V14: Reintroduce umbraco api controller as obsolete (#16263)

* Revert "v14: Remove mentions of UmbracoApiController (#15863)" This reverts commit 30e2dea57a. * Obsolete UmbracoApiController * Added a few more obsoletion messages * Removed some of the reintroduced stuff again * Add obsoletion to FrontEndRoutes controller --------- Co-authored-by: kjac <kja@umbraco.dk>
2024-05-13 08:28:42 +02:00
parent b4b512dd53
commit 87c7347900
17 changed files with 581 additions and 9 deletions
--- a/tests/Umbraco.Tests.Integration/Umbraco.Web.Website/Security/MemberAuthorizeTests.cs
+++ b/tests/Umbraco.Tests.Integration/Umbraco.Web.Website/Security/MemberAuthorizeTests.cs
@@ -67,6 +67,36 @@ namespace Umbraco.Cms.Tests.Integration.Umbraco.Web.Website.Security
            Assert.AreEqual(HttpStatusCode.Redirect, response.StatusCode);
            Assert.AreEqual(cookieAuthenticationOptions.Value.AccessDeniedPath.ToString(), response.Headers.Location?.AbsolutePath);
        }
+
+        [Test]
+        [LongRunning]
+        public async Task Secure_ApiController_Should_Return_Unauthorized_WhenNotLoggedIn()
+        {
+            _memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(false);
+            var url = PrepareApiControllerUrl<TestApiController>(x => x.Secure());
+
+            var response = await Client.GetAsync(url);
+
+            Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode);
+        }
+
+        [Test]
+        [LongRunning]
+        public async Task Secure_ApiController_Should_Return_Forbidden_WhenNotAuthorized()
+        {
+            _memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(true);
+            _memberManagerMock.Setup(x => x.IsMemberAuthorizedAsync(
+                     It.IsAny<IEnumerable<string>>(),
+                     It.IsAny<IEnumerable<string>>(),
+                     It.IsAny<IEnumerable<int>>()))
+                .ReturnsAsync(false);
+
+            var url = PrepareApiControllerUrl<TestApiController>(x => x.Secure());
+
+            var response = await Client.GetAsync(url);
+
+            Assert.AreEqual(HttpStatusCode.Forbidden, response.StatusCode);
+        }
    }

    public class TestSurfaceController : SurfaceController
@@ -91,4 +121,10 @@ namespace Umbraco.Cms.Tests.Integration.Umbraco.Web.Website.Security
        [UmbracoMemberAuthorize]
        public IActionResult Secure() => NoContent();
    }
+
+    public class TestApiController : UmbracoApiController
+    {
+        [UmbracoMemberAuthorize]
+        public IActionResult Secure() => NoContent();
+    }
 }