# Testing Partner Coupon In Prod ## Are you able to set jargon values as a cookie? 1. Pass in incorrect `pc` query param and make GET request to https://99designs.com.au/?pc=vulnerability 2. We assert that no `_99pc` cookie is set ## Do we redirect to the correct page with a valid token via the `/create/partner-coupons` endpoint? 1. Generated coupon ``` go run coupons.go --api-id <api-id> --api-secret <api-secret> --count 1 --aud 99designs --exp 1725206454 --nbf 1630548054 --isProd ``` 2. The output should look like this: ``` {eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5OWRlc2lnbnMiLCJleHAiOjE3MjUyMDY0NTQsImlzcyI6Ijk5ZGVzaWducyIsImp0aSI6ImRjNTZkNDg0LWRjODAtNGM2Mi05MDNlLTc4MWQ1NWZmNDExOCIsIm5iZiI6MTYzMDU0ODA1NH0.nxcsvpL3fny5RpCRy1S8BRxwEndohVxDW-ViffpiMNU https://99designs.com/create/partner-coupons?pc=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5OWRlc2lnbnMiLCJleHAiOjE3MjUyMDY0NTQsImlzcyI6Ijk5ZGVzaWducyIsImp0aSI6ImRjNTZkNDg0LWRjODAtNGM2Mi05MDNlLTc4MWQ1NWZmNDExOCIsIm5iZiI6MTYzMDU0ODA1NH0.nxcsvpL3fny5RpCRy1S8BRxwEndohVxDW-ViffpiMNU} ``` 3. Copy the create endpoint from the output above 4. Clear cookies and log out of 99designs.com 5. Enter create endpoint url into browser, this makes a GET request to create `/create/partner-coupons` 6. This will take the test campaign id `99designs` and redirect it to `/briefs/projects/create` 7. The things we're expecting are: - It will redirect again to `/briefs/:briefId/1` - It will set a `_99pc` cookie with the JWT as its value 8. We confirmed that this behaviour was occurring