public void OrderByAllowedPropertiesWithSpaces(string allowedProperties)
{
EnableQueryAttribute attribute = new EnableQueryAttribute();
attribute.AllowedOrderByProperties = allowedProperties;
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/Customers/?$orderby=Id,Name");
ODataQueryOptions queryOptions = new ODataQueryOptions(ValidationTestHelper.CreateCustomerContext(), request);
Assert.DoesNotThrow(() => attribute.ValidateQuery(request, queryOptions));
}
public void OrderByDisllowedPropertiesWithSpaces(string allowedProperties)
{
EnableQueryAttribute attribute = new EnableQueryAttribute();
attribute.AllowedOrderByProperties = allowedProperties;
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/Customers/?$orderby=Id,Name");
ODataQueryOptions queryOptions = new ODataQueryOptions(ValidationTestHelper.CreateCustomerContext(), request);
Assert.Throws <ODataException>(() => attribute.ValidateQuery(request, queryOptions),
"Order by 'Name' is not allowed. To allow it, set the 'AllowedOrderByProperties' property on EnableQueryAttribute or QueryValidationSettings.");
}
public void CanTurnOffValidationForTop()
{
// Arrange
ODataValidationSettings settings = new ODataValidationSettings()
{
MaxTop = 10
};
TopQueryOption option = new TopQueryOption("11", ValidationTestHelper.CreateCustomerContext());
// Act and Assert
ExceptionAssert.Throws <ODataException>(() =>
option.Validate(settings),
"The limit of '10' for Top query has been exceeded. The value from the incoming request is '11'.");
option.Validator = null;
ExceptionAssert.DoesNotThrow(() => option.Validate(settings));
}
public void CanTurnOffValidationForFilter()
{
ODataValidationSettings settings = new ODataValidationSettings()
{
AllowedFunctions = AllowedFunctions.AllDateTimeFunctions
};
ODataQueryContext context = ValidationTestHelper.CreateCustomerContext();
FilterQueryOption option = new FilterQueryOption("substring(Name,8,1) eq '7'", context);
Assert.Throws <ODataException>(() =>
option.Validate(settings),
"Function 'substring' is not allowed. To allow it, set the 'AllowedFunctions' property on EnableQueryAttribute or QueryValidationSettings.");
option.Validator = null;
Assert.DoesNotThrow(() => option.Validate(settings));
}
public void CanTurnOffValidationForOrderBy()
{
// Arrange
ODataQueryContext context = ValidationTestHelper.CreateCustomerContext();
OrderByQueryOption option = new OrderByQueryOption("Name", context);
ODataValidationSettings settings = new ODataValidationSettings();
settings.AllowedOrderByProperties.Add("Id");
// Act & Assert
ExceptionAssert.Throws <ODataException>(() => option.Validate(settings),
"Order by 'Name' is not allowed. To allow it, set the 'AllowedOrderByProperties' property on EnableQueryAttribute or QueryValidationSettings.");
option.Validator = null;
ExceptionAssert.DoesNotThrow(() => option.Validate(settings));
}
public void CanTurnOffAllValidation()
{
// Arrange
HttpRequestMessage message = new HttpRequestMessage(
HttpMethod.Get,
new Uri("http://localhost/?$filter=Name eq 'abc'")
);
ODataQueryContext context = ValidationTestHelper.CreateCustomerContext();
ODataQueryOptions option = new ODataQueryOptions(context, message);
ODataValidationSettings settings = new ODataValidationSettings()
{
AllowedQueryOptions = AllowedQueryOptions.OrderBy
};
// Act & Assert
Assert.Throws <ODataException>(() => option.Validate(settings),
"Query option 'Filter' is not allowed. To allow it, set the 'AllowedQueryOptions' property on EnableQueryAttribute or QueryValidationSettings.");
option.Validator = null;
Assert.DoesNotThrow(() => option.Validate(settings));
}