public void UnauthenticatedActivityNullDefaultFalse()
{
var scope = new AuthorizationScope
{
Activities =
{
new Activity
{
Resource = "Home",
Action = "Index",
//AllowUnauthenticated = true,
// NB This allows us to override the top level default
Default = false,
}
}
};
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, false, null, false);
var principal = CreatePrincipal("fred", new List <string>(), null, false);
var candidate = authorizer.IsAuthorized("Home", "Index", principal);
Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs");
Assert.That(candidate.Reason, Is.Null, "Reason differs");
}
public void ActivityDefaultAuthorizationFallback()
{
var scope = SampleScope(null);
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, true, "Test");
var principal = CreatePrincipal("charlie", new List <string>());
var candidate = authorizer.IsAuthorized("Default", null, principal);
Assert.That(candidate.IsAuthorized, Is.True, "IsAuthorized differs");
}
public void DefaultFalseUnauthenticatedFalse()
{
var scope = new AuthorizationScope();
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, false, null, false);
var principal = CreatePrincipal("fred", new List <string>(), null, false);
var candidate = authorizer.IsAuthorized("Test", null, principal);
Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs");
Assert.That(candidate.Reason, Is.EqualTo("IsAuthenticated: false"), "Reason differs");
}
public void DefaultActivityDenyRoleTakesPrecendence()
{
var scope = SampleScope(null);
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, true, "Test");
var principal = CreatePrincipal("bob", new List <string> {
"a"
});
var candidate = authorizer.IsAuthorized("Default", null, principal);
Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs");
}
public void ActivityHierarchyGrantRole()
{
var scope = SampleScope(null);
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, true);
var principal = CreatePrincipal("charlie", new List <string> {
"b"
});
var candidate = authorizer.IsAuthorized("Test", "Index", principal);
Assert.That(candidate.IsAuthorized, Is.True, "IsAuthorized differs");
}
public void AuthorizerDefaultAuthorizationFalse()
{
var scope = new AuthorizationScope();
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, false);
Assert.AreEqual(false, authorizer.DefaultAuthorization, "Default authorization differs");
var principal = CreatePrincipal("charlie", new List <string>());
var candidate = authorizer.IsAuthorized("Test", null, principal);
Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs");
}
public void ActivityGrantClaim()
{
var scope = SampleScope(null);
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, true);
var principal = CreatePrincipal("charlie", new List <string>(), new List <string> {
"q"
});
var candidate = authorizer.IsAuthorized("Test", null, principal);
Assert.That(candidate.IsAuthorized, Is.True, "IsAuthorized differs");
Assert.That(candidate.Reason, Is.EqualTo("Claim: team/q"), "Reason differs");
}
public void ActivityDenyClaimTakesPrecendence()
{
var scope = SampleScope(null);
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, true);
var principal = CreatePrincipal("bob", new List <string>(), new List <string> {
"p"
});
var candidate = authorizer.IsAuthorized("Test", null, principal);
Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs");
Assert.That(candidate.Reason, Is.EqualTo("Claim: team/p"), "Reason differs");
}
public void ActivityHierarchyExplicitActionDenyRoleTakesPrecendence()
{
var scope = SampleScope(null);
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, true);
var principal = CreatePrincipal("bob", new List <string> {
"a"
});
var candidate = authorizer.IsAuthorized("Test", "Foo", principal);
Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs");
// NB Proves we got the "Test.Foo" activity
Assert.IsNull(candidate.PrincipalReason);
}
public void ActivityHierarchyDenyUserTakesPrecedence()
{
var scope = SampleScope(null);
var provider = new StaticAuthorizationScopeProvider(scope);
var authorizer = new ActivityAuthorizer(provider, true);
var principal = CreatePrincipal("alice", new List <string> {
"b"
});
var candidate = authorizer.IsAuthorized("Test", "Index", principal);
Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs");
// NB Proves we got the "Test" activity
Assert.IsNotNull(candidate.PrincipalReason);
Assert.IsNull(candidate.PrincipalReason.Action);
}
