Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
xit('POST file type XML with dev/random attack', () => { // FIXME fails with "socket hang up" error from node-fetch
const file = path.resolve(__dirname, '../files/xxeDevRandom.xml')
const form = frisby.formData()
form.append('file', fs.createReadStream(file))
return frisby.post(URL + '/file-upload', {
headers: { 'Content-Type': form.getHeaders()['content-type'] },
body: form
})
})
}
it("should allow insertion of a NULL value", function (doneFn) {
frisby.post(packets_url, packet_with_null, {json: true})
.expect('status', 201)
.then(function (res) {
// We've POSTed the packet. Now retrieve it and make sure
// the null value is not there.
const packet_link = res.headers.get('location');
// Retrieve and check the POSTed packet
return frisby.get(packet_link)
.expect('status', 200)
.then(function (res) {
expect(JSON.parse(res.body)).toEqual([form_deep_packet(0)]);
});
})
.done(doneFn);
});
it("should return status 400 when restaurantId is invalid", async () => {
const order = createOrder(-1, 10);
await frisby.post(orderUrl, { order }).expect("status", 400);
});
});
it('POST security answer for a newly registered user', () => {
return frisby.post(API_URL + '/Users', {
email: 'new.user@te.st',
password: '12345'
}, { json: true })
.expect('status', 201)
.then(({ json }) => {
return frisby.post(API_URL + '/SecurityAnswers', {
headers: authHeader,
body: {
UserId: json.id,
SecurityQuestionId: 1,
answer: 'Horst'
}
})
.expect('status', 201)
.expect('header', 'content-type', /application\/json/)
.expect('jsonTypes', 'data', {
it('POST new complaint', function (done) {
frisby.post(API_URL + '/Complaints', {
headers: authHeader,
body: {
message: 'My stuff never arrived! This is outrageous!'
}
})
.expect('status', 200)
.expect('header', 'content-type', /application\/json/)
.expect('jsonTypes', 'data', {
id: Joi.number(),
createdAt: Joi.string(),
updatedAt: Joi.string()
})
.done(done)
})
it('GET password change with passing wrong current password', () => {
return frisby.post(REST_URL + '/user/login', {
headers: jsonHeader,
body: {
email: 'bjoern@' + config.get('application.domain'),
password: 'monkey summer birthday are all bad passwords but work just fine in a long passphrase'
}
})
.expect('status', 200)
.then(({ json }) => {
return frisby.get(REST_URL + '/user/change-password?current=definetely_wrong&new=blubb&repeat=blubb', {
headers: { Authorization: 'Bearer ' + json.authentication.token }
})
.expect('status', 401)
.expect('bodyContains', 'Current password is not correct')
})
})
async function register ({ email, password, totpSecret }) {
const res = await frisby
.post(API_URL + '/Users/', {
email,
password,
passwordRepeat: password,
securityQuestion: null,
securityAnswer: null
}).catch(() => {
throw new Error(`Failed to register '${email}'`)
})
if (totpSecret) {
const { token } = await login({ email, password })
await frisby.post(
REST_URL + '/2fa/setup',
{
beforeAll(() => {
return frisby.post(REST_URL + '/user/login', {
headers: jsonHeader,
body: {
email: 'jim@' + config.get('application.domain'),
password: 'ncc-1701'
}
})
.expect('status', 200)
.then(({ json }) => {
authHeader = { Authorization: 'Bearer ' + json.authentication.token, 'content-type': 'application/json' }
})
})
it("Should POST a packet with a matched value of 'measurement'", function (doneFn) {
frisby.post(packet_url, good_measurement_packet, {json: true})
.expect('status', 201)
.done(doneFn);
});
});
it("Unsupported output format", function(doneFn) {
frisby.post(baseUrl + '/html5', {
body: invalid_output,
headers: { 'Content-Type': contentType }
})
.expect('status', 400)
.expect('header', "content-type", "application/json; charset=utf-8")
.expect('json', {
code: "E_INVALID_NEW_RECORD",
})
.done(doneFn);
});