public async Task WithoutAuthHeader_ReturnsNonAuthorized()
        {
            // Arrange
            HttpContext context = new DefaultHttpContext();

            context.Response.Body = new MemoryStream();

            // Act
            await _middleware.Invoke(context);

            // Assert
            context.Response.Body.Seek(0, SeekOrigin.Begin);
            using (var reader = new StreamReader(context.Response.Body))
            {
                var response = await reader.ReadToEndAsync();

                Assert.Equal((int)HttpStatusCode.Unauthorized, context.Response.StatusCode);
                Assert.Equal("application/json", context.Response.ContentType);
                Assert.Equal("{\"message\":\"unauthorized\"}", response);
            }
        }
Esempio n. 2
0
        public static IApplicationBuilder UseAuthorization(this IApplicationBuilder app)
        {
            if (app == null)
            {
                throw new ArgumentNullException(nameof(app));
            }

            return(app.Use(next => async(context) =>
            {
                var services = context.RequestServices;
                var policyProvider = services.GetRequiredService <IAuthorizationPolicyProvider>();
                var policyEvaluator = services.GetRequiredService <IPolicyEvaluator>();

                var middleware = new AuthorizationMiddleware(next, policyProvider);
                await middleware.Invoke(context);
            }));
        }
        public async void Invoke_ShouldInvokeNext_WhenUserIsValid()
        {
            var httpContext = new Mock <HttpContext>();
            var user        = GetAnUser(new List <Claim>
            {
                new Claim("UserStatus", "Alive")
            });

            RequestDelegate next = (a) =>
            {
                return(Task.Run(() => { }));
            };

            httpContext.Setup(a => a.User).Returns(user);

            var classUnderTest = new AuthorizationMiddleware(next);
            await classUnderTest.Invoke(httpContext.Object);

            httpContext.Verify(a => a.Response, Times.Never);
        }
        public async void Invoke_ShouldAssambleUnauthorized_WhenUserIsBlocked()
        {
            var httpContext  = new Mock <HttpContext>();
            var httpResponse = new Mock <HttpResponse>();
            var user         = GetAnUser(new List <Claim>
            {
                new Claim("UserStatus", "Blocked")
            });

            httpResponse.Setup(a => a.Body).Returns(new MemoryStream());
            httpContext.Setup(a => a.Response).Returns(httpResponse.Object);
            httpContext.Setup(a => a.User).Returns(user);

            var classUnderTest = new AuthorizationMiddleware(null);
            await classUnderTest.Invoke(httpContext.Object);

            httpResponse.VerifySet(a =>
                                   a.StatusCode = It.Is <int>(s => s == 401),
                                   Times.Once);

            httpResponse.VerifySet(a =>
                                   a.ContentType = It.Is <string>(s => s.ToLower() == "application/json"),
                                   Times.Once);
        }
Esempio n. 5
0
 private void WhenICallTheMiddleware()
 {
     _middleware.Invoke(_httpContext).GetAwaiter().GetResult();
 }