diff options
Diffstat (limited to 'BackEnd/Timeline.Tests/IntegratedTests')
6 files changed, 325 insertions, 101 deletions
diff --git a/BackEnd/Timeline.Tests/IntegratedTests/AuthorizationTest.cs b/BackEnd/Timeline.Tests/IntegratedTests/AuthorizationTest.cs deleted file mode 100644 index 38071394..00000000 --- a/BackEnd/Timeline.Tests/IntegratedTests/AuthorizationTest.cs +++ /dev/null @@ -1,52 +0,0 @@ -using FluentAssertions;
-using System.Net;
-using System.Threading.Tasks;
-using Timeline.Tests.Helpers;
-using Xunit;
-
-namespace Timeline.Tests.IntegratedTests
-{
- public class AuthorizationTest : IntegratedTestBase
- {
- private const string BaseUrl = "testing/auth/";
- private const string AuthorizeUrl = BaseUrl + "Authorize";
- private const string UserUrl = BaseUrl + "User";
- private const string AdminUrl = BaseUrl + "Admin";
-
- [Fact]
- public async Task UnauthenticationTest()
- {
- using var client = await CreateDefaultClient();
- var response = await client.GetAsync(AuthorizeUrl);
- response.Should().HaveStatusCode(HttpStatusCode.Unauthorized);
- }
-
- [Fact]
- public async Task AuthenticationTest()
- {
- using var client = await CreateClientAsUser();
- var response = await client.GetAsync(AuthorizeUrl);
- response.Should().HaveStatusCode(HttpStatusCode.OK);
- }
-
- [Fact]
- public async Task UserAuthorizationTest()
- {
- using var client = await CreateClientAsUser();
- var response1 = await client.GetAsync(UserUrl);
- response1.Should().HaveStatusCode(HttpStatusCode.OK);
- var response2 = await client.GetAsync(AdminUrl);
- response2.Should().HaveStatusCode(HttpStatusCode.Forbidden);
- }
-
- [Fact]
- public async Task AdminAuthorizationTest()
- {
- using var client = await CreateClientAsAdministrator();
- var response1 = await client.GetAsync(UserUrl);
- response1.Should().HaveStatusCode(HttpStatusCode.OK);
- var response2 = await client.GetAsync(AdminUrl);
- response2.Should().HaveStatusCode(HttpStatusCode.OK);
- }
- }
-}
diff --git a/BackEnd/Timeline.Tests/IntegratedTests/IntegratedTestBase.cs b/BackEnd/Timeline.Tests/IntegratedTests/IntegratedTestBase.cs index 7cf27297..f75ce69c 100644 --- a/BackEnd/Timeline.Tests/IntegratedTests/IntegratedTestBase.cs +++ b/BackEnd/Timeline.Tests/IntegratedTests/IntegratedTestBase.cs @@ -7,7 +7,6 @@ using System.Net.Http; using System.Text.Json;
using System.Text.Json.Serialization;
using System.Threading.Tasks;
-using Timeline.Models;
using Timeline.Models.Converters;
using Timeline.Models.Http;
using Timeline.Services;
@@ -60,26 +59,14 @@ namespace Timeline.Tests.IntegratedTests using (var scope = TestApp.Host.Services.CreateScope())
{
- var users = new List<User>()
+ var users = new List<(string username, string password, string nickname)>()
{
- new User
- {
- Username = "admin",
- Password = "adminpw",
- Administrator = true,
- Nickname = "administrator"
- }
+ ("admin", "adminpw", "administrator")
};
for (int i = 1; i <= _userCount; i++)
{
- users.Add(new User
- {
- Username = $"user{i}",
- Password = $"user{i}pw",
- Administrator = false,
- Nickname = $"imuser{i}"
- });
+ users.Add(($"user{i}", $"user{i}pw", $"imuser{i}"));
}
var userInfoList = new List<UserInfo>();
@@ -87,7 +74,9 @@ namespace Timeline.Tests.IntegratedTests var userService = scope.ServiceProvider.GetRequiredService<IUserService>();
foreach (var user in users)
{
- await userService.CreateUser(user);
+ var (username, password, nickname) = user;
+ var u = await userService.CreateUser(username, password);
+ await userService.ModifyUser(u.Id, new ModifyUserParams() { Nickname = nickname });
}
using var client = await CreateDefaultClient();
@@ -99,7 +88,7 @@ namespace Timeline.Tests.IntegratedTests options.Converters.Add(new JsonDateTimeConverter());
foreach (var user in users)
{
- var s = await client.GetStringAsync($"users/{user.Username}");
+ var s = await client.GetStringAsync($"users/{user.username}");
userInfoList.Add(JsonSerializer.Deserialize<UserInfo>(s, options));
}
diff --git a/BackEnd/Timeline.Tests/IntegratedTests/TokenTest.cs b/BackEnd/Timeline.Tests/IntegratedTests/TokenTest.cs index 480d66cd..9aac8188 100644 --- a/BackEnd/Timeline.Tests/IntegratedTests/TokenTest.cs +++ b/BackEnd/Timeline.Tests/IntegratedTests/TokenTest.cs @@ -3,7 +3,6 @@ using Microsoft.Extensions.DependencyInjection; using System.Collections.Generic;
using System.Net.Http;
using System.Threading.Tasks;
-using Timeline.Models;
using Timeline.Models.Http;
using Timeline.Services;
using Timeline.Tests.Helpers;
@@ -103,7 +102,8 @@ namespace Timeline.Tests.IntegratedTests {
// create a user for test
var userService = scope.ServiceProvider.GetRequiredService<IUserService>();
- await userService.ModifyUser("user1", new User { Password = "user1pw" });
+ var id = await userService.GetUserIdByUsername("user1");
+ await userService.ModifyUser(id, new ModifyUserParams { Password = "user1pw" });
}
(await client.PostAsJsonAsync(VerifyTokenUrl,
diff --git a/BackEnd/Timeline.Tests/IntegratedTests/UserAvatarTest.cs b/BackEnd/Timeline.Tests/IntegratedTests/UserAvatarTest.cs index 66a12573..854a4ee6 100644 --- a/BackEnd/Timeline.Tests/IntegratedTests/UserAvatarTest.cs +++ b/BackEnd/Timeline.Tests/IntegratedTests/UserAvatarTest.cs @@ -10,7 +10,6 @@ using System.IO; using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
-using System.Net.Mime;
using System.Threading.Tasks;
using Timeline.Models.Http;
using Timeline.Services;
diff --git a/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs b/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs new file mode 100644 index 00000000..cf27a6c6 --- /dev/null +++ b/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs @@ -0,0 +1,308 @@ +using FluentAssertions;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.Http.Json;
+using System.Threading.Tasks;
+using Timeline.Models.Http;
+using Timeline.Services;
+using Xunit;
+
+namespace Timeline.Tests.IntegratedTests
+{
+ public class UserPermissionTest : IntegratedTestBase
+ {
+ public UserPermissionTest() : base(3) { }
+
+ [Fact]
+ public async Task RootUserShouldReturnAllPermissions()
+ {
+ using var client = await CreateDefaultClient();
+ var res = await client.GetAsync("users/admin");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(Enum.GetNames<UserPermission>());
+ }
+
+ [Fact]
+ public async Task NonRootUserShouldReturnNonPermissions()
+ {
+ using var client = await CreateDefaultClient();
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEmpty();
+ }
+
+ public static IEnumerable<object[]> EveryPermissionTestData()
+ {
+ return Enum.GetValues<UserPermission>().Select(p => new object[] { p });
+ }
+
+ [Theory]
+ [MemberData(nameof(EveryPermissionTestData))]
+ public async Task ModifyRootUserPermissionShouldHaveNoEffect(UserPermission permission)
+ {
+ using var client = await CreateClientAsAdministrator();
+
+ {
+ var res = await client.DeleteAsync($"users/admin/permissions/{permission}");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/admin");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(Enum.GetNames<UserPermission>());
+ }
+
+ {
+ var res = await client.PutAsync($"users/admin/permissions/{permission}", null);
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/admin");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(Enum.GetNames<UserPermission>());
+ }
+ }
+
+ [Theory]
+ [MemberData(nameof(EveryPermissionTestData))]
+ public async Task ModifyUserPermissionShouldWork(UserPermission permission)
+ {
+ using var client = await CreateClientAsAdministrator();
+
+ {
+ var res = await client.PutAsync($"users/user1/permissions/{permission}", null);
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(permission.ToString());
+ }
+
+ {
+ var res = await client.DeleteAsync($"users/user1/permissions/{permission}");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEmpty();
+ }
+ }
+
+ [Theory]
+ [MemberData(nameof(EveryPermissionTestData))]
+ public async Task PutExistPermissionShouldHaveNoEffect(UserPermission permission)
+ {
+ using var client = await CreateClientAsAdministrator();
+
+ {
+ var res = await client.PutAsync($"users/user1/permissions/{permission}", null);
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(permission.ToString());
+ }
+
+ {
+ var res = await client.PutAsync($"users/user1/permissions/{permission}", null);
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(permission.ToString());
+ }
+ }
+
+ [Theory]
+ [MemberData(nameof(EveryPermissionTestData))]
+ public async Task DeleteNonExistPermissionShouldHaveNoEffect(UserPermission permission)
+ {
+ using var client = await CreateClientAsAdministrator();
+
+ {
+ var res = await client.DeleteAsync($"users/user1/permissions/{permission}");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEmpty();
+ }
+ }
+
+ [Fact]
+ public async Task AGeneralTest()
+ {
+ using var client = await CreateClientAsAdministrator();
+
+ {
+ var res = await client.PutAsync($"users/user1/permissions/{UserPermission.AllTimelineManagement}", null);
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(UserPermission.AllTimelineManagement.ToString());
+ }
+
+ {
+ var res = await client.PutAsync($"users/user1/permissions/{UserPermission.HighlightTimelineManangement}", null);
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(UserPermission.AllTimelineManagement.ToString(),
+ UserPermission.HighlightTimelineManangement.ToString());
+ }
+
+ {
+ var res = await client.PutAsync($"users/user1/permissions/{UserPermission.UserManagement}", null);
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(
+ UserPermission.AllTimelineManagement.ToString(),
+ UserPermission.HighlightTimelineManangement.ToString(),
+ UserPermission.UserManagement.ToString());
+ }
+
+ {
+ var res = await client.DeleteAsync($"users/user1/permissions/{UserPermission.HighlightTimelineManangement}");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(
+ UserPermission.AllTimelineManagement.ToString(),
+ UserPermission.UserManagement.ToString());
+ }
+
+ {
+ var res = await client.DeleteAsync($"users/user1/permissions/{UserPermission.AllTimelineManagement}");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(UserPermission.UserManagement.ToString());
+ }
+
+ {
+ var res = await client.PutAsync($"users/user1/permissions/{UserPermission.HighlightTimelineManangement}", null);
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(
+ UserPermission.HighlightTimelineManangement.ToString(), UserPermission.UserManagement.ToString());
+ }
+
+ {
+ var res = await client.DeleteAsync($"users/user1/permissions/{UserPermission.HighlightTimelineManangement}");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEquivalentTo(UserPermission.UserManagement.ToString());
+ }
+
+ {
+ var res = await client.DeleteAsync($"users/user1/permissions/{UserPermission.UserManagement}");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ }
+
+ {
+ var res = await client.GetAsync("users/user1");
+ res.StatusCode.Should().Be(HttpStatusCode.OK);
+ var body = await res.Content.ReadFromJsonAsync<UserInfo>();
+ body.Permissions.Should().BeEmpty();
+ }
+ }
+
+ [Theory]
+ [InlineData("users/user1/permissions/aaa")]
+ [InlineData("users/!!!/permissions/UserManagement")]
+ public async Task InvalidModel(string url)
+ {
+ using var client = await CreateClientAsAdministrator();
+
+ {
+ var res = await client.PutAsync(url, null);
+ res.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+ var body = await res.Content.ReadFromJsonAsync<CommonResponse>();
+ body.Code.Should().Be(ErrorCodes.Common.InvalidModel);
+ }
+
+ {
+ var res = await client.DeleteAsync(url);
+ res.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+ var body = await res.Content.ReadFromJsonAsync<CommonResponse>();
+ body.Code.Should().Be(ErrorCodes.Common.InvalidModel);
+ }
+ }
+
+ [Fact]
+ public async Task UserNotExist()
+ {
+ using var client = await CreateClientAsAdministrator();
+
+ const string url = "users/user123/permissions/UserManagement";
+
+ {
+ var res = await client.PutAsync(url, null);
+ res.StatusCode.Should().Be(HttpStatusCode.NotFound);
+ var body = await res.Content.ReadFromJsonAsync<CommonResponse>();
+ body.Code.Should().Be(ErrorCodes.UserCommon.NotExist);
+ }
+
+ {
+ var res = await client.DeleteAsync(url);
+ res.StatusCode.Should().Be(HttpStatusCode.NotFound);
+ var body = await res.Content.ReadFromJsonAsync<CommonResponse>();
+ body.Code.Should().Be(ErrorCodes.UserCommon.NotExist);
+ }
+ }
+ }
+}
diff --git a/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs b/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs index 9dfcc6a5..329e53f5 100644 --- a/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs +++ b/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs @@ -2,6 +2,7 @@ using FluentAssertions; using System.Collections.Generic;
using System.Net;
using System.Net.Http;
+using System.Net.Http.Json;
using System.Threading.Tasks;
using Timeline.Models.Http;
using Timeline.Tests.Helpers;
@@ -129,13 +130,11 @@ namespace Timeline.Tests.IntegratedTests {
Username = "newuser",
Password = "newpw",
- Administrator = true,
Nickname = "aaa"
});
var body = res.Should().HaveStatusCode(200)
.And.HaveJsonBody<UserInfo>()
.Which;
- body.Administrator.Should().Be(true);
body.Nickname.Should().Be("aaa");
}
@@ -144,14 +143,14 @@ namespace Timeline.Tests.IntegratedTests var body = res.Should().HaveStatusCode(200)
.And.HaveJsonBody<UserInfo>()
.Which;
- body.Administrator.Should().Be(true);
body.Nickname.Should().Be("aaa");
}
{
+ var token = userClient.DefaultRequestHeaders.Authorization.Parameter;
// Token should expire.
- var res = await userClient.GetAsync("testing/auth/Authorize");
- res.Should().HaveStatusCode(HttpStatusCode.Unauthorized);
+ var res = await userClient.PostAsJsonAsync<VerifyTokenRequest>("token/verify", new() { Token = token });
+ res.Should().HaveStatusCode(HttpStatusCode.BadRequest);
}
{
@@ -236,14 +235,6 @@ namespace Timeline.Tests.IntegratedTests }
[Fact]
- public async Task Patch_Administrator_Forbid()
- {
- using var client = await CreateClientAsUser();
- var res = await client.PatchAsJsonAsync("users/user1", new UserPatchRequest { Administrator = true });
- res.Should().HaveStatusCode(HttpStatusCode.Forbidden);
- }
-
- [Fact]
public async Task Delete_Deleted()
{
using var client = await CreateClientAsAdministrator();
@@ -301,22 +292,16 @@ namespace Timeline.Tests.IntegratedTests {
Username = "aaa",
Password = "bbb",
- Administrator = true,
- Nickname = "ccc"
});
var body = res.Should().HaveStatusCode(200)
.And.HaveJsonBody<UserInfo>().Which;
body.Username.Should().Be("aaa");
- body.Nickname.Should().Be("ccc");
- body.Administrator.Should().BeTrue();
}
{
var res = await client.GetAsync("users/aaa");
var body = res.Should().HaveStatusCode(200)
.And.HaveJsonBody<UserInfo>().Which;
body.Username.Should().Be("aaa");
- body.Nickname.Should().Be("ccc");
- body.Administrator.Should().BeTrue();
}
{
// Test password.
@@ -326,12 +311,10 @@ namespace Timeline.Tests.IntegratedTests public static IEnumerable<object[]> Op_CreateUser_InvalidModel_Data()
{
- yield return new[] { new CreateUserRequest { Username = "aaa", Password = "bbb" } };
- yield return new[] { new CreateUserRequest { Username = "aaa", Administrator = true } };
- yield return new[] { new CreateUserRequest { Password = "bbb", Administrator = true } };
- yield return new[] { new CreateUserRequest { Username = "a!a", Password = "bbb", Administrator = true } };
- yield return new[] { new CreateUserRequest { Username = "aaa", Password = "", Administrator = true } };
- yield return new[] { new CreateUserRequest { Username = "aaa", Password = "bbb", Administrator = true, Nickname = new string('a', 40) } };
+ yield return new[] { new CreateUserRequest { Username = "aaa" } };
+ yield return new[] { new CreateUserRequest { Password = "bbb" } };
+ yield return new[] { new CreateUserRequest { Username = "a!a", Password = "bbb" } };
+ yield return new[] { new CreateUserRequest { Username = "aaa", Password = "" } };
}
[Theory]
@@ -354,7 +337,6 @@ namespace Timeline.Tests.IntegratedTests {
Username = "user1",
Password = "bbb",
- Administrator = false
});
res.Should().HaveStatusCode(400)
.And.HaveCommonBody(ErrorCodes.UserController.UsernameConflict);
@@ -370,7 +352,6 @@ namespace Timeline.Tests.IntegratedTests {
Username = "aaa",
Password = "bbb",
- Administrator = false
});
res.Should().HaveStatusCode(HttpStatusCode.Unauthorized);
}
@@ -385,7 +366,6 @@ namespace Timeline.Tests.IntegratedTests {
Username = "aaa",
Password = "bbb",
- Administrator = false
});
res.Should().HaveStatusCode(HttpStatusCode.Forbidden);
}
|