public async void TestLoginReturnsValidToken() { // register and login a new unique user HttpResponseMessage response = await AccountHelper.RegisterAndLogInNewUser(fixture.httpClient); // Get the response as an object so we can get the token from it LoginOutput resultAsObject = await JsonSerializer.DeserializeAsync <LoginOutput>(response.Content.ReadAsStreamAsync().Result); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); // We want to use FluentAssertions to assert that validating the token does not throw, so we need to wrap it in a delegate Func <SecurityToken> validateToken = () => { tokenHandler.ValidateToken(resultAsObject.token, new TokenValidationParameters { ValidIssuer = fixture.Configuration["Guests:JwtIssuer"], IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(fixture.Configuration["Guests:JwtKey"])), ValidateAudience = false }, out SecurityToken validatedToken); return(validatedToken); }; // assert that validateToken did not throw, which means our token is valid validateToken.Should().NotThrow("because the token should be valid"); }
public async void TestLoginTokenContainsRolesAndUserIdAndEmail() { // register and login a new unique user HttpResponseMessage response = await AccountHelper.RegisterAndLogInNewUser(fixture.httpClient); // Get the response as an object so we can get the token from it LoginOutput resultAsObject = await JsonSerializer.DeserializeAsync <LoginOutput>(response.Content.ReadAsStreamAsync().Result); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); // JwtSecurityTokenHandler.ReadToken will throw an exception if the token is invalid // use built in delegate Func to Assert that reading the token does not throw Func <JwtSecurityToken> readToken = () => tokenHandler.ReadToken(resultAsObject.token) as JwtSecurityToken; using (new AssertionScope()) { // Assert that read token does not throw an exception: if it throws an exception, that means our token was invalid readToken.Should().NotThrow("because the token should be valid in order to check its claims"); // Get the actual token to check JwtSecurityToken securityToken = readToken(); // user only has one id and email but can have many roles securityToken.Claims.Should().ContainSingle(claim => claim.Type == ClaimTypes.Email, "because we expect the token to have a name identifier claim"); securityToken.Claims.Should().ContainSingle(claim => claim.Type == ClaimTypes.NameIdentifier, "because we expect the token to have an email claim"); securityToken.Claims.Should().Contain(claim => claim.Type == ClaimTypes.Role, "because we expect the token to have at least one role claim"); } }
public async void TestLoginReturnsAToken() { HttpResponseMessage response = await AccountHelper.RegisterAndLogInNewUser(fixture.httpClient); LoginOutput resultAsObject = await JsonSerializer.DeserializeAsync <LoginOutput>(response.Content.ReadAsStreamAsync().Result); // assert the object we created from the response has a token field and its value is not null resultAsObject.token.Should().NotBeNull("because we expect the response object to contain a token field with a value"); }