using System.Net; using Newtonsoft.Json; namespace AutobusApi.IntegrationTests.Tests; public class IdentityTests : TestsBase { public IdentityTests(CustomWebApplicationFactory factory) : base(factory) {} [Theory] [InlineData("valid@email.xyz", "12qw!@QW")] [InlineData("address@gmail.com", "123qwe!@#QWE")] public async Task Register_ValidCredentials_Returns200Ok(string email, string password) { var credentials = new { Email = email, Password = password }; var response = await _httpClient.PostAsJsonAsync("identity/register", credentials); Assert.Equal(HttpStatusCode.OK, response.StatusCode); } [Theory] [InlineData("email.xyz", "12qw!@QW")] [InlineData("invalid.email.xyz", "12qw!@QW")] [InlineData("invalid@email", "12qw!@QW")] [InlineData("invalid@email.", "12qw!@QW")] [InlineData("invalid@email.c", "12qw!@QW")] [InlineData("@email.xyz", "12qw!@QW")] public async Task Register_InvalidEmail_Returns400BadRequest(string email, string password) { var credentials = new { Email = email, Password = password }; var response = await _httpClient.PostAsJsonAsync("identity/register", credentials); Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); } [Theory] [InlineData("address@email.xyz", "1q!Q")] // Length is less than minimum (8) [InlineData("address@email.xyz", "12qw!@QW12qw!@QW12qw!@QW12qw!@QW12qw!@QW12qw!@QW12qw!@QW12qw!@QW_")] // Length is greater than maximum (64) [InlineData("address@email.xyz", "123456Qq")] // No special characters [InlineData("address@email.xyz", "123456q#")] // No uppercase letters characters [InlineData("address@email.xyz", "123456Q#")] // No lowercase letters characters public async Task Register_InvalidPassword_Returns400BadRequest(string email, string password) { var credentials = new { Email = email, Password = password }; var response = await _httpClient.PostAsJsonAsync("identity/register", credentials); Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); } [Theory] [InlineData("some.address@gmail.com", "Vw35Vpn*A&lzX&)(ghAEX9\"@/Xt\"ip+0")] [InlineData("mail@mydomain.xyz", "Pa$$w0rD")] public async Task RegisterAndLogin_ValidCredentials_Returns200OK(string email, string password) { var credentials = new { Email = email, Password = password }; var registrationResponse = await _httpClient.PostAsJsonAsync("identity/register", credentials); Assert.Equal(HttpStatusCode.OK, registrationResponse.StatusCode); var loginResponse = await _httpClient.PostAsJsonAsync("identity/login", credentials); Assert.Equal(HttpStatusCode.OK, loginResponse.StatusCode); var loginResponseContent = JsonConvert.DeserializeObject(await loginResponse.Content.ReadAsStringAsync()); Assert.NotNull(loginResponseContent); Assert.NotNull(loginResponseContent!.accessToken); Assert.NotEmpty((string) loginResponseContent!.accessToken); Assert.NotNull(loginResponseContent!.refreshToken); Assert.NotEmpty((string) loginResponseContent!.refreshToken); } [Theory] [InlineData("not.registered@email.xyz", "12qw!@QW")] public async Task Login_InvalidCredentials_Returns400BadRequest(string email, string password) { var credentials = new { Email = email, Password = password }; var response = await _httpClient.PostAsJsonAsync("identity/login", credentials); Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); } [Theory] [InlineData("some.address@gmail.com", "Vw35Vpn*A&lzX&)(ghAEX9\"@/Xt\"ip+0", 10)] public async Task RegisterThenLoginThenRenewAccessToken_ValidCredentials_Returns200OK(string email, string password, int renewCout) { var credentials = new { Email = email, Password = password }; var registrationResponse = await _httpClient.PostAsJsonAsync("identity/register", credentials); Assert.Equal(HttpStatusCode.OK, registrationResponse.StatusCode); var loginResponse = await _httpClient.PostAsJsonAsync("identity/login", credentials); Assert.Equal(HttpStatusCode.OK, loginResponse.StatusCode); var loginResponseContent = JsonConvert.DeserializeObject(await loginResponse.Content.ReadAsStringAsync()); Assert.NotNull(loginResponseContent); Assert.NotNull(loginResponseContent!.accessToken); Assert.NotEmpty((string) loginResponseContent!.accessToken); Assert.NotNull(loginResponseContent!.refreshToken); Assert.NotEmpty((string) loginResponseContent!.refreshToken); for (int i = 0; i < renewCout; i++) { var renewAccessTokenRequestBody = new { refreshToken = (string) loginResponseContent!.refreshToken }; var renewAccessTokenResponse = await _httpClient.PostAsJsonAsync("identity/renewAccessToken", renewAccessTokenRequestBody); Assert.Equal(HttpStatusCode.OK, renewAccessTokenResponse.StatusCode); var renewAccessTokenResponseContent = JsonConvert.DeserializeObject(await renewAccessTokenResponse.Content.ReadAsStringAsync()); Assert.NotNull(renewAccessTokenResponseContent); Assert.NotNull(renewAccessTokenResponseContent!.accessToken); Assert.NotEmpty((string) renewAccessTokenResponseContent!.accessToken); Assert.NotNull(renewAccessTokenResponseContent!.refreshToken); Assert.NotEmpty((string) renewAccessTokenResponseContent!.refreshToken); } } [Theory] [InlineData("some.address@gmail.com", "Vw35Vpn*A&lzX&)(ghAEX9\"@/Xt\"ip+0")] public async Task RegisterThenLoginThenRevokeRefreshToken_ValidCredentials_Returns200OK(string email, string password) { var credentials = new { Email = email, Password = password }; var registrationResponse = await _httpClient.PostAsJsonAsync("identity/register", credentials); Assert.Equal(HttpStatusCode.OK, registrationResponse.StatusCode); var loginResponse = await _httpClient.PostAsJsonAsync("identity/login", credentials); Assert.Equal(HttpStatusCode.OK, loginResponse.StatusCode); var loginResponseContent = JsonConvert.DeserializeObject(await loginResponse.Content.ReadAsStringAsync()); Assert.NotNull(loginResponseContent); Assert.NotNull(loginResponseContent!.accessToken); Assert.NotEmpty((string) loginResponseContent!.accessToken); Assert.NotNull(loginResponseContent!.refreshToken); Assert.NotEmpty((string) loginResponseContent!.refreshToken); var revokeRefreshTokenRequestBody = new { refreshToken = (string) loginResponseContent!.refreshToken }; var revokeRefreshTokenResponse = await _httpClient.PostAsJsonAsync("identity/revokeRefreshToken", revokeRefreshTokenRequestBody); Assert.Equal(HttpStatusCode.OK, revokeRefreshTokenResponse.StatusCode); } [Theory] [InlineData("some.address@gmail.com", "Vw35Vpn*A&lzX&)(ghAEX9\"@/Xt\"ip+0")] public async Task RegisterThenLoginThenRevokeRefreshTokenTwice_ValidCredentials_Returns400BadRequest(string email, string password) { var credentials = new { Email = email, Password = password }; var registrationResponse = await _httpClient.PostAsJsonAsync("identity/register", credentials); Assert.Equal(HttpStatusCode.OK, registrationResponse.StatusCode); var loginResponse = await _httpClient.PostAsJsonAsync("identity/login", credentials); Assert.Equal(HttpStatusCode.OK, loginResponse.StatusCode); var loginResponseContent = JsonConvert.DeserializeObject(await loginResponse.Content.ReadAsStringAsync()); Assert.NotNull(loginResponseContent); Assert.NotNull(loginResponseContent!.accessToken); Assert.NotEmpty((string) loginResponseContent!.accessToken); Assert.NotNull(loginResponseContent!.refreshToken); Assert.NotEmpty((string) loginResponseContent!.refreshToken); var revokeRefreshTokenRequestBody = new { refreshToken = (string) loginResponseContent!.refreshToken }; var revokeRefreshTokenResponse = await _httpClient.PostAsJsonAsync("identity/revokeRefreshToken", revokeRefreshTokenRequestBody); Assert.Equal(HttpStatusCode.OK, revokeRefreshTokenResponse.StatusCode); revokeRefreshTokenResponse = await _httpClient.PostAsJsonAsync("identity/revokeRefreshToken", revokeRefreshTokenRequestBody); Assert.Equal(HttpStatusCode.BadRequest, revokeRefreshTokenResponse.StatusCode); } }