public void IsValidAuthRole_For_External_User_With_Internal_Authentication_Should_Throw_AuthenticationException(string role,
bool isKerberosAuth)
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");
controllerHelperMock.Setup(m => m.IsKerberosAuthentication()).Returns(isKerberosAuth);
controllerHelperMock.Setup(m => m.IsSmartcartAuthentication()).Returns(!isKerberosAuth);
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = role
}
});
var mockUserDataAccess = Mock.Of <IUserDataAccess>();
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock.Object, authenticationHelperMock.Object,
webCmiConfigProviderMock.Object);
// act
var action = (Action)(() => { sut.IsValidAuthRole(role, true); });
// assert
action.Should().Throw <AuthenticationException>()
.WithMessage("Kerberos oder Smartcard dürfen nicht für Ö2 und Ö3 verwendet werden");
}
IsValidAuthRole_For_Management_Client_Roles_Allow_And_Appo_Should_Return_KeineKerberosAuthentication_When_Not_LoggedIn_With_Kerberos(
string role)
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(true);
controllerHelperMock.Setup(m => m.IsKerberosAuthentication()).Returns(false);
controllerHelperMock.Setup(m => m.IsSmartcartAuthentication()).Returns(false);
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = role
}
});
var mockUserDataAccess = Mock.Of <IUserDataAccess>();
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock.Object, authenticationHelperMock.Object,
webCmiConfigProviderMock.Object);
// act
var result = sut.IsValidAuthRole(role, false);
// assert
result.Should().Be(AuthStatus.KeineKerberosAuthentication);
}
public void IsValidAuthRole_For_Public_Client_Roles_Oe1_Should_Throw_Exception()
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
controllerHelperMock.Setup(m => m.IsKerberosAuthentication()).Returns(false);
controllerHelperMock.Setup(m => m.IsSmartcartAuthentication()).Returns(false);
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = "Ö1"
}
});
var mockUserDataAccess = Mock.Of <IUserDataAccess>();
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock.Object, authenticationHelperMock.Object,
webCmiConfigProviderMock.Object);
// act
var action = (Action)(() => { sut.IsValidAuthRole("Ö1", true); });
// assert
action.Should().Throw <InvalidOperationException>("Ö1 are not registered users, so they don't have a real session")
.WithMessage("Nicht definiertes Rollen handling");
}
public void IsValidAuthRole_For_Public_Client_Roles_Oe3_Should_Return_KeineMTanAuthentication_When_User_Is_Missing_MTan_Claim()
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(false);
controllerHelperMock.Setup(m => m.IsKerberosAuthentication()).Returns(false);
controllerHelperMock.Setup(m => m.IsSmartcartAuthentication()).Returns(false);
controllerHelperMock.Setup(m => m.IsMTanAuthentication()).Returns(false);
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = "Ö3"
}
});
var mockUserDataAccess = Mock.Of <IUserDataAccess>();
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock.Object, authenticationHelperMock.Object,
webCmiConfigProviderMock.Object);
// act
var result = sut.IsValidAuthRole("Ö3", true);
// assert
result.Should().Be(AuthStatus.KeineMTanAuthentication);
}
public void IsValidAuthRole_For_Public_Client_Roles_Oe2_And_Bvw_Should_Return_Ok(string role, bool isInternalUser)
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(isInternalUser);
controllerHelperMock.Setup(m => m.GetMgntRoleFromClaim()).Returns("ALLOW");
controllerHelperMock.Setup(m => m.IsKerberosAuthentication()).Returns(isInternalUser);
controllerHelperMock.Setup(m => m.IsSmartcartAuthentication()).Returns(isInternalUser);
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = role
}
});
var mockUserDataAccess = Mock.Of <IUserDataAccess>();
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock.Object, authenticationHelperMock.Object,
webCmiConfigProviderMock.Object);
// act
var result = sut.IsValidAuthRole(role, true);
// assert
result.Should().Be(AuthStatus.Ok);
}
public void IsValidAuthRole_For_Management_Client_With_Unknown_Roles_Should_Throw_Exception()
{
// arrange
var controllerHelperMock = new Mock <IControllerHelper>();
controllerHelperMock.Setup(m => m.IsInternalUser()).Returns(true);
controllerHelperMock.Setup(m => m.IsKerberosAuthentication()).Returns(false);
controllerHelperMock.Setup(m => m.IsSmartcartAuthentication()).Returns(false);
var authenticationHelperMock = new Mock <IAuthenticationHelper>();
authenticationHelperMock
.Setup(m => m.GetClaimsForRequest(It.IsAny <IPrincipal>(), It.IsAny <HttpRequestMessage>()))
.Returns(new List <ClaimInfo>
{
new ClaimInfo
{
Type = "/identity/claims/e-id/profile/role",
Value = "X-UNKNOWN"
}
});
var mockUserDataAccess = Mock.Of <IUserDataAccess>();
var webCmiConfigProviderMock = new Mock <IWebCmiConfigProvider>();
webCmiConfigProviderMock.Setup(m => m.GetStringSetting(It.IsAny <string>(), It.IsAny <string>()))
.Returns((string key, string defaultValue) => defaultValue);
var sut = new AuthControllerHelper(null, mockUserDataAccess, controllerHelperMock.Object, authenticationHelperMock.Object,
webCmiConfigProviderMock.Object);
// act
var action = (Action)(() => { sut.IsValidAuthRole("X-UNKNOWN", false); });
// assert
action.Should().Throw <ArgumentOutOfRangeException>().WithMessage("*Nicht definiertes Rollen handling*");
}
