示例#1
0
        public void MissingCookiesValidXSRFTokenUnauthTest()
        {
            // get a paired client and xsrf token
            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);

            // extract the client
            var client = clientxsrf.client;

            // give client empty cookie containter
            client.CookieContainer = new System.Net.CookieContainer();

            // extract the xsrf token
            var xsrfToken = clientxsrf.xsrfToken;

            // set the uri for the authorised api request
            client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");

            //setup the request
            var request = RequestHelpers.BasicPostRequest();

            //get the authorization token and adds the token to the request
            request.AddHeader("X-XSRF-TOKEN", xsrfToken);

            // we don't expect out result to be valid as we have no valid cookies,
            // even though we have attatched a valid xsrf token as a header.
            // check response
            ResponseHelpers.CheckResponse(client, request, expectValid: false);
        }
示例#2
0
        public void DeactivateUserEndpointTests(UserEntityFactory entityFactory)
        {
            // Arrange
            var userEntity = entityFactory.Construct();

            userEntity.Configure(BaseEntity.ConfigureOptions.CREATE_ATTRIBUTES_AND_REFERENCES);
            userEntity.CreateUser(true);
            var deactivateQuery = JsonConvert.SerializeObject(new
            {
                Username = userEntity.EmailAddress
            });

            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
            var client     = clientxsrf.client;

            client.BaseUrl = new Uri(_configure.BaseUrl + $"/api/account/deactivate");
            var request = new RestRequest {
                Method = Method.POST, RequestFormat = DataFormat.Json
            };

            request.AddHeader("X-XSRF-TOKEN", clientxsrf.xsrfToken);
            request.AddHeader("Content-Type", "application/json");
            request.AddParameter("query", deactivateQuery, ParameterType.RequestBody);

            // Act
            var response = client.Execute(request);

            // Assert
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
            var activatedInDatabase = UserHelper.GetUserFromDB(userEntity.Id).EmailConfirmed;

            Assert.False(activatedInDatabase);
        }
示例#3
0
        public void APIUserLogoutTest()
        {
            // login to the backend server
            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);

            // extract the client
            var client = clientxsrf.client;

            // should be 3 cookies after login
            Assert.Equal(3, client.CookieContainer.Count);

            // extract the xsrf token
            var xsrfToken = clientxsrf.xsrfToken;

            // set the logout url
            client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/authorization/logout");

            //setup the request headers
            var request = RequestHelpers.BasicPostRequest();

            // get the authorization token and adds the token to the request
            request.AddHeader("X-XSRF-TOKEN", xsrfToken);

            // execute the logout request
            var response = client.Execute(request);

            // valid response
            Assert.Equal(HttpStatusCode.OK, response.StatusCode);

            // should be no cookies in the response after login
            Assert.Equal(0, response.Cookies.Count);

            ApiOutputHelper.WriteRequestResponseOutput(request, response, _output);
        }
示例#4
0
        public void MissingXSRFTokenValidCookiesUnauthTest()
        {
            // get a paired client and xsrf token
            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);

            // extract the client
            var client = clientxsrf.client;

            // extract the xsrf token
            var xsrfToken = clientxsrf.xsrfToken;

            // set the uri for the authorised api request
            client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");

            //setup the request
            var request = RequestHelpers.BasicPostRequest();

            // we don't expect out result to be valid since we have not attatched a valid
            // xsrf token as a header, although we do have valid cookies
            ResponseHelpers.CheckResponse(client, request, expectValid: false);
        }
示例#5
0
        public void GetAllUsersEndpointTests(UserEntityFactory entityFactory)
        {
            // Arrange
            var userEntity = entityFactory.Construct();

            userEntity.Configure(BaseEntity.ConfigureOptions.CREATE_ATTRIBUTES_AND_REFERENCES);
            userEntity.CreateUser(true);

            // Endpoint requires sorting and pagination options to be supplied.
            var sortOptions       = new[] { new { Path = "id", Descending = false } };
            var paginationOptions = new { PageNo = 1, PageSize = 10 };

            // Search query for the user entity that we have created.
            var searchConditions = new[] { new[] { new { comparison = "Like", path = "Email", value = new string[] { $"%{userEntity.EmailAddress}%" } } } };

            // Add required sorting and pagination options, and the search for our created entity to the body of the query.
            var query = JsonConvert.SerializeObject(new { PaginationOptions = paginationOptions, SearchConditions = searchConditions, SortConditions = sortOptions });

            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);
            var client     = clientxsrf.client;

            client.BaseUrl = new Uri(_configure.BaseUrl + $"/api/account/users");

            var request = new RestRequest {
                Method = Method.POST, RequestFormat = DataFormat.Json
            };

            request.AddHeader("X-XSRF-TOKEN", clientxsrf.xsrfToken);
            request.AddHeader("Content-Type", "application/json");
            request.AddParameter("query", query, ParameterType.RequestBody);

            // Act
            var response       = client.Execute(request);
            var returnedObject = JsonConvert.DeserializeObject <AccountController.UserListModel>(response.Content);

            // Assert
            Assert.Equal(userEntity.Id, returnedObject.Users.First().Id);
        }
示例#6
0
        public void ValidCookiesValidXSRFTokenAuth()
        {
            // get a paired client and xsrf token
            var clientxsrf = ClientXsrf.GetValidClientAndxsrfTokenPair(_configure);

            // extract the client
            var client = clientxsrf.client;

            // extract the xsrf token
            var xsrfToken = clientxsrf.xsrfToken;

            // set the uri for the authorised api request
            client.BaseUrl = new Uri($"{_configure.BaseUrl}/api/account/me");

            //setup the request
            var request = RequestHelpers.BasicPostRequest();

            //get the authorization token and adds the token to the request
            request.AddHeader("X-XSRF-TOKEN", xsrfToken);

            // we expect out result to be valid since we have valid cookies and a valid xsrfToken as a header
            // check response
            ResponseHelpers.CheckResponse(client, request, expectValid: true);
        }