public void GetEntitlement_Single_Should_Return_Entitlement_Ok()
{
var headerDigestion = new HeaderDigestionOptions
{
Name = "iam-groups",
Delimiter = ";"
};
var roleMapping = new RolesMappingOptions
{
User = "******",
Super = "leaf_supers",
Identified = "leaf_phi",
Admin = "leaf_admin"
};
var opts = GetAuthOptions(headerDigestion, roleMapping);
var eProvider = new SAML2EntitlementProvider(opts, Options.Create(new AuthorizationOptions()));
var ctx = HttpHelper.GetHttpContext(("iam-groups", "leaf_users"));
var identity = GetUserContext("*****@*****.**");
var entitlement = eProvider.GetEntitlement(ctx, identity);
Assert.True(entitlement.Mask.HasFlag(RoleMask.User));
Assert.False(entitlement.Mask.HasFlag(RoleMask.Admin));
Assert.False(entitlement.Mask.HasFlag(RoleMask.Super));
Assert.False(entitlement.Mask.HasFlag(RoleMask.Identified));
}
public ActiveDirectoryEntitlementProvider(
IOptions <ActiveDirectoryAuthorizationOptions> authOpts,
IMembershipProvider membershipProvider
)
{
roles = authOpts.Value.RolesMapping;
mProvider = membershipProvider;
}
public void GetEntitlement_Should_Throw_If_Header_Not_Found()
{
var headerDigestion = new HeaderDigestionOptions
{
Name = "iam-group",
Delimiter = ";"
};
var roleMapping = new RolesMappingOptions
{
User = "******",
Super = "leaf_supers",
Identified = "leaf_phi",
Admin = "leaf_admin"
};
var opts = GetAuthOptions(headerDigestion, roleMapping);
var eProvider = new SAML2EntitlementProvider(opts, Options.Create(new AuthorizationOptions()));
var ctx = HttpHelper.GetHttpContext(("iam-groups", "leaf_users"));
var identity = GetUserContext("*****@*****.**");
Assert.Throws <LeafAuthenticationException>(() => eProvider.GetEntitlement(ctx, identity));
}
static IOptions <SAML2AuthorizationOptions> GetAuthOptions(HeaderDigestionOptions digs, RolesMappingOptions roles)
{
return(Options.Create(new SAML2AuthorizationOptions
{
HeadersMapping = new HeadersMappingOptions
{
Entitlements = digs
},
RolesMapping = roles
}));
}
