diff options
| -rw-r--r-- | Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs | 75 | ||||
| -rw-r--r-- | Timeline.Tests/IntegratedTests/UserAvatarTest.cs | 18 | ||||
| -rw-r--r-- | Timeline/Controllers/ControllerAuthExtensions.cs | 15 | ||||
| -rw-r--r-- | Timeline/Filters/Timeline.cs | 2 | ||||
| -rw-r--r-- | Timeline/Models/Http/UserInfo.cs | 8 | ||||
| -rw-r--r-- | Timeline/Resources/Controllers/ControllerAuthExtensions.Designer.cs | 81 | ||||
| -rw-r--r-- | Timeline/Resources/Controllers/ControllerAuthExtensions.resx | 126 | ||||
| -rw-r--r-- | Timeline/Services/TimelineService.cs | 3 | ||||
| -rw-r--r-- | Timeline/Timeline.csproj | 9 |
9 files changed, 311 insertions, 26 deletions
diff --git a/Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs b/Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs index d787d87d..dacfea62 100644 --- a/Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs +++ b/Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs @@ -30,6 +30,74 @@ namespace Timeline.Tests.IntegratedTests body.Visibility.Should().Be(TimelineVisibility.Register); body.Description.Should().Be(""); body.Members.Should().NotBeNull().And.BeEmpty(); + }
+
+ [Fact] + public async Task InvalidModel_BadUsername() + { + using var client = await CreateClientAsAdministrator(); + {
+ var res = await client.GetAsync("users/user!!!/timeline"); + res.Should().BeInvalidModel();
+ }
+ {
+ var res = await client.PatchAsJsonAsync("users/user!!!/timeline", new TimelinePatchRequest { }); + res.Should().BeInvalidModel();
+ }
+ {
+ var res = await client.PutAsync("users/user!!!/timeline/members/user1", null); + res.Should().BeInvalidModel();
+ }
+ {
+ var res = await client.DeleteAsync("users/user!!!/timeline/members/user1"); + res.Should().BeInvalidModel();
+ }
+ {
+ var res = await client.GetAsync("users/user!!!/timeline/posts"); + res.Should().BeInvalidModel();
+ }
+ {
+ var res = await client.PostAsJsonAsync("users/user!!!/timeline/posts", new TimelinePostCreateRequest { Content = "aaa" }); + res.Should().BeInvalidModel();
+ } + {
+ var res = await client.DeleteAsync("users/user!!!/timeline/posts/123");
+ res.Should().BeInvalidModel();
+ } + }
+
+ [Fact] + public async Task NotFound() + { + using var client = await CreateClientAsAdministrator(); + {
+ var res = await client.GetAsync("users/usernotexist/timeline"); + res.Should().HaveStatusCode(404).And.HaveCommonBody(ErrorCodes.UserCommon.NotExist);
+ }
+ {
+ var res = await client.PatchAsJsonAsync("users/usernotexist/timeline", new TimelinePatchRequest { }); + res.Should().HaveStatusCode(404).And.HaveCommonBody(ErrorCodes.UserCommon.NotExist);
+ }
+ {
+ var res = await client.PutAsync("users/usernotexist/timeline/members/user1", null); + res.Should().HaveStatusCode(404).And.HaveCommonBody(ErrorCodes.UserCommon.NotExist);
+ }
+ {
+ var res = await client.DeleteAsync("users/usernotexist/timeline/members/user1"); + res.Should().HaveStatusCode(404).And.HaveCommonBody(ErrorCodes.UserCommon.NotExist);
+ }
+ {
+ var res = await client.GetAsync("users/usernotexist/timeline/posts"); + res.Should().HaveStatusCode(404).And.HaveCommonBody(ErrorCodes.UserCommon.NotExist);
+ }
+ {
+ var res = await client.PostAsJsonAsync("users/usernotexist/timeline/posts", new TimelinePostCreateRequest { Content = "aaa" }); + res.Should().HaveStatusCode(404).And.HaveCommonBody(ErrorCodes.UserCommon.NotExist);
+ } + {
+ var res = await client.DeleteAsync("users/usernotexist/timeline/posts/123");
+ res.Should().HaveStatusCode(404).And.HaveCommonBody(ErrorCodes.UserCommon.NotExist);
+ } } [Fact] @@ -162,10 +230,11 @@ namespace Timeline.Tests.IntegratedTests { const string userUrl = "users/user1/timeline/posts"; const string adminUrl = "users/admin/timeline/posts"; - { + {
+
using var client = await CreateClientAsUser(); - var res = await client.PatchAsync("users/user1/timeline", - new StringContent(@"{""visibility"":""abcdefg""}", System.Text.Encoding.UTF8, System.Net.Mime.MediaTypeNames.Application.Json)); + using var content = new StringContent(@"{""visibility"":""abcdefg""}", System.Text.Encoding.UTF8, System.Net.Mime.MediaTypeNames.Application.Json); + var res = await client.PatchAsync("users/user1/timeline", content); res.Should().BeInvalidModel(); } { // default visibility is registered diff --git a/Timeline.Tests/IntegratedTests/UserAvatarTest.cs b/Timeline.Tests/IntegratedTests/UserAvatarTest.cs index 67c2dd9a..fa0120f1 100644 --- a/Timeline.Tests/IntegratedTests/UserAvatarTest.cs +++ b/Timeline.Tests/IntegratedTests/UserAvatarTest.cs @@ -75,7 +75,7 @@ namespace Timeline.Tests.IntegratedTests await GetReturnDefault("admin");
{
- var request = new HttpRequestMessage()
+ using var request = new HttpRequestMessage()
{
RequestUri = new Uri(client.BaseAddress, "users/user1/avatar"),
Method = HttpMethod.Get,
@@ -87,7 +87,7 @@ namespace Timeline.Tests.IntegratedTests }
{
- var request = new HttpRequestMessage()
+ using var request = new HttpRequestMessage()
{
RequestUri = new Uri(client.BaseAddress, "users/user1/avatar"),
Method = HttpMethod.Get,
@@ -98,7 +98,7 @@ namespace Timeline.Tests.IntegratedTests }
{
- var request = new HttpRequestMessage()
+ using var request = new HttpRequestMessage()
{
RequestUri = new Uri(client.BaseAddress, "users/user1/avatar"),
Method = HttpMethod.Get,
@@ -109,7 +109,7 @@ namespace Timeline.Tests.IntegratedTests }
{
- var content = new ByteArrayContent(new[] { (byte)0x00 });
+ using var content = new ByteArrayContent(new[] { (byte)0x00 });
content.Headers.ContentType = new MediaTypeHeaderValue("image/png");
var res = await client.PutAsync("users/user1/avatar", content);
res.Should().HaveStatusCode(HttpStatusCode.BadRequest)
@@ -117,7 +117,7 @@ namespace Timeline.Tests.IntegratedTests }
{
- var content = new ByteArrayContent(new[] { (byte)0x00 });
+ using var content = new ByteArrayContent(new[] { (byte)0x00 });
content.Headers.ContentLength = 1;
var res = await client.PutAsync("users/user1/avatar", content);
res.Should().HaveStatusCode(HttpStatusCode.BadRequest)
@@ -125,7 +125,7 @@ namespace Timeline.Tests.IntegratedTests }
{
- var content = new ByteArrayContent(new[] { (byte)0x00 });
+ using var content = new ByteArrayContent(new[] { (byte)0x00 });
content.Headers.ContentLength = 0;
content.Headers.ContentType = new MediaTypeHeaderValue("image/png");
var res = await client.PutAsync("users/user1/avatar", content);
@@ -139,7 +139,7 @@ namespace Timeline.Tests.IntegratedTests }
{
- var content = new ByteArrayContent(new[] { (byte)0x00 });
+ using var content = new ByteArrayContent(new[] { (byte)0x00 });
content.Headers.ContentLength = 1000 * 1000 * 11;
content.Headers.ContentType = new MediaTypeHeaderValue("image/png");
var res = await client.PutAsync("users/user1/avatar", content);
@@ -148,7 +148,7 @@ namespace Timeline.Tests.IntegratedTests }
{
- var content = new ByteArrayContent(new[] { (byte)0x00 });
+ using var content = new ByteArrayContent(new[] { (byte)0x00 });
content.Headers.ContentLength = 2;
content.Headers.ContentType = new MediaTypeHeaderValue("image/png");
var res = await client.PutAsync("users/user1/avatar", content);
@@ -157,7 +157,7 @@ namespace Timeline.Tests.IntegratedTests }
{
- var content = new ByteArrayContent(new[] { (byte)0x00, (byte)0x01 });
+ using var content = new ByteArrayContent(new[] { (byte)0x00, (byte)0x01 });
content.Headers.ContentLength = 1;
content.Headers.ContentType = new MediaTypeHeaderValue("image/png");
var res = await client.PutAsync("users/user1/avatar", content);
diff --git a/Timeline/Controllers/ControllerAuthExtensions.cs b/Timeline/Controllers/ControllerAuthExtensions.cs index 34fd4d99..00a65454 100644 --- a/Timeline/Controllers/ControllerAuthExtensions.cs +++ b/Timeline/Controllers/ControllerAuthExtensions.cs @@ -1,7 +1,8 @@ using Microsoft.AspNetCore.Mvc;
+using System;
using System.Security.Claims;
using Timeline.Auth;
-using System;
+using static Timeline.Resources.Controllers.ControllerAuthExtensions;
namespace Timeline.Controllers
{
@@ -14,24 +15,18 @@ namespace Timeline.Controllers public static long GetUserId(this ControllerBase controller)
{
- if (controller.User == null)
- throw new InvalidOperationException("Failed to get user id because User is null.");
-
var claim = controller.User.FindFirst(ClaimTypes.NameIdentifier);
if (claim == null)
- throw new InvalidOperationException("Failed to get user id because User has no NameIdentifier claim.");
+ throw new InvalidOperationException(ExceptionNoUserIdentifierClaim);
if (long.TryParse(claim.Value, out var value))
return value;
- throw new InvalidOperationException("Failed to get user id because NameIdentifier claim is not a number.");
+ throw new InvalidOperationException(ExceptionUserIdentifierClaimBadFormat);
}
public static long? GetOptionalUserId(this ControllerBase controller)
{
- if (controller.User == null)
- return null;
-
var claim = controller.User.FindFirst(ClaimTypes.NameIdentifier);
if (claim == null)
return null;
@@ -39,7 +34,7 @@ namespace Timeline.Controllers if (long.TryParse(claim.Value, out var value))
return value;
- throw new InvalidOperationException("Failed to get user id because NameIdentifier claim is not a number.");
+ throw new InvalidOperationException(ExceptionUserIdentifierClaimBadFormat);
}
}
}
diff --git a/Timeline/Filters/Timeline.cs b/Timeline/Filters/Timeline.cs index 729dbec7..ed78e645 100644 --- a/Timeline/Filters/Timeline.cs +++ b/Timeline/Filters/Timeline.cs @@ -13,7 +13,7 @@ namespace Timeline.Filters {
if (e.InnerException is UserNotExistException)
{
- context.Result = new BadRequestObjectResult(ErrorResponse.UserCommon.NotExist());
+ context.Result = new NotFoundObjectResult(ErrorResponse.UserCommon.NotExist());
}
else
{
diff --git a/Timeline/Models/Http/UserInfo.cs b/Timeline/Models/Http/UserInfo.cs index 62d989a2..07ac0aad 100644 --- a/Timeline/Models/Http/UserInfo.cs +++ b/Timeline/Models/Http/UserInfo.cs @@ -31,11 +31,13 @@ namespace Timeline.Models.Http public class UserInfoAvatarUrlValueResolver : IValueResolver<User, IUserInfo, string>
{
- private readonly IActionContextAccessor _actionContextAccessor;
- private readonly IUrlHelperFactory _urlHelperFactory;
+ private readonly IActionContextAccessor? _actionContextAccessor;
+ private readonly IUrlHelperFactory? _urlHelperFactory;
public UserInfoAvatarUrlValueResolver()
{
+ _actionContextAccessor = null;
+ _urlHelperFactory = null;
}
public UserInfoAvatarUrlValueResolver(IActionContextAccessor actionContextAccessor, IUrlHelperFactory urlHelperFactory)
@@ -51,7 +53,7 @@ namespace Timeline.Models.Http return $"/users/{destination.Username}/avatar";
}
- var urlHelper = _urlHelperFactory.GetUrlHelper(_actionContextAccessor.ActionContext);
+ var urlHelper = _urlHelperFactory!.GetUrlHelper(_actionContextAccessor.ActionContext);
return urlHelper.ActionLink(nameof(UserAvatarController.Get), nameof(UserAvatarController), new { destination.Username });
}
}
diff --git a/Timeline/Resources/Controllers/ControllerAuthExtensions.Designer.cs b/Timeline/Resources/Controllers/ControllerAuthExtensions.Designer.cs new file mode 100644 index 00000000..70a1d605 --- /dev/null +++ b/Timeline/Resources/Controllers/ControllerAuthExtensions.Designer.cs @@ -0,0 +1,81 @@ +//------------------------------------------------------------------------------
+// <auto-generated>
+// This code was generated by a tool.
+// Runtime Version:4.0.30319.42000
+//
+// Changes to this file may cause incorrect behavior and will be lost if
+// the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Timeline.Resources.Controllers {
+ using System;
+
+
+ /// <summary>
+ /// A strongly-typed resource class, for looking up localized strings, etc.
+ /// </summary>
+ // This class was auto-generated by the StronglyTypedResourceBuilder
+ // class via a tool like ResGen or Visual Studio.
+ // To add or remove a member, edit your .ResX file then rerun ResGen
+ // with the /str option, or rebuild your VS project.
+ [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "16.0.0.0")]
+ [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+ [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+ internal class ControllerAuthExtensions {
+
+ private static global::System.Resources.ResourceManager resourceMan;
+
+ private static global::System.Globalization.CultureInfo resourceCulture;
+
+ [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+ internal ControllerAuthExtensions() {
+ }
+
+ /// <summary>
+ /// Returns the cached ResourceManager instance used by this class.
+ /// </summary>
+ [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+ internal static global::System.Resources.ResourceManager ResourceManager {
+ get {
+ if (object.ReferenceEquals(resourceMan, null)) {
+ global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Timeline.Resources.Controllers.ControllerAuthExtensions", typeof(ControllerAuthExtensions).Assembly);
+ resourceMan = temp;
+ }
+ return resourceMan;
+ }
+ }
+
+ /// <summary>
+ /// Overrides the current thread's CurrentUICulture property for all
+ /// resource lookups using this strongly typed resource class.
+ /// </summary>
+ [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+ internal static global::System.Globalization.CultureInfo Culture {
+ get {
+ return resourceCulture;
+ }
+ set {
+ resourceCulture = value;
+ }
+ }
+
+ /// <summary>
+ /// Looks up a localized string similar to Failed to get user id because User has no NameIdentifier claim..
+ /// </summary>
+ internal static string ExceptionNoUserIdentifierClaim {
+ get {
+ return ResourceManager.GetString("ExceptionNoUserIdentifierClaim", resourceCulture);
+ }
+ }
+
+ /// <summary>
+ /// Looks up a localized string similar to Failed to get user id because NameIdentifier claim is not a number..
+ /// </summary>
+ internal static string ExceptionUserIdentifierClaimBadFormat {
+ get {
+ return ResourceManager.GetString("ExceptionUserIdentifierClaimBadFormat", resourceCulture);
+ }
+ }
+ }
+}
diff --git a/Timeline/Resources/Controllers/ControllerAuthExtensions.resx b/Timeline/Resources/Controllers/ControllerAuthExtensions.resx new file mode 100644 index 00000000..03e6d95a --- /dev/null +++ b/Timeline/Resources/Controllers/ControllerAuthExtensions.resx @@ -0,0 +1,126 @@ +<?xml version="1.0" encoding="utf-8"?>
+<root>
+ <!--
+ Microsoft ResX Schema
+
+ Version 2.0
+
+ The primary goals of this format is to allow a simple XML format
+ that is mostly human readable. The generation and parsing of the
+ various data types are done through the TypeConverter classes
+ associated with the data types.
+
+ Example:
+
+ ... ado.net/XML headers & schema ...
+ <resheader name="resmimetype">text/microsoft-resx</resheader>
+ <resheader name="version">2.0</resheader>
+ <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+ <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+ <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+ <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+ <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+ <value>[base64 mime encoded serialized .NET Framework object]</value>
+ </data>
+ <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+ <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+ <comment>This is a comment</comment>
+ </data>
+
+ There are any number of "resheader" rows that contain simple
+ name/value pairs.
+
+ Each data row contains a name, and value. The row also contains a
+ type or mimetype. Type corresponds to a .NET class that support
+ text/value conversion through the TypeConverter architecture.
+ Classes that don't support this are serialized and stored with the
+ mimetype set.
+
+ The mimetype is used for serialized objects, and tells the
+ ResXResourceReader how to depersist the object. This is currently not
+ extensible. For a given mimetype the value must be set accordingly:
+
+ Note - application/x-microsoft.net.object.binary.base64 is the format
+ that the ResXResourceWriter will generate, however the reader can
+ read any of the formats listed below.
+
+ mimetype: application/x-microsoft.net.object.binary.base64
+ value : The object must be serialized with
+ : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+ : and then encoded with base64 encoding.
+
+ mimetype: application/x-microsoft.net.object.soap.base64
+ value : The object must be serialized with
+ : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+ : and then encoded with base64 encoding.
+
+ mimetype: application/x-microsoft.net.object.bytearray.base64
+ value : The object must be serialized into a byte array
+ : using a System.ComponentModel.TypeConverter
+ : and then encoded with base64 encoding.
+ -->
+ <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+ <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+ <xsd:element name="root" msdata:IsDataSet="true">
+ <xsd:complexType>
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:element name="metadata">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" type="xsd:string" minOccurs="0" />
+ </xsd:sequence>
+ <xsd:attribute name="name" use="required" type="xsd:string" />
+ <xsd:attribute name="type" type="xsd:string" />
+ <xsd:attribute name="mimetype" type="xsd:string" />
+ <xsd:attribute ref="xml:space" />
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="assembly">
+ <xsd:complexType>
+ <xsd:attribute name="alias" type="xsd:string" />
+ <xsd:attribute name="name" type="xsd:string" />
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="data">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+ <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+ </xsd:sequence>
+ <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+ <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+ <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+ <xsd:attribute ref="xml:space" />
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="resheader">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+ </xsd:sequence>
+ <xsd:attribute name="name" type="xsd:string" use="required" />
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:schema>
+ <resheader name="resmimetype">
+ <value>text/microsoft-resx</value>
+ </resheader>
+ <resheader name="version">
+ <value>2.0</value>
+ </resheader>
+ <resheader name="reader">
+ <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+ </resheader>
+ <resheader name="writer">
+ <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+ </resheader>
+ <data name="ExceptionNoUserIdentifierClaim" xml:space="preserve">
+ <value>Failed to get user id because User has no NameIdentifier claim.</value>
+ </data>
+ <data name="ExceptionUserIdentifierClaimBadFormat" xml:space="preserve">
+ <value>Failed to get user id because NameIdentifier claim is not a number.</value>
+ </data>
+</root>
\ No newline at end of file diff --git a/Timeline/Services/TimelineService.cs b/Timeline/Services/TimelineService.cs index 16402f3e..85445973 100644 --- a/Timeline/Services/TimelineService.cs +++ b/Timeline/Services/TimelineService.cs @@ -348,6 +348,9 @@ namespace Timeline.Services if (name == null)
throw new ArgumentNullException(nameof(name));
+ // Currently we don't use the result. But we need to check the timeline.
+ var _ = await FindTimelineId(name);
+
var post = await Database.TimelinePosts.Where(p => p.Id == id).SingleOrDefaultAsync();
if (post == null)
diff --git a/Timeline/Timeline.csproj b/Timeline/Timeline.csproj index 25d73068..1a3a07cd 100644 --- a/Timeline/Timeline.csproj +++ b/Timeline/Timeline.csproj @@ -44,6 +44,11 @@ <AutoGen>True</AutoGen>
<DependentUpon>AuthHandler.resx</DependentUpon>
</Compile>
+ <Compile Update="Resources\Controllers\ControllerAuthExtensions.Designer.cs">
+ <DesignTime>True</DesignTime>
+ <AutoGen>True</AutoGen>
+ <DependentUpon>ControllerAuthExtensions.resx</DependentUpon>
+ </Compile>
<Compile Update="Resources\Controllers\TimelineController.Designer.cs">
<DesignTime>True</DesignTime>
<AutoGen>True</AutoGen>
@@ -121,6 +126,10 @@ <Generator>ResXFileCodeGenerator</Generator>
<LastGenOutput>AuthHandler.Designer.cs</LastGenOutput>
</EmbeddedResource>
+ <EmbeddedResource Update="Resources\Controllers\ControllerAuthExtensions.resx">
+ <Generator>ResXFileCodeGenerator</Generator>
+ <LastGenOutput>ControllerAuthExtensions.Designer.cs</LastGenOutput>
+ </EmbeddedResource>
<EmbeddedResource Update="Resources\Controllers\TimelineController.resx">
<Generator>ResXFileCodeGenerator</Generator>
<LastGenOutput>TimelineController.Designer.cs</LastGenOutput>
|