public async Task GetProfileDataAsync_NoProfileNameSpecified_ClaimsMapForUserGenerated() { // Assert var identityWithAdditionalClaimsProfileService = new IdentityWithAdditionalClaimsProfileService(fakeUserManager, mockUserClaimsPrincipalFactory, mockLogger, mockProfileRepository, mockApplicationDataPolicyRepository, mockPermissionRepository, mockTeamRepository); fakeUserManager.SetUserModel(userModel); mockUserClaimsPrincipalFactory.CreateAsync(userModel).Returns(profileDataRequestContext.Subject); mockPermissionRepository.GetListAsync(Arg.Any <Guid>()).Returns(new List <PermissionModel>() { new PermissionModel() { Name = "Permission 1" }, new PermissionModel() { Name = "Permission 2" } }); mockApplicationDataPolicyRepository.GetListAsync(Arg.Any <Guid>()).Returns(new List <ApplicationDataPolicyModel>() { new ApplicationDataPolicyModel() { Name = "DP 1" } }); mockTeamRepository.GetListAsync(Arg.Any <Guid>()).Returns(new List <TeamModel>() { new TeamModel() { Name = "Name 1" }, new TeamModel() { Name = "Name 2" } }); // Act await identityWithAdditionalClaimsProfileService.GetProfileDataAsync(profileDataRequestContext); // Assert Assert.True(profileDataRequestContext.IssuedClaims.Count > 0, "Issued claims must be greater than 0."); Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "permission" && x.Value == "Permission 1"), "Permission 1 claim must be present and correct."); Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "permission" && x.Value == "Permission 2"), "Permission 2 claim must be present and correct."); Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == IdentityServerConstants.StandardScopes.Email && x.Value == userModel.Email), "Email claim must be present and correct."); Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "username" && x.Value == userModel.UserName), "Username claim must be present and correct."); Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "given_name" && x.Value == userModel.FirstName), "Given Name claim must be present and correct."); Assert.True(profileDataRequestContext.IssuedClaims.Exists(x => x.Type == "family_name" && x.Value == userModel.Surname), "Family Name claim must be present and correct."); }
/// <summary> /// Generates a data policiy claim map from teams (and the data policies linked to them) directly associated to the user, as oppossed to any of the user's profiles. /// </summary> /// <param name="claims"></param> /// <param name="context"></param> /// <param name="user"></param> /// <returns></returns> private async Task GenerateDataPolicyClaimMapFromSubject(List <Claim> claims, ProfileDataRequestContext context, UserModel user) { // Get the effective data policies for the acccesing user. // The first portion of the query (up to the first UNION) obtains all data policies associated with teams that users are a member of. // The second portion of the query (up to the second UNION) fetches data policies of teams that the user is not directly a member of, but where that team is the parent // team of one or more child teams that the user is a member of. The user inherits the data policies of the parent team that contains one or more child teams that // the user is a member of. // The third portion of the query fetches the data policies of child teams of a given parent team, where the user is a member of the parent team, but // not a direct member of any of the child teams. var dataPolicies = await applicationDataPolicyRepository.GetListAsync(Guid.Parse(context.Subject.GetSubjectId())); if (dataPolicies != null) { foreach (var dataPolicy in dataPolicies) { Logger.LogDebug($"DataPolicy from A3S for User: {user.UserName}. DataPolicy: '{dataPolicy.Name}'"); // Ensure only a distinct set of permissions gets mapped into tokens. if (!claims.Exists(uc => uc.Type == "dataPolicy" && uc.Value == dataPolicy.Name)) { claims.Add(new Claim("dataPolicy", dataPolicy.Name)); } } } }