public void ReturnsDetailedConfirmationIfPendingOwnerPropagatesPolicy()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <IAppConfiguration>().Setup(c => c.GalleryOwner).Returns(new MailAddress("*****@*****.**"));
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
fakes.ShaUser.SecurityPolicies = (new RequireSecurePushForCoOwnersPolicy().Policies).ToList();
var pendingOwner = new PackageOwnerRequest()
{
PackageRegistrationKey = fakes.Package.Key,
NewOwner = fakes.ShaUser
};
GetMock <IEntityRepository <PackageOwnerRequest> >()
.Setup(r => r.GetAll())
.Returns((new [] { pendingOwner }).AsQueryable());
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.True(data.success);
Assert.StartsWith(
"Pending owner(s) 'testShaUser' has (have) the following requirements that will be enforced for all co-owners, including 'testUser', once ownership requests are accepted:",
data.policyMessage);
}
public void WhenNoAdminRoleClaim_ReturnsFalse()
{
var user = new User("admin");
var principal = Fakes.ToPrincipal(user);
Assert.False(PrincipalExtensions.IsAdministrator(principal));
}
public void DoesNotReturnConfirmationIfPendingOwnerPropagatesButNewOwnerIsSubscribed()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <IAppConfiguration>().Setup(c => c.GalleryOwner).Returns(new MailAddress("*****@*****.**"));
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
GetMock <ISecurityPolicyService>().Setup(s => s.IsSubscribed(fakes.User, SecurePushSubscription.Name)).Returns(true);
fakes.ShaUser.SecurityPolicies = (new RequireSecurePushForCoOwnersPolicy().Policies).ToList();
var pendingOwner = new PackageOwnerRequest()
{
PackageRegistrationKey = fakes.Package.Key,
NewOwner = fakes.ShaUser
};
GetMock <IEntityRepository <PackageOwnerRequest> >()
.Setup(r => r.GetAll())
.Returns((new[] { pendingOwner }).AsQueryable());
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.True(data.success);
Assert.StartsWith("Please confirm if you would like to proceed adding 'testUser' as a co-owner of this package.",
data.confirmation);
}
public void ReturnsDetailedConfirmationIfPendingOwnerPropagatesPolicy()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
fakes.ShaUser.SecurityPolicies = (new RequireSecurePushForCoOwnersPolicy().Policies).ToList();
var pendingOwner = new PackageOwnerRequest()
{
PackageRegistration = fakes.Package,
PackageRegistrationKey = fakes.Package.Key,
NewOwner = fakes.ShaUser,
NewOwnerKey = fakes.ShaUser.Key
};
GetMock <IPackageOwnerRequestService>()
.Setup(p => p.GetPackageOwnershipRequests(fakes.Package, null, null))
.Returns((new [] { pendingOwner }));
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.True(data.success);
Assert.StartsWith(
"Pending owner(s) 'testShaUser' has (have) the following requirements that will be enforced for all co-owners, including 'testUser', once ownership requests are accepted:",
data.policyMessage);
}
public void WhenAdminRoleClaim_ReturnsTrue()
{
var user = new User("admin")
{
Roles = new [] { new Role {
Key = 1, Name = "Admins"
} }
};
var principal = Fakes.ToPrincipal(user);
Assert.True(PrincipalExtensions.IsAdministrator(principal));
}
private async Task <string> GetSendPackageOwnerRequestPolicyMessage(Fakes fakes, User userToSubscribe)
{
// Arrange
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
userToSubscribe.SecurityPolicies = (new RequireSecurePushForCoOwnersPolicy().Policies).ToList();
var packageOwnerRequestServiceMock = GetMock <IPackageOwnerRequestService>();
packageOwnerRequestServiceMock
.Setup(p => p.AddPackageOwnershipRequest(fakes.Package, fakes.Owner, fakes.User))
.Returns(Task.FromResult(
new PackageOwnerRequest
{
PackageRegistration = fakes.Package,
RequestingOwner = fakes.Owner,
NewOwner = fakes.User,
ConfirmationCode = "confirmation-code"
}))
.Verifiable();
string actualMessage = string.Empty;
GetMock <IMessageService>()
.Setup(m => m.SendPackageOwnerRequest(
fakes.Owner,
fakes.User,
fakes.Package,
TestUtility.GallerySiteRootHttps + "packages/FakePackage/",
TestUtility.GallerySiteRootHttps + "packages/FakePackage/owners/testUser/confirm/confirmation-code",
TestUtility.GallerySiteRootHttps + "packages/FakePackage/owners/testUser/reject/confirmation-code",
string.Empty,
It.IsAny <string>()))
.Callback <User, User, PackageRegistration, string, string, string, string, string>(
(from, to, pkg, pkgUrl, cnfUrl, rjUrl, msg, policyMsg) => actualMessage = policyMsg);
// Act
JsonResult result = await controller.AddPackageOwner(fakes.Package.Id, fakes.User.Username, string.Empty);
dynamic data = result.Data;
// Assert
Assert.True(data.success);
Assert.False(String.IsNullOrEmpty(actualMessage));
return(actualMessage);
}
private HttpContextBase CreateHttpContext(User user)
{
var httpContext = new Mock <HttpContextBase>();
httpContext.SetupGet(c => c.Items).Returns(new Dictionary <object, object> {
{ "owin.Environment", new Dictionary <string, object>() }
});
var owinContext = httpContext.Object.GetOwinContext();
owinContext.Environment[Constants.CurrentUserOwinEnvironmentKey] = user;
owinContext.Request.User = Fakes.ToPrincipal(user);
return(httpContext.Object);
}
public async Task CreatesPackageOwnerRequestSendsEmailAndReturnsPendingState()
{
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
var httpContextMock = GetMock <HttpContextBase>();
httpContextMock
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner))
.Verifiable();
var packageOwnerRequestServiceMock = GetMock <IPackageOwnerRequestService>();
packageOwnerRequestServiceMock
.Setup(p => p.AddPackageOwnershipRequest(fakes.Package, fakes.Owner, fakes.User))
.Returns(Task.FromResult(new PackageOwnerRequest {
ConfirmationCode = "confirmation-code"
}))
.Verifiable();
var messageServiceMock = GetMock <IMessageService>();
messageServiceMock
.Setup(m => m.SendPackageOwnerRequest(
fakes.Owner,
fakes.User,
fakes.Package,
TestUtility.GallerySiteRootHttps + "packages/FakePackage/",
TestUtility.GallerySiteRootHttps + "packages/FakePackage/owners/testUser/confirm/confirmation-code",
TestUtility.GallerySiteRootHttps + "packages/FakePackage/owners/testUser/reject/confirmation-code",
"Hello World! Html Encoded <3",
""))
.Verifiable();
JsonResult result = await controller.AddPackageOwner(fakes.Package.Id, fakes.User.Username, "Hello World! Html Encoded <3");
dynamic data = result.Data;
Assert.True(data.success);
Assert.Equal(fakes.User.Username, data.name);
Assert.True(data.pending);
httpContextMock.Verify();
packageOwnerRequestServiceMock.Verify();
messageServiceMock.Verify();
}
public async Task ReturnsFailureWhenRequestedNewOwnerDoesNotExist()
{
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
JsonResult result = await controller.AddPackageOwner(fakes.Package.Id, "notARealUser", "message");
dynamic data = result.Data;
Assert.False(data.success);
Assert.Equal("Owner not found.", data.message);
}
public void ReturnsDefaultConfirmationIfNoPolicyPropagation()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.True(data.success);
Assert.Equal("Please confirm if you would like to proceed adding 'testUser' as a co-owner of this package.", data.confirmation);
}
public void ReturnsFailureIfOwnerIsNotRealUser()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, "nonUser");
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.False(data.success);
Assert.Equal("Owner not found.", data.message);
}
public async Task CreatesPackageOwnerRequestSendsEmailAndReturnsPendingState()
{
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
var httpContextMock = GetMock <HttpContextBase>();
httpContextMock
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner))
.Verifiable();
var packageServiceMock = GetMock <IPackageService>();
packageServiceMock
.Setup(p => p.CreatePackageOwnerRequestAsync(fakes.Package, fakes.Owner, fakes.User))
.Returns(Task.FromResult(new PackageOwnerRequest {
ConfirmationCode = "confirmation-code"
}))
.Verifiable();
var messageServiceMock = GetMock <IMessageService>();
messageServiceMock
.Setup(m => m.SendPackageOwnerRequest(
fakes.Owner,
fakes.User,
fakes.Package,
"https://nuget.local/packages/FakePackage/owners/testUser/confirm/confirmation-code"))
.Verifiable();
JsonResult result = await controller.AddPackageOwner(fakes.Package.Id, fakes.User.Username);
dynamic data = result.Data;
Assert.True(data.success);
Assert.Equal(fakes.User.Username, data.name);
Assert.True(data.pending);
httpContextMock.Verify();
packageServiceMock.Verify();
messageServiceMock.Verify();
}
public void ReturnsFailureIfNewOwnerIsNotConfirmed()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
fakes.User.UnconfirmedEmailAddress = fakes.Owner.EmailAddress;
fakes.User.EmailAddress = null;
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.False(data.success);
Assert.Equal("Sorry, 'testUser' hasn't verified their email account yet and we cannot proceed with the request.", data.message);
}
public void DoesNotReturnConfirmationIfCurrentOwnerPropagatesButNewOwnerIsSubscribed()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
GetMock <ISecurityPolicyService>().Setup(s => s.IsSubscribed(fakes.User, SecurePushSubscription.Name)).Returns(true);
fakes.Owner.SecurityPolicies = (new RequireSecurePushForCoOwnersPolicy().Policies).ToList();
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.True(data.success);
Assert.StartsWith("Please confirm if you would like to proceed adding 'testUser' as a co-owner of this package.",
data.confirmation);
}
public void ReturnsDetailedConfirmationIfCurrentOwnerPropagatesPolicy()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
fakes.Owner.SecurityPolicies = (new RequireSecurePushForCoOwnersPolicy().Policies).ToList();
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.True(data.success);
Assert.StartsWith(
"Owner(s) 'testPackageOwner' has (have) the following requirements that will be enforced for user 'testUser' once the user accepts ownership of this package:",
data.policyMessage);
}
public void ReturnsFailureIfCurrentUserNotFound()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
GetMock <IUserService>()
.Setup(s => s.FindByUsername(fakes.Owner.Username))
.ReturnsNull();
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.False(data.success);
Assert.Equal("Current user not found.", data.message);
}
public void WhenClaimNotFound_ReturnsNull()
{
var principal = Fakes.ToPrincipal(new User("user"));
Assert.Null(principal.GetClaimOrDefault("noSuchClaim"));
}
public void WhenClaimFound_ReturnsClaim()
{
var principal = Fakes.ToPrincipal(new User("user"));
Assert.Equal("user", principal.GetClaimOrDefault(ClaimsIdentity.DefaultNameClaimType));
}
public void ReturnsAuthenticationType()
{
var principal = Fakes.ToPrincipal(new User("user"));
Assert.Equal("Test", principal.Identity.AuthenticationType);
}
