public async void CreateComment_WithTokenThatIsAuthorized_Created()
{
// Arrange
var client = _server.Instance.CreateClient();
var accessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI4OGZjOGYyMC05ZDdkLTQ2NjUtODM3MC1mNzgyZGFkNzQ3ZDYiLCJpYXQiOiI5LzI1LzIwMjAgMTE6MTg6MDMiLCJzdWIiOiJhZG1pbkBsZXZpOS5jb20iLCJ1c2VybmFtZSI6IkFkbWluIiwiZXhwIjoxNjA4ODEyMjgzLCJpc3MiOiJMZXZpOSBCYWNrZW5kIiwiYXVkIjoibGV2aTlVc2VycyIsInJvbGVzIjpbIkFkbWluIl19.M9hwz43m5rLjNOJ3QZg4iAozOKByOkHfW7AbjxlDGCY";
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var comment = new CommentRequestDTO
{
Content = "Another beautiful day.",
ThreadId = 1,
};
var content = new StringContent(JsonConvert.SerializeObject(comment), Encoding.UTF8, "application/json");
// Act
var response = await client.PostAsync("api/comments", content);
// Assert
var stream = await response.Content.ReadAsStreamAsync();
CommentResponseDTO data = null;
using (var reader = new StreamReader(stream, Encoding.UTF8))
{
data = JsonConvert.DeserializeObject <CommentResponseDTO>(await reader.ReadToEndAsync());
}
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
Assert.NotNull(data);
}
public async Task <ActionResult <CommentResponseDTO> > Update(int id, [FromBody] CommentRequestDTO commentRequest)
{
var currentUser = await GettingCurrentClient();
var commentInQuestion = await _commentService.Get(commentRequest.Id);
if (commentInQuestion == null)
{
return(NotFound($"Couldn't find a comment with the id of {id} to update"));
}
var thread = await _threadService.GetWithoutUser(commentRequest.ThreadId);
if (thread == null)
{
return(BadRequest($"Thread with {commentRequest.ThreadId} does not exist."));
}
if (currentUser.Email != commentInQuestion.Author.Email)
{
return(Forbid());
}
var updatedComment = await _commentService.Update(new CommentEntity
{
Id = commentInQuestion.Id,
Content = commentRequest.Content,
Author = currentUser,
Thread = thread
});
return(_commentMapper.ToDto(updatedComment));
}
public async void UpdateComment_WithTokenThatIsAuthorized_OK()
{
// Arrange
var client = _server.Instance.CreateClient();
var accessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyOWZjMDc2OC00NzkzLTRhZDctYWFmZi01MzQ3OTg3MWI2NTgiLCJpYXQiOiI5LzI1LzIwMjAgOTo1MTozNiIsInN1YiI6InVzZXJAbGV2aTkuY29tIiwidXNlcm5hbWUiOiJVc2VyIiwiZXhwIjoxNjA4ODA3MDk2LCJpc3MiOiJMZXZpOSBCYWNrZW5kIiwiYXVkIjoibGV2aTlVc2VycyIsInJvbGVzIjpbIlVzZXIiXX0.4X-q8ZOSGdAOH9LMZf-2iUDRiSPW5tfONnqNCPf9rFM";
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var comment = new CommentRequestDTO
{
Id = 2,
Content = "Sunny",
ThreadId = 1
};
var content = new StringContent(JsonConvert.SerializeObject(comment), Encoding.UTF8, "application/json");
// Act
var response = await client.PutAsync("api/comments/2", content);
// Assert
var stream = await response.Content.ReadAsStreamAsync();
CommentResponseDTO data = null;
using (var reader = new StreamReader(stream, Encoding.UTF8))
{
data = JsonConvert.DeserializeObject <CommentResponseDTO>(await reader.ReadToEndAsync());
}
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.NotNull(data);
}
public async void CreateComment_WithoutToken_Unauthorized()
{
// Arrange
var client = _server.Instance.CreateClient();
var comment = new CommentRequestDTO
{
Content = "Beautiful day.",
ThreadId = 1
};
var content = new StringContent(JsonConvert.SerializeObject(comment), Encoding.UTF8, "application/json");
// Act
var response = await client.PostAsync("api/comments", content);
// Assert
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
public async Task <ActionResult <CommentResponseDTO> > Create([FromBody] CommentRequestDTO commentRequest)
{
var thread = await _threadService.GetWithoutUser(commentRequest.ThreadId);
if (thread == null)
{
return(BadRequest($"Thread with {commentRequest.ThreadId} does not exist."));
}
var user = await GettingCurrentClient();
var createdComment = await _commentService.Create(new CommentEntity
{
Thread = thread,
Content = commentRequest.Content,
Author = user
});
return(Created($"comments/{createdComment.Id}", _commentMapper.ToDto(createdComment)));
}
public async void UpdateComment_WithTokenThatIsAuthorized_DifferentUser_Forbidden()
{
// Arrange
var client = _server.Instance.CreateClient();
var accessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwOTg1M2QxYy1lMzE4LTRjZTgtODA4My01ODUyMTM4OTUxYWQiLCJpYXQiOiIxMC83LzIwMjAgMzo0Njo1MSBQTSIsInN1YiI6InVzZXIxQGxldmk5LmNvbSIsInVzZXJuYW1lIjoiVXNlcjEiLCJleHAiOjE2MDk4NjUyMTEsImlzcyI6Ikxldmk5IEJhY2tlbmQiLCJhdWQiOiJsZXZpOVVzZXJzIiwicm9sZXMiOlsiVXNlciJdfQ.vMg4G7sYIq1jgYUYc9ekWhDfJxEX2XlALCHcLLvGwJA";
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var comment = new CommentRequestDTO
{
Id = 1,
Content = "Sunny",
ThreadId = 1
};
var content = new StringContent(JsonConvert.SerializeObject(comment), Encoding.UTF8, "application/json");
// Act
var response = await client.PutAsync("api/comments/4", content);
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
public IObservable <Unit> Create(CommentRequestDTO comment)
{
return(_commentApi.GetClient().CreateComment(comment));
}