public async Task UpdateJogging_Returns403UnauthorizedResultWhenUserNotOwner()
{
// Arrange
var jogggingId = 1000;
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[]
{ new Claim(ClaimTypes.Name, "joggeruser"), new Claim(ClaimTypes.Role, "Jogger") }));
var jogging = await _joggingRepo.GetJoggingById(jogggingId);
jogging.User = new User {
UserName = "******"
};
var joggingUpdateDto = new JoggingUpdateDto
{
JoggingDate = DateTime.Now,
DistanceInMeters = 5000,
Location = "Philadelphia",
JoggingDurationInMinutes = 50
};
_controller.ControllerContext = new ControllerContext()
{
HttpContext = new DefaultHttpContext {
User = user
}
};
_controller.ControllerContext.HttpContext.Items.Add("jogging", jogging);
// Act
var result = await _controller.UpdateJogging(jogggingId, joggingUpdateDto) as StatusCodeResult;
// Assert
Assert.Equal(403, result.StatusCode);
}
public async Task UpdateJogging_Returns201NoContentObjectResult()
{
// Arrange
var jogggingId = 1000;
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[]
{ new Claim(ClaimTypes.Name, "joggeruser"), new Claim(ClaimTypes.Role, "Jogger") }));
var jogging = await _joggingRepo.GetJoggingById(jogggingId);
jogging.User = new User {
UserName = "******"
};
var joggingUpdateDto = new JoggingUpdateDto
{
JoggingDate = DateTime.Now,
DistanceInMeters = 5000,
Location = "Philadelphia",
JoggingDurationInMinutes = 50
};
_controller.ControllerContext = new ControllerContext()
{
HttpContext = new DefaultHttpContext {
User = user
}
};
_controller.ControllerContext.HttpContext.Items.Add("jogging", jogging);
// Act
var result = await _controller.UpdateJogging(jogggingId, joggingUpdateDto);
// Assert
Assert.IsType <NoContentResult>(result);
}
public async Task UpdateJogging_ReturnsBadRequestWithoutRequestBody()
{
var jwtToken = MockJWTTokens.CreateRoleJWTToken("Jogger", "joggeruser");
_client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");
var requestBody = new JoggingUpdateDto();
var response = await _client.PutAsJsonAsync("/api/joggings/1000", requestBody);
Assert.Equal(422, (int)response.StatusCode);
}
public async Task <IActionResult> UpdateJogging(int id, [FromBody] JoggingUpdateDto joggingUpdateDto)
{
var claimsIdentity = this.User.Identity as ClaimsIdentity;
var userName = claimsIdentity.FindFirst(ClaimTypes.Name)?.Value;
var role = claimsIdentity.FindFirst(ClaimTypes.Role)?.Value;
var jogging = HttpContext.Items["jogging"] as Jogging;
if (joggingUpdateDto == null)
{
return(BadRequest("joggingUpdateDto object is null"));
}
if (role != "Admin" && jogging.User.UserName != userName)
{
return(StatusCode(403));
}
var searchDate = joggingUpdateDto.JoggingDate;
WeatherServiceResult weatherResult;
if (searchDate < DateTime.Today)
{
weatherResult = await _weatherManager.GetHistoryWeather(joggingUpdateDto.Location, searchDate);
}
else
{
weatherResult = await _weatherManager.GetCurrentOrForecast(joggingUpdateDto.Location, searchDate);
}
if (weatherResult != null && weatherResult.Succeeded)
{
jogging.TemperatureC = weatherResult.TempC;
jogging.TemperatureF = weatherResult.TempF;
jogging.WeatherCondition = weatherResult.WeatherCondition;
jogging.humidity = weatherResult.Humidity;
jogging.DistanceInMeters = joggingUpdateDto.DistanceInMeters;
jogging.JoggingDurationInMinutes = joggingUpdateDto.JoggingDurationInMinutes;
jogging.Location = joggingUpdateDto.Location;
jogging.DateUpdated = DateTime.Now;
_repo.UpdateJogging(jogging);
_repo.Save();
return(NoContent());
}
else
{
return(StatusCode(422, new { Success = false, weatherResult.ErrorMessage }));
}
}
public async Task UpdateJogging_Returns403ForbiddenWhenUserIsNotOwnerOfJogging()
{
var jwtToken = MockJWTTokens.CreateRoleJWTToken("Jogger", "userWithoutJoggings");
_client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");
var requestBody = new JoggingUpdateDto
{
JoggingDate = new DateTime(2020, 10, 29),
DistanceInMeters = 5000,
Location = "Philadelphia",
JoggingDurationInMinutes = 30,
};
var response = await _client.PutAsJsonAsync("/api/joggings/1000", requestBody);
Assert.Equal(403, (int)response.StatusCode);
}
public async Task UpdateJogging_Returns404NotFound()
{
var jwtToken = MockJWTTokens.CreateRoleJWTToken("Admin", "adminuser");
_client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");
var requestBody = new JoggingUpdateDto
{
JoggingDate = new DateTime(2020, 10, 29),
DistanceInMeters = 5000,
Location = "Philadelphia",
JoggingDurationInMinutes = 30,
};
var response = await _client.PutAsJsonAsync("/api/joggings/654651", requestBody);
Assert.Equal(404, (int)response.StatusCode);
}