Spaces:
Runtime error
Runtime error
| module.exports = function (request, app) { | |
| describe('Unhauthenticated Suite Tests', () => { | |
| describe('Testing Unauthenticated User routes', () => { | |
| it('should return 401 Unauthorized', async () => { | |
| var response = await request(app).get('/api/users'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/users'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/users/checktoken'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/users/me'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/users/me'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/users/refreshtoken'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).delete('/api/users/refreshtoken'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/users/reviewers'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/users/token'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/users/totp'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/users/totp'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).delete('/api/users/totp'); | |
| expect(response.status).toBe(401); | |
| // put /api/users/{id} | |
| response = await request(app).put('/api/users/1'); | |
| expect(response.status).toBe(401); | |
| // get /api/users/{username} | |
| response = await request(app).get('/api/users/test'); | |
| expect(response.status).toBe(401); | |
| }); | |
| it('should return 200 Ok', async () => { | |
| // First use | |
| var response = await request(app).get('/api/users/init'); | |
| expect(response.status).toBe(200); | |
| var response = await request(app).post('/api/users/init'); | |
| expect(response.status).toBe(422); | |
| // Login | |
| response = await request(app).post('/api/users/token'); | |
| expect(response.status).toBe(422); | |
| }); | |
| }); | |
| describe('Testing Unauthenticated Data routes', () => { | |
| it('should return 401 Unauthorized', async () => { | |
| var response = await request(app).get('/api/data/roles'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/data/languages'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/data/languages'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/data/languages'); | |
| expect(response.status).toBe(401); | |
| // delete /api/data/languages/{locale(*)} | |
| response = await request(app).delete('/api/data/languages/en'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/data/audit-types'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/data/audit-types'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/data/audit-types'); | |
| expect(response.status).toBe(401); | |
| // delete /api/data/audit-types/{name(*)} | |
| response = await request(app).delete('/api/data/audit-types/Internal'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/data/vulnerability-categories'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post( | |
| '/api/data/vulnerability-categories', | |
| ); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/data/vulnerability-categories'); | |
| expect(response.status).toBe(401); | |
| // delete /api/data/vulnerability-categories/{name(*)} | |
| response = await request(app).delete( | |
| '/api/data/vulnerability-categories/Web', | |
| ); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/data/sections'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/data/sections'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/data/sections'); | |
| expect(response.status).toBe(401); | |
| // delete /api/data/sections/{field}/{locale(*)} | |
| response = await request(app).delete( | |
| '/api/data/sections/attack_scenario/en', | |
| ); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/data/custom-fields'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/data/custom-fields'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/data/custom-fields'); | |
| expect(response.status).toBe(401); | |
| // delete /api/data/custom-fields/{fieldId} | |
| response = await request(app).delete( | |
| '/api/data/custom-fields/attack_scenario', | |
| ); | |
| expect(response.status).toBe(401); | |
| }); | |
| }); | |
| describe('Testing Unauthenticated Company routes', () => { | |
| it('should return 401 Unauthorized', async () => { | |
| var response = await request(app).get('/api/companies'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/companies'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/companies/FSociety'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).delete('/api/companies/FSociety'); | |
| expect(response.status).toBe(401); | |
| }); | |
| }); | |
| describe('Testing Unauthenticated Client routes', () => { | |
| it('should return 401 Unauthorized', async () => { | |
| var response = await request(app).get('/api/clients'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/clients'); | |
| expect(response.status).toBe(401); | |
| // put /api/clients/{id} | |
| response = await request(app).put('/api/clients/[email protected]'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).delete('/api/clients/[email protected]'); | |
| expect(response.status).toBe(401); | |
| }); | |
| }); | |
| describe('Testing Unauthenticated Template routes', () => { | |
| it('should return 401 Unauthorized', async () => { | |
| var response = await request(app).get('/api/templates'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/templates'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/templates/1234'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).delete('/api/templates/1234'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/templates/download/1234'); | |
| expect(response.status).toBe(401); | |
| }); | |
| }); | |
| describe('Testing Unauthenticated Images routes', () => { | |
| it('should return 401 Unauthorized', async () => { | |
| // get /api/images/{imageId} | |
| var response = await request(app).get('/api/images/1'); | |
| expect(response.status).toBe(401); | |
| // delete /api/images/{imageId} | |
| response = await request(app).delete('/api/images/1'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/images'); | |
| expect(response.status).toBe(401); | |
| // get /api/images/download/{imageId} | |
| response = await request(app).get('/api/images/download/1'); | |
| expect(response.status).toBe(401); | |
| }); | |
| }); | |
| describe('Testing Unauthenticated Settings routes', () => { | |
| it('should return 401 Unauthorized', async () => { | |
| var response = await request(app).get('/api/settings'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/settings'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/settings/public'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/settings/revert'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/settings/export'); | |
| expect(response.status).toBe(401); | |
| }); | |
| }); | |
| describe('Testing Unauthenticated Vulnerability routes', () => { | |
| it('should return 401 Unauthorized', async () => { | |
| var response = await request(app).get('/api/vulnerabilities'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/vulnerabilities'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).delete('/api/vulnerabilities'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/vulnerabilities/export'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/vulnerabilities/1234'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).delete('/api/vulnerabilities/1234'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/vulnerabilities/en'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/vulnerabilities/finding/en'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).get('/api/vulnerabilities/updates/1234'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).put('/api/vulnerabilities/merge/1234'); | |
| expect(response.status).toBe(401); | |
| }); | |
| }); | |
| describe('Testing Unauthenticated Audit routes', () => { | |
| it('should return 401 Unauthorized', async () => { | |
| var response = await request(app).get('/api/audits'); | |
| expect(response.status).toBe(401); | |
| response = await request(app).post('/api/audits'); | |
| expect(response.status).toBe(401); | |
| // delete /api/audits/{auditId} | |
| response = await request(app).delete('/api/audits/1234'); | |
| expect(response.status).toBe(401); | |
| // get /api/audits/{auditId} | |
| response = await request(app).get('/api/audits/1234'); | |
| expect(response.status).toBe(401); | |
| // get /api/audits/{auditId}/general | |
| response = await request(app).get('/api/audits/1234/general'); | |
| expect(response.status).toBe(401); | |
| // put /api/audits/{auditId}/general | |
| response = await request(app).put('/api/audits/1234/general'); | |
| expect(response.status).toBe(401); | |
| // get /api/audits/{auditId}/network | |
| response = await request(app).get('/api/audits/1234/network'); | |
| expect(response.status).toBe(401); | |
| // put /api/audits/{auditId}/network | |
| response = await request(app).put('/api/audits/1234/network'); | |
| expect(response.status).toBe(401); | |
| // post /api/audits/{auditId}/findings | |
| response = await request(app).post('/api/audits/1234/findings'); | |
| expect(response.status).toBe(401); | |
| // get /api/audits/{auditId}/findings/{findingId} | |
| response = await request(app).get('/api/audits/1234/findings/1234'); | |
| expect(response.status).toBe(401); | |
| // put /api/audits/{auditId}/findings/{findingId} | |
| response = await request(app).put('/api/audits/1234/findings/1234'); | |
| expect(response.status).toBe(401); | |
| // delete /api/audits/{auditId}/findings/{findingId} | |
| response = await request(app).delete('/api/audits/1234/findings/1234'); | |
| expect(response.status).toBe(401); | |
| // get /api/audits/{auditId}/sections/{sectionId} | |
| response = await request(app).get('/api/audits/1234/sections/1234'); | |
| expect(response.status).toBe(401); | |
| // put /api/audits/{auditId}/sections/{sectionId} | |
| response = await request(app).put('/api/audits/1234/sections/1234'); | |
| expect(response.status).toBe(401); | |
| // get /api/audits/{auditId}/generate | |
| response = await request(app).get('/api/audits/1234/generate'); | |
| expect(response.status).toBe(401); | |
| // put /api/audits/{auditId}/sortfindings | |
| response = await request(app).put('/api/audits/1234/sortfindings'); | |
| expect(response.status).toBe(401); | |
| // put /api/audits/{auditId}/movefinding | |
| response = await request(app).put('/api/audits/1234/movefinding'); | |
| expect(response.status).toBe(401); | |
| // put /api/audits/{auditId}/toggleApproval | |
| response = await request(app).put('/api/audits/1234/toggleApproval'); | |
| expect(response.status).toBe(401); | |
| // put /api/audits/{auditId}/updateReadyForReview | |
| response = await request(app).put( | |
| '/api/audits/1234/updateReadyForReview', | |
| ); | |
| expect(response.status).toBe(401); | |
| }); | |
| }); | |
| }); | |
| }; | |