public void NamespaceBasedAuthorization_MatchOnNamespace_ShouldThrowNoExceptions() { //Arrange var strategy = new NamespaceBasedAuthorizationStrategy(); var claims = new List <Claim> { new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi.org/"), new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, @"uri://ed-fi-2.org/") }; ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims, EdFiAuthenticationTypes.OAuth)); string resource = @"http://ed-fi.org/ods/identity/claims/academicSubjectDescriptor"; string action = @"http://ed-fi.org/ods/actions/manage"; var data = new NamespaceBasedAuthorizationContextData { Namespace = @"uri://ed-fi.org/" }; //Act strategy.GetAuthorizationStrategyFiltering( new List <Claim>(), new EdFiAuthorizationContext(new ApiKeyContext(), principal, new[] { resource }, action, data)); //Assert }
public void NamespaceBasedAuthorization_EmptyNamespaceClaim() { //Arrange var strategy = new NamespaceBasedAuthorizationStrategy(); var claims = new List <Claim> { new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, string.Empty), new Claim(EdFiOdsApiClaimTypes.NamespacePrefix, string.Empty) }; ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims, EdFiAuthenticationTypes.OAuth)); string resource = @"http://ed-fi.org/ods/identity/claims/academicSubjectDescriptor"; string action = @"http://ed-fi.org/ods/actions/manage"; var data = new NamespaceBasedAuthorizationContextData { Namespace = @"uri://ed-fi.org/" }; //Act var exception = Assert.Throws <EdFiSecurityException>( () => strategy.GetAuthorizationStrategyFiltering( new List <Claim>(), new EdFiAuthorizationContext(new ApiKeyContext(), principal, new[] { resource }, action, data))); exception.Message.ShouldBe( "Access to the resource could not be authorized because the caller did not have any NamespacePrefix claims ('" + EdFiOdsApiClaimTypes.NamespacePrefix + "') or the claim values were all empty."); //Assert }