Esempio n. 1
0
        private async Task AssertSecureControllerAccess(ClaimsPrincipal user, string method, int expectedStatusCode, IAuthorizationPolicyStore policyStore = null)
        {
            var ctrl = new Fakes.FakeLimitedControllerDiscoverer(typeof(Controllers.SecureController)).GetControllers(null).Single();

            if (policyStore != null)
            {
                var options = LiteApiOptions.Default;
                foreach (var policy in policyStore.GetPolicyNames())
                {
                    options.AuthorizationPolicyStore.SetPolicy(policy, policyStore.GetPolicy(policy));
                }
                ctrl.Filters = null; // force refresh init with new policy store
                foreach (var action in ctrl.Actions)
                {
                    action.Filters = null;
                }
                ctrl.Init(new LiteApiOptionsAccessor(options));
            }

            var actionCtx = ctrl.Actions.Single(x => string.Compare(method, x.Name, StringComparison.OrdinalIgnoreCase) == 0);
            var invoker   = new ActionInvoker(new ControllerBuilder((new Moq.Mock <IServiceProvider>()).Object), new ModelBinderCollection(
                                                  new JsonSerializer(), Fakes.FakeServiceProvider.GetServiceProvider(), new Fakes.FakeDefaultLiteApiOptionsRetriever()), new JsonSerializer());
            var httpCtx = new Fakes.FakeHttpContext();

            httpCtx.User         = user;
            httpCtx.Request.Path = "/api/secure/" + method;
            await invoker.Invoke(httpCtx, actionCtx);

            Assert.Equal(expectedStatusCode, httpCtx.Response.StatusCode);
        }
Esempio n. 2
0
        private async Task AssertSecureControllerAccess(ClaimsPrincipal user, string method, int expectedStatusCode, IAuthorizationPolicyStore policyStore = null)
        {
            var ctrl = new Fakes.FakeLimitedControllerDiscoverer(typeof(Controllers.SecureController)).GetControllers(null).Single();

            if (policyStore != null)
            {
                object[] methodCallProps = { policyStore };
                typeof(ControllerContext)
                .GetTypeInfo()
                .GetProperty("AuthPolicyStore", BindingFlags.Instance | BindingFlags.NonPublic)
                .SetMethod.Invoke(ctrl, methodCallProps);
            }
            var actionCtx = ctrl.Actions.Single(x => string.Compare(method, x.Name, StringComparison.OrdinalIgnoreCase) == 0);
            var invoker   = new ActionInvoker(new ControllerBuilder((new Moq.Mock <IServiceProvider>()).Object), new ModelBinderCollection(new JsonSerializer(), new Moq.Mock <IServiceProvider>().Object), new JsonSerializer());
            var httpCtx   = new Fakes.FakeHttpContext();

            httpCtx.User         = user;
            httpCtx.Request.Path = "/api/secure/" + method;
            await invoker.Invoke(httpCtx, actionCtx);

            Assert.Equal(expectedStatusCode, httpCtx.Response.StatusCode);
        }
Esempio n. 3
0
        private async Task AssertRequireHttps(bool useHttps, Type ctrlType, string actionName, ApiFilterRunResult expectedResult)
        {
            actionName = actionName.ToLower();
            var ctrl   = new Fakes.FakeLimitedControllerDiscoverer(ctrlType).GetControllers(null).Single();
            var action = ctrl.Actions.Single(x => x.Name == actionName);

            var ctx = new Fakes.FakeHttpContext();

            if (useHttps)
            {
                ctx.Request.IsHttps = true;
            }

            var result = await ActionInvoker.RunFiltersAndCheckIfShouldContinue(ctx, action);

            Assert.Equal(expectedResult.ShouldContinue, result.ShouldContinue);
            if (!expectedResult.ShouldContinue)
            {
                Assert.Equal(expectedResult.SetResponseCode, result.SetResponseCode);
                Assert.Equal(expectedResult.SetResponseMessage, result.SetResponseMessage);
            }
        }