using System; using System.Collections.Generic; using System.Linq; using System.Reflection; using System.Threading.Tasks; using FoodsharingSiegen.Contracts.Entity; using FoodsharingSiegen.Contracts.Enums; using FoodsharingSiegen.Contracts.Model; using FoodsharingSiegen.Server.Auth; using FoodsharingSiegen.Server.Data; using FoodsharingSiegen.Server.Data.Service; using FoodsharingSiegen.Server.Service; using Microsoft.AspNetCore.Components.Authorization; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Options; using Microsoft.JSInterop; using Moq; using Xunit; namespace FoodsharingSiegen.Tests { public class UserServiceTests { private FsContext CreateInMemoryContext(string dbName) { var options = new DbContextOptionsBuilder() .UseInMemoryDatabase(databaseName: dbName) .Options; return new FsContext(options); } private AuthService CreateAuthService(FsContext context, User? currentUser = null) { var mockJsRuntime = new Mock(); var localStorageService = new LocalStorageService(mockJsRuntime.Object); var authStateProvider = new Mock(); var mailService = new Mock(); var appSettings = new Mock>(); appSettings.Setup(x => x.Value).Returns(new AppSettings()); var authService = new AuthService(context, localStorageService, authStateProvider.Object, mailService.Object, appSettings.Object); if (currentUser != null) { var field = typeof(AuthService).GetField("_user", BindingFlags.NonPublic | BindingFlags.Instance); field?.SetValue(authService, currentUser); } return authService; } private AuditService CreateAuditService(FsContext context, AuthService authService) { return new AuditService(context, authService); } [Fact] public async Task AddUserAsync_Fails_WhenEmailAlreadyExists() { var dbName = Guid.NewGuid().ToString(); using var context = CreateInMemoryContext(dbName); var authService = CreateAuthService(context); var auditService = CreateAuditService(context, authService); var userService = new UserService(context, authService, auditService); context.Users!.Add(new User { Mail = "existing@example.com", Name = "Existing", Password = "123" }); context.SaveChanges(); var result = await userService.AddUserAsync(new User { Mail = "EXISTING@example.com", Name = "New" }); Assert.False(result.Success); Assert.Equal("Diese E-Mail Adresse wird bereits verwendet", result.ErrorMessage); } [Fact] public async Task AddUserAsync_Succeeds_AndSetsPasswordEmpty_IfNull() { var dbName = Guid.NewGuid().ToString(); using var context = CreateInMemoryContext(dbName); var authService = CreateAuthService(context); var auditService = CreateAuditService(context, authService); var userService = new UserService(context, authService, auditService); var newUser = new User { Mail = "new@example.com", Name = "New", }; var result = await userService.AddUserAsync(newUser); Assert.True(result.Success); Assert.Equal(string.Empty, result.Data?.Password); Assert.NotNull(result.Data?.Created); Assert.Single(context.Users!); Assert.Single(context.Audits!); Assert.Equal(AuditType.CreateUser, context.Audits!.First().Type); } [Fact] public async Task RemoveAsync_TransferInteractions_AndRemovesUser() { var dbName = Guid.NewGuid().ToString(); using var context = CreateInMemoryContext(dbName); var currentUser = new User { Id = Guid.NewGuid(), Mail = "current@example.com" }; var authService = CreateAuthService(context, currentUser); var auditService = CreateAuditService(context, authService); var userService = new UserService(context, authService, auditService); var userToRemove = new User { Id = Guid.NewGuid(), Mail = "remove@example.com", Type = UserType.User }; context.Users!.Add(currentUser); context.Users!.Add(userToRemove); context.Interactions!.Add(new Interaction { Id = Guid.NewGuid(), UserID = userToRemove.Id }); context.Audits!.Add(new Audit { Id = Guid.NewGuid(), UserID = userToRemove.Id, Type = AuditType.None }); context.SaveChanges(); var result = await userService.RemoveAsync(userToRemove.Id); Assert.True(result.Success); Assert.Empty(context.Users!.Where(u => u.Id == userToRemove.Id)); var interaction = context.Interactions!.First(); Assert.Equal(currentUser.Id, interaction.UserID); Assert.Single(context.Audits!.Where(a => a.Type == AuditType.RemoveUser)); // created audit for remove } [Fact] public async Task RemoveAsync_Fails_WhenLastAdmin() { var dbName = Guid.NewGuid().ToString(); using var context = CreateInMemoryContext(dbName); var authService = CreateAuthService(context); var auditService = CreateAuditService(context, authService); var userService = new UserService(context, authService, auditService); var admin = new User { Id = Guid.NewGuid(), Mail = "admin@example.com", Type = UserType.Admin }; context.Users!.Add(admin); context.SaveChanges(); var result = await userService.RemoveAsync(admin.Id); Assert.False(result.Success); Assert.Equal("Der letzte Administrator kann nicht gelöscht werden.", result.ErrorMessage); } [Fact] public async Task SetPassword_Fails_IfUserNotFound() { var dbName = Guid.NewGuid().ToString(); using var context = CreateInMemoryContext(dbName); var authService = CreateAuthService(context); var auditService = CreateAuditService(context, authService); var userService = new UserService(context, authService, auditService); var result = await userService.SetPassword(new User { Id = Guid.NewGuid(), Password = "P" }); Assert.False(result.Success); Assert.Equal("User not found", result.ErrorMessage); } [Fact] public async Task SetPassword_Succeeds() { var dbName = Guid.NewGuid().ToString(); using var context = CreateInMemoryContext(dbName); var authService = CreateAuthService(context); var auditService = CreateAuditService(context, authService); var userService = new UserService(context, authService, auditService); var user = new User { Id = Guid.NewGuid(), Mail = "test@example.com", Password = "Old" }; context.Users!.Add(user); context.SaveChanges(); var result = await userService.SetPassword(new User { Id = user.Id, Password = "New" }); Assert.True(result.Success); Assert.Equal("New", context.Users!.First().Password); Assert.Equal(AuditType.SetUserPassword, context.Audits!.First().Type); } [Fact] public async Task Update_Fails_IfNoChanges() { var dbName = Guid.NewGuid().ToString(); using var context = CreateInMemoryContext(dbName); var authService = CreateAuthService(context); var auditService = CreateAuditService(context, authService); var userService = new UserService(context, authService, auditService); var user = new User { Id = Guid.NewGuid(), Mail = "a@a.com", Type = UserType.User }; context.Users!.Add(user); context.SaveChanges(); var result = await userService.Update(new User { Id = user.Id, Mail = "a@a.com", Type = UserType.User }); Assert.False(result.Success); Assert.Equal("Nichts zum Speichern gefunden", result.ErrorMessage); } [Fact] public async Task Update_ForcesLogoutOnChange() { var dbName = Guid.NewGuid().ToString(); using var context = CreateInMemoryContext(dbName); var authService = CreateAuthService(context); var auditService = CreateAuditService(context, authService); var userService = new UserService(context, authService, auditService); var user = new User { Id = Guid.NewGuid(), Mail = "a@a.com", Type = UserType.User }; context.Users!.Add(user); context.SaveChanges(); var result = await userService.Update(new User { Id = user.Id, Mail = "b@b.com", Type = UserType.User }); Assert.True(result.Success); Assert.True(context.Users!.First().ForceLogout); Assert.Single(context.Audits!.Where(a => a.Type == AuditType.UpdateUser)); } [Fact] public async Task Update_Fails_WhenDemotingLastAdmin() { var dbName = Guid.NewGuid().ToString(); using var context = CreateInMemoryContext(dbName); var authService = CreateAuthService(context); var auditService = CreateAuditService(context, authService); var userService = new UserService(context, authService, auditService); var admin = new User { Id = Guid.NewGuid(), Mail = "a@a.com", Type = UserType.Admin }; context.Users!.Add(admin); context.SaveChanges(); var result = await userService.Update(new User { Id = admin.Id, Mail = "a@a.com", Type = UserType.User }); Assert.False(result.Success); Assert.Equal("Der Typ des letzten Administrators kann nicht geändert werden.", result.ErrorMessage); } } }