public async void GetAdminUserStatusHandler_WithNonExternalUser_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
Guid userId = new Guid("AC9116BC-5732-4F80-9AED-A6E2A0C4C1F1");
IGetAdminUserDataAccess dataAccess = A.Fake <IGetAdminUserDataAccess>();
Domain.Admin.CompetentAuthorityUser user = A.Fake <Domain.Admin.CompetentAuthorityUser>();
A.CallTo(() => dataAccess.GetAdminUserOrDefault(userId)).Returns(user);
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
var userMap = A.Fake <IMap <Domain.User.UserStatus, Core.Shared.UserStatus> >();
A.CallTo(() => userMap.Map(user.UserStatus)).Returns(UserStatus.Inactive);
GetAdminUserStatusHandler handler = new GetAdminUserStatusHandler(dataAccess, userMap, authorization);
GetAdminUserStatus request = new GetAdminUserStatus(userId.ToString());
// Act
Func <Task <UserStatus> > action = () => handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async void GetSchemeByIdHandler_WithNonInternalUser_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrage
Guid schemeId = new Guid("AC9116BC-5732-4F80-9AED-A6E2A0C4C1F1");
ISchemeDataAccess dataAccess = A.Fake <ISchemeDataAccess>();
Scheme scheme = A.Fake <Scheme>();
A.CallTo(() => dataAccess.GetSchemeOrDefault(schemeId)).Returns(scheme);
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
var mapper = A.Fake <IMapper>();
SchemeData schemeData = A.Fake <SchemeData>();
A.CallTo(() => mapper.Map <Scheme, SchemeData>(scheme))
.Returns(schemeData);
GetSchemeByIdHandler handler = new GetSchemeByIdHandler(dataAccess, mapper, authorization);
GetSchemeById request = new GetSchemeById(schemeId);
// Act
Func <Task <SchemeData> > action = () => handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task HandleAsync_WithNonInternalAccess_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
var handler = new CheckAatfApprovalDateChangeHandler(AuthorizationBuilder.CreateFromUserType(userType), aatfDataAccess, getAatfApprovalDateChangeStatus);
Func <Task> action = async() => await handler.HandleAsync(A.Dummy <CheckAatfApprovalDateChange>());
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task HandleAsync_WithNonInternalAccess_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
var handler = new CheckAatfCanBeDeletedHandler(AuthorizationBuilder.CreateFromUserType(userType), aatfDeletionStatus, organisationDeletionStatus, aatfDataAccess);
Func <Task> action = async() => await handler.HandleAsync(A.Dummy <CheckAatfCanBeDeleted>());
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task OrganisationByIdHandler_NotInternalUser_ThrowsSecurityException()
{
var authorization = AuthorizationBuilder.CreateFromUserType(AuthorizationBuilder.UserType.External);
var handler = new OrganisationInternalByIdHandler(authorization, context, map);
var message = new GetInternalOrganisation(Guid.NewGuid());
await Assert.ThrowsAsync <SecurityException>(async() => await handler.HandleAsync(message));
}
public async Task HandleAsync_WithNonInternalAccess_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
UserManager <ApplicationUser> userManager = A.Fake <UserManager <ApplicationUser> >();
CheckApprovalNumberIsUniqueHandler handler = new CheckApprovalNumberIsUniqueHandler(authorization, dataAccess);
Func <Task> action = async() => await handler.HandleAsync(A.Dummy <CheckApprovalNumberIsUnique>());
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task HandleAsync_WithNonInternalAccess_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
var authorization = AuthorizationBuilder.CreateFromUserType(userType);
var userManager = A.Fake <UserManager <ApplicationUser> >();
var handler = new AddAatfRequestHandler(authorization, dataAccess, addressMapper, contactMapper, commonDataAccess);
Func <Task> action = async() => await handler.HandleAsync(A.Dummy <AddAatf>());
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task HandleAsync_WithNonInternalAccess_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
UserManager <ApplicationUser> userManager = A.Fake <UserManager <ApplicationUser> >();
CompleteOrganisationAdminHandler handler = new CompleteOrganisationAdminHandler(authorization, this.dataAccess);
Func <Task> action = async() => await handler.HandleAsync(A.Dummy <CompleteOrganisationAdmin>());
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task HandleAsync_WithNonInternalAccess_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
var authorization = AuthorizationBuilder.CreateFromUserType(userType);
var dataAccess = A.Fake <IOrganisationDetailsDataAccess>();
var handler = new UpdateOrganisationDetailsHandler(dataAccess, authorization);
// Act
Func <Task> action = async() => await handler.HandleAsync(A.Dummy <UpdateOrganisationDetails>());
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async void HandleAsync_WithNonInternalUser_ThrowSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
var authorization = AuthorizationBuilder.CreateFromUserType(userType);
var emailService = A.Fake <IWeeeEmailService>();
SendTestEmailHandler handler = new SendTestEmailHandler(authorization, emailService);
// Act
Func <Task <bool> > action = () => handler.HandleAsync(A.Dummy <SendTestEmail>());
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task HandleAsync_WithNonInternalAccess_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
var authorization = AuthorizationBuilder.CreateFromUserType(userType);
var userManager = A.Fake <UserManager <ApplicationUser> >();
var handler = new DeleteAatfHandler(authorization,
aatfDataAccess,
organisationDataAccess,
weeeContext,
getAatfDeletionStatus);
Func <Task> action = async() => await handler.HandleAsync(A.Dummy <DeleteAnAatf>());
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task VerifyOrganisationExistsHandler_InternalUser_PassesSecurityCheck()
{
var internalAuthorization = AuthorizationBuilder.CreateFromUserType(AuthorizationBuilder.UserType.Internal);
var organisations = MakeOrganisation();
var context = A.Fake <WeeeContext>();
A.CallTo(() => context.Organisations).Returns(organisations);
var handler = new VerifyOrganisationExistsHandler(internalAuthorization, context);
var message = new VerifyOrganisationExists(Guid.NewGuid());
await handler.HandleAsync(message);
A.CallTo(() => context.Organisations).MustHaveHappened();
}
public async Task HandleAsync_WithNonInternalAccess_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
UserManager <ApplicationUser> userManager = A.Fake <UserManager <ApplicationUser> >();
var handler = new UpdateUserHandler(authorization, userManager);
var request = new UpdateUser(Guid.NewGuid().ToString(), "TestFirstName", "TestLastName");
// Act
Func <Task> action = async() => await handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task VerifyApprovalNumberExistsHandler_WithNonInternalUser_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
WeeeContext context = A.Fake <WeeeContext>();
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
VerifyApprovalNumberExistsHandler handler = new VerifyApprovalNumberExistsHandler(context, authorization);
VerifyApprovalNumberExists request = new VerifyApprovalNumberExists("approval number");
// Act
Func <Task <bool> > action = () => handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task HandleAsync_WithNonInternalUser_ThrowSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
var authorization = AuthorizationBuilder.CreateFromUserType(userType);
var handler = new GetSubmissionChangesCsvHandler(
authorization,
A.Dummy <IGetSubmissionChangesCsvDataAccess>(),
A.Dummy <ICsvWriter <SubmissionChangesCsvData> >());
// Act
Func <Task <CSVFileData> > action = () => handler.HandleAsync(A.Dummy <GetSubmissionChangesCsv>());
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task SetSchemeStatusHandler_WithNonInternalUser_ThrowsSecurityException(
AuthorizationBuilder.UserType userType)
{
// Arrange
var authorization = AuthorizationBuilder.CreateFromUserType(userType);
var handler = new SetSchemeStatusHandler(context, authorization);
var schemeId = new Guid("3C367528-AE93-427F-A4C5-E23F0D317633");
var request = new SetSchemeStatus(schemeId, SchemeStatus.Approved);
// Act
Func <Task <Guid> > action = () => handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task HandleAsync_WithNonInternalUser_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
IGetProducerDetailsByRegisteredProducerIdDataAccess dataAccess = A.Dummy <IGetProducerDetailsByRegisteredProducerIdDataAccess>();
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
GetProducerDetailsByRegisteredProducerIdHandler handler = new GetProducerDetailsByRegisteredProducerIdHandler(dataAccess, authorization);
Requests.Admin.GetProducerDetailsByRegisteredProducerId request =
new Requests.Admin.GetProducerDetailsByRegisteredProducerId(Guid.NewGuid());
// Act
Func <Task <ProducerDetailsScheme> > action = async() => await handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async void GetSchemesHandler_WithNonInternalUser_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
IGetSchemesDataAccess dataAccess = CreateFakeDataAccess();
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
IMap <Scheme, SchemeData> schemeMap = CreateFakeSchemeMap();
GetSchemesHandler handler = new GetSchemesHandler(dataAccess, schemeMap, authorization);
GetSchemes request = new GetSchemes();
// Act
Func <Task <List <SchemeData> > > action = () => handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async Task HandleAsync_WithNonInternalUser_ThrowsSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
IGetProducerComplianceYearDataAccess dataAccess = A.Dummy <IGetProducerComplianceYearDataAccess>();
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
GetProducerComplianceYearHandler handler = new GetProducerComplianceYearHandler(dataAccess, authorization);
Requests.Admin.GetProducerComplianceYear request = new Requests.Admin.GetProducerComplianceYear()
{
RegistrationNumber = "WEE/AA1111AA"
};
// Act
Func <Task <List <int> > > action = async() => await handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async void GetUserDataHandler_WithNonInternalUser_ThrowSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrange
IGetManageUserDataAccess dataAccess = A.Fake <IGetManageUserDataAccess>();
A.CallTo(() => dataAccess.GetCompetentAuthorityUser(Guid.NewGuid())).Returns(new ManageUserData());
A.CallTo(() => dataAccess.GetOrganisationUser(Guid.NewGuid())).Returns(new ManageUserData());
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
GetUserDataHandler handler = new GetUserDataHandler(userContext, authorization, dataAccess);
GetUserData request = new GetUserData(Guid.NewGuid());
// Act
Func <Task <ManageUserData> > action = () => handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
public async void FindMatchingUsersHandler_WithNonInternalUser_ThrowSecurityException(AuthorizationBuilder.UserType userType)
{
// Arrage
IFindMatchingUsersDataAccess dataAccess = A.Fake <IFindMatchingUsersDataAccess>();
var filter = fixture.Create <UserFilter>();
A.CallTo(() => dataAccess.GetOrganisationUsers(filter)).Returns(new UserSearchData[5]);
A.CallTo(() => dataAccess.GetCompetentAuthorityUsers(filter)).Returns(new UserSearchData[5]);
IWeeeAuthorization authorization = AuthorizationBuilder.CreateFromUserType(userType);
FindMatchingUsersHandler handler = new FindMatchingUsersHandler(authorization, dataAccess);
FindMatchingUsers request = new FindMatchingUsers(1, 1, FindMatchingUsers.OrderBy.FullNameAscending, filter);
// Act
Func <Task <UserSearchDataResult> > action = () => handler.HandleAsync(request);
// Assert
await Assert.ThrowsAsync <SecurityException>(action);
}
