public async Task ResponceExpirationIsInTheFuturePostSignUp()
        {
            var now = new BsonDateTime(DateTime.UtcNow);

            var accessMock = new Mock <IRepository <AccessTokenSchema> >();
            var result     = new Task <AccessTokenSchema>(() =>
            {
                return(new AccessTokenSchema
                {
                    CreatedAt = new BsonDateTime(DateTime.UtcNow),
                    Role = RoleOptions.Admin,
                });
            });

            result.Start();

            accessMock.Setup(a => a.FindOne(It.IsAny <FilterDefinition <AccessTokenSchema> >()))
            .Returns(result)
            .Verifiable();

            var client = CustomHost.Create(accessMock);

            var request  = CustomRequest.Create(HttpMethod.Post, "/authentication/signUps");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();

            var body = await response.Content.ReadAsStringAsync();

            var data = BsonSerializer.Deserialize <SignUpTokenResponce>(body);

            Assert.True(data.Expiration > now, "SignUp expiration data is before the current time.");
        }
Beispiel #2
0
        public async Task BadAccessTokenIsUnauthorizedPresecurity(string value)
        {
            var accessMock = new Mock <IRepository <AccessTokenSchema> >();
            var result     = new Task <AccessTokenSchema>(() =>
            {
                return(null);
            });

            result.Start();

            accessMock.Setup(a => a.FindOne(It.IsAny <FilterDefinition <AccessTokenSchema> >()))
            .Returns(result)
            .Verifiable();

            var client = CustomHost.Create(accessMock);

            var request = CustomRequest.Create(HttpMethod.Post, "/authentication/signUps/", false);

            request.Headers.TryAddWithoutValidation("Cookie", "ExperienceCapture-Access-Token=" + value);

            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.Unauthorized,
                "Triggering pre-security with a bad token is not unauthorized.");
        }
Beispiel #3
0
        public async Task AnyStringIsAllowedPostTag(string value)
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();
            var result      = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = ObjectId.GenerateNewId(),
                    Id = string.Empty,
                    User = null,
                    CreatedAt = new BsonDateTime(DateTime.UtcNow),
                    Tags = new List <string>(),
                });
            });

            result.Start();

            sessionMock.Setup(s => s.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var client = CustomHost.Create(sessionMock: sessionMock);

            var request  = CustomRequest.Create(HttpMethod.Post, $"/sessions/EXEX/tags/{value}");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();
        }
Beispiel #4
0
        public async Task EmptyTagIsNotFoundPostTags()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();
            var result      = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = ObjectId.GenerateNewId(),
                    Id = string.Empty,
                    User = null,
                    CreatedAt = new BsonDateTime(DateTime.UtcNow),
                    Tags = new List <string>(),
                });
            });

            result.Start();

            sessionMock.Setup(s => s.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var client   = CustomHost.Create(sessionMock: sessionMock);
            var request  = CustomRequest.Create(HttpMethod.Post, $"/sessions/EXEX/tags/");
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.NotFound,
                "Tagging a an empty is not 'not found'.");
        }
Beispiel #5
0
        public async Task UpdateIsCalledDeleteTag()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();
            var result      = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = ObjectId.GenerateNewId(),
                    Id = string.Empty,
                    User = null,
                    CreatedAt = new BsonDateTime(DateTime.UtcNow),
                    Tags = new List <string>(),
                });
            });

            result.Start();

            sessionMock.Setup(s => s.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            // For some reason Verify() doesn't work
            sessionMock.Setup(
                s => s.Update(
                    It.IsAny <FilterDefinition <SessionSchema> >(),
                    It.IsAny <UpdateDefinition <SessionSchema> >()))
            .Verifiable("A session was never updated.");

            var client = CustomHost.Create(sessionMock: sessionMock);

            var request  = CustomRequest.Create(HttpMethod.Delete, $"/sessions/EXEX/tags/test");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();
        }
Beispiel #6
0
        public async Task OtherMethodsExport(string input)
        {
            var client = CustomHost.Create();

            var requestPut  = CustomRequest.Create(HttpMethod.Put, $"/sessions/EXEX/export{input}");
            var responsePut = await client.SendAsync(requestPut);

            Assert.True(
                responsePut.StatusCode == HttpStatusCode.MethodNotAllowed,
                "Putting export is an allowed method.");

            var requestPatch  = CustomRequest.Create(HttpMethod.Patch, $"/sessions/EXEX/export{input}");
            var responsePatch = await client.SendAsync(requestPatch);

            Assert.True(
                responsePatch.StatusCode == HttpStatusCode.MethodNotAllowed,
                "Patching export is an allowed method.");

            var requestDelete  = CustomRequest.Create(HttpMethod.Patch, $"/sessions/EXEX/export{input}");
            var responseDelete = await client.SendAsync(requestDelete);

            Assert.True(
                responseDelete.StatusCode == HttpStatusCode.MethodNotAllowed,
                "Deleting export is an allowed method.");
        }
        public async Task OtherMethodsSignUp(string input)
        {
            var client = CustomHost.Create();

            var requestPut  = CustomRequest.Create(HttpMethod.Put, $"/authentication/signUps{input}");
            var responsePut = await client.SendAsync(requestPut);

            Assert.True(
                responsePut.StatusCode == HttpStatusCode.MethodNotAllowed,
                "Putting SignUp is an allowed method.");

            var requestPatch  = CustomRequest.Create(HttpMethod.Patch, $"/authentication/signUps{input}");
            var responsePatch = await client.SendAsync(requestPatch);

            Assert.True(
                responsePatch.StatusCode == HttpStatusCode.MethodNotAllowed,
                "Patching SignUp is an allowed method.");

            var requestGet  = CustomRequest.Create(HttpMethod.Get, $"/authentication/signUps{input}");
            var responseGet = await client.SendAsync(requestGet);

            Assert.True(
                responseGet.StatusCode == HttpStatusCode.MethodNotAllowed,
                "Gettings SignUp is an allowed method.");

            var requestDelete  = CustomRequest.Create(HttpMethod.Delete, $"/authentication/signUps{input}");
            var responseDelete = await client.SendAsync(requestDelete);

            Assert.True(
                responseDelete.StatusCode == HttpStatusCode.MethodNotAllowed,
                "Deleting SignUp is an allowed method.");
        }
Beispiel #8
0
        public async Task CorrectContentGetExport()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();

            var result = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = null,
                    Id = null,
                    User = null,
                    CreatedAt = null,
                    Tags = null,
                    ExportState = ExportOptions.Done,
                });
            });

            result.Start();

            sessionMock.Setup(a => a.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var client = CustomHost.Create(sessionMock: sessionMock);

            var request  = CustomRequest.Create(HttpMethod.Get, "/sessions/EXEX/export");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();

            Assert.Equal(
                "application/zip",
                response.Content.Headers.ContentType.ToString());
        }
Beispiel #9
0
        public async Task UpdateIsCalledPostExport()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();

            var result = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = null,
                    Id = null,
                    User = null,
                    CreatedAt = null,
                    Tags = null,
                });
            });

            result.Start();

            sessionMock.Setup(s => s.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            sessionMock.Setup(s => s.Update(
                                  It.IsAny <FilterDefinition <SessionSchema> >(),
                                  It.IsAny <UpdateDefinition <SessionSchema> >()))
            .Verifiable("A session was never updated for.");

            var client = CustomHost.Create(sessionMock: sessionMock);

            var request  = CustomRequest.Create(HttpMethod.Post, "/sessions/EXEX/export");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();
        }
Beispiel #10
0
        public async Task IsBrokenGetExport()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();

            var result = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = null,
                    Id = null,
                    User = null,
                    CreatedAt = null,
                    Tags = null,
                    ExportState = ExportOptions.Error,
                });
            });

            result.Start();

            sessionMock.Setup(a => a.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var client = CustomHost.Create(sessionMock: sessionMock);

            var request  = CustomRequest.Create(HttpMethod.Get, "/sessions/EXEX/export");
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.InternalServerError,
                "Getting export is not 'internal server error'.");
        }
Beispiel #11
0
        public async Task ResponceIsOkDeleteTags()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();
            var result      = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = ObjectId.GenerateNewId(),
                    Id = string.Empty,
                    User = null,
                    CreatedAt = new BsonDateTime(DateTime.UtcNow),
                    Tags = new List <string>(),
                });
            });

            result.Start();

            sessionMock.Setup(s => s.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var client   = CustomHost.Create(sessionMock: sessionMock);
            var request  = CustomRequest.Create(HttpMethod.Delete, $"/sessions/EXEX/tags/test");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();
            Assert.Equal(
                "text/plain; charset=utf-8",
                response.Content.Headers.ContentType.ToString());

            Assert.True(
                await response.Content.ReadAsStringAsync() == "OK",
                "Tagging does not have a body of 'OK'.");
        }
Beispiel #12
0
        public async Task BsonTypeIsCorrect()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();

            var result = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema()
                {
                    User = new PersonSchema
                    {
                    },
                });
            });

            result.Start();

            sessionMock.Setup(s => s.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var client = CustomHost.Create(sessionMock: sessionMock);

            var request  = CustomRequest.Create(HttpMethod.Get, "/sessions/EXEX?bson=true");
            var response = await client.SendAsync(request);

            Assert.Equal(
                "application/bson",
                response.Content.Headers.ContentType.ToString());
        }
        public async Task MultipleRoutesPostSignUp(string input)
        {
            var accessMock = new Mock <IRepository <AccessTokenSchema> >();
            var result     = new Task <AccessTokenSchema>(() =>
            {
                return(new AccessTokenSchema
                {
                    CreatedAt = new BsonDateTime(DateTime.UtcNow),
                    Role = RoleOptions.Admin,
                });
            });

            result.Start();

            accessMock.Setup(a => a.FindOne(It.IsAny <FilterDefinition <AccessTokenSchema> >()))
            .Returns(result)
            .Verifiable();

            var client = CustomHost.Create(accessMock);

            var request  = CustomRequest.Create(HttpMethod.Post, $"/authentication/signUps{input}");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();
        }
Beispiel #14
0
        public async Task ExpiredTokenIsUnauthorizedPresecurity(int value)
        {
            var accessMock = new Mock <IRepository <AccessTokenSchema> >();
            var result     = new Task <AccessTokenSchema>(() =>
            {
                return(new AccessTokenSchema
                {
                    InternalId = ObjectId.GenerateNewId(),
                    Hash = string.Empty,
                    User = ObjectId.GenerateNewId(),
                    CreatedAt = new BsonDateTime(DateTime.UtcNow.AddSeconds(-value)),
                    Role = RoleOptions.Admin,
                });
            });

            result.Start();

            accessMock.Setup(a => a.FindOne(It.IsAny <FilterDefinition <AccessTokenSchema> >()))
            .Returns(result)
            .Verifiable();

            var client = CustomHost.Create(accessMock);

            var request = CustomRequest.Create(HttpMethod.Post, "/authentication/signUps/", false);

            request.Headers.TryAddWithoutValidation("Cookie", "ExperienceCapture-Access-Token=" + "ok");

            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.Unauthorized,
                "Triggering pre-security with an expired token is not unauthorized.");
        }
Beispiel #15
0
        public async Task MultiplePathsAcceptedGetExport(string input)
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();

            var result = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = null,
                    Id = null,
                    User = null,
                    CreatedAt = null,
                    Tags = null,
                    ExportState = ExportOptions.Done,
                });
            });

            result.Start();

            sessionMock.Setup(a => a.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var client = CustomHost.Create(sessionMock: sessionMock);

            var request  = CustomRequest.Create(HttpMethod.Get, $"/sessions/EXEX/export{input}");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();
        }
        public async Task ResponceIsValidBsonPostSignUp(string input)
        {
            var accessMock = new Mock <IRepository <AccessTokenSchema> >();
            var result     = new Task <AccessTokenSchema>(() =>
            {
                return(new AccessTokenSchema
                {
                    CreatedAt = new BsonDateTime(DateTime.UtcNow),
                    Role = RoleOptions.Admin,
                });
            });

            result.Start();

            accessMock.Setup(a => a.FindOne(It.IsAny <FilterDefinition <AccessTokenSchema> >()))
            .Returns(result)
            .Verifiable();

            var client = CustomHost.Create(accessMock);

            var request  = CustomRequest.Create(HttpMethod.Post, $"/authentication/signUps{input}bson=true");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();

            var body = await response.Content.ReadAsByteArrayAsync();

            var data = BsonSerializer.Deserialize <SignUpTokenResponce>(body);

            Assert.False(data == null, "SignUp data is null.");
            Assert.False(data.SignUpToken == null, "SignUp token data is null.");
            Assert.False(data.SignUpToken == string.Empty, "SignUp token data is empty.");
            Assert.False(data.Expiration == null, "SignUp expiration data is null.");
        }
        public async Task AddIsCalledPostSignUp()
        {
            var accessMock = new Mock <IRepository <AccessTokenSchema> >();

            var result = new Task <AccessTokenSchema>(() =>
            {
                return(new AccessTokenSchema
                {
                    InternalId = ObjectId.GenerateNewId(),
                    Hash = string.Empty,
                    User = ObjectId.GenerateNewId(),

                    // A day so the token can't expire while running
                    CreatedAt = new BsonDateTime(DateTime.UtcNow.AddSeconds(86400)),
                    Role = RoleOptions.Admin,
                });
            });

            result.Start();

            accessMock.Setup(a => a.FindOne(It.IsAny <FilterDefinition <AccessTokenSchema> >()))
            .Returns(result);

            accessMock.Setup(s => s.Add(It.IsAny <AccessTokenSchema>()))
            .Verifiable("An access token is never added.");

            var client = CustomHost.Create(accessMock: accessMock);

            var request  = CustomRequest.Create(HttpMethod.Post, "/authentication/signUps");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();
        }
Beispiel #18
0
        public async Task IsOkIfFoundPostExport()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();

            var result = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = null,
                    Id = null,
                    User = null,
                    CreatedAt = null,
                    Tags = null,
                });
            });

            result.Start();

            sessionMock.Setup(a => a.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var client = CustomHost.Create(sessionMock: sessionMock);

            var request  = CustomRequest.Create(HttpMethod.Post, "/sessions/EXEX/export");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();

            var body = await response.Content.ReadAsStringAsync();

            Assert.True(
                body == "OK",
                "Posting export responce is not 'OK'.");
        }
Beispiel #19
0
        public async Task RequiresAccessPostExport()
        {
            var client = CustomHost.Create();

            var request  = CustomRequest.Create(HttpMethod.Post, "/sessions/EXEX/export", false);
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.BadRequest,
                "Posting an export is a bad request without access token.");
        }
        public async Task RequiresAccessPostSignUp()
        {
            var client = CustomHost.Create();

            var request  = CustomRequest.Create(HttpMethod.Post, "/authentication/signUps", false);
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.BadRequest,
                "Creating a sign-up token is a not bad request without access token.");
        }
        public async Task MissingUserIsNotFoundGetUser()
        {
            var client = CustomHost.Create();

            var request  = CustomRequest.Create(HttpMethod.Get, "/users/1234567890987654321/", false);
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.BadRequest,
                "Getting a user is not 'not found' when missing.");
        }
        public async Task RequiresAccessGetUser()
        {
            var client = CustomHost.Create();

            var request  = CustomRequest.Create(HttpMethod.Get, "/users/1234567890987654321/", false);
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.BadRequest,
                "Getting a user is not a bad request without access token.");
        }
        public async Task IllegalUrlIsNotFoundDelete(string input)
        {
            var client = CustomHost.Create();

            var request  = CustomRequest.Create(HttpMethod.Delete, input);
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.NotFound,
                $"The following illegal url is allowed: {input}");
        }
Beispiel #24
0
        public async Task IsNotFoundPostExport()
        {
            var client = CustomHost.Create();

            var request  = CustomRequest.Create(HttpMethod.Post, "/sessions/EXEX/export");
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.NotFound,
                "Posting an export missing session is not 'not found'.");
        }
Beispiel #25
0
        public async Task RequiresAccessDeleteTag()
        {
            var client = CustomHost.Create();

            var request  = CustomRequest.Create(HttpMethod.Post, "/sessions/EXEX/tags/test", false);
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.BadRequest,
                "Tagging is a bad request without token.");
        }
Beispiel #26
0
        public async Task ContentLengthIsCorrectGetExport()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();

            var result = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = null,
                    Id = null,
                    User = null,
                    CreatedAt = null,
                    Tags = null,
                    ExportState = ExportOptions.Done,
                });
            });

            result.Start();

            sessionMock.Setup(a => a.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var          minioMock = new Mock <IMinioClient>();
            UTF8Encoding utf8      = new UTF8Encoding();

            var content = "test";
            var bytes   = new Task <byte[]>(() =>
            {
                return(utf8.GetBytes(content));
            });

            bytes.Start();

            minioMock.Setup(m => m.GetBytesAsync(
                                It.IsAny <string>(),
                                It.IsAny <string>()))
            .Returns(bytes)
            .Verifiable("Export did not call GetBytesAsync.");

            var client = CustomHost.Create(sessionMock: sessionMock, objectStoreMock: minioMock);

            var request  = CustomRequest.Create(HttpMethod.Get, "/sessions/EXEX/export");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();

            var body = await response.Content.ReadAsByteArrayAsync();

            Assert.True(
                body.Length == utf8.GetBytes(content).Length,
                "The Content-Length header has a different length from the content.");
        }
Beispiel #27
0
        public async Task RespondsWithCorrectStreamGetExport(string input)
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();

            var result = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = null,
                    Id = null,
                    User = null,
                    CreatedAt = null,
                    Tags = null,
                    ExportState = ExportOptions.Done,
                });
            });

            result.Start();

            sessionMock.Setup(a => a.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var          minioMock = new Mock <IMinioClient>();
            UTF8Encoding utf8      = new UTF8Encoding();

            var bytes = new Task <byte[]>(() =>
            {
                return(utf8.GetBytes(input));
            });

            bytes.Start();

            minioMock.Setup(m => m.GetBytesAsync(
                                It.IsAny <string>(),
                                It.IsAny <string>()))
            .Returns(bytes)
            .Verifiable("Export did not call GetBytesAsync.");

            var client = CustomHost.Create(sessionMock: sessionMock, objectStoreMock: minioMock);

            var request  = CustomRequest.Create(HttpMethod.Get, "/sessions/EXEX/export");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();

            var body = await response.Content.ReadAsStringAsync();

            Assert.True(body == input, "Export responce is not the given stream.");
        }
Beispiel #28
0
        public async Task NullStreamIsErrorGetExport()
        {
            var sessionMock = new Mock <IRepository <SessionSchema> >();

            var result = new Task <SessionSchema>(() =>
            {
                return(new SessionSchema
                {
                    InternalId = null,
                    Id = null,
                    User = null,
                    CreatedAt = null,
                    Tags = null,
                    ExportState = ExportOptions.Done,
                });
            });

            result.Start();

            sessionMock.Setup(a => a.FindById(It.IsAny <string>()))
            .Returns(result)
            .Verifiable("A session was never searched for.");

            var          minioMock = new Mock <IMinioClient>();
            UTF8Encoding utf8      = new UTF8Encoding();

            var bytes = new Task <byte[]>(() =>
            {
                return(null);
            });

            bytes.Start();

            minioMock.Setup(m => m.GetBytesAsync(
                                It.IsAny <string>(),
                                It.IsAny <string>()))
            .Returns(bytes)
            .Verifiable("Export did not call GetBytesAsync.");

            var client = CustomHost.Create(sessionMock: sessionMock, objectStoreMock: minioMock);

            var request = CustomRequest.Create(HttpMethod.Get, "/sessions/EXEX/export");

            await Assert.ThrowsAsync <ArgumentNullException>(async() =>
            {
                await client.SendAsync(request);
            });
        }
        public async Task NonSameUserIsUnauthorizedGetUser()
        {
            var firstId  = ObjectId.GenerateNewId();
            var secondId = ObjectId.GenerateNewId();

            var accessMock = new Mock <IRepository <AccessTokenSchema> >();
            var result     = new Task <AccessTokenSchema>(() =>
            {
                return(new AccessTokenSchema
                {
                    CreatedAt = new BsonDateTime(DateTime.UtcNow.AddSeconds(86400)),
                    Role = RoleOptions.Normal,
                    User = firstId,
                });
            });

            result.Start();

            accessMock.Setup(a => a.FindOne(It.IsAny <FilterDefinition <AccessTokenSchema> >()))
            .Returns(result)
            .Verifiable();

            var personMock   = new Mock <IRepository <PersonSchema> >();
            var personResult = new Task <PersonSchema>(() =>
            {
                return(new PersonSchema()
                {
                    InternalId = secondId,
                });
            });

            personResult.Start();

            personMock.Setup(p => p.FindById(It.IsAny <string>()))
            .Returns(personResult)
            .Verifiable("A person is never searched for.");

            var client   = CustomHost.Create(accessMock: accessMock, personMock: personMock);
            var request  = CustomRequest.Create(HttpMethod.Get, "/users/1234567890987654321/");
            var response = await client.SendAsync(request);

            Assert.True(
                response.StatusCode == HttpStatusCode.Unauthorized,
                "Getting a user is not unauthorized when it is not the same.");
        }
        public async Task UpdateIsCalledGetUser()
        {
            var accessMock = new Mock <IRepository <AccessTokenSchema> >();
            var result     = new Task <AccessTokenSchema>(() =>
            {
                return(new AccessTokenSchema
                {
                    CreatedAt = new BsonDateTime(DateTime.UtcNow.AddSeconds(86400)),
                    Role = RoleOptions.Admin,
                });
            });

            result.Start();

            accessMock.Setup(a => a.FindOne(It.IsAny <FilterDefinition <AccessTokenSchema> >()))
            .Returns(result)
            .Verifiable();

            var personMock   = new Mock <IRepository <PersonSchema> >();
            var personResult = new Task <PersonSchema>(() =>
            {
                return(new PersonSchema()
                {
                });
            });

            personResult.Start();

            personMock.Setup(p => p.FindById(It.IsAny <string>()))
            .Returns(personResult)
            .Verifiable("A person is never searched for.");

            personMock.Setup(p => p.Update(
                                 It.IsAny <FilterDefinition <PersonSchema> >(),
                                 It.IsAny <UpdateDefinition <PersonSchema> >()))
            .Verifiable("A person is never updated.");

            var client   = CustomHost.Create(accessMock: accessMock, personMock: personMock);
            var request  = CustomRequest.Create(HttpMethod.Delete, "/users/1234567890987654321/");
            var response = await client.SendAsync(request);

            response.EnsureSuccessStatusCode();
        }