public void Check_ApplyCanMutateCheckedClaims() { // Arrange var user = new ClaimsPrincipal( new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic") ); var policies = new IAuthorizationPolicy[] { new FakePolicy() { ApplyAsyncAction = (context) => { // for instance, if user owns the comment if(!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments")) { context.Claims.Add(new Claim("Permission", "CanDeleteComments")); context.Retry = true; } } } }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), user); // Assert Assert.True(allowed); }
public void Check_PoliciesCanMutateUsersClaims() { // Arrange var user = new ClaimsPrincipal( new ClaimsIdentity(new Claim[0], "Basic") ); var policies = new IAuthorizationPolicy[] { new FakePolicy() { ApplyAsyncAction = (context) => { if (!context.Authorized) { context.UserClaims.Add(new Claim("Permission", "CanDeleteComments")); context.Retry = true; } } } }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(new Claim("Permission", "CanDeleteComments"), user); // Assert Assert.True(allowed); }
public async Task Invoke_EmptyClaimsShouldAuthorizeAuthenticatedUser() { // Arrange var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>()); var authorizeAttribute = new AuthorizeAttribute(); var authorizationContext = GetAuthorizationContext(services => services.AddInstance<IAuthorizationService>(authorizationService) ); // Act await authorizeAttribute.OnAuthorizationAsync(authorizationContext); // Assert Assert.Null(authorizationContext.Result); }
public async Task Invoke_ValidClaimShouldNotFail() { // Arrange var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>()); var authorizeAttribute = new AuthorizeAttribute("Permission", "CanViewPage"); var authorizationContext = GetAuthorizationContext(services => services.AddInstance<IAuthorizationService>(authorizationService) ); // Act await authorizeAttribute.OnAuthorizationAsync(authorizationContext); // Assert Assert.Null(authorizationContext.Result); }
public async Task Invoke_EmptyClaimsWithAllowAnonymousAttributeShouldNotRejectAnonymousUser() { // Arrange var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>()); var authorizeAttribute = new AuthorizeAttribute(); var authorizationContext = GetAuthorizationContext(services => services.AddInstance<IAuthorizationService>(authorizationService), anonymous: true ); authorizationContext.Filters.Add(new AllowAnonymousAttribute()); // Act await authorizeAttribute.OnAuthorizationAsync(authorizationContext); // Assert Assert.Null(authorizationContext.Result); }
public void Check_ShouldAllowIfClaimIsAmongValues() { // Arrange var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>()); var user = new ClaimsPrincipal( new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanViewPage"), new Claim("Permission", "CanViewAnything") }, "Basic") ); // Act var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user); // Assert Assert.True(allowed); }
public void Check_ShouldThrowWhenPoliciesDontStop() { // Arrange var policies = new IAuthorizationPolicy[] { new FakePolicy() { ApplyAsyncAction = (context) => { context.Retry = true; } } }; var authorizationService = new DefaultAuthorizationService(policies); // Act // Assert Exception ex = Assert.Throws<AggregateException>(() => authorizationService.Authorize(Enumerable.Empty<Claim>(), null)); }
public void Check_ShouldNotAllowIfUserIsNull() { // Arrange var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>()); ClaimsPrincipal user = null; // Act var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user); // Assert Assert.False(allowed); }
public void Check_ShouldNotAllowIfNoClaims() { // Arrange var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>()); var user = new ClaimsPrincipal( new ClaimsIdentity( new Claim[0], "Basic") ); // Act var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user); // Assert Assert.False(allowed); }
public void Check_ShouldInvokeApplyingApplyAppliedInOrder() { // Arrange string result = ""; var policies = new IAuthorizationPolicy[] { new FakePolicy() { Order = 20, ApplyingAsyncAction = (context) => { result += "Applying20"; }, ApplyAsyncAction = (context) => { result += "Apply20"; }, AppliedAsyncAction = (context) => { result += "Applied20"; } }, new FakePolicy() { Order = -1, ApplyingAsyncAction = (context) => { result += "Applying-1"; }, ApplyAsyncAction = (context) => { result += "Apply-1"; }, AppliedAsyncAction = (context) => { result += "Applied-1"; } }, new FakePolicy() { Order = 30, ApplyingAsyncAction = (context) => { result += "Applying30"; }, ApplyAsyncAction = (context) => { result += "Apply30"; }, AppliedAsyncAction = (context) => { result += "Applied30"; } }, }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null); // Assert Assert.Equal("Applying-1Applying20Applying30Apply-1Apply20Apply30Applied-1Applied20Applied30", result); }
public void Check_ShouldConvertNullClaimsToEmptyList() { // Arrange IList<Claim> claims = null; var policies = new IAuthorizationPolicy[] { new FakePolicy() { Order = 20, ApplyingAsyncAction = (context) => { claims = context.Claims; } } }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null); // Assert Assert.NotNull(claims); Assert.Equal(0, claims.Count); }
public async Task Invoke_NullPoliciesShouldNotFail() { // Arrange var authorizationService = new DefaultAuthorizationService(policies: null); var authorizeAttribute = new AuthorizeAttribute("Permission", "CanViewPage"); var authorizationContext = GetAuthorizationContext(services => services.AddInstance<IAuthorizationService>(authorizationService) ); // Act await authorizeAttribute.OnAuthorizationAsync(authorizationContext); // Assert Assert.Null(authorizationContext.Result); }