public async Task SharedUserNotificationAccess()
{
// Setup.
var notification = NotificationApplicationFactory.Create(Guid.NewGuid(), NotificationType.Recovery,
UKCompetentAuthority.England, 20181);
var aspnetInternalUser = UserFactory.Create(Guid.NewGuid(), "Internal", "Internal Last", "12345",
"*****@*****.**");
var aspnetSharedUser = UserFactory.Create(Guid.NewGuid(), "External", "Shared", "12345",
"*****@*****.**");
var localArea = new LocalArea(Guid.NewGuid(), "Test Area", (int)UKCompetentAuthority.England);
context.NotificationApplications.Add(notification);
context.Users.Add(aspnetInternalUser);
context.Users.Add(aspnetSharedUser);
context.LocalAreas.Add(localArea);
await context.SaveChangesAsync();
var internalUser = new InternalUser(aspnetInternalUser.Id, "test", UKCompetentAuthority.England,
localArea.Id);
var sharedUser = new SharedUser(notification.Id, aspnetSharedUser.Id, DateTimeOffset.Now);
context.InternalUsers.Add(internalUser);
context.SharedUser.Add(sharedUser);
await context.SaveChangesAsync();
// Set the shared user to be the user context.
A.CallTo(() => userContext.UserId).Returns(Guid.Parse(sharedUser.UserId));
var authorization = new NotificationApplicationAuthorization(context, userContext);
// Assert.
// There's no assertion for 'does not throw exception' so just executing it as normal.
await authorization.EnsureAccessAsync(notification.Id);
// Clear data.
context.DeleteOnCommit(internalUser);
context.DeleteOnCommit(sharedUser);
await context.SaveChangesAsync();
context.Entry(aspnetInternalUser).State = EntityState.Deleted;
context.Entry(aspnetSharedUser).State = EntityState.Deleted;
context.Entry(localArea).State = EntityState.Deleted;
await context.SaveChangesAsync();
context.DeleteOnCommit(notification);
await context.SaveChangesAsync();
}
public async Task RandomExternalUserAccessThrowsException()
{
// Setup.
var notification = NotificationApplicationFactory.Create(Guid.NewGuid(), NotificationType.Recovery,
UKCompetentAuthority.England, 20181);
var aspnetInternalUser = UserFactory.Create(Guid.NewGuid(), "Internal", "Internal Last", "12345",
"*****@*****.**");
var aspnetSharedUser = UserFactory.Create(Guid.NewGuid(), "External", "Shared", "12345",
"*****@*****.**");
var localArea = new LocalArea(Guid.NewGuid(), "Test Area", (int)UKCompetentAuthority.England);
context.NotificationApplications.Add(notification);
context.Users.Add(aspnetInternalUser);
context.Users.Add(aspnetSharedUser);
context.LocalAreas.Add(localArea);
await context.SaveChangesAsync();
var internalUser = new InternalUser(aspnetInternalUser.Id, "test", UKCompetentAuthority.England,
localArea.Id);
//Shared user is different to the user context.
var sharedUser = new SharedUser(notification.Id, aspnetSharedUser.Id, DateTimeOffset.Now);
context.SharedUser.Add(sharedUser);
await context.SaveChangesAsync();
context.InternalUsers.Add(internalUser);
await context.SaveChangesAsync();
var authorization = new NotificationApplicationAuthorization(context, userContext);
// Assert.
await Assert.ThrowsAsync <SecurityException>(() => authorization.EnsureAccessAsync(notification.Id));
// Clear data.
context.DeleteOnCommit(internalUser);
context.DeleteOnCommit(sharedUser);
await context.SaveChangesAsync();
context.Entry(aspnetInternalUser).State = EntityState.Deleted;
context.Entry(aspnetSharedUser).State = EntityState.Deleted;
context.Entry(localArea).State = EntityState.Deleted;
await context.SaveChangesAsync();
context.DeleteOnCommit(notification);
await context.SaveChangesAsync();
}
public async Task InternalUserDifferentCompetentAuthorityAccessThrowsException()
{
// Setup.
var notification = NotificationApplicationFactory.Create(Guid.NewGuid(), NotificationType.Recovery,
UKCompetentAuthority.England, 20181);
var aspnetInternalUser = UserFactory.Create(Guid.NewGuid(), "Internal", "Internal Last", "12345",
"*****@*****.**");
var localArea = new LocalArea(Guid.NewGuid(), "Test Area", (int)UKCompetentAuthority.England);
context.NotificationApplications.Add(notification);
context.Users.Add(aspnetInternalUser);
context.LocalAreas.Add(localArea);
await context.SaveChangesAsync();
// Internal user is different UKCA from the notification - should cause the exception.
var internalUser = new InternalUser(aspnetInternalUser.Id, "test", UKCompetentAuthority.Wales,
localArea.Id);
context.InternalUsers.Add(internalUser);
await context.SaveChangesAsync();
A.CallTo(() => userContext.UserId).Returns(Guid.Parse(internalUser.UserId));
var authorization = new NotificationApplicationAuthorization(context, userContext);
// Assert.
await Assert.ThrowsAsync <SecurityException>(() => authorization.EnsureAccessAsync(notification.Id));
// Clear data.
context.DeleteOnCommit(internalUser);
await context.SaveChangesAsync();
context.Entry(aspnetInternalUser).State = EntityState.Deleted;
context.Entry(localArea).State = EntityState.Deleted;
await context.SaveChangesAsync();
context.DeleteOnCommit(notification);
await context.SaveChangesAsync();
}
public async Task CheckExternalUserNotOwnerAccessThrowsException()
{
// Setup.
var notification = NotificationApplicationFactory.Create(Guid.NewGuid(), NotificationType.Recovery,
UKCompetentAuthority.England, 20181);
var aspnetInternalUser = UserFactory.Create(Guid.NewGuid(), "Internal", "Internal Last", "12345",
"*****@*****.**");
var localArea = new LocalArea(Guid.NewGuid(), "Test Area", (int)UKCompetentAuthority.England);
context.NotificationApplications.Add(notification);
context.Users.Add(aspnetInternalUser);
context.LocalAreas.Add(localArea);
await context.SaveChangesAsync();
var internalUser = new InternalUser(aspnetInternalUser.Id, "test", UKCompetentAuthority.England,
localArea.Id);
context.InternalUsers.Add(internalUser);
await context.SaveChangesAsync();
var authorization = new NotificationApplicationAuthorization(context, userContext);
// Assert.
await Assert.ThrowsAsync <SecurityException>(() => authorization.EnsureAccessIsOwnerAsync(notification.Id));
// Clear data.
context.DeleteOnCommit(internalUser);
await context.SaveChangesAsync();
context.Entry(aspnetInternalUser).State = EntityState.Deleted;
context.Entry(localArea).State = EntityState.Deleted;
await context.SaveChangesAsync();
context.DeleteOnCommit(notification);
await context.SaveChangesAsync();
}