1 files changed, 94 insertions, 0 deletions

diff --git a/Timeline.Tests/AuthorizationUnitTest.cs b/Timeline.Tests/AuthorizationUnitTest.cs
new file mode 100644
index 00000000..e9e86c8e
--- /dev/null
+++ b/Timeline.Tests/AuthorizationUnitTest.cs
@@ -0,0 +1,94 @@
+using Microsoft.AspNetCore.Mvc.Testing;
+using Newtonsoft.Json;
+using System;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Timeline.Controllers;
+using Timeline.Tests.Helpers;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace Timeline.Tests
+{
+    public class AuthorizationUnitTest : IClassFixture<WebApplicationFactory<Startup>>
+    {
+        private readonly WebApplicationFactory<Startup> _factory;
+
+        public AuthorizationUnitTest(WebApplicationFactory<Startup> factory, ITestOutputHelper outputHelper)
+        {
+            _factory = factory.WithTestConfig(outputHelper);
+        }
+
+        [Fact]
+        public async Task UnauthenticationTest()
+        {
+            using (var client = _factory.CreateDefaultClient())
+            {
+                var response = await client.GetAsync("/api/Test/Action1");                
+                Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+            }
+        }
+
+        private static async Task<string> Login(HttpClient client, string username, string password)
+        {
+            var response = await client.PostAsJsonAsync("/api/User/LogIn", new UserController.UserCredentials { Username = username, Password = password });
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+            var loginInfo = JsonConvert.DeserializeObject<UserController.LoginInfo>(await response.Content.ReadAsStringAsync());
+
+            return loginInfo.Token;
+        }
+
+        private static async Task<HttpResponseMessage> GetWithAuthentication(HttpClient client, string path, string token)
+        {
+            var request = new HttpRequestMessage
+            {
+                RequestUri = new Uri(client.BaseAddress, path),
+                Method = HttpMethod.Get
+            };
+            request.Headers.Add("Authorization", "Bearer " + token);
+
+            return await client.SendAsync(request);
+        }
+
+        [Fact]
+        public async Task AuthenticationTest()
+        {
+            using (var client = _factory.CreateDefaultClient())
+            {
+                var token = await Login(client, "user", "user");
+                var response = await GetWithAuthentication(client, "/api/Test/Action1", token);
+                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            }
+        }
+
+        [Fact]
+        public async Task UserAuthorizationTest()
+        {
+            using (var client = _factory.CreateDefaultClient())
+            {
+                var token = await Login(client, "user", "user");
+                var response1 = await GetWithAuthentication(client, "/api/Test/Action2", token);
+                Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+                var response2 = await GetWithAuthentication(client, "/api/Test/Action3", token);
+                Assert.Equal(HttpStatusCode.Forbidden, response2.StatusCode);
+            }
+        }
+
+        [Fact]
+        public async Task AdminAuthorizationTest()
+        {
+            using (var client = _factory.CreateDefaultClient())
+            {
+                var token = await Login(client, "admin", "admin");
+                var response1 = await GetWithAuthentication(client, "/api/Test/Action2", token);
+                Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+                var response2 = await GetWithAuthentication(client, "/api/Test/Action3", token);
+                Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+            }
+        }
+    }
+}