Beispiel #1
0
        public async Task IpBlockerTest()
        {
            using (var fixture = new GeldAppSecurityFixture())
            {
                for (var n = 0; n < 15; n++)
                {
                    var auth = new LoginCommand {
                        Username = "******", Password = "******"
                    };
                    var resp = await fixture.Client.PostAsync("/api/auth/login", auth.AsContent());

                    resp.StatusCode.Should().Be(n <= 10 ? HttpStatusCode.Unauthorized : HttpStatusCode.TooManyRequests);
                }
            }
        }
Beispiel #2
0
        // High level api calls.

        public async Task Login(string user, string password = "******")
        {
            var auth = new LoginCommand {
                Username = user, Password = password
            };
            var resp = await this.Client.PostAsync("/api/auth/login", auth.AsContent());

            if (resp.StatusCode != HttpStatusCode.OK)
            {
                throw new AuthenticationException();
            }
            var content = await resp.Content.ReadAsStringAsync();

            var bearerToken = JObject.Parse(content)["token"].Value <string>();

            this.Client.DefaultRequestHeaders.Add("Authorization", $"Bearer {bearerToken}");
        }
Beispiel #3
0
        public async Task LoginTest(string user, string pass, bool authorize, bool isAdmin)
        {
            var auth = new LoginCommand {
                Username = user, Password = pass
            };
            var resp = await this.fixture.Client.PostAsync("/api/auth/login", auth.AsContent());

            resp.StatusCode.Should().Be(authorize ? HttpStatusCode.OK : HttpStatusCode.Unauthorized);

            if (authorize)
            {
                var token = await resp.GetJwtTokenAsync();

                if (isAdmin)
                {
                    token.Claims.Should().Contain(t => t.Type == ClaimTypes.Role && t.Value == "admin");
                }
                else
                {
                    token.Claims.Should().NotContain(t => t.Type == ClaimTypes.Role && t.Value == "admin");
                }
            }
        }