public void NamespaceBasedAuthorization_MatchOnNamespace_ShouldThrowNoExceptions()
{
//Arrange
var strategy = new NamespaceBasedAuthorizationStrategy();
var claims = new List <Claim>
{
new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi.org/"),
new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi-2.org/")
};
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims, EdFiAuthenticationTypes.OAuth));
string resource = @"http://ed-fi.org/ods/identity/claims/academicSubjectDescriptor";
string action = @"http://ed-fi.org/ods/actions/manage";
var data = new NamespaceBasedAuthorizationContextData
{
Namespace = @"uri://ed-fi.org/"
};
//Act
strategy.AuthorizeSingleItemAsync(new List <Claim>(), new EdFiAuthorizationContext(principal, new[] { resource }, action, data), CancellationToken.None)
.WaitSafely();
//Assert
}
public void NamespaceBasedAuthorization_EmptyResourceNamespace()
{
//Arrange
var strategy = new NamespaceBasedAuthorizationStrategy();
var claims = new List <Claim>
{
new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi.org/"),
new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi-2.org/")
};
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims, EdFiAuthenticationTypes.OAuth));
string resource = @"http://ed-fi.org/ods/identity/claims/academicSubjectDescriptor";
string action = @"http://ed-fi.org/ods/actions/manage";
var data = new NamespaceBasedAuthorizationContextData
{
Namespace = @""
};
//Act
var exception = Assert.Throws <EdFiSecurityException>(
() => strategy.AuthorizeSingleItemAsync(
new List <Claim>(), new EdFiAuthorizationContext(principal, new[] { resource }, action, data), CancellationToken.None)
.WaitSafely());
exception.Message.ShouldBe("Access to the resource item could not be authorized because the Namespace of the resource is empty.");
//Assert
}