added tests for change password

Celiant · Celiant · commit bbea8d7c73ad · 2025-01-24T16:40:11.000+04:00
diff --git a/e2e-tests/cypress/e2e/api-tests/000_accounts/postUpdatePassword.cy.js b/e2e-tests/cypress/e2e/api-tests/000_accounts/postUpdatePassword.cy.js
@@ -0,0 +1,129 @@
+import { METHOD, STATUS_CODE } from "../../../support/api/api-const";
+import API from "../../../support/ApiUrls";
+
+context("Update password", { tags: ['accounts', 'firstPool', 'all'] }, () => {
+    const name = "TestUserRegistration";
+
+    it("Change password", () => {
+        cy.request({
+            method: METHOD.POST,
+            url: API.ApiServer + API.ChangePassword,
+            body: {
+                username: name,
+                oldPassword: "test",
+                newPassword: "test1"
+            }
+        }).then((response) => {
+            expect(response.status).to.eq(STATUS_CODE.OK);
+            expect(response.body).to.have.property("username", name);
+            expect(response.body).to.have.property("role", "USER");
+        }).then(() => {
+            cy.request({
+                method: METHOD.POST,
+                url: API.ApiServer + API.AccountsLogin,
+                body: {
+                    username: name,
+                    password: "test1"
+                }
+            }).then((response) => {
+                expect(response.status).to.eq(STATUS_CODE.OK);
+                expect(response.body).to.have.property("username", name);
+                expect(response.body).to.have.property("role", "USER");
+            });
+            cy.request({
+                method: METHOD.POST,
+                url: API.ApiServer + API.AccountsLogin,
+                body: {
+                    username: name,
+                    password: "test"
+                },
+                failOnStatusCode: false
+            }).then((response) => {
+                expect(response.status).to.eq(STATUS_CODE.UNAUTHORIZED);
+            });
+        });
+    });
+
+    it("Change password without body - Negative", () => {
+        cy.request({
+            method: METHOD.POST,
+            url: API.ApiServer + API.ChangePassword,
+            failOnStatusCode: false
+        }).then((response) => {
+            expect(response.status).to.eq(STATUS_CODE.UNPROCESSABLE);
+        })
+    });
+
+    it("Change password with wrong password body - Negative", () => {
+        cy.request({
+            method: METHOD.POST,
+            url: API.ApiServer + API.ChangePassword,
+            body: {
+                username: name,
+                oldPassword: "test",
+                newPassword: "test2"
+            },
+            failOnStatusCode: false
+        }).then((response) => {
+            expect(response.status).to.eq(STATUS_CODE.UNAUTHORIZED);
+        })
+    });
+
+    it('Change password without username - Negative', () => {
+        cy.request({
+            method: METHOD.POST,
+            url: API.ApiServer + API.ChangePassword,
+            body: {
+                oldPassword: "test",
+                newPassword: "test1"
+            },
+            failOnStatusCode: false
+        }).then((response) => {
+            expect(response.status).to.eq(STATUS_CODE.UNPROCESSABLE);
+        })
+    });
+
+    it('Change password without old password - Negative', () => {
+        cy.request({
+            method: METHOD.POST,
+            url: API.ApiServer + API.ChangePassword,
+            body: {
+                username: name,
+                newPassword: "test1"
+            },
+            failOnStatusCode: false
+        }).then((response) => {
+            expect(response.status).to.eq(STATUS_CODE.UNPROCESSABLE);
+        })
+    });
+
+    it('Change password with wrong username - Negative', () => {
+        cy.request({
+            method: METHOD.POST,
+            url: API.ApiServer + API.ChangePassword,
+            body: {
+                username: name + "fdsafds",
+                oldPassword: "test",
+                newPassword: "test1"
+            },
+            failOnStatusCode: false
+        }).then((response) => {
+            expect(response.status).to.eq(STATUS_CODE.UNAUTHORIZED);
+        })
+    });
+
+    it('Change password with sql infection - Negative', () => {
+        cy.request({
+            method: METHOD.POST,
+            url: API.ApiServer + API.ChangePassword,
+            body: {
+                username: 'select * from users where id = 1 or 1=1',
+                oldPassword: "test",
+                newPassword: "test1"
+            },
+            failOnStatusCode: false
+        }).then((response) => {
+            expect(response.status).to.eq(STATUS_CODE.UNAUTHORIZED);
+        })
+    });
+});
diff --git a/e2e-tests/cypress/support/ApiUrls.js b/e2e-tests/cypress/support/ApiUrls.js
@@ -4,6 +4,7 @@ const API = {
     //Accounts
     Accounts: "accounts/",
     AccountsLogin: "accounts/login/",
+    ChangePassword: "accounts/change-password/",
     AccessToken: "accounts/access-token/",
     RootAuthorities: "accounts/root-authorities",
     Installer: "accounts/installer",
