public async Task GetProfileDataAsync_NoProfileNameSpecified_ClaimsMapForUserGenerated()
{
// Assert
var identityWithAdditionalClaimsProfileService = new IdentityWithAdditionalClaimsProfileService(fakeUserManager, mockUserClaimsPrincipalFactory, mockLogger, mockProfileRepository,
mockApplicationDataPolicyRepository, mockPermissionRepository, mockTeamRepository);
fakeUserManager.SetUserModel(userModel);
mockUserClaimsPrincipalFactory.CreateAsync(userModel).Returns(profileDataRequestContext.Subject);
mockPermissionRepository.GetListAsync(Arg.Any <Guid>()).Returns(new List <PermissionModel>()
{
new PermissionModel()
{
Name = "Permission 1"
},
new PermissionModel()
{
Name = "Permission 2"
}
});
mockApplicationDataPolicyRepository.GetListAsync(Arg.Any <Guid>()).Returns(new List <ApplicationDataPolicyModel>()
{
new ApplicationDataPolicyModel()
{
Name = "DP 1"
}
});
mockTeamRepository.GetListAsync(Arg.Any <Guid>()).Returns(new List <TeamModel>()
{
new TeamModel()
{
Name = "Name 1"
},
new TeamModel()
{
Name = "Name 2"
}
});
// Act
await identityWithAdditionalClaimsProfileService.GetProfileDataAsync(profileDataRequestContext);
// Assert
Assert.True(profileDataRequestContext.IssuedClaims.Count > 0, "Issued claims must be greater than 0.");
Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "permission" && x.Value == "Permission 1"), "Permission 1 claim must be present and correct.");
Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "permission" && x.Value == "Permission 2"), "Permission 2 claim must be present and correct.");
Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == IdentityServerConstants.StandardScopes.Email && x.Value == userModel.Email), "Email claim must be present and correct.");
Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "username" && x.Value == userModel.UserName), "Username claim must be present and correct.");
Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "given_name" && x.Value == userModel.FirstName), "Given Name claim must be present and correct.");
Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "family_name" && x.Value == userModel.Surname), "Family Name claim must be present and correct.");
}
/// <summary>
/// Generates a data policiy claim map from teams (and the data policies linked to them) directly associated to the user, as oppossed to any of the user's profiles.
/// </summary>
/// <param name="claims"></param>
/// <param name="context"></param>
/// <param name="user"></param>
/// <returns></returns>
private async Task GenerateDataPolicyClaimMapFromSubject(List <Claim> claims, ProfileDataRequestContext context, UserModel user)
{
// Get the effective data policies for the acccesing user.
// The first portion of the query (up to the first UNION) obtains all data policies associated with teams that users are a member of.
// The second portion of the query (up to the second UNION) fetches data policies of teams that the user is not directly a member of, but where that team is the parent
// team of one or more child teams that the user is a member of. The user inherits the data policies of the parent team that contains one or more child teams that
// the user is a member of.
// The third portion of the query fetches the data policies of child teams of a given parent team, where the user is a member of the parent team, but
// not a direct member of any of the child teams.
var dataPolicies = await applicationDataPolicyRepository.GetListAsync(Guid.Parse(context.Subject.GetSubjectId()));
if (dataPolicies != null)
{
foreach (var dataPolicy in dataPolicies)
{
Logger.LogDebug($"DataPolicy from A3S for User: {user.UserName}. DataPolicy: '{dataPolicy.Name}'");
// Ensure only a distinct set of permissions gets mapped into tokens.
if (!claims.Exists(uc => uc.Type == "dataPolicy" && uc.Value == dataPolicy.Name))
{
claims.Add(new Claim("dataPolicy", dataPolicy.Name));
}
}
}
}
