public AccountRelatedPageSpecs(TestDiscussionWebApp app) { _app = app.Reset(); _antiForgeryTokens = _app.GetAntiForgeryTokens(); _userRepo = _app.GetService <IRepository <User> >(); _userManager = _app.GetService <UserManager <User> >(); }
public async Task should_reject_post_request_without_valid_anti_forgery_token() { // Given var username = StringUtility.Random(); var password = "******"; var tokens = _app.GetAntiForgeryTokens(); // When var request = _app.Server.CreateRequest("/register") .WithForm(new Dictionary <string, string>() { { "UserName", username }, { "Password", password }, { "__RequestVerificationToken", "some invalid token" } }) .WithCookie(tokens.Cookie); var response = await request.PostAsync(); // Then response.StatusCode.ShouldEqual(HttpStatusCode.BadRequest); var isRegistered = _app.GetService <IRepository <User> >().All().Any(u => u.UserName == username); isRegistered.ShouldEqual(false); }
public async Task should_upload_file_by_authorized_user() { _app.MockUser(); var tokens = _app.GetAntiForgeryTokens(); var request = _app.Server.CreateRequest("/api/common/upload/avatar"); var multipart = new MultipartFormDataContent("------------------------" + StringUtility.Random(8)); var fileContent = new ByteArrayContent(Encoding.UTF8.GetBytes("hello file")); fileContent.Headers.Add("Content-Type", "application/octet-stream"); multipart.Add(fileContent, "file", "filename.txt"); multipart.Add(new StringContent(tokens.VerificationToken), "__RequestVerificationToken"); var response = await request .And(req => req.Content = multipart) .WithCookie(tokens.Cookie) .PostAsync(); Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Contains("publicUrl", response.ReadAllContent()); }
public AccountRelatedPageSpecs(TestDiscussionWebApp app) { _app = app.Reset(); _antiForgeryTokens = _app.GetAntiForgeryTokens(); }