public void HandleAsync_GrantAccess()
{
_context.Admins.Add(new Admin()
{
Token = "toto", Email = "*****@*****.**", ExpirationTokenDate = DateTime.Now.AddHours(1)
});
_context.SaveChanges();
var target = new TokenAuthorizationHandler(_context);
var httpContext = new DefaultHttpContext()
{
Request = { Headers = { { "Authorization", "Bearer toto" } } }
};
var routeData = new RouteData();
var actionContext = new ActionContext(httpContext, routeData, new ActionDescriptor());
var filterMetaData = A.Fake <IFilterMetadata>();
var authorizationFilterContext = new AuthorizationFilterContext(actionContext, new[] { filterMetaData });
var authorizationRequirement = A.Fake <IAuthorizationRequirement>();
var user = new ClaimsPrincipal();
var context = new AuthorizationHandlerContext(new[] { authorizationRequirement }, user, authorizationFilterContext);
var result = target.HandleAsync(context);
Check.That(context.HasSucceeded).IsTrue();
Check.That(context.User).IsNotNull();
Check.That(context.User.Claims.Extracting("Value")).Contains("*****@*****.**");
}
public void HandleAsync_DenyAccess()
{
var target = new TokenAuthorizationHandler(_context);
var httpContext = new DefaultHttpContext()
{
Request = { Headers = { { "Authorization", "Bearer toto" } } }
};
var routeData = new RouteData();
var actionContext = new ActionContext(httpContext, routeData, new ActionDescriptor());
var filterMetaData = A.Fake <IFilterMetadata>();
var authorizationFilterContext = new AuthorizationFilterContext(actionContext, new[] { filterMetaData });
var authorizationRequirement = A.Fake <IAuthorizationRequirement>();
var user = new ClaimsPrincipal();
var context = new AuthorizationHandlerContext(new[] { authorizationRequirement }, user, authorizationFilterContext);
target.HandleAsync(context);
Check.That(context.HasSucceeded).IsFalse();
}
public TokenAuthorizationHandlerTest()
{
_target = new TokenAuthorizationHandler(_context);
}
