forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthenticatedUsersSpec.ts
43 lines (35 loc) · 1.46 KB
/
authenticatedUsersSpec.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
/*
* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
* SPDX-License-Identifier: MIT
*/
import frisby = require('frisby')
import * as security from '../../lib/insecurity'
import { expect } from '@jest/globals'
import config from 'config'
const REST_URL = 'http://localhost:3000/rest'
const jsonHeader = { ContentType: 'application/json' }
const authHeader = { Authorization: `Bearer ${security.authorize({ data: { email: '[email protected]' } })}`, 'content-type': 'application/json' }
describe('/rest/user/authentication-details', () => {
it('GET all users with password replaced by asterisks', () => {
return frisby.get(`${REST_URL}/user/authentication-details`, { headers: authHeader })
.expect('status', 200)
.expect('json', 'data.?', {
password: '********************************'
})
})
it('GET returns lastLoginTime for users with active sessions', async () => {
await frisby.post(`${REST_URL}/user/login`, {
headers: jsonHeader,
body: {
email: `jim@${config.get<string>('application.domain')}`,
password: 'ncc-1701'
}
}).promise()
const response = await frisby.get(`${REST_URL}/user/authentication-details`, { headers: authHeader })
.expect('status', 200)
.promise()
const jim = response.json.data.find((user: any) => user.email.startsWith('jim@'))
expect(jim).not.toBe(null)
expect(jim.lastLoginTime).toEqual(expect.any(Number))
})
})