595ee242aa
* Move magical route to management api * Move auth around * Remove "New" cookies, as they are no longer needed * Move all installer related * Remove BackOfficeServerVariables.cs and trees * Move webhooks to management api * Remove remainting controllers * Remove last services * Move preview to management api * Remove mroe extensions * Remove tours * Remove old Auth handlers * Remove server variables entirely * Remove old backoffice controller * Remove controllers namespace entirely * Move rest of preview * move last services * Move language file extension * Remove old backoffice entirely (Backoffice and Web.UI projects) * Clean up unused security classes * Fix up installer route * Remove obsolete tests * Fix up DI in integration test * Add missing property mapping * Move core mapping into core * Add composers to integration test * remove identity * Fix up DI * Outcomment failing test :) * Fix up remaining test * Update mapper * Remove the actual project files * Remove backoffice cs proj * Remove old backoffice from yml * Run belissima before login * Remove caching * Refactor file paths * Remove belle from static assets * Dont refer to old project in templates * update gitignore * Add missing files * Remove install view as its no longer used * Fix up failing test * Remove outcommented code * Update submodule to latest * fix build --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk>
132 lines
5.1 KiB
C#
132 lines
5.1 KiB
C#
using System.Net;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.Extensions.Options;
|
|
using Moq;
|
|
using NUnit.Framework;
|
|
using Umbraco.Cms.Core.Cache;
|
|
using Umbraco.Cms.Core.Logging;
|
|
using Umbraco.Cms.Core.Routing;
|
|
using Umbraco.Cms.Core.Security;
|
|
using Umbraco.Cms.Core.Services;
|
|
using Umbraco.Cms.Core.Web;
|
|
using Umbraco.Cms.Infrastructure.Persistence;
|
|
using Umbraco.Cms.Tests.Common.Attributes;
|
|
using Umbraco.Cms.Tests.Integration.TestServerTest;
|
|
using Umbraco.Cms.Web.Common.Controllers;
|
|
using Umbraco.Cms.Web.Common.Filters;
|
|
using Umbraco.Cms.Web.Common.Security;
|
|
using Umbraco.Cms.Web.Website.Controllers;
|
|
|
|
namespace Umbraco.Cms.Tests.Integration.Umbraco.Web.Website.Security
|
|
{
|
|
public class MemberAuthorizeTests : UmbracoTestServerTestBase
|
|
{
|
|
private Mock<IMemberManager> _memberManagerMock = new();
|
|
|
|
protected override void ConfigureTestServices(IServiceCollection services)
|
|
{
|
|
_memberManagerMock = new Mock<IMemberManager>();
|
|
services.Remove(new ServiceDescriptor(typeof(IMemberManager), typeof(MemberManager), ServiceLifetime.Scoped));
|
|
services.Remove(new ServiceDescriptor(typeof(MemberManager), ServiceLifetime.Scoped));
|
|
services.AddScoped(_ => _memberManagerMock.Object);
|
|
}
|
|
|
|
[Test]
|
|
[LongRunning]
|
|
public async Task Secure_SurfaceController_Should_Return_Redirect_WhenNotLoggedIn()
|
|
{
|
|
_memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(false);
|
|
|
|
var url = PrepareSurfaceControllerUrl<TestSurfaceController>(x => x.Secure());
|
|
|
|
var response = await Client.GetAsync(url);
|
|
|
|
var cookieAuthenticationOptions = Services.GetService<IOptions<CookieAuthenticationOptions>>();
|
|
Assert.AreEqual(HttpStatusCode.Redirect, response.StatusCode);
|
|
Assert.AreEqual(cookieAuthenticationOptions.Value.AccessDeniedPath.ToString(), response.Headers.Location?.AbsolutePath);
|
|
}
|
|
|
|
[Test]
|
|
[LongRunning]
|
|
public async Task Secure_SurfaceController_Should_Return_Redirect_WhenNotAuthorized()
|
|
{
|
|
_memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(true);
|
|
_memberManagerMock.Setup(x => x.IsMemberAuthorizedAsync(
|
|
It.IsAny<IEnumerable<string>>(),
|
|
It.IsAny<IEnumerable<string>>(),
|
|
It.IsAny<IEnumerable<int>>()))
|
|
.ReturnsAsync(false);
|
|
|
|
var url = PrepareSurfaceControllerUrl<TestSurfaceController>(x => x.Secure());
|
|
|
|
var response = await Client.GetAsync(url);
|
|
|
|
var cookieAuthenticationOptions = Services.GetService<IOptions<CookieAuthenticationOptions>>();
|
|
Assert.AreEqual(HttpStatusCode.Redirect, response.StatusCode);
|
|
Assert.AreEqual(cookieAuthenticationOptions.Value.AccessDeniedPath.ToString(), response.Headers.Location?.AbsolutePath);
|
|
}
|
|
|
|
// FIXME: Uncomment these tests when policies are renamed back to the original names without "New"
|
|
// [Test]
|
|
// [LongRunning]
|
|
// public async Task Secure_ApiController_Should_Return_Unauthorized_WhenNotLoggedIn()
|
|
// {
|
|
// _memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(false);
|
|
// var url = PrepareApiControllerUrl<TestApiController>(x => x.Secure());
|
|
//
|
|
// var response = await Client.GetAsync(url);
|
|
//
|
|
// Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
// }
|
|
|
|
// [Test]
|
|
// [LongRunning]
|
|
// public async Task Secure_ApiController_Should_Return_Forbidden_WhenNotAuthorized()
|
|
// {
|
|
// _memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(true);
|
|
// _memberManagerMock.Setup(x => x.IsMemberAuthorizedAsync(
|
|
// It.IsAny<IEnumerable<string>>(),
|
|
// It.IsAny<IEnumerable<string>>(),
|
|
// It.IsAny<IEnumerable<int>>()))
|
|
// .ReturnsAsync(false);
|
|
//
|
|
// var url = PrepareApiControllerUrl<TestApiController>(x => x.Secure());
|
|
//
|
|
// var response = await Client.GetAsync(url);
|
|
//
|
|
// Assert.AreEqual(HttpStatusCode.Forbidden, response.StatusCode);
|
|
// }
|
|
}
|
|
|
|
public class TestSurfaceController : SurfaceController
|
|
{
|
|
public TestSurfaceController(
|
|
IUmbracoContextAccessor umbracoContextAccessor,
|
|
IUmbracoDatabaseFactory databaseFactory,
|
|
ServiceContext services,
|
|
AppCaches appCaches,
|
|
IProfilingLogger profilingLogger,
|
|
IPublishedUrlProvider publishedUrlProvider)
|
|
: base(
|
|
umbracoContextAccessor,
|
|
databaseFactory,
|
|
services,
|
|
appCaches,
|
|
profilingLogger,
|
|
publishedUrlProvider)
|
|
{
|
|
}
|
|
|
|
[UmbracoMemberAuthorize]
|
|
public IActionResult Secure() => NoContent();
|
|
}
|
|
|
|
public class TestApiController : UmbracoApiController
|
|
{
|
|
[UmbracoMemberAuthorize]
|
|
public IActionResult Secure() => NoContent();
|
|
}
|
|
}
|