376 lines
17 KiB
C#
376 lines
17 KiB
C#
// Copyright (c) Microsoft Corporation. All rights reserved. See License.txt in the project root for license information.
|
|
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.IO;
|
|
using System.Linq;
|
|
using System.Net;
|
|
using System.Net.Http;
|
|
using System.Net.Http.Headers;
|
|
using System.Runtime.Serialization;
|
|
using System.Text;
|
|
using System.Threading;
|
|
using System.Web.Http;
|
|
using System.Web.Http.Controllers;
|
|
using System.Web.Http.Dispatcher;
|
|
using System.Web.Http.Filters;
|
|
using System.Web.Http.Routing;
|
|
using Microsoft.Web.Http.Data.Test.Models;
|
|
using Newtonsoft.Json;
|
|
using Xunit;
|
|
using Assert = Microsoft.TestCommon.AssertEx;
|
|
|
|
namespace Microsoft.Web.Http.Data.Test
|
|
{
|
|
public class DataControllerSubmitTests
|
|
{
|
|
// Verify that POSTs directly to CUD actions still go through the submit pipeline
|
|
[Fact]
|
|
public void Submit_Proxy_Insert()
|
|
{
|
|
Order order = new Order { OrderID = 1, OrderDate = DateTime.Now };
|
|
|
|
HttpResponseMessage response = this.ExecuteSelfHostRequest(TestConstants.CatalogUrl + "InsertOrder", "Catalog", order);
|
|
Order resultOrder = response.Content.ReadAsAsync<Order>().Result;
|
|
Assert.NotNull(resultOrder);
|
|
}
|
|
|
|
// Submit a changeset with multiple entries
|
|
[Fact]
|
|
public void Submit_Multiple_Success()
|
|
{
|
|
Order order = new Order { OrderID = 1, OrderDate = DateTime.Now };
|
|
Product product = new Product { ProductID = 1, ProductName = "Choco Wafers" };
|
|
ChangeSetEntry[] changeSet = new ChangeSetEntry[] {
|
|
new ChangeSetEntry { Id = 1, Entity = order, Operation = ChangeOperation.Insert },
|
|
new ChangeSetEntry { Id = 2, Entity = product, Operation = ChangeOperation.Update }
|
|
};
|
|
|
|
ChangeSetEntry[] resultChangeSet = this.ExecuteSubmit(TestConstants.CatalogUrl + "Submit", "Catalog", changeSet);
|
|
Assert.Equal(2, resultChangeSet.Length);
|
|
Assert.True(resultChangeSet.All(p => !p.HasError));
|
|
}
|
|
|
|
// Submit a changeset with one parent object and multiple dependent children
|
|
[Fact]
|
|
public void Submit_Tree_Success()
|
|
{
|
|
Order order = new Order { OrderID = 1, OrderDate = DateTime.Now };
|
|
Order_Detail d1 = new Order_Detail { ProductID = 1 };
|
|
Order_Detail d2 = new Order_Detail { ProductID = 2 };
|
|
Dictionary<string, int[]> detailsAssociation = new Dictionary<string, int[]>();
|
|
detailsAssociation.Add("Order_Details", new int[] { 2, 3 });
|
|
ChangeSetEntry[] changeSet = new ChangeSetEntry[] {
|
|
new ChangeSetEntry { Id = 1, Entity = order, Operation = ChangeOperation.Insert, Associations = detailsAssociation },
|
|
new ChangeSetEntry { Id = 2, Entity = d1, Operation = ChangeOperation.Insert },
|
|
new ChangeSetEntry { Id = 3, Entity = d2, Operation = ChangeOperation.Insert }
|
|
};
|
|
|
|
ChangeSetEntry[] resultChangeSet = this.ExecuteSubmit(TestConstants.CatalogUrl + "Submit", "Catalog", changeSet);
|
|
Assert.Equal(3, resultChangeSet.Length);
|
|
Assert.True(resultChangeSet.All(p => !p.HasError));
|
|
}
|
|
|
|
/// <summary>
|
|
/// End to end validation scenario showing changeset validation. DataAnnotations validation attributes are applied to
|
|
/// the model by DataController metadata providers (metadata coming all the way from the EF model, as well as "buddy
|
|
/// class" metadata), and these are validated during changeset validation. The validation results per entity/member are
|
|
/// returned via the changeset and verified.
|
|
/// </summary>
|
|
[Fact]
|
|
public void Submit_Validation_Failure()
|
|
{
|
|
Microsoft.Web.Http.Data.Test.Models.EF.Product newProduct = new Microsoft.Web.Http.Data.Test.Models.EF.Product { ProductID = 1, ProductName = String.Empty, UnitPrice = -1 };
|
|
Microsoft.Web.Http.Data.Test.Models.EF.Product updateProduct = new Microsoft.Web.Http.Data.Test.Models.EF.Product { ProductID = 1, ProductName = new string('x', 50), UnitPrice = 55.77M };
|
|
ChangeSetEntry[] changeSet = new ChangeSetEntry[] {
|
|
new ChangeSetEntry { Id = 1, Entity = newProduct, Operation = ChangeOperation.Insert },
|
|
new ChangeSetEntry { Id = 2, Entity = updateProduct, Operation = ChangeOperation.Update }
|
|
};
|
|
|
|
HttpResponseMessage response = this.ExecuteSelfHostRequest("http://testhost/NorthwindEFTest/Submit", "NorthwindEFTest", changeSet);
|
|
changeSet = response.Content.ReadAsAsync<ChangeSetEntry[]>().Result;
|
|
|
|
// errors for the new product
|
|
ValidationResultInfo[] errors = changeSet[0].ValidationErrors.ToArray();
|
|
Assert.Equal(2, errors.Length);
|
|
Assert.True(changeSet[0].HasError);
|
|
|
|
// validation rule inferred from EF model
|
|
Assert.Equal("ProductName", errors[0].SourceMemberNames.Single());
|
|
Assert.Equal("The ProductName field is required.", errors[0].Message);
|
|
|
|
// validation rule coming from buddy class
|
|
Assert.Equal("UnitPrice", errors[1].SourceMemberNames.Single());
|
|
Assert.Equal("The field UnitPrice must be between 0 and 1000000.", errors[1].Message);
|
|
|
|
// errors for the updated product
|
|
errors = changeSet[1].ValidationErrors.ToArray();
|
|
Assert.Equal(1, errors.Length);
|
|
Assert.True(changeSet[1].HasError);
|
|
|
|
// validation rule inferred from EF model
|
|
Assert.Equal("ProductName", errors[0].SourceMemberNames.Single());
|
|
Assert.Equal("The field ProductName must be a string with a maximum length of 40.", errors[0].Message);
|
|
}
|
|
|
|
[Fact]
|
|
public void Submit_Authorization_Success()
|
|
{
|
|
TestAuthAttribute.Reset();
|
|
|
|
Product product = new Product { ProductID = 1, ProductName = "Choco Wafers" };
|
|
ChangeSetEntry[] changeSet = new ChangeSetEntry[] {
|
|
new ChangeSetEntry { Id = 1, Entity = product, Operation = ChangeOperation.Update }
|
|
};
|
|
|
|
ChangeSetEntry[] resultChangeSet = this.ExecuteSubmit("http://testhost/TestAuth/Submit", "TestAuth", changeSet);
|
|
Assert.Equal(1, resultChangeSet.Length);
|
|
Assert.True(TestAuthAttribute.Log.SequenceEqual(new string[] { "Global", "Class", "SubmitMethod", "UserMethod" }));
|
|
}
|
|
|
|
[Fact]
|
|
public void Submit_Authorization_Fail_UserMethod()
|
|
{
|
|
TestAuthAttribute.Reset();
|
|
|
|
Product product = new Product { ProductID = 1, ProductName = "Choco Wafers" };
|
|
ChangeSetEntry[] changeSet = new ChangeSetEntry[] {
|
|
new ChangeSetEntry { Id = 1, Entity = product, Operation = ChangeOperation.Update }
|
|
};
|
|
|
|
TestAuthAttribute.FailLevel = "UserMethod";
|
|
HttpResponseMessage response = this.ExecuteSelfHostRequest("http://testhost/TestAuth/Submit", "TestAuth", changeSet);
|
|
|
|
Assert.True(TestAuthAttribute.Log.SequenceEqual(new string[] { "Global", "Class", "SubmitMethod", "UserMethod" }));
|
|
Assert.Equal("Not Authorized", response.ReasonPhrase);
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public void Submit_Authorization_Fail_SubmitMethod()
|
|
{
|
|
TestAuthAttribute.Reset();
|
|
|
|
Product product = new Product { ProductID = 1, ProductName = "Choco Wafers" };
|
|
ChangeSetEntry[] changeSet = new ChangeSetEntry[] {
|
|
new ChangeSetEntry { Id = 1, Entity = product, Operation = ChangeOperation.Update }
|
|
};
|
|
|
|
TestAuthAttribute.FailLevel = "SubmitMethod";
|
|
HttpResponseMessage response = this.ExecuteSelfHostRequest("http://testhost/TestAuth/Submit", "TestAuth", changeSet);
|
|
|
|
Assert.True(TestAuthAttribute.Log.SequenceEqual(new string[] { "Global", "Class", "SubmitMethod" }));
|
|
Assert.Equal("Not Authorized", response.ReasonPhrase);
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public void Submit_Authorization_Fail_Class()
|
|
{
|
|
TestAuthAttribute.Reset();
|
|
|
|
Product product = new Product { ProductID = 1, ProductName = "Choco Wafers" };
|
|
ChangeSetEntry[] changeSet = new ChangeSetEntry[] {
|
|
new ChangeSetEntry { Id = 1, Entity = product, Operation = ChangeOperation.Update }
|
|
};
|
|
|
|
TestAuthAttribute.FailLevel = "Class";
|
|
HttpResponseMessage response = this.ExecuteSelfHostRequest("http://testhost/TestAuth/Submit", "TestAuth", changeSet);
|
|
|
|
Assert.True(TestAuthAttribute.Log.SequenceEqual(new string[] { "Global", "Class" }));
|
|
Assert.Equal("Not Authorized", response.ReasonPhrase);
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public void Submit_Authorization_Fail_Global()
|
|
{
|
|
TestAuthAttribute.Reset();
|
|
|
|
Product product = new Product { ProductID = 1, ProductName = "Choco Wafers" };
|
|
ChangeSetEntry[] changeSet = new ChangeSetEntry[] {
|
|
new ChangeSetEntry { Id = 1, Entity = product, Operation = ChangeOperation.Update }
|
|
};
|
|
|
|
TestAuthAttribute.FailLevel = "Global";
|
|
HttpResponseMessage response = this.ExecuteSelfHostRequest("http://testhost/TestAuth/Submit", "TestAuth", changeSet);
|
|
|
|
Assert.True(TestAuthAttribute.Log.SequenceEqual(new string[] { "Global" }));
|
|
Assert.Equal("Not Authorized", response.ReasonPhrase);
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
}
|
|
|
|
// Verify that a CUD operation that isn't supported for a given entity type
|
|
// results in a server error
|
|
[Fact]
|
|
public void Submit_ResolveActions_UnsupportedAction()
|
|
{
|
|
Product product = new Product { ProductID = 1, ProductName = "Choco Wafers" };
|
|
ChangeSetEntry[] changeSet = new ChangeSetEntry[] {
|
|
new ChangeSetEntry { Id = 1, Entity = product, Operation = ChangeOperation.Delete }
|
|
};
|
|
|
|
HttpConfiguration configuration = new HttpConfiguration();
|
|
HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor(configuration, "NorthwindEFTestController", typeof(NorthwindEFTestController));
|
|
DataControllerDescription description = DataControllerDescription.GetDescription(controllerDescriptor);
|
|
Assert.Throws<InvalidOperationException>(
|
|
() => DataController.ResolveActions(description, changeSet),
|
|
String.Format(Resource.DataController_InvalidAction, "Delete", "Product"));
|
|
}
|
|
|
|
/// <summary>
|
|
/// Execute a full roundtrip Submit request for the specified changeset, going through
|
|
/// the full serialization pipeline.
|
|
/// </summary>
|
|
private ChangeSetEntry[] ExecuteSubmit(string url, string controllerName, ChangeSetEntry[] changeSet)
|
|
{
|
|
HttpResponseMessage response = this.ExecuteSelfHostRequest(url, controllerName, changeSet);
|
|
ChangeSetEntry[] resultChangeSet = GetChangesetResponse(response);
|
|
return changeSet;
|
|
}
|
|
|
|
private HttpResponseMessage ExecuteSelfHostRequest(string url, string controller, object data)
|
|
{
|
|
return ExecuteSelfHostRequest(url, controller, data, "application/json");
|
|
}
|
|
|
|
private HttpResponseMessage ExecuteSelfHostRequest(string url, string controller, object data, string mediaType)
|
|
{
|
|
HttpConfiguration config = new HttpConfiguration();
|
|
IHttpRoute routeData;
|
|
if (!config.Routes.TryGetValue(controller, out routeData))
|
|
{
|
|
HttpRoute route = new HttpRoute("{controller}/{action}", new HttpRouteValueDictionary(controller));
|
|
config.Routes.Add(controller, route);
|
|
}
|
|
|
|
HttpControllerDispatcher dispatcher = new HttpControllerDispatcher(config);
|
|
HttpServer server = new HttpServer(config, dispatcher);
|
|
HttpMessageInvoker invoker = new HttpMessageInvoker(server);
|
|
|
|
string serializedChangeSet = String.Empty;
|
|
if (mediaType == "application/json")
|
|
{
|
|
JsonSerializer serializer = new JsonSerializer() { PreserveReferencesHandling = PreserveReferencesHandling.Objects, TypeNameHandling = TypeNameHandling.All };
|
|
MemoryStream ms = new MemoryStream();
|
|
JsonWriter writer = new JsonTextWriter(new StreamWriter(ms));
|
|
serializer.Serialize(writer, data);
|
|
writer.Flush();
|
|
ms.Seek(0, 0);
|
|
serializedChangeSet = Encoding.UTF8.GetString(ms.GetBuffer()).TrimEnd('\0');
|
|
}
|
|
else
|
|
{
|
|
DataContractSerializer ser = new DataContractSerializer(data.GetType(), GetTestKnownTypes());
|
|
MemoryStream ms = new MemoryStream();
|
|
ser.WriteObject(ms, data);
|
|
ms.Flush();
|
|
ms.Seek(0, 0);
|
|
serializedChangeSet = Encoding.UTF8.GetString(ms.GetBuffer()).TrimEnd('\0');
|
|
}
|
|
|
|
HttpRequestMessage request = TestHelpers.CreateTestMessage(url, HttpMethod.Post, config);
|
|
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(mediaType));
|
|
request.Content = new StringContent(serializedChangeSet, Encoding.UTF8, mediaType);
|
|
|
|
return invoker.SendAsync(request, CancellationToken.None).Result;
|
|
}
|
|
|
|
/// <summary>
|
|
/// For the given Submit response, serialize and deserialize the content. This forces the
|
|
/// formatter pipeline to run so we can verify that registered serializers are being used
|
|
/// properly.
|
|
/// </summary>
|
|
private ChangeSetEntry[] GetChangesetResponse(HttpResponseMessage responseMessage)
|
|
{
|
|
// serialize the content to a stream
|
|
ObjectContent content = (ObjectContent)responseMessage.Content;
|
|
MemoryStream ms = new MemoryStream();
|
|
content.CopyToAsync(ms).Wait();
|
|
ms.Flush();
|
|
ms.Seek(0, 0);
|
|
|
|
// deserialize based on content type
|
|
ChangeSetEntry[] changeSet = null;
|
|
string mediaType = responseMessage.RequestMessage.Content.Headers.ContentType.MediaType;
|
|
if (mediaType == "application/json")
|
|
{
|
|
JsonSerializer ser = new JsonSerializer() { PreserveReferencesHandling = PreserveReferencesHandling.Objects, TypeNameHandling = TypeNameHandling.All };
|
|
changeSet = (ChangeSetEntry[])ser.Deserialize(new JsonTextReader(new StreamReader(ms)), content.ObjectType);
|
|
}
|
|
else
|
|
{
|
|
DataContractSerializer ser = new DataContractSerializer(content.ObjectType, GetTestKnownTypes());
|
|
changeSet = (ChangeSetEntry[])ser.ReadObject(ms);
|
|
}
|
|
|
|
return changeSet;
|
|
}
|
|
|
|
private IEnumerable<Type> GetTestKnownTypes()
|
|
{
|
|
List<Type> knownTypes = new List<Type>(new Type[] { typeof(Order), typeof(Product), typeof(Order_Detail) });
|
|
knownTypes.AddRange(new Type[] { typeof(Microsoft.Web.Http.Data.Test.Models.EF.Order), typeof(Microsoft.Web.Http.Data.Test.Models.EF.Product), typeof(Microsoft.Web.Http.Data.Test.Models.EF.Order_Detail) });
|
|
return knownTypes;
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Test controller used for multi-level authorization testing
|
|
/// </summary>
|
|
[TestAuth(Level = "Class")]
|
|
public class TestAuthController : DataController
|
|
{
|
|
[TestAuth(Level = "UserMethod")]
|
|
public void UpdateProduct(Product product)
|
|
{
|
|
}
|
|
|
|
[TestAuth(Level = "SubmitMethod")]
|
|
public override bool Submit(ChangeSet changeSet)
|
|
{
|
|
return base.Submit(changeSet);
|
|
}
|
|
|
|
protected override void Initialize(HttpControllerContext controllerContext)
|
|
{
|
|
controllerContext.Configuration.Filters.Add(new TestAuthAttribute() { Level = "Global" });
|
|
|
|
base.Initialize(controllerContext);
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Test authorization attribute used to verify authorization behavior.
|
|
/// </summary>
|
|
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
|
|
public class TestAuthAttribute : AuthorizationFilterAttribute
|
|
{
|
|
public string Level;
|
|
|
|
public static string FailLevel;
|
|
|
|
public static List<string> Log = new List<string>();
|
|
|
|
public override void OnAuthorization(HttpActionContext context)
|
|
{
|
|
TestAuthAttribute.Log.Add(Level);
|
|
|
|
if (FailLevel != null && FailLevel == Level)
|
|
{
|
|
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
response.ReasonPhrase = "Not Authorized";
|
|
context.Response = response;
|
|
}
|
|
|
|
base.OnAuthorization(context);
|
|
}
|
|
|
|
public static void Reset()
|
|
{
|
|
FailLevel = null;
|
|
Log.Clear();
|
|
}
|
|
}
|
|
}
|