public async Task TestCommentCreate() { var newCrowdaction = new NewCrowdactionInternal("test" + Guid.NewGuid(), 100, "test", "test", "test", null, DateTime.UtcNow, DateTime.UtcNow.AddDays(1), null, null, null, null, new[] { Category.Community }, Array.Empty <string>(), CrowdactionDisplayPriority.Bottom, CrowdactionStatus.Running, 0, null); Crowdaction crowdaction = await crowdactionService.CreateCrowdactionInternal(newCrowdaction, CancellationToken.None); Assert.NotNull(crowdaction); ApplicationUser user = await context.Users.FirstAsync(); ClaimsPrincipal userPrincipal = await signInManager.CreateUserPrincipalAsync(user); CrowdactionComment firstComment = await crowdactionService.CreateComment("test test", crowdaction.Id, userPrincipal, CancellationToken.None); Assert.NotNull(firstComment); await Assert.ThrowsAnyAsync <Exception>(() => crowdactionService.CreateComment("test test <script />", crowdaction.Id, userPrincipal, CancellationToken.None)); await Assert.ThrowsAnyAsync <Exception>(() => crowdactionService.CreateComment("test test <a href=\"javascript:alert('hello')\" />", crowdaction.Id, userPrincipal, CancellationToken.None)); await crowdactionService.DeleteComment(firstComment.Id, CancellationToken.None); CrowdactionComment retrievedComment = await context.CrowdactionComments.FirstOrDefaultAsync(c => c.Id == firstComment.Id); Assert.Null(retrievedComment); CrowdactionComment sanitizedComment = await crowdactionService.CreateComment("test test <p><a href=\"www.google.com\" /></p>", crowdaction.Id, userPrincipal, CancellationToken.None); Assert.Equal("test test <p><a href=\"https://www.google.com\" rel=\"nofollow ugc\"></a></p>", sanitizedComment.Comment); await crowdactionService.DeleteComment(sanitizedComment.Id, CancellationToken.None); }
public async Task <CrowdactionComment> CreateCommentAnonymous(string comment, string name, int crowdactionId, CancellationToken token) { if (!htmlInputValidator.IsSafe(comment)) { throw new InvalidOperationException("Comment contains unsafe html"); } comment = SanitizeComment(comment); Crowdaction?crowdaction = await context.Crowdactions.SingleOrDefaultAsync(c => c.Id == crowdactionId, token).ConfigureAwait(false); if (crowdaction == null) { throw new InvalidOperationException($"Crowdaction does not exist when adding comment"); } else if (crowdaction.Status != CrowdactionStatus.Running) { throw new InvalidOperationException($"Crowdaction is not active when adding comment"); } var crowdactionComment = new CrowdactionComment(comment, null, name, crowdactionId, DateTime.UtcNow, CrowdactionCommentStatus.WaitingForApproval); context.CrowdactionComments.Add(crowdactionComment); await context.SaveChangesAsync(token).ConfigureAwait(false); IList <ApplicationUser> administrators = await userManager.GetUsersInRoleAsync(AuthorizationConstants.AdminRole).ConfigureAwait(false); await emailSender.SendEmailsTemplated(administrators.Select(a => a.Email), $"A new anonymous comment was submitted on CollAction", "CrowdactionCommentAddedAdmin").ConfigureAwait(false); return(crowdactionComment); }
public async Task DeleteComment(int commentId, CancellationToken token) { CrowdactionComment comment = await context.CrowdactionComments.SingleAsync(c => c.Id == commentId, token).ConfigureAwait(false); context.CrowdactionComments.Remove(comment); await context.SaveChangesAsync(token).ConfigureAwait(false); }
public async Task <CrowdactionComment> CreateComment(string comment, int crowdactionId, ClaimsPrincipal user, CancellationToken token) { if (!htmlInputValidator.IsSafe(comment)) { throw new InvalidOperationException("Comment contains unsafe html"); } comment = SanitizeComment(comment); ApplicationUser?applicationUser = await userManager.GetUserAsync(user).ConfigureAwait(false); if (applicationUser == null) { throw new InvalidOperationException($"User does not exist when adding comment"); } Crowdaction?crowdaction = await context.Crowdactions.SingleAsync(c => c.Id == crowdactionId, token).ConfigureAwait(false); if (crowdaction == null) { throw new InvalidOperationException($"Crowdaction does not exist when adding comment"); } else if (crowdaction.Status != CrowdactionStatus.Running) { throw new InvalidOperationException($"Crowdaction is not active when adding comment"); } var crowdactionComment = new CrowdactionComment(comment, applicationUser.Id, null, crowdactionId, DateTime.UtcNow, CrowdactionCommentStatus.Approved); context.CrowdactionComments.Add(crowdactionComment); await context.SaveChangesAsync(token).ConfigureAwait(false); return(crowdactionComment); }