public async Task Login(string username, string email, string pwd, bool valid) { var client = _factory.CreateClient(); var userDto = new UserDTO(username, pwd); var registerItemJson = ToJsonTest.ObjectToJson(userDto); var response = await client.PostAsync("/login", registerItemJson); var result = await response.Content.ReadAsStringAsync(); if (valid) { var jsonResult = JsonConvert.DeserializeObject <JwtRefreshDTO>(result); Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode); //Try to refresh the token await Refresh(jsonResult.Refresh.Token, true); await UserList(jsonResult.Refresh.Token, false); //since I'm sending the refresh instead of the JWT it should break await UserList(jsonResult.JWT.Token, true); } else { Assert.Equal(System.Net.HttpStatusCode.InternalServerError, response.StatusCode); } }
public async Task LogoffAll(string username, string email, string pwd, bool valid) { //logoff get the refresh token id, and removes it var refreshTokensList = new List <string>(); var client = _factory.CreateClient(); var userDto = new UserDTO(username, pwd); var loginJSON = ToJsonTest.ObjectToJson(userDto); //need to login a lot of times, to collect multiple refresh tokens, we will do five times. for (int i = 0; i < 5; i++) { //We need to test the whole pipeline here, first we login var response = await client.PostAsync("/login", loginJSON); var result = await response.Content.ReadAsStringAsync(); Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode); //then we get the refresh token var jsonResult = JsonConvert.DeserializeObject <JwtRefreshDTO>(result); var refreshToken = jsonResult.Refresh.Token; refreshTokensList.Add(refreshToken); //we add the refresh token the to header client.DefaultRequestHeaders.Add("ref", refreshToken); //if all is fine we should refresh the JWT var refreshResponse = await client.GetAsync("/refresh"); Assert.Equal(System.Net.HttpStatusCode.OK, refreshResponse.StatusCode); client.DefaultRequestHeaders.Remove("ref"); } //must logoff only once and try all the other refresh tokens from before //then we remove the refresh token var random = new Random(); var item = refreshTokensList.OrderBy(s => random.NextDouble()).First(); //should be a better method of avoid to use the same position key client.DefaultRequestHeaders.Add("ref", item); var disableRefreshResponse = await client.DeleteAsync("/logoffall"); Assert.Equal(System.Net.HttpStatusCode.OK, disableRefreshResponse.StatusCode); //now we try to refresh again, but since we invalidated the refresh token, a error should return instead of a OK foreach (var token in refreshTokensList) { client.DefaultRequestHeaders.Add("ref", token); var refreshResponseError = await client.GetAsync("/refresh"); Assert.Equal(System.Net.HttpStatusCode.InternalServerError, refreshResponseError.StatusCode); client.DefaultRequestHeaders.Remove("ref"); } }
public async Task Register(string username, string email, string pwd, bool valid) { var client = _factory.CreateClient(); var userDto = new UserDTO(username, email, pwd); var registerItemJson = ToJsonTest.ObjectToJson(userDto); var response = await client.PostAsync("/register", registerItemJson); var result = await response.Content.ReadAsStringAsync(); if (valid) { var jsonResult = JsonConvert.DeserializeObject <JwtRefreshDTO>(result); Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode); } else { Assert.Equal(System.Net.HttpStatusCode.InternalServerError, response.StatusCode); } }
public async Task Logoff(string username, string email, string pwd, bool valid) { //logoff get the refresh token id, and removes it var client = _factory.CreateClient(); var userDto = new UserDTO(username, pwd); var loginJSON = ToJsonTest.ObjectToJson(userDto); //We need to test the whole pipeline here, first we login var response = await client.PostAsync("/login", loginJSON); var result = await response.Content.ReadAsStringAsync(); Assert.Equal(System.Net.HttpStatusCode.OK, response.StatusCode); //then we get the refresh token var jsonResult = JsonConvert.DeserializeObject <JwtRefreshDTO>(result); var refreshToken = jsonResult.Refresh.Token; //we add the refresh token the to header client.DefaultRequestHeaders.Add("ref", refreshToken); //if all is fine we should refresh the JWT var refreshResponse = await client.GetAsync("/refresh"); Assert.Equal(System.Net.HttpStatusCode.OK, refreshResponse.StatusCode); //then we remove the refresh token var disableRefreshResponse = await client.DeleteAsync("/logoff"); Assert.Equal(System.Net.HttpStatusCode.OK, disableRefreshResponse.StatusCode); //now we try to refresh again, but since we invalidated the refresh token, a error should return instead of a OK var refreshResponseError = await client.GetAsync("/refresh"); Assert.Equal(System.Net.HttpStatusCode.InternalServerError, refreshResponseError.StatusCode); }