public void ShouldAuthObservationDelegate()
{
// Setup
string hdid = "The User HDID";
string resourceHDID = "The Resource HDID";
string token = "Fake Access Token";
string userId = "User ID";
string username = "******";
string scopes = "user/Observation.read";
List <Claim> claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, username),
new Claim(ClaimTypes.NameIdentifier, userId),
new Claim(GatewayClaims.HDID, hdid),
new Claim(GatewayClaims.Scope, scopes),
};
ClaimsIdentity identity = new ClaimsIdentity(claims, "TestAuth");
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(identity);
IHeaderDictionary headerDictionary = new HeaderDictionary();
headerDictionary.Add("Authorization", token);
RouteValueDictionary routeValues = new RouteValueDictionary();
routeValues.Add("hdid", resourceHDID);
Mock <HttpRequest> httpRequestMock = new Mock <HttpRequest>();
httpRequestMock.Setup(s => s.Headers).Returns(headerDictionary);
httpRequestMock.Setup(s => s.RouteValues).Returns(routeValues);
Mock <HttpContext> httpContextMock = new Mock <HttpContext>();
httpContextMock.Setup(s => s.User).Returns(claimsPrincipal);
httpContextMock.Setup(s => s.Request).Returns(httpRequestMock.Object);
Mock <IHttpContextAccessor> httpContextAccessorMock = new Mock <IHttpContextAccessor>();
httpContextAccessorMock.Setup(s => s.HttpContext).Returns(httpContextMock.Object);
using ILoggerFactory loggerFactory = LoggerFactory.Create(builder => builder.AddConsole());
ILogger <FhirResourceAuthorizationHandler> logger = loggerFactory.CreateLogger <FhirResourceAuthorizationHandler>();
Mock <IUserDelegateDelegate> mockDependentDelegate = new Mock <IUserDelegateDelegate>();
mockDependentDelegate.Setup(s => s.Exists(resourceHDID, hdid)).Returns(true);
FhirResourceAuthorizationHandler authHandler = new FhirResourceAuthorizationHandler(logger, httpContextAccessorMock.Object, mockDependentDelegate.Object);
var requirements = new[] { new FhirRequirement(FhirResource.Observation, FhirAccessType.Read) };
AuthorizationHandlerContext context = new AuthorizationHandlerContext(requirements, claimsPrincipal, null);
authHandler.HandleAsync(context);
Assert.True(context.HasSucceeded);
Assert.False(context.HasFailed);
}
public void ShouldAuthPatientReadAsOwnerUsingParameter()
{
// Setup
string hdid = "The User HDID";
string resourceHDID = hdid;
string token = "Fake Access Token";
string userId = "User ID";
string username = "******";
List <Claim> claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, username),
new Claim(ClaimTypes.NameIdentifier, userId),
new Claim(GatewayClaims.HDID, hdid),
};
ClaimsIdentity identity = new ClaimsIdentity(claims, "TestAuth");
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(identity);
IHeaderDictionary headerDictionary = new HeaderDictionary();
headerDictionary.Add("Authorization", token);
IQueryCollection query = new QueryCollection(new Dictionary <string, StringValues>()
{
{ "hdid", resourceHDID }
});
Mock <HttpRequest> httpRequestMock = new Mock <HttpRequest>();
httpRequestMock.Setup(s => s.Headers).Returns(headerDictionary);
httpRequestMock.Setup(s => s.Query).Returns(query);
Mock <HttpContext> httpContextMock = new Mock <HttpContext>();
httpContextMock.Setup(s => s.User).Returns(claimsPrincipal);
httpContextMock.Setup(s => s.Request).Returns(httpRequestMock.Object);
Mock <IHttpContextAccessor> httpContextAccessorMock = new Mock <IHttpContextAccessor>();
httpContextAccessorMock.Setup(s => s.HttpContext).Returns(httpContextMock.Object);
using ILoggerFactory loggerFactory = LoggerFactory.Create(builder => builder.AddConsole());
ILogger <FhirResourceAuthorizationHandler> logger = loggerFactory.CreateLogger <FhirResourceAuthorizationHandler>();
FhirResourceAuthorizationHandler authHandler = new FhirResourceAuthorizationHandler(
logger,
httpContextAccessorMock.Object
);
var requirements = new[] { new FhirRequirement(FhirResource.Patient, FhirAccessType.Read, fhirLookup: FhirResourceLookup.Parameter) };
AuthorizationHandlerContext context = new AuthorizationHandlerContext(requirements, claimsPrincipal, null);
authHandler.HandleAsync(context);
Assert.True(context.HasSucceeded);
Assert.False(context.HasFailed);
}
