public void SkipAuthorizationShouldNotSkipWhenNotAnonymousAllowed()
{
var attribute = new StrixAuthorizationAttribute();
List<Mock> mocks;
var context = GetAuthorizationContext(out mocks);
var request = mocks.First(m => m.GetType() == typeof(Mock<HttpRequestBase>)) as Mock<HttpRequestBase>;
request.Setup(r => r.Headers).Returns(new NameValueCollection());
attribute.OnAuthorization(context);
Assert.AreEqual(typeof(HttpUnauthorizedResult), context.Result.GetType());
}
public void SkipAuthorizationShouldSkipWhenAnonymousAllowedOnController()
{
var attribute = new StrixAuthorizationAttribute();
List<Mock> mocks;
var context = GetAuthorizationContext(out mocks);
var request = mocks.First(m => m.GetType() == typeof(Mock<HttpRequestBase>)) as Mock<HttpRequestBase>;
request.Setup(r => r.Headers).Returns(new NameValueCollection());
var controllerDescriptor = mocks.First(m => m.GetType() == typeof(Mock<ControllerDescriptor>)) as Mock<ControllerDescriptor>;
controllerDescriptor.Setup(a => a.GetCustomAttributes(typeof(AllowAnonymousAttribute), It.IsAny<bool>())).Returns(new object[] { new AllowAnonymousAttribute() });
attribute.OnAuthorization(context);
var cache = mocks.First(m => m.GetType() == typeof(Mock<HttpCachePolicyBase>)) as Mock<HttpCachePolicyBase>;
cache.Verify(c => c.SetProxyMaxAge(It.IsAny<TimeSpan>()), Times.Once());
}
public void UserWithoutRequiredPermissionShouldNotBeAuthorized()
{
var attribute = new StrixAuthorizationAttribute { Permissions = "View users" };
List<Mock> mocks;
var context = GetAuthorizationContext(out mocks);
var identity = mocks.First(m => m.GetType() == typeof(Mock<IIdentity>)) as Mock<IIdentity>;
identity.Setup(i => i.Name).Returns("Administrator");
_userContextMock.Setup(m => m.HasPermission(new string[] { "View users" })).Returns(false);
attribute.OnAuthorization(context);
var result = context.Result as HttpStatusCodeResult;
Assert.IsNotNull(result);
Assert.AreEqual(401, result.StatusCode);
}
public void UnauthorizedAjaxRequestShouldSetStatusCodeTo401AndEndResponse()
{
var attribute = new StrixAuthorizationAttribute();
List<Mock> mocks;
var context = GetAuthorizationContext(out mocks);
attribute.OnAuthorization(context);
var result = context.Result as HttpStatusCodeResult;
Assert.IsNotNull(result);
Assert.AreEqual(401, result.StatusCode);
}
public void UserWithRequiredRoleShouldBeAuthorized()
{
var attribute = new StrixAuthorizationAttribute { Roles = "Administrator" };
List<Mock> mocks;
var context = GetAuthorizationContext(out mocks);
var identity = mocks.First(m => m.GetType() == typeof(Mock<IIdentity>)) as Mock<IIdentity>;
identity.Setup(i => i.Name).Returns("Administrator");
_userContextMock.Setup(m => m.IsInRoles(new string[] { "Administrator" })).Returns(true);
attribute.OnAuthorization(context);
var cache = mocks.First(m => m.GetType() == typeof(Mock<HttpCachePolicyBase>)) as Mock<HttpCachePolicyBase>;
cache.Verify(c => c.SetProxyMaxAge(It.IsAny<TimeSpan>()), Times.Once());
}