public void should_use_authorizationprovider()
{
// Arrange
AdminRequiredAttributeMock attribute = new AdminRequiredAttributeMock();
attribute.AuthorizationProvider = new AuthorizationProviderMock()
{
IsAdminResult = true
};
attribute.ApplicationSettings = _applicationSettings;
attribute.UserService = _userService;
IdentityStub identity = new IdentityStub()
{
Name = Guid.NewGuid().ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
HttpContextBase context = GetHttpContext(principal);
// Act
bool isAuthorized = attribute.CallAuthorize(context);
// Assert
Assert.That(isAuthorized, Is.True);
}
public void Should_Use_AuthorizationProvider()
{
// Arrange
WebApiAdminRequiredAttributeMock attribute = new WebApiAdminRequiredAttributeMock();
attribute.AuthorizationProvider = new AuthorizationProviderMock()
{
IsAdminResult = true
};
attribute.ApplicationSettings = _applicationSettings;
attribute.UserService = _userService;
IdentityStub identity = new IdentityStub()
{
Name = Guid.NewGuid().ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
Thread.CurrentPrincipal = principal;
// Act
bool isAuthorized = attribute.CallAuthorize(new HttpActionContext());
// Assert
Assert.That(isAuthorized, Is.True);
}
public void should_use_authorizationprovider_for_editors_when_publicsite_is_false()
{
// Arrange
User editorUser = CreateEditorUser();
OptionalAuthorizationAttributeMock attribute = new OptionalAuthorizationAttributeMock();
attribute.AuthorizationProvider = new AuthorizationProviderMock()
{
IsEditorResult = true
};
attribute.ApplicationSettings = _applicationSettings;
attribute.UserService = _userService;
IdentityStub identity = new IdentityStub()
{
Name = editorUser.Id.ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
HttpContextBase context = GetHttpContext(principal);
// Act
bool isAuthorized = attribute.CallAuthorize(context);
// Assert
Assert.That(isAuthorized, Is.True);
}
public void should_return_true_if_publicsite_is_true()
{
// Arrange
_applicationSettings.IsPublicSite = true;
OptionalAuthorizationAttributeMock attribute = new OptionalAuthorizationAttributeMock();
attribute.AuthorizationProvider = new AuthorizationProviderMock();
attribute.ApplicationSettings = _applicationSettings;
attribute.UserService = _userService;
IdentityStub identity = new IdentityStub()
{
Name = Guid.NewGuid().ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
HttpContextBase context = GetHttpContext(principal);
// Act
bool isAuthorized = attribute.CallAuthorize(context);
// Assert
Assert.That(isAuthorized, Is.True);
}
public void Should_Use_AuthorizationProvider_For_Admin_When_PublicSite_Is_False()
{
// Arrange
User adminUser = CreateAdminUser();
OptionalAuthorizationAttributeMock attribute = new OptionalAuthorizationAttributeMock();
attribute.AuthorizationProvider = new AuthorizationProviderMock()
{
IsEditorResult = true
};
attribute.ApplicationSettings = _applicationSettings;
attribute.UserService = _userService;
IdentityStub identity = new IdentityStub()
{
Name = adminUser.Id.ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
HttpContextBase context = GetHttpContext(principal);
// Act
bool isAuthorized = attribute.CallAuthorize(context);
// Assert
Assert.That(isAuthorized, Is.True);
}
protected HttpContextBase GetHttpContext(PrincipalStub principal)
{
MvcMockContainer container = new MvcMockContainer();
HttpContextBase context = MvcMockHelpers.FakeHttpContext(container);
container.Context.SetupProperty(x => x.User, principal);
return(context);
}
public void Should_Throw_SecurityException_When_AuthorizationProvider_Is_Null()
{
// Arrange
AdminRequiredAttributeMock attribute = new AdminRequiredAttributeMock();
attribute.AuthorizationProvider = null;
IdentityStub identity = new IdentityStub()
{
Name = Guid.NewGuid().ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
HttpContextBase context = GetHttpContext(principal);
// Act + Assert
attribute.CallAuthorize(context);
}
public void IsAdmin_Should_Return_True_For_Admin_User()
{
// Arrange
User adminUser = CreateAdminUser();
IdentityStub identity = new IdentityStub()
{
Name = adminUser.Id.ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsAdmin(principal);
// Assert
Assert.That(isAuthenticated, Is.True);
}
public void IsViewer_Should_Return_True_When_Not_Authenticated()
{
// Arrange
User editorUser = CreateEditorUser();
IdentityStub identity = new IdentityStub()
{
IsAuthenticated = false
};
IPrincipal principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsViewer(principal);
// Assert
Assert.That(isAuthenticated, Is.True);
}
public void IsEditor_Should_Return_False_When_No_Identity_Name_Set()
{
// Arrange
User adminUser = CreateAdminUser();
IdentityStub identity = new IdentityStub()
{
Name = "", IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsEditor(principal);
// Assert
Assert.That(isAuthenticated, Is.False);
}
public void iseditor_should_return_false_when_not_authenticated()
{
// Arrange
User editorUser = CreateEditorUser();
IdentityStub identity = new IdentityStub()
{
Name = editorUser.Id.ToString(), IsAuthenticated = false
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsEditor(principal);
// Assert
Assert.That(isAuthenticated, Is.False);
}
public void isadmin_should_return_false_when_no_identity_name_set()
{
// Arrange
User adminUser = CreateAdminUser();
IdentityStub identity = new IdentityStub()
{
Name = "", IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsAdmin(principal);
// Assert
Assert.That(isAuthenticated, Is.False);
}
public void Should_Throw_SecurityException_When_AuthorizationProvider_Is_Null()
{
// Arrange
WebApiAdminRequiredAttributeMock attribute = new WebApiAdminRequiredAttributeMock();
attribute.AuthorizationProvider = null;
IdentityStub identity = new IdentityStub()
{
Name = Guid.NewGuid().ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
Thread.CurrentPrincipal = principal;
// Act + Assert
attribute.CallAuthorize(new HttpActionContext());
}
public void IsEditor_Should_Return_True_When_No_Editor_Role_Set()
{
// Arrange
_applicationSettings.EditorRoleName = "";
User editorUser = CreateEditorUser();
IdentityStub identity = new IdentityStub()
{
Name = editorUser.Id.ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsEditor(principal);
// Assert
Assert.That(isAuthenticated, Is.True);
}
public void isadmin_should_return_true_when_no_admin_role_set()
{
// Arrange
_applicationSettings.AdminRoleName = "";
User adminUser = CreateAdminUser();
IdentityStub identity = new IdentityStub()
{
Name = adminUser.Id.ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsAdmin(principal);
// Assert
Assert.That(isAuthenticated, Is.True);
}
public void IsEditor_Should_Return_False_When_User_Is_Not_Admin_Or_Editor()
{
// Arrange
User user = CreateEditorUser();
user.IsEditor = false;
IdentityStub identity = new IdentityStub()
{
Name = user.Id.ToString(), IsAuthenticated = true
};
PrincipalStub principal = new PrincipalStub()
{
Identity = identity
};
AuthorizationProvider provider = new AuthorizationProvider(_applicationSettings, _userService);
// Act
bool isAuthenticated = provider.IsEditor(principal);
// Assert
Assert.That(isAuthenticated, Is.False);
}
