public void MissingCookiesValidXSRFTokenUnauthTest()
{
// get a paired client and xsrf token
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
// extract the client
var client = clientxsrf.client;
// give client empty cookie containter
client.CookieContainer = new System.Net.CookieContainer();
// extract the xsrf token
var xsrfToken = clientxsrf.xsrfToken;
// set the uri for the authorised api request
client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");
//setup the request
var request = RequestHelpers.BasicPostRequest();
//get the authorization token and adds the token to the request
request.AddHeader("X-XSRF-TOKEN", xsrfToken);
// we don't expect out result to be valid as we have no valid cookies,
// even though we have attatched a valid xsrf token as a header.
// check response
ResponseHelpers.CheckResponse(client, request, expectValid: false);
}
public void DeactivateUserEndpointTests(UserEntityFactory entityFactory)
{
// Arrange
var userEntity = entityFactory.Construct();
userEntity.Configure(BaseEntity.ConfigureOptions.CREATE_ATTRIBUTES_AND_REFERENCES);
userEntity.CreateUser(true);
var deactivateQuery = JsonConvert.SerializeObject(new
{
Username = userEntity.EmailAddress
});
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
var client = clientxsrf.client;
client.BaseUrl = new Uri(_configure.BaseUrl + $"/api/account/deactivate");
var request = new RestRequest {
Method = Method.POST, RequestFormat = DataFormat.Json
};
request.AddHeader("X-XSRF-TOKEN", clientxsrf.xsrfToken);
request.AddHeader("Content-Type", "application/json");
request.AddParameter("query", deactivateQuery, ParameterType.RequestBody);
// Act
var response = client.Execute(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var activatedInDatabase = UserHelper.GetUserFromDB(userEntity.Id).EmailConfirmed;
Assert.False(activatedInDatabase);
}
public void APIUserLogoutTest()
{
// login to the backend server
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
// extract the client
var client = clientxsrf.client;
// should be 3 cookies after login
Assert.Equal(3, client.CookieContainer.Count);
// extract the xsrf token
var xsrfToken = clientxsrf.xsrfToken;
// set the logout url
client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/authorization/logout");
//setup the request headers
var request = RequestHelpers.BasicPostRequest();
// get the authorization token and adds the token to the request
request.AddHeader("X-XSRF-TOKEN", xsrfToken);
// execute the logout request
var response = client.Execute(request);
// valid response
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
// should be no cookies in the response after login
Assert.Equal(0, response.Cookies.Count);
ApiOutputHelper.WriteRequestResponseOutput(request, response, _output);
}
public void MissingXSRFTokenValidCookiesUnauthTest()
{
// get a paired client and xsrf token
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
// extract the client
var client = clientxsrf.client;
// extract the xsrf token
var xsrfToken = clientxsrf.xsrfToken;
// set the uri for the authorised api request
client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");
//setup the request
var request = RequestHelpers.BasicPostRequest();
// we don't expect out result to be valid since we have not attatched a valid
// xsrf token as a header, although we do have valid cookies
ResponseHelpers.CheckResponse(client, request, expectValid: false);
}
public void GetAllUsersEndpointTests(UserEntityFactory entityFactory)
{
// Arrange
var userEntity = entityFactory.Construct();
userEntity.Configure(BaseEntity.ConfigureOptions.CREATE_ATTRIBUTES_AND_REFERENCES);
userEntity.CreateUser(true);
// Endpoint requires sorting and pagination options to be supplied.
var sortOptions = new[] { new { Path = "id", Descending = false } };
var paginationOptions = new { PageNo = 1, PageSize = 10 };
// Search query for the user entity that we have created.
var searchConditions = new[] { new[] { new { comparison = "Like", path = "Email", value = new string[] { $"%{userEntity.EmailAddress}%" } } } };
// Add required sorting and pagination options, and the search for our created entity to the body of the query.
var query = JsonConvert.SerializeObject(new { PaginationOptions = paginationOptions, SearchConditions = searchConditions, SortConditions = sortOptions });
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
var client = clientxsrf.client;
client.BaseUrl = new Uri(_configure.BaseUrl + $"/api/account/users");
var request = new RestRequest {
Method = Method.POST, RequestFormat = DataFormat.Json
};
request.AddHeader("X-XSRF-TOKEN", clientxsrf.xsrfToken);
request.AddHeader("Content-Type", "application/json");
request.AddParameter("query", query, ParameterType.RequestBody);
// Act
var response = client.Execute(request);
var returnedObject = JsonConvert.DeserializeObject <AccountController.UserListModel>(response.Content);
// Assert
Assert.Equal(userEntity.Id, returnedObject.Users.First().Id);
}
public void ValidCookiesValidXSRFTokenAuth()
{
// get a paired client and xsrf token
var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
// extract the client
var client = clientxsrf.client;
// extract the xsrf token
var xsrfToken = clientxsrf.xsrfToken;
// set the uri for the authorised api request
client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");
//setup the request
var request = RequestHelpers.BasicPostRequest();
//get the authorization token and adds the token to the request
request.AddHeader("X-XSRF-TOKEN", xsrfToken);
// we expect out result to be valid since we have valid cookies and a valid xsrfToken as a header
// check response
ResponseHelpers.CheckResponse(client, request, expectValid: true);
}
