96 lines
3.2 KiB
C#
96 lines
3.2 KiB
C#
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using AutoFixture;
|
|
using Flexitime.Objects;
|
|
using FlexitimeAPI.Helpers;
|
|
using FluentAssertions;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using Moq;
|
|
using Xunit;
|
|
|
|
namespace FlexitimeApi.UnitTests
|
|
{
|
|
public class AuthorizeAttributeTests
|
|
{
|
|
private readonly Fixture _f = new();
|
|
|
|
[Fact]
|
|
public void AuthorizeAttribute_Should_AuthorizeWithNoExplicitPermissions()
|
|
{
|
|
var sut = new AuthorizeAttribute();
|
|
var mockUser = _f.Build<User>()
|
|
.Without(x => x.Permissions)
|
|
.Without(x => x.Groups)
|
|
.Without(x => x.Team)
|
|
.Create();
|
|
var ctx = SetupContext(mockUser);
|
|
sut.OnAuthorization(ctx);
|
|
|
|
ctx.Result.Should().BeNull();
|
|
}
|
|
|
|
[Fact]
|
|
public void AuthorizeAttribute_ShouldNot_AuthorizeWhenUserHasInvalidPermission()
|
|
{
|
|
var mockUser = _f.Build<User>()
|
|
.With(x => x.Permissions,
|
|
_f.Build<Permission>().With(y => y.Tag, "g.x").Without(y => y.Application).CreateMany(1).ToList())
|
|
.Without(x => x.Groups)
|
|
.Without(x => x.Team)
|
|
.Create();
|
|
|
|
var ctx = SetupContext(mockUser);
|
|
|
|
var sut = new AuthorizeAttribute {Permissions = new[] {"u.w"}};
|
|
|
|
sut.OnAuthorization(ctx);
|
|
|
|
ctx.Result.Should().BeOfType<JsonResult>();
|
|
var actual = ctx.Result as JsonResult;
|
|
actual.StatusCode.Should().Be(401);
|
|
}
|
|
|
|
[Fact]
|
|
public void AuthorizeAttribute_Should_AuthorizeWithCorrectExplicitPermission()
|
|
{
|
|
var mockUser = _f.Build<User>()
|
|
.With(x => x.Permissions,
|
|
_f.Build<Permission>().With(y => y.Tag, "g.x").Without(y => y.Application).CreateMany(1).ToList())
|
|
.Without(x => x.Groups)
|
|
.Without(x => x.Team)
|
|
.Create();
|
|
|
|
var ctx = SetupContext(mockUser);
|
|
|
|
var sut = new AuthorizeAttribute {Permissions = new[] {"g.x"}};
|
|
|
|
sut.OnAuthorization(ctx);
|
|
|
|
ctx.Result.Should().BeNull();
|
|
}
|
|
|
|
private AuthorizationFilterContext SetupContext(User mockUser)
|
|
{
|
|
var httpContextMock = new Mock<HttpContext>();
|
|
httpContextMock
|
|
.Setup(a => a.Request.Headers["Authorization"])
|
|
.Returns("mock WRONG apikey");
|
|
|
|
httpContextMock.SetupGet(x => x.Items)
|
|
.Returns(new Dictionary<object, object?> {{"User", mockUser}});
|
|
|
|
ActionContext fakeActionContext =
|
|
new ActionContext(httpContextMock.Object,
|
|
new Microsoft.AspNetCore.Routing.RouteData(),
|
|
new Microsoft.AspNetCore.Mvc.Abstractions.ActionDescriptor());
|
|
|
|
var ret = new AuthorizationFilterContext(fakeActionContext,
|
|
new List<IFilterMetadata>());
|
|
|
|
return ret;
|
|
}
|
|
}
|
|
}
|