public void NamespaceBasedAuthorization_MatchOnNamespace_ShouldThrowNoExceptions() { //Arrange var strategy = new NamespaceBasedAuthorizationStrategy(); var claims = new List <Claim> { new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi.org/"), new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi-2.org/") }; ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims, EdFiAuthenticationTypes.OAuth)); string resource = @"http://ed-fi.org/ods/identity/claims/academicSubjectDescriptor"; string action = @"http://ed-fi.org/ods/actions/manage"; var data = new NamespaceBasedAuthorizationContextData { Namespace = @"uri://ed-fi.org/" }; //Act strategy.AuthorizeSingleItemAsync(new List <Claim>(), new EdFiAuthorizationContext(principal, new[] { resource }, action, data), CancellationToken.None) .WaitSafely(); //Assert }
public void NamespaceBasedAuthorization_EmptyResourceNamespace() { //Arrange var strategy = new NamespaceBasedAuthorizationStrategy(); var claims = new List <Claim> { new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi.org/"), new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi-2.org/") }; ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims, EdFiAuthenticationTypes.OAuth)); string resource = @"http://ed-fi.org/ods/identity/claims/academicSubjectDescriptor"; string action = @"http://ed-fi.org/ods/actions/manage"; var data = new NamespaceBasedAuthorizationContextData { Namespace = @"" }; //Act var exception = Assert.Throws <EdFiSecurityException>( () => strategy.AuthorizeSingleItemAsync( new List <Claim>(), new EdFiAuthorizationContext(principal, new[] { resource }, action, data), CancellationToken.None) .WaitSafely()); exception.Message.ShouldBe("Access to the resource item could not be authorized because the Namespace of the resource is empty."); //Assert }