public async Task ShouldBasicTransformWhenSpecClaim(
string claim,
string userName, string resource,
string action,
string userNameExpected, string resourceExpected,
string actionExpected)
{
// Arrange
const string testClaimType = ClaimTypes.Role;
var transformer = new BasicRequestTransformer
{
PreferSubClaimType = testClaimType
};
var httpContext = new TestUserBuilder()
.AddClaim(new Claim(claim, userName))
.Build().CreateDefaultHttpContext();
var casbinContext = new CasbinAuthorizationContext(
new CasbinAuthorizeAttribute(resource, action), httpContext);
// Act
object[] requestValues = (await transformer.TransformAsync(casbinContext, casbinContext.AuthorizationData.First())).ToArray();
// Assert
Assert.Equal(userNameExpected, requestValues[0]);
Assert.Equal(resourceExpected, requestValues[1]);
Assert.Equal(actionExpected, requestValues[2]);
}
public async Task ShouldBasicAuthorizeWhenSpecIssuerAsync(
string issuer, string userName, string resource, string action, bool expectResult)
{
// Arrange
const string testIssuer = "LOCAL";
var user = new TestUserBuilder()
.AddClaim(new Claim(ClaimTypes.NameIdentifier, userName,
ClaimValueTypes.String, issuer))
.Build();
var casbinEvaluator = _serviceProvider.GetRequiredService <ICasbinEvaluator>();
var casbinContext = _casbinAuthorizationContextFactory.CreateContext(user,
new CasbinAuthorizeAttribute(resource, action)
{
Issuer = testIssuer
});
var policy = _casbinPolicyCreator.Create(casbinContext.AuthorizationData);
var httpContext = new DefaultHttpContext();
var result = AuthenticateResult.Success(new AuthenticationTicket(user, _defaultScheme));
// Act
var authorizationResult = await casbinEvaluator.AuthorizeAsync(
policy, result, httpContext, casbinContext, httpContext);
// Assert
Assert.Equal(expectResult, authorizationResult.Succeeded);
}
public async Task ShouldRbacTransformWhenSpecIssuer(
string issuer, string claim,
string userName, string resource,
string action,
string userNameExpected, string resourceExpected,
string actionExpected)
{
// Arrange
const string testIssuer = "LOCAL";
var transformer = new RbacRequestTransformer
{
Issuer = testIssuer
};
var httpContext = new TestUserBuilder()
.AddClaim(new Claim(claim, userName,
ClaimValueTypes.String, issuer))
.Build().CreateDefaultHttpContext();
var casbinContext = new CasbinAuthorizationContext(
new CasbinAuthorizeAttribute(resource, action), httpContext);
// Act
object[] requestValues = (await transformer.TransformAsync(casbinContext, casbinContext.AuthorizationData.First())).ToArray();
// Assert
Assert.Equal(userNameExpected, requestValues[0]);
Assert.Equal(resourceExpected, requestValues[1]);
Assert.Equal(actionExpected, requestValues[2]);
}
public async Task ShouldBasicAuthorizeAsync()
{
// alice
var user = new TestUserBuilder()
.AddClaim(new Claim(ClaimTypes.NameIdentifier, "alice"))
.Build();
// Success
var casbinContext = _casbinAuthorizationContextFactory.CreateContext(user,
new CasbinAuthorizationData
{
Resource = "data1", Action = "write"
});
var result = await _authorizationService
.AuthorizeAsync(user, casbinContext, _requirement);
Assert.False(result.Succeeded);
// Failed
casbinContext = _casbinAuthorizationContextFactory.CreateContext(user,
new CasbinAuthorizationData
{
Resource = "data1", Action = "read"
});
result = await _authorizationService
.AuthorizeAsync(user, casbinContext, _requirement);
Assert.True(result.Succeeded);
// bob
user = new TestUserBuilder()
.AddClaim(new Claim(ClaimTypes.NameIdentifier, "bob"))
.Build();
// Success
casbinContext = _casbinAuthorizationContextFactory.CreateContext(user,
new CasbinAuthorizationData
{
Resource = "data2", Action = "write"
});
result = await _authorizationService
.AuthorizeAsync(user, casbinContext, _requirement);
Assert.True(result.Succeeded);
// Failed
casbinContext = _casbinAuthorizationContextFactory.CreateContext(user,
new CasbinAuthorizationData
{
Resource = "data2", Action = "read"
});
result = await _authorizationService
.AuthorizeAsync(user, casbinContext, _requirement);
Assert.False(result.Succeeded);
}
public void ShouldBasicTransformWhenSpecIssuer()
{
const string testIssuer = "LOCAL";
var transformer = new BasicRequestTransformer
{
Issuer = testIssuer
};
// Success
var user = new TestUserBuilder()
.AddClaim(new Claim(ClaimTypes.NameIdentifier, "alice",
ClaimValueTypes.String, testIssuer))
.Build();
var casbinContext = new CasbinAuthorizationContext(user,
new CasbinAuthorizationData
{
Resource = "data1", Action = "write"
});
// Act
string sub = transformer.SubTransform(casbinContext);
object obj = transformer.ObjTransform(casbinContext);
string act = transformer.ActTransform(casbinContext);
// Assert
Assert.Equal("alice", sub);
Assert.Equal("data1", obj);
Assert.Equal("write", act);
// Failed
user = new TestUserBuilder()
.AddClaim(new Claim(ClaimTypes.NameIdentifier, "alice"))
.Build();
casbinContext = new CasbinAuthorizationContext(user,
new CasbinAuthorizationData
{
Resource = "data1", Action = "write"
});
// Act
sub = transformer.SubTransform(casbinContext);
obj = transformer.ObjTransform(casbinContext);
act = transformer.ActTransform(casbinContext);
// Assert
Assert.NotEqual("alice", sub);
Assert.Equal("data1", obj);
Assert.Equal("write", act);
}
public async Task ShouldBasicAuthorizeAsync(
string userName, string resource, string action, bool expectResult)
{
// Arrange
var httpContext = new TestUserBuilder()
.AddClaim(new Claim(ClaimTypes.NameIdentifier, userName))
.Build().CreateDefaultHttpContext();
// Act
var casbinContext = _casbinAuthorizationContextFactory.CreateContext(
new CasbinAuthorizeAttribute(resource, action), httpContext);
var result = await _authorizationService
.AuthorizeAsync(httpContext.User, casbinContext, _requirement);
// Assert
Assert.Equal(expectResult, result.Succeeded);
}
public async Task ShouldBasicAuthorizeAsync(
string userName, string resource, string action, bool expectResult)
{
// Arrange
var httpContext = new TestUserBuilder()
.AddClaim(new Claim(ClaimTypes.NameIdentifier, userName))
.Build().CreateDefaultHttpContext();
var casbinEvaluator = _serviceProvider.GetRequiredService <ICasbinEvaluator>();
var casbinContext = _casbinAuthorizationContextFactory.CreateContext(
new CasbinAuthorizeAttribute(resource, action), httpContext);
var policy = _casbinPolicyCreator.GetAuthorizationPolicy(casbinContext.AuthorizationData);
var result = AuthenticateResult.Success(new AuthenticationTicket(httpContext.User, s_defaultScheme));
// Act
var authorizationResult = await casbinEvaluator.AuthorizeAsync(casbinContext, policy, result);
// Assert
Assert.Equal(expectResult, authorizationResult.Succeeded);
}
public async Task ShouldBasicAuthorizeWhenSpecSubClaimTypeAsync(
string claim, string userName, string resource, string action, bool expectResult)
{
// Arrange
const string testClaimType = ClaimTypes.Role;
var user = new TestUserBuilder()
.AddClaim(new Claim(claim, userName))
.Build();
// Assert
var casbinContext = _casbinAuthorizationContextFactory.CreateContext(user,
new CasbinAuthorizeAttribute(resource, action)
{
PreferSubClaimType = testClaimType
});
var result = await _authorizationService
.AuthorizeAsync(user, casbinContext, _requirement);
// Act
Assert.Equal(expectResult, result.Succeeded);
}
public async Task ShouldBasicAuthorizeWhenSpecIssuerAsync(
string issuer, string userName, string resource, string action, bool expectResult)
{
// Arrange
const string testIssuer = "LOCAL";
var user = new TestUserBuilder()
.AddClaim(new Claim(ClaimTypes.NameIdentifier, userName,
ClaimValueTypes.String, issuer))
.Build();
// Act
var casbinContext = _casbinAuthorizationContextFactory.CreateContext(user,
new CasbinAuthorizeAttribute(resource, action)
{
Issuer = testIssuer
});
var result = await _authorizationService
.AuthorizeAsync(user, casbinContext, _requirement);
// Assert
Assert.Equal(expectResult, result.Succeeded);
}
public async Task ShouldBasicTransform(
string claim,
string userName, string resource,
string action,
string userNameExpected, string resourceExpected,
string actionExpected)
{
// Arrange
var transformer = new BasicRequestTransformer();
var user = new TestUserBuilder()
.AddClaim(new Claim(claim, userName))
.Build();
var casbinContext = new CasbinAuthorizationContext(user,
new CasbinAuthorizeAttribute(resource, action));
// Act
var requestValues = (await transformer.TransformAsync(casbinContext, casbinContext.AuthorizationData.First())).ToArray();
// Assert
Assert.Equal(userNameExpected, requestValues[0]);
Assert.Equal(resourceExpected, requestValues[1]);
Assert.Equal(actionExpected, requestValues[2]);
}
