Include backoffice api example integration test

Author: D-Inventor

src/TestingExample.Website/BackofficeApi/ExampleBackofficeApiController.cs

@@ -0,0 +1,17 @@
+using Microsoft.AspNetCore.Mvc;
+using Umbraco.Cms.Api.Management.Controllers;
+using Umbraco.Cms.Api.Management.Routing;
+
+namespace TestingExample.Website.BackofficeApi;
+
+[VersionedApiBackOfficeRoute("exampleapi")]
+[ApiExplorerSettings(GroupName = "Example Backoffice API")]
+public class ExampleBackofficeApiController
+    : ManagementApiControllerBase
+{
+    [HttpGet]
+    public IActionResult GetResource()
+    {
+        return Ok(new { Message = "This is an example response from the backoffice API." });
+    }
+}

test/TestingExample.Website.IntegrationTests/BackofficeApiTests.cs

@@ -0,0 +1,22 @@
+using System.Net;
+
+namespace TestingExample.Website.IntegrationTests;
+
+[Collection(nameof(SqlServerWebsiteFixture))]
+public sealed class BackofficeApiTests(SqlServerWebsiteFixture websiteFixture)
+{
+    private readonly SqlServerWebsiteFixture _websiteFixture = websiteFixture;
+
+    [Fact]
+    public async Task ShouldReturnOkResult()
+    {
+        // given
+        var backofficeClient = await _websiteFixture.CreateBackofficeClientAsync(TestContext.Current.CancellationToken);
+
+        // when
+        var response = await backofficeClient.GetAsync("/umbraco/management/api/v1/exampleapi", TestContext.Current.CancellationToken);
+
+        // then
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+    }
+}

test/TestingExample.Website.IntegrationTests/HomepageTests.cs

@@ -3,14 +3,18 @@
 namespace TestingExample.Website.IntegrationTests;
 
 [Collection(nameof(SqlServerWebsiteFixture))]
-public class HomepageTests(SqlServerWebsiteFixture websiteFixture)
-    : IntegrationTestBase(websiteFixture.Website)
+public sealed class HomepageTests(SqlServerWebsiteFixture websiteFixture)
 {
+    private readonly SqlServerWebsiteFixture _websiteFixture = websiteFixture;
+
     [Fact]
     public async Task ShouldGetTheHomepage()
     {
-        // given / when
-        var response = await Client.GetAsync("/", TestContext.Current.CancellationToken);
+        // given
+        var client = _websiteFixture.CreateAnonymousClient();
+
+        // when
+        var response = await client.GetAsync("/", TestContext.Current.CancellationToken);
 
         // then
         Assert.Equal(HttpStatusCode.OK, response.StatusCode);

test/TestingExample.Website.IntegrationTests/IntegrationTestBase.cs

@@ -36,3 +36,11 @@ Specifically for xUnit v3, a compromise was necessary. In short: type finder set
   }
 }
 ```
+
+## Running tests on the backoffice
+
+The management api is protected, so you can't simply call an endpoint and get a response. You need an authenticated backoffice user to fetch a result from a backoffice api endpoint.
+
+### Relevant source code
+- [Example test that tests a backoffice endpoint](./BackofficeApiTests.cs)
+- [The BackofficeCredentialsProvider authenticates an HttpClient so that it can acces backoffice APIs](./Website/BackofficeCredentialsProvider.cs)

test/TestingExample.Website.IntegrationTests/README.md

@@ -31,6 +31,7 @@
   </ItemGroup>
 
   <ItemGroup>
+		<PackageReference Include="Duende.IdentityModel" Version="7.1.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.0.7" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
 		<PackageReference Include="Scrutor" Version="6.1.0" />

test/TestingExample.Website.IntegrationTests/TestingExample.Website.IntegrationTests.csproj

@@ -0,0 +1,62 @@
+using Duende.IdentityModel.Client;
+using Umbraco.Cms.Core.Models;
+using Umbraco.Cms.Core.Models.Membership;
+using Umbraco.Cms.Core.Security;
+using Umbraco.Cms.Core.Services;
+using Umbraco.Cms.Core;
+
+namespace TestingExample.Website.IntegrationTests.Website;
+
+public sealed class BackofficeCredentialsProvider(IUserService userService, IBackOfficeUserClientCredentialsManager clientCredentialService)
+{
+    private readonly IUserService _userService = userService;
+    private readonly IBackOfficeUserClientCredentialsManager _clientCredentialService = clientCredentialService;
+
+    private BackofficeCredentials? _credentials = null;
+
+    public async Task AuthenticateAsBackofficeUserAsync(HttpClient client, CancellationToken cancellationToken = default)
+    {
+        // If no credentials are set, create a new backoffice user and client credentials
+        _credentials ??= await CreateBackofficeCredentialsAsync();
+
+        // Use the credentials to authenticate the HttpClient
+        await AuthenticateHttpClientAsync(client, _credentials, cancellationToken);
+    }
+
+    private static async Task AuthenticateHttpClientAsync(HttpClient client, BackofficeCredentials credentials, CancellationToken cancellationToken)
+    {
+        var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
+        {
+            Address = "/umbraco/management/api/v1/security/back-office/token",
+            ClientId = credentials.ClientId,
+            ClientSecret = credentials.ClientSecret
+        }, cancellationToken);
+
+        if (string.IsNullOrWhiteSpace(tokenResponse.AccessToken)) throw new InvalidOperationException("Failed to obtain access token for backoffice user.");
+
+        client.SetBearerToken(tokenResponse.AccessToken);
+    }
+
+    private async Task<BackofficeCredentials> CreateBackofficeCredentialsAsync()
+    {
+        var userCreateResult = await _userService.CreateAsync(Constants.Security.SuperUserKey, new UserCreateModel
+        {
+            Name = "Test User",
+            UserName = "test@email.com",
+            Email = "test@email.com",
+            Kind = UserKind.Api,
+            UserGroupKeys = new HashSet<Guid> { Constants.Security.AdminGroupKey }
+        }, approveUser: true);
+
+        var user = userCreateResult.Result.CreatedUser!;
+
+        var result = new BackofficeCredentials("umbraco-back-office-" + Guid.NewGuid().ToString(), Guid.NewGuid().ToString());
+        var clientCredentialResult = await _clientCredentialService.SaveAsync(user.Key, result.ClientId, result.ClientSecret);
+
+        if (!clientCredentialResult.Success) throw new InvalidOperationException("Failed to create backoffice client credentials.");
+
+        return result;
+    }
+
+    private record BackofficeCredentials(string ClientId, string ClientSecret);
+}

test/TestingExample.Website.IntegrationTests/Website/BackofficeCredentialsProvider.cs

@@ -1,26 +1,54 @@
+using System.Text.Json;
+using Microsoft.Extensions.DependencyInjection;
 using TestingExample.Website.IntegrationTests.Database;
 using TestingExample.Website.IntegrationTests.Website;
+using Umbraco.Cms.Core.Security;
+using Umbraco.Cms.Core.Services;
 
 namespace TestingExample.Website.IntegrationTests;
 
-public class WebsiteFixture(IDatabaseResource database)
-    : IAsyncLifetime
+public class WebsiteFixture(IDatabaseResource database) : IAsyncLifetime
 {
     private readonly IDatabaseResource _database = database;
     private readonly WebsiteResource _website = new(database);
 
+    private AsyncServiceScope _scope;
+    private HttpClient? _client = null;
+    private BackofficeCredentialsProvider? _backofficeCredentialsProvider = null;
+
     public WebsiteResource Website => _website;
 
+    public HttpClient Client => _client ??= _website.CreateClient();
+
+    private BackofficeCredentialsProvider BackofficeCredentialsProvider => _backofficeCredentialsProvider ??= new BackofficeCredentialsProvider(
+        _scope.ServiceProvider.GetRequiredService<IUserService>(),
+        _scope.ServiceProvider.GetRequiredService<IBackOfficeUserClientCredentialsManager>()
+    );
+
+    public HttpClient CreateAnonymousClient()
+    {
+        return Website.CreateClient();
+    }
+
+    public async Task<HttpClient> CreateBackofficeClientAsync(CancellationToken cancellationToken = default)
+    {
+        var client = Website.CreateClient();
+        await BackofficeCredentialsProvider.AuthenticateAsBackofficeUserAsync(client, cancellationToken);
+        return client;
+    }
+
     public async ValueTask InitializeAsync()
     {
         await _database.InitializeAsync();
-        await Website.StartAsync();
+        await _website.StartAsync();
+        _scope = Website.Services.CreateAsyncScope();
     }
 
     public async ValueTask DisposeAsync()
     {
-        if (_website is not null) await _website.DisposeAsync();
-        if (_database is not null) await _database.DisposeAsync();
+        await _scope.DisposeAsync();
+        await _website.DisposeAsync();
+        await _database.DisposeAsync();
 
         GC.SuppressFinalize(this);
     }
@@ -38,4 +66,4 @@ public sealed class SqlServerWebsiteFixture()
     : WebsiteFixture(new SqlServerDatabase())
     , ICollectionFixture<SqlServerWebsiteFixture>
 {
-}
+}