public void Check_ApplyCanMutateCheckedClaims()
        {
            // Arrange
            var user = new ClaimsPrincipal(
                new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic")
                );

            var policies = new IAuthorizationPolicy[] {
                new FakePolicy() {
                    ApplyAsyncAction = (context) => {
                        // for instance, if user owns the comment
                        if(!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments"))
                        {
                            context.Claims.Add(new Claim("Permission", "CanDeleteComments"));
                            context.Retry = true;
                        }
                    }
                }
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), user);

            // Assert
            Assert.True(allowed);
        }
        public void Check_PoliciesCanMutateUsersClaims()
        {
            // Arrange
            var user = new ClaimsPrincipal(
                new ClaimsIdentity(new Claim[0], "Basic")
                );

            var policies = new IAuthorizationPolicy[] {
                new FakePolicy() {
                    ApplyAsyncAction = (context) => {
                        if (!context.Authorized)
                        {
                            context.UserClaims.Add(new Claim("Permission", "CanDeleteComments"));
                            context.Retry = true;
                        }
                    }
                }
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            var allowed = authorizationService.Authorize(new Claim("Permission", "CanDeleteComments"), user);

            // Assert
            Assert.True(allowed);
        }
Beispiel #3
0
        public async Task Invoke_EmptyClaimsShouldAuthorizeAuthenticatedUser()
        {
            // Arrange
            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
            var authorizeAttribute = new AuthorizeAttribute();
            var authorizationContext = GetAuthorizationContext(services => 
                services.AddInstance<IAuthorizationService>(authorizationService)
                );

            // Act
            await authorizeAttribute.OnAuthorizationAsync(authorizationContext);

            // Assert
            Assert.Null(authorizationContext.Result);
        }
Beispiel #4
0
        public async Task Invoke_ValidClaimShouldNotFail()
        {
            // Arrange
            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
            var authorizeAttribute = new AuthorizeAttribute("Permission", "CanViewPage");
            var authorizationContext = GetAuthorizationContext(services => 
                services.AddInstance<IAuthorizationService>(authorizationService)
                );

            // Act
            await authorizeAttribute.OnAuthorizationAsync(authorizationContext);

            // Assert
            Assert.Null(authorizationContext.Result);
        }
Beispiel #5
0
        public async Task Invoke_EmptyClaimsWithAllowAnonymousAttributeShouldNotRejectAnonymousUser()
        {
            // Arrange
            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
            var authorizeAttribute = new AuthorizeAttribute();
            var authorizationContext = GetAuthorizationContext(services => 
                services.AddInstance<IAuthorizationService>(authorizationService),
                anonymous: true
                );

            authorizationContext.Filters.Add(new AllowAnonymousAttribute());

            // Act
            await authorizeAttribute.OnAuthorizationAsync(authorizationContext);

            // Assert
            Assert.Null(authorizationContext.Result);
        }
        public void Check_ShouldAllowIfClaimIsAmongValues()
        {
            // Arrange
            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
            var user = new ClaimsPrincipal(
                new ClaimsIdentity(
                    new Claim[] {
                        new Claim("Permission", "CanViewPage"),
                        new Claim("Permission", "CanViewAnything")
                    },
                    "Basic")
                );

            // Act
            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);

            // Assert
            Assert.True(allowed);
        }
        public void Check_ShouldThrowWhenPoliciesDontStop()
        {
            // Arrange
            var policies = new IAuthorizationPolicy[] {
                new FakePolicy() {
                    ApplyAsyncAction = (context) => { context.Retry = true; }
                }
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            // Assert
            Exception ex = Assert.Throws<AggregateException>(() => authorizationService.Authorize(Enumerable.Empty<Claim>(), null));
        }
        public void Check_ShouldNotAllowIfUserIsNull()
        {
            // Arrange
            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
            ClaimsPrincipal user = null;

            // Act
            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);

            // Assert
            Assert.False(allowed);
        }
        public void Check_ShouldNotAllowIfNoClaims()
        {
            // Arrange
            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
            var user = new ClaimsPrincipal(
                new ClaimsIdentity(
                    new Claim[0],
                    "Basic")
                );

            // Act
            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);

            // Assert
            Assert.False(allowed);
        }
        public void Check_ShouldInvokeApplyingApplyAppliedInOrder()
        {
            // Arrange
            string result = "";
            var policies = new IAuthorizationPolicy[] {
                new FakePolicy() {
                    Order = 20,
                    ApplyingAsyncAction = (context) => { result += "Applying20"; },
                    ApplyAsyncAction = (context) => { result += "Apply20"; },
                    AppliedAsyncAction = (context) => { result += "Applied20"; }
                },
                new FakePolicy() {
                    Order = -1,
                    ApplyingAsyncAction = (context) => { result += "Applying-1"; },
                    ApplyAsyncAction = (context) => { result += "Apply-1"; },
                    AppliedAsyncAction = (context) => { result += "Applied-1"; }
                },
                new FakePolicy() {
                    Order = 30,
                    ApplyingAsyncAction = (context) => { result += "Applying30"; },
                    ApplyAsyncAction = (context) => { result += "Apply30"; },
                    AppliedAsyncAction = (context) => { result += "Applied30"; }
                },
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);

            // Assert
            Assert.Equal("Applying-1Applying20Applying30Apply-1Apply20Apply30Applied-1Applied20Applied30", result);
        }
        public void Check_ShouldConvertNullClaimsToEmptyList()
        {
            // Arrange
            IList<Claim> claims = null;
            var policies = new IAuthorizationPolicy[] {
                new FakePolicy() {
                    Order = 20,
                    ApplyingAsyncAction = (context) => { claims = context.Claims; }
                }
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);

            // Assert
            Assert.NotNull(claims);
            Assert.Equal(0, claims.Count);
        }
Beispiel #12
0
        public async Task Invoke_NullPoliciesShouldNotFail()
        {
            // Arrange
            var authorizationService = new DefaultAuthorizationService(policies: null);
            var authorizeAttribute = new AuthorizeAttribute("Permission", "CanViewPage");
            var authorizationContext = GetAuthorizationContext(services => 
                services.AddInstance<IAuthorizationService>(authorizationService)
                );

            // Act
            await authorizeAttribute.OnAuthorizationAsync(authorizationContext);

            // Assert
            Assert.Null(authorizationContext.Result);
        }