public IEnumerable<DEmail> Email_Update(DEmail updating, string username)
{
IDataRepository<DEmail> emails =
RepositoryFactory.Instance.Construct<DEmail>(username);
emails.Update(updating);
return emails;
}
public void DEmail_WhenAskedForKey_ReturnsEmail_ID()
{
//Arrange: An email with a unique key is constructed.
DEmail email = new DEmail { Email_ID = -1 };
//Act: the key is retrieved.
int key = email.key;
//Assert: the key is the same as the friended user's ID.
Assert.AreEqual(key, email.Email_ID);
}
public void DEmailWithSqlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: An email with malicious html and sql members is constructed.
string malicious = "1');DELETE TABLE dbo.example;--";
DEmail email = new DEmail{
Title = malicious,
Body = malicious,
Sender = malicious,
Recipient = malicious
};
//Act: The friended user is scrubbed.
email.Scrub();
//Assert: The friended user has no html in its members.
Assert.AreNotEqual(malicious, email.Title);
Assert.AreNotEqual(malicious, email.Body);
Assert.AreNotEqual(malicious, email.Sender);
Assert.AreNotEqual(malicious, email.Recipient);
}
public ActionResult Email_Create(DEmail creating, string returnView="Create")
{
string username = User.Identity.Name;
ViewData["returnView"] = returnView;
HomeIndexViewModel model = new HomeIndexViewModel {
emails = service.Email_Create(creating, username),
blockedUsers = profiler.Blocked_User_GetByUser(username),
friendedUsers = profiler.Friended_User_GetByUser(username),
navSection = infastructure.PageStructure_GetBySelected(UrlPageIDs["~/create"])
};
return View(returnView, model);
}
public ActionResult Email_Update(DEmail updating)
{
return View("Index");
}
