juice-shop
62 строки · 1.8 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import frisby = require('frisby')7const Joi = frisby.Joi8const security = require('../../lib/insecurity')9
10const API_URL = 'http://localhost:3000/api'11
12const authHeader = { Authorization: 'Bearer ' + security.authorize(), 'content-type': 'application/json' }13
14describe('/api/Complaints', () => {15it('POST new complaint', () => {16return frisby.post(API_URL + '/Complaints', {17headers: authHeader,18body: {19message: 'You have no clue what https://github.com/eslint/eslint-scope/issues/39 means, do you???'20}21})22.expect('status', 201)23.expect('header', 'content-type', /application\/json/)24.expect('jsonTypes', 'data', {25id: Joi.number(),26createdAt: Joi.string(),27updatedAt: Joi.string()28})29})30
31it('GET all complaints is forbidden via public API', () => {32return frisby.get(API_URL + '/Complaints')33.expect('status', 401)34})35
36it('GET all complaints', () => {37return frisby.get(API_URL + '/Complaints', { headers: authHeader })38.expect('status', 200)39})40})41
42describe('/api/Complaints/:id', () => {43it('GET existing complaint by id is forbidden', () => {44return frisby.get(API_URL + '/Complaints/1', { headers: authHeader })45.expect('status', 401)46})47
48it('PUT update existing complaint is forbidden', () => {49return frisby.put(API_URL + '/Complaints/1', {50headers: authHeader,51body: {52message: 'Should not work...'53}54})55.expect('status', 401)56})57
58it('DELETE existing complaint is forbidden', () => {59return frisby.del(API_URL + '/Complaints/1', { headers: authHeader })60.expect('status', 401)61})62})63