public void OnProvidersExecuting_DefaultPolicyProvider_NoAuthorizationData_NoFilterCreated()
        {
            // Arrange
            var requirements = new IAuthorizationRequirement[]
            {
                new AssertionRequirement((con) => { return(true); })
            };
            var authorizationPolicy = new AuthorizationPolicy(requirements, new string[] { "dingos" });
            var authOptions         = Options.Create(new AuthorizationOptions());

            authOptions.Value.AddPolicy("Base", authorizationPolicy);
            var policyProvider = new DefaultAuthorizationPolicyProvider(authOptions);

            var provider = new AuthorizationApplicationModelProvider(policyProvider);
            var context  = CreateProviderContext(typeof(BaseController));

            // Act
            var action = GetBaseControllerActionModel(provider);

            // Assert
            var authorizationFilter = Assert.IsType <AuthorizeFilter>(Assert.Single(action.Filters));

            Assert.NotNull(authorizationFilter.Policy);
            Assert.Null(authorizationFilter.AuthorizeData);
            Assert.Null(authorizationFilter.PolicyProvider);
        }
        public void BuildActionModels_BaseAuthorizeFiltersAreStillValidWhenOverriden()
        {
            // Arrange
            var options = Options.Create(new AuthorizationOptions());

            options.Value.AddPolicy("Base", policy => policy.RequireClaim("Basic").RequireClaim("Basic2"));
            options.Value.AddPolicy("Derived", policy => policy.RequireClaim("Derived"));

            var provider = new AuthorizationApplicationModelProvider(new DefaultAuthorizationPolicyProvider(options));
            var context  = CreateProviderContext(typeof(DerivedController));

            // Act
            provider.OnProvidersExecuting(context);

            // Assert
            var controller = Assert.Single(context.Result.Controllers);
            var action     = Assert.Single(controller.Actions);

            Assert.Equal("Authorize", action.ActionName);

            var attributeRoutes = action.Selectors.Where(sm => sm.AttributeRouteModel != null);

            Assert.Empty(attributeRoutes);
            var authorizeFilters = action.Filters.OfType <AuthorizeFilter>();

            Assert.Single(authorizeFilters);

            Assert.NotNull(authorizeFilters.First().Policy);
            Assert.Equal(3, authorizeFilters.First().Policy.Requirements.Count()); // Basic + Basic2 + Derived authorize
        }
        public void OnProvidersExecuting_NonDefaultPolicyProvider_HasNoPolicy_HasPolicyProviderAndAuthorizeData()
        {
            // Arrange
            var requirements = new IAuthorizationRequirement[]
            {
                new AssertionRequirement((con) => { return(true); })
            };
            var authorizationPolicy             = new AuthorizationPolicy(requirements, new string[] { "dingos" });
            var authorizationPolicyProviderMock = new Mock <IAuthorizationPolicyProvider>();

            authorizationPolicyProviderMock
            .Setup(s => s.GetPolicyAsync(It.IsAny <string>()))
            .Returns(Task.FromResult(authorizationPolicy))
            .Verifiable();

            var provider = new AuthorizationApplicationModelProvider(authorizationPolicyProviderMock.Object);

            // Act
            var action = GetBaseControllerActionModel(provider);

            // Assert
            var actionFilter = Assert.IsType <AuthorizeFilter>(Assert.Single(action.Filters));

            Assert.Null(actionFilter.Policy);
            Assert.NotNull(actionFilter.AuthorizeData);
            Assert.NotNull(actionFilter.PolicyProvider);
        }
        public void OnProvidersExecuting(PageApplicationModelProviderContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            if (_mvcOptions.EnableEndpointRouting)
            {
                // When using endpoint routing, the AuthorizationMiddleware does the work that Auth filters would otherwise perform.
                // Consequently we do not need to convert authorization attributes to filters.
                return;
            }

            var pageModel     = context.PageApplicationModel;
            var authorizeData = pageModel.HandlerTypeAttributes.OfType <IAuthorizeData>().ToArray();

            if (authorizeData.Length > 0)
            {
                pageModel.Filters.Add(AuthorizationApplicationModelProvider.GetFilter(_policyProvider, authorizeData));
            }
            foreach (var attribute in pageModel.HandlerTypeAttributes.OfType <IAllowAnonymous>())
            {
                pageModel.Filters.Add(new AllowAnonymousFilter());
            }
        }
        private ActionModel GetBaseControllerActionModel(AuthorizationApplicationModelProvider authorizationApplicationModelProvider)
        {
            var context = CreateProviderContext(typeof(BaseController));

            authorizationApplicationModelProvider.OnProvidersExecuting(context);

            var controller = Assert.Single(context.Result.Controllers);

            Assert.Empty(controller.Filters);
            var action = Assert.Single(controller.Actions);

            return(action);
        }
        public void CreateControllerModel_AuthorizeAttributeAddsAuthorizeFilter()
        {
            // Arrange
            var provider       = new AuthorizationApplicationModelProvider(new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions())));
            var controllerType = typeof(AccountController);
            var context        = CreateProviderContext(controllerType);

            // Act
            provider.OnProvidersExecuting(context);

            // Assert
            var controller = Assert.Single(context.Result.Controllers);

            Assert.Single(controller.Filters, f => f is AuthorizeFilter);
        }
        public void CreateControllerModelAndActionModel_AllowAnonymousAttributeAddsAllowAnonymousFilter()
        {
            // Arrange
            var provider = new AuthorizationApplicationModelProvider(new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions())));
            var context  = CreateProviderContext(typeof(AnonymousController));

            // Act
            provider.OnProvidersExecuting(context);

            // Assert
            var controller = Assert.Single(context.Result.Controllers);

            Assert.Single(controller.Filters, f => f is AllowAnonymousFilter);
            var action = Assert.Single(controller.Actions);

            Assert.Single(action.Filters, f => f is AllowAnonymousFilter);
        }
        public void OnProvidersExecuting_AllowAnonymousAttribute_DoesNothing_WhenEnableRoutingIsEnabled()
        {
            // Arrange
            var provider = new AuthorizationApplicationModelProvider(
                new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions())),
                Options.Create(new MvcOptions()));
            var controllerType = typeof(AnonymousController);
            var context        = CreateProviderContext(controllerType);

            // Act
            provider.OnProvidersExecuting(context);

            // Assert
            var controller = Assert.Single(context.Result.Controllers);

            Assert.Empty(controller.Filters);
        }
        public void CreateControllerModelAndActionModel_NoAuthNoFilter()
        {
            // Arrange
            var provider = new AuthorizationApplicationModelProvider(
                new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions())),
                OptionsWithoutEndpointRouting);
            var context = CreateProviderContext(typeof(NoAuthController));

            // Act
            provider.OnProvidersExecuting(context);

            // Assert
            var controller = Assert.Single(context.Result.Controllers);

            Assert.Empty(controller.Filters);
            var action = Assert.Single(controller.Actions);

            Assert.Empty(action.Filters);
        }
        public void OnProvidersExecuting(PageApplicationModelProviderContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            var pageModel     = context.PageApplicationModel;
            var authorizeData = pageModel.HandlerTypeAttributes.OfType <IAuthorizeData>().ToArray();

            if (authorizeData.Length > 0)
            {
                pageModel.Filters.Add(AuthorizationApplicationModelProvider.GetFilter(_policyProvider, authorizeData));
            }
            foreach (var attribute in pageModel.HandlerTypeAttributes.OfType <IAllowAnonymous>())
            {
                pageModel.Filters.Add(new AllowAnonymousFilter());
            }
        }