/// <summary>
/// Initializes a new instance of the <see cref="ControllersValidator"/> class.
/// </summary>
/// <param name="actionValidator">The action validator.</param>
/// <param name="policyStore">Authorization policy store.</param>
/// <exception cref="System.ArgumentNullException"></exception>
public ControllersValidator(IActionsValidator actionValidator, IAuthorizationPolicyStore policyStore)
{
if (policyStore == null)
{
throw new ArgumentNullException(nameof(policyStore));
}
if (actionValidator == null)
{
throw new ArgumentNullException(nameof(actionValidator));
}
_actionValidator = actionValidator;
_policyStore = policyStore;
}
/// <summary>
/// Initializes a new instance of the <see cref="ActionsValidator"/> class.
/// </summary>
/// <param name="paramsValidator">The parameters validator.</param>
/// <param name="policyStore">Authorization policy store.</param>
/// <exception cref="System.ArgumentNullException"></exception>
public ActionsValidator(IParametersValidator paramsValidator, IAuthorizationPolicyStore policyStore)
{
if (policyStore == null)
{
throw new ArgumentNullException(nameof(policyStore));
}
if (paramsValidator == null)
{
throw new ArgumentNullException(nameof(paramsValidator));
}
_paramsValidator = paramsValidator;
_policyStore = policyStore;
}
private async Task AssertSecureControllerAccess(ClaimsPrincipal user, string method, int expectedStatusCode, IAuthorizationPolicyStore policyStore = null)
{
var ctrl = new Fakes.FakeLimitedControllerDiscoverer(typeof(Controllers.SecureController)).GetControllers(null).Single();
if (policyStore != null)
{
object[] methodCallProps = { policyStore };
typeof(ControllerContext)
.GetTypeInfo()
.GetProperty("AuthPolicyStore", BindingFlags.Instance | BindingFlags.NonPublic)
.SetMethod.Invoke(ctrl, methodCallProps);
}
var actionCtx = ctrl.Actions.Single(x => string.Compare(method, x.Name, StringComparison.OrdinalIgnoreCase) == 0);
var invoker = new ActionInvoker(new ControllerBuilder((new Moq.Mock <IServiceProvider>()).Object), new ModelBinderCollection(new JsonSerializer(), new Moq.Mock <IServiceProvider>().Object), new JsonSerializer());
var httpCtx = new Fakes.FakeHttpContext();
httpCtx.User = user;
httpCtx.Request.Path = "/api/secure/" + method;
await invoker.Invoke(httpCtx, actionCtx);
Assert.Equal(expectedStatusCode, httpCtx.Response.StatusCode);
}
private async Task AssertSecureControllerAccess(ClaimsPrincipal user, string method, int expectedStatusCode, IAuthorizationPolicyStore policyStore = null)
{
var ctrl = new Fakes.FakeLimitedControllerDiscoverer(typeof(Controllers.SecureController)).GetControllers(null).Single();
if (policyStore != null)
{
var options = LiteApiOptions.Default;
foreach (var policy in policyStore.GetPolicyNames())
{
options.AuthorizationPolicyStore.SetPolicy(policy, policyStore.GetPolicy(policy));
}
ctrl.Filters = null; // force refresh init with new policy store
foreach (var action in ctrl.Actions)
{
action.Filters = null;
}
ctrl.Init(new LiteApiOptionsAccessor(options));
}
var actionCtx = ctrl.Actions.Single(x => string.Compare(method, x.Name, StringComparison.OrdinalIgnoreCase) == 0);
var invoker = new ActionInvoker(new ControllerBuilder((new Moq.Mock <IServiceProvider>()).Object), new ModelBinderCollection(
new JsonSerializer(), Fakes.FakeServiceProvider.GetServiceProvider(), new Fakes.FakeDefaultLiteApiOptionsRetriever()), new JsonSerializer());
var httpCtx = new Fakes.FakeHttpContext();
httpCtx.User = user;
httpCtx.Request.Path = "/api/secure/" + method;
await invoker.Invoke(httpCtx, actionCtx);
Assert.Equal(expectedStatusCode, httpCtx.Response.StatusCode);
}
