public async Task ThenFailsIfEmployerIdIsNotInUrl(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "Owner"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsFalse(context.HasSucceeded);
}
public async Task ThenSucceedsIfEmployerIsAuthorised(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "Owner"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsTrue(context.HasSucceeded);
}
public async Task ThenFailsIfEmployerAccountIdNotFoundEvenAfterAccountIdRefresh(
[Frozen] Mock <IEmployerAccountService> employerAccountService,
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerAccounts = new Dictionary <string, EmployerIdentifier>();
var employerAccountClaim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var userId = Guid.NewGuid().ToString();
var userClaim = new Claim(EmployerClaims.IdamsUserIdClaimTypeIdentifier, userId);
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { employerAccountClaim, userClaim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
employerAccountService.Setup(s => s.GetClaim(It.IsAny <string>(), It.IsAny <string>()))
.ReturnsAsync(employerAccountClaim);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsFalse(context.HasSucceeded);
}
public void ThenReturnsFalseIfEmployerIdIsNotInUrl(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "Owner"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsFalse(result);
}
public void ThenReturnsTrueIfEmployerIsAuthorised(
[Frozen] Mock <IEmployerAccountService> employerAccountService,
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "Owner"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsTrue(result);
}
public void ThenFailsIfUserDoesNotHaveAValidRole(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "I'm not a role"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsFalse(result);
}
public async Task ThenFailsIfEmployerClaimNotFound(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new Claim[0]) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsFalse(context.HasSucceeded);
}
public void ThenReturnsFalseIfEmployerClaimNotFound(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new Claim[0]) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsFalse(result);
}
public void ThenSucceedsIfEmployerAccountIdIsFoundAfterAccountIdRefresh(
[Frozen] Mock <IEmployerAccountService> employerAccountService,
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerAccounts = new Dictionary <string, EmployerIdentifier>();
var employerAccountClaim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var userId = Guid.NewGuid().ToString();
var userClaim = new Claim(EmployerClaims.IdamsUserIdClaimTypeIdentifier, userId);
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { employerAccountClaim, userClaim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Corp",
Role = "Owner"
};
var refreshedEmployerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var refreshedEmployerAccountClaim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(refreshedEmployerAccounts));
employerAccountService.Setup(s => s.GetClaim(It.IsAny <string>(), It.IsAny <string>()))
.ReturnsAsync(refreshedEmployerAccountClaim);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsTrue(result);
}
public async Task ThenFailsIfEmployerAccountIdNotFoundAndUserIdNotFound(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerAccounts = new Dictionary <string, EmployerIdentifier>();
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsFalse(context.HasSucceeded);
}
public void ThenReturnsFalseIfEmployerAccountIdNotFoundAndUserIdNotFound(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerAccounts = new Dictionary <string, EmployerIdentifier>();
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsFalse(result);
}
