public async Task TestCommentCreate()
{
var newCrowdaction = new NewCrowdactionInternal("test" + Guid.NewGuid(), 100, "test", "test", "test", null, DateTime.UtcNow, DateTime.UtcNow.AddDays(1), null, null, null, null, new[] { Category.Community }, Array.Empty <string>(), CrowdactionDisplayPriority.Bottom, CrowdactionStatus.Running, 0, null);
Crowdaction crowdaction = await crowdactionService.CreateCrowdactionInternal(newCrowdaction, CancellationToken.None);
Assert.NotNull(crowdaction);
ApplicationUser user = await context.Users.FirstAsync();
ClaimsPrincipal userPrincipal = await signInManager.CreateUserPrincipalAsync(user);
CrowdactionComment firstComment = await crowdactionService.CreateComment("test test", crowdaction.Id, userPrincipal, CancellationToken.None);
Assert.NotNull(firstComment);
await Assert.ThrowsAnyAsync <Exception>(() => crowdactionService.CreateComment("test test <script />", crowdaction.Id, userPrincipal, CancellationToken.None));
await Assert.ThrowsAnyAsync <Exception>(() => crowdactionService.CreateComment("test test <a href=\"javascript:alert('hello')\" />", crowdaction.Id, userPrincipal, CancellationToken.None));
await crowdactionService.DeleteComment(firstComment.Id, CancellationToken.None);
CrowdactionComment retrievedComment = await context.CrowdactionComments.FirstOrDefaultAsync(c => c.Id == firstComment.Id);
Assert.Null(retrievedComment);
CrowdactionComment sanitizedComment = await crowdactionService.CreateComment("test test <p><a href=\"www.google.com\" /></p>", crowdaction.Id, userPrincipal, CancellationToken.None);
Assert.Equal("test test <p><a href=\"https://www.google.com\" rel=\"nofollow ugc\"></a></p>", sanitizedComment.Comment);
await crowdactionService.DeleteComment(sanitizedComment.Id, CancellationToken.None);
}
public async Task <CrowdactionComment> CreateCommentAnonymous(string comment, string name, int crowdactionId, CancellationToken token)
{
if (!htmlInputValidator.IsSafe(comment))
{
throw new InvalidOperationException("Comment contains unsafe html");
}
comment = SanitizeComment(comment);
Crowdaction?crowdaction = await context.Crowdactions.SingleOrDefaultAsync(c => c.Id == crowdactionId, token).ConfigureAwait(false);
if (crowdaction == null)
{
throw new InvalidOperationException($"Crowdaction does not exist when adding comment");
}
else if (crowdaction.Status != CrowdactionStatus.Running)
{
throw new InvalidOperationException($"Crowdaction is not active when adding comment");
}
var crowdactionComment = new CrowdactionComment(comment, null, name, crowdactionId, DateTime.UtcNow, CrowdactionCommentStatus.WaitingForApproval);
context.CrowdactionComments.Add(crowdactionComment);
await context.SaveChangesAsync(token).ConfigureAwait(false);
IList <ApplicationUser> administrators = await userManager.GetUsersInRoleAsync(AuthorizationConstants.AdminRole).ConfigureAwait(false);
await emailSender.SendEmailsTemplated(administrators.Select(a => a.Email), $"A new anonymous comment was submitted on CollAction", "CrowdactionCommentAddedAdmin").ConfigureAwait(false);
return(crowdactionComment);
}
public async Task DeleteComment(int commentId, CancellationToken token)
{
CrowdactionComment comment = await context.CrowdactionComments.SingleAsync(c => c.Id == commentId, token).ConfigureAwait(false);
context.CrowdactionComments.Remove(comment);
await context.SaveChangesAsync(token).ConfigureAwait(false);
}
public async Task <CrowdactionComment> CreateComment(string comment, int crowdactionId, ClaimsPrincipal user, CancellationToken token)
{
if (!htmlInputValidator.IsSafe(comment))
{
throw new InvalidOperationException("Comment contains unsafe html");
}
comment = SanitizeComment(comment);
ApplicationUser?applicationUser = await userManager.GetUserAsync(user).ConfigureAwait(false);
if (applicationUser == null)
{
throw new InvalidOperationException($"User does not exist when adding comment");
}
Crowdaction?crowdaction = await context.Crowdactions.SingleAsync(c => c.Id == crowdactionId, token).ConfigureAwait(false);
if (crowdaction == null)
{
throw new InvalidOperationException($"Crowdaction does not exist when adding comment");
}
else if (crowdaction.Status != CrowdactionStatus.Running)
{
throw new InvalidOperationException($"Crowdaction is not active when adding comment");
}
var crowdactionComment = new CrowdactionComment(comment, applicationUser.Id, null, crowdactionId, DateTime.UtcNow, CrowdactionCommentStatus.Approved);
context.CrowdactionComments.Add(crowdactionComment);
await context.SaveChangesAsync(token).ConfigureAwait(false);
return(crowdactionComment);
}
