public void ValidatePdpDecision_TC08()
{
// Arrange
XacmlJsonResponse response = new XacmlJsonResponse();
response.Response = new List <XacmlJsonResult>();
XacmlJsonResult xacmlJsonResult = new XacmlJsonResult();
xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString();
response.Response.Add(xacmlJsonResult);
// Add obligation to result with a minimum authentication level attribute
XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice();
obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>();
string minAuthLevel = "3";
XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment()
{
Category = "urn:altinn:minimum-authenticationlevel",
Value = minAuthLevel
};
obligation.AttributeAssignment.Add(authenticationAttribute);
xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>();
xacmlJsonResult.Obligations.Add(obligation);
// Act
EnforcementResult result = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, CreateUserClaims(false));
// Assert
Assert.False(result.Authorized);
Assert.Contains(AltinnObligations.RequiredAuthenticationLevel, result.FailedObligations.Keys);
Assert.Equal(minAuthLevel, result.FailedObligations[AltinnObligations.RequiredAuthenticationLevel]);
}
private async Task <EnforcementResult> AuthorizeAction(string org, string app, int partyId, string action)
{
EnforcementResult enforcementResult = new EnforcementResult();
XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(org, app, HttpContext.User, action, partyId, null);
XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request);
if (response?.Response == null)
{
_logger.LogInformation($"// Instances Controller // Authorization of action {action} failed with request: {JsonConvert.SerializeObject(request)}.");
return(enforcementResult);
}
enforcementResult = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, HttpContext.User);
return(enforcementResult);
}
public void ValidatePdpDecision_TC10()
{
// Arrange
XacmlJsonResponse response = new XacmlJsonResponse();
response.Response = new List <XacmlJsonResult>();
XacmlJsonResult xacmlJsonResult = new XacmlJsonResult();
xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString();
response.Response.Add(xacmlJsonResult);
// Add obligation to result with a minimum authentication level attribute
XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice();
obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>();
string minAuthLevel = "4";
XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment()
{
Category = "urn:altinn:minimum-authenticationlevel",
Value = minAuthLevel
};
obligation.AttributeAssignment.Add(authenticationAttribute);
XacmlJsonObligationOrAdvice obligationOrg = new XacmlJsonObligationOrAdvice();
obligationOrg.AttributeAssignment = new List <XacmlJsonAttributeAssignment>();
string minAuthLevelOrg = "2";
XacmlJsonAttributeAssignment authenticationAttributeOrg = new XacmlJsonAttributeAssignment()
{
Category = "urn:altinn:minimum-authenticationlevel-org",
Value = minAuthLevelOrg
};
obligationOrg.AttributeAssignment.Add(authenticationAttributeOrg);
xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>();
xacmlJsonResult.Obligations.Add(obligationOrg);
xacmlJsonResult.Obligations.Add(obligation);
// Act
EnforcementResult result = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, CreateUserClaims(false, "ttd"));
// Assert
Assert.True(result.Authorized);
Assert.Null(result.FailedObligations);
}