Exemplo n.º 1
0
        public void Check_ApplyCanMutateCheckedClaims()
        {
            // Arrange
            var user = new ClaimsPrincipal(
                new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic")
                );

            var policies = new IAuthorizationPolicy[] {
                new FakePolicy()
                {
                    ApplyAsyncAction = (context) => {
                        // for instance, if user owns the comment
                        if (!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments"))
                        {
                            context.Claims.Add(new Claim("Permission", "CanDeleteComments"));
                            context.Retry = true;
                        }
                    }
                }
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), user);

            // Assert
            Assert.True(allowed);
        }
Exemplo n.º 2
0
        public void Check_PoliciesCanMutateUsersClaims()
        {
            // Arrange
            var user = new ClaimsPrincipal(
                new ClaimsIdentity(new Claim[0], "Basic")
                );

            var policies = new IAuthorizationPolicy[] {
                new FakePolicy()
                {
                    ApplyAsyncAction = (context) => {
                        if (!context.Authorized)
                        {
                            context.UserClaims.Add(new Claim("Permission", "CanDeleteComments"));
                            context.Retry = true;
                        }
                    }
                }
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            var allowed = authorizationService.Authorize(new Claim("Permission", "CanDeleteComments"), user);

            // Assert
            Assert.True(allowed);
        }
Exemplo n.º 3
0
        public void Check_ShouldApplyPoliciesInOrder()
        {
            // Arrange
            string result   = "";
            var    policies = new IAuthorizationPolicy[] {
                new FakePolicy()
                {
                    Order = 20,
                    ApplyingAsyncAction = (context) => { result += "20"; }
                },
                new FakePolicy()
                {
                    Order = -1,
                    ApplyingAsyncAction = (context) => { result += "-1"; }
                },
                new FakePolicy()
                {
                    Order = 30,
                    ApplyingAsyncAction = (context) => { result += "30"; }
                },
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), null);

            // Assert
            Assert.Equal("-12030", result);
        }
Exemplo n.º 4
0
        public void Check_ShouldNotAllowIfUserIsNull()
        {
            // Arrange
            var             authorizationService = new DefaultAuthorizationService(Enumerable.Empty <IAuthorizationPolicy>());
            ClaimsPrincipal user = null;

            // Act
            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);

            // Assert
            Assert.False(allowed);
        }
Exemplo n.º 5
0
        public async Task NoRequirementTest()
        {
            var bus     = A.Fake <IServiceBus>();
            var user    = A.Fake <ClaimsPrincipal>();
            var message = A.Fake <IMessage>();
            var options = new AuthorizationOptions();
            var service = new DefaultAuthorizationService(options, new IAuthorizationHandler[0]);

            await Assert.ThrowsAsync <InvalidOperationException>(() =>
            {
                return(service.Authorize(bus, user, message, "CustomPolicy"));
            });
        }
Exemplo n.º 6
0
        public void Check_ShouldAllowIfClaimIsPresent()
        {
            // Arrange
            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty <IAuthorizationPolicy>());
            var user = new ClaimsPrincipal(
                new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic")
                );

            // Act
            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);

            // Assert
            Assert.True(allowed);
        }
Exemplo n.º 7
0
        public async Task FailedRequirementTest()
        {
            var bus         = A.Fake <IServiceBus>();
            var user        = A.Fake <ClaimsPrincipal>();
            var handler     = new FailingAuthorizationHandler();
            var requirement = new FailingRequirement();
            var message     = A.Fake <IMessage>();
            var options     = new AuthorizationOptions();

            options.AddPolicy("CustomPolicy", p => p.AddRequirements(requirement));
            var service = new DefaultAuthorizationService(options, new IAuthorizationHandler[] { handler });

            Assert.False(await service.Authorize(bus, user, message, "CustomPolicy"));
        }
Exemplo n.º 8
0
        public void Check_ShouldThrowWhenPoliciesDontStop()
        {
            // Arrange
            var policies = new IAuthorizationPolicy[] {
                new FakePolicy()
                {
                    ApplyAsyncAction = (context) => { context.Retry = true; }
                }
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            // Assert
            Exception ex = Assert.Throws <InvalidOperationException>(() => authorizationService.Authorize(Enumerable.Empty <Claim>(), null));
        }
Exemplo n.º 9
0
        public void Check_ShouldConvertNullClaimsToEmptyList()
        {
            // Arrange
            IList <Claim> claims   = null;
            var           policies = new IAuthorizationPolicy[] {
                new FakePolicy()
                {
                    Order = 20,
                    ApplyingAsyncAction = (context) => { claims = context.Claims; }
                }
            };

            var authorizationService = new DefaultAuthorizationService(policies);

            // Act
            var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), null);

            // Assert
            Assert.NotNull(claims);
            Assert.Equal(0, claims.Count);
        }