private async Task AssertSecureControllerAccess(ClaimsPrincipal user, string method, int expectedStatusCode, IAuthorizationPolicyStore policyStore = null)
{
var ctrl = new Fakes.FakeLimitedControllerDiscoverer(typeof(Controllers.SecureController)).GetControllers(null).Single();
if (policyStore != null)
{
var options = LiteApiOptions.Default;
foreach (var policy in policyStore.GetPolicyNames())
{
options.AuthorizationPolicyStore.SetPolicy(policy, policyStore.GetPolicy(policy));
}
ctrl.Filters = null; // force refresh init with new policy store
foreach (var action in ctrl.Actions)
{
action.Filters = null;
}
ctrl.Init(new LiteApiOptionsAccessor(options));
}
var actionCtx = ctrl.Actions.Single(x => string.Compare(method, x.Name, StringComparison.OrdinalIgnoreCase) == 0);
var invoker = new ActionInvoker(new ControllerBuilder((new Moq.Mock <IServiceProvider>()).Object), new ModelBinderCollection(
new JsonSerializer(), Fakes.FakeServiceProvider.GetServiceProvider(), new Fakes.FakeDefaultLiteApiOptionsRetriever()), new JsonSerializer());
var httpCtx = new Fakes.FakeHttpContext();
httpCtx.User = user;
httpCtx.Request.Path = "/api/secure/" + method;
await invoker.Invoke(httpCtx, actionCtx);
Assert.Equal(expectedStatusCode, httpCtx.Response.StatusCode);
}
public void RequiresAuthentication_NullUser_ReturnsUnauthenticated()
{
var attr = new RequiresAuthenticationAttribute();
var httpCtx = new Fakes.FakeHttpContext();
var shouldContinue = attr.ShouldContinue(httpCtx);
Assert.False(shouldContinue.ShouldContinue);
Assert.Equal(ApiFilterRunResult.Unauthenticated.SetResponseCode, shouldContinue.SetResponseCode);
}
public void RequiresAuthentication_AuthenticatedUser_ReturnsContinue()
{
var attr = new RequiresAuthenticationAttribute();
var httpCtx = new Fakes.FakeHttpContext();
httpCtx.User = UserSetup.GetUser();
var shouldContinue = attr.ShouldContinue(httpCtx);
Assert.True(shouldContinue.ShouldContinue);
}
public void RequiresClaimWithValues_UserClaimWithAllValues_ReturnsContinue()
{
var attr = new RequiresClaimWithValuesAttribute("a", "1", "2", "3");
var user = UserSetup.GetUserWithClaims("a:1", "a:2", "a:3");
var httpContext = new Fakes.FakeHttpContext();
httpContext.User = user;
var shouldContinue = attr.ShouldContinue(httpContext);
Assert.True(shouldContinue.ShouldContinue);
}
public void RequiresAnyRole_UserWitAllRoles_ReturnsContinue()
{
var attr = new RequiresAnyRoleAttribute("a", "b");
var user = UserSetup.GetUser("a", "b");
var httpContext = new Fakes.FakeHttpContext();
httpContext.User = user;
var shouldContinue = attr.ShouldContinue(httpContext);
Assert.True(shouldContinue.ShouldContinue);
}
public void RequiresAnyClaims_AuthorizedUserWithAllClaims_ReturnsAuthorized()
{
var attr = new RequiresAnyClaimAttribute("b", "c", "a");
var user = UserSetup.GetUserWithClaims("a:0", "b:1", "c:2");
var httpContext = new Fakes.FakeHttpContext();
httpContext.User = user;
var shouldContinue = attr.ShouldContinue(httpContext);
Assert.True(shouldContinue.ShouldContinue);
}
public void RequiresClaimWithValues_UserClaimWithSomeValues_ReturnsUnauthorized()
{
var attr = new RequiresClaimWithValuesAttribute("a", "1", "2", "3");
var user = UserSetup.GetUserWithClaims("a:1", "a:2");
var httpContext = new Fakes.FakeHttpContext();
httpContext.User = user;
var shouldContinue = attr.ShouldContinue(httpContext);
Assert.False(shouldContinue.ShouldContinue);
Assert.Equal(ApiFilterRunResult.Unauthorized.SetResponseCode, shouldContinue.SetResponseCode);
}
public void RequiresClaimWithValues_UnauthenticatedUser_ReturnsUnauthenticated()
{
var attr = new RequiresClaimWithValuesAttribute("a", "1", "2", "3");
var user = new ClaimsPrincipal();
var httpContext = new Fakes.FakeHttpContext();
httpContext.User = user;
var shouldContinue = attr.ShouldContinue(httpContext);
Assert.False(shouldContinue.ShouldContinue);
Assert.Equal(ApiFilterRunResult.Unauthenticated.SetResponseCode, shouldContinue.SetResponseCode);
}
public void RequiresAnyRole_UserWithoutRoles_ReturnsUnauthorized()
{
var attr = new RequiresAnyRoleAttribute("a", "b");
var user = UserSetup.GetUser();
var httpContext = new Fakes.FakeHttpContext();
httpContext.User = user;
var shouldContinue = attr.ShouldContinue(httpContext);
Assert.False(shouldContinue.ShouldContinue);
Assert.Equal(ApiFilterRunResult.Unauthorized.SetResponseCode, shouldContinue.SetResponseCode);
}
private async Task AssertSecureControllerAccess(ClaimsPrincipal user, string method, int expectedStatusCode, IAuthorizationPolicyStore policyStore = null)
{
var ctrl = new Fakes.FakeLimitedControllerDiscoverer(typeof(Controllers.SecureController)).GetControllers(null).Single();
if (policyStore != null)
{
object[] methodCallProps = { policyStore };
typeof(ControllerContext)
.GetTypeInfo()
.GetProperty("AuthPolicyStore", BindingFlags.Instance | BindingFlags.NonPublic)
.SetMethod.Invoke(ctrl, methodCallProps);
}
var actionCtx = ctrl.Actions.Single(x => string.Compare(method, x.Name, StringComparison.OrdinalIgnoreCase) == 0);
var invoker = new ActionInvoker(new ControllerBuilder((new Moq.Mock <IServiceProvider>()).Object), new ModelBinderCollection(new JsonSerializer(), new Moq.Mock <IServiceProvider>().Object), new JsonSerializer());
var httpCtx = new Fakes.FakeHttpContext();
httpCtx.User = user;
httpCtx.Request.Path = "/api/secure/" + method;
await invoker.Invoke(httpCtx, actionCtx);
Assert.Equal(expectedStatusCode, httpCtx.Response.StatusCode);
}
private async Task AssertRequireHttps(bool useHttps, Type ctrlType, string actionName, ApiFilterRunResult expectedResult)
{
actionName = actionName.ToLower();
var ctrl = new Fakes.FakeLimitedControllerDiscoverer(ctrlType).GetControllers(null).Single();
var action = ctrl.Actions.Single(x => x.Name == actionName);
var ctx = new Fakes.FakeHttpContext();
if (useHttps)
{
ctx.Request.IsHttps = true;
}
var result = await ActionInvoker.RunFiltersAndCheckIfShouldContinue(ctx, action);
Assert.Equal(expectedResult.ShouldContinue, result.ShouldContinue);
if (!expectedResult.ShouldContinue)
{
Assert.Equal(expectedResult.SetResponseCode, result.SetResponseCode);
Assert.Equal(expectedResult.SetResponseMessage, result.SetResponseMessage);
}
}
