juice-shop

deluxeApiSpec.ts
206 строк · 7.0 Кб
Перенос по словам
1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import frisby = require('frisby')
7
import config from 'config'
8

9
const jsonHeader = { 'content-type': 'application/json' }
10
const REST_URL = 'http://localhost:3000/rest'
11
const API_URL = 'http://localhost:3000/api'
12

13
async function login ({ email, password }: { email: string, password: string }) {
14
  // @ts-expect-error FIXME promise return handling broken
15
  const loginRes = await frisby
16
    .post(`${REST_URL}/user/login`, {
17
      email,
18
      password
19
    }).catch((res: any) => {
20
      if (res.json?.type && res.json.status === 'totp_token_required') {
21
        return res
22
      }
23
      throw new Error(`Failed to login '${email}'`)
24
    })
25

26
  return loginRes.json.authentication
27
}
28

29
describe('/rest/deluxe-membership', () => {
30
  it('GET deluxe membership status for customers', () => {
31
    return frisby.post(REST_URL + '/user/login', {
32
      headers: jsonHeader,
33
      body: {
34
        email: 'bender@' + config.get<string>('application.domain'),
35
        password: 'OhG0dPlease1nsertLiquor!'
36
      }
37
    })
38
      .expect('status', 200)
39
      .then(({ json: jsonLogin }) => {
40
        return frisby.get(REST_URL + '/deluxe-membership', {
41
          headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }
42
        })
43
          .expect('status', 200)
44
          .expect('json', 'data', { membershipCost: 49 })
45
      })
46
  })
47

48
  it('GET deluxe membership status for deluxe members throws error', () => {
49
    return frisby.post(REST_URL + '/user/login', {
50
      headers: jsonHeader,
51
      body: {
52
        email: 'ciso@' + config.get<string>('application.domain'),
53
        password: 'mDLx?94T~1CfVfZMzw@sJ9f?s3L6lbMqE70FfI8^54jbNikY5fymx7c!YbJb'
54
      }
55
    })
56
      .expect('status', 200)
57
      .then(({ json: jsonLogin }) => {
58
        return frisby.get(REST_URL + '/deluxe-membership', {
59
          headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }
60
        })
61
          .expect('status', 400)
62
          .expect('json', 'error', 'You are already a deluxe member!')
63
      })
64
  })
65

66
  it('GET deluxe membership status for admin throws error', () => {
67
    return frisby.post(REST_URL + '/user/login', {
68
      headers: jsonHeader,
69
      body: {
70
        email: 'admin@' + config.get<string>('application.domain'),
71
        password: 'admin123'
72
      }
73
    })
74
      .expect('status', 200)
75
      .then(({ json: jsonLogin }) => {
76
        return frisby.get(REST_URL + '/deluxe-membership', {
77
          headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }
78
        })
79
          .expect('status', 400)
80
          .expect('json', 'error', 'You are not eligible for deluxe membership!')
81
      })
82
  })
83

84
  it('GET deluxe membership status for accountant throws error', () => {
85
    return frisby.post(REST_URL + '/user/login', {
86
      headers: jsonHeader,
87
      body: {
88
        email: 'accountant@' + config.get<string>('application.domain'),
89
        password: 'i am an awesome accountant'
90
      }
91
    })
92
      .expect('status', 200)
93
      .then(({ json: jsonLogin }) => {
94
        return frisby.get(REST_URL + '/deluxe-membership', {
95
          headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }
96
        })
97
          .expect('status', 400)
98
          .expect('json', 'error', 'You are not eligible for deluxe membership!')
99
      })
100
  })
101

102
  it('POST upgrade deluxe membership status for customers', async () => {
103
    const { token } = await login({
104
      email: `bender@${config.get<string>('application.domain')}`,
105
      password: 'OhG0dPlease1nsertLiquor!'
106
    })
107

108
    const { json } = await frisby.get(API_URL + '/Cards', {
109
      headers: { Authorization: 'Bearer ' + token, 'content-type': 'application/json' }
110
    })
111
      .expect('status', 200)
112
      .promise()
113

114
    await frisby.post(REST_URL + '/deluxe-membership', {
115
      headers: { Authorization: 'Bearer ' + token, 'content-type': 'application/json' },
116
      body: {
117
        paymentMode: 'card',
118
        paymentId: json.data[0].id.toString()
119
      }
120
    })
121
      .expect('status', 200)
122
      .expect('json', 'status', 'success')
123
      .promise()
124
  })
125

126
  it('POST deluxe membership status with wrong card id throws error', async () => {
127
    const { token } = await login({
128
      email: `jim@${config.get<string>('application.domain')}`,
129
      password: 'ncc-1701'
130
    })
131

132
    await frisby.post(REST_URL + '/deluxe-membership', {
133
      headers: { Authorization: 'Bearer ' + token, 'content-type': 'application/json' },
134
      body: {
135
        paymentMode: 'card',
136
        paymentId: 1337
137
      }
138
    })
139
      .expect('status', 400)
140
      .expect('json', 'error', 'Invalid Card')
141
      .promise()
142
  })
143

144
  it('POST deluxe membership status for deluxe members throws error', () => {
145
    return frisby.post(REST_URL + '/user/login', {
146
      headers: jsonHeader,
147
      body: {
148
        email: 'ciso@' + config.get<string>('application.domain'),
149
        password: 'mDLx?94T~1CfVfZMzw@sJ9f?s3L6lbMqE70FfI8^54jbNikY5fymx7c!YbJb'
150
      }
151
    })
152
      .expect('status', 200)
153
      .then(({ json: jsonLogin }) => {
154
        return frisby.post(REST_URL + '/deluxe-membership', {
155
          headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' },
156
          body: {
157
            paymentMode: 'wallet'
158
          }
159
        })
160
          .expect('status', 400)
161
          .expect('json', 'error', 'Something went wrong. Please try again!')
162
      })
163
  })
164

165
  it('POST deluxe membership status for admin throws error', () => {
166
    return frisby.post(REST_URL + '/user/login', {
167
      headers: jsonHeader,
168
      body: {
169
        email: 'admin@' + config.get<string>('application.domain'),
170
        password: 'admin123'
171
      }
172
    })
173
      .expect('status', 200)
174
      .then(({ json: jsonLogin }) => {
175
        return frisby.post(REST_URL + '/deluxe-membership', {
176
          headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' },
177
          body: {
178
            paymentMode: 'wallet'
179
          }
180
        })
181
          .expect('status', 400)
182
          .expect('json', 'error', 'Something went wrong. Please try again!')
183
      })
184
  })
185

186
  it('POST deluxe membership status for accountant throws error', () => {
187
    return frisby.post(REST_URL + '/user/login', {
188
      headers: jsonHeader,
189
      body: {
190
        email: 'accountant@' + config.get<string>('application.domain'),
191
        password: 'i am an awesome accountant'
192
      }
193
    })
194
      .expect('status', 200)
195
      .then(({ json: jsonLogin }) => {
196
        return frisby.post(REST_URL + '/deluxe-membership', {
197
          headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' },
198
          body: {
199
            paymentMode: 'wallet'
200
          }
201
        })
202
          .expect('status', 400)
203
          .expect('json', 'error', 'Something went wrong. Please try again!')
204
      })
205
  })
206
})
207
juice-shop

Использование cookies
