Created tests for HopFrame.Api

2024-12-09 18:41:51 +01:00
parent 14c82f4f06
commit a4d1d3227b
7 changed files with 493 additions and 12 deletions
--- a/tests/HopFrame.Api.Tests/AuthLogicTests.cs
+++ b/tests/HopFrame.Api.Tests/AuthLogicTests.cs
@@ -0,0 +1,403 @@
+using System.Net;
+using System.Security.Claims;
+using HopFrame.Api.Logic;
+using HopFrame.Api.Logic.Implementation;
+using HopFrame.Api.Models;
+using HopFrame.Api.Tests.Extensions;
+using HopFrame.Database.Models;
+using HopFrame.Database.Repositories;
+using HopFrame.Security.Authentication;
+using HopFrame.Security.Claims;
+using HopFrame.Security.Models;
+using Microsoft.AspNetCore.Http;
+using Moq;
+
+namespace HopFrame.Api.Tests;
+
+public class AuthLogicTests {
+
+    private readonly Guid _refreshToken = Guid.NewGuid();
+    private readonly Guid _accessToken = Guid.NewGuid();
+
+    private (IAuthLogic, HttpContext) SetupEnvironment(bool passwordIsCorrect = true, Token providedRefreshToken = null, string providedTokenCookie = null, bool provideAccessToken = true) {
+        var accessor = new HttpContextAccessor {
+            HttpContext = new DefaultHttpContext()
+        };
+
+        if (providedTokenCookie != null) {
+            var cookies = new Mock<IRequestCookieCollection>();
+            cookies
+                .SetupGet(c => c[ITokenContext.RefreshTokenType])
+                .Returns(providedTokenCookie);
+            accessor.HttpContext.Request.Cookies = cookies.Object;
+        }
+
+        if (provideAccessToken) {
+            var claims = new List<Claim> {
+                new(HopFrameClaimTypes.AccessTokenId, _accessToken.ToString())
+            };
+            accessor.HttpContext.User.AddIdentity(new ClaimsIdentity(claims, HopFrameAuthentication.SchemeName));
+        }
+
+        var users = new Mock<IUserRepository>();
+        users
+            .Setup(u => u.GetUserByEmail(It.Is<string>(email => CreateDummyUser().Email == email)))
+            .ReturnsAsync(CreateDummyUser());
+        users
+            .Setup(u => u.CheckUserPassword(It.Is<User>(u => u.Email == CreateDummyUser().Email), It.IsAny<string>()))
+            .ReturnsAsync(passwordIsCorrect);
+        users
+            .Setup(u => u.AddUser(It.IsAny<User>()))
+            .ReturnsAsync(CreateDummyUser());
+        users
+            .Setup(u => u.GetUsers())
+            .ReturnsAsync(new List<User> { CreateDummyUser() });
+
+        var tokens = new Mock<ITokenRepository>();
+        tokens
+            .Setup(t => t.CreateToken(It.Is<int>(t => t == Token.RefreshTokenType), It.IsAny<User>()))
+            .ReturnsAsync(new Token {
+                Content = _refreshToken,
+                Type = Token.RefreshTokenType
+            });
+        tokens
+            .Setup(t => t.CreateToken(It.Is<int>(t => t == Token.AccessTokenType), It.IsAny<User>()))
+            .ReturnsAsync(new Token {
+                Content = _accessToken,
+                Type = Token.AccessTokenType
+            });
+        tokens
+            .Setup(t => t.GetToken(It.Is<string>(token => token == _refreshToken.ToString())))
+            .ReturnsAsync(providedRefreshToken);
+
+        var context = new Mock<ITokenContext>();
+        context
+            .Setup(c => c.User)
+            .Returns(CreateDummyUser());
+
+        return (new AuthLogic(users.Object, tokens.Object, context.Object, accessor), accessor.HttpContext);
+    }
+
+    private User CreateDummyUser() => new() {
+        Id = Guid.NewGuid(),
+        CreatedAt = DateTime.Now,
+        Email = "test@example.com",
+        Username = "ExampleUser",
+        Password = "1234567890"
+    };
+
+    [Fact]
+    public async Task Login_Should_Succeed() {
+        // Arrange
+        var (auth, context) = SetupEnvironment();
+        var login = new UserLogin {
+            Email = CreateDummyUser().Email,
+            Password = CreateDummyUser().Password
+        };
+
+        // Act
+        var result = await auth.Login(login);
+
+        // Assert
+        Assert.True(result.IsSuccessful);
+        Assert.Equal(_accessToken.ToString(), result.Data.Value);
+        Assert.Equal(_accessToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+        Assert.Equal(_refreshToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+    }
+
+    [Fact]
+    public async Task Login_With_WrongEmail_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment();
+        var login = new UserLogin {
+            Email = "wrong@example.com",
+            Password = CreateDummyUser().Password
+        };
+
+        // Act
+        var result = await auth.Login(login);
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.NotFound, result.State);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+
+    [Fact]
+    public async Task Login_With_WrongPassword_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment(false);
+        var login = new UserLogin {
+            Email = CreateDummyUser().Email,
+            Password = CreateDummyUser().Password
+        };
+
+        // Act
+        var result = await auth.Login(login);
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.Forbidden, result.State);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+
+    [Fact]
+    public async Task Register_Should_Succeed() {
+        // Arrange
+        var (auth, context) = SetupEnvironment();
+        var register = new UserRegister {
+            Email = "new@example.com",
+            Password = "1234567890",
+            Username = "NewUser"
+        };
+        
+        // Act
+        var result = await auth.Register(register);
+        
+        // Assert
+        Assert.True(result.IsSuccessful);
+        Assert.Equal(_accessToken.ToString(), result.Data.Value);
+        Assert.Equal(_accessToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+        Assert.Equal(_refreshToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+    }
+
+    [Fact]
+    public async Task Register_With_ShortPassword_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment();
+        var register = new UserRegister {
+            Email = "new@example.com",
+            Password = "12345",
+            Username = "NewUser"
+        };
+        
+        // Act
+        var result = await auth.Register(register);
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.BadRequest, result.State);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+
+    [Fact]
+    public async Task Register_With_ExistingUsername_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment();
+        var register = new UserRegister {
+            Email = "new@example.com",
+            Password = "1234567890",
+            Username = CreateDummyUser().Username
+        };
+        
+        // Act
+        var result = await auth.Register(register);
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.Conflict, result.State);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+    
+    [Fact]
+    public async Task Register_With_ExistingEmail_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment();
+        var register = new UserRegister {
+            Email = CreateDummyUser().Email,
+            Password = "1234567890",
+            Username = "NewUser"
+        };
+        
+        // Act
+        var result = await auth.Register(register);
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.Conflict, result.State);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+
+    [Fact]
+    public async Task Authenticate_Should_Succeed() {
+        // Arrange
+        var token = new Token {
+            Type = Token.RefreshTokenType,
+            Content = _refreshToken,
+            CreatedAt = DateTime.Now,
+            Owner = CreateDummyUser()
+        };
+        var (auth, context) = SetupEnvironment(true, token, token.Content.ToString());
+        
+        // Act
+        var result = await auth.Authenticate();
+        
+        // Assert
+        Assert.True(result.IsSuccessful);
+        Assert.Equal(_accessToken.ToString(), result.Data.Value);
+        Assert.Equal(_accessToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+
+    [Fact]
+    public async Task Authenticate_With_NoProvidedToken_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment();
+        
+        // Act
+        var result = await auth.Authenticate();
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.BadRequest, result.State);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+    
+    [Fact]
+    public async Task Authenticate_With_WrongToken_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment(true, null, _refreshToken.ToString());
+        
+        // Act
+        var result = await auth.Authenticate();
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.NotFound, result.State);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+
+    [Fact]
+    public async Task Authenticate_With_WrongTokenType_Should_Fail() {
+        // Arrange
+        var token = new Token {
+            Type = Token.AccessTokenType,
+            Content = _refreshToken,
+            CreatedAt = DateTime.Now,
+            Owner = CreateDummyUser()
+        };
+        var (auth, context) = SetupEnvironment(true, token, token.Content.ToString());
+        
+        // Act
+        var result = await auth.Authenticate();
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.Conflict, result.State);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+
+    [Fact]
+    public async Task Authenticate_With_ExpiredToken_Should_Fail() {
+        // Arrange
+        var token = new Token {
+            Type = Token.RefreshTokenType,
+            Content = _refreshToken,
+            CreatedAt = DateTime.MinValue,
+            Owner = CreateDummyUser()
+        };
+        var (auth, context) = SetupEnvironment(true, token, token.Content.ToString());
+        
+        // Act
+        var result = await auth.Authenticate();
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.Forbidden, result.State);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+    }
+
+    [Fact]
+    public async Task Logout_Should_Succeed() {
+        // Arrange
+        var (auth, context) = SetupEnvironment(providedTokenCookie: _refreshToken.ToString());
+        context.Response.Cookies.Append(ITokenContext.AccessTokenType, _accessToken.ToString());
+        context.Response.Cookies.Append(ITokenContext.RefreshTokenType, _refreshToken.ToString());
+        
+        // Act
+        var result = await auth.Logout();
+        
+        // Assert
+        Assert.True(result.IsSuccessful);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+    }
+
+    [Fact]
+    public async Task Logout_With_NoAccessToken_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment(provideAccessToken: false);
+        context.Response.Cookies.Append(ITokenContext.AccessTokenType, _accessToken.ToString());
+        context.Response.Cookies.Append(ITokenContext.RefreshTokenType, _refreshToken.ToString());
+        
+        // Act
+        var result = await auth.Logout();
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.Conflict, result.State);
+        Assert.Equal(_accessToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+        Assert.Equal(_refreshToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+    }
+
+    [Fact]
+    public async Task Logout_With_NoRefreshToken_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment();
+        context.Response.Cookies.Append(ITokenContext.AccessTokenType, _accessToken.ToString());
+        context.Response.Cookies.Append(ITokenContext.RefreshTokenType, _refreshToken.ToString());
+        
+        // Act
+        var result = await auth.Logout();
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.Conflict, result.State);
+        Assert.Equal(_accessToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+        Assert.Equal(_refreshToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+    }
+
+    [Fact]
+    public async Task Delete_Should_Succeed() {
+        // Arrange
+        var (auth, context) = SetupEnvironment();
+        context.Response.Cookies.Append(ITokenContext.AccessTokenType, _accessToken.ToString());
+        context.Response.Cookies.Append(ITokenContext.RefreshTokenType, _refreshToken.ToString());
+        var validation = new UserPasswordValidation {
+            Password = CreateDummyUser().Password
+        };
+
+        // Act
+        var result = await auth.Delete(validation);
+        
+        // Assert
+        Assert.True(result.IsSuccessful);
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+        Assert.Null(context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+    }
+
+    [Fact]
+    public async Task Delete_With_WrongPassword_Should_Fail() {
+        // Arrange
+        var (auth, context) = SetupEnvironment(false);
+        context.Response.Cookies.Append(ITokenContext.AccessTokenType, _accessToken.ToString());
+        context.Response.Cookies.Append(ITokenContext.RefreshTokenType, _refreshToken.ToString());
+        var validation = new UserPasswordValidation {
+            Password = CreateDummyUser().Password
+        };
+
+        // Act
+        var result = await auth.Delete(validation);
+        
+        // Assert
+        Assert.False(result.IsSuccessful);
+        Assert.Equal(HttpStatusCode.Forbidden, result.State);
+        Assert.Equal(_accessToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.AccessTokenType));
+        Assert.Equal(_refreshToken.ToString(), context.Response.Headers.FindCookie(ITokenContext.RefreshTokenType));
+    }
+
+}
--- a/tests/HopFrame.Api.Tests/Extensions/HttpContextExtensions.cs
+++ b/tests/HopFrame.Api.Tests/Extensions/HttpContextExtensions.cs
@@ -0,0 +1,29 @@
+using System.Web;
+using Microsoft.AspNetCore.Http;
+
+namespace HopFrame.Api.Tests.Extensions;
+
+internal static class HttpContextExtensions {
+    /// <summary>Extracts the partial cookie value from the header section.</summary>
+    /// <param name="headers"><inheritdoc cref="IHeaderDictionary" path="/summary"/></param>
+    /// <param name="key">The key for identifying the cookie.</param>
+    /// <returns>The value of the cookie.</returns>
+    public static string FindCookie(this IHeaderDictionary headers, string key)
+    {
+        string headerKey = $"{key}=";
+        var cookies = headers.Values
+            .SelectMany(h => h)
+            .Where(header => header.StartsWith(headerKey))
+            .Select(header => header.Substring(headerKey.Length).Split(';').First())
+            .ToArray();
+
+        //Note: cookie values in a header are encoded like a uri parameter value.
+        var value = cookies.LastOrDefault();//and the last set value, is the relevant one.
+        if (string.IsNullOrEmpty(value))
+            return null;
+
+        //That's why we should decode that last value, before we return it.
+        var decoded = HttpUtility.UrlDecode(value);
+        return decoded; 
+    }
+}
--- a/tests/HopFrame.Api.Tests/HopFrame.Api.Tests.csproj
+++ b/tests/HopFrame.Api.Tests/HopFrame.Api.Tests.csproj
@@ -0,0 +1,28 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <TargetFramework>net8.0</TargetFramework>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <Nullable>disable</Nullable>
+
+        <IsPackable>false</IsPackable>
+        <IsTestProject>true</IsTestProject>
+    </PropertyGroup>
+
+    <ItemGroup>
+        <PackageReference Include="coverlet.collector" Version="6.0.0"/>
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0"/>
+        <PackageReference Include="Moq" Version="4.20.72" />
+        <PackageReference Include="xunit" Version="2.5.3"/>
+        <PackageReference Include="xunit.runner.visualstudio" Version="2.5.3"/>
+    </ItemGroup>
+
+    <ItemGroup>
+        <Using Include="Xunit"/>
+    </ItemGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\..\src\HopFrame.Api\HopFrame.Api.csproj" />
+    </ItemGroup>
+
+</Project>