public void Invoke_FromSuperAdminToSuperAdmin_NotSavedInDatabase()
{
// Prepare
var dataUser = new DataAccess.Models.User
{
IsSuperAdmin = true
};
var getAllResults = new List <UserApps>();
var mockedUserAppsRepository = new Mock <IUserAppRepository>();
var mockedUserRepository = new Mock <IUserRepository>();
var mockedAddNewUserApp = new Mock <IAddNewUserApp>();
mockedUserRepository.Setup(r => r.GetById(It.IsAny <int>()))
.Returns(dataUser);
mockedUserAppsRepository.Setup(r => r.FindBy(It.IsAny <Expression <Func <UserApps, bool> > >()))
.Returns(getAllResults.AsQueryable());
var action = new RevokeRole(mockedUserAppsRepository.Object,
mockedUserRepository.Object,
mockedAddNewUserApp.Object);
// Action
var actionResult = action.Invoke(1, 1, Enums.UserRole.SuperAdmin);
// Check
Assert.False(actionResult);
mockedUserAppsRepository.Verify(r => r.Edit(It.IsAny <UserApps>()), Times.Never);
mockedUserAppsRepository.Verify(r => r.Save(), Times.Never);
mockedUserRepository.Verify(r => r.Edit(It.IsAny <DataAccess.Models.User>()), Times.Never);
mockedUserRepository.Verify(r => r.Save(), Times.Never);
mockedAddNewUserApp.Verify(r => r.Invoke(It.IsAny <UserAppModel>()), Times.Never);
}
public void Invoke_UserNotHaveAnyApp_NotSavedInDatabase()
{
// Prepare
var dataUser = new DataAccess.Models.User
{
IsSuperAdmin = false
};
var mockedUserAppsRepository = new Mock <IUserAppRepository>();
var mockedUserRepository = new Mock <IUserRepository>();
var mockedAddNewUserApp = new Mock <IAddNewUserApp>();
mockedUserRepository.Setup(r => r.GetById(It.IsAny <int>()))
.Returns(dataUser);
var action = new RevokeRole(mockedUserAppsRepository.Object,
mockedUserRepository.Object,
mockedAddNewUserApp.Object);
// Action
var actionResult = action.Invoke(1, 1, Enums.UserRole.Manager);
// Check
Assert.False(actionResult);
mockedUserRepository.Verify(r => r.Edit(It.IsAny <DataAccess.Models.User>()), Times.Never);
mockedUserRepository.Verify(r => r.Save(), Times.Never);
mockedAddNewUserApp.Verify(r => r.Invoke(It.IsAny <UserAppModel>()), Times.Never);
mockedUserAppsRepository.Verify(r => r.Edit(It.IsAny <UserApps>()), Times.Never);
mockedUserAppsRepository.Verify(r => r.Save(), Times.Never);
}
public void Invoke_LowerRoleThanSuperAdminNotInApp_SavedInDatabase()
{
// Prepare
var dataUser = new DataAccess.Models.User
{
IsSuperAdmin = true
};
var mockedUserAppsRepository = new Mock <IUserAppRepository>();
var mockedUserRepository = new Mock <IUserRepository>();
var mockedAddNewUserApp = new Mock <IAddNewUserApp>();
var savedUser = dataUser;
mockedUserRepository.Setup(r => r.GetById(It.IsAny <int>()))
.Returns(dataUser);
mockedUserRepository.Setup(r => r.Edit(It.IsAny <DataAccess.Models.User>()))
.Callback <DataAccess.Models.User>(user => savedUser = user);
var action = new RevokeRole(mockedUserAppsRepository.Object,
mockedUserRepository.Object,
mockedAddNewUserApp.Object);
// Action
var actionResult = action.Invoke(1, 1, Enums.UserRole.Manager);
// Check
Assert.True(actionResult);
mockedUserRepository.Verify(r => r.Edit(It.IsAny <DataAccess.Models.User>()), Times.Once);
mockedUserRepository.Verify(r => r.Save(), Times.Once);
mockedAddNewUserApp.Verify(r => r.Invoke(It.IsAny <UserAppModel>()), Times.Once);
mockedUserAppsRepository.Verify(r => r.Edit(It.IsAny <UserApps>()), Times.Never);
mockedUserAppsRepository.Verify(r => r.Save(), Times.Never);
Assert.False(savedUser.IsSuperAdmin);
}
public void Can_grant_and_revoke_roles_between_users()
{
var capture = new PlaintextKeyCapture("rosebud", "rosebud");
var service = new TempKeyFileService();
var rootPubKey = CryptoTestHarness.GenerateKeyFile(_output, capture, service);
capture.Reset();
var userPubKey = CryptoTestHarness.GenerateKeyFile(_output, capture, new TempKeyFileService());
capture.Reset();
var grant = new GrantRole("admin", rootPubKey, userPubKey);
grant.Sign(service, capture);
Assert.True(grant.Authority.SequenceEqual(rootPubKey));
Assert.True(grant.Subject.SequenceEqual(userPubKey));
Assert.True(grant.Verify(), "grant was not verified");
capture.Reset();
var revoke = new RevokeRole(Constants.DefaultOwnerRole, rootPubKey, userPubKey);
revoke.Sign(service, capture);
Assert.True(revoke.Authority.SequenceEqual(rootPubKey));
Assert.True(revoke.Subject.SequenceEqual(userPubKey));
Assert.True(revoke.Verify(), "revoke was not verified");
}
public async Task Cannot_revoke_only_owner_grant()
{
var capture = new PlaintextKeyCapture("rosebud", "rosebud");
var service = new TempKeyFileService();
var publicKey = CryptoTestHarness.GenerateKeyFile(_output, capture, service);
capture.Reset();
var revoke = new RevokeRole(Constants.DefaultOwnerRole, publicKey, publicKey);
revoke.Sign(service, capture);
Assert.True(revoke.Verify(), "revocation did not verify");
using var fixture = new LogStoreFixture();
var @default = LogEntryFactory.CreateNamespaceEntry(Constants.DefaultNamespace, default);
await fixture.Store.AddEntryAsync(@default);
var ontology = new MemoryOntologyLog(new OntologyEvents(), publicKey);
Assert.Single(ontology.Roles[Constants.DefaultNamespace]);
await fixture.Store.AddEntryAsync(LogEntryFactory.CreateEntry(revoke));
await Assert.ThrowsAsync <CannotRemoveSingleOwnerException>(() => ontology.MaterializeAsync(fixture.Store));
}
public void Invoke_LowerRoleThanSuperAdminInApp_SavedInDatabase()
{
// Prepare
var dataUser = new DataAccess.Models.User
{
IsSuperAdmin = true
};
var dataUserApp = new UserApps
{
User = new DataAccess.Models.User {
Id = 1
},
App = new DataAccess.Models.App {
Id = 1
},
Role = UserRole.Manager
};
var mockedUserAppsRepository = new Mock <IUserAppRepository>();
var mockedUserRepository = new Mock <IUserRepository>();
var mockedAddNewUserApp = new Mock <IAddNewUserApp>();
var savedUser = dataUser;
var dataUserAppSaved = dataUserApp;
var getUserAppResults = new List <UserApps> {
dataUserApp
};
mockedUserRepository.Setup(r => r.GetById(It.IsAny <int>()))
.Returns(dataUser);
mockedUserRepository.Setup(r => r.Edit(It.IsAny <DataAccess.Models.User>()))
.Callback <DataAccess.Models.User>(user => savedUser = user);
mockedUserAppsRepository.Setup(r => r.FindBy(It.IsAny <Expression <Func <UserApps, bool> > >()))
.Returns(getUserAppResults.AsQueryable());
mockedUserAppsRepository.Setup(r => r.Edit(It.IsAny <UserApps>()))
.Callback <UserApps>(userApp => dataUserAppSaved = userApp);
var action = new RevokeRole(mockedUserAppsRepository.Object,
mockedUserRepository.Object,
mockedAddNewUserApp.Object);
// Action
var actionResult = action.Invoke(1, 1, Enums.UserRole.Manager);
// Check
Assert.True(actionResult);
mockedUserRepository.Verify(r => r.Edit(It.IsAny <DataAccess.Models.User>()), Times.Once);
mockedUserRepository.Verify(r => r.Save(), Times.Once);
mockedAddNewUserApp.Verify(r => r.Invoke(It.IsAny <UserAppModel>()), Times.Never);
mockedUserAppsRepository.Verify(r => r.Edit(It.IsAny <UserApps>()), Times.Never);
mockedUserAppsRepository.Verify(r => r.Save(), Times.Never);
Assert.False(savedUser.IsSuperAdmin);
Assert.Equal(UserRole.Manager, dataUserAppSaved.Role);
}
public void Invoke_IncorrectUserData_NotSavedInDatabase()
{
// Prepare
var mockedUserAppsRepository = new Mock <IUserAppRepository>();
var mockedUserRepository = new Mock <IUserRepository>();
var mockedAddNewUserApp = new Mock <IAddNewUserApp>();
var action = new RevokeRole(mockedUserAppsRepository.Object,
mockedUserRepository.Object,
mockedAddNewUserApp.Object);
// Action
var actionResult = action.Invoke(1, 1, Enums.UserRole.User);
// Check
Assert.False(actionResult);
mockedUserAppsRepository.Verify(r => r.Edit(It.IsAny <UserApps>()), Times.Never);
mockedUserAppsRepository.Verify(r => r.Save(), Times.Never);
mockedUserRepository.Verify(r => r.Edit(It.IsAny <DataAccess.Models.User>()), Times.Never);
mockedUserRepository.Verify(r => r.Save(), Times.Never);
mockedAddNewUserApp.Verify(r => r.Invoke(It.IsAny <UserAppModel>()), Times.Never);
}
