public void CheckInternalOrOrganisationAccess_ReturnsTrue_WhenUserHasRequiredInternalClaim()
{
// Arrange
Guid organisationID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
Guid userId = Guid.NewGuid();
IUserContext userContext = A.Fake <IUserContext>();
WeeeContext weeeContext =
MakeFakeWeeeContext(
userContext,
userId,
new List <OrganisationUser> {
new OrganisationUser(userId, organisationID, UserStatus.Active)
});
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, Claims.CanAccessInternalArea));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckInternalOrOrganisationAccess(organisationID);
// Assert
Assert.Equal(true, result);
}
public void CheckSchemeAccess_ReturnsTrue_WhenUserHasRequiredClaims()
{
// Arrange
Guid organisationID = Guid.NewGuid();
Guid userId = Guid.NewGuid();
Guid schemeID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
Domain.Scheme.Scheme scheme = new Domain.Scheme.Scheme(organisationID);
typeof(Entity).GetProperty("Id").SetValue(scheme, schemeID); // <- sad but necessary
IUserContext userContext = A.Fake <IUserContext>();
WeeeContext weeeContext =
MakeFakeWeeeContext(
userContext,
userId,
new List <OrganisationUser> {
new OrganisationUser(userId, organisationID, UserStatus.Active)
},
new List <Domain.Scheme.Scheme> {
scheme
});
A.CallTo(() => userContext.UserId).Returns(userId);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckSchemeAccess(schemeID);
// Assert
Assert.Equal(true, result);
}
public void EnsureSchemeAccess_ThrowsSecurityException_WhenUserHasNoClaims()
{
// Arrange
Guid schemeID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
IUserContext userContext = A.Fake <IUserContext>();
WeeeContext weeeContext = MakeFakeWeeeContext(userContext);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
Action action = () => authorization.EnsureSchemeAccess(schemeID);
// Assert
Assert.Throws(typeof(SecurityException), action);
}
public void CheckSchemeAccess_ReturnsFalse_WhenUserHasNoClaims()
{
// Arrange
Guid schemeID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
IUserContext userContext = A.Fake <IUserContext>();
WeeeContext weeeContext = MakeFakeWeeeContext(userContext);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckSchemeAccess(schemeID);
// Assert
Assert.Equal(false, result);
}
public void EnsureCanAccessExternalArea_ThrowsSecurityException_WhenUserHasNoClaims()
{
// Arrange
WeeeContext weeeContext = A.Fake <WeeeContext>();
ClaimsPrincipal principal = new ClaimsPrincipal();
IUserContext userContext = A.Fake <IUserContext>();
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
Action action = () => authorization.EnsureCanAccessExternalArea();
// Assert
Assert.Throws(typeof(SecurityException), action);
}
public void CheckCanAccessExternalArea_ReturnsFalse_WhenUserHasNoClaims()
{
// Arrange
WeeeContext weeeContext = A.Fake <WeeeContext>();
ClaimsPrincipal principal = new ClaimsPrincipal();
IUserContext userContext = A.Fake <IUserContext>();
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckCanAccessExternalArea();
// Assert
Assert.Equal(false, result);
}
public void EnsureUserInRole_ThrowsSecurityException_WhenUserIsNotInRole()
{
// Arrange
var userId = Guid.NewGuid();
IUserContext userContext = A.Fake <IUserContext>();
var competentAuthorityUsers = new List <CompetentAuthorityUser>
{
new CompetentAuthorityUser(userId.ToString(), Guid.NewGuid(), UserStatus.Active, new Role("InternalUser", "Standard user"))
};
WeeeContext weeeContext = MakeFakeWeeeContext(userContext, userId: userId, competentAuthorityUsers: competentAuthorityUsers);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act, Assert
Assert.Throws <SecurityException>(() => authorization.EnsureUserInRole(Roles.InternalAdmin));
}
public void EnsureCanAccessInternalArea_ThrowsSecurityException_WhenUserHasNoClaims()
{
// Arrange
WeeeContext weeeContext = A.Fake<WeeeContext>();
ClaimsPrincipal principal = new ClaimsPrincipal();
IUserContext userContext = A.Fake<IUserContext>();
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
Action action = () => authorization.EnsureCanAccessInternalArea();
// Assert
Assert.Throws(typeof(SecurityException), action);
A.CallTo(() => weeeContext.CompetentAuthorityUsers).MustNotHaveHappened();
}
public void EnsureCanAccessInternalArea_ActiveUserNotRequired_DoesNotThrowSecurityException_WhenUserHasClaimsAndIsNotActive()
{
// Arrange
IUserContext userContext = A.Fake<IUserContext>();
WeeeContext weeeContext = MakeFakeWeeeContext(userContext, userStatusActive: false);
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, Claims.CanAccessInternalArea));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
var ex = Record.Exception(() => authorization.EnsureCanAccessInternalArea(false));
// Assert
Assert.Null(ex);
A.CallTo(() => weeeContext.CompetentAuthorityUsers).MustNotHaveHappened();
}
public void CheckUserInRole_ReturnsTrue_WhenUserIsInRole()
{
// Arrange
var userId = Guid.NewGuid();
IUserContext userContext = A.Fake <IUserContext>();
var competentAuthorityUsers = new List <CompetentAuthorityUser>
{
new CompetentAuthorityUser(userId.ToString(), Guid.NewGuid(), UserStatus.Active, new Role("InternalAdmin", "Administrator"))
};
WeeeContext weeeContext = MakeFakeWeeeContext(userContext, userId: userId, competentAuthorityUsers: competentAuthorityUsers);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckUserInRole(Roles.InternalAdmin);
// Assert
Assert.True(result);
}
public void CheckCanAccessExternalArea_ReturnsTrue_WhenUserHasRequiredClaim()
{
// Arrange
WeeeContext weeeContext = A.Fake <WeeeContext>();
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, Claims.CanAccessExternalArea));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
IUserContext userContext = A.Fake <IUserContext>();
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckCanAccessExternalArea();
// Assert
Assert.Equal(true, result);
}
public void CheckCanAccessInternalArea_ActiveUserNotRequired_ReturnsTrue_WhenUserHasClaimsAndIsNotActive()
{
// Arrange
IUserContext userContext = A.Fake <IUserContext>();
WeeeContext weeeContext = MakeFakeWeeeContext(userContext);
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, Claims.CanAccessInternalArea));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckCanAccessInternalArea(false);
// Assert
Assert.Equal(true, result);
A.CallTo(() => weeeContext.CompetentAuthorityUsers).MustNotHaveHappened();
}
public void EnsureCanAccessInternalArea_ActiveUserNotRequired_DoesNotThrowSecurityException_WhenUserHasClaimsAndIsNotActive()
{
// Arrange
IUserContext userContext = A.Fake <IUserContext>();
WeeeContext weeeContext = MakeFakeWeeeContext(userContext, userStatusActive: false);
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, Claims.CanAccessInternalArea));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
var ex = Record.Exception(() => authorization.EnsureCanAccessInternalArea(false));
// Assert
Assert.Null(ex);
A.CallTo(() => weeeContext.CompetentAuthorityUsers).MustNotHaveHappened();
}
public void CheckInternalOrOrganisationAccess_ReturnsTrue_WhenUserHasRequiredOrganisationClaim()
{
// Arrange
Guid organisationID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
Guid userId = Guid.NewGuid();
IUserContext userContext = A.Fake <IUserContext>();
WeeeContext weeeContext =
MakeFakeWeeeContext(
userContext,
userId,
new List <OrganisationUser> {
new OrganisationUser(userId, organisationID, UserStatus.Active)
});
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckInternalOrOrganisationAccess(organisationID);
// Assert
Assert.Equal(true, result);
}
public void CheckCanAccessInternalArea_ActiveUserNotRequired_ReturnsTrue_WhenUserHasClaimsAndIsNotActive()
{
// Arrange
IUserContext userContext = A.Fake<IUserContext>();
WeeeContext weeeContext = MakeFakeWeeeContext(userContext);
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, Claims.CanAccessInternalArea));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckCanAccessInternalArea(false);
// Assert
Assert.Equal(true, result);
A.CallTo(() => weeeContext.CompetentAuthorityUsers).MustNotHaveHappened();
}
public void CheckCanAccessExternalArea_ReturnsTrue_WhenUserHasRequiredClaim()
{
// Arrange
WeeeContext weeeContext = A.Fake<WeeeContext>();
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, Claims.CanAccessExternalArea));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
IUserContext userContext = A.Fake<IUserContext>();
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckCanAccessExternalArea();
// Assert
Assert.Equal(true, result);
}
public void CheckInternalOrOrganisationAccess_ReturnsTrue_WhenUserHasRequiredOrganisationClaim()
{
// Arrange
Guid organisationID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
Guid userId = Guid.NewGuid();
IUserContext userContext = A.Fake<IUserContext>();
WeeeContext weeeContext =
MakeFakeWeeeContext(
userContext,
userId,
new List<OrganisationUser> { new OrganisationUser(userId, organisationID, UserStatus.Active) });
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckInternalOrOrganisationAccess(organisationID);
// Assert
Assert.Equal(true, result);
}
public void CheckInternalOrOrganisationAccess_ReturnsTrue_WhenUserHasRequiredInternalClaim()
{
// Arrange
Guid organisationID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
Guid userId = Guid.NewGuid();
IUserContext userContext = A.Fake<IUserContext>();
WeeeContext weeeContext =
MakeFakeWeeeContext(
userContext,
userId,
new List<OrganisationUser> { new OrganisationUser(userId, organisationID, UserStatus.Active) });
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, Claims.CanAccessInternalArea));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckInternalOrOrganisationAccess(organisationID);
// Assert
Assert.Equal(true, result);
}
public void EnsureSchemeAccess_ThrowsSecurityException_WhenUserHasNoClaims()
{
// Arrange
Guid schemeID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
IUserContext userContext = A.Fake<IUserContext>();
WeeeContext weeeContext = MakeFakeWeeeContext(userContext);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
Action action = () => authorization.EnsureSchemeAccess(schemeID);
// Assert
Assert.Throws(typeof(SecurityException), action);
}
public void CheckSchemeAccess_ReturnsFalse_WhenUserHasNoClaims()
{
// Arrange
Guid schemeID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
IUserContext userContext = A.Fake<IUserContext>();
WeeeContext weeeContext = MakeFakeWeeeContext(userContext);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckSchemeAccess(schemeID);
// Assert
Assert.Equal(false, result);
}
public void CheckSchemeAccess_ReturnsTrue_WhenUserHasRequiredClaims()
{
// Arrange
Guid organisationID = Guid.NewGuid();
Guid userId = Guid.NewGuid();
Guid schemeID = new Guid("5F3069F4-EDA3-43A3-BDD8-726028CDABB0");
Domain.Scheme.Scheme scheme = new Domain.Scheme.Scheme(organisationID);
typeof(Entity).GetProperty("Id").SetValue(scheme, schemeID); // <- sad but necessary
IUserContext userContext = A.Fake<IUserContext>();
WeeeContext weeeContext =
MakeFakeWeeeContext(
userContext,
userId,
new List<OrganisationUser> { new OrganisationUser(userId, organisationID, UserStatus.Active) },
new List<Domain.Scheme.Scheme> { scheme });
A.CallTo(() => userContext.UserId).Returns(userId);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckSchemeAccess(schemeID);
// Assert
Assert.Equal(true, result);
}
public void CheckUserInRole_ReturnsTrue_WhenUserIsInRole()
{
// Arrange
var userId = Guid.NewGuid();
IUserContext userContext = A.Fake<IUserContext>();
var competentAuthorityUsers = new List<CompetentAuthorityUser>
{
new CompetentAuthorityUser(userId.ToString(), Guid.NewGuid(), UserStatus.Active, new Role("InternalAdmin", "Administrator"))
};
WeeeContext weeeContext = MakeFakeWeeeContext(userContext, userId: userId, competentAuthorityUsers: competentAuthorityUsers);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckUserInRole(Roles.InternalAdmin);
// Assert
Assert.True(result);
}
public void EnsureUserInRole_ThrowsSecurityException_WhenUserIsNotInRole()
{
// Arrange
var userId = Guid.NewGuid();
IUserContext userContext = A.Fake<IUserContext>();
var competentAuthorityUsers = new List<CompetentAuthorityUser>
{
new CompetentAuthorityUser(userId.ToString(), Guid.NewGuid(), UserStatus.Active, new Role("InternalUser", "Standard user"))
};
WeeeContext weeeContext = MakeFakeWeeeContext(userContext, userId: userId, competentAuthorityUsers: competentAuthorityUsers);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act, Assert
Assert.Throws<SecurityException>(() => authorization.EnsureUserInRole(Roles.InternalAdmin));
}
public void CheckCanAccessInternalArea_ReturnsFalse_WhenUserHasNoClaims()
{
// Arrange
WeeeContext weeeContext = A.Fake<WeeeContext>();
ClaimsPrincipal principal = new ClaimsPrincipal();
IUserContext userContext = A.Fake<IUserContext>();
A.CallTo(() => userContext.Principal).Returns(principal);
WeeeAuthorization authorization = new WeeeAuthorization(weeeContext, userContext);
// Act
bool result = authorization.CheckCanAccessInternalArea();
// Assert
Assert.Equal(false, result);
A.CallTo(() => weeeContext.CompetentAuthorityUsers).MustNotHaveHappened();
}