public void ReturnsBadRequestOnInvalidModelStateWithOtherThanGetRequest()
{
// Arrange
var filter = new ValidatorActionFilter();
var filterContext = ActionExecutingContextProvider.GetActionExecutingContext("POST");
filterContext.ModelState.AddModelError("Error", "An error has occured!");
// Act
filter.OnActionExecuting(filterContext);
// Assert
filterContext.HttpContext.Response.StatusCode.ShouldBe((int)HttpStatusCode.BadRequest);
}
public void ReturnsBadRequestOnInvalidModelStateWithGetRequest()
{
// Arrange
var filter = new ValidatorActionFilter();
var filterContext = ActionExecutingContextProvider.GetActionExecutingContext("GET");
filterContext.ModelState.AddModelError("Error", "An error has occured!");
// Act
filter.OnActionExecuting(filterContext);
// Assert
filterContext.Result.ShouldBeOfType <BadRequestResult>();
}
public void ResultContainsErrorMessagesInModelState()
{
// Arrange
var filter = new ValidatorActionFilter();
var filterContext = ActionExecutingContextProvider.GetActionExecutingContext("POST");
Dictionary <string, CustomModelStateEntry> errorsToExpect = ArrangeExpectedErrors(filterContext);
// Act
filter.OnActionExecuting(filterContext);
// Assert
var contentResult = filterContext.Result as ContentResult;
contentResult.ShouldNotBeNull();
contentResult.ContentType.ShouldBe("application/json");
AssertThatReturnedErrorsMatchExpected(errorsToExpect, contentResult);
}
public void ReturnsUnauthorizedResultIfUserDoesntHavePermission()
{
// Arrange
var db = GetInMemoryDb();
var serviceFilter = new DynamicallyAuthorizeServiceFilter(db);
var filterContext = ActionExecutingContextProvider.GetActionExecutingContext("GET");
filterContext.HttpContext.User = A.Fake <ClaimsPrincipal>();
filterContext.RouteData.Values["action"] = "This";
filterContext.RouteData.Values["controller"] = "DoesntReallyMatterButItsNeeded";
// Act
serviceFilter.OnActionExecuting(filterContext);
// Assert
filterContext.Result.ShouldBeOfType <UnauthorizedResult>();
}
public void RedirectsIfUnauthorized()
{
// Arrange
var attribute = new JsonAuthorizeAttribute();
var filterContext = ActionExecutingContextProvider.GetActionExecutingContext("GET");
var urlHelper = A.Fake <IUrlHelper>();
A.CallTo(() => urlHelper
.Action(new UrlActionContext()))
.WithAnyArguments()
.Returns("Login/Account/");
var controller = A.Fake <Controller>();
controller.Url = urlHelper;
A.CallTo(() => filterContext.Controller).Returns(controller);
var user = A.Fake <ClaimsPrincipal>();
A.CallTo(() => user.Identity.IsAuthenticated).Returns(false);
// Act
attribute.OnActionExecuting(filterContext);
// Assert
filterContext.Result.ShouldBeOfType <ContentResult>();
var result = filterContext.Result as ContentResult;
result.ContentType.ShouldBe("application/json");
HelperRedirectResult deserializedContent = JsonConvert.DeserializeObject <HelperRedirectResult>(result.Content);
deserializedContent.Redirect.ShouldBe("Login/Account/");
}
public void AdminUserIsLetThrough()
{
// Arrange
var db = GetInMemoryDb();
var serviceFilter = new DynamicallyAuthorizeServiceFilter(db);
var filterContext = ActionExecutingContextProvider.GetActionExecutingContext("GET");
var user = A.Fake <ClaimsPrincipal>();
A.CallTo(() => user.IsInRole(OnlineStore.Infrastructure.Constants.Roles.ADMIN_ROLE)).Returns(true);
filterContext.HttpContext.User = user;
// Act
serviceFilter.OnActionExecuting(filterContext);
// Assert
A.CallToSet(() => filterContext.Result)
.To(() => A <IActionResult>
.That
.IsInstanceOf(typeof(UnauthorizedResult)))
.MustNotHaveHappened();
}
public async Task RollbacksTransactionOnError()
{
// Arrange
var db = A.Fake <ApplicationDbContext>(opts => opts.WithArgumentsForConstructor(() =>
new ApplicationDbContext(new Microsoft.EntityFrameworkCore.DbContextOptions <ApplicationDbContext>())));
A.CallTo(() => db.BeginTransaction()).DoesNothing();
var filter = new DbContextTransactionFilter(db);
var filterContext = ActionExecutingContextProvider.GetActionExecutingContext("POST");
var actionExecutionDelegate = A.Fake <ActionExecutionDelegate>();
A.CallTo(() => actionExecutionDelegate.Invoke()).Throws <InvalidOperationException>();
// Act
try { await filter.OnActionExecutionAsync(filterContext, actionExecutionDelegate); } catch { }
// Assert
A.CallTo(() => db.BeginTransaction()).MustHaveHappened();
A.CallTo(() => db.CommitTransactionAsync()).MustNotHaveHappened();
A.CallTo(() => db.RollbackTransaction()).MustHaveHappened();
}
public async Task RegularUserWithPermissionIsLetThrough()
{
// Arrange
var db = GetInMemoryDb();
string actionToTestOn = "TestAction";
string controllerToTestOn = "TestController";
var role = await AddSampleRoleToDatabase(db, actionToTestOn, controllerToTestOn);
var filterContext = SetupFilterContextWithUser();
var serviceFilter = new DynamicallyAuthorizeServiceFilter(db);
// Act
serviceFilter.OnActionExecuting(filterContext);
// Assert
A.CallToSet(() => filterContext.Result)
.To(() => A <IActionResult>
.That.IsInstanceOf(typeof(UnauthorizedResult)))
.MustNotHaveHappened();
ActionExecutingContext SetupFilterContextWithUser()
{
var context = ActionExecutingContextProvider.GetActionExecutingContext("GET");
context.RouteData.Values["action"] = actionToTestOn;
context.RouteData.Values["controller"] = controllerToTestOn;
var user = A.Fake <ClaimsPrincipal>();
A.CallTo(() => user.IsInRole(role.Name)).Returns(true);
context.HttpContext.User = user;
return(context);
}
}
public async Task CommitsTransaction()
{
// Arrange
var db = A.Fake <ApplicationDbContext>(opts => opts.WithArgumentsForConstructor(() =>
new ApplicationDbContext(new Microsoft.EntityFrameworkCore.DbContextOptions <ApplicationDbContext>())));
A.CallTo(() => db.BeginTransaction()).DoesNothing();
A.CallTo(() => db.CommitTransactionAsync()).Returns(Task.FromResult(0));
var filter = new DbContextTransactionFilter(db);
var filterContext = ActionExecutingContextProvider.GetActionExecutingContext("POST");
var actionExecutionDelegate = A.Fake <ActionExecutionDelegate>();
A.CallTo(() => actionExecutionDelegate.Invoke()).Returns(Task.FromResult <ActionExecutedContext>(null));
// Act
await filter.OnActionExecutionAsync(filterContext, actionExecutionDelegate);
// Assert
A.CallTo(() => db.BeginTransaction()).MustHaveHappened();
A.CallTo(() => db.CommitTransactionAsync()).MustHaveHappened();
}
