xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand test coverage to match specs

Browse Source
This commit is contained in:
Frank Tovar
2026-02-05 18:57:25 +01:00
parent e11cb23313
commit 67a164e53b
14 changed files with 861 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
GameList.Tests/AuthTests.cs
View File

@@ -1,12 +1,95 @@
using System.Net;
using System.Net.Http.Json;
using System.Text.Json;
using GameList.Data;
using GameList.Infrastructure;
using GameList.Tests.Support;
using Microsoft.EntityFrameworkCore;
namespace GameList.Tests;
public class AuthTests
{
[Fact]
public async Task Register_trims_limits_and_sets_cookie_and_normalized_username()
{
using var factory = new TestWebApplicationFactory();
var client = factory.CreateClientWithCookies();
var response = await client.PostAsJsonAsync("/api/auth/register", new
{
Username = " MixedCaseUser ",
Password = "Pass123!",
DisplayName = " Display Name ",
AdminKey = (string?)null
});
response.EnsureSuccessStatusCode();
Assert.True(response.Headers.TryGetValues("Set-Cookie", out var cookies) &&
cookies.Any(c => c.Contains(PlayerIdentityExtensions.PlayerCookieName)));
await factory.WithDbContextAsync(async db =>
{
var player = await db.Players.AsNoTracking().SingleAsync(p => p.Username == "MixedCaseUser");
Assert.Equal("mixedcaseuser", player.NormalizedUsername);
Assert.True(player.DisplayName!.Length <= 16);
Assert.NotEqual(Array.Empty<byte>(), player.PasswordHash);
Assert.NotEqual(Array.Empty<byte>(), player.PasswordSalt);
});
}
[Fact]
public async Task Register_rejects_overlength_username_or_display_name()
{
using var factory = new TestWebApplicationFactory();
var client = factory.CreateClientWithCookies();
var tooLongUser = new string('u', 25);
var userResp = await client.PostAsJsonAsync("/api/auth/register", new
{
Username = tooLongUser,
Password = "Pass123!",
DisplayName = "short"
});
Assert.Equal(HttpStatusCode.BadRequest, userResp.StatusCode);
var longDisplay = new string('d', 17);
var displayResp = await client.PostAsJsonAsync("/api/auth/register", new
{
Username = "okuser",
Password = "Pass123!",
DisplayName = longDisplay
});
Assert.Equal(HttpStatusCode.BadRequest, displayResp.StatusCode);
}
[Fact]
public async Task Login_sets_last_login_and_fills_missing_display_name()
{
using var factory = new TestWebApplicationFactory();
var client = factory.CreateClientWithCookies();
await client.RegisterAsync("loginfill");
await factory.WithDbContextAsync(async db =>
{
var player = await db.Players.FirstAsync();
player.DisplayName = null;
player.LastLoginAt = DateTimeOffset.UnixEpoch;
await db.SaveChangesAsync();
});
var login = await client.LoginAsync("loginfill", "Pass123!");
login.EnsureSuccessStatusCode();
await factory.WithDbContextAsync(async db =>
{
var player = await db.Players.AsNoTracking().SingleAsync();
Assert.NotEqual(DateTimeOffset.UnixEpoch, player.LastLoginAt);
Assert.Equal("loginfill", player.DisplayName);
});
}
[Fact]
public async Task Register_with_admin_key_sets_admin_flag()
{
@@ -60,6 +143,28 @@ public class AuthTests
Assert.Equal(HttpStatusCode.BadRequest, badKey.StatusCode);
}
[Fact]
public async Task Non_admin_cannot_access_admin_routes()
{
using var factory = new TestWebApplicationFactory();
var player = factory.CreateClientWithCookies();
await player.RegisterAsync("regular");
var resp = await player.GetAsync("/api/admin/vote-status");
Assert.Equal(HttpStatusCode.Unauthorized, resp.StatusCode);
}
[Fact]
public async Task Admin_can_access_admin_routes()
{
using var factory = new TestWebApplicationFactory();
var admin = factory.CreateClientWithCookies();
await admin.RegisterAsync("adminuser", admin: true);
var resp = await admin.GetAsync("/api/admin/vote-status");
resp.EnsureSuccessStatusCode();
}
[Fact]
public async Task Logout_clears_cookie()
{