public async Task CreateJogging_Returns403UnAuthorizedObjecResultWhenUserNotOwner()
{
// Arrange
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[]
{ new Claim(ClaimTypes.Name, "joggeruser"), new Claim(ClaimTypes.Role, "Jogger") }));
var joggingCreateDto = new JoggingCreateDto
{
JoggingDate = DateTime.Now,
DistanceInMeters = 400,
Location = "London",
JoggingDurationInMinutes = 30,
UserId = 2001
};
_controller.ControllerContext = new ControllerContext()
{
HttpContext = new DefaultHttpContext {
User = user
}
};
// Act
var result = await _controller.CreateJogging(joggingCreateDto) as StatusCodeResult;
// Assert
Assert.Equal(403, result.StatusCode);
}
public async Task CreateJogging_ReturnsCreatedAtRouteResult()
{
// Arrange
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[]
{ new Claim(ClaimTypes.Name, "joggeruser"), new Claim(ClaimTypes.Role, "Jogger") }));
var joggingCreateDto = new JoggingCreateDto
{
JoggingDate = DateTime.Now,
DistanceInMeters = 400,
Location = "London",
JoggingDurationInMinutes = 30,
UserId = 2002
};
_controller.ControllerContext = new ControllerContext()
{
HttpContext = new DefaultHttpContext {
User = user
}
};
// Act
var result = await _controller.CreateJogging(joggingCreateDto);
// Assert
Assert.IsType <CreatedAtRouteResult>(result);
}
public async Task CreateJogging_ReturnsBadRequestResultWhenUserDoesNotExist()
{
// Arrange
var nonExistingUserId = int.MaxValue;
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[]
{ new Claim(ClaimTypes.Name, "joggeruser"), new Claim(ClaimTypes.Role, "Jogger") }));
var joggingCreateDto = new JoggingCreateDto
{
JoggingDate = DateTime.Now,
DistanceInMeters = 400,
Location = "London",
JoggingDurationInMinutes = 30,
UserId = nonExistingUserId
};
_controller.ControllerContext = new ControllerContext()
{
HttpContext = new DefaultHttpContext {
User = user
}
};
// Act
var result = await _controller.CreateJogging(joggingCreateDto);
// Assert
Assert.IsType <BadRequestObjectResult>(result);
}
public async Task <IActionResult> CreateJogging([FromBody] JoggingCreateDto joggingCreateDto)
{
var claimsIdentity = this.User.Identity as ClaimsIdentity;
var userName = claimsIdentity.FindFirst(ClaimTypes.Name)?.Value;
var role = claimsIdentity.FindFirst(ClaimTypes.Role)?.Value;
var user = _userManager.Users.Where(u => u.Id.Equals(joggingCreateDto.UserId)).FirstOrDefault();
if (user == null)
{
ModelState.AddModelError("", $"User with userid: {joggingCreateDto.UserId} does not exist");
return(BadRequest(ModelState));
}
if (user.UserName != userName && role != "Admin")
{
return(StatusCode(403));
}
var searchDate = joggingCreateDto.JoggingDate;
var jogging = _mapper.Map <Jogging>(joggingCreateDto);
WeatherServiceResult weatherResult;
if (searchDate < DateTime.Today)
{
weatherResult = await _weatherManager.GetHistoryWeather(joggingCreateDto.Location, searchDate);
}
else
{
weatherResult = await _weatherManager.GetCurrentOrForecast(joggingCreateDto.Location, searchDate);
}
if (weatherResult != null && weatherResult.Succeeded)
{
jogging.TemperatureC = weatherResult.TempC;
jogging.TemperatureF = weatherResult.TempF;
jogging.WeatherCondition = weatherResult.WeatherCondition;
jogging.humidity = weatherResult.Humidity;
jogging.DateCreated = DateTime.Now;
jogging.DateUpdated = DateTime.Now;
_repo.CreateJogging(jogging);
_repo.Save();
var joggingToReturn = _mapper.Map <JoggingDto>(jogging);
return(CreatedAtRoute("GetJoggingById", new { id = joggingToReturn.Id }, joggingToReturn));
}
else
{
return(StatusCode(422, new { Success = false, weatherResult.ErrorMessage }));
}
}
public async Task CreateJogging_Returns422BadRequestValidatesDistanceInMetersField()
{
var jwtToken = MockJWTTokens.CreateRoleJWTToken("Admin", "adminuser");
_client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");
var requestBody = new JoggingCreateDto
{
JoggingDate = new DateTime(2020, 10, 29),
Location = "Philadelphia",
JoggingDurationInMinutes = 30,
UserId = 2002
};
var response = await _client.PostAsJsonAsync("/api/joggings", requestBody);
Assert.Equal(422, (int)response.StatusCode);
}
public async Task CreateJoggingWithJoggerRole_Returns403ForbiddenIfNotSameJogger()
{
var jwtToken = MockJWTTokens.CreateRoleJWTToken("Jogger", "joggeruser");
_client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");
var requestBody = new JoggingCreateDto
{
JoggingDate = new DateTime(2020, 10, 29),
DistanceInMeters = 2500,
Location = "Philadelphia",
JoggingDurationInMinutes = 30,
UserId = 2001
};
var response = await _client.PostAsJsonAsync("/api/joggings", requestBody);
Assert.Equal(403, (int)response.StatusCode);
}
public async Task CreateJoggingWithAdminRole_Returns201CreatedResponseHeaderIncludesLocationKey()
{
var jwtToken = MockJWTTokens.CreateRoleJWTToken("Admin", "adminuser");
_client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");
var requestBody = new JoggingCreateDto
{
JoggingDate = new DateTime(2020, 10, 29),
DistanceInMeters = 2500,
Location = "Philadelphia",
JoggingDurationInMinutes = 30,
UserId = 2002
};
var response = await _client.PostAsJsonAsync("/api/joggings", requestBody);
var responseHeader = response.Headers.Where(r => r.Key == "Location").FirstOrDefault();
Assert.Contains("Location", responseHeader.Key);
}
public async Task DeleteJoggingWithJoggerRole_Returns204NoContentOnSucessWhenUserIsOwnerOfJogging()
{
var jwtToken = MockJWTTokens.CreateRoleJWTToken("Jogger", "joggeruser");
_client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");
var requestBody = new JoggingCreateDto
{
JoggingDate = new DateTime(2020, 10, 29),
DistanceInMeters = 2500,
Location = "Philadelphia",
JoggingDurationInMinutes = 30,
UserId = 2002
};
var response = await _client.PostAsJsonAsync("/api/joggings", requestBody);
var newlyCreatedJogging = await _client.GetFromJsonAsync <JoggingDto>(response.Headers.Location);
var deleteResponse = await _client.DeleteAsync($"/api/joggings/{newlyCreatedJogging.Id}");
Assert.Equal(204, (int)deleteResponse.StatusCode);
}
