Create users

[arcuri82]

Added createUsers option to specify how to create users on the fly, during fuzzing.
This is not really needed for real-world APIs, where usually user creation is handled in specialized, separated APIs (which then might require things such as email confirmations, solving CAPTCHAS, etc.), and there is no worries that calls to API can invalidate user credential (eg, change password).
But, it happens in few example APIs (especially regarding security, eg OWASP).

Example of declaration:

auth:
  - name: "CreatedUser"
    createUsers:
      endpoint: "/api/authcreateusers/users"
      contentType: "application/json"
      verb: "POST"
      payloadRaw: '{"email": "{$username}@example.com", "password": "123456", "repeatPassword": "123456", "username": "{$username}"}'
      generators:
        - placeHolder: "{$username}"
          minLength: 8
          maxLength: 30
          prefix: "user_"
          postfix: ""
    loginEndpointAuth:
      endpoint: "/api/authcreateusers/users/login"
      verb: "POST"
      contentType: "application/json"
      payloadRaw: '{"email": "{$username}@example.com", "password": "123456"}'
      token:
        extractFrom: "body"
        extractSelector: "/token/authToken"
        sendIn: "header"
        sendName: "Authorization"
        sendTemplate: "Bearer {token}"

Implementation of generators to give unique names when re-executing tests is up to the fuzzer to decide. I have implemented a working prototype in EvoMaster, to see if feasible, and can create tests (in Python) like:

    # Calls:
    # (200) GET:/api/authcreateusers/check
    @timeout_decorator.timeout(60)
    def test_1_get_on_check_returns_content(self):
        
        generator_CreatedUser___username_ = create_string(8, 30, "user_", "")
        
        # Create new user dynamically for CreatedUser
        headers = {}
        headers["content-type"] = "application/json"
        body = (" { " + \
            " \"email\" : \"{$username}@example.com\", " + \
            " \"password\" : \"123456\", " + \
            " \"repeatPassword\" : \"123456\", " + \
            " \"username\" : \"{$username}\" " + \
            " } ").replace("{$username}", generator_CreatedUser___username_)
        res_create_user_CreatedUser = requests \
                .post(self.baseUrlOfSut + "/api/authcreateusers/users", 
                    headers=headers, data=body, allow_redirects=False, verify=False)
        assert res_create_user_CreatedUser.status_code >= 200 and res_create_user_CreatedUser.status_code < 400
        
        headers = {}
        headers["content-type"] = "application/json"
        body = (" { " + \
            " \"email\" : \"{$username}@example.com\", " + \
            " \"password\" : \"123456\" " + \
            " } ").replace("{$username}", generator_CreatedUser___username_)
        res_CreatedUser = requests \
                .post(self.baseUrlOfSut + "/api/authcreateusers/users/login", 
                    headers=headers, data=body, allow_redirects=False, verify=False)
        token_CreatedUser =  res_CreatedUser.json()["token"]["authToken"]
        
        auth_CreatedUser = "Bearer " + token_CreatedUser
        
        headers = {}
        headers["Authorization"] = auth_CreatedUser # CreatedUser
        headers['Accept'] = "*/*"
        res_0 = requests \
                .get(self.baseUrlOfSut + "/api/authcreateusers/check",
                    headers=headers, timeout=60, verify=False)
        
        assert res_0.status_code == 200
        assert "text/plain" in res_0.headers["content-type"]
        assert "OK" in res_0.text