juice-shop
206 строк · 7.0 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import frisby = require('frisby')
7import config from 'config'
8
9const jsonHeader = { 'content-type': 'application/json' }
10const REST_URL = 'http://localhost:3000/rest'
11const API_URL = 'http://localhost:3000/api'
12
13async function login ({ email, password }: { email: string, password: string }) {
14// @ts-expect-error FIXME promise return handling broken
15const loginRes = await frisby
16.post(`${REST_URL}/user/login`, {
17email,
18password
19}).catch((res: any) => {
20if (res.json?.type && res.json.status === 'totp_token_required') {
21return res
22}
23throw new Error(`Failed to login '${email}'`)
24})
25
26return loginRes.json.authentication
27}
28
29describe('/rest/deluxe-membership', () => {
30it('GET deluxe membership status for customers', () => {
31return frisby.post(REST_URL + '/user/login', {
32headers: jsonHeader,
33body: {
34email: 'bender@' + config.get<string>('application.domain'),
35password: 'OhG0dPlease1nsertLiquor!'
36}
37})
38.expect('status', 200)
39.then(({ json: jsonLogin }) => {
40return frisby.get(REST_URL + '/deluxe-membership', {
41headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }
42})
43.expect('status', 200)
44.expect('json', 'data', { membershipCost: 49 })
45})
46})
47
48it('GET deluxe membership status for deluxe members throws error', () => {
49return frisby.post(REST_URL + '/user/login', {
50headers: jsonHeader,
51body: {
52email: 'ciso@' + config.get<string>('application.domain'),
53password: 'mDLx?94T~1CfVfZMzw@sJ9f?s3L6lbMqE70FfI8^54jbNikY5fymx7c!YbJb'
54}
55})
56.expect('status', 200)
57.then(({ json: jsonLogin }) => {
58return frisby.get(REST_URL + '/deluxe-membership', {
59headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }
60})
61.expect('status', 400)
62.expect('json', 'error', 'You are already a deluxe member!')
63})
64})
65
66it('GET deluxe membership status for admin throws error', () => {
67return frisby.post(REST_URL + '/user/login', {
68headers: jsonHeader,
69body: {
70email: 'admin@' + config.get<string>('application.domain'),
71password: 'admin123'
72}
73})
74.expect('status', 200)
75.then(({ json: jsonLogin }) => {
76return frisby.get(REST_URL + '/deluxe-membership', {
77headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }
78})
79.expect('status', 400)
80.expect('json', 'error', 'You are not eligible for deluxe membership!')
81})
82})
83
84it('GET deluxe membership status for accountant throws error', () => {
85return frisby.post(REST_URL + '/user/login', {
86headers: jsonHeader,
87body: {
88email: 'accountant@' + config.get<string>('application.domain'),
89password: 'i am an awesome accountant'
90}
91})
92.expect('status', 200)
93.then(({ json: jsonLogin }) => {
94return frisby.get(REST_URL + '/deluxe-membership', {
95headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }
96})
97.expect('status', 400)
98.expect('json', 'error', 'You are not eligible for deluxe membership!')
99})
100})
101
102it('POST upgrade deluxe membership status for customers', async () => {
103const { token } = await login({
104email: `bender@${config.get<string>('application.domain')}`,
105password: 'OhG0dPlease1nsertLiquor!'
106})
107
108const { json } = await frisby.get(API_URL + '/Cards', {
109headers: { Authorization: 'Bearer ' + token, 'content-type': 'application/json' }
110})
111.expect('status', 200)
112.promise()
113
114await frisby.post(REST_URL + '/deluxe-membership', {
115headers: { Authorization: 'Bearer ' + token, 'content-type': 'application/json' },
116body: {
117paymentMode: 'card',
118paymentId: json.data[0].id.toString()
119}
120})
121.expect('status', 200)
122.expect('json', 'status', 'success')
123.promise()
124})
125
126it('POST deluxe membership status with wrong card id throws error', async () => {
127const { token } = await login({
128email: `jim@${config.get<string>('application.domain')}`,
129password: 'ncc-1701'
130})
131
132await frisby.post(REST_URL + '/deluxe-membership', {
133headers: { Authorization: 'Bearer ' + token, 'content-type': 'application/json' },
134body: {
135paymentMode: 'card',
136paymentId: 1337
137}
138})
139.expect('status', 400)
140.expect('json', 'error', 'Invalid Card')
141.promise()
142})
143
144it('POST deluxe membership status for deluxe members throws error', () => {
145return frisby.post(REST_URL + '/user/login', {
146headers: jsonHeader,
147body: {
148email: 'ciso@' + config.get<string>('application.domain'),
149password: 'mDLx?94T~1CfVfZMzw@sJ9f?s3L6lbMqE70FfI8^54jbNikY5fymx7c!YbJb'
150}
151})
152.expect('status', 200)
153.then(({ json: jsonLogin }) => {
154return frisby.post(REST_URL + '/deluxe-membership', {
155headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' },
156body: {
157paymentMode: 'wallet'
158}
159})
160.expect('status', 400)
161.expect('json', 'error', 'Something went wrong. Please try again!')
162})
163})
164
165it('POST deluxe membership status for admin throws error', () => {
166return frisby.post(REST_URL + '/user/login', {
167headers: jsonHeader,
168body: {
169email: 'admin@' + config.get<string>('application.domain'),
170password: 'admin123'
171}
172})
173.expect('status', 200)
174.then(({ json: jsonLogin }) => {
175return frisby.post(REST_URL + '/deluxe-membership', {
176headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' },
177body: {
178paymentMode: 'wallet'
179}
180})
181.expect('status', 400)
182.expect('json', 'error', 'Something went wrong. Please try again!')
183})
184})
185
186it('POST deluxe membership status for accountant throws error', () => {
187return frisby.post(REST_URL + '/user/login', {
188headers: jsonHeader,
189body: {
190email: 'accountant@' + config.get<string>('application.domain'),
191password: 'i am an awesome accountant'
192}
193})
194.expect('status', 200)
195.then(({ json: jsonLogin }) => {
196return frisby.post(REST_URL + '/deluxe-membership', {
197headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' },
198body: {
199paymentMode: 'wallet'
200}
201})
202.expect('status', 400)
203.expect('json', 'error', 'Something went wrong. Please try again!')
204})
205})
206})
207