public void ShouldAuthObservationDelegate() { // Setup string hdid = "The User HDID"; string resourceHDID = "The Resource HDID"; string token = "Fake Access Token"; string userId = "User ID"; string username = "******"; string scopes = "user/Observation.read"; List <Claim> claims = new List <Claim>() { new Claim(ClaimTypes.Name, username), new Claim(ClaimTypes.NameIdentifier, userId), new Claim(GatewayClaims.HDID, hdid), new Claim(GatewayClaims.Scope, scopes), }; ClaimsIdentity identity = new ClaimsIdentity(claims, "TestAuth"); ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(identity); IHeaderDictionary headerDictionary = new HeaderDictionary(); headerDictionary.Add("Authorization", token); RouteValueDictionary routeValues = new RouteValueDictionary(); routeValues.Add("hdid", resourceHDID); Mock <HttpRequest> httpRequestMock = new Mock <HttpRequest>(); httpRequestMock.Setup(s => s.Headers).Returns(headerDictionary); httpRequestMock.Setup(s => s.RouteValues).Returns(routeValues); Mock <HttpContext> httpContextMock = new Mock <HttpContext>(); httpContextMock.Setup(s => s.User).Returns(claimsPrincipal); httpContextMock.Setup(s => s.Request).Returns(httpRequestMock.Object); Mock <IHttpContextAccessor> httpContextAccessorMock = new Mock <IHttpContextAccessor>(); httpContextAccessorMock.Setup(s => s.HttpContext).Returns(httpContextMock.Object); using ILoggerFactory loggerFactory = LoggerFactory.Create(builder => builder.AddConsole()); ILogger <FhirResourceAuthorizationHandler> logger = loggerFactory.CreateLogger <FhirResourceAuthorizationHandler>(); Mock <IUserDelegateDelegate> mockDependentDelegate = new Mock <IUserDelegateDelegate>(); mockDependentDelegate.Setup(s => s.Exists(resourceHDID, hdid)).Returns(true); FhirResourceAuthorizationHandler authHandler = new FhirResourceAuthorizationHandler(logger, httpContextAccessorMock.Object, mockDependentDelegate.Object); var requirements = new[] { new FhirRequirement(FhirResource.Observation, FhirAccessType.Read) }; AuthorizationHandlerContext context = new AuthorizationHandlerContext(requirements, claimsPrincipal, null); authHandler.HandleAsync(context); Assert.True(context.HasSucceeded); Assert.False(context.HasFailed); }
public void ShouldAuthPatientReadAsOwnerUsingParameter() { // Setup string hdid = "The User HDID"; string resourceHDID = hdid; string token = "Fake Access Token"; string userId = "User ID"; string username = "******"; List <Claim> claims = new List <Claim>() { new Claim(ClaimTypes.Name, username), new Claim(ClaimTypes.NameIdentifier, userId), new Claim(GatewayClaims.HDID, hdid), }; ClaimsIdentity identity = new ClaimsIdentity(claims, "TestAuth"); ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(identity); IHeaderDictionary headerDictionary = new HeaderDictionary(); headerDictionary.Add("Authorization", token); IQueryCollection query = new QueryCollection(new Dictionary <string, StringValues>() { { "hdid", resourceHDID } }); Mock <HttpRequest> httpRequestMock = new Mock <HttpRequest>(); httpRequestMock.Setup(s => s.Headers).Returns(headerDictionary); httpRequestMock.Setup(s => s.Query).Returns(query); Mock <HttpContext> httpContextMock = new Mock <HttpContext>(); httpContextMock.Setup(s => s.User).Returns(claimsPrincipal); httpContextMock.Setup(s => s.Request).Returns(httpRequestMock.Object); Mock <IHttpContextAccessor> httpContextAccessorMock = new Mock <IHttpContextAccessor>(); httpContextAccessorMock.Setup(s => s.HttpContext).Returns(httpContextMock.Object); using ILoggerFactory loggerFactory = LoggerFactory.Create(builder => builder.AddConsole()); ILogger <FhirResourceAuthorizationHandler> logger = loggerFactory.CreateLogger <FhirResourceAuthorizationHandler>(); FhirResourceAuthorizationHandler authHandler = new FhirResourceAuthorizationHandler( logger, httpContextAccessorMock.Object ); var requirements = new[] { new FhirRequirement(FhirResource.Patient, FhirAccessType.Read, fhirLookup: FhirResourceLookup.Parameter) }; AuthorizationHandlerContext context = new AuthorizationHandlerContext(requirements, claimsPrincipal, null); authHandler.HandleAsync(context); Assert.True(context.HasSucceeded); Assert.False(context.HasFailed); }