public async Task AuthorizeAsync_WhenReturnUrlIsTrustedAbsoluteUrl_AssertQueryAsyncWasCalledOnQueryBus()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
await sut.AuthorizeAsync(httpContext, returnUrl);
_queryBusMock.Verify(m => m.QueryAsync <IGetAuthorizeUriForMicrosoftGraphQuery, Uri>(It.Is <IGetAuthorizeUriForMicrosoftGraphQuery>(value => value.RedirectUri != null && value.RedirectUri.AbsoluteUri.EndsWith("/Account/MicrosoftGraphCallback".ToLower()))), Times.Once);
}
public async Task AuthorizeAsync_WhenReturnUrlIsTrustedAbsoluteUrl_ReturnsRedirectResult()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
IActionResult result = await sut.AuthorizeAsync(httpContext, returnUrl);
Assert.That(result, Is.TypeOf <RedirectResult>());
}
public async Task AuthorizeAsync_WhenReturnUrlIsTrustedAbsoluteUrlAndHttpRequestOnHttpContextIsGet_AssertGenerateAuthorizeUriAsyncWasCalledOnSut()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
await sut.AuthorizeAsync(httpContext, returnUrl);
Assert.That(((Sut)sut).GenerateAuthorizeUriAsyncWasCalled, Is.True);
}
public async Task AuthorizeAsync_WhenReturnUrlIsNonAbsoluteUrl_AssertIsTrustedDomainWasNotCalledOnTrustedDomainHelper()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = _fixture.Create <string>();
await sut.AuthorizeAsync(httpContext, returnUrl);
_trustedDomainHelperMock.Verify(m => m.IsTrustedDomain(It.IsAny <Uri>()), Times.Never);
}
public async Task AuthorizeAsync_WhenReturnUrlIsTrustedAbsoluteUrlAndHttpRequestOnHttpContextIsGet_AssertCreateProtectorWasCalledOnDataProtectionProviderWithStateProtection()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
await sut.AuthorizeAsync(httpContext, returnUrl);
_dataProtectionProviderMock.Verify(m => m.CreateProtector(It.Is <string>(value => string.CompareOrdinal(value, "StateProtection") == 0)), Times.Once);
}
public async Task AuthorizeAsync_WhenReturnUrlIsTrustedAbsoluteUrlAndHttpRequestOnHttpContextIsGet_AssertProtectWasCalledOnDataProtectorWithByteArrayForReturnUrl()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
await sut.AuthorizeAsync(httpContext, returnUrl);
_dataProtectorMock.Verify(m => m.Protect(It.Is <byte[]>(value => value != null && string.CompareOrdinal(Encoding.UTF8.GetString(value), returnUrl) == 0)), Times.Once);
}
public async Task AuthorizeAsync_WhenReturnUrlIsTrustedAbsoluteUrlAndHttpRequestOnHttpContextIsNotGet_AssertProtectWasNotCalledOnDataProtector()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext(HttpMethods.Post);
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
await sut.AuthorizeAsync(httpContext, returnUrl);
_dataProtectorMock.Verify(m => m.Protect(It.IsAny <byte[]>()), Times.Never);
}
public async Task AuthorizeAsync_WhenReturnUrlIsTrustedAbsoluteUrlAndHttpRequestOnHttpContextIsNotGet_ReturnsBadRequestResult()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext(HttpMethods.Post);
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
IActionResult result = await sut.AuthorizeAsync(httpContext, returnUrl);
Assert.That(result, Is.TypeOf <BadRequestResult>());
}
public async Task AuthorizeAsync_WhenReturnUrlIsNonTrustedAbsoluteUrl_AssertCreateProtectorWasNotCalledOnDataProtectionProvider()
{
ITokenHelper sut = CreateSut(false);
HttpContext httpContext = CreateHttpContext();
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
await sut.AuthorizeAsync(httpContext, returnUrl);
_dataProtectionProviderMock.Verify(m => m.CreateProtector(It.IsAny <string>()), Times.Never);
}
public async Task AuthorizeAsync_WhenReturnUrlIsAbsoluteUrl_AssertIsTrustedDomainWasCalledOnTrustedDomainHelperWithUriForReturnUrl()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
await sut.AuthorizeAsync(httpContext, returnUrl);
_trustedDomainHelperMock.Verify(m => m.IsTrustedDomain(It.Is <Uri>(value => value != null && string.CompareOrdinal(value.AbsoluteUri, returnUrl) == 0)), Times.Once);
}
public async Task AuthorizeAsync_WhenReturnUrlIsNonAbsoluteUrl_ReturnsBadRequestResult()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = _fixture.Create <string>();
IActionResult result = await sut.AuthorizeAsync(httpContext, returnUrl);
Assert.That(result, Is.TypeOf <BadRequestResult>());
}
public async Task AuthorizeAsync_WhenReturnUrlIsNonAbsoluteUrl_AssertGenerateAuthorizeUriAsyncWasNotCalledOnSut()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = _fixture.Create <string>();
await sut.AuthorizeAsync(httpContext, returnUrl);
Assert.That(((Sut)sut).GenerateAuthorizeUriAsyncWasCalled, Is.False);
}
public async Task AuthorizeAsync_WhenReturnUrlIsNonAbsoluteUrl_AssertProtectWasNotCalledOnDataProtector()
{
ITokenHelper sut = CreateSut();
HttpContext httpContext = CreateHttpContext();
string returnUrl = _fixture.Create <string>();
await sut.AuthorizeAsync(httpContext, returnUrl);
_dataProtectorMock.Verify(m => m.Protect(It.IsAny <byte[]>()), Times.Never);
}
public async Task AuthorizeAsync_WhenReturnUrlIsTrustedAbsoluteUrl_ReturnsRedirectResultWithUrlEqualToAbsoluteUriFromAuthorizeUri()
{
Uri authorizeUri = new Uri("http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}");
ITokenHelper sut = CreateSut(authorizeUri: authorizeUri);
HttpContext httpContext = CreateHttpContext();
string returnUrl = $"http://localhost/{_fixture.Create<string>()}/{_fixture.Create<string>()}";
RedirectResult result = (RedirectResult)await sut.AuthorizeAsync(httpContext, returnUrl);
Assert.That(result.Url, Is.EqualTo(authorizeUri.AbsoluteUri));
}
public void AuthorizeAsync_WhenReturnUrlIsWhiteSpace_ThrowsArgumentNullException()
{
ITokenHelper sut = CreateSut();
ArgumentNullException result = Assert.ThrowsAsync <ArgumentNullException>(async() => await sut.AuthorizeAsync(CreateHttpContext(), " "));
Assert.That(result.ParamName, Is.EqualTo("returnUrl"));
}
public void AuthorizeAsync_WhenHttpContextIsNull_ThrowsArgumentNullException()
{
ITokenHelper sut = CreateSut();
ArgumentNullException result = Assert.ThrowsAsync <ArgumentNullException>(async() => await sut.AuthorizeAsync(null, _fixture.Create <string>()));
Assert.That(result.ParamName, Is.EqualTo("httpContext"));
}