Added tests for obfuscated IDs

Author: Bart Koelman

src/Examples/JsonApiDotNetCoreExample/Controllers/PassportsController.cs

@@ -1,50 +1,16 @@
-using System.Threading.Tasks;
 using JsonApiDotNetCore.Configuration;
 using JsonApiDotNetCore.Controllers;
 using JsonApiDotNetCore.Services;
 using JsonApiDotNetCoreExample.Models;
-using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
 namespace JsonApiDotNetCoreExample.Controllers
 {
-    public sealed class PassportsController : BaseJsonApiController<Passport>
+    public sealed class PassportsController : JsonApiController<Passport>
     {
-        public PassportsController(
-            IJsonApiOptions options,
-            ILoggerFactory loggerFactory,
-            IResourceService<Passport, int> resourceService)
+        public PassportsController(IJsonApiOptions options, ILoggerFactory loggerFactory, IResourceService<Passport, int> resourceService)
             : base(options, loggerFactory, resourceService)
-        { }
-
-        [HttpGet]
-        public override async Task<IActionResult> GetAsync() => await base.GetAsync();
-
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetAsync(string id)
-        {
-            int idValue = HexadecimalObfuscationCodec.Decode(id);
-            return await base.GetAsync(idValue);
-        }
-
-        [HttpPatch("{id}")]
-        public async Task<IActionResult> PatchAsync(string id, [FromBody] Passport resource)
-        {
-            int idValue = HexadecimalObfuscationCodec.Decode(id);
-            return await base.PatchAsync(idValue, resource);
-        }
-
-        [HttpPost]
-        public override async Task<IActionResult> PostAsync([FromBody] Passport resource)
-        {
-            return await base.PostAsync(resource);
-        }
-
-        [HttpDelete("{id}")]
-        public async Task<IActionResult> DeleteAsync(string id)
         {
-            int idValue = HexadecimalObfuscationCodec.Decode(id);
-            return await base.DeleteAsync(idValue);
         }
     }
 }

src/Examples/JsonApiDotNetCoreExample/Models/Passport.cs

@@ -14,16 +14,6 @@ public class Passport : Identifiable
         private readonly ISystemClock _systemClock;
         private int? _socialSecurityNumber;
 
-        protected override string GetStringId(int value)
-        {
-            return HexadecimalObfuscationCodec.Encode(value);
-        }
-
-        protected override int GetTypedId(string value)
-        {
-            return HexadecimalObfuscationCodec.Decode(value);
-        }
-
         [Attr]
         public int? SocialSecurityNumber
         {

src/JsonApiDotNetCore/Controllers/BaseJsonApiController.cs

@@ -160,7 +160,7 @@ public virtual async Task<IActionResult> PostAsync([FromBody] TResource resource
             if (_create == null)
                 throw new RequestMethodNotAllowedException(HttpMethod.Post);
 
-            if (!_options.AllowClientGeneratedIds && !string.IsNullOrEmpty(resource.StringId))
+            if (!_options.AllowClientGeneratedIds && resource.StringId != null)
                 throw new ResourceIdInPostRequestNotAllowedException();
 
             if (_options.ValidateModelState && !ModelState.IsValid)

src/JsonApiDotNetCore/Resources/Identifiable.cs

@@ -37,7 +37,7 @@ protected virtual string GetStringId(TId value)
         /// </summary>
         protected virtual TId GetTypedId(string value)
         {
-            return string.IsNullOrEmpty(value) ? default : (TId)TypeHelper.ConvertType(value, typeof(TId));
+            return value == null ? default : (TId)TypeHelper.ConvertType(value, typeof(TId));
         }
     }
 }

src/JsonApiDotNetCore/Serialization/Building/ResourceObjectBuilder.cs

@@ -29,7 +29,7 @@ public virtual ResourceObject Build(IIdentifiable resource, IReadOnlyCollection<
             var resourceContext = ResourceContextProvider.GetResourceContext(resource.GetType());
 
             // populating the top-level "type" and "id" members.
-            var resourceObject = new ResourceObject { Type = resourceContext.PublicName, Id = resource.StringId == string.Empty ? null : resource.StringId };
+            var resourceObject = new ResourceObject { Type = resourceContext.PublicName, Id = resource.StringId };
 
             // populating the top-level "attribute" member of a resource object. never include "id" as an attribute
             if (attributes != null && (attributes = attributes.Where(attr => attr.Property.Name != nameof(Identifiable.Id)).ToArray()).Any())

src/JsonApiDotNetCore/Serialization/JsonApiReader.cs

@@ -180,7 +180,7 @@ private void ValidatePrimaryIdValue(object model, PathString requestPath)
         /// </summary>
         private bool HasMissingId(object model)
         {
-            return TryGetId(model, out string id) && string.IsNullOrEmpty(id);
+            return TryGetId(model, out string id) && id == null;
         }
 
         /// <summary>
@@ -190,7 +190,7 @@ private bool HasMissingId(IEnumerable models)
         {
             foreach (var model in models)
             {
-                if (TryGetId(model, out string id) && string.IsNullOrEmpty(id))
+                if (TryGetId(model, out string id) && id == null)
                 {
                     return true;
                 }

test/JsonApiDotNetCoreExampleTests/Acceptance/InjectableResourceTests.cs

@@ -200,9 +200,8 @@ public async Task Can_Get_Passports_With_Sparse_Fieldset()
         public async Task Fail_When_Deleting_Missing_Passport()
         {
             // Arrange
-            string passportId = HexadecimalObfuscationCodec.Encode(1234567890);
 
-            var request = new HttpRequestMessage(HttpMethod.Delete, "/api/v1/passports/" + passportId);
+            var request = new HttpRequestMessage(HttpMethod.Delete, "/api/v1/passports/1234567890");
 
             // Act
             var response = await _fixture.Client.SendAsync(request);
@@ -215,7 +214,7 @@ public async Task Fail_When_Deleting_Missing_Passport()
             Assert.Single(errorDocument.Errors);
             Assert.Equal(HttpStatusCode.NotFound, errorDocument.Errors[0].StatusCode);
             Assert.Equal("The requested resource does not exist.", errorDocument.Errors[0].Title);
-            Assert.Equal("Resource of type 'passports' with ID '" + passportId + "' does not exist.", errorDocument.Errors[0].Detail);
+            Assert.Equal("Resource of type 'passports' with ID '1234567890' does not exist.", errorDocument.Errors[0].Detail);
         }
     }
 }

test/JsonApiDotNetCoreExampleTests/IntegrationTests/FakerContainer.cs

@@ -0,0 +1,73 @@
+using System;
+using System.Diagnostics;
+using System.Linq;
+using System.Reflection;
+using Xunit;
+
+namespace JsonApiDotNetCoreExampleTests.IntegrationTests
+{
+    internal abstract class FakerContainer
+    {
+        protected static int GetFakerSeed()
+        {
+            // The goal here is to have stable data over multiple test runs, but at the same time different data per test case.
+
+            MethodBase testMethod = GetTestMethod();
+            var testName = testMethod.DeclaringType?.FullName + "." + testMethod.Name;
+
+            return GetDeterministicHashCode(testName);
+        }
+
+        private static MethodBase GetTestMethod()
+        {
+            var stackTrace = new StackTrace();
+
+            var testMethod = stackTrace.GetFrames()
+                .Select(stackFrame => stackFrame?.GetMethod())
+                .FirstOrDefault(IsTestMethod);
+
+            if (testMethod == null)
+            {
+                // If called after the first await statement, the test method is no longer on the stack,
+                // but has been replaced with the compiler-generated async/wait state machine.
+                throw new InvalidOperationException("Fakers can only be used from within (the start of) a test method.");
+            }
+
+            return testMethod;
+        }
+
+        private static bool IsTestMethod(MethodBase method)
+        {
+            if (method == null)
+            {
+                return false;
+            }
+
+            return method.GetCustomAttribute(typeof(FactAttribute)) != null || method.GetCustomAttribute(typeof(TheoryAttribute)) != null;
+        }
+
+        private static int GetDeterministicHashCode(string source)
+        {
+            // https://andrewlock.net/why-is-string-gethashcode-different-each-time-i-run-my-program-in-net-core/
+            unchecked
+            {
+                int hash1 = (5381 << 16) + 5381;
+                int hash2 = hash1;
+
+                for (int i = 0; i < source.Length; i += 2)
+                {
+                    hash1 = ((hash1 << 5) + hash1) ^ source[i];
+
+                    if (i == source.Length - 1)
+                    {
+                        break;
+                    }
+
+                    hash2 = ((hash2 << 5) + hash2) ^ source[i + 1];
+                }
+
+                return hash1 + hash2 * 1566083941;
+            }
+        }
+    }
+}

test/JsonApiDotNetCoreExampleTests/IntegrationTests/Filtering/FilterTests.cs

@@ -1,4 +1,3 @@
-using System.Collections.Generic;
 using System.Net;
 using System.Threading.Tasks;
 using FluentAssertions;
@@ -110,87 +109,5 @@ await _testContext.RunOnDatabaseAsync(async dbContext =>
             responseDocument.ManyData[0].Id.Should().Be(person.StringId);
             responseDocument.ManyData[0].Attributes["firstName"].Should().Be(person.FirstName);
         }
-
-        [Fact]
-        public async Task Can_filter_on_obfuscated_ID()
-        {
-            // Arrange
-            Passport passport = null;
-
-            await _testContext.RunOnDatabaseAsync(async dbContext =>
-            {
-                passport = new Passport(dbContext)
-                {
-                    SocialSecurityNumber = 123,
-                    BirthCountry = new Country()
-                };
-
-                await dbContext.ClearTableAsync<Passport>();
-                dbContext.Passports.AddRange(passport, new Passport(dbContext));
-
-                await dbContext.SaveChangesAsync();
-            });
-
-            var route = $"/api/v1/passports?filter=equals(id,'{passport.StringId}')";
-
-            // Act
-            var (httpResponse, responseDocument) = await _testContext.ExecuteGetAsync<Document>(route);
-
-            // Assert
-            httpResponse.Should().HaveStatusCode(HttpStatusCode.OK);
-
-            responseDocument.ManyData.Should().HaveCount(1);
-            responseDocument.ManyData[0].Id.Should().Be(passport.StringId);
-            responseDocument.ManyData[0].Attributes["socialSecurityNumber"].Should().Be(passport.SocialSecurityNumber);
-        }
-
-        [Fact]
-        public async Task Can_filter_in_set_on_obfuscated_ID()
-        {
-            // Arrange
-            var passports = new List<Passport>();
-
-            await _testContext.RunOnDatabaseAsync(async dbContext =>
-            {
-                passports.AddRange(new[]
-                {
-                    new Passport(dbContext)
-                    {
-                        SocialSecurityNumber = 123,
-                        BirthCountry = new Country()
-                    },
-                    new Passport(dbContext)
-                    {
-                        SocialSecurityNumber = 456,
-                        BirthCountry = new Country()
-                    },
-                    new Passport(dbContext)
-                    {
-                        BirthCountry = new Country()
-                    }
-                });
-
-                await dbContext.ClearTableAsync<Passport>();
-                dbContext.Passports.AddRange(passports);
-
-                await dbContext.SaveChangesAsync();
-            });
-
-            var route = $"/api/v1/passports?filter=any(id,'{passports[0].StringId}','{passports[1].StringId}')";
-
-            // Act
-            var (httpResponse, responseDocument) = await _testContext.ExecuteGetAsync<Document>(route);
-
-            // Assert
-            httpResponse.Should().HaveStatusCode(HttpStatusCode.OK);
-
-            responseDocument.ManyData.Should().HaveCount(2);
-            
-            responseDocument.ManyData[0].Id.Should().Be(passports[0].StringId);
-            responseDocument.ManyData[0].Attributes["socialSecurityNumber"].Should().Be(passports[0].SocialSecurityNumber);
-
-            responseDocument.ManyData[1].Id.Should().Be(passports[1].StringId);
-            responseDocument.ManyData[1].Attributes["socialSecurityNumber"].Should().Be(passports[1].SocialSecurityNumber);
-        }
     }
 }

test/JsonApiDotNetCoreExampleTests/IntegrationTests/IdObfuscation/BankAccount.cs

@@ -0,0 +1,14 @@
+using System.Collections.Generic;
+using JsonApiDotNetCore.Resources.Annotations;
+
+namespace JsonApiDotNetCoreExampleTests.IntegrationTests.IdObfuscation
+{
+    public sealed class BankAccount : ObfuscatedIdentifiable
+    {
+        [Attr]
+        public string Iban { get; set; }
+
+        [HasMany]
+        public IList<DebitCard> Cards { get; set; }
+    }
+}