public static void LogOut(string key)
{
if (authorizedList.ContainsKey(key))
{
authorizedList.Remove(key);
}
AuthorizationMiddleware.SetPrincipal(null);
}
public AuthorizationMiddlewareTests()
{
_httpContext = new DefaultHttpContext();
_authService = new Mock <IClaimsAuthorizer>();
_authScopesService = new Mock <IScopesAuthorizer>();
_loggerFactory = new Mock <IOcelotLoggerFactory>();
_logger = new Mock <IOcelotLogger>();
_loggerFactory.Setup(x => x.CreateLogger <AuthorizationMiddleware>()).Returns(_logger.Object);
_next = context => Task.CompletedTask;
_middleware = new AuthorizationMiddleware(_next, _authService.Object, _authScopesService.Object, _loggerFactory.Object);
}
public static void LogIn(Principal principal)
{
string key = principal.GetKey();
if (!authorizedList.ContainsKey(key))
{
authorizedList.Add(key, principal);
}
else
{
authorizedList[key] = principal;
}
AuthorizationMiddleware.SetPrincipal(principal);
}
public void Setup()
{
var policyProvider = new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions()));
_authorizationMiddleware = new AuthorizationMiddleware((context) => Task.CompletedTask, policyProvider);
_httpContextNoEndpoint = new DefaultHttpContext();
var feature = new EndpointFeature
{
Endpoint = new Endpoint((context) => Task.CompletedTask, EndpointMetadataCollection.Empty, "Test endpoint")
};
_httpContextHasEndpoint = new DefaultHttpContext();
_httpContextHasEndpoint.Features.Set <IEndpointFeature>(feature);
}
public static IApplicationBuilder UseAuthorization(this IApplicationBuilder app)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
return(app.Use(next => async(context) =>
{
var services = context.RequestServices;
var policyProvider = services.GetRequiredService <IAuthorizationPolicyProvider>();
var policyEvaluator = services.GetRequiredService <IPolicyEvaluator>();
var middleware = new AuthorizationMiddleware(next, policyProvider);
await middleware.Invoke(context);
}));
}
public void AuthorizationMiddleware_Inject_AllowsAllowedPaths(ClaimsPrincipal claimsPrincipal, string method, string pathValue, string[] allowedPaths, HttpStatusCode statusCode)
{
var ctx = new OwinContext
{
Request =
{
Scheme = LibOwin.Infrastructure.Constants.Https,
Path = new PathString(pathValue),
Method = method,
User = claimsPrincipal
}
};
var pipeline = AuthorizationMiddleware.Inject(_noOp, new[] { "api1.read", "api1.write" }, allowedPaths);
pipeline(ctx.Environment);
Assert.Equal((int)statusCode, ctx.Response.StatusCode);
}
public void AuthorizationMiddleware_Inject_ReturnsForbiddenResponse(ClaimsPrincipal claimsPrincipal, string method, HttpStatusCode statusCode)
{
var ctx = new OwinContext
{
Request =
{
Scheme = LibOwin.Infrastructure.Constants.Https,
Path = new PathString("/authtest"),
Method = method,
User = claimsPrincipal
}
};
var pipeline = AuthorizationMiddleware.Inject(_noOp, new[] { "api1.read", "api1.write" });
pipeline(ctx.Environment);
Assert.Equal((int)statusCode, ctx.Response.StatusCode);
}
public async void Invoke_ShouldInvokeNext_WhenUserIsValid()
{
var httpContext = new Mock <HttpContext>();
var user = GetAnUser(new List <Claim>
{
new Claim("UserStatus", "Alive")
});
RequestDelegate next = (a) =>
{
return(Task.Run(() => { }));
};
httpContext.Setup(a => a.User).Returns(user);
var classUnderTest = new AuthorizationMiddleware(next);
await classUnderTest.Invoke(httpContext.Object);
httpContext.Verify(a => a.Response, Times.Never);
}
public async void Invoke_ShouldAssambleUnauthorized_WhenUserIsBlocked()
{
var httpContext = new Mock <HttpContext>();
var httpResponse = new Mock <HttpResponse>();
var user = GetAnUser(new List <Claim>
{
new Claim("UserStatus", "Blocked")
});
httpResponse.Setup(a => a.Body).Returns(new MemoryStream());
httpContext.Setup(a => a.Response).Returns(httpResponse.Object);
httpContext.Setup(a => a.User).Returns(user);
var classUnderTest = new AuthorizationMiddleware(null);
await classUnderTest.Invoke(httpContext.Object);
httpResponse.VerifySet(a =>
a.StatusCode = It.Is <int>(s => s == 401),
Times.Once);
httpResponse.VerifySet(a =>
a.ContentType = It.Is <string>(s => s.ToLower() == "application/json"),
Times.Once);
}
public AuthorizationMiddlewareTests()
{
_middleware = new AuthorizationMiddleware(Next);
_authHeader = new KeyValuePair <string, string>("Authorization", "Bearer pkR9vfZ9QdER53mf");
}
