public void WhenTheBasicCredentialsHaveInvalidValues_ThenTheResultIsHttpBasicUnauthorizedResult()
{
userService.Setup(u => u.GetRegisteredUser()).Returns(new User { Salt = "saltsalt", Name = "name", Password = "******" });
configurationManager.Setup(c => c.AppSetting("keyphrase")).Returns("key");
var filterContext = new AuthorizationContext();
var attr = new BasicAuthorizeAttribute();
attr.UserService = userService.Object;
attr.ConfigurationManager = configurationManager.Object;
attr.RequireSsl = false;
var request = new FakeRequest { SecureConnection = false, Local = false };
httpContext.Setup(h => h.Request).Returns(request);
httpContext.Setup(h => h.Response).Returns(new FakeResponse());
httpContext.SetupProperty(h => h.User);
request.Values["Authorization"] = "Basic: ";
filterContext.HttpContext = httpContext.Object;
attr.OnAuthorization(filterContext);
filterContext.Result.Should().BeOfType<HttpBasicUnauthorizedResult>();
}
public void WhenThereIsNoSSL_AndThereIsNoSecureConnection_AndTheRequestIsNotLocal_ThenTheResultIsHttpBasicUnauthorizedResult()
{
var filterContext = new AuthorizationContext();
var attr = new BasicAuthorizeAttribute();
httpContext.Setup(h => h.Request).Returns(new FakeRequest { SecureConnection = false, Local = false });
attr.RequireSsl = true;
filterContext.HttpContext = httpContext.Object;
attr.OnAuthorization(filterContext);
filterContext.Result.Should().BeOfType<HttpBasicUnauthorizedResult>();
}
public void GivenANullFilterContext_ThenAnExceptionIsThrown()
{
var attr = new BasicAuthorizeAttribute();
Action act = () => attr.OnAuthorization(null);
act.ShouldThrow<ArgumentNullException>();
}
public void WhenThereIsAPrinciple_ThenTheUserIsStoredInTheContext()
{
userService.Setup(u => u.GetRegisteredUser()).Returns(new User { Salt = "saltsalt", Name = "name", Password = "******" });
configurationManager.Setup(c => c.AppSetting("keyphrase")).Returns("key");
var filterContext = new AuthorizationContext();
var attr = new BasicAuthorizeAttribute();
attr.UserService = userService.Object;
attr.ConfigurationManager = configurationManager.Object;
attr.RequireSsl = false;
var request = new FakeRequest { SecureConnection = false, Local = false };
httpContext.Setup(h => h.Request).Returns(request);
httpContext.Setup(h => h.Response).Returns(new FakeResponse());
httpContext.SetupProperty(h => h.User);
request.Values["Authorization"] = "Basic: " + ToBase64("name", "password");
filterContext.HttpContext = httpContext.Object;
attr.OnAuthorization(filterContext);
filterContext.HttpContext.User.Should().BeOfType<GenericPrincipal>();
}