public void EvaluateSucceedsWhenNotEnabled()
        {
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request = new HttpRequestMessage();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var config        = new PartnerAuthorizationPolicyConfiguration {
                Enabled = false
            };
            var policy = new PartnerAuthorizationPolicy(config);

            mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction");

            request.SetConfiguration(httpConfiguration);
            request.SetRouteData(routeData);

            policy.Evaluate(actionContext).Should().BeNull("because the policy should always be satisfied if not enabled");
        }
        public void EvaluateSucceedsWhenThePartnerDataMatchesWithCaseDifferences()
        {
            var partner = "SQUIRE";
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request = new HttpRequestMessage();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var config        = new PartnerAuthorizationPolicyConfiguration {
                Enabled = true
            };
            var policy   = new PartnerAuthorizationPolicy(config);
            var identity = new ClaimsIdentity(new Claim[] { new Claim(CustomClaimTypes.Partner, partner.ToUpper()) });

            mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction");

            routeData.Values.Add(ActionArguments.Partner, partner.ToLower());

            request.SetConfiguration(httpConfiguration);
            request.SetRouteData(routeData);

            actionContext.RequestContext.Principal = new ClaimsPrincipal(identity);

            policy.Evaluate(actionContext).Should().BeNull("because the policy should always be satisfied when the partner data is a match, regardless of case");
        }
        public void EvaluateFailsWhenThePartnerDataIsMismatched()
        {
            var partner = "SQUIRE";
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request = new HttpRequestMessage();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var config        = new PartnerAuthorizationPolicyConfiguration {
                Enabled = true
            };
            var policy   = new PartnerAuthorizationPolicy(config);
            var identity = new ClaimsIdentity(new Claim[] { new Claim(CustomClaimTypes.Partner, partner + "NOTTHERIGHTONE") });

            mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction");

            routeData.Values.Add(ActionArguments.Partner, partner);

            request.SetConfiguration(httpConfiguration);
            request.SetRouteData(routeData);

            actionContext.RequestContext.Principal = new ClaimsPrincipal(identity);

            policy.Evaluate(actionContext).Should().Be(HttpStatusCode.Forbidden, "because the policy should fail for a request where the principal claim differs from the requested partner");
        }
        public void EvaluateSucceedsWhenThereIsANullPartnerActionArgument()
        {
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request = new HttpRequestMessage();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var config        = new PartnerAuthorizationPolicyConfiguration {
                Enabled = true
            };
            var policy   = new PartnerAuthorizationPolicy(config);
            var identity = new ClaimsIdentity(new Claim[] { new Claim(CustomClaimTypes.Partner, "SQUIRE") });

            mockActionDescriptor.SetupGet(descriptor => descriptor.ActionName).Returns("someAction");

            routeData.Values.Add(ActionArguments.Partner, null);

            request.SetConfiguration(httpConfiguration);
            request.SetRouteData(routeData);

            actionContext.RequestContext.Principal = new ClaimsPrincipal(identity);

            policy.Evaluate(actionContext).Should().BeNull("because the policy should always be satisfied if there is a null partner argument");
        }