nmshd · tnotheis · Oct 16, 2024 · Oct 14, 2024 · Oct 14, 2024 · Oct 14, 2024
@@ -37,7 +37,8 @@ User requests Relationship Templates
           | rt12         | -             |
           | rt13         | password      |
           | rt14         | wordpass      |
-        Then the response contains Relationship Template(s) <retreivedTemplates>
+        Then the response status code is 200 (OK)
+        And the response contains Relationship Template(s) <retreivedTemplates>
 
         Examples:
           | activeIdentity | retreivedTemplates                                              |

@@ -3,45 +3,46 @@ Feature: GET /Tokens
 
 User requests multiple Tokens
 
-	Scenario Outline: Requesting a list of Tokens in a variety of scenarios
-		Given Identities i1, i2, i3 and i4
-		And the following Tokens
-			| tokenName | tokenOwner | forIdentity | password |
-			| rt1       | i1         | -           | -        |
-			| rt2       | i2         | -           | -        |
-			| rt3       | i1         | -           | -        |
-			| rt4       | i2         | -           | -        |
-			| rt5       | i1         | -           | password |
-			| rt6       | i1         | -           | password |
-			| rt7       | i2         | -           | password |
-			| rt8       | i2         | -           | password |
-			| rt9       | i1         | i1          | -        |
-			| rt10      | i2         | i3          | -        |
-			| rt11      | i2         | i2          | -        |
-			| rt12      | i2         | i3          | -        |
-			| rt13      | i2         | i3          | password |
-			| rt14      | i2         | i3          | password |
-		When <activeIdentity> sends a GET request to the /Tokens endpoint with the following payloads
-			| tokenName | passwordOnGet |
-			| rt1       | -             |
-			| rt2       | -             |
-			| rt3       | password      |
-			| rt4       | password      |
-			| rt5       | password      |
-			| rt6       | -             |
-			| rt7       | password      |
-			| rt8       | -             |
-			| rt9       | -             |
-			| rt10      | -             |
-			| rt11      | -             |
-			| rt12      | -             |
-			| rt13      | password      |
-			| rt14      | wordpass      |
-		Then the response contains Token(s) <retreivedTokens>
+    Scenario Outline: Requesting a list of Tokens in a variety of scenarios
+        Given Identities i1, i2, i3 and i4
+        And the following Tokens
+          | tokenName | tokenOwner | forIdentity | password |
+          | rt1       | i1         | -           | -        |
+          | rt2       | i2         | -           | -        |
+          | rt3       | i1         | -           | -        |
+          | rt4       | i2         | -           | -        |
+          | rt5       | i1         | -           | password |
+          | rt6       | i1         | -           | password |
+          | rt7       | i2         | -           | password |
+          | rt8       | i2         | -           | password |
+          | rt9       | i1         | i1          | -        |
+          | rt10      | i2         | i3          | -        |
+          | rt11      | i2         | i2          | -        |
+          | rt12      | i2         | i3          | -        |
+          | rt13      | i2         | i3          | password |
+          | rt14      | i2         | i3          | password |
+        When <activeIdentity> sends a GET request to the /Tokens endpoint with the following payloads
+          | tokenName | passwordOnGet |
+          | rt1       | -             |
+          | rt2       | -             |
+          | rt3       | password      |
+          | rt4       | password      |
+          | rt5       | password      |
+          | rt6       | -             |
+          | rt7       | password      |
+          | rt8       | -             |
+          | rt9       | -             |
+          | rt10      | -             |
+          | rt11      | -             |
+          | rt12      | -             |
+          | rt13      | password      |
+          | rt14      | wordpass      |
+        Then the response status code is 200 (OK)
+        And the response contains Token(s) <retreivedTokens>
 
-		Examples:
-			| activeIdentity | retreivedTokens                                                 |
-			| i1             | rt1, rt2, rt3, rt4, rt5, rt6, rt7, rt9                          |
-			| i2             | rt1, rt2, rt3, rt4, rt5, rt7, rt8, rt10, rt11, rt12, rt13, rt14 |
-			| i3             | rt1, rt2, rt3, rt4, rt5, rt7, rt10, rt12, rt13                  |
-			| i4             | rt1, rt2, rt3, rt4, rt5, rt7                                    |
+        Examples:
+          | activeIdentity | retreivedTokens                                                 |
+          | i1             | rt1, rt2, rt3, rt4, rt5, rt6, rt7, rt9                          |
+          | i2             | rt1, rt2, rt3, rt4, rt5, rt7, rt8, rt10, rt11, rt12, rt13, rt14 |
+          | i3             | rt1, rt2, rt3, rt4, rt5, rt7, rt10, rt12, rt13                  |
+          | i4             | rt1, rt2, rt3, rt4, rt5, rt7                                    |
@@ -14,7 +14,8 @@ public static Expression<Func<T, bool>> Or<T>(this Expression<Func<T, bool>> exp
         var rightVisitor = new ReplaceExpressionVisitor(expression2.Parameters[0], parameter);
         var right = rightVisitor.Visit(expression2.Body);
 
-        return Expression.Lambda<Func<T, bool>>(Expression.OrElse(left, right), parameter);
+        // CAUTION: the null suppression operator is used here without being sure if it's safe; so if there's a NullReferenceException, this is the first place to check
+        return Expression.Lambda<Func<T, bool>>(Expression.OrElse(left!, right!), parameter);
     }
 
     public static Expression<Func<T, bool>> And<T>(this Expression<Func<T, bool>> expression1, Expression<Func<T, bool>> expression2)
@@ -27,7 +28,8 @@ public static Expression<Func<T, bool>> And<T>(this Expression<Func<T, bool>> ex
         var rightVisitor = new ReplaceExpressionVisitor(expression2.Parameters[0], parameter);
         var right = rightVisitor.Visit(expression2.Body);
 
-        return Expression.Lambda<Func<T, bool>>(Expression.AndAlso(left, right), parameter);
+        // CAUTION: the null suppression operator is used here without being sure if it's safe; so if there's a NullReferenceException, this is the first place to check
+        return Expression.Lambda<Func<T, bool>>(Expression.AndAlso(left!, right!), parameter);
     }
 
     private class ReplaceExpressionVisitor : ExpressionVisitor
@@ -41,10 +43,8 @@ public ReplaceExpressionVisitor(Expression oldValue, Expression newValue)
             _newValue = newValue;
         }
 
-        public override Expression Visit(Expression? node)
+        public override Expression? Visit(Expression? node)
         {
-            ArgumentNullException.ThrowIfNull(node);
-
             return node == _oldValue ? _newValue : base.Visit(node);
         }
     }

@@ -119,6 +119,6 @@ public void Fails_when_Password_is_too_long()
 
         // Assert
         validationResult.ShouldHaveValidationErrorForItem(nameof(CreateRelationshipTemplateCommand.Password), "error.platform.validation.invalidPropertyValue",
-            "'Password' must be between 0 and 200 bytes long. You entered 250 bytes.");
+            "'Password' must be between 1 and 200 bytes long. You entered 250 bytes.");
     }
 }
@@ -26,6 +26,6 @@ public Validator()
             .ValidId<CreateRelationshipTemplateCommand, IdentityAddress>()
             .When(c => c.ForIdentity != null);
 
-        RuleFor(c => c.Password).NumberOfBytes(0, RelationshipTemplate.MAX_PASSWORD_LENGTH);
+        RuleFor(c => c.Password).NumberOfBytes(1, RelationshipTemplate.MAX_PASSWORD_LENGTH).When(t => t.Password != null);
     }
 }
@@ -11,6 +11,6 @@ public Validator()
     {
         RuleFor(x => x.Id).ValidId<GetRelationshipTemplateQuery, RelationshipTemplateId>();
 
-        RuleFor(x => x.Password).NumberOfBytes(1, RelationshipTemplate.MAX_PASSWORD_LENGTH);
+        RuleFor(x => x.Password).NumberOfBytes(1, RelationshipTemplate.MAX_PASSWORD_LENGTH).When(t => t.Password != null);
     }
 }
@@ -5,6 +5,7 @@
 using Xunit;
 
 namespace Backbone.Modules.Relationships.Domain.Aggregates.RelationshipTemplates;
+
 public class RelationshipTemplateCanBeCollectedBy : AbstractTestsBase
 {
     private const string I1 = "did:e:prod.enmeshed.eu:dids:70cf4f3e6edf6bca33d35f";

@@ -6,7 +6,7 @@
 
 namespace Backbone.Modules.Relationships.Domain.Aggregates.RelationshipTemplates;
 
-public class RelationshipTemplateCanBeCollectedWithPasswordTests : AbstractTestsBase
+public class RelationshipTemplateCanBeCollectedUsingPasswordExpressionTests : AbstractTestsBase
 {
     [Fact]
     public void Can_collect_without_a_password_when_no_password_is_defined()

@@ -26,6 +26,6 @@ public Validator()
             .ValidId<CreateTokenCommand, IdentityAddress>()
             .When(t => t.ForIdentity != null);
 
-        RuleFor(c => c.Password).NumberOfBytes(0, Token.MAX_PASSWORD_LENGTH);
+        RuleFor(c => c.Password).NumberOfBytes(1, Token.MAX_PASSWORD_LENGTH).When(c => c.Password != null);
     }
 }
@@ -10,6 +10,6 @@ public class Validator : AbstractValidator<GetTokenQuery>
     public Validator()
     {
         RuleFor(x => x.Id).ValidId<GetTokenQuery, TokenId>();
-        RuleFor(x => x.Password).NumberOfBytes(1, Token.MAX_PASSWORD_LENGTH);
+        RuleFor(x => x.Password).NumberOfBytes(1, Token.MAX_PASSWORD_LENGTH).When(t => t.Password != null);
     }
 }
@@ -96,6 +96,6 @@ public void Fails_when_Password_is_too_long()
 
         // Assert
         validationResult.ShouldHaveValidationErrorForItem(nameof(CreateTokenCommand.Password), "error.platform.validation.invalidPropertyValue",
-            "'Password' must be between 0 and 200 bytes long. You entered 250 bytes.");
+            "'Password' must be between 1 and 200 bytes long. You entered 250 bytes.");
     }
 }
@@ -4,8 +4,8 @@
 namespace Backbone.Modules.Tokens.Domain.Tests.TestHelpers;
 public class TestData
 {
-    public static Token CreateToken(IdentityAddress createdBy, IdentityAddress? forIdentity)
+    public static Token CreateToken(IdentityAddress createdBy, IdentityAddress? forIdentity, byte[]? password = null)
     {
-        return new Token(createdBy, DeviceId.Parse("DVC1"), [], DateTime.Now.AddDays(1), forIdentity);
+        return new Token(createdBy, DeviceId.Parse("DVC1"), [], DateTime.Now.AddDays(1), forIdentity, password);
     }
 }
@@ -0,0 +1,88 @@
+using Backbone.Modules.Tokens.Domain.Tests.TestHelpers;
+using Backbone.UnitTestTools.Data;
+using FluentAssertions;
+using Xunit;
+
+namespace Backbone.Modules.Tokens.Domain.Tests.Tests;
+
+public class TokenCanBeCollectedUsingPasswordTests
+{
+    [Fact]
+    public void Can_collect_without_a_password_when_no_password_is_defined()
+    {
+        // Arrange
+        var creator = TestDataGenerator.CreateRandomIdentityAddress();
+        var collector = TestDataGenerator.CreateRandomIdentityAddress();
+
+        var template = TestData.CreateToken(creator, null);
+
+        // Act
+        var result = template.CanBeCollectedUsingPassword(collector, null);
+
+        // Assert
+        result.Should().BeTrue();
+    }
+
+    [Fact]
+    public void Can_collect_with_a_password_when_no_password_is_defined()
+    {
+        // Arrange
+        var creator = TestDataGenerator.CreateRandomIdentityAddress();
+        var collector = TestDataGenerator.CreateRandomIdentityAddress();
+
+        var template = TestData.CreateToken(creator, null);
+
+        // Act
+        var result = template.CanBeCollectedUsingPassword(collector, [1]);
+
+        // Assert
+        result.Should().BeTrue();
+    }
+
+    [Fact]
+    public void Can_collect_with_correct_password()
+    {
+        // Arrange
+        var creator = TestDataGenerator.CreateRandomIdentityAddress();
+        var collector = TestDataGenerator.CreateRandomIdentityAddress();
+
+        var template = TestData.CreateToken(creator, null, password: [1]);
+
+        // Act
+        var result = template.CanBeCollectedUsingPassword(collector, [1]);
+
+        // Assert
+        result.Should().BeTrue();
+    }
+
+    [Fact]
+    public void Cannot_collect_with_incorrect_password()
+    {
+        // Arrange
+        var creator = TestDataGenerator.CreateRandomIdentityAddress();
+        var collector = TestDataGenerator.CreateRandomIdentityAddress();
+
+        var template = TestData.CreateToken(creator, null, password: [1]);
+
+        // Act
+        var result = template.CanBeCollectedUsingPassword(collector, [2]);
+
+        // Assert
+        result.Should().BeFalse();
+    }
+
+    [Fact]
+    public void Can_collect_as_owner_without_a_password()
+    {
+        // Arrange
+        var creator = TestDataGenerator.CreateRandomIdentityAddress();
+
+        var template = TestData.CreateToken(creator, null, password: [1]);
+
+        // Act
+        var result = template.CanBeCollectedUsingPassword(creator, null);
+
+        // Assert
+        result.Should().BeTrue();
+    }
+}