: BlockUser, UnblockUser
2FA_user_BU1	Block user (happy pass)	WS = BlockUser() Authorization - Mithril Admin	Response 200 Update user in DB (is_blocked, block_reason).	Login as Mithril Admin Call BlockUser()	OK
2FA_user_BU2	Block user (bad user_id)	WS = BlockUser() Authorization - Mithril Admin Corrupted user_id	Response 404	Login as Mithril Admin Call BlockUser()	OK
2FA_user_BU3	Block user (without scope )	WS = BlockUser() Authorization - NHS Admin	Response 403	Login as NHS Admin Call BlockUser()	OK
2FA_user_BU4	UnBlock user (happy pass)	WS = UnBlockUser() Authorization - Mithril Admin	Response 200 Update user in DB (is_blocked).	Login as Mithril Admin Call UnBlockUser()	OK
2FA_user_BU5	UnBlock user (bad user_id)	WS = UnBlockUser() Authorization - Mithril Admin Corrupted user_id	Response 404	Login as Mithril Admin Call UnBlockUser()	OK
2FA_user_BU6	UnBlock user (without scope )	WS = UnBlockUser() Authorization - NHS Admin	Response 403	Login as NHS Admin Call UnBlockUser()	OK
WS: Create2FA
2FA_create_FA1	Create FA item (happy pass)	WS = Create2FA() DELETE 2FA item with type `SMS` Authorization - Mithril Admin	Response 201 Create 2FA item in DB	Login as Mithril Admin Check not-exist 2FA item for user Call Create2FA()	OK
2FA_create_FA2	Create FA item (try create duplicate with type)	WS = BlockUser() DELETE 2FA item with type `SMS` Authorization - Mithril Admin	Response 422	Login as Mithril Admin Check exist 2FA item for user with type SMS Call Create2FA()	OK
2FA_create_FA3	Create FA item (with bad type	WS = BlockUser() Use Corrupted type `ID_ID` Authorization - Mithril Admin	Response 422	Login as Mithril Admin Call Create2FA()	Bug
2FA_create_FA4	Create FA item (with factor value)	WS = BlockUser() Use factor in payload DELETE 2FA item with type `SMS` Authorization - Mithril Admin	Response 422	Login as Mithril Admin Check not-exist 2FA item for user with type SMS Call Create2FA()	Bug
2FA_create_FA5	Create FA item (without scope)	WS = BlockUser() Use factor in payload DELETE 2FA item with type `SMS` Authorization - NHS Admin	Response 403	Login as NHS Admin Call Create2FA()	OK
WS: Get2FAList, Get2FAbyID
2FA_get_FA1	Get 2FA list (happy pass)	WS = Get2FAList() Authorization - Mithril Admin	Response 200	Login as Mithril Admin Call Get2FAList()	OK
2FA_get_FA2	Get 2FA list (with type filter)	WS = Get2FAList() with type `EMAIL` Authorization - Mithril Admin	Response 200, rows=0	Login as Mithril Admin Call Get2FAList() with type `EMAIL`	OK
2FA_get_FA3	Get 2FA by ID (happy pass)	WS = Get2FAbyID() Authorization - Mithril Admin	Response 200, rows=1	Login as Mithril Admin Call Get2FAbyID()	OK
2FA_get_FA4	Get 2FA list (without scope)	WS = Get2FAList() Authorization - authentication_factor:read	Response 403	Login as NHS Admin Call Get2FAList()	Bug
WS: DisableUser2FA, EnableUser2FA, ResetUser2FA
2FA_DER_FA1	DisableUser2FA (happy pass)	WS = DisableUser2FA() Authorization - Mithril Admin	Response 200 Update 2FA item in DB	Login as Mithril Admin Call DisableUser2FA()	OK
2FA_DER_FA2	EnableUser2FA (happy pass)	WS = EnableUser2FA() Authorization - Mithril Admin	Response 200 Update 2FA item in DB	Login as Mithril Admin Call EnableUser2FA()	OK
2FA_DER_FA3	DisableUser2FA (bad ID)	WS = DisableUser2FA() Authorization - Mithril Admin Corrupted 2fa_id	Response 404	Login as Mithril Admin Call DisableUser2FA()	OK
2FA_DER_FA4	EnableUser2FA (bad ID)	WS = EnableUser2FA() Authorization - Mithril Admin Corrupted 2fa_id	Response 404	Login as Mithril Admin Call EnableUser2FA()	OK
2FA_DER_FA5	ResetUser2FA (happy pass)	WS = ResetUser2FA() Authorization - Mithril Admin Corrupted 2fa_id	Response 200 Update 2FA item in DB	Login as Mithril Admin Call ResetUser2FA()	Bug
WS: CreateUser
2FA_create_U1	Create user (2FA deafult)	WS = CreateUser() DELETE user with test email Authorization - Mithril Admin	Response 201 Create User in DB Create 2FA item in DB	Login as Mithril Admin Check not-exist user Call CreateUser() without "2fa_enable" attribute	Bug
2FA_create_U2	Create user (2FA enable)	WS = CreateUser() DELETE user with test email Authorization - Mithril Admin	Response 201 Create User in DB Create 2FA item in DB	Login as Mithril Admin Check not-exist user Call CreateUser() with "2fa_enable" = true	OK
2FA_create_U3	Create user (2FA disable)	WS = CreateUser() DELETE user with test email Authorization - Mithril Admin	Response 201 Create User in DB Create 2FA item in DB	Login as Mithril Admin Check not-exist user Call CreateUser() with "2fa_enable" = false	OK
WS: CreateToken
2FA_create_T0	Create Token (2FA Disable, happy pass )	WS = CreateToken() Check 2FA disable(not exist) Authorization - test user of MSP	Response 201 Return access_token Response.urgent.next_step = REQUEST_APPS	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password	Ok

2FA_create_T1	Create Token (2FA Reset, happy pass )	WS = CreateToken() Check 2FA exist, enable, factor = null Authorization - test user of MSP	Response 201 Response.urgent.next_step = REQUEST_FACTOR	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password	Ok
2FA_create_T2	Create Token (2FA Active, happy pass )	WS = CreateToken() Check 2FA exist, enable, factor exist Authorization - test user of MSP	Response 201 Response.urgent.next_step = REQUEST_OTP Create OTP item Return 2_fa_access_token	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password	Ok
2FA_create_T3	Authorize OTP (2FA Active, happy pass )	WS = CreateToken() Check 2FA exist Correct OTP Authorization - test user of MSP	Response 201 Update OTP item (VERIFIED) Return access_token Response.urgent.next_step = REQUEST_APPS	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call CreateToken() with grant_type=authorize_2fa_access_token & otp value	Ok
2FA_create_T3.1	Authorize OTP (2FA Active, Repeated call )	WS = CreateToken() Check 2FA exist Correct OTP Authorization - test user of MSP	Response 401	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call CreateToken() with grant_type=authorize_2fa_access_token & otp value Repeat previous step (Call CreateToken() )	Ok
2FA_create_T3.2	Authorize OTP (2FA Active, call after expired OTP )	WS = CreateToken() Check 2FA exist Correct OTP Authorization - test user of MSP	Response 401 Update OTP item (EXPIRED)	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Wait for OTP expiring Call CreateToken() with grant_type=authorize_2fa_access_token & otp value	Ok

2FA_create_T4	Authorize OTP (2FA Active, bad OTP )	WS = CreateToken() Check 2FA exist Corrupted OTP Authorization - test user of MSP	Response 401 Increment OTP_counter in user	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call CreateToken() with grant_type=authorize_2fa_access_token & corrupted otp value	test...
2FA_create_T5	Create Token (2FA Active, bad password )	WS = CreateToken() login correct, password incorrect Authorization - test user of MSP	Response 401 Increment Login_err_counter in user After Login_err_counter excesses LIMIT - auto block user	Login as test_2fa_user Call CreateToken() with grant_type=password	Ok
2FA_create_T6	Authorize OTP (2FA reset )	WS = CreateToken() Check 2FA reset Authorization - test user of MSP	Response 401	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call CreateToken() with grant_type=authorize_2fa_access_token	test...500
WS: InitFactor, ApproveFactor
2FA_Init_factor_1	Init Factor (2FA Enable, happy pass)	access_token 2FA Enable	Response 201 Terminated old 2fa_access_token Response 2fa_access_token Insert phone & type into token.details Create & send OTP on new phone	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call CreateToken() with grant_type=authorize_2fa_access_token & otp value Call InitFactor ()	Ok
2FA_Init_factor_3	Init Factor (2FA Disable)	access_token 2FA Disable	Response 404	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call InitFactor ()	Ok
2FA_Init_factor_4	Init Factor (2FA Enable, bad phone in payload)	2fa_access_token 2FA Enable corrupted phone	Response 422	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call CreateToken() with grant_type=authorize_2fa_access_token & otp value Call InitFactor ()	Ok
2FA_Init_factor_5	Init Factor (2FA Reset, happy pass)	2fa_access_token 2FA Enable	Response 201 Terminated old 2fa_access_token Response new 2fa_access_token Insert phone & type into token.details Create & send OTP on new phone	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call InitFactor()	Bug (not kill old token)
2FA_Init_factor_6	Init Factor (2FA Enable, bad token type)	2fa_access_token 2FA Enable	Response 401	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call InitFactor ()	Ok

2FA_Appr_factor_1	Approve Factor (after 2FA reset, happy pass)	2FA reset InitFactor ()	Response 200 Terminated old 2fa_access_token Response new access_token Update 2FA Update OTP item (VERIFIED)	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call InitFactor() Call ApproveFactor()	Bug (not kill old token)
2FA_Appr_factor_2	Approve Factor (after 2FA reset, Repeated call)	2FA reset InitFactor ()	Response 404	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call InitFactor() Call ApproveFactor() Repeat Call ApproveFactor()	OK
2FA_Appr_factor_3	Approve Factor (after 2FA reset, bad OTP)	2FA reset InitFactor () Corrupted OTP	Response 401 Update OTP item (counter_err)	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call InitFactor() Call ApproveFactor() with bad OTP	Ok
2FA_Appr_factor_4	Approve Factor (after 2FA change, happy pass)	2FA active InitFactor ()	Response 201 Terminated old 2fa_access_token Response new access_token Update 2FA Update OTP item (VERIFIED)	Login as test_2fa_user Check 2FA state Call CreateToken() with grant_type=password Call InitFactor() Call ApproveFactor()	Bug (200 → 201, change token)