public void ShouldAllowAccessIfTokenIsValidAndDataMatchesRecords()
{
var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtToken());
var apiName = _faker.Random.Word();
var consumerName = _faker.Random.Word();
_mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse());
_mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName);
var tokenData = new AuthTokenServiceFlow
{
ApiEndpointName = request.ApiEndpointName,
ApiName = apiName,
HttpMethodType = request.HttpMethodType,
Environment = request.Environment,
ConsumerName = consumerName,
Enabled = true,
ExpirationDate = null
};
_mockDatabaseGateway.Setup(x => x.GetTokenData(It.IsAny <int>())).Returns(tokenData);
var result = _classUnderTest.ExecuteServiceAuth(request);
result.Allow.Should().BeTrue();
result.User.Should().Be(consumerName + tokenData.Id);
}
public void VerifyThatUseCaseCallsGateway()
{
var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtToken());
_mockDatabaseGateway.Setup(x => x.GetTokenData(It.IsAny <int>())).Returns(new AuthTokenServiceFlow());
_mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse());
_classUnderTest.ExecuteServiceAuth(request);
_mockDatabaseGateway.Verify(x => x.GetTokenData(It.IsAny <int>()), Times.Once);
}
public void ShouldReturnFalseIfTokenIsNotValid()
{
var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtToken());
//change key to simulate failed validation
Environment.SetEnvironmentVariable("jwtSecret", _faker.Random.AlphaNumeric(16));
var result = _classUnderTest.ExecuteServiceAuth(request);
result.Allow.Should().BeFalse();
result.User.Should().Be("user");
}
public void ShouldNotAllowAccessIfTokenIsValidButDoesNotMatchTokenDataRecords()
{
var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtToken());
_mockDatabaseGateway.Setup(x => x.GetTokenData(It.IsAny <int>())).Returns(new AuthTokenServiceFlow());
var apiName = _faker.Random.Word();
_mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse());
_mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName);
var result = _classUnderTest.ExecuteServiceAuth(request);
result.Allow.Should().BeFalse();
result.User.Should().Be("0");
}
public void VerifyThatUseCaseForUserAuthCallsGateway()
{
var groups = new List <string> {
_faker.Random.Word(), _faker.Random.Word()
};
var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtTokenUserFlow(groups));
var dbData = _fixture.Create <APIDataUserFlow>();
var apiName = _faker.Random.Word();
_mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse());
_mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName);
_mockDynamoDbGateway.Setup(x => x.GetAPIDataByNameAndEnvironmentAsync(apiName, request.Environment)).Returns(dbData);
_classUnderTest.ExecuteUserAuth(request);
_mockDynamoDbGateway.Verify(x => x.GetAPIDataByNameAndEnvironmentAsync(apiName, request.Environment), Times.Once);
}
public void Setup()
{
_serviceProvider = new Mock <IServiceProvider>();
_classUnderTest = new VerifyTokenHandler(_serviceProvider.Object);
_mockDatabaseGateway = new Mock <IAuthTokenDatabaseGateway>();
_mockAwsApiGateway = new Mock <IAwsApiGateway>();
_mockAwsStsGateway = new Mock <IAwsStsGateway>();
_mockDynamoDbGateway = new Mock <IDynamoDbGateway>();
//set up env vars
Environment.SetEnvironmentVariable("jwtSecret", _fixture.Create <string>());
Environment.SetEnvironmentVariable("hackneyUserAuthTokenJwtSecret", _faker.Random.AlphaNumeric(25));
//set up JWT tokens
_allowedGroups = new List <string> {
_faker.Random.Word(), _faker.Random.Word()
};
_jwtServiceFlow = GenerateJwtHelper.GenerateJwtToken();
_jwtUserFlow = GenerateJwtHelper.GenerateJwtTokenUserFlow(_allowedGroups);
}
public void ShouldDenyAccessIfRequestDataDoesNotMatchDbData()
{
var groups = new List <string> {
_faker.Random.Word(), _faker.Random.Word()
};
var request = GenerateAuthorizerRequest(GenerateJwtHelper.GenerateJwtTokenUserFlow(groups));
var apiName = _faker.Random.Word();
//no matching environment or aws account should result in deny
var dbData = _fixture.Build <APIDataUserFlow>()
.With(x => x.AllowedGroups, groups)
.With(x => x.ApiName, apiName).Create();
_mockAwsStsGateway.Setup(x => x.GetTemporaryCredentials(It.IsAny <string>())).Returns(new AssumeRoleResponse());
_mockAwsApiGateway.Setup(x => x.GetApiName(It.IsAny <string>(), It.IsAny <Credentials>())).Returns(apiName);
_mockDynamoDbGateway.Setup(x => x.GetAPIDataByNameAndEnvironmentAsync(apiName, request.Environment)).Returns(dbData);
var result = _classUnderTest.ExecuteUserAuth(request);
result.Allow.Should().BeFalse();
}
