public async Task WithPermission()
{
var fixture = new Fixture();
ManageProjectPropertiesPermission(fixture);
var tokenizer = new Mock <ITokenizer>();
tokenizer
.Setup(x => x.Principal(It.IsAny <string>()))
.Returns(PrincipalWithClaims());
var vstsClient = new Mock <IVstsRestClient>();
vstsClient
.Setup(x => x.GetAsync(It.Is <IVstsRequest <Response.PermissionsProjectId> >(req =>
req.QueryParams.Values.Contains("ab84d5a2-4b8d-68df-9ad3-cc9c8884270c"))))
.Returns(Task.FromResult(fixture.Create <Response.PermissionsProjectId>()))
.Verifiable();
var request = new HttpRequestMessage();
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "");
var function = new ReconcileFunction(vstsClient.Object,
new IBuildPipelineRule[0], new IReleasePipelineRule[0], new IProjectRule[0], new IRepositoryRule[0], tokenizer.Object);
(await function
.HasPermissionAsync(request, "raboweb", "TAS"))
.ShouldBeOfType <OkObjectResult>()
.Value
.ShouldBe(true);
vstsClient.Verify();
}
public async Task ScopeNotFound()
{
var fixture = new Fixture();
ManageProjectPropertiesPermission(fixture);
var tokenizer = new Mock <ITokenizer>();
tokenizer
.Setup(x => x.Principal(It.IsAny <string>()))
.Returns(PrincipalWithClaims());
var vstsClient = new Mock <IVstsRestClient>();
vstsClient
.Setup(x => x.GetAsync(It.IsAny <IVstsRequest <Response.PermissionsProjectId> >()))
.Returns(Task.FromResult(fixture.Create <Response.PermissionsProjectId>()))
.Verifiable();
var request = new HttpRequestMessage();
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "");
var function = new ReconcileFunction(vstsClient.Object,
new IBuildPipelineRule[0], new IReleasePipelineRule[0], new IProjectRule[0], new IRepositoryRule[0], tokenizer.Object);
var result = (await function.ReconcileAsync(request,
"raboweb",
"TAS",
"non-existing-scope",
"some-non-existing-rule")).ShouldBeOfType <NotFoundObjectResult>();
result.Value.ShouldBe("non-existing-scope");
}
public async Task <ItemExtensionData> RunAsync([ActivityTrigger]
Response.Project project)
{
if (project == null)
{
throw new ArgumentNullException(nameof(project));
}
return(new ItemExtensionData
{
Item = null,
ItemId = null,
Rules = await Task.WhenAll(_rules.Select(async r =>
{
var ruleName = r.GetType().Name;
return new EvaluatedRule
{
Name = ruleName,
Description = r.Description,
Link = r.Link,
Status = await r.EvaluateAsync(project.Id)
.ConfigureAwait(false),
Reconcile = ReconcileFunction.ReconcileFromRule(
_config, project.Id, r as IProjectReconcile)
};
})
.ToList())
.ConfigureAwait(false)
});
}
public async Task UnauthorizedWithoutHeaderWhenHasPermission()
{
var request = new HttpRequestMessage();
request.Headers.Authorization = null;
var function = new ReconcileFunction(null, new IBuildPipelineRule[0], new IReleasePipelineRule[0], new IProjectRule[0], new IRepositoryRule[0],
new Mock <ITokenizer>().Object);
(await function
.HasPermissionAsync(request, "raboweb", "TAS"))
.ShouldBeOfType <UnauthorizedResult>();
}
public async Task CanPassPostDataToRule()
{
var fixture = new Fixture();
ManageProjectPropertiesPermission(fixture);
var rule = new Mock <IProjectRule>(MockBehavior.Strict);
rule
.As <IProjectReconcile>()
.Setup(x => x.ReconcileAsync("TAS"))
.Returns(Task.CompletedTask)
.Verifiable();
var tokenizer = new Mock <ITokenizer>();
tokenizer
.Setup(x => x.Principal(It.IsAny <string>()))
.Returns(PrincipalWithClaims());
var vstsClient = new Mock <IVstsRestClient>();
vstsClient
.Setup(x => x.GetAsync(It.IsAny <IVstsRequest <Response.PermissionsProjectId> >()))
.Returns(Task.FromResult(fixture.Create <Response.PermissionsProjectId>()));
var json = JsonConvert.SerializeObject(new { ciIdentifier = "CI123444" });
var request = new HttpRequestMessage();
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "");
request.Content = new StringContent(
json,
System.Text.Encoding.UTF8,
"application/json"
);
var function = new ReconcileFunction(vstsClient.Object, new IBuildPipelineRule[0], new IReleasePipelineRule[0], new[] { rule.Object }, new IRepositoryRule[0], tokenizer.Object);
(await function.ReconcileAsync(request,
"raboweb",
"TAS",
RuleScopes.GlobalPermissions,
rule.Object.GetType().Name)).ShouldBeOfType <OkResult>();
rule.Verify();
}
public async Task UnauthorizedWithoutNameClaimWhenHasPermission()
{
var tokenizer = new Mock <ITokenizer>();
tokenizer
.Setup(x => x.Principal(It.IsAny <string>()))
.Returns(new ClaimsPrincipal());
var request = new HttpRequestMessage();
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "");
var function = new ReconcileFunction(null, new IBuildPipelineRule[0], new IReleasePipelineRule[0], new IProjectRule[0], new IRepositoryRule[0],
tokenizer.Object);
(await function
.HasPermissionAsync(request, "raboweb", "TAS"))
.ShouldBeOfType <UnauthorizedResult>();
}
public async Task CanCheckPermissionsForUserWithUnknownVsIInTokenAndInvalidUserId()
{
var fixture = new Fixture();
ManageProjectPropertiesPermission(fixture);
var tokenizer = new Mock <ITokenizer>();
tokenizer
.Setup(x => x.Principal(It.IsAny <string>()))
.Returns(PrincipalWithClaims());
var vstsClient = new Mock <IVstsRestClient>();
vstsClient
.Setup(x => x.GetAsync(It.Is <IVstsRequest <Response.PermissionsProjectId> >(req =>
req.QueryParams.Values.Contains("ab84d5a2-4b8d-68df-9ad3-cc9c8884270c"))))
.Returns(Task.FromResult <Response.PermissionsProjectId>(null))
.Verifiable();
vstsClient
.Setup(x => x.GetAsync(It.Is <IVstsRequest <Response.PermissionsProjectId> >(req =>
req.QueryParams.Values.Contains("ef2e3683-8fb5-439d-9dc9-53af732e6387"))))
.Returns(Task.FromResult <Response.PermissionsProjectId>(null))
.Verifiable();
var request = new HttpRequestMessage();
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "");
request.RequestUri =
new System.Uri(
"https://dev.azure.com/reconcile/raboweb/TAS/haspermissions?userId=ef2e3683-8fb5-439d-9dc9-53af732e6387");
var function = new ReconcileFunction(vstsClient.Object,
new IBuildPipelineRule[0], new IReleasePipelineRule[0], new IProjectRule[0], new IRepositoryRule[0], tokenizer.Object);
(await function
.HasPermissionAsync(request, "raboweb", "TAS"))
.ShouldBeOfType <OkObjectResult>()
.Value
.ShouldBe(false);
vstsClient.Verify();
}
public async Task ExistingRepositoryRuleExecutedWhenReconcile()
{
var fixture = new Fixture();
ManageProjectPropertiesPermission(fixture);
var rule = new Mock <IRepositoryRule>(MockBehavior.Strict);
rule
.As <IReconcile>()
.Setup(x => x.ReconcileAsync("TAS", "repository-id"))
.Returns(Task.CompletedTask)
.Verifiable();
var tokenizer = new Mock <ITokenizer>();
tokenizer
.Setup(x => x.Principal(It.IsAny <string>()))
.Returns(PrincipalWithClaims());
var vstsClient = new Mock <IVstsRestClient>();
vstsClient
.Setup(x => x.GetAsync(It.IsAny <IVstsRequest <Response.PermissionsProjectId> >()))
.Returns(Task.FromResult(fixture.Create <Response.PermissionsProjectId>()));
var request = new HttpRequestMessage();
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "");
var function = new ReconcileFunction(vstsClient.Object, new IBuildPipelineRule[0], new IReleasePipelineRule[0], new IProjectRule[0], new[] { rule.Object },
tokenizer.Object);
(await function.ReconcileAsync(request,
"raboweb",
"TAS",
RuleScopes.Repositories,
rule.Object.GetType().Name,
"repository-id")).ShouldBeOfType <OkResult>();
rule.Verify();
}
public async Task UnauthorizedWithoutPermissionWhenReconcile()
{
var fixture = new Fixture();
fixture.Customize <Response.Permission>(ctx =>
ctx.With(x => x.DisplayName, "Manage project properties"));
var tokenizer = new Mock <ITokenizer>();
tokenizer
.Setup(x => x.Principal(It.IsAny <string>()))
.Returns(PrincipalWithClaims());
var vstsClient = new Mock <IVstsRestClient>();
vstsClient
.Setup(x => x.GetAsync(It.Is <IVstsRequest <Response.PermissionsProjectId> >(req =>
req.QueryParams.Values.Contains("ab84d5a2-4b8d-68df-9ad3-cc9c8884270c"))))
.Returns(Task.FromResult(fixture.Create <Response.PermissionsProjectId>()))
.Verifiable();
var request = new HttpRequestMessage();
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "");
var function = new ReconcileFunction(vstsClient.Object,
new IBuildPipelineRule[0], new IReleasePipelineRule[0], new IProjectRule[0], new IRepositoryRule[0], tokenizer.Object);
(await function.ReconcileAsync(request,
"raboweb",
"TAS",
RuleScopes.GlobalPermissions,
"some-non-existing-rule"))
.ShouldBeOfType <UnauthorizedResult>();
vstsClient.Verify();
}
