public static void Test_Returns_False_For_Session_Who_Stole_Others_Token() { //arrange Mock <ISigningService> signingService = new Mock <ISigningService>(); signingService.Setup(x => x.isSigned(It.IsAny <byte[]>(), It.IsAny <byte[]>())) .Returns(true); ElevationManager elevationManager = new ElevationManager(Mock.Of <ILog>(), signingService.Object); IElevatableSession session = Mock.Of <IElevatableSession>(); AuthenticationMessage message = new AuthenticationMessage(new byte[0]); session.UniqueAuthToken = elevationManager.RequestSingleUseToken(session); //act:Preform a authentication elevationManager.TryAuthenticate(session, message); //assert Assert.True(elevationManager.isElevated(session)); //Should fail because this session isn't authorized with this token IElevatableSession criminalSession = Mock.Of <IElevatableSession>(); criminalSession.UniqueAuthToken = session.UniqueAuthToken; Assert.False(elevationManager.isElevated(criminalSession)); }
public static void Test_Returns_False_After_Failed_Authentication_With_Valid_Toke() { //arrange ElevationManager elevationManager = new ElevationManager(Mock.Of <ILog>(), Mock.Of <ISigningService>()); IElevatableSession session = Mock.Of <IElevatableSession>(); session.UniqueAuthToken = elevationManager.RequestSingleUseToken(session); //act:Preform a failed authentication elevationManager.TryAuthenticate(session, Mock.Of <AuthenticationMessage>()); //assrt Assert.False(elevationManager.isElevated(session)); }
public static void Test_Returns_True_After_Sucessful_Authentication() { //arrange Mock <ISigningService> signingService = new Mock <ISigningService>(); signingService.Setup(x => x.isSigned(It.IsAny <byte[]>(), It.IsAny <byte[]>())) .Returns(true); ElevationManager elevationManager = new ElevationManager(Mock.Of <ILog>(), signingService.Object); IElevatableSession session = Mock.Of <IElevatableSession>(); AuthenticationMessage message = new AuthenticationMessage(new byte[0]); session.UniqueAuthToken = elevationManager.RequestSingleUseToken(session); //act:Preform a authentication elevationManager.TryAuthenticate(session, message); //assrt Assert.True(elevationManager.isElevated(session)); }