public async Task ExecuteResultAsync_InvokesForbiddenAsyncOnAllConfiguredSchemes()
{
// Arrange
var authProperties = new AuthenticationProperties();
var authenticationManager = new Mock<AuthenticationManager>();
authenticationManager
.Setup(c => c.ForbidAsync("Scheme1", authProperties))
.Returns(TaskCache.CompletedTask)
.Verifiable();
authenticationManager
.Setup(c => c.ForbidAsync("Scheme2", authProperties))
.Returns(TaskCache.CompletedTask)
.Verifiable();
var httpContext = new Mock<HttpContext>();
httpContext.Setup(c => c.RequestServices).Returns(CreateServices());
httpContext.Setup(c => c.Authentication).Returns(authenticationManager.Object);
var result = new ForbidResult(new[] { "Scheme1", "Scheme2" }, authProperties);
var routeData = new RouteData();
var actionContext = new ActionContext(
httpContext.Object,
routeData,
new ActionDescriptor());
// Act
await result.ExecuteResultAsync(actionContext);
// Assert
authenticationManager.Verify();
}
public void WithAllowRefresh_GivenUnexpected_ShouldFail()
{
var actualAllowRefresh = true;
var expectedAllowRefresh = false;
var actualAuthenticationProperties = new AuthenticationProperties {
AllowRefresh = actualAllowRefresh
};
ActionResult result = new ForbidResult(actualAuthenticationProperties);
var failureMessage = FailureMessageHelper.ExpectedContextToBeXButY("ForbidResult.AuthenticationProperties.AllowRefresh", expectedAllowRefresh, actualAllowRefresh);
Action a = () => result.Should().BeForbidResult().WithAllowRefresh(expectedAllowRefresh, Reason, ReasonArgs);
a.Should().Throw <Exception>().WithMessage(failureMessage);
}
public void Give_ActionResult_When_Implicity_Cast()
{
// Arrange/Act
var notFound = new NotFoundResult();
var forbid = new ForbidResult();
Result <int> five = notFound;
Result <string> hello = forbid;
// Assert
five.Errored.ShouldBeTrue();
five.ErrorResult.ShouldBe(notFound);
hello.Errored.ShouldBeTrue();
hello.ErrorResult.ShouldBe(forbid);
}
public void ContainsScheme_GivenUnexpected_ShouldFail()
{
const string testScheme = "testScheme";
const string expectedScheme = "expectedScheme";
var actualSchemes = new List <string> {
testScheme
};
ActionResult result = new ForbidResult(actualSchemes);
var failureMessage = string.Format(FailureMessages.CommonAuthenticationSchemesContainScheme, expectedScheme);
Action a = () => result.Should().BeForbidResult().ContainsScheme(expectedScheme, Reason, ReasonArgs);
a.Should().Throw <Exception>().WithMessage(failureMessage);
}
public void WithIsPersistent_GivenUnexpected_ShouldFail()
{
var actualIsPersistent = true;
var expectedIsPersistent = false;
var actualAuthenticationProperties = new AuthenticationProperties {
IsPersistent = actualIsPersistent
};
ActionResult result = new ForbidResult(actualAuthenticationProperties);
var failureMessage = FailureMessageHelper.ExpectedContextToBeXButY("ForbidResult.AuthenticationProperties.IsPersistent", expectedIsPersistent, actualIsPersistent);
Action a = () => result.Should().BeForbidResult().WithIsPersistent(expectedIsPersistent, Reason, ReasonArgs);
a.Should().Throw <Exception>().WithMessage(failureMessage);
}
public void WithRedirectUri_GivenUnexpected_ShouldFail()
{
var actualRedirectUri = "redirectUri";
var expectedRedirectUri = "otherUri";
var actualAuthenticationProperties = new AuthenticationProperties {
RedirectUri = actualRedirectUri
};
ActionResult result = new ForbidResult(actualAuthenticationProperties);
var failureMessage = FailureMessageHelper.ExpectedContextToBeXButY("ForbidResult.AuthenticationProperties.RedirectUri", expectedRedirectUri, actualRedirectUri);
Action a = () => result.Should().BeForbidResult().WithRedirectUri(expectedRedirectUri, Reason, ReasonArgs);
a.Should().Throw <Exception>().WithMessage(failureMessage);
}
public async Task RunSqlImportJobGuardedByCanRefreshPublishedQaPermission()
{
string specificationId = NewRandomString();
string fundingStreamId = NewRandomString();
ForbidResult result = await WhenTheRunSqlJobIsCreated(specificationId, fundingStreamId) as ForbidResult;
result
.Should()
.NotBeNull();
await _publishingApiClient
.Received(0)
.QueueSpecificationFundingStreamSqlImport(specificationId, fundingStreamId);
}
public void WithExpiresUtc_GivenNull_For_Expected_ShouldFail()
{
var actualExpiresUtc = TestLastModified;
var expectedExpiresUtc = null as DateTimeOffset?;
var actualAuthenticationProperties = new AuthenticationProperties {
ExpiresUtc = actualExpiresUtc
};
ActionResult result = new ForbidResult(actualAuthenticationProperties);
var convertedActualExpiresUtc = FailureMessageHelper.RoundToSeconds(actualExpiresUtc);
var failureMessage = FailureMessageHelper.ExpectedContextToBeXButY("ForbidResult.AuthenticationProperties.ExpiresUtc", null, convertedActualExpiresUtc);
Action a = () => result.Should().BeForbidResult().WithExpiresUtc(expectedExpiresUtc, Reason, ReasonArgs);
a.Should().Throw <Exception>().WithMessage(failureMessage);
}
public void WithIssuedUtc_GivenUnexpected_ShouldFail()
{
var actualIssuedUtc = TestLastModified;
var expectedIssuedUtc = TestLastModified.Value.AddSeconds(1);
var actualAuthenticationProperties = new AuthenticationProperties {
IssuedUtc = actualIssuedUtc
};
ActionResult result = new ForbidResult(actualAuthenticationProperties);
var convertedExpectedIssuedUtc = FailureMessageHelper.RoundToSeconds(expectedIssuedUtc);
var convertedActualIssuedUtc = FailureMessageHelper.RoundToSeconds(actualIssuedUtc);
var failureMessage = FailureMessageHelper.ExpectedContextToBeXButY("ForbidResult.AuthenticationProperties.IssuedUtc", convertedExpectedIssuedUtc, convertedActualIssuedUtc);
Action a = () => result.Should().BeForbidResult().WithIssuedUtc(expectedIssuedUtc, Reason, ReasonArgs);
a.Should().Throw <Exception>().WithMessage(failureMessage);
}
public void WithAuthenticationSchemes_GivenUnexpected_ShouldFail()
{
var actualAuthenticationSchemes = new List <string>()
{
"one", "two", "three"
};
var expectedAuthenticationSchemes = new List <string> {
"three", "four", "five"
};
ActionResult result = new ForbidResult(actualAuthenticationSchemes);
var failureMessage = string.Format(FailureMessages.CommonListsNotIdentical, "ForbidResult.AuthenticationSchemes");
Action a = () => result.Should().BeForbidResult().WithAuthenticationSchemes(expectedAuthenticationSchemes, Reason, ReasonArgs);
a.Should().Throw <Exception>().WithMessage(failureMessage);
}
public void ContainsItem_GivenUnexpectedValue_ShouldFail()
{
const string testKey = "testKey";
const string testValue = "testValue";
const string expectedValue = "wrong value";
var properties = new Dictionary <string, string> {
{ testKey, testValue }
};
var actualAuthenticationProperties = new AuthenticationProperties(properties);
ActionResult result = new ForbidResult(actualAuthenticationProperties);
var failureMessage = FailureMessageHelper.ExpectedAtKeyValueXButFoundY(
"ForbidResult.AuthenticationProperties.Items", testKey, expectedValue, testValue);
Action a = () => result.Should().BeForbidResult().ContainsItem(testKey, expectedValue, Reason, ReasonArgs);
a.Should().Throw <Exception>().WithMessage(failureMessage);
}
public async Task ExecuteResultAsync_InvokesForbidAsyncWithAuthProperties(AuthenticationProperties expected)
{
// Arrange
var auth = new Mock <IAuthenticationService>();
auth
.Setup(c => c.ForbidAsync(It.IsAny <HttpContext>(), null, expected))
.Returns(Task.CompletedTask)
.Verifiable();
var result = new ForbidResult(expected);
var httpContext = GetHttpContext(auth.Object);
// Act
await result.ExecuteAsync(httpContext);
// Assert
auth.Verify();
}
public async Task <IActionResult> FileAsync(FullPath path, bool download)
{
IActionResult result;
if (path.IsDirectory)
{
result = new ForbidResult();
}
if (!await path.File.ExistsAsync)
{
result = new NotFoundResult();
}
if (path.RootVolume.IsShowOnly)
{
result = new ForbidResult();
}
//result = new DownloadFileResult(fullPath.File, download);
string contentType = download ? "application/octet-stream" : Utils.GetMimeType(path.File);
result = new PhysicalFileResult(path.File.FullName, contentType);
return(await Task.FromResult(result));
}
public async Task ExecuteResultAsync_InvokesForbidAsyncOnAllConfiguredSchemes()
{
// Arrange
var authProperties = new AuthenticationProperties();
var auth = new Mock <IAuthenticationService>();
auth
.Setup(c => c.ForbidAsync(It.IsAny <HttpContext>(), "Scheme1", authProperties))
.Returns(Task.CompletedTask)
.Verifiable();
auth
.Setup(c => c.ForbidAsync(It.IsAny <HttpContext>(), "Scheme2", authProperties))
.Returns(Task.CompletedTask)
.Verifiable();
var httpContext = GetHttpContext(auth.Object);
var result = new ForbidResult(new[] { "Scheme1", "Scheme2" }, authProperties);
var routeData = new RouteData();
// Act
await result.ExecuteAsync(httpContext);
// Assert
auth.Verify();
}
public async Task <ActionResult> Edit(int id)
{
ActionResult response;
var document = _documentRepository.GetById(id);
if (document == null)
{
response = new NotFoundResult();
}
var authorizationResult = await _authorizationService.AuthorizeAsync(User, document, new EditDocumentRequirement());
if (authorizationResult.Succeeded)
{
response = View(document);
}
else
{
response = new ForbidResult();
}
return(response);
}
public async Task ExecuteResultAsync_InvokesForbiddenAsyncWithAuthProperties_WhenAuthenticationSchemesIsEmpty(
AuthenticationProperties expected)
{
// Arrange
var authenticationManager = new Mock<AuthenticationManager>();
authenticationManager
.Setup(c => c.ForbidAsync(expected))
.Returns(TaskCache.CompletedTask)
.Verifiable();
var httpContext = new Mock<HttpContext>();
httpContext.Setup(c => c.RequestServices).Returns(CreateServices());
httpContext.Setup(c => c.Authentication).Returns(authenticationManager.Object);
var result = new ForbidResult(expected)
{
AuthenticationSchemes = new string[0]
};
var routeData = new RouteData();
var actionContext = new ActionContext(
httpContext.Object,
routeData,
new ActionDescriptor());
// Act
await result.ExecuteResultAsync(actionContext);
// Assert
authenticationManager.Verify();
}
public void OnAuthorization(AuthorizationFilterContext context)
{
IActionResult actionResult = null;
try
{
switch (_Claim.Type)
{
case GrandPermission.EndpointPermission:
Claim grandPermissions = context.HttpContext.User.Claims.FirstOrDefault(c => c.Type == _Claim.Type);
if (grandPermissions != null)
{
string[] userActionIds = grandPermissions.Value.Split(',', StringSplitOptions.RemoveEmptyEntries);
string[] requirementActionIds = _Claim.Value.Split(',', StringSplitOptions.RemoveEmptyEntries);
switch (_Claim.ValueType)
{
case GrandFilterType.Or:
{
bool exist = false;
for (int i = 0; i < requirementActionIds.Length; i++)
{
if (userActionIds.Contains(requirementActionIds[i]))
{
exist = true;
break;
}
}
if (!exist)
{
actionResult = new ForbidResult();
}
}
break;
case GrandFilterType.And:
{
for (int i = 0; i < requirementActionIds.Length; i++)
{
if (!userActionIds.Contains(requirementActionIds[i]))
{
actionResult = new ForbidResult();
break;
}
}
}
break;
}
}
break;
}
}
catch (Exception ex)
{
actionResult = new ForbidResult(ex.Message);
}
if (actionResult != null)
{
context.Result = actionResult;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="ForbidResultAssertions" /> class.
/// </summary>
/// <param name="subject">The object to test assertion on</param>
public ForbidResultAssertions(ForbidResult subject) : base(subject)
{
}
