public async Task EvaluateAsync_WhenDefaultSecurityPolicyNotMetReturnFailure()
        {
            // Arrange
            var policyData    = new TestUserSecurityPolicyData(policy1Result: true, policy2Result: true, defaultPolicy1Result: true, defaultPolicy2Result: false);
            var configuration = new AppConfiguration()
            {
                EnforceDefaultSecurityPolicies = true
            };
            var service      = new TestSecurityPolicyService(policyData, null, null, null, null, configuration);
            var user         = new User("testUser");
            var subscription = service.Mocks.Subscription.Object;

            user.SecurityPolicies = subscription.Policies.ToList();

            // Act
            var result = await service.EvaluateUserPoliciesAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user));

            // Assert
            Assert.Equal(false, result.Success);

            // The error indicates which subscription failed
            Assert.Contains(policyData.DefaultSubscription.Object.SubscriptionName, result.ErrorMessage);

            // Audit record is saved
            service.MockAuditingService.Verify(s => s.SaveAuditRecordAsync(It.IsAny <AuditRecord>()), Times.Once);

            // Policies are evaluated only once
            service.Mocks.MockPolicyHandler1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once);
            service.Mocks.MockPolicyHandler2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once);
        }
        public async Task EvaluateAsync_EvaluatesOnlyPoliciesRelevantToTheAction()
        {
            // Arrange
            const string extraPolicyName        = "ExtraPolicy";
            var          extraPolicyHandlerMock = new Mock <UserSecurityPolicyHandler>(extraPolicyName, SecurityPolicyAction.ManagePackageOwners);

            var policyData     = new TestUserSecurityPolicyData();
            var policyHandlers = new List <UserSecurityPolicyHandler>(policyData.Handlers.Select(x => x.Object));

            policyHandlers.Add(extraPolicyHandlerMock.Object);

            var service      = new TestSecurityPolicyService(policyData, policyHandlers);
            var user         = new User("testUser");
            var subscription = service.Mocks.Subscription.Object;

            var userSecurityPolicies = new List <UserSecurityPolicy>(subscription.Policies);

            userSecurityPolicies.Add(new UserSecurityPolicy(extraPolicyName, "ExtraSubscription"));
            user.SecurityPolicies = userSecurityPolicies;

            // Act
            var result = await service.EvaluateUserPoliciesAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user));

            // Assert
            Assert.True(result.Success);
            Assert.Null(result.ErrorMessage);

            service.Mocks.MockPolicyHandler1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once);
            service.Mocks.MockPolicyHandler2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once);
            extraPolicyHandlerMock.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Never);
        }
        public TestSecurityPolicyService(
            TestUserSecurityPolicyData mocks = null,
            IEnumerable <UserSecurityPolicyHandler> userHandlers            = null,
            IEnumerable <IUserSecurityPolicySubscription> userSubscriptions = null,
            Mock <IEntitiesContext> mockEntities = null,
            Mock <IAuditingService> mockAuditing = null)
            : this(mockEntities, mockAuditing)
        {
            Mocks = mocks ?? new TestUserSecurityPolicyData();

            UserHandlers      = userHandlers ?? Mocks.Handlers.Select(m => m.Object);
            UserSubscriptions = userSubscriptions ?? new [] { Mocks.Subscription.Object };
        }
示例#4
0
        public async Task EvaluateAsync_ReturnsNonSuccessAfterFirstFailure()
        {
            // Arrange
            var policyData   = new TestUserSecurityPolicyData(policy1Result: false, policy2Result: true);
            var service      = new TestSecurityPolicyService(policyData);
            var user         = new User("testUser");
            var subscription = service.Mocks.Subscription.Object;

            user.SecurityPolicies = subscription.Policies.ToList();

            // Act
            var result = await service.EvaluateAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user));

            // Assert
            service.Mocks.VerifyPolicyEvaluation(expectedPolicy1: false, expectedPolicy2: null, actual: result);
        }
示例#5
0
        public TestSecurityPolicyService(
            TestUserSecurityPolicyData mocks = null,
            IEnumerable <UserSecurityPolicyHandler> userHandlers                    = null,
            IEnumerable <IUserSecurityPolicySubscription> userSubscriptions         = null,
            IEnumerable <IUserSecurityPolicySubscription> organizationSubscriptions = null,
            Mock <IEntitiesContext> mockEntities = null,
            Mock <IAuditingService> mockAuditing = null,
            IAppConfiguration configuration      = null)
            : this(mockEntities, mockAuditing, configuration)
        {
            Mocks = mocks ?? new TestUserSecurityPolicyData();

            UserHandlers        = userHandlers ?? Mocks.Handlers.Select(m => m.Object);
            Subscriptions       = userSubscriptions ?? new[] { Mocks.UserPoliciesSubscription.Object };
            DefaultSubscription = Mocks.DefaultSubscription.Object;
        }
示例#6
0
        public async Task EvaluateAsync_SavesAuditRecordsForSuccessAndFailureCases(bool success, int times)
        {
            // Arrange
            var policyData   = new TestUserSecurityPolicyData(policy1Result: success, policy2Result: success);
            var service      = new TestSecurityPolicyService(policyData);
            var user         = new User("testUser");
            var subscription = service.Mocks.Subscription.Object;

            user.SecurityPolicies = subscription.Policies.ToList();

            // Act
            var result = await service.EvaluateAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user));

            // Assert
            Assert.Equal(success, result.Success);
            service.MockAuditingService.Verify(s => s.SaveAuditRecordAsync(It.IsAny <AuditRecord>()), Times.Exactly(times));
        }
        public async Task EvaluateAsync_WhenEnforceDefaultSecurityPoliciesIsFalseDefaultPolicyNotEvaluated()
        {
            // Arrange
            var policyData   = new TestUserSecurityPolicyData(policy1Result: true, policy2Result: true, defaultPolicy1Result: false, defaultPolicy2Result: false);
            var service      = new TestSecurityPolicyService(policyData);
            var user         = new User("testUser");
            var subscription = service.Mocks.Subscription.Object;

            user.SecurityPolicies = subscription.Policies.ToList();

            // Act
            var result = await service.EvaluateUserPoliciesAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user));

            // Assert
            Assert.True(result.Success);
            Assert.Null(result.ErrorMessage);

            service.Mocks.MockPolicyHandler1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once);
            service.Mocks.MockPolicyHandler2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Once);
        }
        public async Task EvaluateAsync_WhenDefaultSecurityPolicyIsMetUserPolicyIsEvaluated(bool userPolicyMet)
        {
            // Arrange
            var policyData    = new TestUserSecurityPolicyData(policy1Result: true, policy2Result: userPolicyMet, defaultPolicy1Result: true, defaultPolicy2Result: true);
            var configuration = new AppConfiguration()
            {
                EnforceDefaultSecurityPolicies = true
            };
            var service      = new TestSecurityPolicyService(policyData, null, null, null, null, configuration);
            var user         = new User("testUser");
            var subscription = service.Mocks.Subscription.Object;

            user.SecurityPolicies = subscription.Policies.ToList();

            // Act
            var result = await service.EvaluateUserPoliciesAsync(SecurityPolicyAction.PackagePush, CreateHttpContext(user));

            // Assert
            Assert.Equal(userPolicyMet, result.Success);

            // Default policies and user policies are evaluated
            service.Mocks.MockPolicyHandler1.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Exactly(2));
            service.Mocks.MockPolicyHandler2.Verify(p => p.Evaluate(It.IsAny <UserSecurityPolicyEvaluationContext>()), Times.Exactly(2));
        }