diff --git a/e2e-tests/cypress/e2e/api-tests/000_accounts/postUpdatePassword.cy.js b/e2e-tests/cypress/e2e/api-tests/000_accounts/postUpdatePassword.cy.js new file mode 100644 index 0000000000..4067d55be9 --- /dev/null +++ b/e2e-tests/cypress/e2e/api-tests/000_accounts/postUpdatePassword.cy.js @@ -0,0 +1,129 @@ +import { METHOD, STATUS_CODE } from "../../../support/api/api-const"; +import API from "../../../support/ApiUrls"; + +context("Update password", { tags: ['accounts', 'firstPool', 'all'] }, () => { + const name = "TestUserRegistration"; + + it("Change password", () => { + cy.request({ + method: METHOD.POST, + url: API.ApiServer + API.ChangePassword, + body: { + username: name, + oldPassword: "test", + newPassword: "test1" + } + }).then((response) => { + expect(response.status).to.eq(STATUS_CODE.OK); + expect(response.body).to.have.property("username", name); + expect(response.body).to.have.property("role", "USER"); + }).then(() => { + cy.request({ + method: METHOD.POST, + url: API.ApiServer + API.AccountsLogin, + body: { + username: name, + password: "test1" + } + }).then((response) => { + expect(response.status).to.eq(STATUS_CODE.OK); + expect(response.body).to.have.property("username", name); + expect(response.body).to.have.property("role", "USER"); + }); + cy.request({ + method: METHOD.POST, + url: API.ApiServer + API.AccountsLogin, + body: { + username: name, + password: "test" + }, + failOnStatusCode: false + }).then((response) => { + expect(response.status).to.eq(STATUS_CODE.UNAUTHORIZED); + }); + }); + }); + + it("Change password without body - Negative", () => { + cy.request({ + method: METHOD.POST, + url: API.ApiServer + API.ChangePassword, + failOnStatusCode: false + }).then((response) => { + expect(response.status).to.eq(STATUS_CODE.UNPROCESSABLE); + }) + }); + + it("Change password with wrong password body - Negative", () => { + cy.request({ + method: METHOD.POST, + url: API.ApiServer + API.ChangePassword, + body: { + username: name, + oldPassword: "test", + newPassword: "test2" + }, + failOnStatusCode: false + }).then((response) => { + expect(response.status).to.eq(STATUS_CODE.UNAUTHORIZED); + }) + }); + + it('Change password without username - Negative', () => { + cy.request({ + method: METHOD.POST, + url: API.ApiServer + API.ChangePassword, + body: { + oldPassword: "test", + newPassword: "test1" + }, + failOnStatusCode: false + }).then((response) => { + expect(response.status).to.eq(STATUS_CODE.UNPROCESSABLE); + }) + }); + + it('Change password without old password - Negative', () => { + cy.request({ + method: METHOD.POST, + url: API.ApiServer + API.ChangePassword, + body: { + username: name, + newPassword: "test1" + }, + failOnStatusCode: false + }).then((response) => { + expect(response.status).to.eq(STATUS_CODE.UNPROCESSABLE); + }) + }); + + it('Change password with wrong username - Negative', () => { + cy.request({ + method: METHOD.POST, + url: API.ApiServer + API.ChangePassword, + body: { + username: name + "fdsafds", + oldPassword: "test", + newPassword: "test1" + }, + failOnStatusCode: false + }).then((response) => { + expect(response.status).to.eq(STATUS_CODE.UNAUTHORIZED); + }) + }); + + it('Change password with sql infection - Negative', () => { + cy.request({ + method: METHOD.POST, + url: API.ApiServer + API.ChangePassword, + body: { + username: 'select * from users where id = 1 or 1=1', + oldPassword: "test", + newPassword: "test1" + }, + failOnStatusCode: false + }).then((response) => { + expect(response.status).to.eq(STATUS_CODE.UNAUTHORIZED); + }) + }); +}); diff --git a/e2e-tests/cypress/support/ApiUrls.js b/e2e-tests/cypress/support/ApiUrls.js index b07d4fa8cc..da403ac041 100644 --- a/e2e-tests/cypress/support/ApiUrls.js +++ b/e2e-tests/cypress/support/ApiUrls.js @@ -4,6 +4,7 @@ const API = { //Accounts Accounts: "accounts/", AccountsLogin: "accounts/login/", + ChangePassword: "accounts/change-password/", AccessToken: "accounts/access-token/", RootAuthorities: "accounts/root-authorities", Installer: "accounts/installer",