aaad9c0b23
* Initial stab at how this could look * Authorization PoC wip * Add connection manager * Add DI to its own class * Use enum instead of string * Use groups * Refactor group management into its own service * Update a users groups when it's saved * Add saved events * Wire up deleted notifications * Ensure update date and create date is the same * Cleanup * Minor cleanup * Remove unusued usings * Move route to constant * Add docstrings to server event router * Fix and suppress warnings * Refactor to authorizer pattern * Update EventType * Remove unused enums * Add trashed events * Notify current user that they've been updated * Add broadcast We don't need it, but seems like a thing that a server event router should be able to do. * Add ServerEventRouterTests * Add ServerEventUserManagerTests * Use TimeProvider * Remove principal null check * Don't assign event type * Minor cleanup * Rename AuthorizedEventSources * Change permission for relations * Exctract event authorization into its own service * Add some tests * Update name * Add forgotten file * Rmember to add to DI
105 lines
4.3 KiB
C#
105 lines
4.3 KiB
C#
using System.Security.Claims;
|
|
using NUnit.Framework;
|
|
using Umbraco.Cms.Api.Management.ServerEvents;
|
|
using Umbraco.Cms.Core;
|
|
using Umbraco.Cms.Core.ServerEvents;
|
|
|
|
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Cms.Api.Management.ServerEvents;
|
|
|
|
[TestFixture]
|
|
public class ServerEventAuthorizerTests
|
|
{
|
|
[Test]
|
|
public async Task CanAuthorize()
|
|
{
|
|
var sourceName = "Authorized source";
|
|
var authorizer = new FakeAuthorizer([sourceName]);
|
|
|
|
var sut = new ServerEventAuthorizationService(CreateServeEventAuthorizerCollection(authorizer));
|
|
var result = await sut.AuthorizeAsync(CreateFakeUser());
|
|
|
|
Assert.That(result.AuthorizedEventSources.Count(), Is.EqualTo(1));
|
|
Assert.That(result.UnauthorizedEventSources.Count(), Is.EqualTo(0));
|
|
Assert.That(result.AuthorizedEventSources.First(), Is.EqualTo(sourceName));
|
|
}
|
|
|
|
[Test]
|
|
public async Task CanUnauthorize()
|
|
{
|
|
var sourceName = "unauthorized source";
|
|
var authorizer = new FakeAuthorizer([sourceName], (_, _) => false);
|
|
|
|
var sut = new ServerEventAuthorizationService(CreateServeEventAuthorizerCollection(authorizer));
|
|
var result = await sut.AuthorizeAsync(CreateFakeUser());
|
|
|
|
Assert.That(result.AuthorizedEventSources.Count(), Is.EqualTo(0));
|
|
Assert.That(result.UnauthorizedEventSources.Count(), Is.EqualTo(1));
|
|
Assert.That(result.UnauthorizedEventSources.First(), Is.EqualTo(sourceName));
|
|
}
|
|
|
|
[Test]
|
|
public async Task AnyAuthorizationFailureResultInUnauthorized()
|
|
{
|
|
var sourceName = "Unauthorized source";
|
|
|
|
FakeAuthorizer[] authorizers = [new([sourceName]), new([sourceName], (_, _) => false), new([sourceName])];
|
|
var sut = new ServerEventAuthorizationService(CreateServeEventAuthorizerCollection(authorizers));
|
|
var result = await sut.AuthorizeAsync(CreateFakeUser());
|
|
|
|
Assert.That(result.AuthorizedEventSources.Count(), Is.EqualTo(0));
|
|
Assert.That(result.UnauthorizedEventSources.Count(), Is.EqualTo(1));
|
|
Assert.That(result.UnauthorizedEventSources.First(), Is.EqualTo(sourceName));
|
|
}
|
|
|
|
[Test]
|
|
public async Task CanHandleMultiple()
|
|
{
|
|
string[] authorizedSources = ["first auth", "second auth", "third auth"];
|
|
string[] unauthorizedSources = ["first unauth", "second unauth", "third unauth"];
|
|
|
|
FakeAuthorizer[] authorizers = [
|
|
new(authorizedSources),
|
|
new(unauthorizedSources, (_, _) => false)
|
|
];
|
|
|
|
var sut = new ServerEventAuthorizationService(CreateServeEventAuthorizerCollection(authorizers));
|
|
var result = await sut.AuthorizeAsync(CreateFakeUser());
|
|
|
|
Assert.That(result.AuthorizedEventSources, Is.EquivalentTo(authorizedSources));
|
|
Assert.That(result.UnauthorizedEventSources, Is.EquivalentTo(unauthorizedSources));
|
|
}
|
|
|
|
[Test]
|
|
public async Task CanHandleMultipleAuthorizers()
|
|
{
|
|
string[] authorizedSources = ["first auth", "second auth", "third auth"];
|
|
string[] unauthorizedSources = ["first unauth", "second unauth", "third unauth"];
|
|
|
|
FakeAuthorizer[] authorizers = [
|
|
new([authorizedSources[0]]),
|
|
new([authorizedSources[1]]),
|
|
new([unauthorizedSources[0]], (_, _) => false),
|
|
new([unauthorizedSources[1]], (_, _) => false),
|
|
new([authorizedSources[2], unauthorizedSources[2]], (_, source) => source == authorizedSources[2]),
|
|
new(authorizedSources)
|
|
];
|
|
|
|
var sut = new ServerEventAuthorizationService(CreateServeEventAuthorizerCollection(authorizers));
|
|
var result = await sut.AuthorizeAsync(CreateFakeUser());
|
|
|
|
Assert.That(result.AuthorizedEventSources, Is.EquivalentTo(authorizedSources));
|
|
Assert.That(result.UnauthorizedEventSources, Is.EquivalentTo(unauthorizedSources));
|
|
}
|
|
|
|
private ClaimsPrincipal CreateFakeUser(Guid? key = null) =>
|
|
new(new ClaimsIdentity([
|
|
|
|
// This is the claim that's used to store the ID
|
|
new Claim(Constants.Security.OpenIdDictSubClaimType, key is null ? Guid.NewGuid().ToString() : key.ToString())
|
|
]));
|
|
|
|
private EventSourceAuthorizerCollection CreateServeEventAuthorizerCollection(
|
|
params IEnumerable<IEventSourceAuthorizer> authorizers)
|
|
=> new(() => authorizers);
|
|
}
|