public void EvaluateSucceedsWhenNotEnabled() { var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var config = new PartnerAuthorizationPolicyConfiguration { Enabled = false }; var policy = new PartnerAuthorizationPolicy(config); mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction"); request.SetConfiguration(httpConfiguration); request.SetRouteData(routeData); policy.Evaluate(actionContext).Should().BeNull("because the policy should always be satisfied if not enabled"); }
public void EvaluateFailsWhenThePartnerDataIsMismatched() { var partner = "SQUIRE"; var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var config = new PartnerAuthorizationPolicyConfiguration { Enabled = true }; var policy = new PartnerAuthorizationPolicy(config); var identity = new ClaimsIdentity(new Claim[] { new Claim(CustomClaimTypes.Partner, partner + "NOTTHERIGHTONE") }); mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction"); routeData.Values.Add(ActionArguments.Partner, partner); request.SetConfiguration(httpConfiguration); request.SetRouteData(routeData); actionContext.RequestContext.Principal = new ClaimsPrincipal(identity); policy.Evaluate(actionContext).Should().Be(HttpStatusCode.Forbidden, "because the policy should fail for a request where the principal claim differs from the requested partner"); }
public void EvaluateSucceedsWhenThePartnerDataMatchesWithCaseDifferences() { var partner = "SQUIRE"; var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var config = new PartnerAuthorizationPolicyConfiguration { Enabled = true }; var policy = new PartnerAuthorizationPolicy(config); var identity = new ClaimsIdentity(new Claim[] { new Claim(CustomClaimTypes.Partner, partner.ToUpper()) }); mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction"); routeData.Values.Add(ActionArguments.Partner, partner.ToLower()); request.SetConfiguration(httpConfiguration); request.SetRouteData(routeData); actionContext.RequestContext.Principal = new ClaimsPrincipal(identity); policy.Evaluate(actionContext).Should().BeNull("because the policy should always be satisfied when the partner data is a match, regardless of case"); }
public void EvaluateSucceedsWhenThereIsANullPartnerActionArgument() { var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var config = new PartnerAuthorizationPolicyConfiguration { Enabled = true }; var policy = new PartnerAuthorizationPolicy(config); var identity = new ClaimsIdentity(new Claim[] { new Claim(CustomClaimTypes.Partner, "SQUIRE") }); mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction"); routeData.Values.Add(ActionArguments.Partner, null); request.SetConfiguration(httpConfiguration); request.SetRouteData(routeData); actionContext.RequestContext.Principal = new ClaimsPrincipal(identity); policy.Evaluate(actionContext).Should().BeNull("because the policy should always be satisfied if there is a null partner argument"); }
public void EnabledPropertyIsConfigured() { var config = new PartnerAuthorizationPolicyConfiguration { Enabled = true }; var policy = new PartnerAuthorizationPolicy(config); policy.Enabled.Should().Be(config.Enabled, "because the Enabled property should be driven by configuration"); }
public void PolicyReflectsTheExpectedPolicy() { var policy = new PartnerAuthorizationPolicy(new PartnerAuthorizationPolicyConfiguration()); policy.Policy.Should().Be(AuthorizationPolicy.EnforcePartner, "because the policy should match the class name"); }