using System; using System.Net; using System.Net.Http; using System.Net.Http.Json; using System.Threading.Tasks; using System.Linq; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Hosting.Server; using Microsoft.AspNetCore.Hosting.Server.Features; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Xunit; using XWorld.Server.Auth; namespace XWorld.Server.Auth.Tests { public class AuthEndpointsTests : IAsyncLifetime { WebApplication _app; HttpClient _http; AccountStore _store; public async Task InitializeAsync() { _store = new AccountStore("Data Source=ep_" + Guid.NewGuid().ToString("N") + ";Mode=Memory;Cache=Shared"); var tokens = new TokenService(new byte[32]); var builder = WebApplication.CreateBuilder(); builder.Logging.ClearProviders(); builder.WebHost.ConfigureKestrel(o => o.Listen(System.Net.IPAddress.Loopback, 0)); _app = builder.Build(); AuthEndpoints.Map(_app, _store, tokens, TimeSpan.FromHours(1)); await _app.StartAsync(); string baseUrl = _app.Services.GetRequiredService() .Features.Get().Addresses.First(); _http = new HttpClient { BaseAddress = new Uri(baseUrl) }; } public async Task DisposeAsync() { _http?.Dispose(); _store?.Dispose(); await _app.DisposeAsync(); } [Fact] public async Task Register_then_login_yields_token_and_pid() { var reg = await _http.PostAsJsonAsync("/register", new { username = "neo", password = "redpill1" }); Assert.Equal(HttpStatusCode.OK, reg.StatusCode); var regBody = await reg.Content.ReadFromJsonAsync(); Assert.True(regBody.pid > 0); Assert.False(string.IsNullOrEmpty(regBody.token)); var login = await _http.PostAsJsonAsync("/login", new { username = "neo", password = "redpill1" }); Assert.Equal(HttpStatusCode.OK, login.StatusCode); var loginBody = await login.Content.ReadFromJsonAsync(); Assert.Equal(regBody.pid, loginBody.pid); } [Fact] public async Task Register_duplicate_returns_409() { await _http.PostAsJsonAsync("/register", new { username = "dup", password = "pw123456" }); var again = await _http.PostAsJsonAsync("/register", new { username = "dup", password = "pw123456" }); Assert.Equal(HttpStatusCode.Conflict, again.StatusCode); } [Fact] public async Task Login_wrong_password_returns_401() { await _http.PostAsJsonAsync("/register", new { username = "trinity", password = "pw123456" }); var bad = await _http.PostAsJsonAsync("/login", new { username = "trinity", password = "WRONG" }); Assert.Equal(HttpStatusCode.Unauthorized, bad.StatusCode); } [Fact] public async Task Register_empty_fields_returns_400() { var r = await _http.PostAsJsonAsync("/register", new { username = "", password = "" }); Assert.Equal(HttpStatusCode.BadRequest, r.StatusCode); } } }