public AccountRelatedPageSpecs(TestDiscussionWebApp app)
{
_app = app.Reset();
_antiForgeryTokens = _app.GetAntiForgeryTokens();
_userRepo = _app.GetService <IRepository <User> >();
_userManager = _app.GetService <UserManager <User> >();
}
public async Task should_reject_post_request_without_valid_anti_forgery_token()
{
// Given
var username = StringUtility.Random();
var password = "******";
var tokens = _app.GetAntiForgeryTokens();
// When
var request = _app.Server.CreateRequest("/register")
.WithForm(new Dictionary <string, string>()
{
{ "UserName", username },
{ "Password", password },
{ "__RequestVerificationToken", "some invalid token" }
})
.WithCookie(tokens.Cookie);
var response = await request.PostAsync();
// Then
response.StatusCode.ShouldEqual(HttpStatusCode.BadRequest);
var isRegistered = _app.GetService <IRepository <User> >().All().Any(u => u.UserName == username);
isRegistered.ShouldEqual(false);
}
public async Task should_upload_file_by_authorized_user()
{
_app.MockUser();
var tokens = _app.GetAntiForgeryTokens();
var request = _app.Server.CreateRequest("/api/common/upload/avatar");
var multipart = new MultipartFormDataContent("------------------------" + StringUtility.Random(8));
var fileContent = new ByteArrayContent(Encoding.UTF8.GetBytes("hello file"));
fileContent.Headers.Add("Content-Type", "application/octet-stream");
multipart.Add(fileContent, "file", "filename.txt");
multipart.Add(new StringContent(tokens.VerificationToken), "__RequestVerificationToken");
var response = await request
.And(req => req.Content = multipart)
.WithCookie(tokens.Cookie)
.PostAsync();
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Contains("publicUrl", response.ReadAllContent());
}
public AccountRelatedPageSpecs(TestDiscussionWebApp app)
{
_app = app.Reset();
_antiForgeryTokens = _app.GetAntiForgeryTokens();
}