public IEnumerable<DBlocked_User> Blocked_User_Update(
DBlocked_User updating, string username)
{
IDataRepository<DBlocked_User> blocked_users =
RepositoryFactory.Instance.Construct<DBlocked_User>(username);
blocked_users.Update(updating);
return blocked_users;
}
public void DBlocked_User_WhenAskedForKey_ReturnsBlocked_User_ID()
{
//Arrange: A blocked user with a unique key is constructed.
DBlocked_User blocked_user = new DBlocked_User { Blocked_User_ID = -1};
//Act: the key is retrieved.
int key = blocked_user.key;
//Assert: the key is the same as the blocked user's ID.
Assert.AreEqual(key, blocked_user.Blocked_User_ID);
}
public void DBlocked_UserWithSqlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: A blocked user with malicious html and sql members are constructed.
string malicious = "1');DELETE TABLE dbo.example;--";
DBlocked_User blocked_user = new DBlocked_User{
username = malicious,
Author_Name = malicious
};
//Act: The blocked user is scrubbed.
blocked_user.Scrub();
//Assert: The blocked user has no html in its members.
Assert.AreNotEqual(malicious, blocked_user.username);
Assert.AreNotEqual(malicious, blocked_user.Author_Name);
}
public void DBlocked_UserWithHtmlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: A blocked user with malicious sql members is constructed.
string malicious = "<div></div>";
DBlocked_User blocked_user = new DBlocked_User{
username = malicious,
Author_Name = malicious
};
//Act: The blocked user is scrubbed.
blocked_user.Scrub();
//Assert: The blocked user has no html in its members.
Assert.AreNotEqual(malicious, blocked_user.username);
Assert.AreNotEqual(malicious, blocked_user.Author_Name);
}
public ActionResult BlockedUser_Delete(DBlocked_User deleting)
{
service.Blocked_User_Delete(deleting, User.Identity.Name);
return View("Index");
}
public ActionResult BlockedUser_Create(DBlocked_User creating)
{
service.Blocked_User_Create(creating, User.Identity.Name);
return View("Index");
}
