public void UnauthenticatedActivityNullDefaultFalse() { var scope = new AuthorizationScope { Activities = { new Activity { Resource = "Home", Action = "Index", //AllowUnauthenticated = true, // NB This allows us to override the top level default Default = false, } } }; var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, false, null, false); var principal = CreatePrincipal("fred", new List <string>(), null, false); var candidate = authorizer.IsAuthorized("Home", "Index", principal); Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs"); Assert.That(candidate.Reason, Is.Null, "Reason differs"); }
public void ActivityDefaultAuthorizationFallback() { var scope = SampleScope(null); var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, true, "Test"); var principal = CreatePrincipal("charlie", new List <string>()); var candidate = authorizer.IsAuthorized("Default", null, principal); Assert.That(candidate.IsAuthorized, Is.True, "IsAuthorized differs"); }
public void DefaultFalseUnauthenticatedFalse() { var scope = new AuthorizationScope(); var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, false, null, false); var principal = CreatePrincipal("fred", new List <string>(), null, false); var candidate = authorizer.IsAuthorized("Test", null, principal); Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs"); Assert.That(candidate.Reason, Is.EqualTo("IsAuthenticated: false"), "Reason differs"); }
public void DefaultActivityDenyRoleTakesPrecendence() { var scope = SampleScope(null); var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, true, "Test"); var principal = CreatePrincipal("bob", new List <string> { "a" }); var candidate = authorizer.IsAuthorized("Default", null, principal); Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs"); }
public void ActivityHierarchyGrantRole() { var scope = SampleScope(null); var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, true); var principal = CreatePrincipal("charlie", new List <string> { "b" }); var candidate = authorizer.IsAuthorized("Test", "Index", principal); Assert.That(candidate.IsAuthorized, Is.True, "IsAuthorized differs"); }
public void AuthorizerDefaultAuthorizationFalse() { var scope = new AuthorizationScope(); var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, false); Assert.AreEqual(false, authorizer.DefaultAuthorization, "Default authorization differs"); var principal = CreatePrincipal("charlie", new List <string>()); var candidate = authorizer.IsAuthorized("Test", null, principal); Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs"); }
public void ActivityGrantClaim() { var scope = SampleScope(null); var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, true); var principal = CreatePrincipal("charlie", new List <string>(), new List <string> { "q" }); var candidate = authorizer.IsAuthorized("Test", null, principal); Assert.That(candidate.IsAuthorized, Is.True, "IsAuthorized differs"); Assert.That(candidate.Reason, Is.EqualTo("Claim: team/q"), "Reason differs"); }
public void ActivityDenyClaimTakesPrecendence() { var scope = SampleScope(null); var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, true); var principal = CreatePrincipal("bob", new List <string>(), new List <string> { "p" }); var candidate = authorizer.IsAuthorized("Test", null, principal); Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs"); Assert.That(candidate.Reason, Is.EqualTo("Claim: team/p"), "Reason differs"); }
public void ActivityHierarchyExplicitActionDenyRoleTakesPrecendence() { var scope = SampleScope(null); var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, true); var principal = CreatePrincipal("bob", new List <string> { "a" }); var candidate = authorizer.IsAuthorized("Test", "Foo", principal); Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs"); // NB Proves we got the "Test.Foo" activity Assert.IsNull(candidate.PrincipalReason); }
public void ActivityHierarchyDenyUserTakesPrecedence() { var scope = SampleScope(null); var provider = new StaticAuthorizationScopeProvider(scope); var authorizer = new ActivityAuthorizer(provider, true); var principal = CreatePrincipal("alice", new List <string> { "b" }); var candidate = authorizer.IsAuthorized("Test", "Index", principal); Assert.That(candidate.IsAuthorized, Is.False, "IsAuthorized differs"); // NB Proves we got the "Test" activity Assert.IsNotNull(candidate.PrincipalReason); Assert.IsNull(candidate.PrincipalReason.Action); }