public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
// Piggy back off of SecurityRequirementsOperationFilter from Swashbuckle.AspNetCore.Filters which has oauth2 as the default security scheme.
var filter = new SecurityRequirementsOperationFilter(securitySchemaName: "ApiKey");
filter.Apply(operation, context);
}
public void Apply_SetsAuthorize_WithMultipleSecuritySchemas()
{
// Arrange
var operation = new OpenApiOperation {
OperationId = "foobar", Responses = new OpenApiResponses()
};
var filterContext = FilterContextFor(typeof(FakeActions), nameof(FakeActions.Authorize));
const string securitySchemaName = "customSchema";
var sut = new SecurityRequirementsOperationFilter();
var sut2 = new SecurityRequirementsOperationFilter(true, securitySchemaName);
// Act
sut.Apply(operation, filterContext);
sut2.Apply(operation, filterContext);
// Assert
operation.Security.Count.ShouldBe(2);
var securityScheme = operation.Security[0].SingleOrDefault(ss => ss.Key.Reference.Id == "oauth2");
securityScheme.Value.ShouldNotBeNull();
securityScheme.Value.Count().ShouldBe(0);
var securityScheme2 = operation.Security[1].SingleOrDefault(ss => ss.Key.Reference.Id == securitySchemaName);
securityScheme2.Value.ShouldNotBeNull();
securityScheme2.Value.Count().ShouldBe(0);
}
public void ApplyMethodAllowAnonymousAttribute()
{
// Arrange
var context = GetContext(typeof(Controller), nameof(Controller.MethodWithAllowAnonymous));
var filter = new SecurityRequirementsOperationFilter();
// Act
filter.Apply(_operation, context);
// Assert
Assert.Empty(_operation.Responses);
Assert.Null(_operation.Security);
}
public void Apply_DoesNotAdds401And403_WhenConfiguredNotTo()
{
// Arrange
var sut = new SecurityRequirementsOperationFilter(false);
var operation = new Operation {
OperationId = "foobar", Responses = new Dictionary <string, Response>()
};
var filterContext = FilterContextFor(typeof(FakeActions), nameof(FakeActions.Authorize));
// Act
sut.Apply(operation, filterContext);
// Assert
operation.Responses.ShouldNotContainKey("401");
operation.Responses.ShouldNotContainKey("403");
}
public void Apply_Controller_Policies()
{
// Arrange
var context = GetContext(typeof(ControllerWithPolicies), nameof(ControllerWithRoles.Method));
var filter = new SecurityRequirementsOperationFilter();
// Act
filter.Apply(_operation, context);
// Assert
AssertAuthorizeResponses();
var security = Assert.IsAssignableFrom <List <IDictionary <string, IEnumerable <string> > > >(_operation.Security);
var attributes = Assert.Single(security);
var policy = Assert.Single(attributes["Bearer"]);
Assert.Equal("UserPolicy", policy);
}
public void ApplyMethodRoles()
{
// Arrange
var context = GetContext(typeof(Controller), nameof(Controller.MethodWithRoles));
var filter = new SecurityRequirementsOperationFilter();
// Act
filter.Apply(_operation, context);
// Assert
AssertAuthorizeResponses();
var security = Assert.IsAssignableFrom <List <IDictionary <string, IEnumerable <string> > > >(_operation.Security);
var attributes = Assert.Single(security);
Assert.NotNull(attributes);
var role = Assert.Single(attributes["Bearer"]);
Assert.Equal("AdminRole", role);
}
public void Apply_SetsAuthorize_WithNoPolicy_WhenCustomSecuritySchemaIsSet()
{
// Arrange
const string securitySchemaName = "customSchema";
var sut = new SecurityRequirementsOperationFilter(true, securitySchemaName);
var operation = new Operation {
OperationId = "foobar", Responses = new Dictionary <string, Response>()
};
var filterContext = FilterContextFor(typeof(FakeActions), nameof(FakeActions.Authorize));
// Act
sut.Apply(operation, filterContext);
// Assert
operation.Security.Count.ShouldBe(1);
var security = operation.Security[0];
security.ShouldContainKey(securitySchemaName);
security[securitySchemaName].Count().ShouldBe(0);
}
public void Apply(Operation operation, OperationFilterContext context)
{
_filter.Apply(operation, context);
}
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
var filter = new SecurityRequirementsOperationFilter(securitySchemaName: ApiKeyAuthenticationOptions.DefaultScheme);
filter.Apply(operation, context);
}