public void ValidatorBuilder_integration_test_with_example_configuration() { var defaultAuthorizeAttribute = new AuthorizeAttribute(PolicyNames.RequireAuthorizedAdmin); var validatorBuilder = new ValidatorBuilder(_assemblyName, defaultAuthorizeAttribute); var excludeControllersInPathFakeControllers = typeof(FakeControllers).FullName; var validator = validatorBuilder .ExcludeControllersInPath(pathContains: $"{excludeControllersInPathFakeControllers}") .AddControllerRule <AccountController>(new AllowAnonymousAttribute()) .AddActionRule <AccountController>( nameof(AccountController.Get), new AuthorizeAttribute("MyPolicyToGetAll")) .AddActionRule <AccountController>( nameof(AccountController.Get), new MyParameterInfo { Name = "id", Type = typeof(int) }, new AuthorizeAttribute("MyPolicyToGetSingle")) .AddActionRule <AccountController>( nameof(AccountController.Delete), new AuthorizeAttribute("MyPolicyToDelete")) .AddActionRule <AccountController>( nameof(AccountController.GetWithSimpleRule), new AuthorizeAttribute("MyPolicyToGetWithSimpleRule")) .AddActionRule <AccountController>( nameof(AccountController.Post), new List <MyParameterInfo> { new MyParameterInfo { Name = "command", Type = typeof(AccountController.CreateSomethingCommand) } }, new AuthorizeAttribute("MyPolicyToPost")) .AddControllerRule <UserController>(new AuthorizeAttribute(PolicyNames.RequireAuthorizedUser)) .AddControllerRule <PublicController>(new AllowAnonymousAttribute()) .AddActionRule <PublicController>( nameof(PublicController.Get), new MyParameterInfo { Name = "id", Type = typeof(int) }, new AuthorizeAttribute("MyPolicy")) .AddActionRule <PublicController>( nameof(PublicController.Get), new AuthorizeAttribute("MyPolicy")) .AddActionRule <PublicController>( nameof(PublicController.Delete), new AuthorizeAttribute("DeletePolicy")) //to ensure multiple controllers using the same name works .AddControllerRule <Fakes.Controllers.Duplicate.PublicController>(new AuthorizeAttribute()) .Build(); //get all results to do what you want with var validatedResults = validator.ValidatedResults(); //Debugger.Break(); //execute tests and fail on error //TODO? rename to ValidateAndThrowOnError ? validator.ValidateAndThrowOnError(); //print all results in test output no matter if validation is successful or not. validator.PrintValidatedResults(_outputHelper); }
public void Controllers_and_actions_have_correct_Authorization() { /* * create the validator builder * - with the assembly under test; in this case 'WebApi' * - with the default required attribute * (the attribute that will be required on all controller actions without explicit rules configured) */ var assemblyName = nameof(WebApi); var defaultAttributeRequired = new AuthorizeAttribute(PolicyNames.RequireAuthorizedAdmin); var validatorBuilder = new ValidatorBuilder(assemblyName, defaultAttributeRequired); /* * It is possible to exclude controllers from validation with path * This can be used to exclude a folder/namespace path or single controller (FullName) * read the summary of the method */ var excludeControllersInPath = typeof(ExcludedFromValidationController).FullName; /* * The builder returns a validator that is used to trigger validation of configured rules * From the validator you can * - get all validation results as objects * - print all results in unit test output * - throw on failure (prints all invalid results in test output) */ var validator = validatorBuilder //exclude a controller from validation .ExcludeControllersInPath(excludeControllersInPath) //add a controller rule .AddControllerRule <AccountController>(new AllowAnonymousAttribute()) // add an action rule; // note that action rules takes presence over controller rules, always. // If you have more than one action with the same name // this rule will only be applied to the first one found in the controller .AddActionRule <AccountController>( nameof(AccountController.Get), new AuthorizeAttribute("MyPolicyToGetAll")) //add an action rule matching on parameters // my recommendation is that you don't do this, instead name the actions differently =) .AddActionRule <AccountController>( nameof(AccountController.Get), new MyParameterInfo { Name = "id", Type = typeof(int) }, new AuthorizeAttribute("MyPolicyToGetSingle")) .AddActionRule <AccountController>( nameof(AccountController.Delete), new AuthorizeAttribute("MyPolicyToDelete")) //note: this action name, GetWithSimpleRule, can match two actions in the controller // actions will always (?) be ordered as they appear in the controller (top down) .AddActionRule <AccountController>( nameof(AccountController.GetWithSimpleRule), new AuthorizeAttribute("MyPolicyToGetWithSimpleRule")) .AddActionRule <AccountController>( nameof(AccountController.Post), new List <MyParameterInfo> { new MyParameterInfo { Name = "command", Type = typeof(AccountController.CreateSomethingCommand) } }, new AuthorizeAttribute("MyPolicyToPost")) .AddControllerRule <UserController>(new AuthorizeAttribute(PolicyNames.RequireAuthorizedUser)) .AddControllerRule <PublicController>(new AllowAnonymousAttribute()) .AddActionRule <PublicController>( nameof(PublicController.Get), new MyParameterInfo { Name = "id", Type = typeof(int) }, new AuthorizeAttribute("MyPolicy")) .AddActionRule <PublicController>( nameof(PublicController.Get), new AuthorizeAttribute("MyPolicy")) .AddActionRule <PublicController>( nameof(PublicController.Delete), new AuthorizeAttribute("DeletePolicy")) //configuration is completed .Build(); //run the tests and throw on failed validation, prints all failed results validator.ValidateAndThrowOnError(); //print all results in test output no matter if validation is successful or not. validator.PrintValidatedResults(_outputHelper); //get the results and do what you like with them var results = validator.ValidatedResults(); }