From c39d5433bcd13993def222bbb2b6988bbb810a05 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 11 Oct 2024 11:21:22 +1000 Subject: [PATCH] Fix CVE-2024-46256 and CVE-2024-46257 - Schema validate against bad domain characters - Integration test for CVE POC examples - Cypress rewrite of plugins for file upload --- backend/schema/common.json | 2 +- backend/schema/components/error.json | 9 + .../schema/paths/nginx/certificates/post.json | 20 ++ .../nginx/certificates/validate/post.json | 39 ++++ .../nginx/dead-hosts/hostID/disable/post.json | 2 +- .../nginx/dead-hosts/hostID/enable/post.json | 2 +- .../proxy-hosts/hostID/disable/post.json | 2 +- .../nginx/proxy-hosts/hostID/enable/post.json | 2 +- .../hostID/disable/post.json | 2 +- .../redirection-hosts/hostID/enable/post.json | 2 +- .../nginx/streams/streamID/disable/post.json | 2 +- .../nginx/streams/streamID/enable/post.json | 2 +- test/cypress/e2e/api/Certificates.cy.js | 50 +++++ .../cypress/fixtures/test.example.com-key.pem | 28 +++ test/cypress/fixtures/test.example.com.pem | 26 +++ test/cypress/plugins/backendApi/client.js | 192 +++++++++--------- test/cypress/plugins/backendApi/task.js | 32 ++- test/package.json | 7 +- test/yarn.lock | 117 +++++------ 19 files changed, 358 insertions(+), 180 deletions(-) create mode 100644 backend/schema/components/error.json create mode 100644 test/cypress/e2e/api/Certificates.cy.js create mode 100644 test/cypress/fixtures/test.example.com-key.pem create mode 100644 test/cypress/fixtures/test.example.com.pem diff --git a/backend/schema/common.json b/backend/schema/common.json index ebeb344..83de014 100644 --- a/backend/schema/common.json +++ b/backend/schema/common.json @@ -76,7 +76,7 @@ "uniqueItems": true, "items": { "type": "string", - "pattern": "^(?:\\*\\.)?(?:[^.*]+\\.?)+[^.]$" + "pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$" } }, "enabled": { diff --git a/backend/schema/components/error.json b/backend/schema/components/error.json new file mode 100644 index 0000000..ceb3e14 --- /dev/null +++ b/backend/schema/components/error.json @@ -0,0 +1,9 @@ +{ + "type": "object", + "description": "Error", + "properties": { + "error": { + "$ref": "./error-object.json" + } + } +} diff --git a/backend/schema/paths/nginx/certificates/post.json b/backend/schema/paths/nginx/certificates/post.json index 1b2e046..5a3306c 100644 --- a/backend/schema/paths/nginx/certificates/post.json +++ b/backend/schema/paths/nginx/certificates/post.json @@ -72,6 +72,26 @@ } } } + }, + "400": { + "description": "400 response", + "content": { + "application/json": { + "examples": { + "default": { + "value": { + "error": { + "code": 400, + "message": "Domains are invalid" + } + } + } + }, + "schema": { + "$ref": "../../../components/error.json" + } + } + } } } } diff --git a/backend/schema/paths/nginx/certificates/validate/post.json b/backend/schema/paths/nginx/certificates/validate/post.json index 94f02f5..21eb325 100644 --- a/backend/schema/paths/nginx/certificates/validate/post.json +++ b/backend/schema/paths/nginx/certificates/validate/post.json @@ -50,6 +50,42 @@ "certificate_key": true } } + }, + "schema": { + "type": "object", + "additionalProperties": false, + "required": ["certificate", "certificate_key"], + "properties": { + "certificate": { + "type": "object", + "additionalProperties": false, + "required": ["cn", "issuer", "dates"], + "properties": { + "cn": { + "type": "string" + }, + "issuer": { + "type": "string" + }, + "dates": { + "type": "object", + "additionalProperties": false, + "required": ["from", "to"], + "properties": { + "from": { + "type": "integer" + }, + "to": { + "type": "integer" + } + } + } + } + }, + "certificate_key": { + "type": "boolean" + } + } } } } @@ -67,6 +103,9 @@ } } } + }, + "schema": { + "$ref": "../../../../components/error.json" } } } diff --git a/backend/schema/paths/nginx/dead-hosts/hostID/disable/post.json b/backend/schema/paths/nginx/dead-hosts/hostID/disable/post.json index 528d05d..2cdcecf 100644 --- a/backend/schema/paths/nginx/dead-hosts/hostID/disable/post.json +++ b/backend/schema/paths/nginx/dead-hosts/hostID/disable/post.json @@ -50,7 +50,7 @@ } }, "schema": { - "$ref": "../../../../../components/error-object.json" + "$ref": "../../../../../components/error.json" } } } diff --git a/backend/schema/paths/nginx/dead-hosts/hostID/enable/post.json b/backend/schema/paths/nginx/dead-hosts/hostID/enable/post.json index dd95943..ca3ce9f 100644 --- a/backend/schema/paths/nginx/dead-hosts/hostID/enable/post.json +++ b/backend/schema/paths/nginx/dead-hosts/hostID/enable/post.json @@ -50,7 +50,7 @@ } }, "schema": { - "$ref": "../../../../../components/error-object.json" + "$ref": "../../../../../components/error.json" } } } diff --git a/backend/schema/paths/nginx/proxy-hosts/hostID/disable/post.json b/backend/schema/paths/nginx/proxy-hosts/hostID/disable/post.json index 1ff95e8..54ff8a6 100644 --- a/backend/schema/paths/nginx/proxy-hosts/hostID/disable/post.json +++ b/backend/schema/paths/nginx/proxy-hosts/hostID/disable/post.json @@ -50,7 +50,7 @@ } }, "schema": { - "$ref": "../../../../../components/error-object.json" + "$ref": "../../../../../components/error.json" } } } diff --git a/backend/schema/paths/nginx/proxy-hosts/hostID/enable/post.json b/backend/schema/paths/nginx/proxy-hosts/hostID/enable/post.json index 3a5694b..9f052de 100644 --- a/backend/schema/paths/nginx/proxy-hosts/hostID/enable/post.json +++ b/backend/schema/paths/nginx/proxy-hosts/hostID/enable/post.json @@ -50,7 +50,7 @@ } }, "schema": { - "$ref": "../../../../../components/error-object.json" + "$ref": "../../../../../components/error.json" } } } diff --git a/backend/schema/paths/nginx/redirection-hosts/hostID/disable/post.json b/backend/schema/paths/nginx/redirection-hosts/hostID/disable/post.json index 7531ac3..8433220 100644 --- a/backend/schema/paths/nginx/redirection-hosts/hostID/disable/post.json +++ b/backend/schema/paths/nginx/redirection-hosts/hostID/disable/post.json @@ -50,7 +50,7 @@ } }, "schema": { - "$ref": "../../../../../components/error-object.json" + "$ref": "../../../../../components/error.json" } } } diff --git a/backend/schema/paths/nginx/redirection-hosts/hostID/enable/post.json b/backend/schema/paths/nginx/redirection-hosts/hostID/enable/post.json index 60f4faf..bef5343 100644 --- a/backend/schema/paths/nginx/redirection-hosts/hostID/enable/post.json +++ b/backend/schema/paths/nginx/redirection-hosts/hostID/enable/post.json @@ -50,7 +50,7 @@ } }, "schema": { - "$ref": "../../../../../components/error-object.json" + "$ref": "../../../../../components/error.json" } } } diff --git a/backend/schema/paths/nginx/streams/streamID/disable/post.json b/backend/schema/paths/nginx/streams/streamID/disable/post.json index 91c58bb..d1c1b1c 100644 --- a/backend/schema/paths/nginx/streams/streamID/disable/post.json +++ b/backend/schema/paths/nginx/streams/streamID/disable/post.json @@ -50,7 +50,7 @@ } }, "schema": { - "$ref": "../../../../../components/error-object.json" + "$ref": "../../../../../components/error.json" } } } diff --git a/backend/schema/paths/nginx/streams/streamID/enable/post.json b/backend/schema/paths/nginx/streams/streamID/enable/post.json index b14a86f..dc914f5 100644 --- a/backend/schema/paths/nginx/streams/streamID/enable/post.json +++ b/backend/schema/paths/nginx/streams/streamID/enable/post.json @@ -50,7 +50,7 @@ } }, "schema": { - "$ref": "../../../../../components/error-object.json" + "$ref": "../../../../../components/error.json" } } } diff --git a/test/cypress/e2e/api/Certificates.cy.js b/test/cypress/e2e/api/Certificates.cy.js new file mode 100644 index 0000000..043680f --- /dev/null +++ b/test/cypress/e2e/api/Certificates.cy.js @@ -0,0 +1,50 @@ +/// + +describe('Certificates endpoints', () => { + let token; + + before(() => { + cy.getToken().then((tok) => { + token = tok; + }); + }); + + it('Validate custom certificate', function() { + cy.task('backendApiPostFiles', { + token: token, + path: '/api/nginx/certificates/validate', + files: { + certificate: 'test.example.com.pem', + certificate_key: 'test.example.com-key.pem', + }, + }).then((data) => { + cy.validateSwaggerSchema('post', 200, '/nginx/certificates/validate', data); + expect(data).to.have.property('certificate'); + expect(data).to.have.property('certificate_key'); + }); + }); + + it('Request Certificate - CVE-2024-46256/CVE-2024-46257', function() { + cy.task('backendApiPost', { + token: token, + path: '/api/nginx/certificates', + data: { + domain_names: ['test.com"||echo hello-world||\\\\n test.com"'], + meta: { + dns_challenge: false, + letsencrypt_agree: true, + letsencrypt_email: 'admin@example.com', + }, + provider: 'letsencrypt', + }, + returnOnError: true, + }).then((data) => { + cy.validateSwaggerSchema('post', 400, '/nginx/certificates', data); + expect(data).to.have.property('error'); + expect(data.error).to.have.property('message'); + expect(data.error).to.have.property('code'); + expect(data.error.code).to.equal(400); + expect(data.error.message).to.contain('data/domain_names/0 must match pattern'); + }); + }); +}); diff --git a/test/cypress/fixtures/test.example.com-key.pem b/test/cypress/fixtures/test.example.com-key.pem new file mode 100644 index 0000000..307cdc3 --- /dev/null +++ b/test/cypress/fixtures/test.example.com-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1n9j9C5Bes1nd +qACDckERauxXVNKCnUlUM1buGBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2w +rbmvZvLuPmXePOKbIKS+XXh+2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHge +Yz6Cv/Si2/LJPCh/CoBfM4hUQJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQ +oxRAHiOR9081Xn1WeoKr7kVBIa5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7Z +Eo+nS8Wr/4QWicatIWZXpVaEOPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79X +zGONeH1PAgMBAAECggEAANb3Wtwl07pCjRrMvc7WbC0xYIn82yu8/g2qtjkYUJcU +ia5lQbYN7RGCS85Oc/tkq48xQEG5JQWNH8b918jDEMTrFab0aUEyYcru1q9L8PL6 +YHaNgZSrMrDcHcS8h0QOXNRJT5jeGkiHJaTR0irvB526tqF3knbK9yW22KTfycUe +a0Z9voKn5xRk1DCbHi/nk2EpT7xnjeQeLFaTIRXbS68omkr4YGhwWm5OizoyEGZu +W0Zum5BkQyMr6kor3wdxOTG97ske2rcyvvHi+ErnwL0xBv0qY0Dhe8DpuXpDezqw +o72yY8h31Fu84i7sAj24YuE5Df8DozItFXQpkgbQ6QKBgQDPrufhvIFm2S/MzBdW +H8JxY7CJlJPyxOvc1NIl9RczQGAQR90kx52cgIcuIGEG6/wJ/xnGfMmW40F0DnQ+ +N+oLgB9SFxeLkRb7s9Z/8N3uIN8JJFYcerEOiRQeN2BXEEWJ7bUThNtsVrAcKoUh +ELsDmnHW/3V+GKwhd0vpk842+wKBgQDf4PGLG9PTE5tlAoyHFodJRd2RhTJQkwsU +MDNjLJ+KecLv+Nl+QiJhoflG1ccqtSFlBSCG067CDQ5LV0xm3mLJ7pfJoMgjcq31 +qjEmX4Ls91GuVOPtbwst3yFKjsHaSoKB5fBvWRcKFpBUezM7Qcw2JP3+dQT+bQIq +cMTkRWDSvQKBgQDOdCQFDjxg/lR7NQOZ1PaZe61aBz5P3pxNqa7ClvMaOsuEQ7w9 +vMYcdtRq8TsjA2JImbSI0TIg8gb2FQxPcYwTJKl+FICOeIwtaSg5hTtJZpnxX5LO +utTaC0DZjNkTk5RdOdWA8tihyUdGqKoxJY2TVmwGe2rUEDjFB++J4inkEwKBgB6V +g0nmtkxanFrzOzFlMXwgEEHF+Xaqb9QFNa/xs6XeNnREAapO7JV75Cr6H2hFMFe1 +mJjyqCgYUoCWX3iaHtLJRnEkBtNY4kzyQB6m46LtsnnnXO/dwKA2oDyoPfFNRoDq +YatEd3JIXNU9s2T/+x7WdOBjKhh72dTkbPFmTPDdAoGAU6rlPBevqOFdObYxdPq8 +EQWu44xqky3Mf5sBpOwtu6rqCYuziLiN7K4sjN5GD5mb1cEU+oS92ZiNcUQ7MFXk +8yTYZ7U0VcXyAcpYreWwE8thmb0BohJBr+Mp3wLTx32x0HKdO6vpUa0d35LUTUmM +RrKmPK/msHKK/sVHiL+NFqo= +-----END PRIVATE KEY----- diff --git a/test/cypress/fixtures/test.example.com.pem b/test/cypress/fixtures/test.example.com.pem new file mode 100644 index 0000000..16340cd --- /dev/null +++ b/test/cypress/fixtures/test.example.com.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEYDCCAsigAwIBAgIRAPoSC0hvitb26ODMlsH6YbowDQYJKoZIhvcNAQELBQAw +gZExHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEzMDEGA1UECwwqamN1 +cm5vd0BKYW1pZXMtTGFwdG9wLmxvY2FsIChKYW1pZSBDdXJub3cpMTowOAYDVQQD +DDFta2NlcnQgamN1cm5vd0BKYW1pZXMtTGFwdG9wLmxvY2FsIChKYW1pZSBDdXJu +b3cpMB4XDTI0MTAwOTA3MjIxN1oXDTI3MDEwOTA3MjIxN1owXjEnMCUGA1UEChMe +bWtjZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMTMwMQYDVQQLDCpqY3Vybm93 +QEphbWllcy1MYXB0b3AubG9jYWwgKEphbWllIEN1cm5vdykwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC1n9j9C5Bes1ndqACDckERauxXVNKCnUlUM1bu +GBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2wrbmvZvLuPmXePOKbIKS+XXh+ +2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHgeYz6Cv/Si2/LJPCh/CoBfM4hU +QJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQoxRAHiOR9081Xn1WeoKr7kVB +Ia5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7ZEo+nS8Wr/4QWicatIWZXpVaE +OPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79XzGONeH1PAgMBAAGjZTBjMA4G +A1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSB +/vfmBUd4W7CvyEMl7YpMVQs8vTAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29t +MA0GCSqGSIb3DQEBCwUAA4IBgQASwON/jPAHzcARSenY0ZGY1m5OVTYoQ/JWH0oy +l8SyFCQFEXt7UHDD/eTtLT0vMyc190nP57P8lTnZGf7hSinZz1B1d6V4cmzxpk0s +VXZT+irL6bJVJoMBHRpllKAhGULIo33baTrWFKA0oBuWx4AevSWKcLW5j87kEawn +ATCuMQ1I3ifR1mSlB7X8fb+vF+571q0NGuB3a42j6rdtXJ6SmH4+9B4qO0sfHDNt +IImpLCH/tycDpcYrGSCn1QrekFG1bSEh+Bb9i8rqMDSDsYrTFPZTuOQ3EtjGni9u +m+rEP3OyJg+md8c+0LVP7/UU4QWWnw3/Wolo5kSCxE8vNTFqi4GhVbdLnUtcIdTV +XxuR6cKyW87Snj1a0nG76ZLclt/akxDhtzqeV60BO0p8pmiev8frp+E94wFNYCmp +1cr3CnMEGRaficLSDFC6EBENzlZW2BQT6OMIV+g0NBgSyQe39s2zcdEl5+SzDVuw +hp8bJUp/QN7pnOVCDbjTQ+HVMXw= +-----END CERTIFICATE----- diff --git a/test/cypress/plugins/backendApi/client.js b/test/cypress/plugins/backendApi/client.js index 29684cf..e7c0c43 100644 --- a/test/cypress/plugins/backendApi/client.js +++ b/test/cypress/plugins/backendApi/client.js @@ -1,9 +1,14 @@ const logger = require('./logger'); -const restler = require('@jc21/restler'); +const axios = require('axios').default; const BackendApi = function(config, token) { this.config = config; this.token = token; + + this.axios = axios.create({ + baseURL: config.baseUrl, + timeout: 5000, + }); }; /** @@ -14,129 +19,114 @@ BackendApi.prototype.setToken = function(token) { }; /** + * @param {bool} returnOnError + */ +BackendApi.prototype._prepareOptions = function(returnOnError) { + let options = { + headers: { + Accept: 'application/json' + } + } + if (this.token) { + options.headers.Authorization = 'Bearer ' + this.token; + } + if (returnOnError) { + options.validateStatus = function () { + return true; + } + } + return options; +}; + +/** + * @param {*} response + * @param {function} resolve + * @param {function} reject + * @param {bool} returnOnError + */ +BackendApi.prototype._handleResponse = function(response, resolve, reject, returnOnError) { + logger('Response data:', response.data); + if (!returnOnError && typeof response.data === 'object' && typeof response.data.error === 'object') { + if (typeof response.data === 'object' && typeof response.data.error === 'object' && typeof response.data.error.message !== 'undefined') { + reject(new Error(response.data.error.code + ': ' + response.data.error.message)); + } else { + reject(new Error('Error ' + response.status)); + } + } else { + resolve(response.data); + } +}; + +/** + * @param {*} err + * @param {function} resolve + * @param {function} reject + * @param {bool} returnOnError + */ +BackendApi.prototype._handleError = function(err, resolve, reject, returnOnError) { + logger('Axios Error:', err); + if (returnOnError) { + resolve(typeof err.response.data !== 'undefined' ? err.response.data : err); + } else { + reject(err); + } +}; + +/** + * @param {string} method * @param {string} path * @param {bool} [returnOnError] + * @param {*} [data] * @returns {Promise} */ -BackendApi.prototype.get = function(path, returnOnError) { +BackendApi.prototype.request = function (method, path, returnOnError, data) { + logger(method.toUpperCase(), this.config.baseUrl + path); + const options = this._prepareOptions(returnOnError); + return new Promise((resolve, reject) => { - let headers = { - Accept: 'application/json' - }; - if (this.token) { - headers.Authorization = 'Bearer ' + this.token; + let opts = { + method: method, + url: path, + ...options + } + if (data !== undefined && data !== null) { + opts.data = data; } - logger('GET ', this.config.baseUrl + path); - - restler - .get(this.config.baseUrl + path, { - headers: headers, + this.axios(opts) + .then((response) => { + this._handleResponse(response, resolve, reject, returnOnError); }) - .on('complete', function(data, response) { - logger('Response data:', data); - if (!returnOnError && data instanceof Error) { - reject(data); - } else if (!returnOnError && response.statusCode != 200) { - if (typeof data === 'object' && typeof data.error === 'object' && typeof data.error.message !== 'undefined') { - reject(new Error(data.error.code + ': ' + data.error.message)); - } else { - reject(new Error('Error ' + response.statusCode)); - } - } else { - resolve(data); - } + .catch((err) => { + this._handleError(err, resolve, reject, returnOnError); }); }); }; /** * @param {string} path + * @param {form} form * @param {bool} [returnOnError] * @returns {Promise} */ -BackendApi.prototype.delete = function(path, returnOnError) { +BackendApi.prototype.postForm = function (path, form, returnOnError) { + logger('POST', this.config.baseUrl + path); + const options = this._prepareOptions(returnOnError); + return new Promise((resolve, reject) => { - let headers = { - Accept: 'application/json' - }; - if (this.token) { - headers.Authorization = 'Bearer ' + this.token; + const opts = { + ...options, + ...form.getHeaders(), } - logger('DELETE ', this.config.baseUrl + path); - - restler - .del(this.config.baseUrl + path, { - headers: headers, + this.axios.post(path, form, opts) + .then((response) => { + this._handleResponse(response, resolve, reject, returnOnError); }) - .on('complete', function(data, response) { - logger('Response data:', data); - if (!returnOnError && data instanceof Error) { - reject(data); - } else if (!returnOnError && response.statusCode != 200) { - if (typeof data === 'object' && typeof data.error === 'object' && typeof data.error.message !== 'undefined') { - reject(new Error(data.error.code + ': ' + data.error.message)); - } else { - reject(new Error('Error ' + response.statusCode)); - } - } else { - resolve(data); - } + .catch((err) => { + this._handleError(err, resolve, reject, returnOnError); }); }); }; -/** - * @param {string} path - * @param {object} data - * @param {bool} [returnOnError] - * @returns {Promise} - */ -BackendApi.prototype.postJson = function(path, data, returnOnError) { - logger('POST ', this.config.baseUrl + path); - return this._putPostJson('postJson', path, data, returnOnError); -}; - -/** - * @param {string} path - * @param {object} data - * @param {bool} [returnOnError] - * @returns {Promise} - */ -BackendApi.prototype.putJson = function(path, data, returnOnError) { - logger('PUT ', this.config.baseUrl + path); - return this._putPostJson('putJson', path, data, returnOnError); -}; - -/** - * @param {string} path - * @param {object} data - * @param {bool} [returnOnError] - * @returns {Promise} - */ -BackendApi.prototype._putPostJson = function(fn, path, data, returnOnError) { - return new Promise((resolve, reject) => { - restler[fn](this.config.baseUrl + path, data, { - headers: { - Accept: 'application/json', - Authorization: 'Bearer ' + this.token, - }, - }).on('complete', function(data, response) { - logger('Response data:', data); - if (!returnOnError && data instanceof Error) { - reject(data); - } else if (!returnOnError && (response.statusCode < 200 || response.statusCode >= 300)) { - if (typeof data === 'object' && typeof data.error === 'object' && typeof data.error.message !== 'undefined') { - reject(new Error(data.error.code + ': ' + data.error.message)); - } else { - reject(new Error('Error ' + response.statusCode)); - } - } else { - resolve(data); - } - }); - }); -}; - module.exports = BackendApi; diff --git a/test/cypress/plugins/backendApi/task.js b/test/cypress/plugins/backendApi/task.js index 2f67902..ab9704f 100644 --- a/test/cypress/plugins/backendApi/task.js +++ b/test/cypress/plugins/backendApi/task.js @@ -1,8 +1,9 @@ +const fs = require('fs'); +const FormData = require('form-data'); const logger = require('./logger'); const Client = require('./client'); module.exports = function (config) { - logger('Client Ready using', config.baseUrl); return { @@ -17,7 +18,7 @@ module.exports = function (config) { backendApiGet: (options) => { const api = new Client(config); api.setToken(options.token); - return api.get(options.path, options.returnOnError || false); + return api.request('get', options.path, options.returnOnError || false); }, /** @@ -31,7 +32,26 @@ module.exports = function (config) { backendApiPost: (options) => { const api = new Client(config); api.setToken(options.token); - return api.postJson(options.path, options.data, options.returnOnError || false); + return api.request('post', options.path, options.returnOnError || false, options.data); + }, + + /** + * @param {object} options + * @param {string} options.token JWT + * @param {string} options.path API path + * @param {object} options.files + * @param {bool} [options.returnOnError] If true, will return instead of throwing errors + * @returns {string} + */ + backendApiPostFiles: (options) => { + const api = new Client(config); + api.setToken(options.token); + + const form = new FormData(); + for (let [key, value] of Object.entries(options.files)) { + form.append(key, fs.createReadStream(config.fixturesFolder + '/' + value)); + } + return api.postForm(options.path, form, options.returnOnError || false); }, /** @@ -45,7 +65,7 @@ module.exports = function (config) { backendApiPut: (options) => { const api = new Client(config); api.setToken(options.token); - return api.putJson(options.path, options.data, options.returnOnError || false); + return api.request('put', options.path, options.returnOnError || false, options.data); }, /** @@ -58,7 +78,7 @@ module.exports = function (config) { backendApiDelete: (options) => { const api = new Client(config); api.setToken(options.token); - return api.delete(options.path, options.returnOnError || false); + return api.request('delete', options.path, options.returnOnError || false); } }; -}; \ No newline at end of file +}; diff --git a/test/package.json b/test/package.json index 69b2b86..7032efe 100644 --- a/test/package.json +++ b/test/package.json @@ -1,11 +1,11 @@ { - "name": "test", + "name": "npm-test", "version": "1.0.0", "description": "", "main": "index.js", "dependencies": { - "@jc21/cypress-swagger-validation": "^0.2.6", - "@jc21/restler": "^3.4.0", + "@jc21/cypress-swagger-validation": "^0.2.7", + "axios": "^1.7.7", "cypress": "^13.15.0", "cypress-multi-reporters": "^1.6.4", "cypress-wait-until": "^3.0.2", @@ -13,6 +13,7 @@ "eslint-plugin-align-assignments": "^1.1.2", "eslint-plugin-chai-friendly": "^1.0.1", "eslint-plugin-cypress": "^3.5.0", + "form-data": "^4.0.1", "lodash": "^4.17.21", "mocha": "^10.7.3", "mocha-junit-reporter": "^2.2.1" diff --git a/test/yarn.lock b/test/yarn.lock index b34385b..e831b10 100644 --- a/test/yarn.lock +++ b/test/yarn.lock @@ -167,29 +167,19 @@ resolved "https://registry.yarnpkg.com/@humanwhocodes/retry/-/retry-0.3.1.tgz#c72a5c76a9fbaf3488e231b13dc52c0da7bab42a" integrity sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA== -"@jc21/cypress-swagger-validation@^0.2.6": - version "0.2.6" - resolved "https://registry.yarnpkg.com/@jc21/cypress-swagger-validation/-/cypress-swagger-validation-0.2.6.tgz#8b61f2413fa81cae6f8c2f33ecce5a6ded897030" - integrity sha512-8i8poTwi13e4BRKWpvmXFmqvEfQq3Kn9tunWhNYT7IQwiMeUVou+g1yh99QzuI501DBPtL2XEwjNukxTf5GiyQ== +"@jc21/cypress-swagger-validation@^0.2.7": + version "0.2.7" + resolved "https://registry.yarnpkg.com/@jc21/cypress-swagger-validation/-/cypress-swagger-validation-0.2.7.tgz#64642b12d98b884df8c30b72852162941285d2af" + integrity sha512-4EQ0gfigRwVVl3DnVYbR48/EKGnn7oH5YYdMzf6zqypO+bqYvDHu9kgk/WqkGlT/aauGQ7e0YGMo8ZvR7mL0Ng== dependencies: "@apidevtools/swagger-parser" "^10.1.0" - ajv "^8.12.0" + ajv "^8.17.1" json-schema "^0.4.0" - json-schema-ref-parser "^9.0.6" + json-schema-ref-parser "^9.0.9" jsonpath "^1.1.1" lodash "^4.17.21" openapi-types "^12.1.3" - picocolors "^1.0.0" - -"@jc21/restler@^3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@jc21/restler/-/restler-3.4.0.tgz#cfa214ddb9946a800c6fe472529f72b01e93c763" - integrity sha512-P1Nl2ifoQwqtxcqJKYHvxgPfckeIZWbVSYMlNAP+cL2KNk3U5eErPKt4xr5YLIQ+NarFsHMGH8+CBa00FKAGrw== - dependencies: - iconv-lite "0.2.11" - qs "1.2.0" - xml2js "0.4.0" - yaml "0.2.3" + picocolors "^1.1.0" "@jsdevtools/ono@^7.1.3": version "7.1.3" @@ -271,7 +261,17 @@ ajv@^6.12.4: json-schema-traverse "^0.4.1" uri-js "^4.2.2" -ajv@^8.12.0, ajv@^8.6.3: +ajv@^8.17.1: + version "8.17.1" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.17.1.tgz#37d9a5c776af6bc92d7f4f9510eba4c0a60d11a6" + integrity sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g== + dependencies: + fast-deep-equal "^3.1.3" + fast-uri "^3.0.1" + json-schema-traverse "^1.0.0" + require-from-string "^2.0.2" + +ajv@^8.6.3: version "8.13.0" resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.13.0.tgz#a3939eaec9fb80d217ddf0c3376948c023f28c91" integrity sha512-PRA911Blj99jR5RMeTunVbNXMF6Lp4vZXnk5GQjcnUWUTsrXtekg/pnmFFI2u/I36Y/2bITGS30GZCXei6uNkA== @@ -390,6 +390,15 @@ aws4@^1.8.0: resolved "https://registry.yarnpkg.com/aws4/-/aws4-1.9.0.tgz#24390e6ad61386b0a747265754d2a17219de862c" integrity sha512-Uvq6hVe90D0B2WEnUqtdgY1bATGz3mw33nH9Y+dmA+w5DHvUmBgkr5rM/KCHpCsiFNRUfokW/szpPPgMK2hm4A== +axios@^1.7.7: + version "1.7.7" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.7.tgz#2f554296f9892a72ac8d8e4c5b79c14a91d0a47f" + integrity sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q== + dependencies: + follow-redirects "^1.15.6" + form-data "^4.0.0" + proxy-from-env "^1.1.0" + balanced-match@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767" @@ -506,11 +515,6 @@ chalk@^4.0.0, chalk@^4.1.0: ansi-styles "^4.1.0" supports-color "^7.1.0" -chalk@^5.3.0: - version "5.3.0" - resolved "https://registry.yarnpkg.com/chalk/-/chalk-5.3.0.tgz#67c20a7ebef70e7f3970a01f90fa210cb6860385" - integrity sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w== - charenc@0.0.2: version "0.0.2" resolved "https://registry.yarnpkg.com/charenc/-/charenc-0.0.2.tgz#c0a1d2f3a7092e03774bfa83f14c0fc5790a8667" @@ -1049,6 +1053,11 @@ fast-levenshtein@^2.0.6, fast-levenshtein@~2.0.6: resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917" integrity sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc= +fast-uri@^3.0.1: + version "3.0.2" + resolved "https://registry.yarnpkg.com/fast-uri/-/fast-uri-3.0.2.tgz#d78b298cf70fd3b752fd951175a3da6a7b48f024" + integrity sha512-GR6f0hD7XXyNJa25Tb9BuIdN0tdr+0BMi6/CJPH3wJO1JjNG3n/VsSw38AwRdKZABm8lGbPfakLRkYzx2V9row== + fd-slicer@~1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/fd-slicer/-/fd-slicer-1.1.0.tgz#25c7c89cb1f9077f8891bbe61d8f390eae256f1e" @@ -1103,11 +1112,25 @@ flatted@^3.2.9: resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.3.1.tgz#21db470729a6734d4997002f439cb308987f567a" integrity sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw== +follow-redirects@^1.15.6: + version "1.15.9" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.9.tgz#a604fa10e443bf98ca94228d9eebcc2e8a2c8ee1" + integrity sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ== + forever-agent@~0.6.1: version "0.6.1" resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91" integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE= +form-data@^4.0.0, form-data@^4.0.1: + version "4.0.1" + resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.1.tgz#ba1076daaaa5bfd7e99c1a6cb02aa0a5cff90d48" + integrity sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw== + dependencies: + asynckit "^0.4.0" + combined-stream "^1.0.8" + mime-types "^2.1.12" + form-data@~4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452" @@ -1283,11 +1306,6 @@ human-signals@^1.1.1: resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-1.1.1.tgz#c5b1cd14f50aeae09ab6c59fe63ba3395fe4dfa3" integrity sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw== -iconv-lite@0.2.11: - version "0.2.11" - resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.2.11.tgz#1ce60a3a57864a292d1321ff4609ca4bb965adc8" - integrity sha1-HOYKOleGSiktEyH/RgnKS7llrcg= - ieee754@^1.1.13: version "1.2.1" resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" @@ -1450,7 +1468,7 @@ json-buffer@3.0.1: resolved "https://registry.yarnpkg.com/json-buffer/-/json-buffer-3.0.1.tgz#9338802a30d3b6605fbe0613e094008ca8c05a13" integrity sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ== -json-schema-ref-parser@^9.0.6: +json-schema-ref-parser@^9.0.9: version "9.0.9" resolved "https://registry.yarnpkg.com/json-schema-ref-parser/-/json-schema-ref-parser-9.0.9.tgz#66ea538e7450b12af342fa3d5b8458bc1e1e013f" integrity sha512-qcP2lmGy+JUoQJ4DOQeLaZDqH9qSkeGCK3suKWxJXS82dg728Mn3j97azDMaOUmJAN4uCq91LdPx4K7E8F1a7Q== @@ -1812,10 +1830,10 @@ performance-now@^2.1.0: resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b" integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns= -picocolors@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.1.tgz#a8ad579b571952f0e5d25892de5445bcfe25aaa1" - integrity sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew== +picocolors@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.0.tgz#5358b76a78cde483ba5cef6a9dc9671440b27d59" + integrity sha512-TQ92mBOW0l3LeMeyLV6mzy/kWr8lkd/hp3mTg7wYK7zJhuBStmGMBG0BdeDZS/dZx1IukaX6Bk11zcln25o1Aw== picomatch@^2.0.4: version "2.2.2" @@ -1857,6 +1875,11 @@ proxy-from-env@1.0.0: resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.0.0.tgz#33c50398f70ea7eb96d21f7b817630a55791c7ee" integrity sha512-F2JHgJQ1iqwnHDcQjVBsq3n/uoaFL+iPW/eAeL7kVxy/2RrWaN4WroKjjvbsoRtv0ftelNyC01bjRhn/bhcf4A== +proxy-from-env@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2" + integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg== + psl@^1.1.33: version "1.9.0" resolved "https://registry.yarnpkg.com/psl/-/psl-1.9.0.tgz#d0df2a137f00794565fcaf3b2c00cd09f8d5a5a7" @@ -1875,11 +1898,6 @@ punycode@^2.1.0, punycode@^2.1.1: resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec" integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A== -qs@1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/qs/-/qs-1.2.0.tgz#ed079be28682147e6fd9a34cc2b0c1e0ec6453ee" - integrity sha1-7Qeb4oaCFH5v2aNMwrDB4OxkU+4= - qs@6.13.0: version "6.13.0" resolved "https://registry.yarnpkg.com/qs/-/qs-6.13.0.tgz#6ca3bd58439f7e245655798997787b0d88a51906" @@ -1968,11 +1986,6 @@ safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0: resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== -sax@0.5.x: - version "0.5.8" - resolved "https://registry.yarnpkg.com/sax/-/sax-0.5.8.tgz#d472db228eb331c2506b0e8c15524adb939d12c1" - integrity sha1-1HLbIo6zMcJQaw6MFVJK25OdEsE= - semver@^7.5.3: version "7.6.2" resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.2.tgz#1e3b34759f896e8f14d6134732ce798aeb0c6e13" @@ -2309,34 +2322,16 @@ wrappy@1: resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8= -xml2js@0.4.0: - version "0.4.0" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.0.tgz#124fc4114b4129c810800ecb2ac86cf25462cb9a" - integrity sha1-Ek/EEUtBKcgQgA7LKshs8lRiy5o= - dependencies: - sax "0.5.x" - xmlbuilder ">=0.4.2" - xml@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/xml/-/xml-1.0.1.tgz#78ba72020029c5bc87b8a81a3cfcd74b4a2fc1e5" integrity sha512-huCv9IH9Tcf95zuYCsQraZtWnJvBtLVE0QHMOs8bWyZAFZNDcYjsPq1nEx8jKA9y+Beo9v+7OBPRisQTjinQMw== -xmlbuilder@>=0.4.2: - version "13.0.2" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-13.0.2.tgz#02ae33614b6a047d1c32b5389c1fdacb2bce47a7" - integrity sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ== - y18n@^5.0.5: version "5.0.8" resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55" integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA== -yaml@0.2.3: - version "0.2.3" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-0.2.3.tgz#b5450e92e76ef36b5dd24e3660091ebaeef3e5c7" - integrity sha1-tUUOkudu82td0k42YAkeuu7z5cc= - yargs-parser@^20.2.2, yargs-parser@^20.2.9: version "20.2.9" resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee"