using Xunit; using Shouldly; using Ocelot.Authorisation; using Ocelot.Infrastructure.Claims.Parser; using Moq; using System.Collections.Generic; using System.Security.Claims; using Ocelot.Responses; using TestStack.BDDfy; using Ocelot.Errors; namespace Ocelot.UnitTests.Infrastructure { public class ScopesAuthoriserTests { private ScopesAuthoriser _authoriser; public Mock _parser; private ClaimsPrincipal _principal; private List _allowedScopes; private Response _result; public ScopesAuthoriserTests() { _parser = new Mock(); _authoriser = new ScopesAuthoriser(_parser.Object); } [Fact] public void should_return_ok_if_no_allowed_scopes() { this.Given(_ => GivenTheFollowing(new ClaimsPrincipal())) .And(_ => GivenTheFollowing(new List())) .When(_ => WhenIAuthorise()) .Then(_ => ThenTheFollowingIsReturned(new OkResponse(true))) .BDDfy(); } [Fact] public void should_return_ok_if_null_allowed_scopes() { this.Given(_ => GivenTheFollowing(new ClaimsPrincipal())) .And(_ => GivenTheFollowing((List)null)) .When(_ => WhenIAuthorise()) .Then(_ => ThenTheFollowingIsReturned(new OkResponse(true))) .BDDfy(); } [Fact] public void should_return_error_if_claims_parser_returns_error() { var fakeError = new FakeError(); this.Given(_ => GivenTheFollowing(new ClaimsPrincipal())) .And(_ => GivenTheParserReturns(new ErrorResponse>(fakeError))) .And(_ => GivenTheFollowing(new List(){"doesntmatter"})) .When(_ => WhenIAuthorise()) .Then(_ => ThenTheFollowingIsReturned(new ErrorResponse(fakeError))) .BDDfy(); } [Fact] public void should_match_scopes_and_return_ok_result() { var claimsPrincipal = new ClaimsPrincipal(); var allowedScopes = new List(){"someScope"}; this.Given(_ => GivenTheFollowing(claimsPrincipal)) .And(_ => GivenTheParserReturns(new OkResponse>(allowedScopes))) .And(_ => GivenTheFollowing(allowedScopes)) .When(_ => WhenIAuthorise()) .Then(_ => ThenTheFollowingIsReturned(new OkResponse(true))) .BDDfy(); } [Fact] public void should_not_match_scopes_and_return_error_result() { var fakeError = new FakeError(); var claimsPrincipal = new ClaimsPrincipal(); var allowedScopes = new List(){"someScope"}; var userScopes = new List(){"anotherScope"}; this.Given(_ => GivenTheFollowing(claimsPrincipal)) .And(_ => GivenTheParserReturns(new OkResponse>(userScopes))) .And(_ => GivenTheFollowing(allowedScopes)) .When(_ => WhenIAuthorise()) .Then(_ => ThenTheFollowingIsReturned(new ErrorResponse(fakeError))) .BDDfy(); } private void GivenTheParserReturns(Response> response) { _parser.Setup(x => x.GetValuesByClaimType(It.IsAny>(), It.IsAny())).Returns(response); } private void GivenTheFollowing(ClaimsPrincipal principal) { _principal = principal; } private void GivenTheFollowing(List allowedScopes) { _allowedScopes = allowedScopes; } private void WhenIAuthorise() { _result = _authoriser.Authorise(_principal, _allowedScopes); } private void ThenTheFollowingIsReturned(Response expected) { _result.Data.ShouldBe(expected.Data); _result.IsError.ShouldBe(expected.IsError); } } public class FakeError : Error { public FakeError() : base("fake error", OcelotErrorCode.CannotAddDataError) { } } }