public IEnumerable<DBlocked_User> Blocked_User_Update( DBlocked_User updating, string username) { IDataRepository<DBlocked_User> blocked_users = RepositoryFactory.Instance.Construct<DBlocked_User>(username); blocked_users.Update(updating); return blocked_users; }
public void DBlocked_User_WhenAskedForKey_ReturnsBlocked_User_ID() { //Arrange: A blocked user with a unique key is constructed. DBlocked_User blocked_user = new DBlocked_User { Blocked_User_ID = -1}; //Act: the key is retrieved. int key = blocked_user.key; //Assert: the key is the same as the blocked user's ID. Assert.AreEqual(key, blocked_user.Blocked_User_ID); }
public void DBlocked_UserWithSqlMembers_WhenScrubbed_BecomesSafe() { //Arrange: A blocked user with malicious html and sql members are constructed. string malicious = "1');DELETE TABLE dbo.example;--"; DBlocked_User blocked_user = new DBlocked_User{ username = malicious, Author_Name = malicious }; //Act: The blocked user is scrubbed. blocked_user.Scrub(); //Assert: The blocked user has no html in its members. Assert.AreNotEqual(malicious, blocked_user.username); Assert.AreNotEqual(malicious, blocked_user.Author_Name); }
public void DBlocked_UserWithHtmlMembers_WhenScrubbed_BecomesSafe() { //Arrange: A blocked user with malicious sql members is constructed. string malicious = "<div></div>"; DBlocked_User blocked_user = new DBlocked_User{ username = malicious, Author_Name = malicious }; //Act: The blocked user is scrubbed. blocked_user.Scrub(); //Assert: The blocked user has no html in its members. Assert.AreNotEqual(malicious, blocked_user.username); Assert.AreNotEqual(malicious, blocked_user.Author_Name); }
public ActionResult BlockedUser_Delete(DBlocked_User deleting) { service.Blocked_User_Delete(deleting, User.Identity.Name); return View("Index"); }
public ActionResult BlockedUser_Create(DBlocked_User creating) { service.Blocked_User_Create(creating, User.Identity.Name); return View("Index"); }