94 lines
4.5 KiB
C#
94 lines
4.5 KiB
C#
using Microsoft.AspNetCore.Mvc.Testing;
|
|
|
|
namespace RpgRoller.Tests;
|
|
|
|
public sealed class RollVisibilityApiTests : ApiTestBase
|
|
{
|
|
public RollVisibilityApiTests(WebApplicationFactory<Program> factory)
|
|
: base(factory)
|
|
{
|
|
}
|
|
|
|
[Fact]
|
|
public async Task RollVisibilityAndAuthorization_AreEnforced()
|
|
{
|
|
using var factory = CreateFactory(4, 3, 5, 2, 6);
|
|
using var gmClient = factory.CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
|
|
using var playerClient = factory.CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
|
|
using var observerClient = factory.CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
|
|
using var outsiderClient = factory.CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
|
|
|
|
await RegisterAsync(gmClient, "gm", "Password123", "GM");
|
|
await LoginAsync(gmClient, "gm", "Password123");
|
|
var campaign = await PostAsync<CreateCampaignRequest, CampaignSummary>(
|
|
gmClient,
|
|
"/api/campaigns",
|
|
new CreateCampaignRequest("Main", "d6"));
|
|
|
|
await RegisterAsync(playerClient, "player", "Password123", "Player");
|
|
await LoginAsync(playerClient, "player", "Password123");
|
|
var playerCharacter = await PostAsync<CreateCharacterRequest, CharacterSummary>(
|
|
playerClient,
|
|
"/api/characters",
|
|
new CreateCharacterRequest("Rogue", campaign.Id));
|
|
|
|
var skill = await PostAsync<CreateSkillRequest, SkillSummary>(
|
|
playerClient,
|
|
$"/api/characters/{playerCharacter.Id}/skills",
|
|
new CreateSkillRequest("Stealth", "2D+1", 1, true));
|
|
Assert.Equal(1, skill.WildDice);
|
|
Assert.True(skill.AllowFumble);
|
|
|
|
await RegisterAsync(observerClient, "observer", "Password123", "Observer");
|
|
await LoginAsync(observerClient, "observer", "Password123");
|
|
await PostAsync<CreateCharacterRequest, CharacterSummary>(
|
|
observerClient,
|
|
"/api/characters",
|
|
new CreateCharacterRequest("Watcher", campaign.Id));
|
|
|
|
var privateRoll = await PostAsync<RollSkillRequest, RollResult>(
|
|
playerClient,
|
|
$"/api/skills/{skill.Id}/roll",
|
|
new RollSkillRequest("private"));
|
|
var publicRoll = await PostAsync<RollSkillRequest, RollResult>(
|
|
playerClient,
|
|
$"/api/skills/{skill.Id}/roll",
|
|
new RollSkillRequest("public"));
|
|
|
|
Assert.Equal("private", privateRoll.Visibility);
|
|
Assert.Equal("public", publicRoll.Visibility);
|
|
|
|
var gmLog = await GetAsync<IReadOnlyList<CampaignLogEntry>>(gmClient, $"/api/campaigns/{campaign.Id}/log");
|
|
Assert.Equal(2, gmLog.Count);
|
|
|
|
var playerLog = await GetAsync<IReadOnlyList<CampaignLogEntry>>(playerClient, $"/api/campaigns/{campaign.Id}/log");
|
|
Assert.Equal(2, playerLog.Count);
|
|
|
|
var observerLog = await GetAsync<IReadOnlyList<CampaignLogEntry>>(observerClient, $"/api/campaigns/{campaign.Id}/log");
|
|
Assert.Single(observerLog);
|
|
Assert.Equal("public", observerLog[0].Visibility);
|
|
|
|
await RegisterAsync(outsiderClient, "outsider", "Password123", "Outsider");
|
|
await LoginAsync(outsiderClient, "outsider", "Password123");
|
|
|
|
var forbiddenCampaign = await outsiderClient.GetAsync($"/api/campaigns/{campaign.Id}");
|
|
Assert.Equal(HttpStatusCode.BadRequest, forbiddenCampaign.StatusCode);
|
|
|
|
var invalidVisibility = await playerClient.PostAsJsonAsync(
|
|
$"/api/skills/{skill.Id}/roll",
|
|
new RollSkillRequest("hidden"));
|
|
Assert.Equal(HttpStatusCode.BadRequest, invalidVisibility.StatusCode);
|
|
|
|
using var anonymousClient = factory.CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
|
|
var unauthorizedCampaignCreate = await anonymousClient.PostAsJsonAsync(
|
|
"/api/campaigns",
|
|
new CreateCampaignRequest("Nope", "d6"));
|
|
Assert.Equal(HttpStatusCode.Unauthorized, unauthorizedCampaignCreate.StatusCode);
|
|
|
|
var invalidSessionRequest = new HttpRequestMessage(HttpMethod.Get, "/api/campaigns");
|
|
invalidSessionRequest.Headers.Add("Cookie", "rpgroller_session=invalid-token");
|
|
var unauthorizedWithInvalidSession = await anonymousClient.SendAsync(invalidSessionRequest);
|
|
Assert.Equal(HttpStatusCode.Unauthorized, unauthorizedWithInvalidSession.StatusCode);
|
|
}
|
|
}
|