/
a1exx.y
/
juice-shop
GigaCode
beta
ОбзорЦентр заботыВойти

juice-shop

Форк
0
Ветки: 13Коммиты: 20082Теги: 213
juice-shop
/test
/api
/
addressApiSpec.ts 
179 строк · 4.6 Кб
1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5


6
import frisby = require('frisby')
7


8
const API_URL = 'http://localhost:3000/api'
9
const REST_URL = 'http://localhost:3000/rest'
10


11
const jsonHeader = { 'content-type': 'application/json' }
12
let authHeader: { Authorization: string, 'content-type': string }
13
let addressId: string
14


15
beforeAll(() => {
16
  return frisby.post(REST_URL + '/user/login', {
17
    headers: jsonHeader,
18
    body: {
19
      email: 'jim@juice-sh.op',
20
      password: 'ncc-1701'
21
    }
22
  })
23
    .expect('status', 200)
24
    .then(({ json }) => {
25
      authHeader = { Authorization: 'Bearer ' + json.authentication.token, 'content-type': 'application/json' }
26
    })
27
})
28


29
describe('/api/Addresss', () => {
30
  it('GET all addresses is forbidden via public API', () => {
31
    return frisby.get(API_URL + '/Addresss')
32
      .expect('status', 401)
33
  })
34


35
  it('GET all addresses', () => {
36
    return frisby.get(API_URL + '/Addresss', { headers: authHeader })
37
      .expect('status', 200)
38
  })
39


40
  it('POST new address with all valid fields', () => {
41
    return frisby.post(API_URL + '/Addresss', {
42
      headers: authHeader,
43
      body: {
44
        fullName: 'Jim',
45
        mobileNum: '9800000000',
46
        zipCode: 'NX 101',
47
        streetAddress: 'Bakers Street',
48
        city: 'NYC',
49
        state: 'NY',
50
        country: 'USA'
51
      }
52
    })
53
      .expect('status', 201)
54
  })
55


56
  it('POST new address with invalid pin code', () => {
57
    return frisby.post(API_URL + '/Addresss', {
58
      headers: authHeader,
59
      body: {
60
        fullName: 'Jim',
61
        mobileNum: '9800000000',
62
        zipCode: 'NX 10111111',
63
        streetAddress: 'Bakers Street',
64
        city: 'NYC',
65
        state: 'NY',
66
        country: 'USA'
67
      }
68
    })
69
      .expect('status', 400)
70
  })
71


72
  it('POST new address with invalid mobile number', () => {
73
    return frisby.post(API_URL + '/Addresss', {
74
      headers: authHeader,
75
      body: {
76
        fullName: 'Jim',
77
        mobileNum: '10000000000',
78
        zipCode: 'NX 101',
79
        streetAddress: 'Bakers Street',
80
        city: 'NYC',
81
        state: 'NY',
82
        country: 'USA'
83
      }
84
    })
85
      .expect('status', 400)
86
  })
87


88
  it('POST new address is forbidden via public API', () => {
89
    return frisby.post(API_URL + '/Addresss', {
90
      fullName: 'Jim',
91
      mobileNum: '9800000000',
92
      zipCode: 'NX 10111111',
93
      streetAddress: 'Bakers Street',
94
      city: 'NYC',
95
      state: 'NY',
96
      country: 'USA'
97
    })
98
      .expect('status', 401)
99
  })
100
})
101


102
describe('/api/Addresss/:id', () => {
103
  beforeAll(() => {
104
    return frisby.post(API_URL + '/Addresss', {
105
      headers: authHeader,
106
      body: {
107
        fullName: 'Jim',
108
        mobileNum: '9800000000',
109
        zipCode: 'NX 101',
110
        streetAddress: 'Bakers Street',
111
        city: 'NYC',
112
        state: 'NY',
113
        country: 'USA'
114
      }
115
    })
116
      .expect('status', 201)
117
      .then(({ json }) => {
118
        addressId = json.data.id
119
      })
120
  })
121


122
  it('GET address by id is forbidden via public API', () => {
123
    return frisby.get(API_URL + '/Addresss/' + addressId)
124
      .expect('status', 401)
125
  })
126


127
  it('PUT update address is forbidden via public API', () => {
128
    return frisby.put(API_URL + '/Addresss/' + addressId, {
129
      quantity: 2
130
    }, { json: true })
131
      .expect('status', 401)
132
  })
133


134
  it('DELETE address by id is forbidden via public API', () => {
135
    return frisby.del(API_URL + '/Addresss/' + addressId)
136
      .expect('status', 401)
137
  })
138


139
  it('GET address by id', () => {
140
    return frisby.get(API_URL + '/Addresss/' + addressId, { headers: authHeader })
141
      .expect('status', 200)
142
  })
143


144
  it('PUT update address by id', () => {
145
    return frisby.put(API_URL + '/Addresss/' + addressId, {
146
      headers: authHeader,
147
      body: {
148
        fullName: 'Jimy'
149
      }
150
    }, { json: true })
151
      .expect('status', 200)
152
      .expect('json', 'data', { fullName: 'Jimy' })
153
  })
154


155
  it('PUT update address by id with invalid mobile number is forbidden', () => {
156
    return frisby.put(API_URL + '/Addresss/' + addressId, {
157
      headers: authHeader,
158
      body: {
159
        mobileNum: '10000000000'
160
      }
161
    }, { json: true })
162
      .expect('status', 400)
163
  })
164


165
  it('PUT update address by id with invalid pin code is forbidden', () => {
166
    return frisby.put(API_URL + '/Addresss/' + addressId, {
167
      headers: authHeader,
168
      body: {
169
        zipCode: 'NX 10111111'
170
      }
171
    }, { json: true })
172
      .expect('status', 400)
173
  })
174


175
  it('DELETE address by id', () => {
176
    return frisby.del(API_URL + '/Addresss/' + addressId, { headers: authHeader })
177
      .expect('status', 200)
178
  })
179
})
180

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.