juice-shop
163 строки · 5.6 Кб
1/*2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.3* SPDX-License-Identifier: MIT4*/5import frisby = require('frisby')7import { expect } from '@jest/globals'8import config from 'config'9const jsonHeader = { 'content-type': 'application/json' }11const REST_URL = 'http://localhost:3000/rest'12describe('/rest/order-history', () => {14it('GET own previous orders', () => {15return frisby.post(REST_URL + '/user/login', {16headers: jsonHeader,17body: {18email: 'admin@' + config.get<string>('application.domain'),19password: 'admin123'20}21})22.expect('status', 200)23.then(({ json: jsonLogin }) => {24return frisby.get(REST_URL + '/order-history', {25headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }26})27.expect('status', 200)28.then(({ json }) => {29expect(json.data[0].totalPrice).toBe(8.96)30expect(json.data[0].delivered).toBe(false)31expect(json.data[0].products[0].quantity).toBe(3)32expect(json.data[0].products[0].name).toBe('Apple Juice (1000ml)')33expect(json.data[0].products[0].price).toBe(1.99)34expect(json.data[0].products[0].total).toBe(5.97)35expect(json.data[0].products[1].quantity).toBe(1)36expect(json.data[0].products[1].name).toBe('Orange Juice (1000ml)')37expect(json.data[0].products[1].price).toBe(2.99)38expect(json.data[0].products[1].total).toBe(2.99)39expect(json.data[1].totalPrice).toBe(26.97)40expect(json.data[1].delivered).toBe(true)41expect(json.data[1].products[0].quantity).toBe(3)42expect(json.data[1].products[0].name).toBe('Eggfruit Juice (500ml)')43expect(json.data[1].products[0].price).toBe(8.99)44expect(json.data[1].products[0].total).toBe(26.97)45})46})47})48})49describe('/rest/order-history/orders', () => {51it('GET all orders is forbidden for customers', () => {52return frisby.post(REST_URL + '/user/login', {53headers: jsonHeader,54body: {55email: 'jim@' + config.get<string>('application.domain'),56password: 'ncc-1701'57}58})59.expect('status', 200)60.then(({ json: jsonLogin }) => {61return frisby.get(REST_URL + '/order-history/orders', {62headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }63})64.expect('status', 403)65})66})67it('GET all orders is forbidden for admin', () => {69return frisby.post(REST_URL + '/user/login', {70headers: jsonHeader,71body: {72email: 'admin@' + config.get<string>('application.domain'),73password: 'admin123'74}75})76.expect('status', 200)77.then(({ json: jsonLogin }) => {78return frisby.get(REST_URL + '/order-history/orders', {79headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }80})81.expect('status', 403)82})83})84it('GET all orders for accountant', () => {86return frisby.post(REST_URL + '/user/login', {87headers: jsonHeader,88body: {89email: 'accountant@' + config.get<string>('application.domain'),90password: 'i am an awesome accountant'91}92})93.expect('status', 200)94.then(({ json: jsonLogin }) => {95return frisby.get(REST_URL + '/order-history/orders', {96headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }97})98.expect('status', 200)99})100})101})102describe('/rest/order-history/:id/delivery-status', () => {104it('PUT delivery status is forbidden for admin', () => {105return frisby.post(REST_URL + '/user/login', {106headers: jsonHeader,107body: {108email: 'admin@' + config.get<string>('application.domain'),109password: 'admin123'110}111})112.expect('status', 200)113.then(({ json: jsonLogin }) => {114return frisby.put(REST_URL + '/order-history/1/delivery-status', {115headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' },116body: {117delivered: false118}119})120.expect('status', 403)121})122})123it('PUT delivery status is forbidden for customer', () => {125return frisby.post(REST_URL + '/user/login', {126headers: jsonHeader,127body: {128email: 'jim@' + config.get<string>('application.domain'),129password: 'ncc-1701'130}131})132.expect('status', 200)133.then(({ json: jsonLogin }) => {134return frisby.put(REST_URL + '/order-history/1/delivery-status', {135headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' },136body: {137delivered: false138}139})140.expect('status', 403)141})142})143it('PUT delivery status is allowed for accountant', () => {145return frisby.post(REST_URL + '/user/login', {146headers: jsonHeader,147body: {148email: 'accountant@' + config.get<string>('application.domain'),149password: 'i am an awesome accountant'150}151})152.expect('status', 200)153.then(({ json: jsonLogin }) => {154return frisby.put(REST_URL + '/order-history/1/delivery-status', {155headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' },156body: {157delivered: false158}159})160.expect('status', 200)161})162})163})164