Login POST Test Working (#198)

* Got login test working With request verification token
7 years ago · 8941e6b9a6
2 changed files with 44 additions and 15 deletions
--- a/src/Web/Controllers/AccountController.cs
+++ b/src/Web/Controllers/AccountController.cs
@ -52,7 +52,7 @@ namespace Microsoft.eShopWeb.Web.Controllers
        // POST: /Account/SignIn
        [HttpPost]
        [AllowAnonymous]
-        //[ValidateAntiForgeryToken]
+        [ValidateAntiForgeryToken]
        public async Task<IActionResult> SignIn(LoginViewModel model, string returnUrl = null)
        {
            if (!ModelState.IsValid)
--- a/tests/FunctionalTests/Web/Controllers/AccountControllerSignIn.cs
+++ b/tests/FunctionalTests/Web/Controllers/AccountControllerSignIn.cs
@ -2,8 +2,10 @@
 using Microsoft.eShopWeb.Web;
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using Xunit;

@ -31,30 +33,57 @@ namespace Microsoft.eShopWeb.FunctionalTests.Web.Controllers
            Assert.Contains("demouser@microsoft.com", stringResponse);
        }

-        // TODO: Finish this test.
        [Fact]
-        public async Task ReturnsSuccessfulSignInOnPostWithValidCredentials()
+        public async Task RegexMatchesValidRequestVerificationToken()
+        {
+            // TODO: Move to a unit test
+            // TODO: Move regex to a constant in test project
+            var input = @"<input name=""__RequestVerificationToken"" type=""hidden"" value=""CfDJ8Obhlq65OzlDkoBvsSX0tgxFUkIZ_qDDSt49D_StnYwphIyXO4zxfjopCWsygfOkngsL6P0tPmS2HTB1oYW-p_JzE0_MCFb7tF9Ol_qoOg_IC_yTjBNChF0qRgoZPmKYOIJigg7e2rsBsmMZDTdbnGo"" /><input name=""RememberMe"" type=""hidden"" value=""false"" /></form>";
+            string regexpression = @"name=""__RequestVerificationToken"" type=""hidden"" value=""([-A-Za-z0-9+=/\\_]+?)""";
+            var regex = new Regex(regexpression);
+            var match = regex.Match(input);
+            var group = match.Groups.LastOrDefault();
+            Assert.NotNull(group);
+            Assert.True(group.Value.Length > 50);
+        }
+
+        [Fact]
+        public async Task ReturnsFormWithRequestVerificationToken()
+        {
+            var response = await Client.GetAsync("/account/sign-in");
+            response.EnsureSuccessStatusCode();
+            var stringResponse = await response.Content.ReadAsStringAsync();
+
+            string token = GetRequestVerificationToken(stringResponse);
+            Assert.True(token.Length > 50);
+        }
+
+        private string GetRequestVerificationToken(string input)
        {
-            //var response = await Client.GetAsync("/account/sign-in");
-            //response.EnsureSuccessStatusCode();
-            //var stringResponse = await response.Content.ReadAsStringAsync();
-            // TODO: Get the token from a Get call
-            // Ref: https://buildmeasurelearn.wordpress.com/2016/11/23/handling-asp-net-mvcs-anti-forgery-tokens-when-load-testing-with-jmeter/
+            string regexpression = @"name=""__RequestVerificationToken"" type=""hidden"" value=""([-A-Za-z0-9+=/\\_]+?)""";
+            var regex = new Regex(regexpression);
+            var match = regex.Match(input);
+            return match.Groups.LastOrDefault().Value;
+        }

+        [Fact]
+        public async Task ReturnsSuccessfulSignInOnPostWithValidCredentials()
+        {
+            var getResponse = await Client.GetAsync("/account/sign-in");
+            getResponse.EnsureSuccessStatusCode();
+            var stringResponse1 = await getResponse.Content.ReadAsStringAsync();
+            string token = GetRequestVerificationToken(stringResponse1);

            var keyValues = new List<KeyValuePair<string, string>>();
            keyValues.Add(new KeyValuePair<string, string>("Email", "demouser@microsoft.com"));
            keyValues.Add(new KeyValuePair<string, string>("Password", "Pass@word1"));

-            keyValues.Add(new KeyValuePair<string, string>("__RequestVerificationToken", "CfDJ8Obhlq65OzlDkoBvsSX0tgyXhgITd4pD1OocDNYfbIeOkBMVLl3SmcZjyHLFqAlfvNOcWnV73G520010NOL1VaHRODGXZxTNjkIOjOi36YW3Fs5Bb9K9baf0hLFrmFI4P1w-64FURukDzaWRGl0Tzw0"));
+            keyValues.Add(new KeyValuePair<string, string>("__RequestVerificationToken", token));
            var formContent = new FormUrlEncodedContent(keyValues);

-            var response = await Client.PostAsync("/account/sign-in", formContent);
-            //response.EnsureSuccessStatusCode();
-            var stringResponse = await response.Content.ReadAsStringAsync();
-
-            Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
-            Assert.Equal(new System.Uri("/", UriKind.Relative), response.Headers.Location);
+            var postResponse = await Client.PostAsync("/account/sign-in", formContent);
+            Assert.Equal(HttpStatusCode.Redirect, postResponse.StatusCode);
+            Assert.Equal(new System.Uri("/", UriKind.Relative), postResponse.Headers.Location);
        }
    }
 }