public async Task GetAccounts_ShouldSucceed()
        {
            Bogus.Faker faker    = new Bogus.Faker();
            var         identity = faker.Random.Identity();

            var accountUserFaker    = new Common.Fakers.AccountUserFaker();
            var master              = accountUserFaker.Generate();
            var newAccountUserFaker = accountUserFaker
                                      .RuleFor(au => au.UserId, master.UserId)
                                      .RuleFor(au => au.UserDescription, master.AccountDescription);

            var originalAccountUserList = newAccountUserFaker.Generate(3);

            var mockAuthorizationService = new Mock <IAuthorizationService>();

            mockAuthorizationService.Setup(a => a.CheckAuthorizedUser(identity, master.UserId, AccessType.Read)).ReturnsAsync(true);

            var mockUserRepository = new Mock <IUserRepository>();

            mockUserRepository.Setup(ur => ur.GetAccounts(master.UserId)).ReturnsAsync(originalAccountUserList);

            var userQueryHandler = new UserQueryHandler(mockAuthorizationService.Object, mockUserRepository.Object);
            var accountUserList  = await userQueryHandler.GetAccounts(identity, master.UserId);

            originalAccountUserList.ShouldDeepEqual(accountUserList);

            mockAuthorizationService.Verify(a => a.CheckAuthorizedUser(identity, master.UserId, AccessType.Read));
            mockAuthorizationService.VerifyNoOtherCalls();

            mockUserRepository.Verify(ur => ur.GetAccounts(master.UserId));
            mockUserRepository.VerifyNoOtherCalls();
        }
        public async Task GetAccounts_WithoutAccess_ShouldFail()
        {
            Bogus.Faker faker    = new Bogus.Faker();
            var         identity = faker.Random.Identity();

            var accountUserFaker    = new Common.Fakers.AccountUserFaker();
            var master              = accountUserFaker.Generate();
            var newAccountUserFaker = accountUserFaker
                                      .RuleFor(au => au.UserId, master.UserId)
                                      .RuleFor(au => au.UserDescription, master.AccountDescription);

            var originalAccountUserList = newAccountUserFaker.Generate(3);

            var mockAuthorizationService = new Mock <IAuthorizationService>();

            mockAuthorizationService.Setup(a => a.CheckAuthorizedUser(identity, master.UserId, AccessType.Read)).ReturnsAsync(false);

            var mockUserRepository = new Mock <IUserRepository>();

            mockUserRepository.Setup(ur => ur.GetAccounts(master.UserId)).ReturnsAsync(originalAccountUserList);

            var userQueryHandler = new UserQueryHandler(mockAuthorizationService.Object, mockUserRepository.Object);
            await Assert.ThrowsAsync <UnauthorizedAccessException>(async() => await userQueryHandler.GetAccounts(identity, master.UserId));

            mockUserRepository.VerifyNoOtherCalls();
        }
Exemplo n.º 3
0
        private async Task CheckAuthorizedAccount(bool hasIdentity, bool admin)
        {
            Bogus.Faker faker    = new Bogus.Faker();
            var         identity = faker.Random.Identity();

            var accountUserFaker = new Common.Fakers.AccountUserFaker();
            var master           = accountUserFaker.Generate();

            var mockUserRepository = new Mock <IUserRepository>();

            mockUserRepository.Setup(ur => ur.CheckAdminScope(identity, AccessType.Read)).ReturnsAsync(admin);

            var mockAccountRepository = new Mock <IAccountRepository>();

            mockAccountRepository.Setup(ar => ar.CheckIdentity(master.AccountId, identity)).ReturnsAsync(hasIdentity);

            var authorizationService = new AuthorizationService(mockUserRepository.Object, mockAccountRepository.Object);
            var result = await authorizationService.CheckAuthorizedAccount(identity, master.AccountId, AccessType.Read);

            Assert.Equal(hasIdentity || admin, result);

            if (!hasIdentity)
            {
                mockUserRepository.Verify(ur => ur.CheckAdminScope(identity, AccessType.Read));
            }
            mockUserRepository.VerifyNoOtherCalls();

            mockAccountRepository.Verify(ar => ar.CheckIdentity(master.AccountId, identity));
            mockAccountRepository.VerifyNoOtherCalls();
        }