yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
614aee2fec06f484c021a89c4e3e2da9939dd4f6
Umbraco-CMS/tests/Umbraco.Tests.Integration/Umbraco.Web.Website/Security/MemberAuthorizeTests.cs
Maarten 1d239a30ca Fix broken CookieAuthenticationRedirect caused by PR #14036 for non-api requests (#14399) 
* Fix broken CookieAuthenticationRedirect caused by PR #14036 when not in an API controller

* Added Integration Tests for the MemberAuthorizationFilter

* Fix merge conflict

---------

Co-authored-by: Elitsa <elm@umbraco.dk>
2023-07-04 10:37:13 +03:00

127 lines
4.8 KiB
C#
Raw Blame History

using System.Net;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using Moq;
using NUnit.Framework;
using Umbraco.Cms.Core.Cache;
using Umbraco.Cms.Core.Logging;
using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Web;
using Umbraco.Cms.Infrastructure.Persistence;
using Umbraco.Cms.Tests.Integration.TestServerTest;
using Umbraco.Cms.Web.Common.Controllers;
using Umbraco.Cms.Web.Common.Filters;
using Umbraco.Cms.Web.Common.Security;
using Umbraco.Cms.Web.Website.Controllers;
namespace Umbraco.Cms.Tests.Integration.Umbraco.Web.Website.Security
{
public class MemberAuthorizeTests : UmbracoTestServerTestBase
{
private Mock<IMemberManager> _memberManagerMock = new();
protected override void ConfigureTestServices(IServiceCollection services)
{
_memberManagerMock = new Mock<IMemberManager>();
services.Remove(new ServiceDescriptor(typeof(IMemberManager), typeof(MemberManager), ServiceLifetime.Scoped));
services.Remove(new ServiceDescriptor(typeof(MemberManager), ServiceLifetime.Scoped));
services.AddScoped(_ => _memberManagerMock.Object);
}
[Test]
public async Task Secure_SurfaceController_Should_Return_Redirect_WhenNotLoggedIn()
{
_memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(false);
var url = PrepareSurfaceControllerUrl<TestSurfaceController>(x => x.Secure());
var response = await Client.GetAsync(url);
var cookieAuthenticationOptions = Services.GetService<IOptions<CookieAuthenticationOptions>>();
Assert.AreEqual(HttpStatusCode.Redirect, response.StatusCode);
Assert.AreEqual(cookieAuthenticationOptions.Value.AccessDeniedPath.ToString(), response.Headers.Location?.AbsolutePath);
}
[Test]
public async Task Secure_SurfaceController_Should_Return_Redirect_WhenNotAuthorized()
{
_memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(true);
_memberManagerMock.Setup(x => x.IsMemberAuthorizedAsync(
It.IsAny<IEnumerable<string>>(),
It.IsAny<IEnumerable<string>>(),
It.IsAny<IEnumerable<int>>()))
.ReturnsAsync(false);
var url = PrepareSurfaceControllerUrl<TestSurfaceController>(x => x.Secure());
var response = await Client.GetAsync(url);
var cookieAuthenticationOptions = Services.GetService<IOptions<CookieAuthenticationOptions>>();
Assert.AreEqual(HttpStatusCode.Redirect, response.StatusCode);
Assert.AreEqual(cookieAuthenticationOptions.Value.AccessDeniedPath.ToString(), response.Headers.Location?.AbsolutePath);
}
[Test]
public async Task Secure_ApiController_Should_Return_Unauthorized_WhenNotLoggedIn()
{
_memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(false);
var url = PrepareApiControllerUrl<TestApiController>(x => x.Secure());
var response = await Client.GetAsync(url);
Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode);
}
[Test]
public async Task Secure_ApiController_Should_Return_Forbidden_WhenNotAuthorized()
{
_memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(true);
_memberManagerMock.Setup(x => x.IsMemberAuthorizedAsync(
It.IsAny<IEnumerable<string>>(),
It.IsAny<IEnumerable<string>>(),
It.IsAny<IEnumerable<int>>()))
.ReturnsAsync(false);
var url = PrepareApiControllerUrl<TestApiController>(x => x.Secure());
var response = await Client.GetAsync(url);
Assert.AreEqual(HttpStatusCode.Forbidden, response.StatusCode);
}
}
public class TestSurfaceController : SurfaceController
{
public TestSurfaceController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider)
: base(
umbracoContextAccessor,
databaseFactory,
services,
appCaches,
profilingLogger,
publishedUrlProvider)
{
}
[UmbracoMemberAuthorize]
public IActionResult Secure() => NoContent();
}
public class TestApiController : UmbracoApiController
{
[UmbracoMemberAuthorize]
public IActionResult Secure() => NoContent();
}
}
Reference in New Issue View Git Blame Copy Permalink