public void RoleManagementLogic_SetRoleScopes_InvalidScopeProvided_ThrowsReferencedObjectDoesNotExistException()
{
List <Scope> validScopes = new List <Scope>()
{
new Scope("TestScope", AuthorizationScopes.ManageRoles)
};
Mock <IAuthorizationLogic> authorizationLogic = new Mock <IAuthorizationLogic>();
authorizationLogic.Setup(x => x.IsAuthorized(It.IsAny <Guid>(), It.IsAny <ClaimsPrincipal>())).Returns(true);
authorizationLogic.Setup(x => x.GetAvailibleScopes()).Returns(validScopes);
SetRoleScopesModel model = new SetRoleScopesModel()
{
RoleId = new Guid(),
Scopes = new List <Guid>()
{
Guid.NewGuid()
}
};
SecurityRole role = new SecurityRole()
{
Name = "TestRole", Id = Guid.NewGuid()
};
Mock <IConfigurationRepository> configurationRepository = new Mock <IConfigurationRepository>();
configurationRepository.Setup(x => x.Get <SecurityRole>(It.IsAny <Guid>())).Returns(role);
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(configurationRepository.Object, authorizationLogic.Object);
roleManagementLogic.SetRoleScopes(model, null);
}
public void RoleManagementLogic_UpdateRole_Unauthorized_ThrowsUnauthorizedAccessException()
{
SecurityRole securityRole = new SecurityRole();
ClaimsPrincipal user = new ClaimsPrincipal();
Mock <IAuthorizationLogic> authorizationLogic = new Mock <IAuthorizationLogic>();
authorizationLogic.Setup(x => x.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, user, It.IsAny <ILoggableEntity>(), It.IsAny <EventCategory>())).Throws(new UnauthorizedAccessException());
Mock <IConfigurationRepository> configurationRepository = new Mock <IConfigurationRepository>();
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(configurationRepository.Object, authorizationLogic.Object);
roleManagementLogic.UpdateRole(securityRole, user);
}
public void RoleManagementLogic_SetRoleScopes_UnauthorizedUser_ThrowsUnauthorizedAccessException()
{
SetRoleScopesModel model = new SetRoleScopesModel()
{
RoleId = new Guid()
};
Mock <IAuthorizationLogic> authorizationLogic = new Mock <IAuthorizationLogic>();
authorizationLogic.Setup(x => x.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, It.IsAny <ClaimsPrincipal>(), It.IsAny <ILoggableEntity>(), It.IsAny <EventCategory>())).Throws(new UnauthorizedAccessException());
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(null, authorizationLogic.Object);
roleManagementLogic.SetRoleScopes(model, null);
}
public void RoleManagementLogic_AddRoleMember_UserNotFound_ThrowsReferencedObjectDoesNotExistException()
{
AddSecurityRoleMemberModel model = new AddSecurityRoleMemberModel()
{
MemberId = Guid.NewGuid(),
RoleId = Guid.NewGuid()
};
ClaimsPrincipal user = new ClaimsPrincipal();
Mock <IConfigurationRepository> configurationRepository = new Mock <IConfigurationRepository>();
configurationRepository.Setup(x => x.Get <AuthenticablePrincipal>(model.MemberId)).Returns((AuthenticablePrincipal)null);
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(configurationRepository.Object, new AuthorizeInitialSetup(configurationRepository.Object));
roleManagementLogic.AddRoleMember(model, user);
}
public void RoleManagementLogic_DeleteRole_DeleteWellKnownAdministratorId_ThrowsInvalidOperationException()
{
SecurityRole securityRole = new SecurityRole()
{
Id = RoleManagementLogic.WellKnownAdministratorRoleId
};
ClaimsPrincipal user = new ClaimsPrincipal();
Mock <IAuthorizationLogic> authorizationLogic = new Mock <IAuthorizationLogic>();
authorizationLogic.Setup(x => x.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, user, It.IsAny <ILoggableEntity>(), It.IsAny <EventCategory>()));
Mock <IConfigurationRepository> configurationRepository = new Mock <IConfigurationRepository>();
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(configurationRepository.Object, authorizationLogic.Object);
roleManagementLogic.DeleteRole(securityRole, user);
}
public void RoleManagementLogic_AddRoleMember_Unauthorized_ThrowsUnauthorizedAccessException()
{
ClaimsPrincipal user = new ClaimsPrincipal();
AddSecurityRoleMemberModel model = new AddSecurityRoleMemberModel()
{
MemberId = Guid.NewGuid(),
RoleId = Guid.NewGuid()
};
Mock <IAuthorizationLogic> authorizationLogic = new Mock <IAuthorizationLogic>();
authorizationLogic.Setup(x => x.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, user, It.IsAny <ILoggableEntity>(), It.IsAny <EventCategory>())).Throws(new UnauthorizedAccessException());
Mock <IConfigurationRepository> configurationRepository = new Mock <IConfigurationRepository>();
configurationRepository.Setup(x => x.Get <AuthenticablePrincipal>(model.MemberId)).Returns(new AuthenticablePrincipal());
configurationRepository.Setup(x => x.Get <SecurityRole>(model.RoleId)).Returns((SecurityRole)null);
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(configurationRepository.Object, authorizationLogic.Object);
roleManagementLogic.AddRoleMember(model, user);
}
private void InitializeApp(IServiceCollection services, AppSettings appSettings)
{
//singleton pattern here was a huge mistake, i'm going to fix this.
LiteDbConfigurationRepository configurationRepository = new LiteDbConfigurationRepository(databaseLocator.GetConfigurationRepositoryConnectionString());
appConfig = configurationRepository.GetAppConfig();
ActiveDirectoryRepository activeDirectory = new ActiveDirectoryRepository();
EncryptionProvider cipher = new EncryptionProvider(appConfig.EncryptionKey);
services.AddSingleton <EncryptionProvider>(cipher);
services.AddSingleton <IActiveDirectoryAuthenticator>(activeDirectory);
services.AddSingleton <IActiveDirectoryRepository>(activeDirectory);
IdentityAuthenticationLogic identityAuthenticationLogic = new IdentityAuthenticationLogic(configurationRepository, activeDirectory);
services.AddSingleton <IdentityAuthenticationLogic>();
ICertificateRepository certificateRepository = new LiteDbCertificateRepository(databaseLocator.GetCertificateRepositoryConnectionString());
RuntimeCacheRepository runtimeCacheRepository = null;
LiteDbAuditRepository auditRepository = new LiteDbAuditRepository(databaseLocator.GetAuditRepositoryConnectionString());
IAuditLogic auditLogic = new AuditLogic(auditRepository, configurationRepository);
services.AddSingleton <IAuditLogic>(auditLogic);
IAuthorizationLogic authorizationLogic = new AuthorizationLogic(configurationRepository, auditLogic);
IScriptManagementLogic scriptManagement = new ScriptManagementLogic(configurationRepository, authorizationLogic);
services.AddSingleton <IScriptManagementLogic>(scriptManagement);
IPowershellEngine powershellEngine = new PowershellEngine(auditLogic, scriptManagement);
services.AddSingleton <IPowershellEngine>(powershellEngine);
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(configurationRepository, authorizationLogic);
services.AddSingleton <RoleManagementLogic>(roleManagementLogic);
UserManagementLogic userManagementLogic = new UserManagementLogic(configurationRepository, authorizationLogic);
services.AddSingleton <UserManagementLogic>(userManagementLogic);
SecurityPrincipalLogic securityPrincipalLogic = new SecurityPrincipalLogic(roleManagementLogic, userManagementLogic);
services.AddSingleton <SecurityPrincipalLogic>();
AdcsTemplateLogic adcsTemplateLogic = new AdcsTemplateLogic(configurationRepository, activeDirectory);
services.AddSingleton <AdcsTemplateLogic>(adcsTemplateLogic);
services.AddSingleton <IAuthorizationLogic>(authorizationLogic);
services.AddSingleton <IConfigurationRepository>(configurationRepository);
ICertificateProvider certificateProvider = new Win32CertificateProvider();
services.AddSingleton <ICertificateProvider>(certificateProvider);
services.AddSingleton <ICertificateRepository>(certificateRepository);
ActiveDirectoryIdentityProviderLogic activeDirectoryIdentityProviderLogic = new ActiveDirectoryIdentityProviderLogic(configurationRepository);
services.AddSingleton <ActiveDirectoryIdentityProviderLogic>(activeDirectoryIdentityProviderLogic);
certificateManagementLogic = new CertificateManagementLogic(
configurationRepository,
certificateRepository,
authorizationLogic,
auditLogic,
securityPrincipalLogic,
cipher);
services.AddSingleton <CertificateManagementLogic>(certificateManagementLogic);
PrivateCertificateProcessing privateCertificateProcessing = new PrivateCertificateProcessing(certificateRepository, configurationRepository, certificateProvider, authorizationLogic, adcsTemplateLogic, auditLogic);
services.AddSingleton <IPrivateCertificateProcessing>(privateCertificateProcessing);
services.AddSingleton <NodeLogic>(new NodeLogic(configurationRepository, authorizationLogic, activeDirectoryIdentityProviderLogic, powershellEngine, auditLogic, certificateManagementLogic, privateCertificateProcessing));
services.AddSingleton <IRuntimeConfigurationState>(
new RuntimeConfigurationState(configurationRepository, runtimeCacheRepository)
{
InitialSetupComplete = initialSetupComplete
});
services.AddSingleton <IClientsideConfigurationProvider>(new ClientsideConfigurationProvider(configurationRepository));
services.AddSingleton <AnalyticsLogic>(new AnalyticsLogic(configurationRepository, certificateRepository, auditRepository));
services.AddSingleton <DataRenderingProvider>(new DataRenderingProvider());
oidcLogic = new OpenIdConnectIdentityProviderLogic(configurationRepository, authorizationLogic);
services.AddSingleton <IOpenIdConnectIdentityProviderLogic>(oidcLogic);
}
//AuthorizationLogic authorizationLogic;
public SecurityRolesController(RoleManagementLogic roleManagement)
{
this.http = new HttpResponseHandler(this);
this.roleManagement = roleManagement;
//this.authorizationLogic = authorizationLogic;
}
