public async Task SharedUserNotificationAccess() { // Setup. var notification = NotificationApplicationFactory.Create(Guid.NewGuid(), NotificationType.Recovery, UKCompetentAuthority.England, 20181); var aspnetInternalUser = UserFactory.Create(Guid.NewGuid(), "Internal", "Internal Last", "12345", "*****@*****.**"); var aspnetSharedUser = UserFactory.Create(Guid.NewGuid(), "External", "Shared", "12345", "*****@*****.**"); var localArea = new LocalArea(Guid.NewGuid(), "Test Area", (int)UKCompetentAuthority.England); context.NotificationApplications.Add(notification); context.Users.Add(aspnetInternalUser); context.Users.Add(aspnetSharedUser); context.LocalAreas.Add(localArea); await context.SaveChangesAsync(); var internalUser = new InternalUser(aspnetInternalUser.Id, "test", UKCompetentAuthority.England, localArea.Id); var sharedUser = new SharedUser(notification.Id, aspnetSharedUser.Id, DateTimeOffset.Now); context.InternalUsers.Add(internalUser); context.SharedUser.Add(sharedUser); await context.SaveChangesAsync(); // Set the shared user to be the user context. A.CallTo(() => userContext.UserId).Returns(Guid.Parse(sharedUser.UserId)); var authorization = new NotificationApplicationAuthorization(context, userContext); // Assert. // There's no assertion for 'does not throw exception' so just executing it as normal. await authorization.EnsureAccessAsync(notification.Id); // Clear data. context.DeleteOnCommit(internalUser); context.DeleteOnCommit(sharedUser); await context.SaveChangesAsync(); context.Entry(aspnetInternalUser).State = EntityState.Deleted; context.Entry(aspnetSharedUser).State = EntityState.Deleted; context.Entry(localArea).State = EntityState.Deleted; await context.SaveChangesAsync(); context.DeleteOnCommit(notification); await context.SaveChangesAsync(); }
public async Task RandomExternalUserAccessThrowsException() { // Setup. var notification = NotificationApplicationFactory.Create(Guid.NewGuid(), NotificationType.Recovery, UKCompetentAuthority.England, 20181); var aspnetInternalUser = UserFactory.Create(Guid.NewGuid(), "Internal", "Internal Last", "12345", "*****@*****.**"); var aspnetSharedUser = UserFactory.Create(Guid.NewGuid(), "External", "Shared", "12345", "*****@*****.**"); var localArea = new LocalArea(Guid.NewGuid(), "Test Area", (int)UKCompetentAuthority.England); context.NotificationApplications.Add(notification); context.Users.Add(aspnetInternalUser); context.Users.Add(aspnetSharedUser); context.LocalAreas.Add(localArea); await context.SaveChangesAsync(); var internalUser = new InternalUser(aspnetInternalUser.Id, "test", UKCompetentAuthority.England, localArea.Id); //Shared user is different to the user context. var sharedUser = new SharedUser(notification.Id, aspnetSharedUser.Id, DateTimeOffset.Now); context.SharedUser.Add(sharedUser); await context.SaveChangesAsync(); context.InternalUsers.Add(internalUser); await context.SaveChangesAsync(); var authorization = new NotificationApplicationAuthorization(context, userContext); // Assert. await Assert.ThrowsAsync <SecurityException>(() => authorization.EnsureAccessAsync(notification.Id)); // Clear data. context.DeleteOnCommit(internalUser); context.DeleteOnCommit(sharedUser); await context.SaveChangesAsync(); context.Entry(aspnetInternalUser).State = EntityState.Deleted; context.Entry(aspnetSharedUser).State = EntityState.Deleted; context.Entry(localArea).State = EntityState.Deleted; await context.SaveChangesAsync(); context.DeleteOnCommit(notification); await context.SaveChangesAsync(); }
public async Task InternalUserDifferentCompetentAuthorityAccessThrowsException() { // Setup. var notification = NotificationApplicationFactory.Create(Guid.NewGuid(), NotificationType.Recovery, UKCompetentAuthority.England, 20181); var aspnetInternalUser = UserFactory.Create(Guid.NewGuid(), "Internal", "Internal Last", "12345", "*****@*****.**"); var localArea = new LocalArea(Guid.NewGuid(), "Test Area", (int)UKCompetentAuthority.England); context.NotificationApplications.Add(notification); context.Users.Add(aspnetInternalUser); context.LocalAreas.Add(localArea); await context.SaveChangesAsync(); // Internal user is different UKCA from the notification - should cause the exception. var internalUser = new InternalUser(aspnetInternalUser.Id, "test", UKCompetentAuthority.Wales, localArea.Id); context.InternalUsers.Add(internalUser); await context.SaveChangesAsync(); A.CallTo(() => userContext.UserId).Returns(Guid.Parse(internalUser.UserId)); var authorization = new NotificationApplicationAuthorization(context, userContext); // Assert. await Assert.ThrowsAsync <SecurityException>(() => authorization.EnsureAccessAsync(notification.Id)); // Clear data. context.DeleteOnCommit(internalUser); await context.SaveChangesAsync(); context.Entry(aspnetInternalUser).State = EntityState.Deleted; context.Entry(localArea).State = EntityState.Deleted; await context.SaveChangesAsync(); context.DeleteOnCommit(notification); await context.SaveChangesAsync(); }
public async Task CheckExternalUserNotOwnerAccessThrowsException() { // Setup. var notification = NotificationApplicationFactory.Create(Guid.NewGuid(), NotificationType.Recovery, UKCompetentAuthority.England, 20181); var aspnetInternalUser = UserFactory.Create(Guid.NewGuid(), "Internal", "Internal Last", "12345", "*****@*****.**"); var localArea = new LocalArea(Guid.NewGuid(), "Test Area", (int)UKCompetentAuthority.England); context.NotificationApplications.Add(notification); context.Users.Add(aspnetInternalUser); context.LocalAreas.Add(localArea); await context.SaveChangesAsync(); var internalUser = new InternalUser(aspnetInternalUser.Id, "test", UKCompetentAuthority.England, localArea.Id); context.InternalUsers.Add(internalUser); await context.SaveChangesAsync(); var authorization = new NotificationApplicationAuthorization(context, userContext); // Assert. await Assert.ThrowsAsync <SecurityException>(() => authorization.EnsureAccessIsOwnerAsync(notification.Id)); // Clear data. context.DeleteOnCommit(internalUser); await context.SaveChangesAsync(); context.Entry(aspnetInternalUser).State = EntityState.Deleted; context.Entry(localArea).State = EntityState.Deleted; await context.SaveChangesAsync(); context.DeleteOnCommit(notification); await context.SaveChangesAsync(); }