From 14c82f4f0638a39b5b8a4f086dadd6df22ffbcce Mon Sep 17 00:00:00 2001
From: Leon Hoppe <leon@ladenbau-hoppe.de>
Date: Sun, 24 Nov 2024 17:18:35 +0100
Subject: [PATCH] Implemented security module tests

---
 HopFrame.sln                                  |   7 +
 HopFrame.sln.DotSettings.user                 |  18 ++-
 .../Authentication/HopFrameAuthentication.cs  |   1 -
 .../HopFrame.Database.Tests.csproj            |   1 -
 .../AuthenticationTests.cs                    | 141 ++++++++++++++++++
 .../AuthorizationTests.cs                     |  92 ++++++++++++
 .../HopFrame.Security.Tests.csproj            |  34 +++++
 7 files changed, 290 insertions(+), 4 deletions(-)
 create mode 100644 tests/HopFrame.Security.Tests/AuthenticationTests.cs
 create mode 100644 tests/HopFrame.Security.Tests/AuthorizationTests.cs
 create mode 100644 tests/HopFrame.Security.Tests/HopFrame.Security.Tests.csproj

diff --git a/HopFrame.sln b/HopFrame.sln
index 7a60cf4..94da369 100644
--- a/HopFrame.sln
+++ b/HopFrame.sln
@@ -22,6 +22,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Tests", "Tests", "{1D98E5DE
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HopFrame.Database.Tests", "tests\HopFrame.Database.Tests\HopFrame.Database.Tests.csproj", "{1CAAC943-B8FE-48DD-9712-92699647DE18}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HopFrame.Security.Tests", "tests\HopFrame.Security.Tests\HopFrame.Security.Tests.csproj", "{6747753A-6059-48F1-B779-D73765A373A6}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -60,6 +62,10 @@ Global
 		{1CAAC943-B8FE-48DD-9712-92699647DE18}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{1CAAC943-B8FE-48DD-9712-92699647DE18}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{1CAAC943-B8FE-48DD-9712-92699647DE18}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6747753A-6059-48F1-B779-D73765A373A6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6747753A-6059-48F1-B779-D73765A373A6}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6747753A-6059-48F1-B779-D73765A373A6}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6747753A-6059-48F1-B779-D73765A373A6}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
 		{1E821490-AEDC-4F55-B758-52F4FADAB53A} = {64EDCBED-A84F-4936-8697-78DC43CB2427}
@@ -70,5 +76,6 @@ Global
 		{8F983A37-63CF-48D5-988D-58B78EF8AECD} = {EEA20D27-D471-44AF-A287-C0E068D93182}
 		{921159CE-AF75-44C3-A3F9-6B9B1A4E85CF} = {EEA20D27-D471-44AF-A287-C0E068D93182}
 		{1CAAC943-B8FE-48DD-9712-92699647DE18} = {1D98E5DE-CB8B-4C1C-A319-D49AC137441A}
+		{6747753A-6059-48F1-B779-D73765A373A6} = {1D98E5DE-CB8B-4C1C-A319-D49AC137441A}
 	EndGlobalSection
 EndGlobal
diff --git a/HopFrame.sln.DotSettings.user b/HopFrame.sln.DotSettings.user
index a0c3151..4f1a50c 100644
--- a/HopFrame.sln.DotSettings.user
+++ b/HopFrame.sln.DotSettings.user
@@ -1,4 +1,5 @@
 <wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation">
+	<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AAuthenticationSchemeOptions_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FAppData_003FRoaming_003FJetBrains_003FRider2024_002E2_003Fresharper_002Dhost_003FSourcesCache_003F8525b7a9e58c77f532f1a88d4f2897e3c2baf316b9eb2c391b242a3885fcce6_003FAuthenticationSchemeOptions_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
 	<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AEditContextDataAnnotationsExtensions_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FAppData_003FRoaming_003FJetBrains_003FRider2024_002E2_003Fresharper_002Dhost_003FSourcesCache_003Fbc307cd57fb42fc4c7fb9795381958122734d3750f41b6c1735c7d132ecda70_003FEditContextDataAnnotationsExtensions_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
 	<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AExceptionDispatchInfo_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FAppData_003FRoaming_003FJetBrains_003FRider2024_002E2_003Fresharper_002Dhost_003FSourcesCache_003Fbd1d5c50194fea68ff3559c160230b0ab50f5acf4ce3061bffd6d62958e2182_003FExceptionDispatchInfo_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
 	<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AList_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FAppData_003FRoaming_003FJetBrains_003FRider2024_002E2_003Fresharper_002Dhost_003FSourcesCache_003Fb7208b3f72528d22781d25fde9a55271bdf2b5aade4f03b1324579a25493cd8_003FList_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
@@ -8,9 +9,16 @@
   &lt;Assembly Path="C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.16\ref\net7.0\System.ComponentModel.Annotations.dll" /&gt;&#xD;
   &lt;Assembly Path="C:\Users\Remote\.nuget\packages\blazorstrap\5.2.100.61524\lib\net7.0\BlazorStrap.dll" /&gt;&#xD;
 &lt;/AssemblyExplorer&gt;</s:String>
-	<s:String x:Key="/Default/Environment/UnitTesting/UnitTestSessionStore/Sessions/=420e6947_002Dcf5f_002D4e55_002D94cb_002D22d1ee8dd4ee/@EntryIndexedValue">&lt;SessionState ContinuousTestingMode="0" IsActive="True" Name="UserRepositoryTests" xmlns="urn:schemas-jetbrains-com:jetbrains-ut-session"&gt;&#xD;
+	
+	
+	
+	
+	
+	
+	
+	<s:String x:Key="/Default/Environment/UnitTesting/UnitTestSessionStore/Sessions/=de547b37_002D85df_002D4c95_002Da13a_002D03b9d37ad50b/@EntryIndexedValue">&lt;SessionState ContinuousTestingMode="0" Name="Authentication_With_NoToken_Should_Fail" xmlns="urn:schemas-jetbrains-com:jetbrains-ut-session"&gt;&#xD;
   &lt;TestAncestor&gt;&#xD;
-    &lt;TestId&gt;xUnit::1CAAC943-B8FE-48DD-9712-92699647DE18::net8.0::HopFrame.Database.Tests.Repositories.UserRepositoryTests&lt;/TestId&gt;&#xD;
+    &lt;TestId&gt;xUnit::6747753A-6059-48F1-B779-D73765A373A6::net8.0::HopFrame.Security.Tests.AuthenticationTests.Authentication_With_NoToken_Should_Fail&lt;/TestId&gt;&#xD;
   &lt;/TestAncestor&gt;&#xD;
 &lt;/SessionState&gt;</s:String>
 	
@@ -27,6 +35,12 @@
 	
 	
 	
+	
+	
+	
+	
+	
+	
 	
 	
 	
diff --git a/src/HopFrame.Security/Authentication/HopFrameAuthentication.cs b/src/HopFrame.Security/Authentication/HopFrameAuthentication.cs
index 9c65b14..8709f91 100644
--- a/src/HopFrame.Security/Authentication/HopFrameAuthentication.cs
+++ b/src/HopFrame.Security/Authentication/HopFrameAuthentication.cs
@@ -17,7 +17,6 @@ public class HopFrameAuthentication(
     UrlEncoder encoder,
     ISystemClock clock,
     ITokenRepository tokens,
-    IUserRepository users,
     IPermissionRepository perms)
     : AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder, clock) {
 
diff --git a/tests/HopFrame.Database.Tests/HopFrame.Database.Tests.csproj b/tests/HopFrame.Database.Tests/HopFrame.Database.Tests.csproj
index 4435c88..ce93d67 100644
--- a/tests/HopFrame.Database.Tests/HopFrame.Database.Tests.csproj
+++ b/tests/HopFrame.Database.Tests/HopFrame.Database.Tests.csproj
@@ -11,7 +11,6 @@
 
     <ItemGroup>
         <PackageReference Include="coverlet.collector" Version="6.0.0"/>
-        <PackageReference Include="FakeItEasy" Version="8.3.0" />
         <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="9.0.0" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0"/>
         <PackageReference Include="xunit" Version="2.5.3"/>
diff --git a/tests/HopFrame.Security.Tests/AuthenticationTests.cs b/tests/HopFrame.Security.Tests/AuthenticationTests.cs
new file mode 100644
index 0000000..2594cbb
--- /dev/null
+++ b/tests/HopFrame.Security.Tests/AuthenticationTests.cs
@@ -0,0 +1,141 @@
+using System.Text.Encodings.Web;
+using HopFrame.Database.Models;
+using HopFrame.Database.Repositories;
+using HopFrame.Security.Authentication;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Moq;
+
+namespace HopFrame.Security.Tests;
+
+public class AuthenticationTests {
+
+    private async Task<HopFrameAuthentication> SetupEnvironment(Token correctToken = null, string providedToken = null) {
+        var options = new Mock<IOptionsMonitor<AuthenticationSchemeOptions>>();
+        options
+            .Setup(x => x.Get(It.IsAny<string>()))
+            .Returns(new AuthenticationSchemeOptions());
+
+        var logger = new Mock<ILoggerFactory>();
+        logger
+            .Setup(x => x.CreateLogger(It.IsAny<String>()))
+            .Returns(new Mock<ILogger<HopFrameAuthentication>>().Object);
+
+        var encoder = new Mock<UrlEncoder>();
+        var clock = new Mock<ISystemClock>();
+        var tokens = new Mock<ITokenRepository>();
+        var perms = new Mock<IPermissionRepository>();
+
+        var provideCorrectToken = correctToken is null;
+        correctToken ??= new Token {
+            Content = Guid.NewGuid(),
+            CreatedAt = DateTime.Now,
+            Type = Token.AccessTokenType,
+            Owner = new User {
+                Id = Guid.NewGuid()
+            }
+        };
+
+        tokens
+            .Setup(x => x.GetToken(It.Is<string>(t => t == correctToken.Content.ToString())))
+            .ReturnsAsync(correctToken);
+
+        perms
+            .Setup(x => x.GetFullPermissions(It.IsAny<User>()))
+            .ReturnsAsync(new List<string>());
+
+        var auth = new HopFrameAuthentication(options.Object, logger.Object, encoder.Object, clock.Object, tokens.Object, perms.Object);
+        var context = new DefaultHttpContext();
+        if (provideCorrectToken)
+            context.HttpContext.Request.Headers.Append(HopFrameAuthentication.SchemeName, correctToken.Content.ToString());
+        if (providedToken is not null)
+            context.HttpContext.Request.Headers.Append(HopFrameAuthentication.SchemeName, providedToken);
+        
+        await auth.InitializeAsync(new AuthenticationScheme(HopFrameAuthentication.SchemeName, null, typeof(HopFrameAuthentication)), context);
+        return auth;
+    }
+
+    [Fact]
+    public async Task Authentication_Should_Succeed() {
+        // Arrange
+        var auth = await SetupEnvironment();
+        
+        // Act
+        var result = await auth.AuthenticateAsync();
+        
+        // Assert
+        Assert.True(result.Succeeded);
+    }
+    
+    [Fact]
+    public async Task Authentication_With_NoToken_Should_Fail() {
+        // Arrange
+        var auth = await SetupEnvironment(new Token());
+        
+        // Act
+        var result = await auth.AuthenticateAsync();
+        
+        // Assert
+        Assert.False(result.Succeeded);
+        Assert.NotNull(result.Failure);
+        Assert.Equal("No Access Token provided", result.Failure.Message);
+    }
+    
+    [Fact]
+    public async Task Authentication_With_InvalidToken_Should_Fail() {
+        // Arrange
+        var auth = await SetupEnvironment(null, Guid.NewGuid().ToString());
+        
+        // Act
+        var result = await auth.AuthenticateAsync();
+        
+        // Assert
+        Assert.False(result.Succeeded);
+        Assert.NotNull(result.Failure);
+        Assert.Equal("The provided Access Token does not exist", result.Failure.Message);
+    }
+    
+    [Fact]
+    public async Task Authentication_With_ExpiredToken_Should_Fail() {
+        // Arrange
+        var token = new Token {
+            Content = Guid.NewGuid(),
+            CreatedAt = DateTime.MinValue,
+            Type = Token.AccessTokenType,
+            Owner = new User()
+        };
+        var auth = await SetupEnvironment(token, token.Content.ToString());
+        
+        // Act
+        var result = await auth.AuthenticateAsync();
+        
+        // Assert
+        Assert.False(result.Succeeded);
+        Assert.NotNull(result.Failure);
+        Assert.Equal("The provided Access Token is expired", result.Failure.Message);
+    }
+    
+    [Fact]
+    public async Task Authentication_With_UnownedToken_Should_Fail() {
+        // Arrange
+        var token = new Token {
+            Content = Guid.NewGuid(),
+            CreatedAt = DateTime.Now,
+            Type = Token.AccessTokenType,
+            Owner = null
+        };
+        var auth = await SetupEnvironment(token, token.Content.ToString());
+        
+        // Act
+        var result = await auth.AuthenticateAsync();
+        
+        // Assert
+        Assert.False(result.Succeeded);
+        Assert.NotNull(result.Failure);
+        Assert.Equal("The provided Access Token does not match any user", result.Failure.Message);
+    }
+    
+    
+}
\ No newline at end of file
diff --git a/tests/HopFrame.Security.Tests/AuthorizationTests.cs b/tests/HopFrame.Security.Tests/AuthorizationTests.cs
new file mode 100644
index 0000000..730dfde
--- /dev/null
+++ b/tests/HopFrame.Security.Tests/AuthorizationTests.cs
@@ -0,0 +1,92 @@
+using System.Security.Claims;
+using HopFrame.Security.Authentication;
+using HopFrame.Security.Authorization;
+using HopFrame.Security.Claims;
+using Microsoft.AspNetCore.Routing;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Abstractions;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Moq;
+
+namespace HopFrame.Security.Tests;
+
+public class AuthorizationTests {
+
+    private (AuthorizedFilter, AuthorizationFilterContext) SetupEnvironment(string[] userPermissions, string[] requiredPermissions, bool accessTokenProvided = true) {
+        var filter = new AuthorizedFilter(requiredPermissions);
+        
+        var httpContext = new DefaultHttpContext();
+        var actionContext = new ActionContext { HttpContext = httpContext, RouteData = new RouteData(), ActionDescriptor = new ActionDescriptor() };
+        var context = new Mock<AuthorizationFilterContext>(MockBehavior.Default, actionContext, new List<IFilterMetadata>());
+
+        context
+            .Setup(x => x.Filters)
+            .Returns(new List<IFilterMetadata>());
+
+        context.SetupProperty(c => c.Result);
+
+        var claims = new List<Claim> {
+            new(HopFrameClaimTypes.UserId, Guid.NewGuid().ToString())
+        };
+        if (accessTokenProvided)
+            claims.Add(new (HopFrameClaimTypes.AccessTokenId, Guid.NewGuid().ToString()));
+        claims.AddRange(userPermissions.Select(perm => new Claim(HopFrameClaimTypes.Permission, perm)));
+
+        context.Object.HttpContext.User.AddIdentity(new ClaimsIdentity(claims, HopFrameAuthentication.SchemeName));
+
+        return (filter, context.Object);
+    }
+
+    [Fact]
+    public void OnAuthorization_Should_Succeed() {
+        // Arrange
+        var (filter, context) = SetupEnvironment(["test.permission"], ["test.permission"]);
+        
+        // Act
+        filter.OnAuthorization(context);
+        
+        // Assert
+        Assert.Null(context.Result);
+    }
+
+    [Fact]
+    public void OnAuthorization_With_NoToken_Should_Fail() {
+        // Arrange
+        var (filter, context) = SetupEnvironment([], [], false);
+        
+        // Act
+        filter.OnAuthorization(context);
+        
+        // Assert
+        Assert.NotNull(context.Result);
+        Assert.IsType<UnauthorizedResult>(context.Result);
+    }
+    
+    [Fact]
+    public void OnAuthorization_With_NoPermissions_Should_Fail() {
+        // Arrange
+        var (filter, context) = SetupEnvironment([], ["test.permission"]);
+        
+        // Act
+        filter.OnAuthorization(context);
+        
+        // Assert
+        Assert.NotNull(context.Result);
+        Assert.IsType<UnauthorizedResult>(context.Result);
+    }
+    
+    [Fact]
+    public void OnAuthorization_With_InsufficientPermissions_Should_Fail() {
+        // Arrange
+        var (filter, context) = SetupEnvironment(["permission.other"], ["test.permission"]);
+        
+        // Act
+        filter.OnAuthorization(context);
+        
+        // Assert
+        Assert.NotNull(context.Result);
+        Assert.IsType<UnauthorizedResult>(context.Result);
+    }
+    
+}
\ No newline at end of file
diff --git a/tests/HopFrame.Security.Tests/HopFrame.Security.Tests.csproj b/tests/HopFrame.Security.Tests/HopFrame.Security.Tests.csproj
new file mode 100644
index 0000000..c1feef2
--- /dev/null
+++ b/tests/HopFrame.Security.Tests/HopFrame.Security.Tests.csproj
@@ -0,0 +1,34 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <TargetFramework>net8.0</TargetFramework>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <Nullable>disable</Nullable>
+
+        <IsPackable>false</IsPackable>
+        <IsTestProject>true</IsTestProject>
+    </PropertyGroup>
+
+    <ItemGroup>
+        <PackageReference Include="coverlet.collector" Version="6.0.0"/>
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0"/>
+        <PackageReference Include="Moq" Version="4.20.72" />
+        <PackageReference Include="xunit" Version="2.5.3"/>
+        <PackageReference Include="xunit.runner.visualstudio" Version="2.5.3"/>
+    </ItemGroup>
+
+    <ItemGroup>
+        <Using Include="Xunit"/>
+    </ItemGroup>
+
+    <ItemGroup>
+      <Reference Include="Microsoft.AspNetCore.Authentication">
+        <HintPath>..\..\..\..\..\..\..\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.11\Microsoft.AspNetCore.Authentication.dll</HintPath>
+      </Reference>
+    </ItemGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\..\src\HopFrame.Security\HopFrame.Security.csproj" />
+    </ItemGroup>
+
+</Project>