Skip to content

Commit b4b1589

Browse files
committed
test(post): return 403 for client generated ids
Issue #21
1 parent 2cc6e3a commit b4b1589

File tree

4 files changed

+81
-2
lines changed

4 files changed

+81
-2
lines changed

src/JsonApiDotNetCore/Controllers/JsonApiController.cs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
using System.Collections;
21
using System.Collections.Generic;
32
using System.Linq;
43
using System.Threading.Tasks;
@@ -139,6 +138,10 @@ public virtual async Task<IActionResult> PostAsync([FromBody] T entity)
139138
return UnprocessableEntity();
140139
}
141140

141+
var stringId = entity.Id.ToString();
142+
if(stringId.Length > 0 && stringId != "0")
143+
return Forbidden();
144+
142145
await _entities.CreateAsync(entity);
143146

144147
return Created(HttpContext.Request.Path, entity);

src/JsonApiDotNetCore/Controllers/JsonApiControllerMixin.cs

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,5 +11,10 @@ protected IActionResult UnprocessableEntity()
1111
{
1212
return new StatusCodeResult(422);
1313
}
14+
15+
protected IActionResult Forbidden()
16+
{
17+
return new StatusCodeResult(403);
18+
}
1419
}
1520
}
Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
using System.Collections.Generic;
2+
using System.Net;
3+
using System.Net.Http;
4+
using System.Net.Http.Headers;
5+
using System.Threading.Tasks;
6+
using Bogus;
7+
using DotNetCoreDocs;
8+
using DotNetCoreDocs.Writers;
9+
using JsonApiDotNetCore.Serialization;
10+
using JsonApiDotNetCore.Services;
11+
using JsonApiDotNetCoreExample;
12+
using JsonApiDotNetCoreExample.Data;
13+
using JsonApiDotNetCoreExample.Models;
14+
using Microsoft.AspNetCore.Hosting;
15+
using Microsoft.AspNetCore.TestHost;
16+
using Newtonsoft.Json;
17+
using Xunit;
18+
19+
namespace JsonApiDotNetCoreExampleTests.Acceptance.Spec
20+
{
21+
[Collection("WebHostCollection")]
22+
public class CreatingDataTests
23+
{
24+
private DocsFixture<Startup, JsonDocWriter> _fixture;
25+
private IJsonApiContext _jsonApiContext;
26+
private Faker<TodoItem> _todoItemFaker;
27+
28+
public CreatingDataTests(DocsFixture<Startup, JsonDocWriter> fixture)
29+
{
30+
_fixture = fixture;
31+
_jsonApiContext = fixture.GetService<IJsonApiContext>();
32+
_todoItemFaker = new Faker<TodoItem>()
33+
.RuleFor(t => t.Description, f => f.Lorem.Sentence())
34+
.RuleFor(t => t.Ordinal, f => f.Random.Number());
35+
}
36+
37+
[Fact]
38+
public async Task Request_With_ClientGeneratedId_Returns_403()
39+
{
40+
// arrange
41+
var builder = new WebHostBuilder()
42+
.UseStartup<Startup>();
43+
var httpMethod = new HttpMethod("POST");
44+
var route = "/api/v1/todo-items";
45+
var server = new TestServer(builder);
46+
var client = server.CreateClient();
47+
var request = new HttpRequestMessage(httpMethod, route);
48+
var todoItem = _todoItemFaker.Generate();
49+
var content = new
50+
{
51+
data = new
52+
{
53+
type = "todo-items",
54+
id = "9999",
55+
attributes = new
56+
{
57+
description = todoItem.Description,
58+
ordinal = todoItem.Ordinal
59+
}
60+
}
61+
};
62+
request.Content = new StringContent(JsonConvert.SerializeObject(content));
63+
request.Content.Headers.ContentType = new MediaTypeHeaderValue("application/vnd.api+json");
64+
65+
// act
66+
var response = await client.SendAsync(request);
67+
68+
// assert
69+
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
70+
}
71+
}
72+
}

test/JsonApiDotNetCoreExampleTests/Acceptance/Spec/DocumentTests/PagingTests.cs

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
using JsonApiDotNetCoreExample.Data;
1414
using Bogus;
1515
using JsonApiDotNetCoreExample.Models;
16-
using System.Linq;
1716
using System;
1817

1918
namespace JsonApiDotNetCoreExampleTests.Acceptance.Spec.DocumentTests

0 commit comments

Comments
 (0)