433408dddb
Five wire-level integration tests covering: flag set, round-trip unset, 401 without auth, 400 unknown_card, and empty-object response shape. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
435 lines
19 KiB
C#
435 lines
19 KiB
C#
using System.Net;
|
|
using System.Text;
|
|
using System.Text.Json;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using SVSim.Database;
|
|
using SVSim.UnitTests.Infrastructure;
|
|
|
|
namespace SVSim.UnitTests.Controllers;
|
|
|
|
/// <summary>
|
|
/// End-to-end coverage for POST /card/destruct. Exercises the controller's double-decode of
|
|
/// the JSON-string-in-JSON payload and the reward_list post-state-totals shape. The
|
|
/// validate/mutate logic itself is covered by <c>CardInventoryRepositoryTests</c>; the tests
|
|
/// here just confirm the wire contract.
|
|
/// </summary>
|
|
public class CardControllerTests
|
|
{
|
|
private static StringContent DestructBody(string innerJson) =>
|
|
new(
|
|
$$"""{"card_id_number_array":{{JsonSerializer.Serialize(innerJson)}},"viewer_id":"0","steam_id":0,"steam_session_ticket":""}""",
|
|
Encoding.UTF8,
|
|
"application/json");
|
|
|
|
private static StringContent CreateBody(string innerJson) =>
|
|
new(
|
|
$$"""{"card_id_number_array":{{JsonSerializer.Serialize(innerJson)}},"viewer_id":"0","steam_id":0,"steam_session_ticket":""}""",
|
|
Encoding.UTF8,
|
|
"application/json");
|
|
|
|
[Test]
|
|
public async Task Destruct_happy_path_returns_redether_and_card_post_totals()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 5, dustReward: 50);
|
|
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
// Inner JSON: cardId -> "<num>,<client_snapshot>". The snapshot is informational only.
|
|
var response = await client.PostAsync("/card/destruct",
|
|
DestructBody("{\"10001001\":\"2,5\"}"));
|
|
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK), body);
|
|
|
|
// The ShadowverseTranslationMiddleware only fires for UnityPlayer UA requests; test
|
|
// clients send plain HTTP so the controller's JSON is returned unwrapped.
|
|
var rewardList = JsonDocument.Parse(body).RootElement
|
|
.GetProperty("reward_list");
|
|
|
|
// Two entries — one RedEther (type 1), one Card (type 5).
|
|
var entries = rewardList.EnumerateArray()
|
|
.Select(e => (Type: e.GetProperty("reward_type").GetInt32(),
|
|
Id: e.GetProperty("reward_id").GetInt64(),
|
|
Num: e.GetProperty("reward_num").GetInt32()))
|
|
.ToList();
|
|
|
|
Assert.That(entries, Has.Member((Type: 1, Id: 0L, Num: 100)),
|
|
"RedEther post-state total = 2 * 50 = 100");
|
|
Assert.That(entries, Has.Member((Type: 5, Id: 10001001L, Num: 3)),
|
|
"Card post-state owned count = 5 - 2 = 3");
|
|
}
|
|
|
|
[Test]
|
|
public async Task Destruct_without_auth_header_returns_401()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
using var client = factory.CreateClient(); // no auth header
|
|
|
|
var response = await client.PostAsync("/card/destruct",
|
|
DestructBody("{\"10001001\":\"1,1\"}"));
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
|
|
}
|
|
|
|
[TestCase("", Description = "empty string")]
|
|
[TestCase("not json", Description = "non-JSON garbage")]
|
|
[TestCase("{\"10001001\":\"1\"}", Description = "value missing snapshot")]
|
|
[TestCase("{\"10001001\":\"0,5\"}", Description = "num=0 not allowed")]
|
|
[TestCase("{\"10001001\":\"-1,5\"}", Description = "negative num")]
|
|
[TestCase("{\"abc\":\"1,5\"}", Description = "non-numeric cardId")]
|
|
[TestCase("{\"10001001\":5}", Description = "value not a string")]
|
|
[TestCase("[]", Description = "root must be object, not array")]
|
|
public async Task Destruct_with_malformed_inner_json_returns_400(string innerJson)
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/destruct", DestructBody(innerJson));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("malformed_request"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Destruct_with_empty_inner_object_returns_400()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/destruct", DestructBody("{}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("malformed_request"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Destruct_unknown_card_returns_400_unknown_card()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/destruct",
|
|
DestructBody("{\"99999999\":\"1,0\"}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("unknown_card"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Destruct_not_destructible_returns_400_not_destructible()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 3, dustReward: 0, craftCost: 0);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/destruct",
|
|
DestructBody("{\"10001001\":\"1,3\"}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("not_destructible"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Destruct_protected_returns_400_card_protected()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 3, dustReward: 50, isProtected: true);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/destruct",
|
|
DestructBody("{\"10001001\":\"1,3\"}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("card_protected"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Destruct_insufficient_cards_returns_400_insufficient_cards()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 2, dustReward: 50);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/destruct",
|
|
DestructBody("{\"10001001\":\"3,2\"}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("insufficient_cards"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Destruct_proceeds_when_client_possession_snapshot_disagrees_with_server()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
// Server has 3 owned; client thinks it has 5 (stale snapshot).
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 3, dustReward: 50);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
// Inner JSON: destruct 1, client snapshot=5 (disagrees with server count=3).
|
|
// Spec: snapshot mismatch is warn-log only, never blocks the request.
|
|
var response = await client.PostAsync("/card/destruct",
|
|
DestructBody("{\"10001001\":\"1,5\"}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK), body);
|
|
|
|
var entries = JsonDocument.Parse(body).RootElement
|
|
.GetProperty("reward_list")
|
|
.EnumerateArray()
|
|
.Select(e => (Type: e.GetProperty("reward_type").GetInt32(),
|
|
Id: e.GetProperty("reward_id").GetInt64(),
|
|
Num: e.GetProperty("reward_num").GetInt32()))
|
|
.ToList();
|
|
|
|
// Vials awarded based on actual server count, not client snapshot.
|
|
Assert.That(entries, Has.Member((Type: 1, Id: 0L, Num: 50)));
|
|
Assert.That(entries, Has.Member((Type: 5, Id: 10001001L, Num: 2)));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Create_happy_path_returns_redether_and_card_post_totals()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 0, craftCost: 200);
|
|
await factory.SetRedEtherAsync(viewerId, 1_000UL);
|
|
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/create",
|
|
CreateBody("{\"10001001\":\"2,0\"}"));
|
|
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK), body);
|
|
|
|
var entries = JsonDocument.Parse(body).RootElement
|
|
.GetProperty("reward_list")
|
|
.EnumerateArray()
|
|
.Select(e => (Type: e.GetProperty("reward_type").GetInt32(),
|
|
Id: e.GetProperty("reward_id").GetInt64(),
|
|
Num: e.GetProperty("reward_num").GetInt32()))
|
|
.ToList();
|
|
|
|
// 1000 - (2 * 200) = 600
|
|
Assert.That(entries, Has.Member((Type: 1, Id: 0L, Num: 600)),
|
|
"RedEther post-state total = 1000 - 400 = 600");
|
|
Assert.That(entries, Has.Member((Type: 5, Id: 10001001L, Num: 2)),
|
|
"Card post-state owned count = 0 + 2 = 2");
|
|
}
|
|
|
|
[Test]
|
|
public async Task Create_without_auth_header_returns_401()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
using var client = factory.CreateClient();
|
|
|
|
var response = await client.PostAsync("/card/create",
|
|
CreateBody("{\"10001001\":\"1,0\"}"));
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
|
|
}
|
|
|
|
[TestCase("", Description = "empty string")]
|
|
[TestCase("not json", Description = "non-JSON garbage")]
|
|
[TestCase("{\"10001001\":\"1\"}", Description = "value missing snapshot")]
|
|
[TestCase("{\"10001001\":\"0,0\"}", Description = "num=0 not allowed")]
|
|
[TestCase("{\"10001001\":\"-1,0\"}", Description = "negative num")]
|
|
[TestCase("{\"abc\":\"1,0\"}", Description = "non-numeric cardId")]
|
|
[TestCase("{\"10001001\":5}", Description = "value not a string")]
|
|
[TestCase("[]", Description = "root must be object, not array")]
|
|
public async Task Create_with_malformed_inner_json_returns_400(string innerJson)
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/create", CreateBody(innerJson));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("malformed_request"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Create_with_empty_inner_object_returns_400()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/create", CreateBody("{}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("malformed_request"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Create_unknown_card_returns_400_unknown_card()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SetRedEtherAsync(viewerId, 1_000UL);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/create",
|
|
CreateBody("{\"99999999\":\"1,0\"}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("unknown_card"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Create_not_craftable_returns_400_not_craftable()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 0, craftCost: 0, dustReward: 0);
|
|
await factory.SetRedEtherAsync(viewerId, 1_000UL);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/create",
|
|
CreateBody("{\"10001001\":\"1,0\"}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("not_craftable"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Create_would_exceed_max_copies_returns_400()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 3, craftCost: 200);
|
|
await factory.SetRedEtherAsync(viewerId, 1_000UL);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/create",
|
|
CreateBody("{\"10001001\":\"1,3\"}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("would_exceed_max_copies"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Create_insufficient_vials_returns_400()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 0, craftCost: 200);
|
|
await factory.SetRedEtherAsync(viewerId, 100UL); // half of needed
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/create",
|
|
CreateBody("{\"10001001\":\"1,0\"}"));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("insufficient_vials"));
|
|
}
|
|
|
|
private static StringContent ProtectBody(long cardId, bool isProtected) =>
|
|
new(
|
|
$$"""{"card_id":{{cardId}},"is_protected":{{(isProtected ? "true" : "false")}},"viewer_id":"0","steam_id":0,"steam_session_ticket":""}""",
|
|
Encoding.UTF8,
|
|
"application/json");
|
|
|
|
[Test]
|
|
public async Task Protect_toggles_flag_for_owned_card()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 2);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/protect", ProtectBody(10001001L, isProtected: true));
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK),
|
|
await response.Content.ReadAsStringAsync());
|
|
|
|
// Verify persisted flag
|
|
using var scope = factory.Services.CreateScope();
|
|
var db = scope.ServiceProvider.GetRequiredService<SVSimDbContext>();
|
|
var viewer = await db.Viewers.Include(v => v.Cards).ThenInclude(c => c.Card).FirstAsync(v => v.Id == viewerId);
|
|
Assert.That(viewer.Cards.First(c => c.Card.Id == 10001001L).IsProtected, Is.True);
|
|
}
|
|
|
|
[Test]
|
|
public async Task Protect_round_trip_unsets_flag()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 2, isProtected: true);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/protect", ProtectBody(10001001L, isProtected: false));
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK));
|
|
|
|
using var scope = factory.Services.CreateScope();
|
|
var db = scope.ServiceProvider.GetRequiredService<SVSimDbContext>();
|
|
var viewer = await db.Viewers.Include(v => v.Cards).ThenInclude(c => c.Card).FirstAsync(v => v.Id == viewerId);
|
|
Assert.That(viewer.Cards.First(c => c.Card.Id == 10001001L).IsProtected, Is.False);
|
|
}
|
|
|
|
[Test]
|
|
public async Task Protect_without_auth_header_returns_401()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
using var client = factory.CreateClient();
|
|
|
|
var response = await client.PostAsync("/card/protect", ProtectBody(10001001L, isProtected: true));
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Protect_unknown_card_returns_400_unknown_card()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/protect", ProtectBody(99_999_999L, isProtected: true));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest), body);
|
|
Assert.That(body, Does.Contain("unknown_card"));
|
|
}
|
|
|
|
[Test]
|
|
public async Task Protect_returns_empty_data_object()
|
|
{
|
|
using var factory = new SVSimTestFactory();
|
|
long viewerId = await factory.SeedViewerAsync();
|
|
await factory.SeedOwnedCardAsync(viewerId, cardId: 10001001L, count: 1);
|
|
using var client = factory.CreateAuthenticatedClient(viewerId);
|
|
|
|
var response = await client.PostAsync("/card/protect", ProtectBody(10001001L, isProtected: true));
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
|
|
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK), body);
|
|
// The translation middleware only wraps for UnityPlayer UA; test clients see the raw
|
|
// controller payload, which for CardProtectResponse is an empty object.
|
|
Assert.That(body.Trim(), Is.EqualTo("{}"));
|
|
}
|
|
}
|