public async Task Invoke_FailedContextShouldNotCheckPermission() { // Arrange bool authorizationServiceIsCalled = false; var authorizationService = new Mock <IAuthorizationService>(); authorizationService .Setup(x => x.AuthorizeAsync(null, null, "CanViewComment")) .Returns(() => { authorizationServiceIsCalled = true; return(Task.FromResult(true)); }); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder() .RequireClaim("Permission", "CanViewComment") .Build()); var authorizationContext = GetAuthorizationContext(services => services.AddInstance(authorizationService.Object) ); authorizationContext.Result = new HttpUnauthorizedResult(); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.False(authorizationServiceIsCalled); }
public async Task Invoke_ValidClaimShouldNotFail() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.Null(authorizationContext.Result); }
public async Task Invoke_EmptyClaimsShouldAuthorizeAuthenticatedUser() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.Null(authorizationContext.Result); }
public async Task Invoke_RequireUnknownRoleShouldFail() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Wut").Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.NotNull(authorizationContext.Result); }
public async Task Invoke_RequireAdminAndUserRoleWithNoPolicyShouldSucceed() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Administrator").Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.Null(authorizationContext.Result); }
public async Task Invoke_CanFilterToOnlyBearerScheme() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Bearer") .RequireClaim("Permission", "CanViewPage") .Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.NotNull(authorizationContext.Result); }
public async Task Invoke_FailWhenLookingForClaimInOtherIdentity() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder() .RequireClaim("Permission", "CanViewComment") .Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.NotNull(authorizationContext.Result); }
public async Task Invoke_AuthSchemesFailShouldSetEmptyPrincipalOnContext() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Fails") .RequireAuthenticatedUser() .Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.NotNull(authorizationContext.HttpContext.User?.Identity); }
public async Task Invoke_EmptyClaimsWithAllowAnonymousAttributeShouldNotRejectAnonymousUser() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true); authorizationContext.Filters.Add(new AllowAnonymousFilter()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.Null(authorizationContext.Result); }
public async Task Invoke_RequireAdminRoleShouldFailWithNoHandlers() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Administrator").Build()); var authorizationContext = GetAuthorizationContext(services => { services.AddOptions(); services.AddTransient <IAuthorizationService, DefaultAuthorizationService>(); }); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.NotNull(authorizationContext.Result); }
public async Task Invoke_RequireAdminRoleButFailPolicyShouldFail() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder() .RequireRole("Administrator") .RequireClaim("Permission", "CanViewComment") .Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.NotNull(authorizationContext.Result); }
public async Task Invoke_CanLookingForClaimsInMultipleIdentities() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Basic", "Bearer") .RequireClaim("Permission", "CanViewComment") .RequireClaim("Permission", "CupBearer") .Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.NotNull(authorizationContext.Result); }
public async Task Invoke_EmptyClaimsWithAllowAnonymousAttributeShouldNotRejectAnonymousUser() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true); authorizationContext.Filters.Add(new AllowAnonymousAttribute()); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.Null(authorizationContext.Result); }
public async Task Invoke_FailedContextShouldNotCheckPermission() { // Arrange bool authorizationServiceIsCalled = false; var authorizationService = new Mock<IAuthorizationService>(); authorizationService .Setup(x => x.AuthorizeAsync(null, null, "CanViewComment")) .Returns(() => { authorizationServiceIsCalled = true; return Task.FromResult(true); }); var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder() .RequireClaim("Permission", "CanViewComment") .Build()); var authorizationContext = GetAuthorizationContext(services => services.AddSingleton(authorizationService.Object)); authorizationContext.Result = new HttpUnauthorizedResult(); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.False(authorizationServiceIsCalled); }
public async Task Invoke_RequireAdminRoleShouldFailWithNoHandlers() { // Arrange var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Administrator").Build()); var authorizationContext = GetAuthorizationContext(services => { services.AddOptions(); services.AddTransient<IAuthorizationService, DefaultAuthorizationService>(); }); // Act await authorizeFilter.OnAuthorizationAsync(authorizationContext); // Assert Assert.NotNull(authorizationContext.Result); }