public void ShouldAllowAccessIfTokenIsValidAndDataMatchesRecords() { var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtToken()); var apiName = _faker.Random.Word(); var consumerName = _faker.Random.Word(); _mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse()); _mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName); var tokenData = new AuthTokenServiceFlow { ApiEndpointName = request.ApiEndpointName, ApiName = apiName, HttpMethodType = request.HttpMethodType, Environment = request.Environment, ConsumerName = consumerName, Enabled = true, ExpirationDate = null }; _mockDatabaseGateway.Setup(x => x.GetTokenData(It.IsAny <int>())).Returns(tokenData); var result = _classUnderTest.ExecuteServiceAuth(request); result.Allow.Should().BeTrue(); result.User.Should().Be(consumerName + tokenData.Id); }
public void FunctionShouldReturnAPIGatewayCustomAuthorizerPolicyWithAllowEffectWhenTokenIsValid() { _serviceProvider .Setup(x => x.GetService(typeof(IVerifyAccessUseCase))) .Returns(new VerifyAccessUseCase(_mockDatabaseGateway.Object, _mockAwsApiGateway.Object, _mockAwsStsGateway.Object, _mockDynamoDbGateway.Object)); var lambdaRequest = _fixture.Build <APIGatewayCustomAuthorizerRequest>().Create(); lambdaRequest.Headers["Authorization"] = _jwtServiceFlow; var apiName = _fixture.Create <string>(); var consumerName = _fixture.Create <string>(); var tokenData = new AuthTokenServiceFlow { ApiEndpointName = lambdaRequest.RequestContext.Path, ApiName = apiName, Environment = lambdaRequest.RequestContext.Stage, HttpMethodType = lambdaRequest.RequestContext.HttpMethod, ConsumerName = consumerName, Enabled = true, ExpirationDate = null }; _mockDatabaseGateway.Setup(x => x.GetTokenData(It.IsAny <int>())).Returns(tokenData); _mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName); _mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse()); var result = _classUnderTest.VerifyToken(lambdaRequest); result.Should().BeOfType <APIGatewayCustomAuthorizerResponse>(); result.PolicyDocument.Statement.First().Effect.Should().Be("Allow"); result.PrincipalID.Should().Be(consumerName + tokenData.Id); }
public void Setup() { _entity = new AuthTokenServiceFlow(); }
public static bool ShouldHaveAccessServiceFlow(AuthorizerRequest authorizerRequest, AuthTokenServiceFlow tokenData, string apiName) { //Check that the token is enabled or that the expiration date is valid if (!tokenData.Enabled || (tokenData.ExpirationDate != null && tokenData.ExpirationDate < DateTime.Now) || tokenData.ApiName != apiName || tokenData.HttpMethodType != authorizerRequest.HttpMethodType || tokenData.Environment != authorizerRequest.Environment || !authorizerRequest.ApiEndpointName.Contains(tokenData.ApiEndpointName, StringComparison.InvariantCulture)) { LambdaLogger.Log($"Token with id {tokenData.Id} denying access for {tokenData.ApiName} with endpoint {tokenData.ApiEndpointName}" + $" in {tokenData.Environment} stage does not have access to {apiName} with endpoint {authorizerRequest.ApiEndpointName} " + $"for {authorizerRequest.Environment} stage { tokenData.Enabled }"); return(false); } LambdaLogger.Log($"Token with id {tokenData.Id} allowing access for {tokenData.ApiName} with endpoint {tokenData.ApiEndpointName}" + $" in {tokenData.Environment} stage has access to {apiName} with endpoint {authorizerRequest.ApiEndpointName} " + $"for {authorizerRequest.Environment} stage { tokenData.Enabled }"); return(true); }