/
a1exx.y
/
juice-shop
GigaCode
beta
ОбзорЦентр заботыВойти

juice-shop

Форк
0
Ветки: 13Коммиты: 20082Теги: 213
juice-shop
/test
/api
/
basketItemApiSpec.ts 
269 строк · 7.2 Кб
1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5


6
import frisby = require('frisby')
7
import { expect } from '@jest/globals'
8
import config from 'config'
9


10
const API_URL = 'http://localhost:3000/api'
11
const REST_URL = 'http://localhost:3000/rest'
12


13
const jsonHeader = { 'content-type': 'application/json' }
14
let authHeader: { Authorization: string, 'content-type': string }
15


16
beforeAll(() => {
17
  return frisby.post(REST_URL + '/user/login', {
18
    headers: jsonHeader,
19
    body: {
20
      email: 'jim@' + config.get<string>('application.domain'),
21
      password: 'ncc-1701'
22
    }
23
  })
24
    .expect('status', 200)
25
    .then(({ json }) => {
26
      authHeader = { Authorization: 'Bearer ' + json.authentication.token, 'content-type': 'application/json' }
27
    })
28
})
29


30
describe('/api/BasketItems', () => {
31
  it('GET all basket items is forbidden via public API', () => {
32
    return frisby.get(API_URL + '/BasketItems')
33
      .expect('status', 401)
34
  })
35


36
  it('POST new basket item is forbidden via public API', () => {
37
    return frisby.post(API_URL + '/BasketItems', {
38
      BasketId: 2,
39
      ProductId: 1,
40
      quantity: 1
41
    })
42
      .expect('status', 401)
43
  })
44


45
  it('GET all basket items', () => {
46
    return frisby.get(API_URL + '/BasketItems', { headers: authHeader })
47
      .expect('status', 200)
48
  })
49


50
  it('POST new basket item', () => {
51
    return frisby.post(API_URL + '/BasketItems', {
52
      headers: authHeader,
53
      body: {
54
        BasketId: 2,
55
        ProductId: 2,
56
        quantity: 1
57
      }
58
    })
59
      .expect('status', 200)
60
  })
61


62
  it('POST new basket item with more than available quantity is forbidden', () => {
63
    return frisby.post(API_URL + '/BasketItems', {
64
      headers: authHeader,
65
      body: {
66
        BasketId: 2,
67
        ProductId: 2,
68
        quantity: 101
69
      }
70
    })
71
      .expect('status', 400)
72
  })
73


74
  it('POST new basket item with more than allowed quantity is forbidden', () => {
75
    return frisby.post(API_URL + '/BasketItems', {
76
      headers: authHeader,
77
      body: {
78
        BasketId: 2,
79
        ProductId: 1,
80
        quantity: 6
81
      }
82
    })
83
      .expect('status', 400)
84
      .expect('json', 'error', 'You can order only up to 5 items of this product.')
85
  })
86
})
87


88
describe('/api/BasketItems/:id', () => {
89
  it('GET basket item by id is forbidden via public API', () => {
90
    return frisby.get(API_URL + '/BasketItems/1')
91
      .expect('status', 401)
92
  })
93


94
  it('PUT update basket item is forbidden via public API', () => {
95
    return frisby.put(API_URL + '/BasketItems/1', {
96
      quantity: 2
97
    }, { json: true })
98
      .expect('status', 401)
99
  })
100


101
  it('DELETE basket item is forbidden via public API', () => {
102
    return frisby.del(API_URL + '/BasketItems/1')
103
      .expect('status', 401)
104
  })
105


106
  it('GET newly created basket item by id', () => {
107
    return frisby.post(API_URL + '/BasketItems', {
108
      headers: authHeader,
109
      body: {
110
        BasketId: 2,
111
        ProductId: 6,
112
        quantity: 3
113
      }
114
    })
115
      .expect('status', 200)
116
      .then(({ json }) => {
117
        return frisby.get(API_URL + '/BasketItems/' + json.data.id, { headers: authHeader })
118
          .expect('status', 200)
119
      })
120
  })
121


122
  it('PUT update newly created basket item', () => {
123
    return frisby.post(API_URL + '/BasketItems', {
124
      headers: authHeader,
125
      body: {
126
        BasketId: 2,
127
        ProductId: 3,
128
        quantity: 3
129
      }
130
    })
131
      .expect('status', 200)
132
      .then(({ json }) => {
133
        return frisby.put(API_URL + '/BasketItems/' + json.data.id, {
134
          headers: authHeader,
135
          body: {
136
            quantity: 20
137
          }
138
        })
139
          .expect('status', 200)
140
          .expect('json', 'data', { quantity: 20 })
141
      })
142
  })
143


144
  it('PUT update basket ID of basket item is forbidden', () => {
145
    return frisby.post(API_URL + '/BasketItems', {
146
      headers: authHeader,
147
      body: {
148
        BasketId: 2,
149
        ProductId: 8,
150
        quantity: 8
151
      }
152
    })
153
      .expect('status', 200)
154
      .then(({ json }) => {
155
        return frisby.put(API_URL + '/BasketItems/' + json.data.id, {
156
          headers: authHeader,
157
          body: {
158
            BasketId: 42
159
          }
160
        })
161
          .expect('status', 400)
162
          .expect('json', { message: 'null: `BasketId` cannot be updated due `noUpdate` constraint', errors: [{ field: 'BasketId', message: '`BasketId` cannot be updated due `noUpdate` constraint' }] })
163
      })
164
  })
165


166
  it('PUT update basket ID of basket item without basket ID', () => {
167
    return frisby.post(API_URL + '/BasketItems', {
168
      headers: authHeader,
169
      body: {
170
        ProductId: 8,
171
        quantity: 8
172
      }
173
    })
174
      .expect('status', 200)
175
      .then(({ json }) => {
176
        expect(json.data.BasketId).toBeUndefined()
177
        return frisby.put(API_URL + '/BasketItems/' + json.data.id, {
178
          headers: authHeader,
179
          body: {
180
            BasketId: 3
181
          }
182
        })
183
          .expect('status', 200)
184
          .expect('json', 'data', { BasketId: 3 })
185
      })
186
  })
187


188
  it('PUT update product ID of basket item is forbidden', () => {
189
    return frisby.post(API_URL + '/BasketItems', {
190
      headers: authHeader,
191
      body: {
192
        BasketId: 2,
193
        ProductId: 9,
194
        quantity: 9
195
      }
196
    })
197
      .expect('status', 200)
198
      .then(({ json }) => {
199
        return frisby.put(API_URL + '/BasketItems/' + json.data.id, {
200
          headers: authHeader,
201
          body: {
202
            ProductId: 42
203
          }
204
        })
205
          .expect('status', 400)
206
          .expect('json',
207
            { message: 'null: `ProductId` cannot be updated due `noUpdate` constraint', errors: [{ field: 'ProductId', message: '`ProductId` cannot be updated due `noUpdate` constraint' }] })
208
      })
209
  })
210


211
  it('PUT update newly created basket item with more than available quantity is forbidden', () => {
212
    return frisby.post(API_URL + '/BasketItems', {
213
      headers: authHeader,
214
      body: {
215
        BasketId: 2,
216
        ProductId: 12,
217
        quantity: 12
218
      }
219
    })
220
      .expect('status', 200)
221
      .then(({ json }) => {
222
        return frisby.put(API_URL + '/BasketItems/' + json.data.id, {
223
          headers: authHeader,
224
          body: {
225
            quantity: 100
226
          }
227
        })
228
          .expect('status', 400)
229
      })
230
  })
231


232
  it('PUT update basket item with more than allowed quantity is forbidden', () => {
233
    return frisby.post(API_URL + '/BasketItems', {
234
      headers: authHeader,
235
      body: {
236
        BasketId: 2,
237
        ProductId: 1,
238
        quantity: 1
239
      }
240
    })
241
      .expect('status', 200)
242
      .then(({ json }) => {
243
        return frisby.put(API_URL + '/BasketItems/' + json.data.id, {
244
          headers: authHeader,
245
          body: {
246
            quantity: 6
247
          }
248
        })
249
          .expect('status', 400)
250
          .expect('json', 'error', 'You can order only up to 5 items of this product.')
251
      })
252
  })
253


254
  it('DELETE newly created basket item', () => {
255
    return frisby.post(API_URL + '/BasketItems', {
256
      headers: authHeader,
257
      body: {
258
        BasketId: 2,
259
        ProductId: 10,
260
        quantity: 10
261
      }
262
    })
263
      .expect('status', 200)
264
      .then(({ json }) => {
265
        return frisby.del(API_URL + '/BasketItems/' + json.data.id, { headers: authHeader })
266
          .expect('status', 200)
267
      })
268
  })
269
})
270

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.