public void OnAuthorizationHooksCacheValidationIfUserAuthorized()
{
// Arrange
Mock <AuthorizeAttributeHelper> mockHelper = new Mock <AuthorizeAttributeHelper>()
{
CallBase = true
};
mockHelper.Setup(h => h.PublicAuthorizeCore(It.IsAny <HttpContextBase>())).Returns(true);
AuthorizeAttributeHelper helper = mockHelper.Object;
MethodInfo callbackMethod = typeof(AuthorizeAttribute).GetMethod("CacheValidateHandler", BindingFlags.Instance | BindingFlags.NonPublic);
Mock <AuthorizationContext> mockFilterContext = new Mock <AuthorizationContext>();
mockFilterContext.Setup(c => c.HttpContext.Response.Cache.SetProxyMaxAge(new TimeSpan(0))).Verifiable();
mockFilterContext.Setup(c => c.HttpContext.Items).Returns(new Hashtable());
mockFilterContext
.Setup(c => c.HttpContext.Response.Cache.AddValidationCallback(It.IsAny <HttpCacheValidateHandler>(), null /* data */))
.Callback(
delegate(HttpCacheValidateHandler handler, object data)
{
Assert.Equal(helper, handler.Target);
Assert.Equal(callbackMethod, handler.Method);
})
.Verifiable();
mockFilterContext.Setup(c => c.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)).Returns(false);
AuthorizationContext filterContext = mockFilterContext.Object;
// Act
helper.OnAuthorization(filterContext);
// Assert
mockFilterContext.Verify();
}
public void OnCacheAuthorizationReturnsIgnoreRequestIfUserIsUnauthorized()
{
// Arrange
Mock <AuthorizeAttributeHelper> mockHelper = new Mock <AuthorizeAttributeHelper>()
{
CallBase = true
};
mockHelper
.Setup(h => h.PublicAuthorizeCore(It.IsAny <HttpContextBase>()))
.Returns(false);
AuthorizeAttributeHelper helper = mockHelper.Object;
Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>();
mockHttpContext.Setup(c => c.User).Returns(new Mock <IPrincipal>().Object);
// Act
HttpValidationStatus validationStatus = helper.PublicOnCacheAuthorization(
mockHttpContext.Object
);
// Assert
Assert.Equal(HttpValidationStatus.IgnoreThisRequest, validationStatus);
}
public void OnAuthorizationReturnsWithNoResultIfAllowAnonymousAttributeIsDefinedOnController()
{
// Arrange
Mock <AuthorizeAttributeHelper> mockHelper = new Mock <AuthorizeAttributeHelper>()
{
CallBase = true
};
AuthorizeAttributeHelper helper = mockHelper.Object;
Mock <AuthorizationContext> mockFilterContext = new Mock <AuthorizationContext>();
mockFilterContext.Setup(c => c.HttpContext.Items).Returns(new Hashtable());
mockFilterContext
.Setup(
c =>
c.ActionDescriptor.ControllerDescriptor.IsDefined(
typeof(AllowAnonymousAttribute),
true
)
)
.Returns(true);
// Act
helper.OnAuthorization(mockFilterContext.Object);
// Assert
Assert.Null(mockFilterContext.Object.Result);
mockHelper.Verify(
h => h.PublicAuthorizeCore(It.IsAny <HttpContextBase>()),
Times.Never()
);
}
public void OnAuthorizationFailedSetsHttpUnauthorizedResultIfUserUnauthorized()
{
// Arrange
Mock <AuthorizeAttributeHelper> mockHelper = new Mock <AuthorizeAttributeHelper>()
{
CallBase = true
};
mockHelper
.Setup(h => h.PublicAuthorizeCore(It.IsAny <HttpContextBase>()))
.Returns(false);
AuthorizeAttributeHelper helper = mockHelper.Object;
AuthorizationContext filterContext =
new Mock <AuthorizationContext>()
{
DefaultValue = DefaultValue.Mock
}.Object;
// Act
helper.OnAuthorization(filterContext);
// Assert
Assert.IsType <HttpUnauthorizedResult>(filterContext.Result);
}
public void Init()
{
this._httpContext = Substitute.For <HttpContextBase>();
this._controllerContext = Substitute.For <ControllerContext>();
this._actionDescriptor = Substitute.For <ActionDescriptor>();
this._attribute = new AuthorizeAttributeHelper();
}
public void AuthorizeCoreThrowsIfHttpContextIsNull()
{
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper();
// Act & assert
Assert.ThrowsArgumentNull(
delegate { helper.PublicAuthorizeCore((HttpContextBase)null); }, "httpContext");
}
public void OnCacheAuthorizationThrowsIfHttpContextIsNull()
{
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper();
// Act & assert
Assert.ThrowsArgumentNull(
delegate { helper.PublicOnCacheAuthorization(null); }, "httpContext");
}
public void AuthorizeCoreReturnsFalseIfUserIsUnauthenticated() {
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper();
Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>();
mockHttpContext.Expect(c => c.User.Identity.IsAuthenticated).Returns(false);
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.IsFalse(retVal);
}
public void AuthorizeCoreReturnsTrueIfUserIsAuthenticatedAndNoNamesOrRolesSpecified() {
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper();
Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>();
mockHttpContext.Expect(c => c.User.Identity.IsAuthenticated).Returns(true);
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.IsTrue(retVal);
}
public void AuthorizeCoreReturnsFalseIfNameDoesNotMatch() {
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper() { Users = "SomeName" };
Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>();
mockHttpContext.Expect(c => c.User.Identity.IsAuthenticated).Returns(true);
mockHttpContext.Expect(c => c.User.Identity.Name).Returns("SomeOtherName");
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.IsFalse(retVal);
}
public void AuthorizeCoreReturnsTrueIfUserIsAuthenticatedAndNoNamesOrRolesSpecified()
{
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper();
Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>();
mockHttpContext.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.True(retVal);
}
public void AuthorizeCoreReturnsFalseIfUserIsUnauthenticated()
{
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper();
Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>();
mockHttpContext.Setup(c => c.User.Identity.IsAuthenticated).Returns(false);
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.False(retVal);
}
public void AuthorizeCoreReturnsFalseIfRoleDoesNotMatch() {
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper() { Roles = "SomeRole" };
Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>();
mockHttpContext.Expect(c => c.User.Identity.IsAuthenticated).Returns(true);
mockHttpContext.Expect(c => c.User.IsInRole("SomeRole")).Returns(false).Verifiable();
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.IsFalse(retVal);
mockHttpContext.Verify();
}
public void AuthorizeCoreReturnsTrueIfUserIsAuthenticatedAndNamesOrRolesSpecified() {
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper() { Users = "SomeUser, SomeOtherUser", Roles = "SomeRole, SomeOtherRole" };
Mock<HttpContextBase> mockHttpContext = new Mock<HttpContextBase>();
mockHttpContext.Expect(c => c.User.Identity.IsAuthenticated).Returns(true);
mockHttpContext.Expect(c => c.User.Identity.Name).Returns("SomeUser");
mockHttpContext.Expect(c => c.User.IsInRole("SomeRole")).Returns(false).Verifiable();
mockHttpContext.Expect(c => c.User.IsInRole("SomeOtherRole")).Returns(true).Verifiable();
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.IsTrue(retVal);
mockHttpContext.Verify();
}
public void AuthorizeCoreReturnsFalseIfNameDoesNotMatch()
{
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper()
{
Users = "SomeName"
};
Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>();
mockHttpContext.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mockHttpContext.Setup(c => c.User.Identity.Name).Returns("SomeOtherName");
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.False(retVal);
}
public void AuthorizeCoreReturnsFalseIfRoleDoesNotMatch()
{
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper()
{
Roles = "SomeRole"
};
Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>();
mockHttpContext.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mockHttpContext.Setup(c => c.User.IsInRole("SomeRole")).Returns(false).Verifiable();
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.False(retVal);
mockHttpContext.Verify();
}
public void OnCacheAuthorizationReturnsValidIfUserIsAuthorized()
{
// Arrange
Mock <AuthorizeAttributeHelper> mockHelper = new Mock <AuthorizeAttributeHelper>()
{
CallBase = true
};
mockHelper.Expect(h => h.PublicAuthorizeCore(It.IsAny <HttpContextBase>())).Returns(true);
AuthorizeAttributeHelper helper = mockHelper.Object;
Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>();
mockHttpContext.Expect(c => c.User).Returns(new Mock <IPrincipal>().Object);
// Act
HttpValidationStatus validationStatus = helper.PublicOnCacheAuthorization(mockHttpContext.Object);
// Assert
Assert.AreEqual(HttpValidationStatus.Valid, validationStatus);
}
public void OnAuthorizationCancelsRequestIfUserUnauthorized()
{
// Arrange
Mock <AuthorizeAttributeHelper> mockHelper = new Mock <AuthorizeAttributeHelper>()
{
CallBase = true
};
mockHelper.Expect(h => h.PublicAuthorizeCore(It.IsAny <HttpContextBase>())).Returns(false);
AuthorizeAttributeHelper helper = mockHelper.Object;
AuthorizationContext filterContext = new Mock <AuthorizationContext>()
{
DefaultValue = DefaultValue.Mock
}.Object;
// Act
helper.OnAuthorization(filterContext);
// Assert
Assert.IsInstanceOfType(filterContext.Result, typeof(HttpUnauthorizedResult));
}
public void AuthorizeCoreReturnsTrueIfUserIsAuthenticatedAndNamesOrRolesSpecified()
{
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper()
{
Users = "SomeUser, SomeOtherUser", Roles = "SomeRole, SomeOtherRole"
};
Mock <HttpContextBase> mockHttpContext = new Mock <HttpContextBase>();
mockHttpContext.Setup(c => c.User.Identity.IsAuthenticated).Returns(true);
mockHttpContext.Setup(c => c.User.Identity.Name).Returns("SomeUser");
mockHttpContext.Setup(c => c.User.IsInRole("SomeRole")).Returns(false).Verifiable();
mockHttpContext.Setup(c => c.User.IsInRole("SomeOtherRole")).Returns(true).Verifiable();
// Act
bool retVal = helper.PublicAuthorizeCore(mockHttpContext.Object);
// Assert
Assert.True(retVal);
mockHttpContext.Verify();
}
public void AuthorizeCoreThrowsIfHttpContextIsNull() {
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper();
// Act & assert
ExceptionHelper.ExpectArgumentNullException(
delegate {
helper.PublicAuthorizeCore((HttpContextBase)null);
}, "httpContext");
}
public void OnCacheAuthorizationThrowsIfHttpContextIsNull() {
// Arrange
AuthorizeAttributeHelper helper = new AuthorizeAttributeHelper();
// Act & assert
ExceptionHelper.ExpectArgumentNullException(
delegate {
helper.PublicOnCacheAuthorization(null);
}, "httpContext");
}
