public void Given_not_got_a_companyid_When_OnActionExecuting_Then_should_have_result_of_null() { // Given var userDto = new UserDto() { Permissions = new string[] { } }; var customPrincipal = CreateCustomPrincipal(userDto); var actionParameters = new Dictionary<string, object>(); var filterContext = new ActionExecutingContext { HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal), ActionParameters = actionParameters }; var urlHackingFilter = new UrlHackingFilter(); // When urlHackingFilter.OnActionExecuting(filterContext); // Then Assert.That(filterContext.Result, Is.Null); }
public void Given_not_got_a_valid_custom_principle_When_OnActionExecuting_Then_should_throw_401_not_authorised_exception() { // Given var fakePrincipal = new FakePrincipal(); var actionParameters = new Dictionary<string, object> { { "companyId", 1000 } }; var filterContext = new ActionExecutingContext { HttpContext = MvcMockHelpers.FakeHttpContext(fakePrincipal), ActionParameters = actionParameters }; var urlHackingFilter = new UrlHackingFilter(); // When urlHackingFilter.OnActionExecuting(filterContext); // Then Assert.That(filterContext.Result, Is.TypeOf<HttpUnauthorizedResult>()); }
public void Given_a_companyid_but_not_correct_for_custom_principal_When_OnActionExecuting_Then_should_throw_401_not_authorised_exception() { // Given const int userCompanyId = 1; const int urlCompanyId = 9999; var userDto = new UserDto() { CompanyId = userCompanyId, Permissions = new List<string>() }; var customPrincipal = CreateCustomPrincipal(userDto); var actionParameters = new Dictionary<string, object> { {"companyId", urlCompanyId} }; var filterContext = new ActionExecutingContext { HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal), ActionParameters = actionParameters }; var urlHackingFilter = new UrlHackingFilter(); // When urlHackingFilter.OnActionExecuting(filterContext); // Then Assert.That(filterContext.Result, Is.TypeOf<HttpUnauthorizedResult>()); }
public void Given_a_companyid_and_matches_custom_principal_company_id_When_OnActionExecuting_Then_should_return_null() { // Given const int userCompanyId = 1; const int urlCompanyId = 1; var userDto = new UserDto() { CompanyId = userCompanyId, Permissions = new string[] { } }; var customPrincipal = CreateCustomPrincipal(userDto); var actionParameters = new Dictionary<string, object> { {"companyId", urlCompanyId} }; var filterContext = new ActionExecutingContext { HttpContext = MvcMockHelpers.FakeHttpContext(customPrincipal), ActionParameters = actionParameters }; var urlHackingFilter = new UrlHackingFilter(); // When urlHackingFilter.OnActionExecuting(filterContext); // Then Assert.That(filterContext.Result, Is.Null); }