public async Task IpBlockerTest()
{
using (var fixture = new GeldAppSecurityFixture())
{
for (var n = 0; n < 15; n++)
{
var auth = new LoginCommand {
Username = "******", Password = "******"
};
var resp = await fixture.Client.PostAsync("/api/auth/login", auth.AsContent());
resp.StatusCode.Should().Be(n <= 10 ? HttpStatusCode.Unauthorized : HttpStatusCode.TooManyRequests);
}
}
}
// High level api calls.
public async Task Login(string user, string password = "******")
{
var auth = new LoginCommand {
Username = user, Password = password
};
var resp = await this.Client.PostAsync("/api/auth/login", auth.AsContent());
if (resp.StatusCode != HttpStatusCode.OK)
{
throw new AuthenticationException();
}
var content = await resp.Content.ReadAsStringAsync();
var bearerToken = JObject.Parse(content)["token"].Value <string>();
this.Client.DefaultRequestHeaders.Add("Authorization", $"Bearer {bearerToken}");
}
public async Task LoginTest(string user, string pass, bool authorize, bool isAdmin)
{
var auth = new LoginCommand {
Username = user, Password = pass
};
var resp = await this.fixture.Client.PostAsync("/api/auth/login", auth.AsContent());
resp.StatusCode.Should().Be(authorize ? HttpStatusCode.OK : HttpStatusCode.Unauthorized);
if (authorize)
{
var token = await resp.GetJwtTokenAsync();
if (isAdmin)
{
token.Claims.Should().Contain(t => t.Type == ClaimTypes.Role && t.Value == "admin");
}
else
{
token.Claims.Should().NotContain(t => t.Type == ClaimTypes.Role && t.Value == "admin");
}
}
}