From 3041388fa709a42c48d9125c8d95b6bcfa00c38c Mon Sep 17 00:00:00 2001
From: zysim <9867871+zysim@users.noreply.github.com>
Date: Wed, 16 Oct 2024 21:45:51 +0800
Subject: [PATCH] Add authN/authZ tests

---
 LeaderboardBackend.Test/Leaderboards.cs | 35 +++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/LeaderboardBackend.Test/Leaderboards.cs b/LeaderboardBackend.Test/Leaderboards.cs
index 8a8c040a..ab5bf3cf 100644
--- a/LeaderboardBackend.Test/Leaderboards.cs
+++ b/LeaderboardBackend.Test/Leaderboards.cs
@@ -383,6 +383,41 @@ public async Task RestoreLeaderboard_OK()
         res.DeletedAt.Should().BeNull();
     }
 
+    [Test]
+    public async Task RestoreLeaderboard_Unauthenticated()
+    {
+        Func<Task<LeaderboardViewModel>> act = async () => await _apiClient.Put<LeaderboardViewModel>($"/leaderboard/100/restore", new()
+        {
+            Jwt = ""
+        });
+
+        await act.Should().ThrowAsync<RequestFailureException>().Where(e => e.Response.StatusCode == HttpStatusCode.Unauthorized);
+    }
+
+    [Test]
+    public async Task RestoreLeaderboard_Unauthorized()
+    {
+        IUserService userService = _factory.Services.CreateScope().ServiceProvider.GetRequiredService<IUserService>();
+
+        RegisterRequest registerRequest = new()
+        {
+            Email = "user@example.com",
+            Password = "Passw0rd",
+            Username = "unauthorized"
+        };
+
+        await userService.CreateUser(registerRequest);
+
+        string jwt = (await _apiClient.LoginUser(registerRequest.Email, registerRequest.Password)).Token;
+
+        Func<Task<LeaderboardViewModel>> act = async () => await _apiClient.Put<LeaderboardViewModel>($"/leaderboard/100/restore", new()
+        {
+            Jwt = jwt,
+        });
+
+        await act.Should().ThrowAsync<RequestFailureException>().Where(e => e.Response.StatusCode == HttpStatusCode.Forbidden);
+    }
+
     [Test]
     public async Task RestoreLeaderboard_NotFound()
     {