92 lines
3.0 KiB
C#
92 lines
3.0 KiB
C#
using System.Security.Claims;
|
|
using HopFrame.Security.Authentication;
|
|
using HopFrame.Security.Authorization;
|
|
using HopFrame.Security.Claims;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.Abstractions;
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using Microsoft.AspNetCore.Routing;
|
|
using Moq;
|
|
|
|
namespace HopFrame.Tests.Security;
|
|
|
|
public class AuthorizationTests {
|
|
|
|
private (AuthorizedFilter, AuthorizationFilterContext) SetupEnvironment(string[] userPermissions, string[] requiredPermissions, bool accessTokenProvided = true) {
|
|
var filter = new AuthorizedFilter(requiredPermissions);
|
|
|
|
var httpContext = new DefaultHttpContext();
|
|
var actionContext = new ActionContext { HttpContext = httpContext, RouteData = new RouteData(), ActionDescriptor = new ActionDescriptor() };
|
|
var context = new Mock<AuthorizationFilterContext>(MockBehavior.Default, actionContext, new List<IFilterMetadata>());
|
|
|
|
context
|
|
.Setup(x => x.Filters)
|
|
.Returns(new List<IFilterMetadata>());
|
|
|
|
context.SetupProperty(c => c.Result);
|
|
|
|
var claims = new List<Claim> {
|
|
new(HopFrameClaimTypes.UserId, Guid.NewGuid().ToString())
|
|
};
|
|
if (accessTokenProvided)
|
|
claims.Add(new (HopFrameClaimTypes.AccessTokenId, Guid.NewGuid().ToString()));
|
|
claims.AddRange(userPermissions.Select(perm => new Claim(HopFrameClaimTypes.Permission, perm)));
|
|
|
|
context.Object.HttpContext.User.AddIdentity(new ClaimsIdentity(claims, HopFrameAuthentication.SchemeName));
|
|
|
|
return (filter, context.Object);
|
|
}
|
|
|
|
[Fact]
|
|
public void OnAuthorization_Should_Succeed() {
|
|
// Arrange
|
|
var (filter, context) = SetupEnvironment(["test.permission"], ["test.permission"]);
|
|
|
|
// Act
|
|
filter.OnAuthorization(context);
|
|
|
|
// Assert
|
|
Assert.Null(context.Result);
|
|
}
|
|
|
|
[Fact]
|
|
public void OnAuthorization_With_NoToken_Should_Fail() {
|
|
// Arrange
|
|
var (filter, context) = SetupEnvironment([], [], false);
|
|
|
|
// Act
|
|
filter.OnAuthorization(context);
|
|
|
|
// Assert
|
|
Assert.NotNull(context.Result);
|
|
Assert.IsType<UnauthorizedResult>(context.Result);
|
|
}
|
|
|
|
[Fact]
|
|
public void OnAuthorization_With_NoPermissions_Should_Fail() {
|
|
// Arrange
|
|
var (filter, context) = SetupEnvironment([], ["test.permission"]);
|
|
|
|
// Act
|
|
filter.OnAuthorization(context);
|
|
|
|
// Assert
|
|
Assert.NotNull(context.Result);
|
|
Assert.IsType<UnauthorizedResult>(context.Result);
|
|
}
|
|
|
|
[Fact]
|
|
public void OnAuthorization_With_InsufficientPermissions_Should_Fail() {
|
|
// Arrange
|
|
var (filter, context) = SetupEnvironment(["permission.other"], ["test.permission"]);
|
|
|
|
// Act
|
|
filter.OnAuthorization(context);
|
|
|
|
// Assert
|
|
Assert.NotNull(context.Result);
|
|
Assert.IsType<UnauthorizedResult>(context.Result);
|
|
}
|
|
|
|
} |