public async Task ThenFailsIfEmployerAccountIdNotFoundEvenAfterAccountIdRefresh(
[Frozen] Mock <IEmployerAccountService> employerAccountService,
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerAccounts = new Dictionary <string, EmployerIdentifier>();
var employerAccountClaim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var userId = Guid.NewGuid().ToString();
var userClaim = new Claim(EmployerClaims.IdamsUserIdClaimTypeIdentifier, userId);
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { employerAccountClaim, userClaim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
employerAccountService.Setup(s => s.GetClaim(It.IsAny <string>(), It.IsAny <string>()))
.ReturnsAsync(employerAccountClaim);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsFalse(context.HasSucceeded);
}
public async Task ThenFailsIfEmployerIdIsNotInUrl(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "Owner"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsFalse(context.HasSucceeded);
}
public void ThenReturnsFalseIfEmployerIdIsNotInUrl(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "Owner"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsFalse(result);
}
public async Task ThenSucceedsIfEmployerIsAuthorised(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "Owner"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsTrue(context.HasSucceeded);
}
public void SetUp()
{
_userId = Guid.NewGuid();
_accountClaimValue = Guid.NewGuid().ToString();
_requirements = new List <IAuthorizationRequirement>
{
new EmployerAccountRequirement()
};
_actionContext = new ActionContext
{
HttpContext = new DefaultHttpContext(),
RouteData = new RouteData(),
ActionDescriptor = new ActionDescriptor()
};
_actionContext.RouteData.Values.Add("controller", "TestController");
_actionContext.RouteData.Values.Add("action", "TestAction");
_actionContext.RouteData.Values.Add(RouteValueKeys.AccountHashedId, _accountClaimValue);
_resource = new AuthorizationFilterContext(_actionContext, new List <IFilterMetadata>());
var mvcContext = _resource as AuthorizationFilterContext;
mvcContext.HttpContext.Request.Host = new HostString("https://employer-incentives.gov.uk");
_claims = new List <Claim>
{
new Claim(EmployerClaimTypes.UserId, _userId.ToString()),
new Claim(EmployerClaimTypes.Account, _accountClaimValue)
};
_identity = new ClaimsIdentity(_claims);
_user = new ClaimsPrincipal(_identity);
_sut = new EmployerAccountAuthorizationHandler();
}
public void ThenReturnsTrueIfEmployerIsAuthorised(
[Frozen] Mock <IEmployerAccountService> employerAccountService,
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "Owner"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsTrue(result);
}
public void ThenFailsIfUserDoesNotHaveAValidRole(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Employer",
Role = "I'm not a role"
};
var employerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsFalse(result);
}
public async Task ThenFailsIfEmployerClaimNotFound(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new Claim[0]) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsFalse(context.HasSucceeded);
}
public void ThenReturnsFalseIfEmployerClaimNotFound(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new Claim[0]) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsFalse(result);
}
public void ThenSucceedsIfEmployerAccountIdIsFoundAfterAccountIdRefresh(
[Frozen] Mock <IEmployerAccountService> employerAccountService,
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerAccounts = new Dictionary <string, EmployerIdentifier>();
var employerAccountClaim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var userId = Guid.NewGuid().ToString();
var userClaim = new Claim(EmployerClaims.IdamsUserIdClaimTypeIdentifier, userId);
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { employerAccountClaim, userClaim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
var employerIdentifier = new EmployerIdentifier
{
AccountId = "1234",
EmployerName = "Test Corp",
Role = "Owner"
};
var refreshedEmployerAccounts = new Dictionary <string, EmployerIdentifier> {
{ "1234", employerIdentifier }
};
var refreshedEmployerAccountClaim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(refreshedEmployerAccounts));
employerAccountService.Setup(s => s.GetClaim(It.IsAny <string>(), It.IsAny <string>()))
.ReturnsAsync(refreshedEmployerAccountClaim);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsTrue(result);
}
public async Task ThenFailsIfEmployerAccountIdNotFoundAndUserIdNotFound(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerAccounts = new Dictionary <string, EmployerIdentifier>();
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
await handler.HandleAsync(context);
//Assert
Assert.IsFalse(context.HasSucceeded);
}
public void ThenReturnsFalseIfEmployerAccountIdNotFoundAndUserIdNotFound(
EmployerAccountRequirement requirement,
AuthorizationFilterContext contextFilter,
EmployerAccountAuthorizationHandler handler)
{
//Assign
var employerAccounts = new Dictionary <string, EmployerIdentifier>();
var claim = new Claim(EmployerClaims.AccountsClaimsTypeIdentifier, JsonConvert.SerializeObject(employerAccounts));
var claimsPrinciple = new ClaimsPrincipal(new[] { new ClaimsIdentity(new[] { claim }) });
var context = new AuthorizationHandlerContext(new[] { requirement }, claimsPrinciple, contextFilter);
var filter = context.Resource as AuthorizationFilterContext;
filter.RouteData.Values.Add(RouteValues.EmployerAccountId, 1234);
//Act
var result = handler.IsEmployerAuthorised(context, false);
//Assert
Assert.IsFalse(result);
}
