public async Task When_Authorization_Policy_Is_Updated_Then_True_Is_Returned()
{
// ARRANGE
var updatePolicyParameter = new UpdatePolicyParameter
{
PolicyId = "valid_policy_id",
Rules = new List <UpdatePolicyRuleParameter>
{
new UpdatePolicyRuleParameter
{
Claims = new List <AddClaimParameter>
{
new AddClaimParameter
{
Type = "type",
Value = "value"
}
},
Scopes = new List <string>
{
"scope"
}
}
}
};
InitializeFakeObjects();
_repositoryExceptionHelperStub.Setup(r => r.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
It.IsAny <Func <Task <Policy> > >())).Returns(Task.FromResult(new Policy
{
ResourceSetIds = new List <string>
{
"resource_id"
}
}));
_repositoryExceptionHelperStub.Setup(r => r.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, updatePolicyParameter.PolicyId),
It.IsAny <Func <Task <bool> > >())).Returns(Task.FromResult(true));
_resourceSetRepositoryStub.Setup(r => r.Get(It.IsAny <string>())).Returns(Task.FromResult(new ResourceSet
{
Scopes = new List <string>
{
"scope"
}
}));
// ACT
var result = await _updatePolicyAction.Execute(updatePolicyParameter);
// ASSERT
Assert.True(result);
}
public async Task <bool> Execute(UpdatePolicyParameter updatePolicyParameter)
{
if (updatePolicyParameter == null)
{
throw new ArgumentNullException(nameof(updatePolicyParameter));
}
if (string.IsNullOrWhiteSpace(updatePolicyParameter.PolicyId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, "id"));
}
_umaServerEventSource.StartUpdateAuthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
() => _policyRepository.Get(updatePolicyParameter.PolicyId));
if (policy == null)
{
return(false);
}
foreach (var resourceSetId in policy.ResourceSetIds)
{
var resourceSet = await _resourceSetRepository.Get(resourceSetId).ConfigureAwait(false);
if (updatePolicyParameter.Scopes.Any(r => !resourceSet.Scopes.Contains(r)))
{
throw new BaseUmaException(ErrorCodes.InvalidScope, ErrorDescriptions.OneOrMoreScopesDontBelongToAResourceSet);
}
}
policy.Scopes = updatePolicyParameter.Scopes;
policy.IsResourceOwnerConsentNeeded = updatePolicyParameter.IsResourceOwnerConsentNeeded;
policy.Claims = new List <Claim>();
policy.Script = updatePolicyParameter.Script;
if (updatePolicyParameter.Claims != null)
{
policy.Claims = updatePolicyParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList();
}
var result = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, updatePolicyParameter.PolicyId),
() => _policyRepository.Update(policy));
_umaServerEventSource.FinishUpdateAuhthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
return(result);
}
public async Task <bool> Execute(UpdatePolicyParameter updatePolicyParameter)
{
if (updatePolicyParameter == null)
{
throw new ArgumentNullException(nameof(updatePolicyParameter));
}
if (updatePolicyParameter.Rules == null ||
!updatePolicyParameter.Rules.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPolicyParameterNames.Rules));
}
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
() => _policyRepository.Get(updatePolicyParameter.PolicyId));
if (policy == null)
{
return(false);
}
policy.Rules = new List <PolicyRule>();
foreach (var ruleParameter in updatePolicyParameter.Rules)
{
var claims = new List <Claim>();
if (ruleParameter.Claims != null)
{
claims = ruleParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList();
}
policy.Rules.Add(new PolicyRule
{
Id = ruleParameter.Id,
ClientIdsAllowed = ruleParameter.ClientIdsAllowed,
IsResourceOwnerConsentNeeded = ruleParameter.IsResourceOwnerConsentNeeded,
Scopes = ruleParameter.Scopes,
Script = ruleParameter.Script,
Claims = claims,
OpenIdProvider = ruleParameter.OpenIdProvider
});
}
return(await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, updatePolicyParameter.PolicyId),
() => _policyRepository.Update(policy)));
}
public async Task When_Scope_Is_Not_Valid_Then_Exception_Is_Thrown()
{
// ARRANGE
var updatePolicyParameter = new UpdatePolicyParameter
{
PolicyId = "policy_id",
Rules = new List <UpdatePolicyRuleParameter>
{
new UpdatePolicyRuleParameter
{
Scopes = new List <string>
{
"invalid_scope"
}
}
}
};
InitializeFakeObjects();
_repositoryExceptionHelperStub.Setup(r => r.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
It.IsAny <Func <Task <Policy> > >())).Returns(() => Task.FromResult(new Policy
{
ResourceSetIds = new List <string>
{
"resource_id"
}
}));
_resourceSetRepositoryStub.Setup(r => r.Get(It.IsAny <string>())).Returns(Task.FromResult(new ResourceSet
{
Scopes = new List <string>
{
"scope"
}
}));
// ACT
var result = await Assert.ThrowsAsync <BaseUmaException>(() => _updatePolicyAction.Execute(updatePolicyParameter));
// ASSERT
Assert.NotNull(result);
Assert.Equal("invalid_scope", result.Code);
Assert.Equal("one or more scopes don't belong to a resource set", result.Message);
}
public async Task When_Authorization_Policy_Doesnt_Exist_Then_False_Is_Returned()
{
// ARRANGE
var updatePolicyParameter = new UpdatePolicyParameter
{
PolicyId = "not_valid_policy_id"
};
InitializeFakeObjects();
_repositoryExceptionHelperStub.Setup(r => r.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
It.IsAny <Func <Task <Policy> > >())).Returns(() => Task.FromResult((Policy)null));
// ACT
var result = await _updatePolicyAction.Execute(updatePolicyParameter);
// ASSERT
Assert.False(result);
}
public async Task When_Id_Is_Not_Passed_Then_Exception_Is_Thrown()
{
// ARRANGE
var updatePolicyParameter = new UpdatePolicyParameter
{
};
InitializeFakeObjects();
_repositoryExceptionHelperStub.Setup(r => r.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
It.IsAny <Func <Task <Policy> > >())).Returns(() => Task.FromResult((Policy)null));
// ACT & ASSERTS
var exception = await Assert.ThrowsAsync <BaseUmaException>(() => _updatePolicyAction.Execute(updatePolicyParameter));
Assert.NotNull(exception);
Assert.True(exception.Code == ErrorCodes.InvalidRequestCode);
Assert.True(exception.Message == string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, "id"));
}
public Task <bool> UpdatePolicy(UpdatePolicyParameter updatePolicyParameter)
{
return(_updatePolicyAction.Execute(updatePolicyParameter));
}
public async Task <bool> Execute(UpdatePolicyParameter updatePolicyParameter)
{
// Check the parameters
if (updatePolicyParameter == null)
{
throw new ArgumentNullException(nameof(updatePolicyParameter));
}
if (string.IsNullOrWhiteSpace(updatePolicyParameter.PolicyId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, "id"));
}
if (updatePolicyParameter.Rules == null || !updatePolicyParameter.Rules.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPolicyParameterNames.Rules));
}
_umaServerEventSource.StartUpdateAuthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
// Check the authorization policy exists.
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
() => _policyRepository.Get(updatePolicyParameter.PolicyId));
if (policy == null)
{
return(false);
}
policy.Rules = new List <PolicyRule>();
// Check all the scopes are valid.
foreach (var resourceSetId in policy.ResourceSetIds)
{
var resourceSet = await _resourceSetRepository.Get(resourceSetId);
if (updatePolicyParameter.Rules.Any(r => r.Scopes != null && !r.Scopes.All(s => resourceSet.Scopes.Contains(s))))
{
throw new BaseUmaException(ErrorCodes.InvalidScope, ErrorDescriptions.OneOrMoreScopesDontBelongToAResourceSet);
}
}
// Update the authorization policy.
foreach (var ruleParameter in updatePolicyParameter.Rules)
{
var claims = new List <Claim>();
if (ruleParameter.Claims != null)
{
claims = ruleParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList();
}
policy.Rules.Add(new PolicyRule
{
Id = ruleParameter.Id,
ClientIdsAllowed = ruleParameter.ClientIdsAllowed,
IsResourceOwnerConsentNeeded = ruleParameter.IsResourceOwnerConsentNeeded,
Scopes = ruleParameter.Scopes,
Script = ruleParameter.Script,
Claims = claims,
OpenIdProvider = ruleParameter.OpenIdProvider
});
}
var result = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, updatePolicyParameter.PolicyId),
() => _policyRepository.Update(policy));
_umaServerEventSource.FinishUpdateAuhthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
return(result);
}
