public void GetIdentity_For_InExisting_Internal_Public_Client_User_Should_Return_Valid_Identity()
{
// arrange
var controllerHelperMock = Mock.Of <IControllerHelper>(setup => setup.IsInternalUser());
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = "BVW"
}
});
var mockUserDataAccess = Mock.Of <IUserDataAccess>();
var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock, authenticationHelperMock.Object, null);
// act
var result = sut.GetIdentity(null, null, true);
// assert
result.AuthStatus.Should().Be(AuthStatus.NeuerBenutzer);
result.Roles.Should().ContainInOrder(AccessRoles.RoleBVW);
result.IssuedAccessTokens.Length.Should().Be(0);
result.RedirectUrl.Should().BeEmpty();
}
public IHttpActionResult GetIdentity()
{
try
{
var identity = authControllerHelper.GetIdentity(Request, User, true);
return(Ok(identity));
}
catch (AuthenticationException e)
{
return(Content(HttpStatusCode.Forbidden, e.Message));
}
}
public void GetIdentity_For_Existing_Oe3_User_With_Role_And_Correct_AuthenticationMethod_Should_Return_Valid_Identity()
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
controllerHelperMock.Setup(m => m.IsMTanAuthentication()).Returns(false);
controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = "Ö3"
}
});
var applicationRoleUserDataAccessMock = Mock.Of <IApplicationRoleUserDataAccess>();
var mockUserDataAccess = new Mock <IUserDataAccess>();
mockUserDataAccess.Setup(m => m.GetUser(It.IsAny <string>())).Returns(
new User {
Id = "1"
});
mockUserDataAccess.Setup(m => m.GetRoleForClient(It.IsAny <string>())).Returns("Ö3");
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(applicationRoleUserDataAccessMock, mockUserDataAccess.Object, controllerHelperMock.Object,
authenticationHelperMock.Object, webCmiConfigProviderMock.Object);
// act
var result = sut.GetIdentity(null, null, true);
// assert
result.AuthStatus.Should().Be(AuthStatus.KeineMTanAuthentication);
result.Roles.Should().ContainInOrder("Ö3");
result.RedirectUrl.Should().Be("www.recherche.bar.admin.ch/_pep/myaccount?returnURI=/my-appl/private/welcome.html&op=reg-mobile");
}
public void GetIdentity_For_Existing_Public_Client_User_With_Role_And_Correct_AuthenticationMethod_Should_Return_Valid_Identity()
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = "Ö2"
}
});
var applicationRoleUserDataAccessMock = Mock.Of <IApplicationRoleUserDataAccess>();
var mockUserDataAccess = new Mock <IUserDataAccess>();
mockUserDataAccess.Setup(m => m.GetUser(It.IsAny <string>())).Returns(
new User {
Id = "1"
});
mockUserDataAccess.Setup(m => m.GetRoleForClient(It.IsAny <string>())).Returns("Ö2");
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(applicationRoleUserDataAccessMock, mockUserDataAccess.Object, controllerHelperMock.Object,
authenticationHelperMock.Object, webCmiConfigProviderMock.Object);
// act
var result = sut.GetIdentity(null, null, true);
// assert
result.AuthStatus.Should().Be(AuthStatus.Ok);
result.Roles.Should().ContainInOrder("Ö2");
result.IssuedAccessTokens.Length.Should().Be(0);
result.RedirectUrl.Should().BeEmpty();
}
public void GetIdentity_For_Existing_User_Without_Role_Should_Throw_Exception()
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = "BVW"
}
});
var applicationRoleUserDataAccessMock = Mock.Of <IApplicationRoleUserDataAccess>();
var mockUserDataAccess = new Mock <IUserDataAccess>();
mockUserDataAccess.Setup(m => m.GetUser(It.IsAny <string>())).Returns(
new User {
Id = "1"
});
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(applicationRoleUserDataAccessMock, mockUserDataAccess.Object, controllerHelperMock.Object,
authenticationHelperMock.Object, webCmiConfigProviderMock.Object);
// act
var action = (Action)(() => { sut.GetIdentity(null, null, false); });
// assert
action.Should().Throw <AuthenticationException>()
.Where(ex => ex.Message.Contains(
"Es wurde für den Benutzer keine Rolle definiert in der Datenbank oder Authentifikation hat fehlgeschlagen"));
}
public void GetIdentity_For_User_Without_Role_Claim_Should_Throw_AuthenticationException()
{
// arrange
var controllerHelperMock = Mock.Of <IControllerHelper>();
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>());
var sut = new AuthControllerHelper(null, null, controllerHelperMock, authenticationHelperMock.Object, null);
// act
var action = (Action)(() => { sut.GetIdentity(null, null, false); });
// assert
action.Should().Throw <AuthenticationException>().WithMessage("User hat noch keinen Antrag gestellt");
}
public void GetIdentity_For_InExisting_Internal_Management_Client_User_Should_Return_Valid_Identity()
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = "BVW"
}
});
var mockUserDataAccess = Mock.Of <IUserDataAccess>();
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock.Object, authenticationHelperMock.Object,
webCmiConfigProviderMock.Object);
// act
var result = sut.GetIdentity(null, null, false);
// assert
result.AuthStatus.Should().Be(AuthStatus.NeuerBenutzer);
result.Roles.Should().ContainInOrder("ALLOW");
result.IssuedAccessTokens.Length.Should().Be(0);
result.RedirectUrl.Should().Be("www.recherche.bar.admin.ch/recherche");
}
public IHttpActionResult GetIdentity()
{
return(Ok(authControllerHelper.GetIdentity(Request, User, false)));
}
