public void ReturnsDetailedConfirmationIfPendingOwnerPropagatesPolicy()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <IAppConfiguration>().Setup(c => c.GalleryOwner).Returns(new MailAddress("*****@*****.**"));
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
fakes.ShaUser.SecurityPolicies = (new RequireSecurePushForCoOwnersPolicy().Policies).ToList();
var pendingOwner = new PackageOwnerRequest()
{
PackageRegistrationKey = fakes.Package.Key,
NewOwner = fakes.ShaUser
};
GetMock <IEntityRepository <PackageOwnerRequest> >()
.Setup(r => r.GetAll())
.Returns((new [] { pendingOwner }).AsQueryable());
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.True(data.success);
Assert.StartsWith(
"Pending owner(s) 'testShaUser' has (have) the following requirements that will be enforced for all co-owners, including 'testUser', once ownership requests are accepted:",
data.policyMessage);
}
public void DoesNotReturnConfirmationIfPendingOwnerPropagatesButNewOwnerIsSubscribed()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <IAppConfiguration>().Setup(c => c.GalleryOwner).Returns(new MailAddress("*****@*****.**"));
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
GetMock <ISecurityPolicyService>().Setup(s => s.IsSubscribed(fakes.User, SecurePushSubscription.Name)).Returns(true);
fakes.ShaUser.SecurityPolicies = (new RequireSecurePushForCoOwnersPolicy().Policies).ToList();
var pendingOwner = new PackageOwnerRequest()
{
PackageRegistrationKey = fakes.Package.Key,
NewOwner = fakes.ShaUser
};
GetMock <IEntityRepository <PackageOwnerRequest> >()
.Setup(r => r.GetAll())
.Returns((new[] { pendingOwner }).AsQueryable());
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.True(data.success);
Assert.StartsWith("Please confirm if you would like to proceed adding 'testUser' as a co-owner of this package.",
data.confirmation);
}
public void ReturnsDetailedConfirmationIfPendingOwnerPropagatesPolicy()
{
// Arrange
var fakes = Get <Fakes>();
var controller = GetController <JsonApiController>();
GetMock <HttpContextBase>()
.Setup(c => c.User)
.Returns(Fakes.ToPrincipal(fakes.Owner));
fakes.ShaUser.SecurityPolicies = (new RequireSecurePushForCoOwnersPolicy().Policies).ToList();
var pendingOwner = new PackageOwnerRequest()
{
PackageRegistration = fakes.Package,
PackageRegistrationKey = fakes.Package.Key,
NewOwner = fakes.ShaUser,
NewOwnerKey = fakes.ShaUser.Key
};
GetMock <IPackageOwnerRequestService>()
.Setup(p => p.GetPackageOwnershipRequests(fakes.Package, null, null))
.Returns((new [] { pendingOwner }));
// Act
var result = controller.GetAddPackageOwnerConfirmation(fakes.Package.Id, fakes.User.Username);
dynamic data = ((JsonResult)result).Data;
// Assert
Assert.True(data.success);
Assert.StartsWith(
"Pending owner(s) 'testShaUser' has (have) the following requirements that will be enforced for all co-owners, including 'testUser', once ownership requests are accepted:",
data.policyMessage);
}
public void CreatesPackageOwnerRequestSendsEmailAndReturnsPendingState()
{
var newOwner = new User { Username = "******" };
var currentOwner = new User { Username = "******" };
var package = new PackageRegistration { Id = "foo", Owners = new[] { currentOwner } };
var packageOwnerRequest = new PackageOwnerRequest { ConfirmationCode = "some-generated-code" };
var currentUser = new Mock<IPrincipal>();
currentUser.Setup(u => u.Identity.Name).Returns("scott");
var userService = new Mock<IUserService>();
userService.Setup(u => u.FindByUsername(currentOwner.Username)).Returns(currentOwner);
userService.Setup(u => u.FindByUsername(newOwner.Username)).Returns(newOwner);
var packageService = new Mock<IPackageService>();
packageService.Setup(svc => svc.FindPackageRegistrationById("foo")).Returns(package);
packageService.Setup(svc => svc.CreatePackageOwnerRequest(package, currentOwner, It.IsAny<User>())).Returns(packageOwnerRequest);
var messageService = new Mock<IMessageService>();
messageService.Setup(
m => m.SendPackageOwnerRequest(
currentOwner,
newOwner,
package,
"https://example.org/?Controller=Packages&Action=ConfirmOwner&id=foo&username=steve&token=some-generated-code")).Verifiable();
var controller = CreateJsonApiController(packageService, userService, currentUser: currentUser, messageService: messageService);
var result = controller.AddPackageOwner("foo", newOwner.Username);
// We use a catch-all route for unit tests so we can see the parameters
// are passed correctly.
Assert.True(TestUtility.GetAnonymousPropertyValue<bool>(result, "success"));
Assert.Equal(newOwner.Username, TestUtility.GetAnonymousPropertyValue<string>(result, "name"));
Assert.True(TestUtility.GetAnonymousPropertyValue<bool>(result, "pending"));
messageService.VerifyAll();
}
public OwnerRequestsListItemViewModel(PackageOwnerRequest request, IPackageService packageService, User currentUser)
{
Request = request;
var package = packageService.FindPackageByIdAndVersion(request.PackageRegistration.Id, version: null, semVerLevelKey: SemVerLevelKey.SemVer2, allowPrerelease: true);
Package = new ListPackageItemViewModel(package, currentUser);
CanAccept = ActionsRequiringPermissions.HandlePackageOwnershipRequest.CheckPermissions(currentUser, Request.NewOwner) == PermissionsCheckResult.Allowed;
CanCancel = Package.CanManageOwners;
}
public void CreatesPackageOwnerRequestSendsEmailAndReturnsPendingState()
{
var newOwner = new User {
Username = "******"
};
var currentOwner = new User {
Username = "******"
};
var package = new PackageRegistration {
Id = "foo", Owners = new[] { currentOwner }
};
var packageOwnerRequest = new PackageOwnerRequest {
ConfirmationCode = "some-generated-code"
};
var currentUser = new Mock <IPrincipal>();
currentUser.Setup(u => u.Identity.Name).Returns("scott");
var userService = new Mock <IUserService>();
userService.Setup(u => u.FindByUsername(currentOwner.Username)).Returns(currentOwner);
userService.Setup(u => u.FindByUsername(newOwner.Username)).Returns(newOwner);
var packageService = new Mock <IPackageService>();
packageService.Setup(svc => svc.FindPackageRegistrationById("foo")).Returns(package);
packageService.Setup(svc => svc.CreatePackageOwnerRequest(package, currentOwner, It.IsAny <User>())).Returns(packageOwnerRequest);
var messageService = new Mock <IMessageService>();
messageService.Setup(
m => m.SendPackageOwnerRequest(
currentOwner,
newOwner,
package,
"https://example.org/?Controller=Packages&Action=ConfirmOwner&id=foo&username=steve&token=some-generated-code")).Verifiable();
var controller = CreateJsonApiController(packageService, userService, currentUser: currentUser, messageService: messageService);
var result = controller.AddPackageOwner("foo", newOwner.Username);
// We use a catch-all route for unit tests so we can see the parameters
// are passed correctly.
Assert.True(TestUtility.GetAnonymousPropertyValue <bool>(result, "success"));
Assert.Equal(newOwner.Username, TestUtility.GetAnonymousPropertyValue <string>(result, "name"));
Assert.True(TestUtility.GetAnonymousPropertyValue <bool>(result, "pending"));
messageService.VerifyAll();
}
public async Task SendsPackageOwnerRequestEmailWherePendingOwnerPropagatesPolicy()
{
// Arrange & Act
var fakes = Get <Fakes>();
var pendingOwner = new PackageOwnerRequest()
{
PackageRegistrationKey = fakes.Package.Key,
NewOwner = fakes.ShaUser
};
GetMock <IEntityRepository <PackageOwnerRequest> >()
.Setup(r => r.GetAll())
.Returns((new[] { pendingOwner }).AsQueryable());
var policyMessage = await GetSendPackageOwnerRequestPolicyMessage(fakes, fakes.ShaUser);
// Assert
Assert.StartsWith(
"Note: Pending owner(s) 'testShaUser' has (have) the following policies that will be enforced on your account once ownership requests are accepted.",
policyMessage);
}
public OwnerRequestsListItemViewModel(PackageOwnerRequest request, IPackageService packageService)
{
Request = request;
Package = packageService.FindPackageByIdAndVersion(request.PackageRegistration.Id, version: null, semVerLevelKey: SemVerLevelKey.SemVer2, allowPrerelease: true);
}