Nell/eShopOnWeb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Login POST Test Working (#198)

Browse Source 
* Got login test working

With request verification token
This commit is contained in:
Steve Smith
2019-01-25 13:54:35 -05:00
committed by GitHub
parent 1b610dd7a4
commit 8941e6b9a6
2 changed files with 44 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Web/Controllers/AccountController.cs
View File

@@ -52,7 +52,7 @@ namespace Microsoft.eShopWeb.Web.Controllers
// POST: /Account/SignIn // POST: /Account/SignIn
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
//[ValidateAntiForgeryToken] [ValidateAntiForgeryToken]
public async Task<IActionResult> SignIn(LoginViewModel model, string returnUrl = null) public async Task<IActionResult> SignIn(LoginViewModel model, string returnUrl = null)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)

57
tests/FunctionalTests/Web/Controllers/AccountControllerSignIn.cs
View File

@@ -2,8 +2,10 @@
using Microsoft.eShopWeb.Web; using Microsoft.eShopWeb.Web;
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq;
using System.Net; using System.Net;
using System.Net.Http; using System.Net.Http;
using System.Text.RegularExpressions;
using System.Threading.Tasks; using System.Threading.Tasks;
using Xunit; using Xunit;
@@ -31,30 +33,57 @@ namespace Microsoft.eShopWeb.FunctionalTests.Web.Controllers
Assert.Contains("demouser@microsoft.com", stringResponse); Assert.Contains("demouser@microsoft.com", stringResponse);
} }
// TODO: Finish this test. [Fact]
public async Task RegexMatchesValidRequestVerificationToken()
{
// TODO: Move to a unit test
// TODO: Move regex to a constant in test project
var input = @"<input name=""__RequestVerificationToken"" type=""hidden"" value=""CfDJ8Obhlq65OzlDkoBvsSX0tgxFUkIZ_qDDSt49D_StnYwphIyXO4zxfjopCWsygfOkngsL6P0tPmS2HTB1oYW-p_JzE0_MCFb7tF9Ol_qoOg_IC_yTjBNChF0qRgoZPmKYOIJigg7e2rsBsmMZDTdbnGo"" /><input name=""RememberMe"" type=""hidden"" value=""false"" /></form>";
string regexpression = @"name=""__RequestVerificationToken"" type=""hidden"" value=""([-A-Za-z0-9+=/\\_]+?)""";
var regex = new Regex(regexpression);
var match = regex.Match(input);
var group = match.Groups.LastOrDefault();
Assert.NotNull(group);
Assert.True(group.Value.Length > 50);
}
[Fact]
public async Task ReturnsFormWithRequestVerificationToken()
{
var response = await Client.GetAsync("/account/sign-in");
response.EnsureSuccessStatusCode();
var stringResponse = await response.Content.ReadAsStringAsync();
string token = GetRequestVerificationToken(stringResponse);
Assert.True(token.Length > 50);
}
private string GetRequestVerificationToken(string input)
{
string regexpression = @"name=""__RequestVerificationToken"" type=""hidden"" value=""([-A-Za-z0-9+=/\\_]+?)""";
var regex = new Regex(regexpression);
var match = regex.Match(input);
return match.Groups.LastOrDefault().Value;
}
[Fact] [Fact]
public async Task ReturnsSuccessfulSignInOnPostWithValidCredentials() public async Task ReturnsSuccessfulSignInOnPostWithValidCredentials()
{ {
//var response = await Client.GetAsync("/account/sign-in"); var getResponse = await Client.GetAsync("/account/sign-in");
//response.EnsureSuccessStatusCode(); getResponse.EnsureSuccessStatusCode();
//var stringResponse = await response.Content.ReadAsStringAsync(); var stringResponse1 = await getResponse.Content.ReadAsStringAsync();
// TODO: Get the token from a Get call string token = GetRequestVerificationToken(stringResponse1);
// Ref: https://buildmeasurelearn.wordpress.com/2016/11/23/handling-asp-net-mvcs-anti-forgery-tokens-when-load-testing-with-jmeter/
var keyValues = new List<KeyValuePair<string, string>>(); var keyValues = new List<KeyValuePair<string, string>>();
keyValues.Add(new KeyValuePair<string, string>("Email", "demouser@microsoft.com")); keyValues.Add(new KeyValuePair<string, string>("Email", "demouser@microsoft.com"));
keyValues.Add(new KeyValuePair<string, string>("Password", "Pass@word1")); keyValues.Add(new KeyValuePair<string, string>("Password", "Pass@word1"));
keyValues.Add(new KeyValuePair<string, string>("__RequestVerificationToken", "CfDJ8Obhlq65OzlDkoBvsSX0tgyXhgITd4pD1OocDNYfbIeOkBMVLl3SmcZjyHLFqAlfvNOcWnV73G520010NOL1VaHRODGXZxTNjkIOjOi36YW3Fs5Bb9K9baf0hLFrmFI4P1w-64FURukDzaWRGl0Tzw0")); keyValues.Add(new KeyValuePair<string, string>("__RequestVerificationToken", token));
var formContent = new FormUrlEncodedContent(keyValues); var formContent = new FormUrlEncodedContent(keyValues);
var response = await Client.PostAsync("/account/sign-in", formContent); var postResponse = await Client.PostAsync("/account/sign-in", formContent);
//response.EnsureSuccessStatusCode(); Assert.Equal(HttpStatusCode.Redirect, postResponse.StatusCode);
var stringResponse = await response.Content.ReadAsStringAsync(); Assert.Equal(new System.Uri("/", UriKind.Relative), postResponse.Headers.Location);
Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
Assert.Equal(new System.Uri("/", UriKind.Relative), response.Headers.Location);
} }
} }
} }