예제 #1
0
        public void Should_produce_runtime_policy_event_with_timing_when_event_listener_is_registered()
        {
            // Arrange
            const int    expectedMilliseconds = 9;
            var          expectedResult       = new { };
            const string expectedMessage      = "Message";

            var events = new List <ISecurityEvent>();

            SecurityDoctor.Register(events.Add);
            var context = TestDataFactory.CreateSecurityContext(false);

            // Act
            var result = Publish.RuntimePolicyEvent(() =>
            {
                Thread.Sleep(expectedMilliseconds + 5);
                return(expectedResult);
            }, r => expectedMessage, context);

            // Assert
            Assert.That(result, Is.EqualTo(expectedResult));

            var @event = events.Single();

            Assert.That(@event.CorrelationId, Is.EqualTo(context.Id));
            Assert.That(@event.Message, Is.EqualTo(expectedMessage));
            Assert.That(@event.CompletedInMilliseconds, Is.GreaterThanOrEqualTo(expectedMilliseconds));
        }
예제 #2
0
 public void Reset()
 {
     ServiceLocator.Reset();
     ExceptionFactory.Reset();
     SecurityDoctor.Reset();
     SecurityCache.ClearCache(Lifecycle.HybridHttpContext);
     SecurityCache.ClearCache(Lifecycle.HybridHttpSession);
 }
예제 #3
0
 [OneTimeSetUp]        //[SetUp]
 public void Reset()
 {
     ServiceLocator.Reset();
     ExceptionFactory.Reset();
     SecurityDoctor.Reset();
     SecurityRuntime.HttpContextAccessor = new Mock <IHttpContextAccessor>().Object;
     SecurityCache.ClearCache(Lifecycle.HybridHttpContext);
     SecurityCache.ClearCache(Lifecycle.HybridHttpSession);
 }
예제 #4
0
        public void Should_create_a_new_instance_of_SecurityDoctor()
        {
            // Arrange
            var securityDoctor = SecurityDoctor.Current;

            SecurityDoctor.Reset();

            // Assert
            Assert.That(SecurityDoctor.Current, Is.Not.EqualTo(securityDoctor));
        }
예제 #5
0
        public void Should_find_a_single_event_listener()
        {
            // Arrange
            var doctor = new SecurityDoctor();

            // Act
            doctor.ScanForEventListeners();

            // Assert
            Assert.That(doctor.Listeners.Single(), Is.TypeOf <TestSecurityEventListener>());
        }
예제 #6
0
        public void Should_register_event_listener()
        {
            // Arrange
            Action <ISecurityEvent> eventListener = e => {};

            // Act
            SecurityDoctor.Register(eventListener);

            // Assert
            Assert.That(SecurityDoctor.Listeners.Cast <AnonymousSecurityEventListener>().Single().EventListener, Is.EqualTo(eventListener));
        }
예제 #7
0
        public void Should_register_anonymous_event_listener_using_the_static_method()
        {
            // Arrange
            SecurityDoctor.Reset();
            Action <ISecurityEvent> eventListener = e => { };

            // Act
            SecurityDoctor.Register(eventListener);

            // Assert
            Assert.That(SecurityDoctor.Current.Listeners.Cast <AnonymousSecurityEventListener>().Single().EventListener, Is.EqualTo(eventListener));
        }
예제 #8
0
        public void Should_not_scan_for_eventlistners()
        {
            // Arrange
            SecurityDoctor.Reset();
            SecurityDoctor.Current.ScanForEventListenersOnConfigure = false;

            // Act
            SecurityConfigurator.Configure(configuration => {});

            // Assert
            Assert.That(SecurityDoctor.Current.ScannedForEventListeners, Is.False);
        }
예제 #9
0
        public void Should_register_event_listener()
        {
            // Arrange
            var doctor = new SecurityDoctor();
            ISecurityEventListener eventListener = new TestSecurityEventListener();

            // Act
            doctor.RegisterListener(eventListener);

            // Assert
            Assert.That(doctor.Listeners.Single(), Is.EqualTo(eventListener));
        }
예제 #10
0
        public void Should_register_event_listener_using_the_static_method()
        {
            // Arrange
            SecurityDoctor.Reset();
            ISecurityEventListener eventListener = new TestSecurityEventListener();

            // Act
            SecurityDoctor.Register(eventListener);

            // Assert
            Assert.That(SecurityDoctor.Current.Listeners.Single(), Is.EqualTo(eventListener));
        }
예제 #11
0
        public void Should_reset_event_listeners()
        {
            // Arrange
            SecurityDoctor.Register(e => {});
            SecurityDoctor.Register(e => {});
            SecurityDoctor.Register(e => {});

            // Act
            SecurityDoctor.Reset();

            // Assert
            Assert.That(SecurityDoctor.Listeners, Is.Null);
        }
예제 #12
0
        public void Should_register_multiple_anonymous_event_listener()
        {
            // Arrange
            var doctor = new SecurityDoctor();
            Action <ISecurityEvent> eventListener1 = e => { };
            Action <ISecurityEvent> eventListener2 = e => { };

            // Act
            doctor.RegisterListener(eventListener1);
            doctor.RegisterListener(eventListener2);

            // Assert
            Assert.That(doctor.Listeners.Count(), Is.EqualTo(2));
            Assert.That(doctor.Listeners.Cast <AnonymousSecurityEventListener>().First().EventListener, Is.EqualTo(eventListener1));
            Assert.That(doctor.Listeners.Cast <AnonymousSecurityEventListener>().Last().EventListener, Is.EqualTo(eventListener2));
        }
예제 #13
0
        public void Should_register_multiple_event_listener()
        {
            // Arrange
            var doctor = new SecurityDoctor();
            ISecurityEventListener eventListener1 = new TestSecurityEventListener();
            ISecurityEventListener eventListener2 = new AnonymousSecurityEventListener(e => { });

            // Act
            doctor.RegisterListener(eventListener1);
            doctor.RegisterListener(eventListener2);

            // Assert
            Assert.That(doctor.Listeners.Count(), Is.EqualTo(2));
            Assert.That(doctor.Listeners.First(), Is.EqualTo(eventListener1));
            Assert.That(doctor.Listeners.Last(), Is.EqualTo(eventListener2));
        }
예제 #14
0
        public void Should_scan_using_the_specified_scanner()
        {
            // Arrange
            var doctor = new SecurityDoctor();

            var calledScannerSetup = false;

            doctor.EventListenerScannerSetup = scanner =>
            {
                calledScannerSetup = true;
            };

            // Act
            doctor.ScanForEventListeners();

            // Assert
            Assert.That(calledScannerSetup, Is.True);
        }
예제 #15
0
        public void Should_produce_configuration_event_when_event_listener_is_registered()
        {
            // Arrange
            const string expectedMessage = "Message";

            var events = new List <ISecurityEvent>();

            SecurityDoctor.Register(events.Add);

            // Act
            Publish.ConfigurationEvent(() => expectedMessage);

            // Assert
            var @event = events.Single();

            Assert.That(@event.CorrelationId, Is.EqualTo(SecurityConfigurator.CorrelationId));
            Assert.That(@event.Message, Is.EqualTo(expectedMessage));
        }
예제 #16
0
        public void Should_produce_runtime_policy_event_when_event_listener_is_registered()
        {
            // Arrange
            const string expectedMessage = "Message";

            var events = new List <ISecurityEvent>();

            SecurityDoctor.Register(events.Add);
            var context = TestDataFactory.CreateSecurityContext(false);

            // Act
            Publish.RuntimePolicyEvent(() => expectedMessage, context);

            // Assert
            var @event = events.Single();

            Assert.That(@event.CorrelationId, Is.EqualTo(context.Id));
            Assert.That(@event.Message, Is.EqualTo(expectedMessage));
        }
예제 #17
0
        public void Should_not_throw_ConfigurationErrorsException_when_IgnoreMissingConfigurations_is_true()
        {
            // Arrange
            var events = new List <ISecurityEvent>();

            SecurityDoctor.Register(events.Add);
            SecurityConfigurator.Configure(configuration =>
            {
                configuration.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                configuration.Advanced.IgnoreMissingConfiguration();
                configuration.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor("NonConfiguredController", "Action", SecurityContext.Current));
            Assert.That(events.Any(e => e.Message == "Ignoring missing configuration."));
        }
예제 #18
0
        public void Should_return_result_when_no_event_listener_is_registered()
        {
            // Arrange
            SecurityDoctor.Reset();
            var context = TestDataFactory.CreateSecurityContext(false);

            var expectedResult1 = new {};
            var expectedResult2 = new {};
            var expectedResult3 = new {};


            // Act
            var result1 = Publish.ConfigurationEvent(() => expectedResult1, r => null);
            var result2 = Publish.RuntimeEvent(() => expectedResult2, r => null, context);
            var result3 = Publish.RuntimePolicyEvent(() => expectedResult3, r => null, context);

            // Assert
            Assert.That(result1, Is.EqualTo(expectedResult1));
            Assert.That(result2, Is.EqualTo(expectedResult2));
            Assert.That(result3, Is.EqualTo(expectedResult3));
        }
예제 #19
0
        public void Should_not_throw_exception_when_the_user_is_authenticated()
        {
            // Arrange
            var          controllerName = NameHelper.Controller <BlogController>();
            const string actionName     = "Index";

            var events = new List <ISecurityEvent>();

            SecurityDoctor.Register(events.Add);
            SecurityConfigurator.Configure(policy =>
            {
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act & Assert
            Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(controllerName, actionName, SecurityContext.Current));
            Assert.That(events.Any(e => e.Message == "Handling security for {0} action {1}.".FormatWith(controllerName, actionName)));
            Assert.That(events.Any(e => e.Message == "Done enforcing policies. Success!"));
        }
예제 #20
0
        public void Should_resolve_policy_violation_handler_for_exception_from_container()
        {
            // Arrange
            var          controllerName = NameHelper.Controller <BlogController>();
            const string actionName     = "Index";

            var events = new List <ISecurityEvent>();

            SecurityDoctor.Register(events.Add);
            var expectedActionResult = new ViewResult {
                ViewName = "SomeViewName"
            };
            var violationHandler = new DenyAnonymousAccessPolicyViolationHandler(expectedActionResult);

            FakeIoC.GetAllInstancesProvider = () => new List <IPolicyViolationHandler>
            {
                violationHandler
            };

            SecurityConfigurator.Configure(policy =>
            {
                policy.ResolveServicesUsing(FakeIoC.GetAllInstances);
                policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
                policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
            });

            var securityHandler = new SecurityHandler();

            // Act
            var result = securityHandler.HandleSecurityFor(controllerName, actionName, SecurityContext.Current);

            // Assert
            Assert.That(result, Is.EqualTo(expectedActionResult));
            Assert.That(events.Any(e => e.Message == "Handling security for {0} action {1}.".FormatWith(controllerName, actionName)));
            Assert.That(events.Any(e => e.Message == "Finding policy violation handler using convention {0}.".FormatWith(typeof(FindByPolicyNameConvention))));
            Assert.That(events.Any(e => e.Message == "Found policy violation handler {0}.".FormatWith(violationHandler.GetType().FullName)));
            Assert.That(events.Any(e => e.Message == "Handling violation with {0}.".FormatWith(violationHandler.GetType().FullName)));
            Assert.That(events.Any(e => e.Message == "Done enforcing policies. Violation occured!"));
        }
예제 #21
0
        public static ISecurityConfiguration SetupFluentSecurity()
        {
            SecurityDoctor.Register(Events.Add);
            SecurityConfigurator.Configure(configuration =>
            {
                configuration.Advanced.IgnoreMissingConfiguration();
                configuration.GetAuthenticationStatusFrom(Helpers.SecurityHelper.UserIsAuthenticated);
                configuration.GetRolesFrom(Helpers.SecurityHelper.UserRoles);

                configuration.DefaultPolicyViolationHandlerIs(() => new DefaultPolicyViolationHandler());
                configuration.Advanced.ModifySecurityContext(context => context.Data.QueryString = System.Web.HttpContext.Current.Request.QueryString);

                configuration.For <HomeController>().Ignore();

                configuration.For <AccountController>(x => x.LogInAsAdministrator()).DenyAuthenticatedAccess();
                configuration.For <AccountController>(x => x.LogInAsPublisher()).DenyAuthenticatedAccess();
                configuration.For <AccountController>(x => x.LogOut()).DenyAnonymousAccess();

                configuration.For <ExampleController>(x => x.DenyAnonymousAccess()).DenyAnonymousAccess();
                configuration.For <ExampleController>(x => x.DenyAuthenticatedAccess()).DenyAuthenticatedAccess();

                configuration.For <ExampleController>(x => x.RequireAdministratorRole()).RequireAnyRole(UserRole.Administrator);
                configuration.For <ExampleController>(x => x.RequirePublisherRole()).RequireAnyRole(UserRole.Publisher);

                configuration.For <AdminController>().AddPolicy(new AdministratorPolicy());
                configuration.For <AdminController>(x => x.Delete()).DelegatePolicy("LocalOnlyPolicy",
                                                                                    context => false//System.Web.HttpContext.Current.Request.IsLocal
                                                                                    );

                configuration.Scan(scan =>
                {
                    scan.AssembliesFromApplicationBaseDirectory();
                    scan.LookForProfiles();
                });

                configuration.ApplyProfile <CrudControllerProfile>();
            });
            return(SecurityConfiguration.Current);
        }
예제 #22
0
 static SecurityConfigurator()
 {
     CorrelationId = Guid.NewGuid();
     SecurityDoctor.ScanForEventListeners();
 }
예제 #23
0
 public void SetUp()
 {
     SecurityDoctor.Reset();
 }
예제 #24
0
 public void SetUp()
 {
     // Act
     _doctor = new SecurityDoctor();
 }