protected override void EstablishContext()
{
suppliedContextData = new RelationshipsAuthorizationContextData
{
StudentUSI = 11111
};
_suppliedEdFiResourceClaimValue = new EdFiResourceClaimValue(
"manage",
new List <int>
{
1, 2, 3
});
suppliedClaims = new List <Claim>
{
JsonClaimHelper.CreateClaim(
"http://ed-fi.org/ods/identity/claims/domains/generalData",
_suppliedEdFiResourceClaimValue)
};
_educationOrganizationCache = Stub <IEducationOrganizationCache>();
_educationOrganizationCache.Stub(
x =>
x.GetEducationOrganizationIdentifiers(Arg <int> .Is.Anything))
.Return(new EducationOrganizationIdentifiers(0, "LocalEducationAgency"));
}
public void Should_have_no_errors_when_supplying_only_the_action()
{
var suppliedEdFiClaimValue = new EdFiResourceClaimValue("action");
var result = JsonClaimHelper.CreateClaim(SuppliedClaimType, suppliedEdFiClaimValue);
result.ShouldNotBeNull();
}
public void Should_have_no_errors_when_suppling_only_the_action()
{
var suppliedEdFiClaimValue = new EdFiResourceClaimValue("action");
var thrown = TestForException <Exception>(() => JsonClaimHelper.CreateClaim(SuppliedClaimType, suppliedEdFiClaimValue));
thrown.ShouldBeNull();
}
public void Should_have_no_errors()
{
var suppliedEdFiClaimValue = new EdFiResourceClaimValue(ExpectedAction);
var claim = JsonClaimHelper.CreateClaim(ExpectedClaimType, suppliedEdFiClaimValue);
var actual = claim.ToEdFiResourceClaimValue();
Assert.IsTrue(actual.EducationOrganizationIds.Count == 0);
}
public void Should_have_no_errors()
{
var suppliedEdFiClaimValue = new EdFiResourceClaimValue(ExpectedAction);
var claim = JsonClaimHelper.CreateClaim(ExpectedClaimType, suppliedEdFiClaimValue);
var thrown = TestForException <Exception>(() => claim.ToEdFiResourceClaimValue());
thrown.ShouldBeNull();
}
private static IEnumerable <Claim> Given_a_claimset_with_a_claim_that_has_no_educationOrganizations()
{
return(new[]
{
JsonClaimHelper.CreateClaim(
"someResource",
new EdFiResourceClaimValue("something", null as List <int>))
});
}
private static IEnumerable <Claim> Given_a_claimset_with_a_claim_for_LocalEducationAgencies(params int[] localEducationAgencyIds)
{
return(new[]
{
JsonClaimHelper.CreateClaim(
"someResource",
new EdFiResourceClaimValue("something", new List <int>(localEducationAgencyIds)))
});
}
public void Should_create_claim_when_supplying_only_the_action()
{
var suppliedEdFiClaimValue = new EdFiResourceClaimValue("action");
var actualClaim = JsonClaimHelper.CreateClaim(SuppliedClaimType, suppliedEdFiClaimValue);
var expectedClaim = new Claim(SuppliedClaimType, "{\"Actions\":[{\"Name\":\"action\"}]}", "application/json");
actualClaim.Type.ShouldBe(expectedClaim.Type);
actualClaim.ValueType.ShouldBe(expectedClaim.ValueType);
actualClaim.Value.ShouldBe(expectedClaim.Value);
}
public void Should_have_no_errors()
{
var suppliedEdFiClaimValue = new EdFiResourceClaimValue(
"action",
new List <int>
{
1, 2
});
var result = JsonClaimHelper.CreateClaim(SuppliedClaimType, suppliedEdFiClaimValue);
result.ShouldNotBeNull();
}
public void Should_create_a_EdFiClaimValue_when_only_action_is_supplied()
{
var suppliedEdFiClaimValue = new EdFiResourceClaimValue(ExpectedAction);
var claim = JsonClaimHelper.CreateClaim(ExpectedClaimType, suppliedEdFiClaimValue);
var actual = claim.ToEdFiResourceClaimValue();
actual.Actions.Select(x => x.Name)
.Single()
.ShouldBe(ExpectedAction);
actual.EducationOrganizationIds.ShouldBeEmpty();
}
public void Should_create_a_EdFiClaimValue()
{
var suppliedEdFiClaimValue = new EdFiResourceClaimValue(ExpectedAction, expectedLocalEducationAgencyIds);
var claim = JsonClaimHelper.CreateClaim(ExpectedClaimType, suppliedEdFiClaimValue);
var actual = claim.ToEdFiResourceClaimValue();
actual.Actions.Select(x => x.Name)
.Single()
.ShouldBe(ExpectedAction);
actual.EducationOrganizationIds.ShouldBe(expectedLocalEducationAgencyIds);
}
public ClaimsIdentity GetClaimsIdentity(
IEnumerable <int> educationOrganizationIds,
string claimSetName,
IEnumerable <string> namespacePrefixes,
IReadOnlyList <string> assignedProfileNames,
IReadOnlyList <short?> ownershipTokenIds)
{
var nonEmptyNamespacePrefixes = namespacePrefixes.Where(np => !string.IsNullOrWhiteSpace(np)).ToList();
var resourceClaims = _securityRepository.GetClaimsForClaimSet(claimSetName);
// Group the resource claims by name to combine actions (and by claim set name if multiple claim sets are supported in the future)
var resourceClaimsByClaimName = resourceClaims.GroupBy(c => c.ResourceClaim.ClaimName);
// Create a list of resource claims to be issued.
var claims = resourceClaimsByClaimName.Select(
g => new
{
ClaimName = g.Key,
ClaimValue = new EdFiResourceClaimValue
{
Actions = g.Select(
x => new ResourceAction(
x.Action.ActionUri,
x.ClaimSetResourceClaimActionAuthorizationStrategyOverrides
?.Select(y => y.AuthorizationStrategy.AuthorizationStrategyName)
.ToArray(),
x.ValidationRuleSetNameOverride))
.ToArray(),
EducationOrganizationIds = educationOrganizationIds.ToList()
}
})
.Select(x => JsonClaimHelper.CreateClaim(x.ClaimName, x.ClaimValue))
.ToList();
// NamespacePrefixes
nonEmptyNamespacePrefixes.ForEach(
namespacePrefix => claims.Add(new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, namespacePrefix)));
// Add Assigned Profile names
assignedProfileNames.ForEach(profileName => claims.Add(new Claim(EdFiOdsApiClaimTypes.Profile, profileName)));
// Add the claim set name
claims.Add(new Claim(EdFiOdsApiClaimTypes.ClaimSetName, claimSetName));
// Add list of OwnershipTokenIds
ownershipTokenIds.ForEach(
ownershipToken =>
claims.Add(new Claim(EdFiOdsApiClaimTypes.OwnershipTokenId, ownershipToken.ToString())));
return(new ClaimsIdentity(claims, EdFiAuthenticationTypes.OAuth));
}
Given_an_authorization_builder_with_claim_assigned_education_organization_ids(
IEducationOrganizationCache cache,
params int[] identifiers)
{
var builder = new AuthorizationBuilder <RelationshipsAuthorizationContextData>(
new[]
{
JsonClaimHelper.CreateClaim("someResource", new EdFiResourceClaimValue("action", new List <int>(identifiers)))
},
cache);
return(builder);
}
public void Should_have_no_errors()
{
var suppliedEdFiClaimValue = new EdFiResourceClaimValue(
"action",
new List <int>
{
1, 2
});
var thrown = TestForException <Exception>(() => JsonClaimHelper.CreateClaim(SuppliedClaimType, suppliedEdFiClaimValue));
thrown.ShouldBeNull();
}
private static IEnumerable <Claim> Given_a_claimset_with_a_claim_for_some_LocalEducationAgency()
{
return(new[]
{
JsonClaimHelper.CreateClaim(
"someResource",
new EdFiResourceClaimValue(
"something",
new List <int> {
999
}))
});
}
protected override void Arrange()
{
#region Commented out code for integration testing against SQL Server
//private IDatabaseConnectionStringProvider connectionStringProvider;
//connectionStringProvider = mocks.Stub<IDatabaseConnectionStringProvider>();
//connectionStringProvider.Stub(x => x.GetConnectionString())
// .Return(@"Server=(local);Database=database;User Id=user;Password=xxxxx");
//var executor = new EdFiOdsAuthorizationRulesExecutor(connectionStringProvider);
//executor.Execute(actualAuthorizationRules);
#endregion
_suppliedContextData = new RelationshipsAuthorizationContextData
{
SchoolId = 880001,
StaffUSI = 738953 //340DFAFA-D39B-4A38-BEA4-AD705CC7EB7C
};
_suppliedEdFiResourceClaimValue = new EdFiResourceClaimValue(
"manage",
new List <int>
{
780,
880,
980
});
_suppliedClaims = new List <Claim>
{
JsonClaimHelper.CreateClaim(
"http://ed-fi.org/ods/identity/claims/domains/generalData",
_suppliedEdFiResourceClaimValue)
};
_educationOrganizationCache = Stub <IEducationOrganizationCache>();
A.CallTo(
() =>
_educationOrganizationCache.GetEducationOrganizationIdentifiers(A <int> ._))
.Returns(new EducationOrganizationIdentifiers(0, "LocalEducationAgency"));
}
public void Should_create_claim_when_supplying_all_parameters()
{
var expected = new Claim(
SuppliedClaimType,
"{\"Actions\":[{\"Name\":\"action\"}],\"EducationOrganizationIds\":[1,2]}",
"application/json");
var suppliedEdFiClaimValue = new EdFiResourceClaimValue(
"action",
new List <int>
{
1, 2
});
var actual = JsonClaimHelper.CreateClaim(SuppliedClaimType, suppliedEdFiClaimValue);
actual.Type.ShouldBe(expected.Type);
actual.ValueType.ShouldBe(expected.ValueType);
actual.Value.ShouldBe(expected.Value);
}
private static IReadOnlyList <ClaimsAuthorizationSegment> GetRelationshipAuthorizationSegments(
List <int> claimEducationOrganizationIds,
Action <AuthorizationBuilder <RelationshipsAuthorizationContextData> > buildAuthorizations)
{
_suppliedAuthorizationContext = new RelationshipsAuthorizationContextData
{
SchoolId = 880001,
StaffUSI = 738953
};
_suppliedClaim = new EdFiResourceClaimValue(
"manage",
claimEducationOrganizationIds);
var suppliedClaims = new List <Claim>
{
JsonClaimHelper.CreateClaim(
"http://ed-fi.org/ods/identity/claims/domains/generalData",
_suppliedClaim)
};
var educationOrganizationCache = A.Fake <IEducationOrganizationCache>();
A.CallTo(() => educationOrganizationCache.GetEducationOrganizationIdentifiers(
A <int> .That.Matches(x => x == SuppliedLea1 || x == SuppliedLea2 || x == SuppliedLea3)))
.Returns(new EducationOrganizationIdentifiers(0, "LocalEducationAgency"));
A.CallTo(() => educationOrganizationCache.GetEducationOrganizationIdentifiers(SuppliedPostSecondaryInstitutionId))
.Returns(new EducationOrganizationIdentifiers(0, "PostSecondaryInstitution"));
var builder = new AuthorizationBuilder <RelationshipsAuthorizationContextData>(
suppliedClaims,
educationOrganizationCache,
_suppliedAuthorizationContext);
buildAuthorizations(builder);
return(builder.GetSegments());
}
private static Claim Given_a_claim_for_an_arbitrary_resource_for_EducationOrganization_identifiers(params int[] educationOrganizationIds)
{
return(JsonClaimHelper.CreateClaim("xyz", new EdFiResourceClaimValue("read", new List <int>(educationOrganizationIds))));
}
