1+ using Refresh . Database . Models . Authentication ;
2+ using Refresh . Database . Models . Users ;
3+ using Refresh . Interfaces . APIv3 . Endpoints . ApiTypes ;
4+ using Refresh . Interfaces . APIv3 . Endpoints . DataTypes . Request . Authentication ;
5+ using RefreshTests . GameServer . Extensions ;
6+
7+ namespace RefreshTests . GameServer . Tests . ApiV3 ;
8+
9+ public class UserDeletionApiTests : GameServerTest
10+ {
11+ [ Test ]
12+ public void CanDeleteOwnUserWithPassword ( )
13+ {
14+ using TestContext context = this . GetServer ( ) ;
15+ const string password = "password" ;
16+
17+ GameUser user = context . CreateUser ( ) ;
18+ string passwordBcrypt = BCrypt . Net . BCrypt . HashPassword ( password , 4 ) ;
19+ context . Database . SetUserPassword ( user , passwordBcrypt ) ;
20+ using HttpClient client = context . GetAuthenticatedClient ( TokenType . Api , user ) ;
21+
22+ Assert . That ( context . Database . GetUserByObjectId ( user . UserId ) , Is . Not . Null ) ;
23+
24+ // Try to delete
25+ ApiOwnUserDeletionRequest request = new ( )
26+ {
27+ PasswordSha512 = password
28+ } ;
29+ ApiResponse < ApiEmptyResponse > ? response = client . DeleteData < ApiEmptyResponse > ( $ "/api/v3/users/me", request ) ;
30+ Assert . That ( response ? . Data , Is . Not . Null ) ;
31+ Assert . That ( response ! . Success , Is . True ) ;
32+
33+ context . Database . Refresh ( ) ;
34+ GameUser ? fakeDeletedUser = context . Database . GetUserByObjectId ( user . UserId ) ;
35+ Assert . That ( fakeDeletedUser , Is . Not . Null ) ;
36+ Assert . That ( fakeDeletedUser ! . Role , Is . EqualTo ( GameUserRole . Banned ) ) ;
37+ Assert . That ( fakeDeletedUser ! . PasswordBcrypt , Is . EqualTo ( "deleted" ) ) ;
38+ }
39+
40+ [ Test ]
41+ public async Task CannotDeleteOwnUserWithoutPassword ( )
42+ {
43+ using TestContext context = this . GetServer ( ) ;
44+ const string password = "password" ;
45+
46+ GameUser user = context . CreateUser ( ) ;
47+ string passwordBcrypt = BCrypt . Net . BCrypt . HashPassword ( password , 4 ) ;
48+ context . Database . SetUserPassword ( user , passwordBcrypt ) ;
49+ using HttpClient client = context . GetAuthenticatedClient ( TokenType . Api , user ) ;
50+
51+ Assert . That ( context . Database . GetUserByObjectId ( user . UserId ) , Is . Not . Null ) ;
52+
53+ // Try to delete
54+ HttpResponseMessage ? response = await client . DeleteAsync ( $ "/api/v3/users/me") ;
55+ Assert . That ( response , Is . Not . Null ) ;
56+ Assert . That ( response ! . IsSuccessStatusCode , Is . False ) ;
57+
58+ context . Database . Refresh ( ) ;
59+ GameUser ? fakeDeletedUser = context . Database . GetUserByObjectId ( user . UserId ) ;
60+ Assert . That ( fakeDeletedUser , Is . Not . Null ) ;
61+ Assert . That ( fakeDeletedUser ! . Role , Is . EqualTo ( GameUserRole . User ) ) ;
62+ Assert . That ( fakeDeletedUser ! . PasswordBcrypt , Is . Not . EqualTo ( "deleted" ) ) ;
63+ }
64+
65+ [ Test ]
66+ public void CannotDeleteOwnUserWithWrongPassword ( )
67+ {
68+ using TestContext context = this . GetServer ( ) ;
69+ const string correctPassword = "password" ;
70+ const string wrongPassword = "assword" ;
71+
72+ GameUser user = context . CreateUser ( ) ;
73+ string correctPasswordBcrypt = BCrypt . Net . BCrypt . HashPassword ( correctPassword , 4 ) ;
74+ string wrongPasswordBcrypt = BCrypt . Net . BCrypt . HashPassword ( wrongPassword , 4 ) ;
75+ context . Database . SetUserPassword ( user , correctPasswordBcrypt ) ;
76+ using HttpClient client = context . GetAuthenticatedClient ( TokenType . Api , user ) ;
77+
78+ Assert . That ( context . Database . GetUserByObjectId ( user . UserId ) , Is . Not . Null ) ;
79+
80+ // Try to delete
81+ ApiOwnUserDeletionRequest request = new ( )
82+ {
83+ PasswordSha512 = wrongPassword
84+ } ;
85+ ApiResponse < ApiEmptyResponse > ? response = client . DeleteData < ApiEmptyResponse > ( $ "/api/v3/users/me", request , false , true ) ;
86+ Assert . That ( response ? . Error , Is . Not . Null ) ;
87+ Assert . That ( response ! . Success , Is . False ) ;
88+
89+ context . Database . Refresh ( ) ;
90+ GameUser ? fakeDeletedUser = context . Database . GetUserByObjectId ( user . UserId ) ;
91+ Assert . That ( fakeDeletedUser , Is . Not . Null ) ;
92+ Assert . That ( fakeDeletedUser ! . Role , Is . EqualTo ( GameUserRole . User ) ) ;
93+ Assert . That ( fakeDeletedUser ! . PasswordBcrypt , Is . Not . EqualTo ( "deleted" ) ) ;
94+ }
95+ }
0 commit comments