Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions playwright/helper/functions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,15 @@ export const letCookiesExpire = async function(page: any) {
return context.addCookies(expiredCookies);
}

export const removeCookiesFromFile =async function(page: any, filePath: string) {
if (!existsSync(filePath)) return;
const state = JSON.parse(readFileSync(filePath, 'utf8'));
state.cookies = []; // Remove cookies
await page.context().clearCookies(); // Clear cookies in the current context to make sure they are removed
await page.context().addCookies(state.cookies); // add the empty cookies array to the context to make sure no cookies are present
await page.context().storageState({ path: filePath }); // Save the modified state back to the file
}

export const restoreExpiredCookies = async function (page: any, filePath: string) {
if (!existsSync(filePath)) {
return;
Expand Down
29 changes: 15 additions & 14 deletions tests/02-authAndSecurity.spec.ts
Original file line number Diff line number Diff line change
@@ -1,17 +1,6 @@
import { test, expect } from '@playwright/test';
import path from 'path';
import { existsSync, readFileSync } from 'fs';
import { restoreAuthState, getAuthFileTamperedByProjectName, setUserTamperedToSameAsUser} from "../playwright/helper/functions.ts"

async function removeCookiesFromFile(page: any, filePath: string) {
if (!existsSync(filePath)) return;
const state = JSON.parse(readFileSync(filePath, 'utf8'));
state.cookies = []; // Remove cookies
await page.context().clearCookies(); // Clear cookies in the current context to make sure they are removed
await page.context().addCookies(state.cookies); // add the empty cookies array to the context to make sure no cookies are present
await page.context().storageState({ path: filePath }); // Save the modified state back to the file

}
import { restoreAuthState, getAuthFileTamperedByProjectName, setUserTamperedToSameAsUser, removeCookiesFromFile} from "../playwright/helper/functions.ts"


test.describe('Authentication and Security Tests', () => {
test.beforeEach(async ({ page }, testInfo) => {
Expand Down Expand Up @@ -39,4 +28,16 @@ test.describe('Authentication and Security Tests', () => {
await setUserTamperedToSameAsUser(page, testInfo.project.name);
})

});
test("session with missing CSRF token should be rejected", async({page}, testInfo)=>{
// logic for the test
await setUserTamperedToSameAsUser(page, testInfo.project.name);
})

test("session with invalid CSRF token should be rejected", async({page}, testInfo)=>{
// logic for the test
await setUserTamperedToSameAsUser(page, testInfo.project.name);
})

});

// NEED TO CREATE TEST FOR RATE-LIMITING AND BRUTE-FORCE ATTACKS, BUT IT'S NOT POSSIBLE TO TEST IT WITH PLAYWRIGHT. NEED TO TEST IT MANUALLY OR WITH A DIFFERENT TOOL.
Loading