juice-shop
179 строк · 4.6 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import frisby = require('frisby')
7
8const API_URL = 'http://localhost:3000/api'
9const REST_URL = 'http://localhost:3000/rest'
10
11const jsonHeader = { 'content-type': 'application/json' }
12let authHeader: { Authorization: string, 'content-type': string }
13let addressId: string
14
15beforeAll(() => {
16return frisby.post(REST_URL + '/user/login', {
17headers: jsonHeader,
18body: {
19email: 'jim@juice-sh.op',
20password: 'ncc-1701'
21}
22})
23.expect('status', 200)
24.then(({ json }) => {
25authHeader = { Authorization: 'Bearer ' + json.authentication.token, 'content-type': 'application/json' }
26})
27})
28
29describe('/api/Addresss', () => {
30it('GET all addresses is forbidden via public API', () => {
31return frisby.get(API_URL + '/Addresss')
32.expect('status', 401)
33})
34
35it('GET all addresses', () => {
36return frisby.get(API_URL + '/Addresss', { headers: authHeader })
37.expect('status', 200)
38})
39
40it('POST new address with all valid fields', () => {
41return frisby.post(API_URL + '/Addresss', {
42headers: authHeader,
43body: {
44fullName: 'Jim',
45mobileNum: '9800000000',
46zipCode: 'NX 101',
47streetAddress: 'Bakers Street',
48city: 'NYC',
49state: 'NY',
50country: 'USA'
51}
52})
53.expect('status', 201)
54})
55
56it('POST new address with invalid pin code', () => {
57return frisby.post(API_URL + '/Addresss', {
58headers: authHeader,
59body: {
60fullName: 'Jim',
61mobileNum: '9800000000',
62zipCode: 'NX 10111111',
63streetAddress: 'Bakers Street',
64city: 'NYC',
65state: 'NY',
66country: 'USA'
67}
68})
69.expect('status', 400)
70})
71
72it('POST new address with invalid mobile number', () => {
73return frisby.post(API_URL + '/Addresss', {
74headers: authHeader,
75body: {
76fullName: 'Jim',
77mobileNum: '10000000000',
78zipCode: 'NX 101',
79streetAddress: 'Bakers Street',
80city: 'NYC',
81state: 'NY',
82country: 'USA'
83}
84})
85.expect('status', 400)
86})
87
88it('POST new address is forbidden via public API', () => {
89return frisby.post(API_URL + '/Addresss', {
90fullName: 'Jim',
91mobileNum: '9800000000',
92zipCode: 'NX 10111111',
93streetAddress: 'Bakers Street',
94city: 'NYC',
95state: 'NY',
96country: 'USA'
97})
98.expect('status', 401)
99})
100})
101
102describe('/api/Addresss/:id', () => {
103beforeAll(() => {
104return frisby.post(API_URL + '/Addresss', {
105headers: authHeader,
106body: {
107fullName: 'Jim',
108mobileNum: '9800000000',
109zipCode: 'NX 101',
110streetAddress: 'Bakers Street',
111city: 'NYC',
112state: 'NY',
113country: 'USA'
114}
115})
116.expect('status', 201)
117.then(({ json }) => {
118addressId = json.data.id
119})
120})
121
122it('GET address by id is forbidden via public API', () => {
123return frisby.get(API_URL + '/Addresss/' + addressId)
124.expect('status', 401)
125})
126
127it('PUT update address is forbidden via public API', () => {
128return frisby.put(API_URL + '/Addresss/' + addressId, {
129quantity: 2
130}, { json: true })
131.expect('status', 401)
132})
133
134it('DELETE address by id is forbidden via public API', () => {
135return frisby.del(API_URL + '/Addresss/' + addressId)
136.expect('status', 401)
137})
138
139it('GET address by id', () => {
140return frisby.get(API_URL + '/Addresss/' + addressId, { headers: authHeader })
141.expect('status', 200)
142})
143
144it('PUT update address by id', () => {
145return frisby.put(API_URL + '/Addresss/' + addressId, {
146headers: authHeader,
147body: {
148fullName: 'Jimy'
149}
150}, { json: true })
151.expect('status', 200)
152.expect('json', 'data', { fullName: 'Jimy' })
153})
154
155it('PUT update address by id with invalid mobile number is forbidden', () => {
156return frisby.put(API_URL + '/Addresss/' + addressId, {
157headers: authHeader,
158body: {
159mobileNum: '10000000000'
160}
161}, { json: true })
162.expect('status', 400)
163})
164
165it('PUT update address by id with invalid pin code is forbidden', () => {
166return frisby.put(API_URL + '/Addresss/' + addressId, {
167headers: authHeader,
168body: {
169zipCode: 'NX 10111111'
170}
171}, { json: true })
172.expect('status', 400)
173})
174
175it('DELETE address by id', () => {
176return frisby.del(API_URL + '/Addresss/' + addressId, { headers: authHeader })
177.expect('status', 200)
178})
179})
180