Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CompanyHost role and make it authorize like a Volunteer #128

Open
wants to merge 2 commits into
base: development
Choose a base branch
from
Open

Add CompanyHost role and make it authorize like a Volunteer #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a9608bc
Add CompanyHost role and make it authorize like a Volunteer
adammansson May 4, 2023
025856b
Added a test and fixed small test bug
AlexanderHansson4225 May 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 52 additions & 14 deletions Nexpo.Tests/Controllers/ContactsControllerTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,15 @@


namespace Nexpo.Tests.Controllers
{
{
public class ContactControllerTests
{
[Fact]
public async Task adminCreateAndDeleteContact()
{
//Setup
var client = await TestUtils.Login("admin");

//Create contact
var DTO = new CreateContactDTO()
{
Expand Down Expand Up @@ -52,7 +52,7 @@ public async Task adminCreateAndDeleteContact()
getResponse = await client.GetAsync("/api/contacts/");
contacts = JsonConvert.DeserializeObject<List<Contact>>(await getResponse.Content.ReadAsStringAsync());
Assert.True(contacts.Count == numberOfContacts + 1, "Wrong number of contacts. Expected: " + (numberOfContacts + 1) + ". Received: " + contacts.Count);

//Delete contact
var deleteResponse = await client.DeleteAsync("/api/contacts/" + responseContact.Id);
Assert.True(deleteResponse.StatusCode.Equals(HttpStatusCode.NoContent), "Wrong Status Code. Expected: NoContent. Received: " + deleteResponse.StatusCode.ToString());
Expand All @@ -65,7 +65,7 @@ public async Task adminCreateAndDeleteContact()
getResponse = await client.GetAsync("/api/contacts/");
contacts = JsonConvert.DeserializeObject<List<Contact>>(await getResponse.Content.ReadAsStringAsync());
Assert.True(contacts.Count == numberOfContacts, "Wrong number of contacts. Expected: " + numberOfContacts + ". Received: " + contacts.Count);

}

[Fact]
Expand All @@ -92,7 +92,8 @@ public async Task addingDuplicateContact()
}

[Fact]
public async Task volunteerCreateContact(){
public async Task volunteerCreateContact()
{
//Login
var client = await TestUtils.Login("volunteer");

Expand Down Expand Up @@ -131,6 +132,45 @@ public async Task volunteerGetContact()
Assert.True(responseContact.PhoneNumber == "003-333 33 33", "Wrong phone number. Expected: 003-333 33 33. Received: " + responseContact.PhoneNumber);
}

[Fact]
public async Task companyHostGetContact()
{
// Make sure that CompanyHosts can access contacts, even though it's only explicitly authorized for Volunteers

//Login as companyHost
var client = await TestUtils.Login("companyhost");

//Get contact and simply check status code
var response = await client.GetAsync("/api/contacts/-3");
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}

[Fact]
public async Task companyHostPutContact()
{
//Login as companyHost
var client = await TestUtils.Login("companyhost");

var DTO = new CreateContactDTO()
{
FirstName = "Test",
LastName = "Testsson",
PhoneNumber = "123-456 78 90",
Email = "[email protected]",
RoleInArkad = "Tester"
};

//serialize json
var payload = new StringContent(DTO.ToString(), Encoding.UTF8, "application/json");

//Get contact and check status code
var response = await client.PutAsync("/api/contacts/add", payload);

Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);

}


[Fact]
public async Task nonAuthorizedGetContact()
{
Expand All @@ -153,6 +193,7 @@ public async Task retrieveNonExistingContact()
Assert.True(response.StatusCode.Equals(HttpStatusCode.NotFound), "Wrong Status Code. Expected: NotFound. Received: " + response.StatusCode.ToString());

}

[Fact]
public async Task getAllContactsAsVolunteerTest()
{
Expand Down Expand Up @@ -213,7 +254,7 @@ public async Task getAllContactsAsStudentTest()
{
//Login
var client = await TestUtils.Login("student1");

//Disallow access for student
var response = await client.GetAsync("/api/contacts");
Assert.True(response.StatusCode.Equals(HttpStatusCode.Forbidden), "Wrong status code. Expected: Forbidden. Received: " + response.StatusCode.ToString());
Expand All @@ -233,8 +274,9 @@ public async Task getAllContactsWhileNotLoggedInTest()
}

[Fact]
public async Task NonAdminUpdateContactTest(){
//LOgin
public async Task NonAdminUpdateContactTest()
{
//Login
var client = await TestUtils.Login("volunteer");

//Update information
Expand All @@ -252,6 +294,7 @@ public async Task NonAdminUpdateContactTest(){

Assert.True(response.StatusCode.Equals(HttpStatusCode.Forbidden), "Wrong status code. Expected: Forbidden. Received: " + response.StatusCode.ToString());
}

[Fact]
public async Task updateContactAsAdminTest()
{
Expand All @@ -273,7 +316,7 @@ public async Task updateContactAsAdminTest()
var payload = new StringContent(json.ToString(), Encoding.UTF8, "application/json");
var response = await client.PutAsync("api/contacts/-2", payload);
Assert.True(response.StatusCode.Equals(HttpStatusCode.OK), "Wrong Status Code. Expected: OK. Received: " + response.ToString());

//Restore information
var json2 = new JsonObject
{
Expand Down Expand Up @@ -308,10 +351,5 @@ public async Task updateContactAsAdminTest()
Assert.True(responseObject2.Email == "[email protected]", "Wrong email. Expected: [email protected]. Received: " + responseObject2.Email);
Assert.True(responseObject2.RoleInArkad == "Head of IT", "Wrong role in arkad. Expected: Head of IT. Received: " + responseObject2.RoleInArkad);
}


}



}
8 changes: 6 additions & 2 deletions Nexpo.Tests/Controllers/TestUtils.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ public static async Task<HttpClient> Login(string user)
json.Add("email", "[email protected]");
json.Add("password", "password");
break;
case "companyhost":
json.Add("email", "[email protected]");
json.Add("password", "password");
break;
case "student1":
json.Add("email", "[email protected]");
json.Add("password", "password");
Expand Down Expand Up @@ -71,7 +75,7 @@ public static async Task<HttpClient> Login(string user)
json.Add("password", "password");
break;
default:
return null;
return null;
}

var payload = new StringContent(json.ToString(), Encoding.UTF8, "application/json");
Expand All @@ -81,6 +85,6 @@ public static async Task<HttpClient> Login(string user)
token = "Bearer " + parser.Value<String>("token");
client.DefaultRequestHeaders.Add("Authorization", token);
return client;
}
}
}
}
26 changes: 14 additions & 12 deletions Nexpo.Tests/Controllers/UsersControllerTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,10 @@ public async Task GetAllAsAdmin()
//Extract the content of the response and deserialize it to a User object
var serializedUser = await response.Content.ReadAsStringAsync();
var user = JsonConvert.DeserializeObject<User>(serializedUser);

//Check that the role of the user is now Volunteer
Assert.True(
user.Role.Equals(Role.Volunteer),
user.Role.Equals(Role.Volunteer),
"Wrong role. Expected: CompanyRepresentative. Received: " + user.Role.ToString()
);

Expand All @@ -74,20 +74,21 @@ public async Task GetAllAsAdmin()

var response2 = await client.PutAsync("api/users/-5", payload2);
Assert.True(
response2.StatusCode.Equals(HttpStatusCode.OK),
response2.StatusCode.Equals(HttpStatusCode.OK),
"Wrong status code. Expected: OK. Received: " + response2.StatusCode.ToString()
);

var user2 = JsonConvert.DeserializeObject<User>(await response2.Content.ReadAsStringAsync());
Assert.True(
user2.Role.Equals(Role.CompanyRepresentative),
user2.Role.Equals(Role.CompanyRepresentative),
"Wrong role. Expected: CompanyRepresentative. Received: " + user2.Role.ToString()
);

}

[Fact]
public async Task AdminChangeNonExistingUserRole(){
public async Task AdminChangeNonExistingUserRole()
{
var client = await TestUtils.Login("admin");
var updateRoleDto = new UpdateUserDTO
{
Expand All @@ -106,7 +107,8 @@ public async Task AdminChangeNonExistingUserRole(){
}

[Fact]
public async Task NonAdminChangeRole(){
public async Task NonAdminChangeRole()
{
var client = await TestUtils.Login("student1");
var updateRoleDto = new UpdateUserDTO
{
Expand All @@ -123,7 +125,7 @@ public async Task NonAdminChangeRole(){
"Wrong status code. Expected: Forbidden. Received: " + response.StatusCode.ToString()
);
}

[Fact]
public async Task AdminGetAllUsers()
{
Expand All @@ -136,8 +138,8 @@ public async Task AdminGetAllUsers()
var userAdmin = responseList.Find(user => user.Id == -1);
var userStudent = responseList.Find(user => user.Id == -2);
var userRep = responseList.Find(user => user.Id == -5);
Assert.True(responseList.Count == 10, "Wrong number of users. Expected: 10. Received: " + responseList.Count.ToString());

Assert.True(responseList.Count == 11, "Wrong number of users. Expected: 11. Received: " + responseList.Count.ToString());
Assert.True(userAdmin.Role.Equals(Role.Administrator), "Wrong user role. Expected: admin. Received: " + userAdmin.Role.ToString());
Assert.True(userStudent.FirstName.Equals("Alpha"), "Wrong user first name. Expected: Alpha. Received: " + userStudent.FirstName);
Assert.True(userRep.CompanyId == -1, "Wrong company id. Expected: -1. Received: " + userRep.CompanyId.ToString());
Expand Down Expand Up @@ -215,7 +217,7 @@ public async Task GetAsStudent()
public async Task UpdateAsAdmin()
{
var application = new WebApplicationFactory<Program>();
var client = await TestUtils.Login("admin");
var client = await TestUtils.Login("admin");

var json = new JsonObject
{
Expand Down Expand Up @@ -457,7 +459,7 @@ public async Task updateMe()
{ "email", "[email protected]" },
{ "password", "password" }
};

var testPayload = new StringContent(testJson.ToString(), Encoding.UTF8, "application/json");
var testResponse = await testClient.PostAsync("/api/session/signin", testPayload);

Expand Down Expand Up @@ -545,7 +547,7 @@ public async Task UpdateMeUnautherized()
{
{ "password", "newSuperSecretPassword" }
};

var payload = new StringContent(json.ToString(), Encoding.UTF8, "application/json");
var response = await client.PutAsync("api/users/me", payload);

Expand Down
25 changes: 16 additions & 9 deletions Nexpo/Controllers/Session/SessionController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,19 +23,19 @@ public class SessionController : ControllerBase
private readonly IEmailService _emailService;

public SessionController(
IUserRepository iUserRepo,
IStudentRepository iStudentRepo,
ICompanyRepository iCompanyRepo,
IUserRepository iUserRepo,
IStudentRepository iStudentRepo,
ICompanyRepository iCompanyRepo,
PasswordService passwordService,
TokenService tokenService,
IEmailService iEmailService)
{
_userRepo = iUserRepo;
_studentRepo = iStudentRepo;
_companyRepo = iCompanyRepo;
_userRepo = iUserRepo;
_studentRepo = iStudentRepo;
_companyRepo = iCompanyRepo;
_passwordService = passwordService;
_tokenService = tokenService;
_emailService = iEmailService;
_tokenService = tokenService;
_emailService = iEmailService;
}

/// <summary>
Expand Down Expand Up @@ -86,6 +86,13 @@ public async Task<IActionResult> PostSignIn(SignInRequestDTO credentials)
claims.Add(new Claim(UserClaims.VolunteerId, volunteer.Id.ToString()));
}

if (user.Role == Role.CompanyHost)
{
// A CompanyHost is also a Volunteer
// TL;DR: This claim makes a CompanyHost authorized whenever [Authorize(Roles = nameof(Role.Volunteer))] is used
claims.Add(new Claim(UserClaims.Role, nameof(Role.Volunteer)));
}

var jwt = _tokenService.GenerateJWT(claims);

return Ok(new SignInResponseDTO { Token = jwt });
Expand Down Expand Up @@ -139,7 +146,7 @@ public async Task<ActionResult> PostResetPassword(ResetPasswordDTO DTO)
public static class UserClaims
{
public static readonly string Id = nameof(Id);
public static readonly string Role = ClaimTypes.Role;
public static readonly string Role = ClaimTypes.Role;
public static readonly string CompanyId = nameof(CompanyId);
public static readonly string StudentId = nameof(StudentId);
public static readonly string VolunteerId = nameof(VolunteerId);
Expand Down
Loading