Add dynamic authorization test class.

Author: mo-esmp

src/DynamicAuthorization.Mvc.Core/Filters/DynamicAuthorizationFilter.cs

@@ -98,7 +98,7 @@ private static bool IsProtectedAction(AuthorizationFilterContext context)
 
 #else
 
-        private bool IsProtectedAction(AuthorizationFilterContext context)
+        private static bool IsProtectedAction(AuthorizationFilterContext context)
         {
             if (context.Filters.Any(item => item is IAllowAnonymousFilter))
                 return false;
@@ -123,12 +123,12 @@ private bool IsProtectedAction(AuthorizationFilterContext context)
 
 #endif
 
-        private bool IsUserAuthenticated(AuthorizationFilterContext context)
+        private static bool IsUserAuthenticated(AuthorizationFilterContext context)
         {
             return context.HttpContext.User.Identity.IsAuthenticated;
         }
 
-        private string GetActionId(AuthorizationFilterContext context)
+        private static string GetActionId(AuthorizationFilterContext context)
         {
             var controllerActionDescriptor = (ControllerActionDescriptor)context.ActionDescriptor;
             var area = controllerActionDescriptor.ControllerTypeInfo.GetCustomAttribute<AreaAttribute>()?.RouteValue;

test/DynamicRoleBasedAuthorization.Tests/Controllers/UserController.cs

@@ -0,0 +1,35 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using System.Threading.Tasks;
+
+namespace DynamicRoleBasedAuthorization.Tests.Controllers
+{
+    public class UserController : Controller
+    {
+        private readonly SignInManager<IdentityUser> _signInManager;
+        private readonly UserManager<IdentityUser> _userManager;
+
+        public UserController(SignInManager<IdentityUser> signInManager, UserManager<IdentityUser> userManager)
+        {
+            _signInManager = signInManager;
+            _userManager = userManager;
+        }
+
+        [HttpPost]
+        public async Task<IActionResult> Login(string userName, string password)
+        {
+            if (userName == null || password == null)
+                return BadRequest();
+
+            var user = await _userManager.FindByNameAsync(userName);
+            if (user == null)
+                return BadRequest();
+
+            var result = await _signInManager.PasswordSignInAsync(user, password, false, false);
+            if (result.Succeeded)
+                return Ok();
+
+            return BadRequest();
+        }
+    }
+}

test/DynamicRoleBasedAuthorization.Tests/DynamicAuthorizationFilterTests.cs

@@ -0,0 +1,66 @@
+using DynamicRoleBasedAuthorization.Tests.TestSetup;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.TestHost;
+using System.Net;
+using System.Net.Http;
+using System.Text;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace DynamicRoleBasedAuthorization.Tests
+{
+    public class DynamicAuthorizationTests
+    {
+        private readonly HttpClient _httpClient;
+
+        public DynamicAuthorizationTests()
+        {
+            var builder = new WebHostBuilder().UseStartup<Startup>();
+            var testServer = new TestServer(builder);
+            _httpClient = testServer.CreateClient();
+        }
+
+        [Fact]
+        public async Task Default_Admin_User_Can_Access_Any_Authorized_Url()
+        {
+            // Arrange
+            await Login(InitialData.SuperUser.UserName, InitialData.DefaultPassword);
+
+            // Act
+            var response = await _httpClient.GetAsync("/authorized/action1");
+            var response2 = await _httpClient.GetAsync("/actionAuthorized/AuthorizedAction");
+
+            // Assert
+            response.EnsureSuccessStatusCode();
+            response2.EnsureSuccessStatusCode();
+        }
+
+        [Fact]
+        public async Task User_Without_Role_Can_Not_Access_Authorized_Url()
+        {
+            // Arrange
+            await Login(InitialData.AdminUser.UserName, InitialData.DefaultPassword);
+
+            // Act
+            var response = await _httpClient.GetAsync("/authorized/action1");
+
+            // Assert
+
+            Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
+        }
+
+        public async Task Login(string userName, string password)
+        {
+            var content = new MultipartFormDataContent
+            {
+                { new StringContent(userName, Encoding.UTF8),  "userName"},
+                { new StringContent(password, Encoding.UTF8),"password"}
+            };
+
+            var response = await _httpClient.PostAsync("/user/login", content);
+            response.EnsureSuccessStatusCode();
+            var cookie = response.Headers.GetValues("Set-Cookie");
+            _httpClient.DefaultRequestHeaders.Add("cookie", cookie);
+        }
+    }
+}

test/DynamicRoleBasedAuthorization.Tests/DynamicAuthorizationTests.cs

@@ -1,10 +1,14 @@
-using DynamicRoleBasedAuthorization.Tests.TestSetup;
+using DynamicAuthorization.Mvc.Core.Extensions;
+using DynamicAuthorization.Mvc.JsonStore.Extensions;
+using DynamicRoleBasedAuthorization.Tests.TestSetup;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using System.Threading.Tasks;
 
 namespace DynamicRoleBasedAuthorization.Tests
 {
@@ -20,13 +24,30 @@ public Startup(IConfiguration configuration)
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddControllersWithViews();
+
             services.AddDbContext<ApplicationDbContext>(options => options.UseInMemoryDatabase("InMemoryDbForTesting"));
 
             services.AddIdentity<IdentityUser, IdentityRole>(options => options.SignIn.RequireConfirmedAccount = false)
                 .AddEntityFrameworkStores<ApplicationDbContext>()
                 .AddDefaultTokenProviders();
 
-            services.AddControllersWithViews();
+            services.ConfigureApplicationCookie(options =>
+            {
+                options.Events.OnRedirectToLogin = context =>
+                {
+                    context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                    return Task.CompletedTask;
+                };
+                options.Events.OnRedirectToAccessDenied = context =>
+                {
+                    context.Response.StatusCode = StatusCodes.Status403Forbidden;
+                    return Task.CompletedTask;
+                };
+            });
+
+            services.AddDynamicAuthorization<ApplicationDbContext>(options => options.DefaultAdminUser = InitialData.SuperUser.UserName)
+                .AddJsonStore();
 
             services.AddScoped<DbInitializer>();
         }
@@ -52,7 +73,7 @@ public void Configure(IApplicationBuilder app, IHostApplicationLifetime applicat
             {
                 using var scope = app.ApplicationServices.CreateScope();
                 var dbInitializer = scope.ServiceProvider.GetService<DbInitializer>();
-                dbInitializer.InitializeDb();
+                dbInitializer.InitializeDbAsync().GetAwaiter().GetResult();
             });
         }
     }

test/DynamicRoleBasedAuthorization.Tests/Startup.cs

@@ -1,4 +1,5 @@
-using Microsoft.AspNetCore.Identity;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
 
 namespace DynamicRoleBasedAuthorization.Tests.TestSetup
 {
@@ -13,13 +14,13 @@ public DbInitializer(UserManager<IdentityUser> userManager, RoleManager<Identity
             _roleManager = roleManager;
         }
 
-        public void InitializeDb()
+        public async Task InitializeDbAsync()
         {
-            _userManager.CreateAsync(InitialData.SuperUser, "123@Qaz45").GetAwaiter().GetResult();
-            _userManager.CreateAsync(InitialData.AdminUser, "123@Qaz45").GetAwaiter().GetResult();
-            _userManager.CreateAsync(InitialData.OrdinaryUser, "123@Qaz45").GetAwaiter().GetResult();
-            _roleManager.CreateAsync(InitialData.AdminRole).GetAwaiter().GetResult();
-            _roleManager.CreateAsync(InitialData.RestrictedRole).GetAwaiter().GetResult();
+            await _userManager.CreateAsync(InitialData.SuperUser, InitialData.DefaultPassword);
+            await _userManager.CreateAsync(InitialData.AdminUser, InitialData.DefaultPassword);
+            await _userManager.CreateAsync(InitialData.OrdinaryUser, InitialData.DefaultPassword);
+            await _roleManager.CreateAsync(InitialData.AdminRole);
+            await _roleManager.CreateAsync(InitialData.RestrictedRole);
         }
     }
 }

test/DynamicRoleBasedAuthorization.Tests/TestSetup/DbInitializer.cs

@@ -13,5 +13,7 @@ public class InitialData
         public static IdentityRole AdminRole => new IdentityRole("AdminRole");
 
         public static IdentityRole RestrictedRole => new IdentityRole("RestrictedRole");
+
+        public const string DefaultPassword = "123@Qaz45";
     }
 }