public void AuthorizationMiddleware_Inject_AllowsAllowedPaths(ClaimsPrincipal claimsPrincipal, string method, string pathValue, string[] allowedPaths, HttpStatusCode statusCode)
{
var ctx = new OwinContext
{
Request =
{
Scheme = LibOwin.Infrastructure.Constants.Https,
Path = new PathString(pathValue),
Method = method,
User = claimsPrincipal
}
};
var pipeline = AuthorizationMiddleware.Inject(_noOp, new[] { "api1.read", "api1.write" }, allowedPaths);
pipeline(ctx.Environment);
Assert.Equal((int)statusCode, ctx.Response.StatusCode);
}
public void AuthorizationMiddleware_Inject_ReturnsForbiddenResponse(ClaimsPrincipal claimsPrincipal, string method, HttpStatusCode statusCode)
{
var ctx = new OwinContext
{
Request =
{
Scheme = LibOwin.Infrastructure.Constants.Https,
Path = new PathString("/authtest"),
Method = method,
User = claimsPrincipal
}
};
var pipeline = AuthorizationMiddleware.Inject(_noOp, new[] { "api1.read", "api1.write" });
pipeline(ctx.Environment);
Assert.Equal((int)statusCode, ctx.Response.StatusCode);
}