private ApiKeyAuthorizeAttribute CreateAttribute()
{
ApiKeyAuthorizeAttribute attribute = Get <ApiKeyAuthorizeAttribute>();
attribute.UserService = Get <IUserService>();
return(attribute);
}
public void ApiKeyAuthorizeAttributeReturns400WhenApiKeyFormatIsInvalid()
{
ApiKeyAuthorizeAttribute attribute = CreateAttribute();
// Act
var result = attribute.CheckForResult("invalid-key");
// Assert
ResultAssert.IsStatusCode(result, 400, String.Format(Strings.InvalidApiKey, "invalid-key"));
}
public void ApiKeyAuthorizeAttributeReturns400WhenApiKeyIsMissing(string value)
{
ApiKeyAuthorizeAttribute attribute = CreateAttribute();
// Act
var result = attribute.CheckForResult(value);
// Assert
ResultAssert.IsStatusCode(result, 400, String.Format(Strings.InvalidApiKey, ""));
}
public void ApiKeyAuthorizeAttributeReturns403WhenApiKeyDoesNotBelongToAUser()
{
ApiKeyAuthorizeAttribute attribute = CreateAttribute();
string unknownApiKey = Guid.NewGuid().ToString();
// Act
var result = attribute.CheckForResult(unknownApiKey);
// Assert
ResultAssert.IsStatusCode(result, 403, String.Format(Strings.ApiKeyNotAuthorized, "push"));
}
public void UsesApiKeyColumnToFindUserIfNoRecordInCredentialTable()
{
ApiKeyAuthorizeAttribute attribute = CreateAttribute();
var apiKey = Guid.NewGuid();
var mockFilterContext = CreateActionFilterContext(apiKey.ToString());
GetMock <IUserService>()
.Setup(us => us.FindByApiKey(apiKey))
.Returns(Fakes.Owner);
// Act
attribute.OnActionExecuting(mockFilterContext.Object);
// Assert
Assert.Null(mockFilterContext.Object.Result);
}
public void ApiKeyAuthorizeAttributeReturns403WhenUserIsNotYetConfirmed()
{
ApiKeyAuthorizeAttribute attribute = CreateAttribute();
var user = new User
{
UnconfirmedEmailAddress = "*****@*****.**",
ApiKey = Guid.NewGuid()
};
GetMock <IUserService>()
.Setup(us => us.FindByApiKey(user.ApiKey))
.Returns(user);
// Act
var result = attribute.CheckForResult(user.ApiKey.ToString());
// Assert
ResultAssert.IsStatusCode(result, 403, Strings.ApiKeyUserAccountIsUnconfirmed);
}
public void UsesCredentialTableToFindUser()
{
ApiKeyAuthorizeAttribute attribute = CreateAttribute();
var apiKey = Guid.NewGuid();
var mockFilterContext = CreateActionFilterContext(apiKey.ToString());
GetMock <IUserService>()
.Setup(us => us.AuthenticateCredential(
CredentialTypes.ApiKeyV1,
apiKey.ToString().ToLowerInvariant()))
.Returns(new Credential()
{
User = Fakes.Owner
});
// Act
attribute.OnActionExecuting(mockFilterContext.Object);
// Assert
Assert.Null(mockFilterContext.Object.Result);
}
public void ApiKeyAuthorizeAttributeDoesNotThrowWhenRequireSSLIsFalse()
{
// Arrange
var mockAuthContext = new Mock<AuthorizationContext>(MockBehavior.Strict);
var mockConfig = new Mock<IAppConfiguration>();
var mockFormsAuth = new Mock<IFormsAuthenticationService>();
mockConfig.Setup(cfg => cfg.RequireSSL).Returns(false);
mockAuthContext.SetupGet(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
var context = mockAuthContext.Object;
mockFormsAuth.Setup(fas => fas.ShouldForceSSL(context.HttpContext)).Returns(true);
var attribute = new ApiKeyAuthorizeAttribute() { Configuration = mockConfig.Object, FormsAuthentication = mockFormsAuth.Object };
var result = new ViewResult();
context.Result = result;
// Act
attribute.OnAuthorization(context);
// Assert
Assert.Same(result, context.Result);
}