public void Should_add_two_items_to_the_start_of_the_begin_pipeline_when_RequiresClaims_enabled()
{
var module = new FakeHookedModule(A.Fake<BeforePipeline>());
module.RequiresClaims(new[] { string.Empty });
A.CallTo(() => module.Before.AddItemToStartOfPipeline(A<Func<NancyContext, Response>>.Ignored)).MustHaveHappened(Repeated.Exactly.Twice);
}
public void Should_return_forbidden_response_with_RequiresClaims_enabled_but_claims_key_missing()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(new[] { "Claim1" });
var context = new NancyContext();
context.Items[Nancy.Security.SecurityConventions.AuthenticatedUsernameKey] = "username";
var result = module.Before.Invoke(context);
result.ShouldNotBeNull();
result.StatusCode.ShouldEqual(HttpStatusCode.Forbidden);
}
public void Should_return_forbidden_response_with_RequiresClaims_enabled_but_claims_key_missing()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(new[] { "Claim1" });
var context = new NancyContext
{
CurrentUser = GetFakeUser("username")
};
var result = module.Before.Invoke(context);
result.ShouldNotBeNull();
result.StatusCode.ShouldEqual(HttpStatusCode.Forbidden);
}
public void Should_return_unauthorized_response_with_RequiresClaims_enabled_and_no_username()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(new[] { string.Empty });
var result = module.Before.Invoke(new NancyContext());
result.ShouldNotBeNull();
result.StatusCode.ShouldEqual(HttpStatusCode.Unauthorized);
}
public void Should_return_unauthorized_response_with_RequiresClaims_enabled_and_blank_username()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(new[] { string.Empty });
var context = new NancyContext();
context.Items[Nancy.Security.SecurityConventions.AuthenticatedUsernameKey] = String.Empty;
var result = module.Before.Invoke(context);
result.ShouldNotBeNull();
result.StatusCode.ShouldEqual(HttpStatusCode.Unauthorized);
}
public void Should_return_null_with_RequiresClaims_and_all_claims_met()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(new[] { "Claim1", "Claim2" });
var context = new NancyContext();
context.Items[Nancy.Security.SecurityConventions.AuthenticatedUsernameKey] = "username";
context.Items[Nancy.Security.SecurityConventions.AuthenticatedClaimsKey] = new[] { "Claim1", "Claim2", "Claim3" };
var result = module.Before.Invoke(context);
result.ShouldBeNull();
}
public void Should_return_null_with_RequiresClaims_and_all_claims_met()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(new[] { "Claim1", "Claim2" });
var context = new NancyContext
{
CurrentUser = GetFakeUser("username", new[] {"Claim1", "Claim2", "Claim3"})
};
var result = module.Before.Invoke(context);
result.ShouldBeNull();
}
public void Should_return_unauthorized_response_with_RequiresClaims_enabled_and_blank_username()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(new[] { string.Empty });
var context = new NancyContext
{
CurrentUser = GetFakeUser(String.Empty)
};
var result = module.Before.Invoke(context, new CancellationToken());
result.Result.ShouldNotBeNull();
result.Result.StatusCode.ShouldEqual(HttpStatusCode.Unauthorized);
}
public void Should_return_forbidden_response_with_RequiresClaims_enabled_but_not_all_claims_met()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(new[] { "Claim1", "Claim2" });
var context = new NancyContext
{
CurrentUser = GetFakeUser("username", new[] {"Claim2"})
};
var result = module.Before.Invoke(context, new CancellationToken());
result.Result.ShouldNotBeNull();
result.Result.StatusCode.ShouldEqual(HttpStatusCode.Forbidden);
}
public void Should_return_forbidden_response_with_RequiresClaims_enabled_but_nonmatching_claims()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(c => c.Type == "Claim1");
var context = new NancyContext
{
CurrentUser = GetFakeUser(
"username",
new Claim("Claim2", string.Empty),
new Claim("Claim3", string.Empty))
};
var result = module.Before.Invoke(context, new CancellationToken());
result.Result.ShouldNotBeNull();
result.Result.StatusCode.ShouldEqual(HttpStatusCode.Forbidden);
}
public void Should_return_null_with_RequiresClaims_and_all_claims_met()
{
var module = new FakeHookedModule(new BeforePipeline());
module.RequiresClaims(c => c.Type == "Claim1", c => c.Type == "Claim2");
var context = new NancyContext
{
CurrentUser = GetFakeUser("username",
new Claim("Claim1", string.Empty),
new Claim("Claim2", string.Empty),
new Claim("Claim3", string.Empty))
};
var result = module.Before.Invoke(context, new CancellationToken());
result.Result.ShouldBeNull();
}
