public void DeleteRole_WrongScope_ReturnsForbidden() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); AssertDeleteRole(HttpStatusCode.Forbidden, existingClient.Id, existingRole.Id.ToString(), Scopes.ReadScope); }
public void AddRolesToUser_RoleDoesNotExist_ReturnsBadRequest() { var existingClient = ExistingClients.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id) ); var expectedUser = CreateUser(usersModule); var role = new Role { Id = Guid.NewGuid(), Name = "test" + Guid.NewGuid(), Grain = Domain.Defaults.Authorization.AppGrain, SecurableItem = existingClient.TopLevelSecurableItem.Name }; var addRolesToUserResponse = usersModule.Post($"/user/{expectedUser.IdentityProvider}/{HttpUtility.UrlEncode(expectedUser.SubjectId)}/roles", with => { with.HttpRequest(); with.JsonBody(new[] { role }); }).Result; Assert.Equal(HttpStatusCode.BadRequest, addRolesToUserResponse.StatusCode); var error = addRolesToUserResponse.Body.DeserializeJson <Error>(); Assert.Contains("There was an issue adding roles to the user. Please see the inner exception(s) for details", error.Message); Assert.Equal($"The role: {role} with Id: {role.Id} could not be found to add to the user.", error.Details[0].Message); Assert.Single(error.Details); }
public void DeleteRole_Succeeds() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); AssertDeleteRole(HttpStatusCode.NoContent, existingClient.Id, existingRole.Id.ToString(), Scopes.WriteScope); }
public void GetUserPermissions_Succeeds( string group, string grain, string securableItem, int expectedCountPermissions) { var existingClient = ExistingClients.First(); var existingUser = _existingUsers.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id), new Claim(JwtClaimTypes.Role, group), new Claim(Claims.Sub, existingUser.SubjectId), new Claim(Claims.IdentityProvider, existingUser.IdentityProvider) ); var result = usersModule.Get("/user/permissions", with => { with.Query("grain", grain); with.Query("securableItem", securableItem); }) .Result; AssertOk(result, expectedCountPermissions); }
public void AddRolesToUser_PostSingleRole_ReturnsBadRequest() { var existingClient = ExistingClients.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id) ); var expectedUser = CreateUser(usersModule); var addRolesToUserResponse = usersModule.Post($"/user/{expectedUser.IdentityProvider}/{HttpUtility.UrlEncode(expectedUser.SubjectId)}/roles", with => { with.HttpRequest(); with.JsonBody(new Role { Id = Guid.NewGuid(), Grain = Domain.Defaults.Authorization.AppGrain, SecurableItem = existingClient.TopLevelSecurableItem.Name, Name = "role" + Guid.NewGuid() }); }).Result; Assert.Equal(HttpStatusCode.BadRequest, addRolesToUserResponse.StatusCode); var error = addRolesToUserResponse.Body.DeserializeJson <Error>(); Assert.Equal(UsersModule.InvalidRoleArrayMessage, error.Message); }
public void GetRolesForUser_MultipleRoles_ReturnsOK() { var existingClient = ExistingClients.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id) ); var expectedUser = CreateUser(usersModule); var newRoles = AddExistingRoles(existingClient.TopLevelSecurableItem.Name); var addRolesToUserResponse = usersModule.Post($"/user/{expectedUser.IdentityProvider}/{HttpUtility.UrlEncode(expectedUser.SubjectId)}/roles", with => { with.HttpRequest(); with.JsonBody(new[] { newRoles[0], newRoles[1], newRoles[3] }); }).Result; Assert.Equal(HttpStatusCode.OK, addRolesToUserResponse.StatusCode); var userWithRoles = addRolesToUserResponse.Body.DeserializeJson <UserApiModel>(); Assert.Equal(3, userWithRoles.Roles.Count); var getRolesForUser = usersModule.Get($"/user/{expectedUser.IdentityProvider}/{HttpUtility.UrlEncode(expectedUser.SubjectId)}/roles").Result; Assert.Equal(HttpStatusCode.OK, getRolesForUser.StatusCode); Assert.Equal(3, getRolesForUser.Body.DeserializeJson <List <RoleApiModel> >().Count); }
public void DeleteRolesFromUser_RoleDoesNotExistForUser_ReturnsBadRequest() { var existingClient = ExistingClients.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id) ); var user = CreateUser(usersModule); var deleteRolesFromUser = usersModule.Delete( $"/user/{user.IdentityProvider}/{HttpUtility.UrlEncode(user.SubjectId)}/roles", with => { with.HttpRequest(); with.JsonBody(new [] { new { Id = Guid.NewGuid(), Grain = Domain.Defaults.Authorization.AppGrain, SecurableItem = existingClient.Id, Name = "testRole1" }, new { Id = Guid.NewGuid(), Grain = Domain.Defaults.Authorization.AppGrain, SecurableItem = existingClient.Id, Name = "testRole2" } }); }).Result; Assert.Equal(HttpStatusCode.BadRequest, deleteRolesFromUser.StatusCode); var error = deleteRolesFromUser.Body.DeserializeJson <Error>(); Assert.Contains("There was an issue deleting roles for the user. Please see the inner exception(s) for the details.", error.Message); Assert.Equal(2, error.Details.Length); }
public void GetRoles_ReturnsNotAllowedForIncorrectCredentials(string scope, string clientId) { var existingClient = ExistingClients.First(); var rolesModule = CreateBrowser(new Claim(Claims.Scope, scope), new Claim(Claims.ClientId, clientId)); var result = rolesModule.Get($"/roles/app/{existingClient.Id}").Result; Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode); }
public void AddRole_ReturnsForbidden(RoleApiModel roleToPost, string scope) { var existingClient = ExistingClients.First(); var rolesModule = CreateBrowser(new Claim(Claims.Scope, scope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Post($"/roles", with => with.JsonBody(roleToPost)).Result; Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode); }
public void AddUser_NewUser_ReturnsCreated() { var existingClient = ExistingClients.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, existingClient.Id) ); CreateUser(usersModule); }
public void DeleteRole_WrongClient_ReturnsForbidden(string cliendId) { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, cliendId)); var result = rolesModule.Delete($"/roles/{existingRole.Id}").Result; Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode); }
public void DeletePermissionFromRole_PermissionNotFound() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); DeletePermissionAndAssert(existingClient.Id, existingRole.Id.ToString(), existingPermission, HttpStatusCode.NotFound); }
public void DeletePermissionFromRole_Forbidden() { var existingClient = ExistingClients.First(); var notFoundRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == notFoundRole.Grain && p.SecurableItem == notFoundRole.SecurableItem); DeletePermissionAndAssert("sourcemartdesigner", notFoundRole.Id.ToString(), existingPermission, HttpStatusCode.Forbidden); }
public void DeletePermissionFromRole_WrongScope_Forbidden() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); DeletePermissionAndAssert(existingClient.Id, existingRole.Id.ToString(), existingPermission, HttpStatusCode.Forbidden, Scopes.ReadScope); }
public void DeletePermissionFromRole_BadRequest() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); DeletePermissionAndAssert(existingClient.Id, "notaguid", existingPermission, HttpStatusCode.BadRequest, Scopes.WriteScope); }
public void AddPermissionsToRole_IncompatiblePermission_WrongSecurable() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem != existingRole.SecurableItem); PostPermissionAndAssert(existingRole, existingPermission, existingClient.Id, HttpStatusCode.BadRequest); }
public void AddPermissionsToRole_IncompatiblePermission_PermissionAlreadyExists() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); existingRole.Permissions.Add(existingPermission); PostPermissionAndAssert(existingRole, existingPermission, existingClient.Id, HttpStatusCode.Conflict); }
public void GetRoles_ReturnsRoleForRoleName() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); Assert.NotNull(existingRole); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Get($"/roles/app/{existingRole.SecurableItem}/{existingRole.Name}").Result; AssertRolesOK(result, 1, existingRole.Id); }
public void GetRolesForUser_UserDoesNotExist_ReturnsNotFound() { var existingClient = ExistingClients.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id) ); var getRolesForUser = usersModule.Get($"/user/windows/nouser/roles").Result; Assert.Equal(HttpStatusCode.NotFound, getRolesForUser.StatusCode); }
public void GetRolesForUser_UserHasNoRoles_ReturnsEmptyArray() { var existingClient = ExistingClients.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id) ); var user = CreateUser(usersModule); var getRolesForUser = usersModule.Get($"/user/{user.IdentityProvider}/{HttpUtility.UrlEncode(user.SubjectId)}/roles").Result; Assert.Equal(HttpStatusCode.OK, getRolesForUser.StatusCode); Assert.Empty(getRolesForUser.Body.DeserializeJson <List <RoleApiModel> >()); }
public void AddPermissionsToRole_PermissionNotFound() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var permission = new Permission { Id = Guid.NewGuid(), Grain = "app", SecurableItem = "patientsafety", Name = "notfound" }; PostPermissionAndAssert(existingRole, permission, existingClient.Id, HttpStatusCode.NotFound); }
public void AddPermissionsToRole_BadRequest() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Post($"/roles/{existingRole.Id}/permissions", with => with.JsonBody(existingPermission)) .Result; Assert.Equal(HttpStatusCode.BadRequest, result.StatusCode); }
public void AddRole_ReturnsBadRequest(RoleApiModel roleToPost, int errorCount) { var existingClient = ExistingClients.First(); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Post($"/roles", with => with.JsonBody(roleToPost)).Result; Assert.Equal(HttpStatusCode.BadRequest, result.StatusCode); var error = result.Body.DeserializeJson <Error>(); Assert.NotNull(error); if (errorCount > 0) { Assert.Equal(errorCount, error.Details.Length); } }
public void GetUserPermissions_Forbidden(string securableItem, string scope) { var existingClient = ExistingClients.First(); var usersModule = CreateBrowser(new Claim(Claims.Scope, scope), new Claim(Claims.ClientId, existingClient.Id), new Claim(JwtClaimTypes.Role, @"Fabric\Health Catalyst Admin")); var result = usersModule.Get("/user/permissions", with => { with.Query("grain", "app"); with.Query("securableItem", securableItem); }) .Result; Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode); }
public void GetUserPermissions_NoParameters_DefaultsToTopLevel() { var existingClient = ExistingClients.First(); var existingUser = _existingUsers.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id), new Claim(JwtClaimTypes.Role, @"Fabric\Health Catalyst Admin"), new Claim(Claims.Sub, existingUser.SubjectId), new Claim(Claims.IdentityProvider, existingUser.IdentityProvider) ); var result = usersModule.Get("/user/permissions").Result; AssertOk(result, 3); }
public void AddPermissionsToRole_RoleNotFound() { var existingClient = ExistingClients.First(); var role = new Role { Id = Guid.NewGuid(), Grain = "app", SecurableItem = "patientsafety", Name = "notfound" }; var existingPermission = ExistingPermissions.First(p => p.Grain == role.Grain && p.SecurableItem == role.SecurableItem); PostPermissionAndAssert(role, existingPermission, existingClient.Id, HttpStatusCode.NotFound); }
public void AddPermissionsToRole_Succeeds() { var existingClient = ExistingClients.First(); var existingRole = ExistingRoles.First(r => r.SecurableItem == existingClient.Id); var existingPermission = ExistingPermissions.First(p => p.Grain == existingRole.Grain && p.SecurableItem == existingRole.SecurableItem); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, existingClient.Id)); var result = rolesModule.Post($"/roles/{existingRole.Id}/permissions", with => with.JsonBody(new List <Permission> { existingPermission })) .Result; AssertRoleOK(result, 1); }
public void GetUser_ExistingUser_ReturnsOk() { var existingClient = ExistingClients.First(); var usersModule = CreateBrowser( new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.ClientId, existingClient.Id) ); var expectedUser = CreateUser(usersModule); var actualUserResponse = usersModule.Get($"/user/{expectedUser.IdentityProvider}/{HttpUtility.UrlEncode(expectedUser.SubjectId)}").Result; Assert.Equal(HttpStatusCode.OK, actualUserResponse.StatusCode); var actualUser = actualUserResponse.Body.DeserializeJson <UserApiModel>(); Assert.Equal(expectedUser.IdentityProvider, actualUser.IdentityProvider); Assert.Equal(expectedUser.SubjectId, actualUser.SubjectId); }
public void DeletePermissionFromRole_RoleNotFound() { var existingClient = ExistingClients.First(); var notFoundRole = new Role { Id = Guid.NewGuid(), Grain = "app", SecurableItem = existingClient.Id, Name = "notfound" }; var existingPermission = ExistingPermissions.First(p => p.Grain == notFoundRole.Grain && p.SecurableItem == notFoundRole.SecurableItem); notFoundRole.Permissions.Add(existingPermission); DeletePermissionAndAssert(existingClient.Id, notFoundRole.Id.ToString(), existingPermission, HttpStatusCode.NotFound); }
public void AddRole_Succeeds() { var existingClient = ExistingClients.First(); var rolesModule = CreateBrowser(new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, existingClient.Id)); var roleToPost = new RoleApiModel { Grain = "app", SecurableItem = existingClient.Id, Name = "test" }; var result = rolesModule.Post($"/roles", with => with.JsonBody(roleToPost)).Result; Assert.Equal(HttpStatusCode.Created, result.StatusCode); var newRole = result.Body.DeserializeJson <RoleApiModel>(); Assert.Equal(roleToPost.Name, newRole.Name); Assert.NotNull(newRole.Id); }