search

vlucas / frisby

Frisby is a REST API testing framework built on Jest that makes testing API endpoints easy, fast, and fun.
http://frisbyjs.com
1.53k stars 201 forks source link

Dollar ($) character in JSON payload causes 500 error #525

Closed bkimminich closed 5 years ago

bkimminich commented 5 years ago 
  it('POST login with support-team credentials', () => {
    return frisby.post(REST_URL + '/user/login', {
      headers: jsonHeader,
      body: {
        email: 'support@' + config.get('application.domain'),
        password: 'J6aVjTgOpRs$?5l+Zkq2AYnCE@RF§P'
      }
    })
      .expect('status', 200)
      .expect('header', 'content-type', /application\/json/)
      .expect('jsonTypes', 'authentication', {
        token: Joi.string()
      })
  })

The above test runs into a 500 error when submitted as is although the password is correct. When logging in via Browser it works fine with JSON payload of {"email":"support@juice-sh.op","password":"J6aVjTgOpRs$?5l+Zkq2AYnCE@RF§P"}

If I remove the $ character from the password the problem goes away for some reason...

Sidenote: This is not a password length issue as making the password 1 character shorter does not solve the issue. Only without the $ symbol it works for me.

H1Gdev commented 5 years ago

@bkimminich

test the following code.

const frisby = require('frisby');

let REST_URL = 'https://httpbin.org/post';

let jsonHeader = {
  'Content-Type': 'application/json'
};

it('POST login with support-team credentials', () => {
  return frisby.post(REST_URL, {
    headers: jsonHeader,
    body: {
      email: 'support@juice-sh.op',
      password: 'J6aVjTgOpRs$?5l+Zkq2AYnCE@RF§P'
    }
  })
    .expect('status', 200)
    .expect('header', 'content-type', /application\/json/)
    .then(res => {
      console.log(res.json);
    })
});

and response.

    { args: {},
      data:
       '{"email":"support@juice-sh.op","password":"J6aVjTgOpRs$?5l+Zkq2AYnCE@RF§P"}',
      files: {},
      form: {},
      headers:
       { Accept: '*/*',
         'Accept-Encoding': 'gzip,deflate',
         'Content-Length': '76',
         'Content-Type': 'application/json',
         Host: 'httpbin.org',
         'User-Agent': 'frisby/2.1.0 (+https://github.com/vlucas/frisby)' },
      json:
       { email: 'support@juice-sh.op',
         password: 'J6aVjTgOpRs$?5l+Zkq2AYnCE@RF§P' },
      url: 'https://httpbin.org/post' }

In this result, transmission data is correctly sent in json format. It does not depend on the presence or absence of $.

Is it possible to use $ for password in this server ?

bkimminich commented 5 years ago

I can log in with exactly that password happily via the Angular UI and also via PostMan without any issue. Only from via frisby it fails. I'll check how it behaves when run on https://httpbin.org/post on my test machine an paste the result here.

bkimminich commented 5 years ago

Posting to https://httpbin.org/post works fine on Travis-CI ... will have to check for other side effects ...