public void AuthorizationServiceBase_IsAuthorized_UserIsInResourceRoleAndDoesNotHavePermissions_False() { //------------Setup for test-------------------------- var resource = Guid.NewGuid(); var securityPermission = new WindowsGroupPermission { IsServer = false, ResourceID = resource }; var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(true); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; foreach (AuthorizationContext context in Enum.GetValues(typeof(AuthorizationContext))) { securityPermission.Permissions = ~context.ToPermissions(); //------------Execute Test--------------------------- var authorized = authorizationService.IsAuthorized(context, resource.ToString()); //------------Assert Results------------------------- Assert.IsFalse(authorized); } }
public void GivenItHasWith(string groupName, string groupRights) { var groupPermssions = new WindowsGroupPermission { WindowsGroup = groupName, ResourceID = Guid.Empty, IsServer = true }; var permissionsStrings = groupRights.Split(new[] { ", " }, StringSplitOptions.RemoveEmptyEntries); foreach (var permissionsString in permissionsStrings) { if (Enum.TryParse(permissionsString.Replace(" ", ""), true, out SecPermissions permission)) { groupPermssions.Permissions |= permission; } } var settings = new Data.Settings.Settings { Security = new SecuritySettingsTO(new List <WindowsGroupPermission> { groupPermssions }) }; var environmentModel = _featureContext.Get <IServer>("environment"); EnsureEnvironmentConnected(environmentModel); environmentModel.ResourceRepository.WriteSettings(environmentModel, settings); environmentModel.Disconnect(); }
public void AuthorizationServiceBase_IsAuthorized_HasDefaultGuestPermissions_WithGivenPermission_True() { //------------Setup for test-------------------------- var resource = Guid.NewGuid(); var securityPermission = WindowsGroupPermission.CreateGuests(); var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(false); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; foreach (AuthorizationContext context in Enum.GetValues(typeof(AuthorizationContext))) { securityPermission.Permissions = context.ToPermissions(); //------------Execute Test--------------------------- var authorized = authorizationService.IsAuthorized(context, resource.ToString()); //------------Assert Results------------------------- Assert.AreEqual(context != AuthorizationContext.None, authorized); } }
public void SettingsWrite_Execute_SettingsWriteValuePassedValidJSON_ShouldDoSecurityWrite() { //------------Setup for test-------------------------- var permission = new WindowsGroupPermission { Administrator = true, IsServer = true, WindowsGroup = Environment.UserName }; var windowsGroupPermissions = new List <WindowsGroupPermission> { permission }; var settings = new Settings { Security = new SecuritySettingsTO(windowsGroupPermissions) }; var serializeObject = JsonConvert.SerializeObject(settings); var settingsWrite = new SettingsWrite(); //------------Execute Test--------------------------- StringBuilder execute = settingsWrite.Execute(new Dictionary <string, StringBuilder> { { "Settings", new StringBuilder(serializeObject) } }, null); //------------Assert Results------------------------- Assert.IsTrue(File.Exists("secure.config")); File.Delete("secure.config"); var msg = ToMsg(execute); Assert.AreEqual("Success", msg.Message.ToString()); }
public void AuthorizationServiceBase_IsAuthorized_UserIsInResourceRoleAndResourceToBeVerifiedIsNull_False() { //------------Setup for test-------------------------- var securityPermission = new WindowsGroupPermission { IsServer = false, ResourceName = "Category\\Test1", ResourceID = Guid.NewGuid() }; var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(true); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; //------------Execute Test--------------------------- var authorized = authorizationService.IsAuthorized(AuthorizationContext.Contribute, null); //------------Assert Results------------------------- Assert.IsFalse(authorized); }
public void GivenResourceHasRights(string resourceName, string resourceRights, string groupName) { var environmentModel = _featureContext.Get <IServer>("environment"); EnsureEnvironmentConnected(environmentModel); var resourceRepository = environmentModel.ResourceRepository; var settings = resourceRepository.ReadSettings(environmentModel); environmentModel.ForceLoadResources(); var resourceModel = resourceRepository.FindSingle(model => model.Category.Equals(resourceName, StringComparison.InvariantCultureIgnoreCase)); Assert.IsNotNull(resourceModel, "Did not find: " + resourceName); var resourcePermissions = SecPermissions.None; var permissionsStrings = resourceRights.Split(new[] { ", " }, StringSplitOptions.RemoveEmptyEntries); foreach (var permissionsString in permissionsStrings) { if (Enum.TryParse(permissionsString.Replace(" ", ""), true, out SecPermissions permission)) { resourcePermissions |= permission; } } settings.Security.WindowsGroupPermissions.RemoveAll(permission => permission.ResourceID == resourceModel.ID); var windowsGroupPermission = new WindowsGroupPermission { WindowsGroup = groupName, ResourceID = resourceModel.ID, ResourceName = resourceName, IsServer = false, Permissions = resourcePermissions }; settings.Security.WindowsGroupPermissions.Add(windowsGroupPermission); var SettingsWriteResult = resourceRepository.WriteSettings(environmentModel, settings); Assert.IsFalse(SettingsWriteResult.HasError, "Cannot setup for security spec.\n Error writing initial resource permissions settings to localhost server.\n" + SettingsWriteResult.Message); }
public void AuthorizationServiceBase_IsAuthorizedToConnect_UserHasNoPermissions_False() { //------------Setup for test-------------------------- var resource = Guid.NewGuid(); var securityPermission = new WindowsGroupPermission { IsServer = false, ResourceID = resource, Permissions = Permissions.View }; var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(false); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; //------------Execute Test--------------------------- var authorized = authorizationService.TestIsAuthorizedToConnect(user.Object); //------------Assert Results------------------------- Assert.IsFalse(authorized); }
public void AuthorizationServiceBase_IsAuthorizedToConnect_HasPermissionGivenInDefaultGuest_True() { var securityPermission = WindowsGroupPermission.CreateGuests(); securityPermission.View = true; var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(false); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; //------------Execute Test--------------------------- var authorized = authorizationService.TestIsAuthorizedToConnect(user.Object); //------------Assert Results------------------------- Assert.IsTrue(authorized); }
public StringBuilder Execute(Dictionary <string, StringBuilder> values, IWorkspace theWorkspace) { if (File.Exists(ServerSecurityService.FileName)) { string encryptedData; using (var inStream = new FileStream(ServerSecurityService.FileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { using (var reader = new StreamReader(inStream)) { encryptedData = reader.ReadToEnd(); } } try { var decryptData = SecurityEncryption.Decrypt(encryptedData); var currentSecuritySettingsTo = JsonConvert.DeserializeObject <SecuritySettingsTO>(decryptData); var permissionGroup = currentSecuritySettingsTo.WindowsGroupPermissions; // We need to change BuiltIn\Administrators to -> Warewolf Administrators ;) if (permissionGroup.Count > 0) { var adminGrp = permissionGroup[0].WindowsGroup; if (adminGrp == "BuiltIn\\Administrators") { permissionGroup[0].WindowsGroup = WindowsGroupPermission.BuiltInAdministratorsText; decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } } var hasGuestPermission = permissionGroup.Any(permission => permission.IsBuiltInGuests); var hasAdminPermission = permissionGroup.Any(permission => permission.IsBuiltInAdministrators); if (!hasAdminPermission) { permissionGroup.Add(WindowsGroupPermission.CreateAdministrators()); permissionGroup.Sort(QuickSortForPermissions); decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } if (!hasGuestPermission) { permissionGroup.Add(WindowsGroupPermission.CreateGuests()); permissionGroup.Sort(QuickSortForPermissions); decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } return(new StringBuilder(decryptData)); } catch (Exception e) { Dev2Logger.Log.Error("SecurityRead", e); } } var serializer = new Dev2JsonSerializer(); var securitySettingsTo = new SecuritySettingsTO(DefaultPermissions) { CacheTimeout = _cacheTimeout }; return(serializer.SerializeToBuilder(securitySettingsTo)); }
public void AuthorizationServiceBase_IsAuthorizedToConnect_ToLocalServerWithNullIdentityName_WithOnlyBuiltInAdminGroup_UserIsNotAuthorized() { //------------Setup for test-------------------------- var resource = Guid.NewGuid(); var securityPermission = new WindowsGroupPermission { IsServer = false, ResourceID = resource, Permissions = Permissions.View, WindowsGroup = GlobalConstants.WarewolfGroup }; var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(true); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; //------------Execute Test--------------------------- var authorized = authorizationService.TestIsAuthorizedToConnect(user.Object); //------------Assert Results------------------------- Assert.IsFalse(authorized); }
void Verify_IsAuthorized(Permissions configPermissions, TestAuthorizationRequest authorizationRequest, bool isServer) { var configPermission = new WindowsGroupPermission { WindowsGroup = TestAuthorizationRequest.UserRole, IsServer = isServer, Permissions = configPermissions }; if (!isServer && !string.IsNullOrEmpty(authorizationRequest.Resource)) { Guid resourceID; if (Guid.TryParse(authorizationRequest.Resource, out resourceID)) { configPermission.ResourceID = resourceID; configPermission.ResourceName = "TestCategory\\"; } else { configPermission.ResourceID = Guid.NewGuid(); configPermission.ResourceName = string.Format("TestCategory\\{0}", authorizationRequest.Resource); } } authorizationRequest.UserIsInRole = false; Verify_IsAuthorized(configPermission, authorizationRequest); authorizationRequest.UserIsInRole = true; Verify_IsAuthorized(configPermission, authorizationRequest); }
static void SetupPermissions() { var groupRights = "View, Execute, Contribute, Deploy To, Deploy From, Administrator"; var groupPermssions = new WindowsGroupPermission { WindowsGroup = "Public", ResourceID = Guid.Empty, IsServer = true }; var permissionsStrings = groupRights.Split(new[] { ", " }, StringSplitOptions.RemoveEmptyEntries); foreach (var permissionsString in permissionsStrings) { Permissions permission; if (Enum.TryParse(permissionsString.Replace(" ", ""), true, out permission)) { groupPermssions.Permissions |= permission; } } var settings = new Data.Settings.Settings { Security = new SecuritySettingsTO(new List <WindowsGroupPermission> { groupPermssions }) }; AppUsageStats.LocalHost = "http://localhost:3142"; var environmentModel = ServerRepository.Instance.Source; environmentModel.Connect(); environmentModel.ResourceRepository.WriteSettings(environmentModel, settings); }
public void SecurityWrite_Execute_SecuritySettingsValuePassedValidJSON_ShouldWriteFile() { //------------Setup for test-------------------------- var permission = new WindowsGroupPermission { Administrator = true, IsServer = true, WindowsGroup = Environment.UserName }; var windowsGroupPermissions = new List <WindowsGroupPermission> { permission }; var securitySettings = new SecuritySettingsTO(windowsGroupPermissions) { CacheTimeout = new TimeSpan(0, 2, 0) }; var securitySettingsValue = JsonConvert.SerializeObject(securitySettings); var securityWrite = new SecurityWrite(); //------------Execute Test--------------------------- securityWrite.Execute(new Dictionary <string, StringBuilder> { { "SecuritySettings", new StringBuilder(securitySettingsValue) } }, null); //------------Assert Results------------------------- var serverSecuritySettingsFile = EnvironmentVariables.ServerSecuritySettingsFile; Assert.IsTrue(File.Exists(serverSecuritySettingsFile)); var fileData = File.ReadAllText(serverSecuritySettingsFile); Assert.IsFalse(fileData.StartsWith("{")); Assert.IsFalse(fileData.EndsWith("}")); Assert.IsFalse(fileData.Contains("IsServer")); File.Delete(serverSecuritySettingsFile); }
public void AuthorizationServiceBase_IsAuthorized_UserIsInServerRoleAndHasPermissions_True() { //------------Setup for test-------------------------- var securityPermission = new WindowsGroupPermission { IsServer = true }; var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(true); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; foreach (AuthorizationContext context in Enum.GetValues(typeof(AuthorizationContext))) { securityPermission.Permissions = context.ToPermissions(); //------------Execute Test--------------------------- var authorized = authorizationService.IsAuthorized(context, It.IsAny <string>()); //------------Assert Results------------------------- Assert.AreEqual(context != AuthorizationContext.None, authorized); } }
void UpdateResourcesBasedOnPermissions(IList <WindowsGroupPermission> windowsGroupPermissions) { var serverPermissions = _server.AuthorizationService.GetResourcePermissions(Guid.Empty); _resourceModels.ForEach(model => { model.UserPermissions = serverPermissions; }); foreach (var perm in windowsGroupPermissions.Where(permission => permission.ResourceID != Guid.Empty && !permission.IsServer)) { WindowsGroupPermission permission = perm; var resourceModel = FindSingle(model => model.ID == permission.ResourceID); if (resourceModel != null) { try { var resourceId = resourceModel.ID; var resourcePermissions = _server.AuthorizationService.GetResourcePermissions(resourceId); resourceModel.UserPermissions = resourcePermissions; } catch (SystemException exception) { HelperUtils.ShowTrustRelationshipError(exception); } } } }
static void SwitchContributePermissionsOff(WindowsGroupPermission windowsGroupPermission, string propertyName) { if (!windowsGroupPermission.View && propertyName == "View" || !windowsGroupPermission.Execute && propertyName == "Execute") { windowsGroupPermission.Contribute = false; } }
public void ClientSecurityService_PermissionsModified_NewPermissionsReceived_ShouldReplaceCurrentPermissions() { //------------Setup for test-------------------------- var connection = new Mock <IEnvironmentConnection>(); IEventPublisher eventPublisher = new EventPublisher(); connection.Setup(c => c.ServerEvents).Returns(eventPublisher); var clientSecurityService = new TestClientSecurityService(connection.Object); var currentPermissions = new List <WindowsGroupPermission>(); var resourceID = Guid.NewGuid(); var resourcePermission = new WindowsGroupPermission(); resourcePermission.ResourceID = resourceID; resourcePermission.Permissions = Permissions.View & Permissions.Execute; var serverPermission = new WindowsGroupPermission(); serverPermission.ResourceID = Guid.Empty; serverPermission.Permissions = Permissions.DeployFrom & Permissions.DeployTo; serverPermission.IsServer = true; currentPermissions.Add(serverPermission); currentPermissions.Add(resourcePermission); clientSecurityService.SetCurrentPermissions(currentPermissions); clientSecurityService.ReadAsync().Wait(); var changedPermissions = new List <WindowsGroupPermission>(); var changedResourcePermission = new WindowsGroupPermission(); changedResourcePermission.ResourceID = resourceID; changedResourcePermission.Permissions = Permissions.Contribute; var changedServerPermission = new WindowsGroupPermission(); changedServerPermission.ResourceID = Guid.Empty; changedServerPermission.Permissions = Permissions.Administrator; changedServerPermission.IsServer = true; changedPermissions.Add(changedServerPermission); changedPermissions.Add(changedResourcePermission); var permissionsModifiedMemo = new PermissionsModifiedMemo(); permissionsModifiedMemo.ModifiedPermissions = changedPermissions; //------------Execute Test--------------------------- connection.Raise(environmentConnection => environmentConnection.PermissionsModified += null, null, changedPermissions); eventPublisher.Publish(permissionsModifiedMemo); //------------Assert Results------------------------- var updateResourcePermission = clientSecurityService.Permissions.FirstOrDefault(permission => permission.ResourceID == resourceID); var updateServerPermission = clientSecurityService.Permissions.FirstOrDefault(permission => permission.ResourceID == Guid.Empty); Assert.IsNotNull(updateResourcePermission); Assert.IsNotNull(updateServerPermission); Assert.AreEqual(Permissions.Contribute, updateResourcePermission.Permissions); Assert.AreEqual(Permissions.Administrator, updateServerPermission.Permissions); }
static void SwitchAdminPermissionsOff(WindowsGroupPermission windowsGroupPermission, string propertyName) { if (!windowsGroupPermission.DeployTo && propertyName == "DeployTo" || !windowsGroupPermission.DeployFrom && propertyName == "DeployFrom" || !windowsGroupPermission.Contribute && propertyName == "Contribute") { windowsGroupPermission.Administrator = false; } }
WindowsGroupPermission CreateNewPermission(bool isServer) { var permission = new WindowsGroupPermission { IsNew = true, IsServer = isServer }; RegisterPropertyChanged(permission); return(permission); }
public void WindowsGroupPermissions_CanRemove_IsPublic_False() { //------------Setup for test-------------------------- var guestPermissions = WindowsGroupPermission.CreateGuests(); //------------Execute Test--------------------------- var canRemove = guestPermissions.CanRemove; //------------Assert Results------------------------- Assert.IsFalse(canRemove); }
public void AuthorizationServiceBase_IsAuthorizedToConnect_ToLocalServer_AdministratorsMembersOfWarewolfGroup_WhenAdministratorsMembersOfTheGroup_ExpectTrue() { //------------Setup for test-------------------------- // permissions setup var warewolfGroupOps = MoqInstallerActionFactory.CreateSecurityOperationsObject(); // Delete warewolf if already a member... warewolfGroupOps.DeleteWarewolfGroup(); warewolfGroupOps.AddWarewolfGroup(); Console.WriteLine("BEFOREEntering AddAdministratorsGroupToWarewolf"); try { warewolfGroupOps.AddAdministratorsGroupToWarewolf(); } catch (COMException e) { //'The Server service is not started.' error is expected in containers. See: https://github.com/moby/moby/issues/26409#issuecomment-304978309 if (e.Message != "The Server service is not started.\r\n") { throw e; } } var result = warewolfGroupOps.IsAdminMemberOfWarewolf(); Assert.IsTrue(result); // Setup rest of test ;) var resource = Guid.NewGuid(); var securityPermission = new WindowsGroupPermission { IsServer = false, ResourceID = resource, Permissions = Permissions.View, WindowsGroup = GlobalConstants.WarewolfGroup }; var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.Identity.Name).Returns("TestUser"); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; //------------Execute Test--------------------------- var isMember = authorizationService.AreAdministratorsMembersOfWarewolfAdministrators(); //------------Assert Results------------------------- Assert.IsTrue(isMember); }
public void WindowsGroupPermission_IsBuiltInGuests_IsServerAndWindowsGroupIsBuiltInAdministrators_True() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { IsServer = true, WindowsGroup = WindowsGroupPermission.BuiltInGuestsText }; //------------Assert Results------------------------- Assert.IsTrue(p.IsBuiltInGuests); }
public ServerForTesting(Mock <IExplorerRepository> explorerRepository, WindowsGroupPermission permission) { MockExplorerRepo = explorerRepository; _explorerProxy = explorerRepository.Object; ResourceName = "localhost"; DisplayName = "localhost"; ServerID = Guid.Empty; _updateManager = new Mock <IStudioUpdateManager>().Object; Permissions = new List <IWindowsGroupPermission> { permission }; }
public void WindowsGroupPermission_IsBuiltInAdministrators_IsServerAndWindowsGroupIsNotBuiltInAdministrators_False() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { IsServer = true, WindowsGroup = "xxxx" }; //------------Assert Results------------------------- Assert.IsFalse(p.IsBuiltInAdministrators); }
public void WindowsGroupPermission_IsBuiltInGuests_IsNotServer_False() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { IsServer = false, WindowsGroup = WindowsGroupPermission.BuiltInGuestsText }; //------------Assert Results------------------------- Assert.IsFalse(p.IsBuiltInGuests); }
public void WindowsGroupPermission_IsValid_IsServerAndWindowsGroupIsEmpty_False() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { IsServer = true, WindowsGroup = string.Empty }; //------------Assert Results------------------------- Assert.IsFalse(p.IsValid); }
public void WindowsGroupPermissions_CanRemove_Resource_True() { //------------Setup for test-------------------------- var p = new WindowsGroupPermission { IsServer = false, ResourceID = Guid.NewGuid(), WindowsGroup = "xxx" }; //------------Execute Test--------------------------- var canRemove = p.CanRemove; //------------Assert Results------------------------- Assert.IsTrue(canRemove); }
public void WindowsGroupPermissions_CanRemove_Server_True() { //------------Setup for test-------------------------- var p = new WindowsGroupPermission { IsServer = true, WindowsGroup = "xxx" }; //------------Execute Test--------------------------- var canRemove = p.CanRemove; //------------Assert Results------------------------- Assert.IsTrue(canRemove); }
public void WindowsGroupPermission_IsValid_IsNotServerAndWindowsGroupAndResourceNameAreNotEmpty_True() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { IsServer = false, WindowsGroup = "xxx", ResourceName = "xxx" }; //------------Assert Results------------------------- Assert.IsTrue(p.IsValid); }
public void WindowsGroupPermission_IsValid_IsNotServerAndResourceNameIsEmpty_False() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { IsServer = false, WindowsGroup = "xxx", ResourceName = string.Empty }; //------------Assert Results------------------------- Assert.IsFalse(p.IsValid); }