public void GetIdentity_For_InExisting_Internal_Public_Client_User_Should_Return_Valid_Identity()
        {
            // arrange
            var controllerHelperMock = Mock.Of <IControllerHelper>(setup => setup.IsInternalUser());

            var authenticationHelperMock = new Mock <IAuthenticationHelper>();

            authenticationHelperMock
            .Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
            .Returns(new List <ClaimInfo>
            {
                new ClaimInfo
                {
                    Type  = "/identity/claims/e-id/profile/role",
                    Value = "BVW"
                }
            });

            var mockUserDataAccess = Mock.Of <IUserDataAccess>();

            var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock, authenticationHelperMock.Object, null);

            // act
            var result = sut.GetIdentity(null, null, true);

            // assert
            result.AuthStatus.Should().Be(AuthStatus.NeuerBenutzer);
            result.Roles.Should().ContainInOrder(AccessRoles.RoleBVW);
            result.IssuedAccessTokens.Length.Should().Be(0);
            result.RedirectUrl.Should().BeEmpty();
        }
 public IHttpActionResult GetIdentity()
 {
     try
     {
         var identity = authControllerHelper.GetIdentity(Request, User, true);
         return(Ok(identity));
     }
     catch (AuthenticationException e)
     {
         return(Content(HttpStatusCode.Forbidden, e.Message));
     }
 }
        public void GetIdentity_For_Existing_Oe3_User_With_Role_And_Correct_AuthenticationMethod_Should_Return_Valid_Identity()
        {
            // arrange
            var controllerHelperMock = new Mock <IControllerHelper>();

            controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
            controllerHelperMock.Setup(m => m.IsMTanAuthentication()).Returns(false);
            controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");

            var authenticationHelperMock = new Mock <IAuthenticationHelper>();

            authenticationHelperMock
            .Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
            .Returns(new List <ClaimInfo>
            {
                new ClaimInfo
                {
                    Type  = "/identity/claims/e-id/profile/role",
                    Value = "Ö3"
                }
            });

            var applicationRoleUserDataAccessMock = Mock.Of <IApplicationRoleUserDataAccess>();

            var mockUserDataAccess = new Mock <IUserDataAccess>();

            mockUserDataAccess.Setup(m => m.GetUser(It.IsAny <string>())).Returns(
                new User {
                Id = "1"
            });
            mockUserDataAccess.Setup(m => m.GetRoleForClient(It.IsAny <string>())).Returns("Ö3");

            var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();

            webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
            .Returns((string key, string defaultValue) => defaultValue);

            var sut = new AuthControllerHelper(applicationRoleUserDataAccessMock, mockUserDataAccess.Object, controllerHelperMock.Object,
                                               authenticationHelperMock.Object, webCmiConfigProviderMock.Object);

            // act
            var result = sut.GetIdentity(null, null, true);

            // assert
            result.AuthStatus.Should().Be(AuthStatus.KeineMTanAuthentication);
            result.Roles.Should().ContainInOrder("Ö3");
            result.RedirectUrl.Should().Be("www.recherche.bar.admin.ch/_pep/myaccount?returnURI=/my-appl/private/welcome.html&op=reg-mobile");
        }
        public void GetIdentity_For_Existing_Public_Client_User_With_Role_And_Correct_AuthenticationMethod_Should_Return_Valid_Identity()
        {
            // arrange
            var controllerHelperMock = new Mock <IControllerHelper>();

            controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
            controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");

            var authenticationHelperMock = new Mock <IAuthenticationHelper>();

            authenticationHelperMock
            .Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
            .Returns(new List <ClaimInfo>
            {
                new ClaimInfo
                {
                    Type  = "/identity/claims/e-id/profile/role",
                    Value = "Ö2"
                }
            });

            var applicationRoleUserDataAccessMock = Mock.Of <IApplicationRoleUserDataAccess>();

            var mockUserDataAccess = new Mock <IUserDataAccess>();

            mockUserDataAccess.Setup(m => m.GetUser(It.IsAny <string>())).Returns(
                new User {
                Id = "1"
            });
            mockUserDataAccess.Setup(m => m.GetRoleForClient(It.IsAny <string>())).Returns("Ö2");

            var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();

            webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
            .Returns((string key, string defaultValue) => defaultValue);

            var sut = new AuthControllerHelper(applicationRoleUserDataAccessMock, mockUserDataAccess.Object, controllerHelperMock.Object,
                                               authenticationHelperMock.Object, webCmiConfigProviderMock.Object);

            // act
            var result = sut.GetIdentity(null, null, true);

            // assert
            result.AuthStatus.Should().Be(AuthStatus.Ok);
            result.Roles.Should().ContainInOrder("Ö2");
            result.IssuedAccessTokens.Length.Should().Be(0);
            result.RedirectUrl.Should().BeEmpty();
        }
        public void GetIdentity_For_Existing_User_Without_Role_Should_Throw_Exception()
        {
            // arrange
            var controllerHelperMock = new Mock <IControllerHelper>();

            controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
            controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");

            var authenticationHelperMock = new Mock <IAuthenticationHelper>();

            authenticationHelperMock
            .Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
            .Returns(new List <ClaimInfo>
            {
                new ClaimInfo
                {
                    Type  = "/identity/claims/e-id/profile/role",
                    Value = "BVW"
                }
            });

            var applicationRoleUserDataAccessMock = Mock.Of <IApplicationRoleUserDataAccess>();

            var mockUserDataAccess = new Mock <IUserDataAccess>();

            mockUserDataAccess.Setup(m => m.GetUser(It.IsAny <string>())).Returns(
                new User {
                Id = "1"
            });

            var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();

            webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
            .Returns((string key, string defaultValue) => defaultValue);

            var sut = new AuthControllerHelper(applicationRoleUserDataAccessMock, mockUserDataAccess.Object, controllerHelperMock.Object,
                                               authenticationHelperMock.Object, webCmiConfigProviderMock.Object);

            // act
            var action = (Action)(() => { sut.GetIdentity(null, null, false); });

            // assert
            action.Should().Throw <AuthenticationException>()
            .Where(ex => ex.Message.Contains(
                       "Es wurde für den Benutzer keine Rolle definiert in der Datenbank oder Authentifikation hat fehlgeschlagen"));
        }
        public void GetIdentity_For_User_Without_Role_Claim_Should_Throw_AuthenticationException()
        {
            // arrange
            var controllerHelperMock     = Mock.Of <IControllerHelper>();
            var authenticationHelperMock = new Mock <IAuthenticationHelper>();

            authenticationHelperMock
            .Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
            .Returns(new List <ClaimInfo>());

            var sut = new AuthControllerHelper(null, null, controllerHelperMock, authenticationHelperMock.Object, null);

            // act
            var action = (Action)(() => { sut.GetIdentity(null, null, false); });

            // assert
            action.Should().Throw <AuthenticationException>().WithMessage("User hat noch keinen Antrag gestellt");
        }
        public void GetIdentity_For_InExisting_Internal_Management_Client_User_Should_Return_Valid_Identity()
        {
            // arrange
            var controllerHelperMock = new Mock <IControllerHelper>();

            controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
            controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");

            var authenticationHelperMock = new Mock <IAuthenticationHelper>();

            authenticationHelperMock
            .Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
            .Returns(new List <ClaimInfo>
            {
                new ClaimInfo
                {
                    Type  = "/identity/claims/e-id/profile/role",
                    Value = "BVW"
                }
            });

            var mockUserDataAccess       = Mock.Of <IUserDataAccess>();
            var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();

            webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
            .Returns((string key, string defaultValue) => defaultValue);

            var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock.Object, authenticationHelperMock.Object,
                                               webCmiConfigProviderMock.Object);

            // act
            var result = sut.GetIdentity(null, null, false);

            // assert
            result.AuthStatus.Should().Be(AuthStatus.NeuerBenutzer);
            result.Roles.Should().ContainInOrder("ALLOW");
            result.IssuedAccessTokens.Length.Should().Be(0);
            result.RedirectUrl.Should().Be("www.recherche.bar.admin.ch/recherche");
        }
 public IHttpActionResult GetIdentity()
 {
     return(Ok(authControllerHelper.GetIdentity(Request, User, false)));
 }