juice-shop

1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import frisby = require('frisby')
7
const Joi = frisby.Joi
8

9
const REST_URL = 'http://localhost:3000/rest'
10

11
describe('/rest/track-order/:id', () => {
12
  it('GET tracking results for the order id', () => {
13
    return frisby.get(REST_URL + '/track-order/5267-f9cd5882f54c75a3')
14
      .expect('status', 200)
15
      .expect('json', {})
16
  })
17

18
  it('GET all orders by injecting into orderId', () => {
19
    const product = Joi.object().keys({
20
      quantity: Joi.number(),
21
      name: Joi.string(),
22
      price: Joi.number(),
23
      total: Joi.number()
24
    })
25
    return frisby.get(REST_URL + '/track-order/%27%20%7C%7C%20true%20%7C%7C%20%27')
26
      .expect('status', 200)
27
      .expect('header', 'content-type', /application\/json/)
28
      .expect('jsonTypes', 'data.*', {
29
        orderId: Joi.string(),
30
        email: Joi.string(),
31
        totalPrice: Joi.number(),
32
        products: Joi.array().items(product),
33
        eta: Joi.string(),
34
        _id: Joi.string()
35
      })
36
  })
37
})
38