public void GetPolicyRequirements_HasMultipleAuthorizeFilterRequirements_ReturnsAllRequirements()
{
this.filterDescriptors.Add(new FilterDescriptor(new AllowAnonymousFilter(), 10));
var requirement1 = new DenyAnonymousAuthorizationRequirement();
var requirements1 = new List <IAuthorizationRequirement>()
{
requirement1
};
var policy1 = new AuthorizationPolicy(requirements1, new List <string>());
this.filterDescriptors.Add(new FilterDescriptor(new AuthorizeFilter(policy1), 20));
var requirement2 = new DenyAnonymousAuthorizationRequirement();
var requirements2 = new List <IAuthorizationRequirement>()
{
requirement2
};
var policy2 = new AuthorizationPolicy(requirements2, new List <string>());
this.filterDescriptors.Add(new FilterDescriptor(new AuthorizeFilter(policy2), 30));
var policyRequirements = FilterDescriptorExtensions.GetPolicyRequirements(this.filterDescriptors);
Assert.Equal(2, policyRequirements.Count);
Assert.Same(requirement2, policyRequirements.First());
Assert.Same(requirement1, policyRequirements.Last());
}
public void GetPolicyRequirements_HasAuthorizeFilterWithHighestPriorityAndRequirements_ReturnsRequirements()
{
this.filterDescriptors.Add(new FilterDescriptor(new AllowAnonymousFilter(), 20));
var requirement = new DenyAnonymousAuthorizationRequirement();
var requirements = new List<IAuthorizationRequirement>() { requirement };
var policy = new AuthorizationPolicy(requirements, new List<string>());
this.filterDescriptors.Add(new FilterDescriptor(new AuthorizeFilter(policy), 30));
var policyRequirements = FilterDescriptorExtensions.GetPolicyRequirements(this.filterDescriptors);
Assert.Equal(requirements, policyRequirements);
}
public void Apply_HasPolicyWithNoClaimsAuthorizationRequirements_DoesNothing()
{
var requirement = new DenyAnonymousAuthorizationRequirement();
var requirements = new List<IAuthorizationRequirement>() { requirement };
var policy = new AuthorizationPolicy(requirements, new List<string>());
var filterDescriptor = new FilterDescriptor(new AuthorizeFilter(policy), 30);
this.operationFilterContext.ApiDescription.ActionDescriptor.FilterDescriptors.Add(filterDescriptor);
this.operationFilter.Apply(this.operation, this.operationFilterContext);
Assert.Null(this.operation.Security);
}
public void PoliciesShouldCombine()
{
const string allowedRole = "test role";
var roleRequirement = new RolesAuthorizationRequirement(new[] { allowedRole });
var rolePolicy = new AuthorizationPolicy(new[] { roleRequirement }, new string[0]);
var denyAnonymousRequirement = new DenyAnonymousAuthorizationRequirement();
var denyAnonymousPolicy = new AuthorizationPolicy(new[] { denyAnonymousRequirement }, new string[0]);
var combinedPolicy = AuthorizationPolicy.Combine(rolePolicy, denyAnonymousPolicy);
var requirements = new HashSet <IAuthorizationRequirement>(combinedPolicy.Requirements);
Assert.IsTrue(requirements.Contains(roleRequirement));
Assert.IsTrue(requirements.Contains(denyAnonymousRequirement));
}
public void Apply_HasDenyAnonymousAuthorizationRequirement_Adds401Response()
{
var requirement = new DenyAnonymousAuthorizationRequirement();
var requirements = new List <IAuthorizationRequirement>()
{
requirement
};
var policy = new AuthorizationPolicy(requirements, new List <string>());
var filterDescriptor = new FilterDescriptor(new AuthorizeFilter(policy), 30);
this.context.ApiDescription.ActionDescriptor.FilterDescriptors.Add(filterDescriptor);
this.operationFilter.Apply(this.operation, this.context);
Assert.True(this.operation.Responses.ContainsKey("401"));
}
