juice-shop
73 строки · 2.0 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import frisby = require('frisby')
7const Joi = frisby.Joi
8const security = require('../../lib/insecurity')
9
10const API_URL = 'http://localhost:3000/api'
11
12const authHeader = { Authorization: `Bearer ${security.authorize()}`, 'content-type': 'application/json' }
13
14describe('/api/Recycles', () => {
15it('POST new recycle', () => {
16return frisby.post(`${API_URL}/Recycles`, {
17headers: authHeader,
18body: {
19quantity: 200,
20AddressId: '1',
21isPickup: true,
22date: '2017-05-31'
23}
24})
25.expect('status', 201)
26.expect('header', 'content-type', /application\/json/)
27.expect('jsonTypes', 'data', {
28id: Joi.number(),
29createdAt: Joi.string(),
30updatedAt: Joi.string()
31})
32})
33
34it('Will prevent GET all recycles from this endpoint', () => {
35return frisby.get(`${API_URL}/Recycles`)
36.expect('status', 200)
37.expect('header', 'content-type', /application\/json/)
38.expect('jsonTypes', 'data', {
39err: 'Sorry, this endpoint is not supported.'
40})
41})
42
43it('Will GET existing recycle from this endpoint', () => {
44return frisby.get(`${API_URL}/Recycles/1`)
45.expect('status', 200)
46.expect('header', 'content-type', /application\/json/)
47.expect('jsonTypes', 'data.*', {
48id: Joi.number(),
49UserId: Joi.number(),
50AddressId: Joi.number(),
51quantity: Joi.number(),
52isPickup: Joi.boolean(),
53date: Joi.date(),
54createdAt: Joi.string(),
55updatedAt: Joi.string()
56})
57})
58
59it('PUT update existing recycle is forbidden', () => {
60return frisby.put(`${API_URL}/Recycles/1`, {
61headers: authHeader,
62body: {
63quantity: 100000
64}
65})
66.expect('status', 401)
67})
68
69it('DELETE existing recycle is forbidden', () => {
70return frisby.del(`${API_URL}/Recycles/1`, { headers: authHeader })
71.expect('status', 401)
72})
73})
74