public void OnAuthorize_Should_Set_Response_When_User_Is_Not_Authenticated()
{
var attribute = new ClaimAuthorizeAttribute {
ClaimValue = "create.test"
};
var claimsIdentity = new ClaimsIdentity(new[]
{
new Claim("app.permission", "list.test")
});
var controllerContext = new HttpControllerContext
{
Request = new HttpRequestMessage(),
RequestContext = new HttpRequestContext {
Principal = new ClaimsPrincipal(claimsIdentity)
}
};
controllerContext.Request.Properties.Add(HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration());
var actionContext = new HttpActionContext(controllerContext, new Mock <HttpActionDescriptor> {
CallBase = true
}.Object);
attribute.OnAuthorization(actionContext);
actionContext.Response.Should().NotBeNull();
actionContext.Response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
public void OnAuthorize_Should_Set_Response_When_Claim_Does_Not_Exist()
{
var attribute = new ClaimAuthorizeAttribute {
ClaimValue = "create.test"
};
var claimsIdentity = new ClaimsIdentity(new[] { new Claim("app.permission", "list.test") }, "Password");
var controllerContext = new HttpControllerContext
{
Request = new HttpRequestMessage(),
RequestContext =
new HttpRequestContext
{
Principal =
new ClaimsPrincipal(
claimsIdentity)
}
};
var actionContext = new HttpActionContext(
controllerContext,
new Mock <HttpActionDescriptor> {
CallBase = true
}.Object);
attribute.OnAuthorization(actionContext);
actionContext.Response.Should().NotBeNull();
actionContext.Response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
}
