Add authorization.

2 files changed, 94 insertions, 58 deletions

diff --git a/Timeline.Tests/AuthorizationUnitTest.cs b/Timeline.Tests/AuthorizationUnitTest.cs
new file mode 100644
index 00000000..e9e86c8e
--- /dev/null
+++ b/Timeline.Tests/AuthorizationUnitTest.cs
@@ -0,0 +1,94 @@
+using Microsoft.AspNetCore.Mvc.Testing;
+using Newtonsoft.Json;
+using System;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Timeline.Controllers;
+using Timeline.Tests.Helpers;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace Timeline.Tests
+{
+    public class AuthorizationUnitTest : IClassFixture<WebApplicationFactory<Startup>>
+    {
+        private readonly WebApplicationFactory<Startup> _factory;
+
+        public AuthorizationUnitTest(WebApplicationFactory<Startup> factory, ITestOutputHelper outputHelper)
+        {
+            _factory = factory.WithTestConfig(outputHelper);
+        }
+
+        [Fact]
+        public async Task UnauthenticationTest()
+        {
+            using (var client = _factory.CreateDefaultClient())
+            {
+                var response = await client.GetAsync("/api/Test/Action1");                
+                Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+            }
+        }
+
+        private static async Task<string> Login(HttpClient client, string username, string password)
+        {
+            var response = await client.PostAsJsonAsync("/api/User/LogIn", new UserController.UserCredentials { Username = username, Password = password });
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+            var loginInfo = JsonConvert.DeserializeObject<UserController.LoginInfo>(await response.Content.ReadAsStringAsync());
+
+            return loginInfo.Token;
+        }
+
+        private static async Task<HttpResponseMessage> GetWithAuthentication(HttpClient client, string path, string token)
+        {
+            var request = new HttpRequestMessage
+            {
+                RequestUri = new Uri(client.BaseAddress, path),
+                Method = HttpMethod.Get
+            };
+            request.Headers.Add("Authorization", "Bearer " + token);
+
+            return await client.SendAsync(request);
+        }
+
+        [Fact]
+        public async Task AuthenticationTest()
+        {
+            using (var client = _factory.CreateDefaultClient())
+            {
+                var token = await Login(client, "user", "user");
+                var response = await GetWithAuthentication(client, "/api/Test/Action1", token);
+                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            }
+        }
+
+        [Fact]
+        public async Task UserAuthorizationTest()
+        {
+            using (var client = _factory.CreateDefaultClient())
+            {
+                var token = await Login(client, "user", "user");
+                var response1 = await GetWithAuthentication(client, "/api/Test/Action2", token);
+                Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+                var response2 = await GetWithAuthentication(client, "/api/Test/Action3", token);
+                Assert.Equal(HttpStatusCode.Forbidden, response2.StatusCode);
+            }
+        }
+
+        [Fact]
+        public async Task AdminAuthorizationTest()
+        {
+            using (var client = _factory.CreateDefaultClient())
+            {
+                var token = await Login(client, "admin", "admin");
+                var response1 = await GetWithAuthentication(client, "/api/Test/Action2", token);
+                Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+                var response2 = await GetWithAuthentication(client, "/api/Test/Action3", token);
+                Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+            }
+        }
+    }
+}
diff --git a/Timeline.Tests/UnitTest.cs b/Timeline.Tests/UnitTest.cs
deleted file mode 100644
index c9ff7296..00000000
--- a/Timeline.Tests/UnitTest.cs
+++ /dev/null
@@ -1,58 +0,0 @@
-using Microsoft.AspNetCore.Mvc.Testing;
-using System;
-using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Threading.Tasks;
-using Timeline.Controllers;
-using Timeline.Tests.Helpers;
-using Xunit;
-using Xunit.Abstractions;
-
-namespace Timeline.Tests
-{
-    public class UnitTest : IClassFixture<WebApplicationFactory<Startup>>
-    {
-        private readonly WebApplicationFactory<Startup> _factory;
-
-        public UnitTest(WebApplicationFactory<Startup> factory, ITestOutputHelper outputHelper)
-        {
-            _factory = factory.WithTestConfig(outputHelper);
-        }
-
-        [Fact]
-        public async Task UnauthenticationTest()
-        {
-            using (var client = _factory.CreateDefaultClient())
-            {
-                var response = await client.GetAsync("/api/SampleData/WeatherForecasts");
-                
-                Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
-            }
-        }
-
-        [Fact]
-        public async Task AuthenticationTest()
-        {
-            using (var client = _factory.CreateDefaultClient())
-            {
-                var response = await client.PostAsJsonAsync("/api/User/LogIn", new UserController.UserCredentials { Username = "hello", Password = "crupest" });
-
-                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-
-                var token = response.Headers.GetValues("Authorization").Single();
-
-                var request = new HttpRequestMessage
-                {
-                    RequestUri = new Uri(client.BaseAddress, "/api/SampleData/WeatherForecasts"),
-                    Method = HttpMethod.Get
-                };
-                request.Headers.Add("Authorization", token);
-
-                var response2 = await client.SendAsync(request);
-
-                Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
-            }
-        }
-    }
-}