public Setup()
 {
     RegularUserId      = HttpHostFixture.GetUserId("paul");
     ManagerUserId      = HttpHostFixture.GetUserId("manager");
     AdminUserId        = HttpHostFixture.GetUserId("admin");
     AuthorizationToken = HttpHostFixture.GetTokenFor("manager", "manager123$");
 }
        public void User_is_forbidden_to_access_meals_of_others()
        {
            var userId = HttpHostFixture.GetUserId("paul");

            var token   = HttpHostFixture.GetTokenFor("saul", "saul123$");
            var request = new HttpRequestMessage(HttpMethod.Get, new Uri(HttpHostFixture.UrlBase + $"/users/{userId}/meals"));

            HttpHostFixture.AppendAuthentication(request, token);

            var result = HttpHostFixture.HttpClient.SendAsync(request).Result;

            Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
        }
Beispiel #3
0
        public void Administrator_can_access_meals_of_every_user()
        {
            var userId = HttpHostFixture.GetUserId("saul");

            var token   = HttpHostFixture.GetTokenFor("admin", "admin123$");
            var request = new HttpRequestMessage(HttpMethod.Get, new Uri(HttpHostFixture.UrlBase + $"/users/{userId}/meals"));

            HttpHostFixture.AppendAuthentication(request, token);

            var result = HttpHostFixture.HttpClient.SendAsync(request).Result;

            Assert.Equal(HttpStatusCode.OK, result.StatusCode);
        }
        public void Manager_cant_remove_admin_role()
        {
            var roles     = new string[] { };
            var rolesJson = JsonConvert.SerializeObject(roles);

            var request = new HttpRequestMessage(HttpMethod.Put, new Uri(HttpHostFixture.UrlBase + $"/users/{fixture.AdminUserId}/roles"));

            request.Content = new System.Net.Http.StringContent(rolesJson, Encoding.UTF8, "application/json");
            HttpHostFixture.AppendAuthentication(request, fixture.AuthorizationToken);

            var result = HttpHostFixture.HttpClient.SendAsync(request).Result;

            Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
        }
        public void Manager_can_remove_manager_role()
        {
            var roles     = new string[] { };
            var rolesJson = JsonConvert.SerializeObject(roles);

            var request = new HttpRequestMessage(HttpMethod.Put, new Uri(HttpHostFixture.UrlBase + $"/users/{fixture.RegularUserId}/roles"));

            request.Content = new System.Net.Http.StringContent(rolesJson, Encoding.UTF8, "application/json");
            HttpHostFixture.AppendAuthentication(request, fixture.AuthorizationToken);

            var result = HttpHostFixture.HttpClient.SendAsync(request).Result;

            Assert.Equal(HttpStatusCode.OK, result.StatusCode);

            // NOTE: we'd also fetch and check it roles were persisted
        }
Beispiel #6
0
        public static long GetUserId(string userName)
        {
            var token      = HttpHostFixture.GetTokenFor("admin", "admin123$");
            var requestUri = QueryHelpers.AddQueryString(new Uri(HttpHostFixture.UrlBase + "/users").ToString(), new Dictionary <string, string>()
            {
            });
            var request = new HttpRequestMessage(HttpMethod.Get, requestUri);

            HttpHostFixture.AppendAuthentication(request, token);

            var result = HttpClient.SendAsync(request).Result;
            var json   = result.Content.ReadAsStringAsync().Result;

            var userList = JsonConvert.DeserializeObject <List <UserDetailsDto> >(json);

            return(userList.First(u => u.Name == userName).Id);
        }
 public Setup()
 {
     RegularUserId      = HttpHostFixture.GetUserId("paul");
     AuthorizationToken = HttpHostFixture.GetTokenFor("admin", "admin123$");
 }