Add UserServiceTests: implement unit tests for user management functionalities

.gitea/workflows/docker-image-dev.yml

@@ -23,6 +23,9 @@ jobs:
         with:
           dotnet-version: "9.0.x"
 
+      - name: Run tests
+        run: dotnet test
+
       - name: Publish server project
         run: dotnet publish ./FoodsharingSiegen.Server/FoodsharingSiegen.Server.csproj -c Release -o ./Publish/Server
 

.gitea/workflows/docker-image.yml

@@ -23,6 +23,9 @@ jobs:
         with:
           dotnet-version: "9.0.x"
 
+      - name: Run tests
+        run: dotnet test
+
       - name: Publish server project
         run: dotnet publish ./FoodsharingSiegen.Server/FoodsharingSiegen.Server.csproj -c Release -o ./Publish/Server
 

FoodsharingSiegen.Server/Data/FsContext.cs

@@ -46,9 +46,12 @@ namespace FoodsharingSiegen.Server.Data
         /// </summary>
         /// <param name="options">The options (ab)</param>
         public FsContext(DbContextOptions<FsContext> options) : base(options)
+        {
+            if (Database.IsRelational())
             {
                 Database.Migrate();
             }
+        }
 
         #endregion
 

FoodsharingSiegen.Server/Service/MailService.cs

@@ -1,3 +1,4 @@
+using System;
 using System.Threading.Tasks;
 using FoodsharingSiegen.Contracts.Model;
 using MailKit.Net.Smtp;
@@ -15,15 +16,17 @@ namespace FoodsharingSiegen.Server.Service
     {
         private readonly MailSettings _mailSettings;
         private readonly TermSettings _termSettings;
+        private readonly Func<ISmtpClient> _smtpClientFactory;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="MailService"/> class.
         /// </summary>
         /// <param name="appSettings">The configured application settings injected by DI, containing the <see cref="MailSettings"/>.</param>
-        public MailService(IOptions<AppSettings> appSettings)
+        public MailService(IOptions<AppSettings> appSettings, Func<ISmtpClient>? smtpClientFactory = null)
         {
             _mailSettings = appSettings.Value.Mail;
             _termSettings = appSettings.Value.Terms;
+            _smtpClientFactory = smtpClientFactory ?? (() => new SmtpClient());
         }
 
         /// <inheritdoc/>
@@ -40,7 +43,7 @@ namespace FoodsharingSiegen.Server.Service
             };
             email.Body = textPart;
 
-            using var smtp = new SmtpClient();
+            using var smtp = _smtpClientFactory();
             var secureOptions = _mailSettings.UseSsl ? SecureSocketOptions.StartTls : SecureSocketOptions.Auto;
             
             await smtp.ConnectAsync(_mailSettings.Host, _mailSettings.Port, secureOptions);

FoodsharingSiegen.Tests/FoodsharingSiegen.Tests.csproj

@@ -9,6 +9,7 @@
 
   <ItemGroup>
     <PackageReference Include="coverlet.collector" Version="6.0.4" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="10.0.7" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
     <PackageReference Include="Moq" Version="4.20.72" />
     <PackageReference Include="xunit" Version="2.9.3" />

FoodsharingSiegen.Tests/MailServiceTests.cs

@@ -0,0 +1,110 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using FoodsharingSiegen.Contracts.Model;
+using FoodsharingSiegen.Server.Service;
+using MailKit.Net.Smtp;
+using MailKit.Security;
+using Microsoft.Extensions.Options;
+using MimeKit;
+using Moq;
+using Xunit;
+
+namespace FoodsharingSiegen.Tests
+{
+    public class MailServiceTests
+    {
+        private readonly Mock<IOptions<AppSettings>> _mockOptions;
+        private readonly AppSettings _appSettings;
+        private readonly Mock<ISmtpClient> _mockSmtpClient;
+
+        public MailServiceTests()
+        {
+            _appSettings = new AppSettings
+            {
+                Mail = new MailSettings
+                {
+                    Host = "smtp.test.com",
+                    Port = 587,
+                    UseSsl = false,
+                    Username = "user@test.com",
+                    Password = "password123",
+                    FromAddress = "no-reply@test.com"
+                },
+                Terms = new TermSettings
+                {
+                    Title = "Foodsharing Test"
+                }
+            };
+
+            _mockOptions = new Mock<IOptions<AppSettings>>();
+            _mockOptions.Setup(o => o.Value).Returns(_appSettings);
+
+            _mockSmtpClient = new Mock<ISmtpClient>();
+        }
+
+        [Fact]
+        public async Task SendEmailAsync_ConnectsAuthenticatesAndSendsEmail()
+        {
+            // Arrange
+            var service = new MailService(_mockOptions.Object, () => _mockSmtpClient.Object);
+            var toEmail = "recipient@test.com";
+            var subject = "Test Subject";
+            var body = "<p>Test Body</p>";
+
+            // Act
+            await service.SendEmailAsync(toEmail, subject, body);
+
+            // Assert
+            _mockSmtpClient.Verify(
+                x => x.ConnectAsync(
+                    "smtp.test.com", 
+                    587, 
+                    SecureSocketOptions.Auto, 
+                    It.IsAny<CancellationToken>()), 
+                Times.Once);
+
+            _mockSmtpClient.Verify(
+                x => x.AuthenticateAsync(
+                    "user@test.com", 
+                    "password123", 
+                    It.IsAny<CancellationToken>()), 
+                Times.Once);
+
+            // Verify a MimeMessage is passed to SendAsync with correct attributes
+            _mockSmtpClient.Verify(
+                x => x.SendAsync(
+                    It.Is<MimeMessage>(m => m.Subject == subject),
+                    It.IsAny<CancellationToken>(), 
+                    It.IsAny<MailKit.ITransferProgress>()), 
+                Times.Once);
+
+            _mockSmtpClient.Verify(
+                x => x.DisconnectAsync(
+                    true, 
+                    It.IsAny<CancellationToken>()), 
+                Times.Once);
+            
+            _mockSmtpClient.Verify(
+                x => x.Dispose(), 
+                Times.Once);
+        }
+
+        [Fact]
+        public async Task SendEmailAsync_SkipsAuthentication_WhenUsernameIsBlank()
+        {
+            // Arrange
+            _appSettings.Mail.Username = "";
+            _appSettings.Mail.Password = "";
+            var service = new MailService(_mockOptions.Object, () => _mockSmtpClient.Object);
+
+            // Act
+            await service.SendEmailAsync("recipient@test.com", "Subject", "Body");
+
+            // Assert
+            _mockSmtpClient.Verify(
+                x => x.AuthenticateAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<CancellationToken>()), 
+                Times.Never);
+        }
+    }
+}

FoodsharingSiegen.Tests/UserServiceTests.cs

@@ -0,0 +1,236 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Reflection;
+using System.Threading.Tasks;
+using FoodsharingSiegen.Contracts.Entity;
+using FoodsharingSiegen.Contracts.Enums;
+using FoodsharingSiegen.Contracts.Model;
+using FoodsharingSiegen.Server.Auth;
+using FoodsharingSiegen.Server.Data;
+using FoodsharingSiegen.Server.Data.Service;
+using FoodsharingSiegen.Server.Service;
+using Microsoft.AspNetCore.Components.Authorization;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Options;
+using Microsoft.JSInterop;
+using Moq;
+using Xunit;
+
+namespace FoodsharingSiegen.Tests
+{
+    public class UserServiceTests
+    {
+        private FsContext CreateInMemoryContext(string dbName)
+        {
+            var options = new DbContextOptionsBuilder<FsContext>()
+                .UseInMemoryDatabase(databaseName: dbName)
+                .Options;
+            return new FsContext(options);
+        }
+
+        private AuthService CreateAuthService(FsContext context, User? currentUser = null)
+        {
+            var mockJsRuntime = new Mock<IJSRuntime>();
+            var localStorageService = new LocalStorageService(mockJsRuntime.Object);
+            var authStateProvider = new Mock<AuthenticationStateProvider>();
+            var mailService = new Mock<IMailService>();
+            var appSettings = new Mock<IOptions<AppSettings>>();
+            appSettings.Setup(x => x.Value).Returns(new AppSettings());
+
+            var authService = new AuthService(context, localStorageService, authStateProvider.Object, mailService.Object, appSettings.Object);
+
+            if (currentUser != null)
+            {
+                var field = typeof(AuthService).GetField("_user", BindingFlags.NonPublic | BindingFlags.Instance);
+                field?.SetValue(authService, currentUser);
+            }
+
+            return authService;
+        }
+
+        private AuditService CreateAuditService(FsContext context, AuthService authService)
+        {
+            return new AuditService(context, authService);
+        }
+
+        [Fact]
+        public async Task AddUserAsync_Fails_WhenEmailAlreadyExists()
+        {
+            var dbName = Guid.NewGuid().ToString();
+            using var context = CreateInMemoryContext(dbName);
+            var authService = CreateAuthService(context);
+            var auditService = CreateAuditService(context, authService);
+            var userService = new UserService(context, authService, auditService);
+
+            context.Users!.Add(new User { Mail = "existing@example.com", Name = "Existing", Password = "123" });
+            context.SaveChanges();
+
+            var result = await userService.AddUserAsync(new User { Mail = "EXISTING@example.com", Name = "New" });
+
+            Assert.False(result.Success);
+            Assert.Equal("Diese E-Mail Adresse wird bereits verwendet", result.ErrorMessage);
+        }
+
+        [Fact]
+        public async Task AddUserAsync_Succeeds_AndSetsPasswordEmpty_IfNull()
+        {
+            var dbName = Guid.NewGuid().ToString();
+            using var context = CreateInMemoryContext(dbName);
+            var authService = CreateAuthService(context);
+            var auditService = CreateAuditService(context, authService);
+            var userService = new UserService(context, authService, auditService);
+
+            var newUser = new User { Mail = "new@example.com", Name = "New", };
+
+            var result = await userService.AddUserAsync(newUser);
+
+            Assert.True(result.Success);
+            Assert.Equal(string.Empty, result.Data?.Password);
+            Assert.NotNull(result.Data?.Created);
+            Assert.Single(context.Users!);
+            Assert.Single(context.Audits!);
+            Assert.Equal(AuditType.CreateUser, context.Audits!.First().Type);
+        }
+
+        [Fact]
+        public async Task RemoveAsync_TransferInteractions_AndRemovesUser()
+        {
+            var dbName = Guid.NewGuid().ToString();
+            using var context = CreateInMemoryContext(dbName);
+
+            var currentUser = new User { Id = Guid.NewGuid(), Mail = "current@example.com" };
+            var authService = CreateAuthService(context, currentUser);
+            var auditService = CreateAuditService(context, authService);
+            var userService = new UserService(context, authService, auditService);
+
+            var userToRemove = new User { Id = Guid.NewGuid(), Mail = "remove@example.com", Type = UserType.User };
+            context.Users!.Add(currentUser);
+            context.Users!.Add(userToRemove);
+
+            context.Interactions!.Add(new Interaction { Id = Guid.NewGuid(), UserID = userToRemove.Id });
+            context.Audits!.Add(new Audit { Id = Guid.NewGuid(), UserID = userToRemove.Id, Type = AuditType.None });
+            context.SaveChanges();
+
+            var result = await userService.RemoveAsync(userToRemove.Id);
+
+            Assert.True(result.Success);
+            Assert.Empty(context.Users!.Where(u => u.Id == userToRemove.Id));
+            var interaction = context.Interactions!.First();
+            Assert.Equal(currentUser.Id, interaction.UserID);
+            Assert.Single(context.Audits!.Where(a => a.Type == AuditType.RemoveUser)); // created audit for remove
+        }
+
+        [Fact]
+        public async Task RemoveAsync_Fails_WhenLastAdmin()
+        {
+            var dbName = Guid.NewGuid().ToString();
+            using var context = CreateInMemoryContext(dbName);
+            var authService = CreateAuthService(context);
+            var auditService = CreateAuditService(context, authService);
+            var userService = new UserService(context, authService, auditService);
+
+            var admin = new User { Id = Guid.NewGuid(), Mail = "admin@example.com", Type = UserType.Admin };
+            context.Users!.Add(admin);
+            context.SaveChanges();
+
+            var result = await userService.RemoveAsync(admin.Id);
+
+            Assert.False(result.Success);
+            Assert.Equal("Der letzte Administrator kann nicht gelöscht werden.", result.ErrorMessage);
+        }
+
+        [Fact]
+        public async Task SetPassword_Fails_IfUserNotFound()
+        {
+            var dbName = Guid.NewGuid().ToString();
+            using var context = CreateInMemoryContext(dbName);
+            var authService = CreateAuthService(context);
+            var auditService = CreateAuditService(context, authService);
+            var userService = new UserService(context, authService, auditService);
+
+            var result = await userService.SetPassword(new User { Id = Guid.NewGuid(), Password = "P" });
+
+            Assert.False(result.Success);
+            Assert.Equal("User not found", result.ErrorMessage);
+        }
+
+        [Fact]
+        public async Task SetPassword_Succeeds()
+        {
+            var dbName = Guid.NewGuid().ToString();
+            using var context = CreateInMemoryContext(dbName);
+            var authService = CreateAuthService(context);
+            var auditService = CreateAuditService(context, authService);
+            var userService = new UserService(context, authService, auditService);
+
+            var user = new User { Id = Guid.NewGuid(), Mail = "test@example.com", Password = "Old" };
+            context.Users!.Add(user);
+            context.SaveChanges();
+
+            var result = await userService.SetPassword(new User { Id = user.Id, Password = "New" });
+
+            Assert.True(result.Success);
+            Assert.Equal("New", context.Users!.First().Password);
+            Assert.Equal(AuditType.SetUserPassword, context.Audits!.First().Type);
+        }
+
+        [Fact]
+        public async Task Update_Fails_IfNoChanges()
+        {
+            var dbName = Guid.NewGuid().ToString();
+            using var context = CreateInMemoryContext(dbName);
+            var authService = CreateAuthService(context);
+            var auditService = CreateAuditService(context, authService);
+            var userService = new UserService(context, authService, auditService);
+
+            var user = new User { Id = Guid.NewGuid(), Mail = "a@a.com", Type = UserType.User };
+            context.Users!.Add(user);
+            context.SaveChanges();
+
+            var result = await userService.Update(new User { Id = user.Id, Mail = "a@a.com", Type = UserType.User });
+
+            Assert.False(result.Success);
+            Assert.Equal("Nichts zum Speichern gefunden", result.ErrorMessage);
+        }
+
+        [Fact]
+        public async Task Update_ForcesLogoutOnChange()
+        {
+            var dbName = Guid.NewGuid().ToString();
+            using var context = CreateInMemoryContext(dbName);
+            var authService = CreateAuthService(context);
+            var auditService = CreateAuditService(context, authService);
+            var userService = new UserService(context, authService, auditService);
+
+            var user = new User { Id = Guid.NewGuid(), Mail = "a@a.com", Type = UserType.User };
+            context.Users!.Add(user);
+            context.SaveChanges();
+
+            var result = await userService.Update(new User { Id = user.Id, Mail = "b@b.com", Type = UserType.User });
+
+            Assert.True(result.Success);
+            Assert.True(context.Users!.First().ForceLogout);
+            Assert.Single(context.Audits!.Where(a => a.Type == AuditType.UpdateUser));
+        }
+
+        [Fact]
+        public async Task Update_Fails_WhenDemotingLastAdmin()
+        {
+            var dbName = Guid.NewGuid().ToString();
+            using var context = CreateInMemoryContext(dbName);
+            var authService = CreateAuthService(context);
+            var auditService = CreateAuditService(context, authService);
+            var userService = new UserService(context, authService, auditService);
+
+            var admin = new User { Id = Guid.NewGuid(), Mail = "a@a.com", Type = UserType.Admin };
+            context.Users!.Add(admin);
+            context.SaveChanges();
+
+            var result = await userService.Update(new User { Id = admin.Id, Mail = "a@a.com", Type = UserType.User });
+
+            Assert.False(result.Success);
+            Assert.Equal("Der Typ des letzten Administrators kann nicht geändert werden.", result.ErrorMessage);
+        }
+    }
+}