/// <summary> /// Initializes a new instance of the <see cref="ControllersValidator"/> class. /// </summary> /// <param name="actionValidator">The action validator.</param> /// <param name="policyStore">Authorization policy store.</param> /// <exception cref="System.ArgumentNullException"></exception> public ControllersValidator(IActionsValidator actionValidator, IAuthorizationPolicyStore policyStore) { if (policyStore == null) { throw new ArgumentNullException(nameof(policyStore)); } if (actionValidator == null) { throw new ArgumentNullException(nameof(actionValidator)); } _actionValidator = actionValidator; _policyStore = policyStore; }
/// <summary> /// Initializes a new instance of the <see cref="ActionsValidator"/> class. /// </summary> /// <param name="paramsValidator">The parameters validator.</param> /// <param name="policyStore">Authorization policy store.</param> /// <exception cref="System.ArgumentNullException"></exception> public ActionsValidator(IParametersValidator paramsValidator, IAuthorizationPolicyStore policyStore) { if (policyStore == null) { throw new ArgumentNullException(nameof(policyStore)); } if (paramsValidator == null) { throw new ArgumentNullException(nameof(paramsValidator)); } _paramsValidator = paramsValidator; _policyStore = policyStore; }
private async Task AssertSecureControllerAccess(ClaimsPrincipal user, string method, int expectedStatusCode, IAuthorizationPolicyStore policyStore = null) { var ctrl = new Fakes.FakeLimitedControllerDiscoverer(typeof(Controllers.SecureController)).GetControllers(null).Single(); if (policyStore != null) { object[] methodCallProps = { policyStore }; typeof(ControllerContext) .GetTypeInfo() .GetProperty("AuthPolicyStore", BindingFlags.Instance | BindingFlags.NonPublic) .SetMethod.Invoke(ctrl, methodCallProps); } var actionCtx = ctrl.Actions.Single(x => string.Compare(method, x.Name, StringComparison.OrdinalIgnoreCase) == 0); var invoker = new ActionInvoker(new ControllerBuilder((new Moq.Mock <IServiceProvider>()).Object), new ModelBinderCollection(new JsonSerializer(), new Moq.Mock <IServiceProvider>().Object), new JsonSerializer()); var httpCtx = new Fakes.FakeHttpContext(); httpCtx.User = user; httpCtx.Request.Path = "/api/secure/" + method; await invoker.Invoke(httpCtx, actionCtx); Assert.Equal(expectedStatusCode, httpCtx.Response.StatusCode); }
private async Task AssertSecureControllerAccess(ClaimsPrincipal user, string method, int expectedStatusCode, IAuthorizationPolicyStore policyStore = null) { var ctrl = new Fakes.FakeLimitedControllerDiscoverer(typeof(Controllers.SecureController)).GetControllers(null).Single(); if (policyStore != null) { var options = LiteApiOptions.Default; foreach (var policy in policyStore.GetPolicyNames()) { options.AuthorizationPolicyStore.SetPolicy(policy, policyStore.GetPolicy(policy)); } ctrl.Filters = null; // force refresh init with new policy store foreach (var action in ctrl.Actions) { action.Filters = null; } ctrl.Init(new LiteApiOptionsAccessor(options)); } var actionCtx = ctrl.Actions.Single(x => string.Compare(method, x.Name, StringComparison.OrdinalIgnoreCase) == 0); var invoker = new ActionInvoker(new ControllerBuilder((new Moq.Mock <IServiceProvider>()).Object), new ModelBinderCollection( new JsonSerializer(), Fakes.FakeServiceProvider.GetServiceProvider(), new Fakes.FakeDefaultLiteApiOptionsRetriever()), new JsonSerializer()); var httpCtx = new Fakes.FakeHttpContext(); httpCtx.User = user; httpCtx.Request.Path = "/api/secure/" + method; await invoker.Invoke(httpCtx, actionCtx); Assert.Equal(expectedStatusCode, httpCtx.Response.StatusCode); }