public void Should_throw_ArgumentException_when_actionname_is_null_or_empty()
        {
            // Arrange
            var securityHandler = new SecurityHandler();

            // Assert
            Assert.Throws<ArgumentException>(() => securityHandler.HandleSecurityFor("A", null, _context));
            Assert.Throws<ArgumentException>(() => securityHandler.HandleSecurityFor("A", "", _context));
        }
Exemple #2
0
        public void Should_throw_ArgumentException_when_actionname_is_null_or_empty()
        {
            // Arrange
            var securityHandler = new SecurityHandler();

            // Assert
            Assert.Throws <ArgumentException>(() => securityHandler.HandleSecurityFor("A", null, _context));
            Assert.Throws <ArgumentException>(() => securityHandler.HandleSecurityFor("A", "", _context));
        }
        public void Should_resolve_policy_violation_handler_for_exception_from_container()
        {
            // Arrange
            var expectedActionResult = new ViewResult { ViewName = "SomeViewName" };
            var violationHandler = new DenyAnonymousAccessPolicyViolationHandler(expectedActionResult);
            FakeIoC.GetAllInstancesProvider = () => new List<IPolicyViolationHandler>
            {
                violationHandler
            };

            SecurityConfigurator.Configure(policy =>
            {
                policy.ResolveServicesUsing(FakeIoC.GetAllInstances);
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
                policy.For<BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act
            var result = securityHandler.HandleSecurityFor(NameHelper.Controller<BlogController>(), "Index", SecurityContext.Current);

            // Assert
            Assert.That(result, Is.EqualTo(expectedActionResult));
        }
Exemple #4
0
        public void Should_resolve_policy_violation_handler_for_exception_from_container()
        {
            // Arrange
            var expectedActionResult = new ViewResult {
                ViewName = "SomeViewName"
            };
            var violationHandler = new DenyAnonymousAccessPolicyViolationHandler(expectedActionResult);

            FakeIoC.GetAllInstancesProvider = () => new List <IPolicyViolationHandler>
            {
                violationHandler
            };

            SecurityConfigurator.Configure(policy =>
            {
                policy.ResolveServicesUsing(FakeIoC.GetAllInstances);
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act
            var result = securityHandler.HandleSecurityFor(NameHelper.Controller <BlogController>(), "Index", SecurityContext.Current);

            // Assert
            Assert.That(result, Is.EqualTo(expectedActionResult));
        }
        public void Should_resolve_policy_violation_handler_for_exception_from_container()
        {
            // Arrange
            var controllerName = NameHelper.Controller<BlogController>();
            const string actionName = "Index";

            var events = new List<ISecurityEvent>();
            SecurityDoctor.Register(events.Add);
            var expectedActionResult = new ViewResult { ViewName = "SomeViewName" };
            var violationHandler = new DenyAnonymousAccessPolicyViolationHandler(expectedActionResult);
            FakeIoC.GetAllInstancesProvider = () => new List<IPolicyViolationHandler>
            {
                violationHandler
            };

            SecurityConfigurator.Configure(policy =>
            {
                policy.ResolveServicesUsing(FakeIoC.GetAllInstances);
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
                policy.For<BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act
            var result = securityHandler.HandleSecurityFor(controllerName, actionName, SecurityContext.Current);

            // Assert
            Assert.That(result, Is.EqualTo(expectedActionResult));
            Assert.That(events.Any(e => e.Message == "Handling security for {0} action {1}.".FormatWith(controllerName, actionName)));
            Assert.That(events.Any(e => e.Message == "Finding policy violation handler using convention {0}.".FormatWith(typeof(FindByPolicyNameConvention))));
            Assert.That(events.Any(e => e.Message == "Found policy violation handler {0}.".FormatWith(violationHandler.GetType().FullName)));
            Assert.That(events.Any(e => e.Message == "Handling violation with {0}.".FormatWith(violationHandler.GetType().FullName)));
            Assert.That(events.Any(e => e.Message == "Done enforcing policies. Violation occured!"));
        }
Exemple #6
0
        public void Should_throw_ArgumentNulllException_when_security_context_is_null()
        {
            // Arrange
            var securityHandler = new SecurityHandler();
            const ISecurityContext securityContext = null;

            // Assert
            Assert.Throws <ArgumentNullException>(() => securityHandler.HandleSecurityFor("A", "A", securityContext));
        }
Exemple #7
0
        public void Should_not_throw_when_when_controllername_is_Blog_and_actionname_is_Index()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(NameHelper.Controller <BlogController>(), "Index", SecurityContext.Current));
        }
        public void Should_not_throw_when_when_controllername_is_Blog_and_actionname_is_Index()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.For<BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(NameHelper.Controller<BlogController>(), "Index", SecurityContext.Current));
        }
        public void Should_not_throw_exception_when_the_user_is_authenticated()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(NameHelper <BlogController> .Controller(), "Index"));
        }
Exemple #10
0
        public void Should_not_throw_ConfigurationErrorsException_when_IgnoreMissingConfigurations_is_true()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.IgnoreMissingConfiguration();
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor("NonConfiguredController", "Action", SecurityContext.Current));
        }
Exemple #11
0
        public void Should_not_throw_exception_when_the_user_is_authenticated_with_role_Owner()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.GetRolesFrom(StaticHelper.GetRolesIncludingOwner);
                policy.For <BlogController>(x => x.DeletePost(0)).RequireRole(UserRole.Owner);
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(NameHelper.Controller <BlogController>(), "DeletePost", SecurityContext.Current));
        }
Exemple #12
0
        public void Should_throw_ConfigurationErrorsException_when_IgnoreMissingConfigurations_is_false()
        {
            // Arrange
            ExceptionFactory.RequestDescriptionProvider = () => TestDataFactory.CreateRequestDescription();

            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.Throws <ConfigurationErrorsException>(() => securityHandler.HandleSecurityFor("NonConfiguredController", "Action", SecurityContext.Current));
        }
Exemple #13
0
        public void Should_throw_when_the_user_is_anonymous()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act
            var exception = Assert.Throws <PolicyViolationException>(() => securityHandler.HandleSecurityFor(NameHelper.Controller <BlogController>(), "Index", SecurityContext.Current));

            // Assert
            Assert.That(exception.PolicyType, Is.EqualTo(typeof(DenyAnonymousAccessPolicy)));
            Assert.That(exception.Message, Is.StringContaining("Anonymous access denied"));
        }
Exemple #14
0
        public void Should_not_throw_ConfigurationErrorsException_when_IgnoreMissingConfigurations_is_true()
        {
            // Arrange
            var events = new List <ISecurityEvent>();

            SecurityDoctor.Register(events.Add);
            SecurityConfigurator.Configure(configuration =>
            {
                configuration.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                configuration.Advanced.IgnoreMissingConfiguration();
                configuration.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor("NonConfiguredController", "Action", SecurityContext.Current));
            Assert.That(events.Any(e => e.Message == "Ignoring missing configuration."));
        }
Exemple #15
0
        public void Should_throw_when_the_user_does_not_have_the_role_Owner()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.GetRolesFrom(StaticHelper.GetRolesExcludingOwner);
                policy.For <BlogController>(x => x.DeletePost(0)).RequireRole(UserRole.Owner);
            });

            var securityHandler = new SecurityHandler();

            // Act
            var exception = Assert.Throws <PolicyViolationException>(() => securityHandler.HandleSecurityFor(NameHelper.Controller <BlogController>(), "DeletePost", SecurityContext.Current));

            // Assert
            Assert.That(exception.PolicyType, Is.EqualTo(typeof(RequireRolePolicy)));
            Assert.That(exception.Message, Is.StringContaining("Access requires one of the following roles: Owner."));
        }
        public void Should_throw_when_the_user_is_anonymous()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
                policy.GetRolesFrom(StaticHelper.GetRolesExcludingOwner);
                policy.For <BlogController>(x => x.DeletePost(0)).RequireRole(UserRole.Owner);
            });

            var securityHandler = new SecurityHandler();

            // Act
            var exception = Assert.Throws <PolicyViolationException>(() => securityHandler.HandleSecurityFor(NameHelper <BlogController> .Controller(), "DeletePost"));

            // Assert
            Assert.That(exception.PolicyType, Is.EqualTo(typeof(RequireRolePolicy)));
            Assert.That(exception.Message, Is.StringContaining("Anonymous access denied"));
        }
Exemple #17
0
        public void Should_resolve_policy_violation_handler_for_exception_from_container()
        {
            // Arrange
            var          controllerName = NameHelper.Controller <BlogController>();
            const string actionName     = "Index";

            var events = new List <ISecurityEvent>();

            SecurityDoctor.Register(events.Add);
            var expectedActionResult = new ViewResult {
                ViewName = "SomeViewName"
            };
            var violationHandler = new DenyAnonymousAccessPolicyViolationHandler(expectedActionResult);

            FakeIoC.GetAllInstancesProvider = () => new List <IPolicyViolationHandler>
            {
                violationHandler
            };

            SecurityConfigurator.Configure(policy =>
            {
                policy.ResolveServicesUsing(FakeIoC.GetAllInstances);
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act
            var result = securityHandler.HandleSecurityFor(controllerName, actionName, SecurityContext.Current);

            // Assert
            Assert.That(result, Is.EqualTo(expectedActionResult));
            Assert.That(events.Any(e => e.Message == "Handling security for {0} action {1}.".FormatWith(controllerName, actionName)));
            Assert.That(events.Any(e => e.Message == "Finding policy violation handler using convention {0}.".FormatWith(typeof(FindByPolicyNameConvention))));
            Assert.That(events.Any(e => e.Message == "Found policy violation handler {0}.".FormatWith(violationHandler.GetType().FullName)));
            Assert.That(events.Any(e => e.Message == "Handling violation with {0}.".FormatWith(violationHandler.GetType().FullName)));
            Assert.That(events.Any(e => e.Message == "Done enforcing policies. Violation occured!"));
        }
Exemple #18
0
        public void Should_not_throw_exception_when_the_user_is_authenticated()
        {
            // Arrange
            var          controllerName = NameHelper.Controller <BlogController>();
            const string actionName     = "Index";

            var events = new List <ISecurityEvent>();

            SecurityDoctor.Register(events.Add);
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(controllerName, actionName, SecurityContext.Current));
            Assert.That(events.Any(e => e.Message == "Handling security for {0} action {1}.".FormatWith(controllerName, actionName)));
            Assert.That(events.Any(e => e.Message == "Done enforcing policies. Success!"));
        }
        public void Should_throw_when_the_user_is_anonymous()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
                policy.For<BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act
            var exception = Assert.Throws<PolicyViolationException>(() => securityHandler.HandleSecurityFor(NameHelper<BlogController>.Controller(), "Index"));

            // Assert
            Assert.That(exception.PolicyType, Is.EqualTo(typeof(DenyAnonymousAccessPolicy)));
            Assert.That(exception.Message, Is.StringContaining("Anonymous access denied"));
        }
        public void Should_throw_ConfigurationErrorsException_when_IgnoreMissingConfigurations_is_false()
        {
            // Arrange
            ExceptionFactory.RequestDescriptionProvider = () => TestDataFactory.CreateRequestDescription();

            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.For<BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.Throws<ConfigurationErrorsException>(() => securityHandler.HandleSecurityFor("NonConfiguredController", "Action", SecurityContext.Current));
        }
        public void Should_throw_when_the_user_does_not_have_the_role_Owner()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.GetRolesFrom(StaticHelper.GetRolesExcludingOwner);
                policy.For<BlogController>(x => x.DeletePost(0)).RequireRole(UserRole.Owner);
            });

            var securityHandler = new SecurityHandler();

            // Act
            var exception = Assert.Throws<PolicyViolationException>(() => securityHandler.HandleSecurityFor(NameHelper<BlogController>.Controller(), "DeletePost"));

            // Assert
            Assert.That(exception.PolicyType, Is.EqualTo(typeof(RequireRolePolicy)));
            Assert.That(exception.Message, Is.StringContaining("Access requires one of the following roles: Owner."));
        }
        public void Should_not_throw_ConfigurationErrorsException_when_IgnoreMissingConfigurations_is_true()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.IgnoreMissingConfiguration();
                policy.For<BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor("NonConfiguredController", "Action", SecurityContext.Current));
        }
        public void Should_throw_when_the_user_is_anonymous()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
                policy.GetRolesFrom(StaticHelper.GetRolesExcludingOwner);
                policy.For<BlogController>(x => x.DeletePost(0)).RequireRole(UserRole.Owner);
            });

            var securityHandler = new SecurityHandler();

            // Act
            var exception = Assert.Throws<PolicyViolationException>(() => securityHandler.HandleSecurityFor(NameHelper.Controller<BlogController>(), "DeletePost", SecurityContext.Current));

            // Assert
            Assert.That(exception.PolicyType, Is.EqualTo(typeof(RequireRolePolicy)));
            Assert.That(exception.Message, Is.StringContaining("Anonymous access denied"));
        }
        public void Should_not_throw_exception_when_the_user_is_authenticated_with_role_Owner()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.GetRolesFrom(StaticHelper.GetRolesIncludingOwner);
                policy.For<BlogController>(x => x.DeletePost(0)).RequireRole(UserRole.Owner);
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(NameHelper.Controller<BlogController>(), "DeletePost", SecurityContext.Current));
        }
        public void Should_not_throw_exception_when_the_user_is_authenticated()
        {
            // Arrange
            var controllerName = NameHelper.Controller<BlogController>();
            const string actionName = "Index";

            var events = new List<ISecurityEvent>();
            SecurityDoctor.Register(events.Add);
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.For<BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(controllerName, actionName, SecurityContext.Current));
            Assert.That(events.Any(e => e.Message == "Handling security for {0} action {1}.".FormatWith(controllerName, actionName)));
            Assert.That(events.Any(e => e.Message == "Done enforcing policies. Success!"));
        }
        public void Should_not_throw_ConfigurationErrorsException_when_IgnoreMissingConfigurations_is_true()
        {
            // Arrange
            var events = new List<ISecurityEvent>();
            SecurityDoctor.Register(events.Add);
            SecurityConfigurator.Configure(configuration =>
            {
                configuration.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                configuration.Advanced.IgnoreMissingConfiguration();
                configuration.For<BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor("NonConfiguredController", "Action", SecurityContext.Current));
            Assert.That(events.Any(e => e.Message == "Ignoring missing configuration."));
        }
        public void Should_throw_ArgumentNulllException_when_security_context_is_null()
        {
            // Arrange
            var securityHandler = new SecurityHandler();
            const ISecurityContext securityContext = null;

            // Assert
            Assert.Throws<ArgumentNullException>(() => securityHandler.HandleSecurityFor("A", "A", securityContext));
        }
        public void Should_not_throw_exception_when_the_user_is_authenticated()
        {
            // Arrange
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.For<BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(NameHelper<BlogController>.Controller(), "Index"));
        }