public async Task EvaluateAsync_WhenDefaultSecurityPolicyNotMetReturnFailure() { // Arrange var policyData = new TestUserSecurityPolicyData(policy1Result: true, policy2Result: true, defaultPolicy1Result: true, defaultPolicy2Result: false); var configuration = new AppConfiguration() { EnforceDefaultSecurityPolicies = true }; var service = new TestSecurityPolicyService(policyData, null, null, null, null, configuration); var user = new User("testUser"); var subscription = service.Mocks.Subscription.Object; user.SecurityPolicies = subscription.Policies.ToList(); // Act var result = await service.EvaluateUserPoliciesAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user)); // Assert Assert.Equal(false, result.Success); // The error indicates which subscription failed Assert.Contains(policyData.DefaultSubscription.Object.SubscriptionName, result.ErrorMessage); // Audit record is saved service.MockAuditingService.Verify(s => s.SaveAuditRecordAsync(It.IsAny <AuditRecord>()), Times.Once); // Policies are evaluated only once service.Mocks.MockPolicyHandler1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once); service.Mocks.MockPolicyHandler2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once); }
public async Task EvaluateAsync_EvaluatesOnlyPoliciesRelevantToTheAction() { // Arrange const string extraPolicyName = "ExtraPolicy"; var extraPolicyHandlerMock = new Mock <UserSecurityPolicyHandler>(extraPolicyName, SecurityPolicyAction.ManagePackageOwners); var policyData = new TestUserSecurityPolicyData(); var policyHandlers = new List <UserSecurityPolicyHandler>(policyData.Handlers.Select(x => x.Object)); policyHandlers.Add(extraPolicyHandlerMock.Object); var service = new TestSecurityPolicyService(policyData, policyHandlers); var user = new User("testUser"); var subscription = service.Mocks.Subscription.Object; var userSecurityPolicies = new List <UserSecurityPolicy>(subscription.Policies); userSecurityPolicies.Add(new UserSecurityPolicy(extraPolicyName, "ExtraSubscription")); user.SecurityPolicies = userSecurityPolicies; // Act var result = await service.EvaluateUserPoliciesAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user)); // Assert Assert.True(result.Success); Assert.Null(result.ErrorMessage); service.Mocks.MockPolicyHandler1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once); service.Mocks.MockPolicyHandler2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once); extraPolicyHandlerMock.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Never); }
public TestSecurityPolicyService( TestUserSecurityPolicyData mocks = null, IEnumerable <UserSecurityPolicyHandler> userHandlers = null, IEnumerable <IUserSecurityPolicySubscription> userSubscriptions = null, Mock <IEntitiesContext> mockEntities = null, Mock <IAuditingService> mockAuditing = null) : this(mockEntities, mockAuditing) { Mocks = mocks ?? new TestUserSecurityPolicyData(); UserHandlers = userHandlers ?? Mocks.Handlers.Select(m => m.Object); UserSubscriptions = userSubscriptions ?? new [] { Mocks.Subscription.Object }; }
public async Task EvaluateAsync_ReturnsNonSuccessAfterFirstFailure() { // Arrange var policyData = new TestUserSecurityPolicyData(policy1Result: false, policy2Result: true); var service = new TestSecurityPolicyService(policyData); var user = new User("testUser"); var subscription = service.Mocks.Subscription.Object; user.SecurityPolicies = subscription.Policies.ToList(); // Act var result = await service.EvaluateAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user)); // Assert service.Mocks.VerifyPolicyEvaluation(expectedPolicy1: false, expectedPolicy2: null, actual: result); }
public TestSecurityPolicyService( TestUserSecurityPolicyData mocks = null, IEnumerable <UserSecurityPolicyHandler> userHandlers = null, IEnumerable <IUserSecurityPolicySubscription> userSubscriptions = null, IEnumerable <IUserSecurityPolicySubscription> organizationSubscriptions = null, Mock <IEntitiesContext> mockEntities = null, Mock <IAuditingService> mockAuditing = null, IAppConfiguration configuration = null) : this(mockEntities, mockAuditing, configuration) { Mocks = mocks ?? new TestUserSecurityPolicyData(); UserHandlers = userHandlers ?? Mocks.Handlers.Select(m => m.Object); Subscriptions = userSubscriptions ?? new[] { Mocks.UserPoliciesSubscription.Object }; DefaultSubscription = Mocks.DefaultSubscription.Object; }
public async Task EvaluateAsync_SavesAuditRecordsForSuccessAndFailureCases(bool success, int times) { // Arrange var policyData = new TestUserSecurityPolicyData(policy1Result: success, policy2Result: success); var service = new TestSecurityPolicyService(policyData); var user = new User("testUser"); var subscription = service.Mocks.Subscription.Object; user.SecurityPolicies = subscription.Policies.ToList(); // Act var result = await service.EvaluateAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user)); // Assert Assert.Equal(success, result.Success); service.MockAuditingService.Verify(s => s.SaveAuditRecordAsync(It.IsAny <AuditRecord>()), Times.Exactly(times)); }
public async Task EvaluateAsync_WhenEnforceDefaultSecurityPoliciesIsFalseDefaultPolicyNotEvaluated() { // Arrange var policyData = new TestUserSecurityPolicyData(policy1Result: true, policy2Result: true, defaultPolicy1Result: false, defaultPolicy2Result: false); var service = new TestSecurityPolicyService(policyData); var user = new User("testUser"); var subscription = service.Mocks.Subscription.Object; user.SecurityPolicies = subscription.Policies.ToList(); // Act var result = await service.EvaluateUserPoliciesAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user)); // Assert Assert.True(result.Success); Assert.Null(result.ErrorMessage); service.Mocks.MockPolicyHandler1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once); service.Mocks.MockPolicyHandler2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once); }
public async Task EvaluateAsync_WhenDefaultSecurityPolicyIsMetUserPolicyIsEvaluated(bool userPolicyMet) { // Arrange var policyData = new TestUserSecurityPolicyData(policy1Result: true, policy2Result: userPolicyMet, defaultPolicy1Result: true, defaultPolicy2Result: true); var configuration = new AppConfiguration() { EnforceDefaultSecurityPolicies = true }; var service = new TestSecurityPolicyService(policyData, null, null, null, null, configuration); var user = new User("testUser"); var subscription = service.Mocks.Subscription.Object; user.SecurityPolicies = subscription.Policies.ToList(); // Act var result = await service.EvaluateUserPoliciesAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user)); // Assert Assert.Equal(userPolicyMet, result.Success); // Default policies and user policies are evaluated service.Mocks.MockPolicyHandler1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Exactly(2)); service.Mocks.MockPolicyHandler2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Exactly(2)); }