public void Can_update_admin_ip_regulation() { /*** Arrange ***/ var ipAddress = TestDataGenerator.GetRandomIpAddress(); var adminIpRegulation = new AddBackendIpRegulationData { IpAddress = ipAddress }; _backendService.CreateIpRegulation(adminIpRegulation); var regulation = _backendService.GetIpRegulations().SingleOrDefault(ip => ip.IpAddress == ipAddress); var editIpAddress = TestDataGenerator.GetRandomIpAddress(); var editDescription = TestDataGenerator.GetRandomString(20); regulation.IpAddress = editIpAddress; regulation.Description = editDescription; var updateRegulationData = Mapper.DynamicMap <EditBackendIpRegulationData>(regulation); /*** Act ***/ _backendService.UpdateIpRegulation(updateRegulationData); /*** Assert ***/ var updatedRegulation = _backendService.GetIpRegulations().SingleOrDefault(ip => ip.IpAddress == editIpAddress); Assert.IsNotNull(updatedRegulation); Assert.AreEqual(updatedRegulation.IpAddress, editIpAddress); Assert.AreEqual(updatedRegulation.Description, editDescription); }
public void WhenNewAdminIpRegulationIsCreated() { var ipAddress = TestDataGenerator.GetRandomIpAddress(); var data = new AddBackendIpRegulationData { IpAddress = ipAddress }; var adminIpRegulation = BackendIpRegulationService.CreateIpRegulation(data); ScenarioContext.Current.Add("adminIpRegulationId", adminIpRegulation.Id); }
public void Cannot_update_admin_ip_regulation_without_permissions() { /*** Arrange ***/ // Create role and user that has permission to update IP regulation var sufficientPermissions = new List <PermissionData> { SecurityTestHelper.GetPermission(Permissions.Update, Modules.BackendIpRegulationManager) }; var roleWithPermission = SecurityTestHelper.CreateRole(permissions: sufficientPermissions); var userWithPermission = SecurityTestHelper.CreateAdmin(roleId: roleWithPermission.Id); // Create role and user that has permission only to view IP regulations not to update ones var insufficientPermissions = new List <PermissionData> { SecurityTestHelper.GetPermission(Permissions.View, Modules.BackendIpRegulationManager) }; var roleWithoutPermission = SecurityTestHelper.CreateRole(permissions: insufficientPermissions); var userWithoutPermission = SecurityTestHelper.CreateAdmin(roleId: roleWithoutPermission.Id); var ipAddress = TestDataGenerator.GetRandomIpAddress(); var adminIpRegulation = new AddBackendIpRegulationData { IpAddress = ipAddress }; _backendService.CreateIpRegulation(adminIpRegulation); var regulation = _backendService.GetIpRegulations().SingleOrDefault(ip => ip.IpAddress == ipAddress); var editIpAddress = TestDataGenerator.GetRandomIpAddress(); var editDescription = TestDataGenerator.GetRandomString(20); regulation.IpAddress = editIpAddress; regulation.Description = editDescription; var updateRegulationData = Mapper.DynamicMap <EditBackendIpRegulationData>(regulation); /*** Act ***/ // Signin user that has sufficient permissions to update backend IP regulation SecurityTestHelper.SignInAdmin(userWithPermission); // Check that method UpdateIpRegulation doesn't throw InsufficientPermissionsException Assert.DoesNotThrow( () => _backendService.UpdateIpRegulation(updateRegulationData)); // Signin user that has insufficient permissions to update backend IP regulation SecurityTestHelper.SignInAdmin(userWithoutPermission); // Check that method UpdateIpRegulation throws InsufficientPermissionsException Assert.Throws <InsufficientPermissionsException>( () => _backendService.UpdateIpRegulation(updateRegulationData)); }
public AdminIpRegulation CreateIpRegulation(AddBackendIpRegulationData data) { var regulation = Mapper.DynamicMap <AdminIpRegulation>(data); using (var scope = CustomTransactionScope.GetTransactionScope()) { regulation.CreatedBy = Repository.Admins.SingleOrDefault(u => u.Id == ActorInfoProvider.Actor.Id); regulation.CreatedDate = DateTime.Now; regulation.Id = Guid.NewGuid(); Repository.AdminIpRegulations.Add(regulation); Repository.SaveChanges(); _eventBus.Publish(new AdminIpRegulationCreated(regulation)); scope.Complete(); } return(regulation); }
public void Cannot_access_admin_website_for_single_ip_address_specified_in_ipv4_format() { // *** Arrange *** var ipAddressv4 = TestDataGenerator.GetRandomIpAddress(IpVersion.Ipv4); var adminIpRegulation = new AddBackendIpRegulationData { IpAddress = ipAddressv4 }; _backendService.CreateIpRegulation(adminIpRegulation); // *** Act *** var isIpAddressAllowed = _backendService.VerifyIpAddress(ipAddressv4); // *** Assert *** Assert.True(isIpAddressAllowed); }
public void Can_create_admin_ip_regulation() { /*** Arrange ***/ var ipAddress = TestDataGenerator.GetRandomIpAddress(); var adminIpRegulation = new AddBackendIpRegulationData { IpAddress = ipAddress }; /*** Act ***/ _backendService.CreateIpRegulation(adminIpRegulation); /*** Assert ***/ var regulation = _backendService.GetIpRegulations().SingleOrDefault(ip => ip.IpAddress == ipAddress); Assert.IsNotNull(regulation); }
public void Cannot_access_admin_website_with_ip_address_specified_in_ipv6_format() { // *** Arrange *** var ipAddressv6 = TestDataGenerator.GetRandomIpAddress(IpVersion.Ipv6); var adminIpRegulationData = new AddBackendIpRegulationData { IpAddress = ipAddressv6 }; _backendService.CreateIpRegulation(adminIpRegulationData); var ipAddressNotInWhiteList = TestDataGenerator.GetRandomIpAddress(IpVersion.Ipv6); // *** Act *** var isIpAddressBlocked = _backendService.VerifyIpAddress(ipAddressNotInWhiteList); // *** Assert *** Assert.True(isIpAddressBlocked); }
public void Can_verify_ip_address_range_lower_and_upper_bounds_for_admin_website() { // *** Arrange *** const string ipAddressRange = "192.168.5.10-20"; var adminIpRegulation = new AddBackendIpRegulationData { IpAddress = ipAddressRange }; _backendService.CreateIpRegulation(adminIpRegulation); // *** Act *** var isLowerBoundAllowed = _backendService.VerifyIpAddress("192.168.5.10"); var isUpperBoundAllowed = _backendService.VerifyIpAddress("192.168.5.20"); // *** Assert *** Assert.True(isLowerBoundAllowed); Assert.True(isUpperBoundAllowed); }
public void Cannot_create_admin_ip_regulation_without_permissions() { /*** Arrange ***/ // Create role and user that has permission to create new IP regulation var sufficientPermissions = new List <PermissionData> { SecurityTestHelper.GetPermission(Permissions.Create, Modules.BackendIpRegulationManager) }; var roleWithPermission = SecurityTestHelper.CreateRole(permissions: sufficientPermissions); var userWithPermission = SecurityTestHelper.CreateAdmin(roleId: roleWithPermission.Id); // Create role and user that has permission only to view IP regulations not to create ones var insufficientPermissions = new List <PermissionData> { SecurityTestHelper.GetPermission(Permissions.View, Modules.BackendIpRegulationManager) }; var roleWithoutPermission = SecurityTestHelper.CreateRole(permissions: insufficientPermissions); var userWithoutPermission = SecurityTestHelper.CreateAdmin(roleId: roleWithoutPermission.Id); var ipAddress = TestDataGenerator.GetRandomIpAddress(); var adminIpRegulation = new AddBackendIpRegulationData { IpAddress = ipAddress }; /*** Act ***/ // Signin user that has sufficient permissions to create new backend IP regulation SecurityTestHelper.SignInAdmin(userWithPermission); // Check that method CreateIpRegulation doesn't throw InsufficientPermissionsException Assert.DoesNotThrow( () => _backendService.CreateIpRegulation(adminIpRegulation)); // Signin user that has insufficient permissions to create new backend IP regulation SecurityTestHelper.SignInAdmin(userWithoutPermission); // Check that method CreateIpRegulation throws InsufficientPermissionsException Assert.Throws <InsufficientPermissionsException>( () => _backendService.CreateIpRegulation(adminIpRegulation)); }
public void Allow_access_to_admin_website_for_ip_address_ranges_specified_with_dashes() { // *** Arrange *** var ipAddressRangeWithDash = TestDataGenerator.GetRandomIpAddressV4Range(IpAddressRangeSeparators.Dash); var adminIpRegulation = new AddBackendIpRegulationData { IpAddress = ipAddressRangeWithDash }; _backendService.CreateIpRegulation(adminIpRegulation); // Expand ip address range into list of ip addresses, e.g. 192.168.5.10/12 is expanded into [192.168.5.10, 192.168.5.11] var expandedIpAddressRange = IpRegulationRangeHelper.ExpandIpAddressRange(ipAddressRangeWithDash).ToList(); // *** Act *** var isIpAddressRangeAllowed = expandedIpAddressRange.Select(address => _backendService.VerifyIpAddress(address)) .Aggregate(true, (current, result) => current && result); // *** Assert *** Assert.True(isIpAddressRangeAllowed); }
public void Can_verify_unique_ip_address_v6_for_admin_website() { // *** Arrange *** const string ipAddressRange = "1111::6666:7777:8888/32"; var adminIpRegulation = new AddBackendIpRegulationData { IpAddress = ipAddressRange }; _backendService.CreateIpRegulation(adminIpRegulation); // *** Act *** var isIpAddressWithinRegulationRange = _backendService.IsIpAddressUnique("1111:0000:0000:0000:0000:6666:7777:9999"); var isIpAddressOutOfRegulationRange = _backendService.IsIpAddressUnique("1111:0000:0000:0000:0000:6666:7777:7777"); var isIpAddressRangeIntersectRegulationRange = _backendService.IsIpAddressUnique("1111::6666:7777:8888/24"); var isIpAddressRangeDontIntersectRegulationRange = _backendService.IsIpAddressUnique("1111::6666:7777:1111/128"); // *** Assert *** Assert.False(isIpAddressWithinRegulationRange); Assert.True(isIpAddressOutOfRegulationRange); Assert.False(isIpAddressRangeIntersectRegulationRange); Assert.True(isIpAddressRangeDontIntersectRegulationRange); }
public void Can_verify_unique_ip_address_v4_for_admin_website() { // *** Arrange *** const string ipAddressRange = "192.168.5.10-20"; var adminIpRegulation = new AddBackendIpRegulationData { IpAddress = ipAddressRange }; _backendService.CreateIpRegulation(adminIpRegulation); // *** Act *** var isIpAddressWithinRegulationRange = _backendService.IsIpAddressUnique("192.168.5.15"); var isIpAddressOutOfRegulationRange = _backendService.IsIpAddressUnique("192.168.5.52"); var isIpAddressRangeIntersectRegulationRange = _backendService.IsIpAddressUnique("192.168.5.15-25"); var isIpAddressRangeDontIntersectRegulationRange = _backendService.IsIpAddressUnique("192.168.5.25-30"); // *** Assert *** Assert.False(isIpAddressWithinRegulationRange); Assert.True(isIpAddressOutOfRegulationRange); Assert.False(isIpAddressRangeIntersectRegulationRange); Assert.True(isIpAddressRangeDontIntersectRegulationRange); }