SVSim/SVSimServer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
91412ff8218117e61750176fb63e6c6e4869b2ee
SVSimServer/SVSim.UnitTests/Controllers/AccountControllerTests.cs
gamer147 91412ff821 fix(account): /account/update_name validates name input 
Reject empty / whitespace / explicit-null / over-cap names with 400
instead of NREing on null assignment or storing arbitrarily-long
strings the DB column has no cap on. 24-char limit is a conservative
backstop against direct API abuse; the client UI enforces its own
keyboard limit.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 21:11:27 -04:00

110 lines
4.7 KiB
C#
Raw Blame History

using System.Net;
using System.Text;
using System.Text.Json;
using NUnit.Framework;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.DependencyInjection;
using SVSim.Database;
using SVSim.UnitTests.Infrastructure;
namespace SVSim.UnitTests.Controllers;
public class AccountControllerTests
{
[Test]
public async Task UpdateName_writes_display_name()
{
using var factory = new SVSimTestFactory();
long viewerId = await factory.SeedViewerAsync(tutorialState: 0);
using var client = factory.CreateAuthenticatedClient(viewerId);
var requestJson = """{"name":"littlefootse","viewer_id":"0","steam_id":0,"steam_session_ticket":""}""";
var response = await client.PostAsync("/account/update_name",
new StringContent(requestJson, Encoding.UTF8, "application/json"));
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK));
// Verify persisted name.
using var scope = factory.Services.CreateScope();
var db = scope.ServiceProvider.GetRequiredService<SVSimDbContext>();
var viewer = await db.Viewers.FirstAsync(v => v.Id == viewerId);
Assert.That(viewer.DisplayName, Is.EqualTo("littlefootse"));
}
[TestCase("")]
[TestCase(" ")]
[TestCase("\t\n")]
public async Task UpdateName_rejects_empty_or_whitespace(string name)
{
using var factory = new SVSimTestFactory();
long viewerId = await factory.SeedViewerAsync(tutorialState: 0);
using var client = factory.CreateAuthenticatedClient(viewerId);
var requestJson = $$"""{"name":{{JsonSerializer.Serialize(name)}},"viewer_id":"0","steam_id":0,"steam_session_ticket":""}""";
var response = await client.PostAsync("/account/update_name",
new StringContent(requestJson, Encoding.UTF8, "application/json"));
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
// Display name remains the seeded default ("Test Viewer").
using var scope = factory.Services.CreateScope();
var db = scope.ServiceProvider.GetRequiredService<SVSimDbContext>();
var viewer = await db.Viewers.FirstAsync(v => v.Id == viewerId);
Assert.That(viewer.DisplayName, Is.EqualTo("Test Viewer"));
}
[Test]
public async Task UpdateName_rejects_explicit_null()
{
using var factory = new SVSimTestFactory();
long viewerId = await factory.SeedViewerAsync(tutorialState: 0);
using var client = factory.CreateAuthenticatedClient(viewerId);
// Explicit JSON null — used to NRE when the controller assigned request.Name
// (default string.Empty) straight to viewer.DisplayName without a null check.
var requestJson = """{"name":null,"viewer_id":"0","steam_id":0,"steam_session_ticket":""}""";
var response = await client.PostAsync("/account/update_name",
new StringContent(requestJson, Encoding.UTF8, "application/json"));
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
}
[Test]
public async Task UpdateName_rejects_too_long_name()
{
using var factory = new SVSimTestFactory();
long viewerId = await factory.SeedViewerAsync(tutorialState: 0);
using var client = factory.CreateAuthenticatedClient(viewerId);
// 25 chars > the 24-char server cap.
var name = new string('a', 25);
var requestJson = $$"""{"name":"{{name}}","viewer_id":"0","steam_id":0,"steam_session_ticket":""}""";
var response = await client.PostAsync("/account/update_name",
new StringContent(requestJson, Encoding.UTF8, "application/json"));
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
}
[Test]
public async Task UpdateName_accepts_name_at_cap_boundary()
{
using var factory = new SVSimTestFactory();
long viewerId = await factory.SeedViewerAsync(tutorialState: 0);
using var client = factory.CreateAuthenticatedClient(viewerId);
// Exactly 24 chars — boundary case.
var name = new string('a', 24);
var requestJson = $$"""{"name":"{{name}}","viewer_id":"0","steam_id":0,"steam_session_ticket":""}""";
var response = await client.PostAsync("/account/update_name",
new StringContent(requestJson, Encoding.UTF8, "application/json"));
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK));
using var scope = factory.Services.CreateScope();
var db = scope.ServiceProvider.GetRequiredService<SVSimDbContext>();
var viewer = await db.Viewers.FirstAsync(v => v.Id == viewerId);
Assert.That(viewer.DisplayName, Is.EqualTo(name));
}
}
Reference in New Issue View Git Blame Copy Permalink