diff --git a/playwright/helper/functions.ts b/playwright/helper/functions.ts index 38699e9..ac14471 100644 --- a/playwright/helper/functions.ts +++ b/playwright/helper/functions.ts @@ -93,6 +93,15 @@ export const letCookiesExpire = async function(page: any) { return context.addCookies(expiredCookies); } +export const removeCookiesFromFile =async function(page: any, filePath: string) { + if (!existsSync(filePath)) return; + const state = JSON.parse(readFileSync(filePath, 'utf8')); + state.cookies = []; // Remove cookies + await page.context().clearCookies(); // Clear cookies in the current context to make sure they are removed + await page.context().addCookies(state.cookies); // add the empty cookies array to the context to make sure no cookies are present + await page.context().storageState({ path: filePath }); // Save the modified state back to the file +} + export const restoreExpiredCookies = async function (page: any, filePath: string) { if (!existsSync(filePath)) { return; diff --git a/tests/02-authAndSecurity.spec.ts b/tests/02-authAndSecurity.spec.ts index fe3f9a9..6ad1ac2 100644 --- a/tests/02-authAndSecurity.spec.ts +++ b/tests/02-authAndSecurity.spec.ts @@ -1,17 +1,6 @@ import { test, expect } from '@playwright/test'; -import path from 'path'; -import { existsSync, readFileSync } from 'fs'; -import { restoreAuthState, getAuthFileTamperedByProjectName, setUserTamperedToSameAsUser} from "../playwright/helper/functions.ts" - -async function removeCookiesFromFile(page: any, filePath: string) { - if (!existsSync(filePath)) return; - const state = JSON.parse(readFileSync(filePath, 'utf8')); - state.cookies = []; // Remove cookies - await page.context().clearCookies(); // Clear cookies in the current context to make sure they are removed - await page.context().addCookies(state.cookies); // add the empty cookies array to the context to make sure no cookies are present - await page.context().storageState({ path: filePath }); // Save the modified state back to the file - -} +import { restoreAuthState, getAuthFileTamperedByProjectName, setUserTamperedToSameAsUser, removeCookiesFromFile} from "../playwright/helper/functions.ts" + test.describe('Authentication and Security Tests', () => { test.beforeEach(async ({ page }, testInfo) => { @@ -39,4 +28,16 @@ test.describe('Authentication and Security Tests', () => { await setUserTamperedToSameAsUser(page, testInfo.project.name); }) -}); \ No newline at end of file + test("session with missing CSRF token should be rejected", async({page}, testInfo)=>{ + // logic for the test + await setUserTamperedToSameAsUser(page, testInfo.project.name); + }) + + test("session with invalid CSRF token should be rejected", async({page}, testInfo)=>{ + // logic for the test + await setUserTamperedToSameAsUser(page, testInfo.project.name); + }) + +}); + +// NEED TO CREATE TEST FOR RATE-LIMITING AND BRUTE-FORCE ATTACKS, BUT IT'S NOT POSSIBLE TO TEST IT WITH PLAYWRIGHT. NEED TO TEST IT MANUALLY OR WITH A DIFFERENT TOOL. \ No newline at end of file