public void Should_produce_runtime_policy_event_with_timing_when_event_listener_is_registered()
{
// Arrange
const int expectedMilliseconds = 9;
var expectedResult = new { };
const string expectedMessage = "Message";
var events = new List <ISecurityEvent>();
SecurityDoctor.Register(events.Add);
var context = TestDataFactory.CreateSecurityContext(false);
// Act
var result = Publish.RuntimePolicyEvent(() =>
{
Thread.Sleep(expectedMilliseconds + 5);
return(expectedResult);
}, r => expectedMessage, context);
// Assert
Assert.That(result, Is.EqualTo(expectedResult));
var @event = events.Single();
Assert.That(@event.CorrelationId, Is.EqualTo(context.Id));
Assert.That(@event.Message, Is.EqualTo(expectedMessage));
Assert.That(@event.CompletedInMilliseconds, Is.GreaterThanOrEqualTo(expectedMilliseconds));
}
public void Should_register_event_listener()
{
// Arrange
Action <ISecurityEvent> eventListener = e => {};
// Act
SecurityDoctor.Register(eventListener);
// Assert
Assert.That(SecurityDoctor.Listeners.Cast <AnonymousSecurityEventListener>().Single().EventListener, Is.EqualTo(eventListener));
}
public void Should_register_event_listener_using_the_static_method()
{
// Arrange
SecurityDoctor.Reset();
ISecurityEventListener eventListener = new TestSecurityEventListener();
// Act
SecurityDoctor.Register(eventListener);
// Assert
Assert.That(SecurityDoctor.Current.Listeners.Single(), Is.EqualTo(eventListener));
}
public void Should_register_anonymous_event_listener_using_the_static_method()
{
// Arrange
SecurityDoctor.Reset();
Action <ISecurityEvent> eventListener = e => { };
// Act
SecurityDoctor.Register(eventListener);
// Assert
Assert.That(SecurityDoctor.Current.Listeners.Cast <AnonymousSecurityEventListener>().Single().EventListener, Is.EqualTo(eventListener));
}
public void Should_reset_event_listeners()
{
// Arrange
SecurityDoctor.Register(e => {});
SecurityDoctor.Register(e => {});
SecurityDoctor.Register(e => {});
// Act
SecurityDoctor.Reset();
// Assert
Assert.That(SecurityDoctor.Listeners, Is.Null);
}
public void Should_register_multiple_event_listener()
{
// Arrange
SecurityDoctor.Reset();
Action <ISecurityEvent> eventListener1 = e => {};
Action <ISecurityEvent> eventListener2 = e => {};
// Act
SecurityDoctor.Register(eventListener1);
SecurityDoctor.Register(eventListener2);
// Assert
Assert.That(SecurityDoctor.Listeners.Count(), Is.EqualTo(2));
Assert.That(SecurityDoctor.Listeners.Cast <AnonymousSecurityEventListener>().First().EventListener, Is.EqualTo(eventListener1));
Assert.That(SecurityDoctor.Listeners.Cast <AnonymousSecurityEventListener>().Last().EventListener, Is.EqualTo(eventListener2));
}
public void Should_produce_configuration_event_when_event_listener_is_registered()
{
// Arrange
const string expectedMessage = "Message";
var events = new List <ISecurityEvent>();
SecurityDoctor.Register(events.Add);
// Act
Publish.ConfigurationEvent(() => expectedMessage);
// Assert
var @event = events.Single();
Assert.That(@event.CorrelationId, Is.EqualTo(SecurityConfigurator.CorrelationId));
Assert.That(@event.Message, Is.EqualTo(expectedMessage));
}
public void Should_not_throw_ConfigurationErrorsException_when_IgnoreMissingConfigurations_is_true()
{
// Arrange
var events = new List <ISecurityEvent>();
SecurityDoctor.Register(events.Add);
SecurityConfigurator.Configure(configuration =>
{
configuration.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
configuration.Advanced.IgnoreMissingConfiguration();
configuration.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
});
var securityHandler = new SecurityHandler();
// Act & Assert
Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor("NonConfiguredController", "Action", SecurityContext.Current));
Assert.That(events.Any(e => e.Message == "Ignoring missing configuration."));
}
public void Should_produce_runtime_policy_event_when_event_listener_is_registered()
{
// Arrange
const string expectedMessage = "Message";
var events = new List <ISecurityEvent>();
SecurityDoctor.Register(events.Add);
var context = TestDataFactory.CreateSecurityContext(false);
// Act
Publish.RuntimePolicyEvent(() => expectedMessage, context);
// Assert
var @event = events.Single();
Assert.That(@event.CorrelationId, Is.EqualTo(context.Id));
Assert.That(@event.Message, Is.EqualTo(expectedMessage));
}
public static ISecurityConfiguration SetupFluentSecurity()
{
SecurityDoctor.Register(Events.Add);
SecurityConfigurator.Configure(configuration =>
{
configuration.Advanced.IgnoreMissingConfiguration();
configuration.GetAuthenticationStatusFrom(Helpers.SecurityHelper.UserIsAuthenticated);
configuration.GetRolesFrom(Helpers.SecurityHelper.UserRoles);
configuration.DefaultPolicyViolationHandlerIs(() => new DefaultPolicyViolationHandler());
configuration.Advanced.ModifySecurityContext(context => context.Data.QueryString = System.Web.HttpContext.Current.Request.QueryString);
configuration.For <HomeController>().Ignore();
configuration.For <AccountController>(x => x.LogInAsAdministrator()).DenyAuthenticatedAccess();
configuration.For <AccountController>(x => x.LogInAsPublisher()).DenyAuthenticatedAccess();
configuration.For <AccountController>(x => x.LogOut()).DenyAnonymousAccess();
configuration.For <ExampleController>(x => x.DenyAnonymousAccess()).DenyAnonymousAccess();
configuration.For <ExampleController>(x => x.DenyAuthenticatedAccess()).DenyAuthenticatedAccess();
configuration.For <ExampleController>(x => x.RequireAdministratorRole()).RequireAnyRole(UserRole.Administrator);
configuration.For <ExampleController>(x => x.RequirePublisherRole()).RequireAnyRole(UserRole.Publisher);
configuration.For <AdminController>().AddPolicy(new AdministratorPolicy());
configuration.For <AdminController>(x => x.Delete()).DelegatePolicy("LocalOnlyPolicy",
context => false//System.Web.HttpContext.Current.Request.IsLocal
);
configuration.Scan(scan =>
{
scan.AssembliesFromApplicationBaseDirectory();
scan.LookForProfiles();
});
configuration.ApplyProfile <CrudControllerProfile>();
});
return(SecurityConfiguration.Current);
}
public void Should_resolve_policy_violation_handler_for_exception_from_container()
{
// Arrange
var controllerName = NameHelper.Controller <BlogController>();
const string actionName = "Index";
var events = new List <ISecurityEvent>();
SecurityDoctor.Register(events.Add);
var expectedActionResult = new ViewResult {
ViewName = "SomeViewName"
};
var violationHandler = new DenyAnonymousAccessPolicyViolationHandler(expectedActionResult);
FakeIoC.GetAllInstancesProvider = () => new List <IPolicyViolationHandler>
{
violationHandler
};
SecurityConfigurator.Configure(policy =>
{
policy.ResolveServicesUsing(FakeIoC.GetAllInstances);
policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsFalse);
policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
});
var securityHandler = new SecurityHandler();
// Act
var result = securityHandler.HandleSecurityFor(controllerName, actionName, SecurityContext.Current);
// Assert
Assert.That(result, Is.EqualTo(expectedActionResult));
Assert.That(events.Any(e => e.Message == "Handling security for {0} action {1}.".FormatWith(controllerName, actionName)));
Assert.That(events.Any(e => e.Message == "Finding policy violation handler using convention {0}.".FormatWith(typeof(FindByPolicyNameConvention))));
Assert.That(events.Any(e => e.Message == "Found policy violation handler {0}.".FormatWith(violationHandler.GetType().FullName)));
Assert.That(events.Any(e => e.Message == "Handling violation with {0}.".FormatWith(violationHandler.GetType().FullName)));
Assert.That(events.Any(e => e.Message == "Done enforcing policies. Violation occured!"));
}
public void Should_not_throw_exception_when_the_user_is_authenticated()
{
// Arrange
var controllerName = NameHelper.Controller <BlogController>();
const string actionName = "Index";
var events = new List <ISecurityEvent>();
SecurityDoctor.Register(events.Add);
SecurityConfigurator.Configure(policy =>
{
policy.GetAuthenticationStatusFrom(StaticHelper.IsAuthenticatedReturnsTrue);
policy.For <BlogController>(x => x.Index()).DenyAnonymousAccess();
});
var securityHandler = new SecurityHandler();
// Act & Assert
Assert.DoesNotThrow(() => securityHandler.HandleSecurityFor(controllerName, actionName, SecurityContext.Current));
Assert.That(events.Any(e => e.Message == "Handling security for {0} action {1}.".FormatWith(controllerName, actionName)));
Assert.That(events.Any(e => e.Message == "Done enforcing policies. Success!"));
}