public void Check_ApplyCanMutateCheckedClaims()
{
// Arrange
var user = new ClaimsPrincipal(
new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic")
);
var policies = new IAuthorizationPolicy[] {
new FakePolicy()
{
ApplyAsyncAction = (context) => {
// for instance, if user owns the comment
if (!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments"))
{
context.Claims.Add(new Claim("Permission", "CanDeleteComments"));
context.Retry = true;
}
}
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), user);
// Assert
Assert.True(allowed);
}
public void Check_PoliciesCanMutateUsersClaims()
{
// Arrange
var user = new ClaimsPrincipal(
new ClaimsIdentity(new Claim[0], "Basic")
);
var policies = new IAuthorizationPolicy[] {
new FakePolicy()
{
ApplyAsyncAction = (context) => {
if (!context.Authorized)
{
context.UserClaims.Add(new Claim("Permission", "CanDeleteComments"));
context.Retry = true;
}
}
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(new Claim("Permission", "CanDeleteComments"), user);
// Assert
Assert.True(allowed);
}
public void Check_ShouldApplyPoliciesInOrder()
{
// Arrange
string result = "";
var policies = new IAuthorizationPolicy[] {
new FakePolicy()
{
Order = 20,
ApplyingAsyncAction = (context) => { result += "20"; }
},
new FakePolicy()
{
Order = -1,
ApplyingAsyncAction = (context) => { result += "-1"; }
},
new FakePolicy()
{
Order = 30,
ApplyingAsyncAction = (context) => { result += "30"; }
},
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), null);
// Assert
Assert.Equal("-12030", result);
}
public void Check_ShouldNotAllowIfUserIsNull()
{
// Arrange
var authorizationService = new DefaultAuthorizationService(Enumerable.Empty <IAuthorizationPolicy>());
ClaimsPrincipal user = null;
// Act
var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
// Assert
Assert.False(allowed);
}
public async Task NoRequirementTest()
{
var bus = A.Fake <IServiceBus>();
var user = A.Fake <ClaimsPrincipal>();
var message = A.Fake <IMessage>();
var options = new AuthorizationOptions();
var service = new DefaultAuthorizationService(options, new IAuthorizationHandler[0]);
await Assert.ThrowsAsync <InvalidOperationException>(() =>
{
return(service.Authorize(bus, user, message, "CustomPolicy"));
});
}
public void Check_ShouldAllowIfClaimIsPresent()
{
// Arrange
var authorizationService = new DefaultAuthorizationService(Enumerable.Empty <IAuthorizationPolicy>());
var user = new ClaimsPrincipal(
new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic")
);
// Act
var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
// Assert
Assert.True(allowed);
}
public async Task FailedRequirementTest()
{
var bus = A.Fake <IServiceBus>();
var user = A.Fake <ClaimsPrincipal>();
var handler = new FailingAuthorizationHandler();
var requirement = new FailingRequirement();
var message = A.Fake <IMessage>();
var options = new AuthorizationOptions();
options.AddPolicy("CustomPolicy", p => p.AddRequirements(requirement));
var service = new DefaultAuthorizationService(options, new IAuthorizationHandler[] { handler });
Assert.False(await service.Authorize(bus, user, message, "CustomPolicy"));
}
public void Check_ShouldThrowWhenPoliciesDontStop()
{
// Arrange
var policies = new IAuthorizationPolicy[] {
new FakePolicy()
{
ApplyAsyncAction = (context) => { context.Retry = true; }
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
// Assert
Exception ex = Assert.Throws <InvalidOperationException>(() => authorizationService.Authorize(Enumerable.Empty <Claim>(), null));
}
public void Check_ShouldConvertNullClaimsToEmptyList()
{
// Arrange
IList <Claim> claims = null;
var policies = new IAuthorizationPolicy[] {
new FakePolicy()
{
Order = 20,
ApplyingAsyncAction = (context) => { claims = context.Claims; }
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), null);
// Assert
Assert.NotNull(claims);
Assert.Equal(0, claims.Count);
}