File: AuthorizationMiddlewareResultHandlerTests.cs
Web Access
Project: src\src\Security\Authorization\test\Microsoft.AspNetCore.Authorization.Test.csproj (Microsoft.AspNetCore.Authorization.Test)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization.Policy;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Moq;
 
namespace Microsoft.AspNetCore.Authorization.Test;
 
public class AuthorizationMiddlewareResultHandlerTests
{
    [Fact]
    public async Task CallRequestDelegate_If_PolicyAuthorizationResultSucceeded()
    {
        var requestDelegate = new Mock<RequestDelegate>();
        var httpContext = CreateHttpContext();
        var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Success();
        var handler = CreateAuthorizationMiddlewareResultHandler();
 
        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
 
        requestDelegate.Verify(next => next(It.IsAny<HttpContext>()), Times.Once);
    }
 
    [Fact]
    public async Task NotCallRequestDelegate_If_PolicyAuthorizationResultWasChallenged()
    {
        var requestDelegate = new Mock<RequestDelegate>();
        var httpContext = CreateHttpContext();
        var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Challenge();
        var handler = CreateAuthorizationMiddlewareResultHandler();
 
        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
 
        requestDelegate.Verify(next => next(It.IsAny<HttpContext>()), Times.Never);
    }
 
    [Fact]
    public async Task NotCallRequestDelegate_If_PolicyAuthorizationResultWasForbidden()
    {
        var requestDelegate = new Mock<RequestDelegate>();
        var httpContext = CreateHttpContext();
        var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Forbid();
        var handler = CreateAuthorizationMiddlewareResultHandler();
 
        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
 
        requestDelegate.Verify(next => next(It.IsAny<HttpContext>()), Times.Never);
    }
 
    [Fact]
    public async Task ChallangeEachAuthenticationScheme_If_PolicyAuthorizationResultWasChallenged()
    {
        var authenticationServiceMock = new Mock<IAuthenticationService>();
        var requestDelegate = new Mock<RequestDelegate>();
        var httpContext = CreateHttpContext(authenticationServiceMock.Object);
        var firstScheme = Guid.NewGuid().ToString();
        var secondScheme = Guid.NewGuid().ToString();
        var thirdScheme = Guid.NewGuid().ToString();
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .AddAuthenticationSchemes(firstScheme, secondScheme, thirdScheme)
            .Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Challenge();
        var handler = CreateAuthorizationMiddlewareResultHandler();
 
        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
 
        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, It.IsAny<string>(), null), Times.Exactly(3));
        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, firstScheme, null), Times.Once);
        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, secondScheme, null), Times.Once);
        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, thirdScheme, null), Times.Once);
    }
 
    [Fact]
    public async Task ChallangeWithoutAuthenticationScheme_If_PolicyAuthorizationResultWasChallenged()
    {
        var authenticationServiceMock = new Mock<IAuthenticationService>();
        var requestDelegate = new Mock<RequestDelegate>();
        var httpContext = CreateHttpContext(authenticationServiceMock.Object);
        var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Challenge();
        var handler = CreateAuthorizationMiddlewareResultHandler();
 
        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
 
        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, null, null), Times.Once);
    }
 
    [Fact]
    public async Task ForbidEachAuthenticationScheme_If_PolicyAuthorizationResultWasForbidden()
    {
        var authenticationServiceMock = new Mock<IAuthenticationService>();
        var requestDelegate = new Mock<RequestDelegate>();
        var httpContext = CreateHttpContext(authenticationServiceMock.Object);
        var firstScheme = Guid.NewGuid().ToString();
        var secondScheme = Guid.NewGuid().ToString();
        var thirdScheme = Guid.NewGuid().ToString();
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .AddAuthenticationSchemes(firstScheme, secondScheme, thirdScheme)
            .Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Forbid();
        var handler = CreateAuthorizationMiddlewareResultHandler();
 
        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
 
        authenticationServiceMock.Verify(service => service.ForbidAsync(httpContext, It.IsAny<string>(), null), Times.Exactly(3));
        authenticationServiceMock.Verify(service => service.ForbidAsync(httpContext, firstScheme, null), Times.Once);
        authenticationServiceMock.Verify(service => service.ForbidAsync(httpContext, secondScheme, null), Times.Once);
        authenticationServiceMock.Verify(service => service.ForbidAsync(httpContext, thirdScheme, null), Times.Once);
    }
 
    [Fact]
    public async Task ForbidWithoutAuthenticationScheme_If_PolicyAuthorizationResultWasForbidden()
    {
        var authenticationServiceMock = new Mock<IAuthenticationService>();
        var requestDelegate = new Mock<RequestDelegate>();
        var httpContext = CreateHttpContext(authenticationServiceMock.Object);
        var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Forbid();
        var handler = CreateAuthorizationMiddlewareResultHandler();
 
        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
 
        authenticationServiceMock.Verify(service => service.ForbidAsync(httpContext, null, null), Times.Once);
    }
 
    private HttpContext CreateHttpContext(IAuthenticationService authenticationService = null)
    {
        var services = new ServiceCollection();
 
        services.AddTransient(provider => authenticationService ?? new Mock<IAuthenticationService>().Object);
 
        var serviceProvider = services.BuildServiceProvider();
 
        return new DefaultHttpContext { RequestServices = serviceProvider };
    }
 
    private AuthorizationMiddlewareResultHandler CreateAuthorizationMiddlewareResultHandler() => new AuthorizationMiddlewareResultHandler();
}