public async Task Login(string username, string email, string pwd, bool valid)
{
var client = _factory.CreateClient();
var userDto = new UserDTO(username, pwd);
var registerItemJson = ToJsonTest.ObjectToJson(userDto);
var response = await client.PostAsync("/login", registerItemJson);
var result = await response.Content.ReadAsStringAsync();
if (valid)
{
var jsonResult = JsonConvert.DeserializeObject <JwtRefreshDTO>(result);
Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode);
//Try to refresh the token
await Refresh(jsonResult.Refresh.Token, true);
await UserList(jsonResult.Refresh.Token, false); //since I'm sending the refresh instead of the JWT it should break
await UserList(jsonResult.JWT.Token, true);
}
else
{
Assert.Equal(System.Net.HttpStatusCode.InternalServerError, response.StatusCode);
}
}
public async Task LogoffAll(string username, string email, string pwd, bool valid)
{
//logoff get the refresh token id, and removes it
var refreshTokensList = new List <string>();
var client = _factory.CreateClient();
var userDto = new UserDTO(username, pwd);
var loginJSON = ToJsonTest.ObjectToJson(userDto);
//need to login a lot of times, to collect multiple refresh tokens, we will do five times.
for (int i = 0; i < 5; i++)
{
//We need to test the whole pipeline here, first we login
var response = await client.PostAsync("/login", loginJSON);
var result = await response.Content.ReadAsStringAsync();
Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode);
//then we get the refresh token
var jsonResult = JsonConvert.DeserializeObject <JwtRefreshDTO>(result);
var refreshToken = jsonResult.Refresh.Token;
refreshTokensList.Add(refreshToken);
//we add the refresh token the to header
client.DefaultRequestHeaders.Add("ref", refreshToken);
//if all is fine we should refresh the JWT
var refreshResponse = await client.GetAsync("/refresh");
Assert.Equal(System.Net.HttpStatusCode.OK, refreshResponse.StatusCode);
client.DefaultRequestHeaders.Remove("ref");
}
//must logoff only once and try all the other refresh tokens from before
//then we remove the refresh token
var random = new Random();
var item = refreshTokensList.OrderBy(s => random.NextDouble()).First(); //should be a better method of avoid to use the same position key
client.DefaultRequestHeaders.Add("ref", item);
var disableRefreshResponse = await client.DeleteAsync("/logoffall");
Assert.Equal(System.Net.HttpStatusCode.OK, disableRefreshResponse.StatusCode);
//now we try to refresh again, but since we invalidated the refresh token, a error should return instead of a OK
foreach (var token in refreshTokensList)
{
client.DefaultRequestHeaders.Add("ref", token);
var refreshResponseError = await client.GetAsync("/refresh");
Assert.Equal(System.Net.HttpStatusCode.InternalServerError, refreshResponseError.StatusCode);
client.DefaultRequestHeaders.Remove("ref");
}
}
public async Task Register(string username, string email, string pwd, bool valid)
{
var client = _factory.CreateClient();
var userDto = new UserDTO(username, email, pwd);
var registerItemJson = ToJsonTest.ObjectToJson(userDto);
var response = await client.PostAsync("/register", registerItemJson);
var result = await response.Content.ReadAsStringAsync();
if (valid)
{
var jsonResult = JsonConvert.DeserializeObject <JwtRefreshDTO>(result);
Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode);
}
else
{
Assert.Equal(System.Net.HttpStatusCode.InternalServerError, response.StatusCode);
}
}
public async Task Logoff(string username, string email, string pwd, bool valid)
{
//logoff get the refresh token id, and removes it
var client = _factory.CreateClient();
var userDto = new UserDTO(username, pwd);
var loginJSON = ToJsonTest.ObjectToJson(userDto);
//We need to test the whole pipeline here, first we login
var response = await client.PostAsync("/login", loginJSON);
var result = await response.Content.ReadAsStringAsync();
Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode);
//then we get the refresh token
var jsonResult = JsonConvert.DeserializeObject <JwtRefreshDTO>(result);
var refreshToken = jsonResult.Refresh.Token;
//we add the refresh token the to header
client.DefaultRequestHeaders.Add("ref", refreshToken);
//if all is fine we should refresh the JWT
var refreshResponse = await client.GetAsync("/refresh");
Assert.Equal(System.Net.HttpStatusCode.OK, refreshResponse.StatusCode);
//then we remove the refresh token
var disableRefreshResponse = await client.DeleteAsync("/logoff");
Assert.Equal(System.Net.HttpStatusCode.OK, disableRefreshResponse.StatusCode);
//now we try to refresh again, but since we invalidated the refresh token, a error should return instead of a OK
var refreshResponseError = await client.GetAsync("/refresh");
Assert.Equal(System.Net.HttpStatusCode.InternalServerError, refreshResponseError.StatusCode);
}
