public void Can_update_admin_ip_regulation()
{
/*** Arrange ***/
var ipAddress = TestDataGenerator.GetRandomIpAddress();
var adminIpRegulation = new AddBackendIpRegulationData
{
IpAddress = ipAddress
};
_backendService.CreateIpRegulation(adminIpRegulation);
var regulation = _backendService.GetIpRegulations().SingleOrDefault(ip => ip.IpAddress == ipAddress);
var editIpAddress = TestDataGenerator.GetRandomIpAddress();
var editDescription = TestDataGenerator.GetRandomString(20);
regulation.IpAddress = editIpAddress;
regulation.Description = editDescription;
var updateRegulationData = Mapper.DynamicMap <EditBackendIpRegulationData>(regulation);
/*** Act ***/
_backendService.UpdateIpRegulation(updateRegulationData);
/*** Assert ***/
var updatedRegulation = _backendService.GetIpRegulations().SingleOrDefault(ip => ip.IpAddress == editIpAddress);
Assert.IsNotNull(updatedRegulation);
Assert.AreEqual(updatedRegulation.IpAddress, editIpAddress);
Assert.AreEqual(updatedRegulation.Description, editDescription);
}
public void WhenNewAdminIpRegulationIsCreated()
{
var ipAddress = TestDataGenerator.GetRandomIpAddress();
var data = new AddBackendIpRegulationData
{
IpAddress = ipAddress
};
var adminIpRegulation = BackendIpRegulationService.CreateIpRegulation(data);
ScenarioContext.Current.Add("adminIpRegulationId", adminIpRegulation.Id);
}
public void Cannot_update_admin_ip_regulation_without_permissions()
{
/*** Arrange ***/
// Create role and user that has permission to update IP regulation
var sufficientPermissions = new List <PermissionData>
{
SecurityTestHelper.GetPermission(Permissions.Update, Modules.BackendIpRegulationManager)
};
var roleWithPermission = SecurityTestHelper.CreateRole(permissions: sufficientPermissions);
var userWithPermission = SecurityTestHelper.CreateAdmin(roleId: roleWithPermission.Id);
// Create role and user that has permission only to view IP regulations not to update ones
var insufficientPermissions = new List <PermissionData>
{
SecurityTestHelper.GetPermission(Permissions.View, Modules.BackendIpRegulationManager)
};
var roleWithoutPermission = SecurityTestHelper.CreateRole(permissions: insufficientPermissions);
var userWithoutPermission = SecurityTestHelper.CreateAdmin(roleId: roleWithoutPermission.Id);
var ipAddress = TestDataGenerator.GetRandomIpAddress();
var adminIpRegulation = new AddBackendIpRegulationData
{
IpAddress = ipAddress
};
_backendService.CreateIpRegulation(adminIpRegulation);
var regulation = _backendService.GetIpRegulations().SingleOrDefault(ip => ip.IpAddress == ipAddress);
var editIpAddress = TestDataGenerator.GetRandomIpAddress();
var editDescription = TestDataGenerator.GetRandomString(20);
regulation.IpAddress = editIpAddress;
regulation.Description = editDescription;
var updateRegulationData = Mapper.DynamicMap <EditBackendIpRegulationData>(regulation);
/*** Act ***/
// Signin user that has sufficient permissions to update backend IP regulation
SecurityTestHelper.SignInAdmin(userWithPermission);
// Check that method UpdateIpRegulation doesn't throw InsufficientPermissionsException
Assert.DoesNotThrow(
() => _backendService.UpdateIpRegulation(updateRegulationData));
// Signin user that has insufficient permissions to update backend IP regulation
SecurityTestHelper.SignInAdmin(userWithoutPermission);
// Check that method UpdateIpRegulation throws InsufficientPermissionsException
Assert.Throws <InsufficientPermissionsException>(
() => _backendService.UpdateIpRegulation(updateRegulationData));
}
public AdminIpRegulation CreateIpRegulation(AddBackendIpRegulationData data)
{
var regulation = Mapper.DynamicMap <AdminIpRegulation>(data);
using (var scope = CustomTransactionScope.GetTransactionScope())
{
regulation.CreatedBy = Repository.Admins.SingleOrDefault(u => u.Id == ActorInfoProvider.Actor.Id);
regulation.CreatedDate = DateTime.Now;
regulation.Id = Guid.NewGuid();
Repository.AdminIpRegulations.Add(regulation);
Repository.SaveChanges();
_eventBus.Publish(new AdminIpRegulationCreated(regulation));
scope.Complete();
}
return(regulation);
}
public void Cannot_access_admin_website_for_single_ip_address_specified_in_ipv4_format()
{
// *** Arrange ***
var ipAddressv4 = TestDataGenerator.GetRandomIpAddress(IpVersion.Ipv4);
var adminIpRegulation = new AddBackendIpRegulationData
{
IpAddress = ipAddressv4
};
_backendService.CreateIpRegulation(adminIpRegulation);
// *** Act ***
var isIpAddressAllowed = _backendService.VerifyIpAddress(ipAddressv4);
// *** Assert ***
Assert.True(isIpAddressAllowed);
}
public void Can_create_admin_ip_regulation()
{
/*** Arrange ***/
var ipAddress = TestDataGenerator.GetRandomIpAddress();
var adminIpRegulation = new AddBackendIpRegulationData
{
IpAddress = ipAddress
};
/*** Act ***/
_backendService.CreateIpRegulation(adminIpRegulation);
/*** Assert ***/
var regulation = _backendService.GetIpRegulations().SingleOrDefault(ip => ip.IpAddress == ipAddress);
Assert.IsNotNull(regulation);
}
public void Cannot_access_admin_website_with_ip_address_specified_in_ipv6_format()
{
// *** Arrange ***
var ipAddressv6 = TestDataGenerator.GetRandomIpAddress(IpVersion.Ipv6);
var adminIpRegulationData = new AddBackendIpRegulationData
{
IpAddress = ipAddressv6
};
_backendService.CreateIpRegulation(adminIpRegulationData);
var ipAddressNotInWhiteList = TestDataGenerator.GetRandomIpAddress(IpVersion.Ipv6);
// *** Act ***
var isIpAddressBlocked = _backendService.VerifyIpAddress(ipAddressNotInWhiteList);
// *** Assert ***
Assert.True(isIpAddressBlocked);
}
public void Can_verify_ip_address_range_lower_and_upper_bounds_for_admin_website()
{
// *** Arrange ***
const string ipAddressRange = "192.168.5.10-20";
var adminIpRegulation = new AddBackendIpRegulationData
{
IpAddress = ipAddressRange
};
_backendService.CreateIpRegulation(adminIpRegulation);
// *** Act ***
var isLowerBoundAllowed = _backendService.VerifyIpAddress("192.168.5.10");
var isUpperBoundAllowed = _backendService.VerifyIpAddress("192.168.5.20");
// *** Assert ***
Assert.True(isLowerBoundAllowed);
Assert.True(isUpperBoundAllowed);
}
public void Cannot_create_admin_ip_regulation_without_permissions()
{
/*** Arrange ***/
// Create role and user that has permission to create new IP regulation
var sufficientPermissions = new List <PermissionData>
{
SecurityTestHelper.GetPermission(Permissions.Create, Modules.BackendIpRegulationManager)
};
var roleWithPermission = SecurityTestHelper.CreateRole(permissions: sufficientPermissions);
var userWithPermission = SecurityTestHelper.CreateAdmin(roleId: roleWithPermission.Id);
// Create role and user that has permission only to view IP regulations not to create ones
var insufficientPermissions = new List <PermissionData>
{
SecurityTestHelper.GetPermission(Permissions.View, Modules.BackendIpRegulationManager)
};
var roleWithoutPermission = SecurityTestHelper.CreateRole(permissions: insufficientPermissions);
var userWithoutPermission = SecurityTestHelper.CreateAdmin(roleId: roleWithoutPermission.Id);
var ipAddress = TestDataGenerator.GetRandomIpAddress();
var adminIpRegulation = new AddBackendIpRegulationData
{
IpAddress = ipAddress
};
/*** Act ***/
// Signin user that has sufficient permissions to create new backend IP regulation
SecurityTestHelper.SignInAdmin(userWithPermission);
// Check that method CreateIpRegulation doesn't throw InsufficientPermissionsException
Assert.DoesNotThrow(
() => _backendService.CreateIpRegulation(adminIpRegulation));
// Signin user that has insufficient permissions to create new backend IP regulation
SecurityTestHelper.SignInAdmin(userWithoutPermission);
// Check that method CreateIpRegulation throws InsufficientPermissionsException
Assert.Throws <InsufficientPermissionsException>(
() => _backendService.CreateIpRegulation(adminIpRegulation));
}
public void Allow_access_to_admin_website_for_ip_address_ranges_specified_with_dashes()
{
// *** Arrange ***
var ipAddressRangeWithDash = TestDataGenerator.GetRandomIpAddressV4Range(IpAddressRangeSeparators.Dash);
var adminIpRegulation = new AddBackendIpRegulationData
{
IpAddress = ipAddressRangeWithDash
};
_backendService.CreateIpRegulation(adminIpRegulation);
// Expand ip address range into list of ip addresses, e.g. 192.168.5.10/12 is expanded into [192.168.5.10, 192.168.5.11]
var expandedIpAddressRange = IpRegulationRangeHelper.ExpandIpAddressRange(ipAddressRangeWithDash).ToList();
// *** Act ***
var isIpAddressRangeAllowed = expandedIpAddressRange.Select(address => _backendService.VerifyIpAddress(address))
.Aggregate(true, (current, result) => current && result);
// *** Assert ***
Assert.True(isIpAddressRangeAllowed);
}
public void Can_verify_unique_ip_address_v6_for_admin_website()
{
// *** Arrange ***
const string ipAddressRange = "1111::6666:7777:8888/32";
var adminIpRegulation = new AddBackendIpRegulationData
{
IpAddress = ipAddressRange
};
_backendService.CreateIpRegulation(adminIpRegulation);
// *** Act ***
var isIpAddressWithinRegulationRange = _backendService.IsIpAddressUnique("1111:0000:0000:0000:0000:6666:7777:9999");
var isIpAddressOutOfRegulationRange = _backendService.IsIpAddressUnique("1111:0000:0000:0000:0000:6666:7777:7777");
var isIpAddressRangeIntersectRegulationRange = _backendService.IsIpAddressUnique("1111::6666:7777:8888/24");
var isIpAddressRangeDontIntersectRegulationRange = _backendService.IsIpAddressUnique("1111::6666:7777:1111/128");
// *** Assert ***
Assert.False(isIpAddressWithinRegulationRange);
Assert.True(isIpAddressOutOfRegulationRange);
Assert.False(isIpAddressRangeIntersectRegulationRange);
Assert.True(isIpAddressRangeDontIntersectRegulationRange);
}
public void Can_verify_unique_ip_address_v4_for_admin_website()
{
// *** Arrange ***
const string ipAddressRange = "192.168.5.10-20";
var adminIpRegulation = new AddBackendIpRegulationData
{
IpAddress = ipAddressRange
};
_backendService.CreateIpRegulation(adminIpRegulation);
// *** Act ***
var isIpAddressWithinRegulationRange = _backendService.IsIpAddressUnique("192.168.5.15");
var isIpAddressOutOfRegulationRange = _backendService.IsIpAddressUnique("192.168.5.52");
var isIpAddressRangeIntersectRegulationRange = _backendService.IsIpAddressUnique("192.168.5.15-25");
var isIpAddressRangeDontIntersectRegulationRange = _backendService.IsIpAddressUnique("192.168.5.25-30");
// *** Assert ***
Assert.False(isIpAddressWithinRegulationRange);
Assert.True(isIpAddressOutOfRegulationRange);
Assert.False(isIpAddressRangeIntersectRegulationRange);
Assert.True(isIpAddressRangeDontIntersectRegulationRange);
}
