public void ShouldAllowAccessIfTokenIsValidAndDataMatchesRecords() { var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtToken()); var apiName = _faker.Random.Word(); var consumerName = _faker.Random.Word(); _mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse()); _mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName); var tokenData = new AuthTokenServiceFlow { ApiEndpointName = request.ApiEndpointName, ApiName = apiName, HttpMethodType = request.HttpMethodType, Environment = request.Environment, ConsumerName = consumerName, Enabled = true, ExpirationDate = null }; _mockDatabaseGateway.Setup(x => x.GetTokenData(It.IsAny <int>())).Returns(tokenData); var result = _classUnderTest.ExecuteServiceAuth(request); result.Allow.Should().BeTrue(); result.User.Should().Be(consumerName + tokenData.Id); }
public void VerifyThatUseCaseCallsGateway() { var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtToken()); _mockDatabaseGateway.Setup(x => x.GetTokenData(It.IsAny <int>())).Returns(new AuthTokenServiceFlow()); _mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse()); _classUnderTest.ExecuteServiceAuth(request); _mockDatabaseGateway.Verify(x => x.GetTokenData(It.IsAny <int>()), Times.Once); }
public void ShouldReturnFalseIfTokenIsNotValid() { var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtToken()); //change key to simulate failed validation Environment.SetEnvironmentVariable("jwtSecret", _faker.Random.AlphaNumeric(16)); var result = _classUnderTest.ExecuteServiceAuth(request); result.Allow.Should().BeFalse(); result.User.Should().Be("user"); }
public void ShouldNotAllowAccessIfTokenIsValidButDoesNotMatchTokenDataRecords() { var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtToken()); _mockDatabaseGateway.Setup(x => x.GetTokenData(It.IsAny <int>())).Returns(new AuthTokenServiceFlow()); var apiName = _faker.Random.Word(); _mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse()); _mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName); var result = _classUnderTest.ExecuteServiceAuth(request); result.Allow.Should().BeFalse(); result.User.Should().Be("0"); }
public void VerifyThatUseCaseForUserAuthCallsGateway() { var groups = new List <string> { _faker.Random.Word(), _faker.Random.Word() }; var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtTokenUserFlow(groups)); var dbData = _fixture.Create <APIDataUserFlow>(); var apiName = _faker.Random.Word(); _mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse()); _mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName); _mockDynamoDbGateway.Setup(x => x.GetAPIDataByNameAndEnvironmentAsync(apiName, request.Environment)).Returns(dbData); _classUnderTest.ExecuteUserAuth(request); _mockDynamoDbGateway.Verify(x => x.GetAPIDataByNameAndEnvironmentAsync(apiName, request.Environment), Times.Once); }
public void Setup() { _serviceProvider = new Mock <IServiceProvider>(); _classUnderTest = new VerifyTokenHandler(_serviceProvider.Object); _mockDatabaseGateway = new Mock <IAuthTokenDatabaseGateway>(); _mockAwsApiGateway = new Mock <IAwsApiGateway>(); _mockAwsStsGateway = new Mock <IAwsStsGateway>(); _mockDynamoDbGateway = new Mock <IDynamoDbGateway>(); //set up env vars Environment.SetEnvironmentVariable("jwtSecret", _fixture.Create <string>()); Environment.SetEnvironmentVariable("hackneyUserAuthTokenJwtSecret", _faker.Random.AlphaNumeric(25)); //set up JWT tokens _allowedGroups = new List <string> { _faker.Random.Word(), _faker.Random.Word() }; _jwtServiceFlow = GenerateJwtHelper.GenerateJwtToken(); _jwtUserFlow = GenerateJwtHelper.GenerateJwtTokenUserFlow(_allowedGroups); }
public void ShouldDenyAccessIfRequestDataDoesNotMatchDbData() { var groups = new List <string> { _faker.Random.Word(), _faker.Random.Word() }; var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtTokenUserFlow(groups)); var apiName = _faker.Random.Word(); //no matching environment or aws account should result in deny var dbData = _fixture.Build <APIDataUserFlow>() .With(x => x.AllowedGroups, groups) .With(x => x.ApiName, apiName).Create(); _mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse()); _mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName); _mockDynamoDbGateway.Setup(x => x.GetAPIDataByNameAndEnvironmentAsync(apiName, request.Environment)).Returns(dbData); var result = _classUnderTest.ExecuteUserAuth(request); result.Allow.Should().BeFalse(); }