public async Task SetResponseToCache()
{
_options.PdpCacheDuration = 60;
var cacheEntry = new TestCacheEntry();
var mockedCache = CreateEmptyMockedCache();
mockedCache.Setup(c => c.CreateEntry(BuildCacheKey(_userId)))
.Returns(cacheEntry);
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { requestedresource })
};
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.OK, pdpResponse);
var provider = new PolicyDescisionProvider(mockedCache.Object, Options.Create(_options), mockHandler, _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
Assert.Equal(pdpResponse.applicationId, ((PdpResponse)cacheEntry.Value).applicationId);
Assert.Equal(pdpResponse.userId, ((PdpResponse)cacheEntry.Value).userId);
Assert.Equal(pdpResponse.permissions, ((PdpResponse)cacheEntry.Value).permissions);
}
public async Task CacheDurationFromOptionsIsUsed()
{
_options.PdpCacheDuration = 60;
var cacheEntry = new TestCacheEntry();
var mockedCache = CreateEmptyMockedCache();
mockedCache.Setup(c => c.CreateEntry(BuildCacheKey(_userId)))
.Returns(cacheEntry);
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { _requestedresource })
};
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.OK, pdpResponse);
var client = new HttpClient(mockHandler);
var uri = _options.PdpUrl.EndsWith("/") ? _options.PdpUrl : $"{_options.PdpUrl}/";
client.BaseAddress = new Uri(uri);
var provider = new PolicyDecisionProvider(client, mockedCache.Object, Options.Create(_options), _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
Assert.True(cacheEntry.AbsoluteExpirationRelativeToNow.Value == new TimeSpan(0, _options.PdpCacheDuration, 0));
}
public async Task ShouldCacheResponseWithoutPermissions()
{
_options.PdpCacheDuration = 60;
var cacheEntry = new TestCacheEntry();
var mockedCache = CreateEmptyMockedCache();
mockedCache.Setup(c => c.CreateEntry(BuildCacheKey(_userId)))
.Returns(cacheEntry);
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { })
};
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.OK, pdpResponse);
var client = new HttpClient(mockHandler);
var uri = _options.PdpUrl.EndsWith("/") ? _options.PdpUrl : $"{_options.PdpUrl}/";
client.BaseAddress = new Uri(uri);
var provider = new PolicyDecisionProvider(client, mockedCache.Object, Options.Create(_options), _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
mockedCache.Verify(c => c.CreateEntry(It.IsAny <object>()), Times.Once);
Assert.NotNull(cacheEntry.Value);
Assert.Equal(new List <string>(), ((PdpResponse)cacheEntry.Value).permissions);
}
private IPolicyDescisionProvider CreateMockPolicyDescisionProvider(PdpResponse pdpResponse, string applicationName)
{
var mockPdpProvider = new Mock <IPolicyDescisionProvider>();
mockPdpProvider.Setup(p => p.GetPermissionsAsync(_userId, applicationName))
.ReturnsAsync(pdpResponse);
return(mockPdpProvider.Object);
}
private Mock <IMemoryCache> CreateMockedCache(string key, PdpResponse pdpResponse)
{
var mockCache = new Mock <IMemoryCache>();
var cachedObject = pdpResponse as object;
mockCache.Setup(c => c.TryGetValue("", out cachedObject))
.Returns(false);
mockCache.Setup(c => c.TryGetValue(key, out cachedObject))
.Returns(true);
return(mockCache);
}
public async Task ApiKeyIsSetInHeader()
{
var mockedCache = CreateEmptyMockedCache();
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { requestedresource })
};
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.OK, pdpResponse);
var provider = new PolicyDescisionProvider(mockedCache.Object, Options.Create(_options), mockHandler, _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
Assert.Equal(_apiKey, mockHandler.Headers.GetValues(HeaderKeys.Apikey).FirstOrDefault());
}
public async Task GetCachedPdpResponse()
{
_options.PdpCacheDuration = 60;
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { _requestedresource })
};
var mockedCache = CreateMockedCache(BuildCacheKey(_userId), pdpResponse);
var provider = new PolicyDecisionProvider(Mock.Of <HttpClient>(), mockedCache.Object, Options.Create(_options), _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
Assert.Equal(pdpResponse, result);
}
public async Task DoesNothingWhenNoPermissionsReturned()
{
var pdpResponse = new PdpResponse
{
applicationId = _authOptions.ApplicationName,
userId = _userId,
};
var pdpProvider = CreateMockPolicyDescisionProvider(pdpResponse, ApplicationName);
var transformer = new PermissionsClaimsTransformer(CreateMockPermissionApplicationNameProvider(ApplicationName), pdpProvider);
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(Claims.Name, _userId), new Claim(ClaimTypes.Name, _userId) }, "Bearer"));
var result = await transformer.TransformAsync(user);
Assert.NotNull(result);
Assert.False(result.HasClaim(c => c.Type == Claims.PermissionsType));
}
public async Task GetCachedPdpResponse()
{
_options.PdpCacheDuration = 60;
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { requestedresource })
};
var mockedCache = CreateMockedCache(BuildCacheKey(_userId), pdpResponse);
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.NotFound, null);
var provider = new PolicyDescisionProvider(mockedCache.Object, Options.Create(_options), mockHandler, _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
Assert.Equal(pdpResponse, result);
}
public async Task ReturnsNullIfUserUnknown()
{
var mockedCache = CreateEmptyMockedCache();
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { requestedresource })
};
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.NotFound, null);
var provider = new PolicyDescisionProvider(mockedCache.Object, Options.Create(_options), mockHandler, _logger);
var result = await provider.GetPermissionsAsync("otherUser", _application);
Assert.Null(result);
Assert.NotEmpty(_logger.LoggedMessages);
}
public async Task GetResponse()
{
var mockedCache = CreateEmptyMockedCache();
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { requestedresource })
};
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.OK, pdpResponse);
var provider = new PolicyDescisionProvider(mockedCache.Object, Options.Create(_options), mockHandler, _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
Assert.Equal(pdpResponse.applicationId, result.applicationId);
Assert.Equal(pdpResponse.userId, result.userId);
Assert.Equal(pdpResponse.permissions, result.permissions);
}
public async Task SetClaims()
{
var pdpResponse = new PdpResponse
{
applicationId = _authOptions.ApplicationName,
userId = _userId,
permissions = new List <String>(new string[] { "permission1", "permission2" })
};
var pdpProvider = CreateMockPolicyDescisionProvider(pdpResponse, ApplicationName);
var transformer = new PermissionsClaimsTransformer(CreateMockPermissionApplicationNameProvider(ApplicationName), pdpProvider);
var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(Claims.Name, _userId), new Claim(ClaimTypes.Name, _userId) }, "Bearer"));
var result = await transformer.TransformAsync(user);
Assert.NotNull(result);
Assert.True(result.HasClaim(Claims.PermissionsType, "permission1"));
Assert.True(result.HasClaim(Claims.PermissionsType, "permission2"));
}
public async Task GetResponse()
{
var mockedCache = CreateEmptyMockedCache();
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { _requestedresource })
};
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.OK, pdpResponse);
var client = new HttpClient(mockHandler);
var uri = _options.PdpUrl.EndsWith("/") ? _options.PdpUrl : $"{_options.PdpUrl}/";
client.BaseAddress = new Uri(uri);
var provider = new PolicyDecisionProvider(client, mockedCache.Object, Options.Create(_options), _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
Assert.Equal(pdpResponse.applicationId, result.applicationId);
Assert.Equal(pdpResponse.userId, result.userId);
Assert.Equal(pdpResponse.permissions, result.permissions);
}
public async Task ApiKeyIsSetInHeader()
{
var mockedCache = CreateEmptyMockedCache();
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { requestedresource })
};
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.OK, pdpResponse);
var httpClient = new HttpClient(mockHandler);
httpClient.DefaultRequestHeaders.TryAddWithoutValidation(HeaderKeys.Apikey, _options.PdpApiKey);
var uri = _options.PdpUrl.EndsWith("/") ? _options.PdpUrl : $"{_options.PdpUrl}/";
httpClient.BaseAddress = new Uri(uri);
var provider = new PolicyDecisionProvider(httpClient, mockedCache.Object, Options.Create(_options), _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
Assert.Equal(_apiKey, httpClient.DefaultRequestHeaders.GetValues(HeaderKeys.Apikey).FirstOrDefault());
}
public async Task ShouldNotCacheResponseWithoutPermissions()
{
_options.PdpCacheDuration = 60;
var cacheEntry = new TestCacheEntry();
var mockedCache = CreateEmptyMockedCache();
mockedCache.Setup(c => c.CreateEntry(BuildCacheKey(_userId)))
.Returns(cacheEntry);
var pdpResponse = new PdpResponse
{
applicationId = _application,
userId = _userId,
permissions = new List <String>(new string[] { })
};
var mockHandler = new MockMessageHandler <PdpResponse>(HttpStatusCode.OK, pdpResponse);
var provider = new PolicyDescisionProvider(mockedCache.Object, Options.Create(_options), mockHandler, _logger);
var result = await provider.GetPermissionsAsync(_userId, _application);
mockedCache.Verify(c => c.CreateEntry(It.IsAny <object>()), Times.Never);
Assert.Null(cacheEntry.Value);
}
