File: SecurityHelperTests.cs
Web Access
Project: src\src\Shared\test\Shared.Tests\Microsoft.AspNetCore.Shared.Tests.csproj (Microsoft.AspNetCore.Shared.Tests)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System.Linq;
using System.Security.Claims;
using System.Security.Principal;
using Xunit;
 
namespace Microsoft.Extensions.Internal;
 
public class SecurityHelperTests
{
    [Fact]
    public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
    {
        var user = SecurityHelper.MergeUserPrincipal(new ClaimsPrincipal(), new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), new string[0]));
 
        Assert.NotNull(user);
        Assert.Equal("Alpha", user.Identity.AuthenticationType);
        Assert.Equal("Test1", user.Identity.Name);
        Assert.IsAssignableFrom<ClaimsPrincipal>(user);
        Assert.IsAssignableFrom<ClaimsIdentity>(user.Identity);
        Assert.Single(user.Identities);
    }
 
    [Fact]
    public void AddingExistingIdentityChangesDefaultButPreservesPrior()
    {
        ClaimsPrincipal user = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
 
        Assert.Equal("Alpha", user.Identity.AuthenticationType);
        Assert.Equal("Test1", user.Identity.Name);
 
        user = SecurityHelper.MergeUserPrincipal(user, new GenericPrincipal(new GenericIdentity("Test2", "Beta"), new string[0]));
 
        Assert.Equal("Beta", user.Identity.AuthenticationType);
        Assert.Equal("Test2", user.Identity.Name);
 
        user = SecurityHelper.MergeUserPrincipal(user, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
 
        Assert.Equal("Gamma", user.Identity.AuthenticationType);
        Assert.Equal("Test3", user.Identity.Name);
 
        Assert.Equal(3, user.Identities.Count());
        Assert.Equal("Test3", user.Identities.Skip(0).First().Name);
        Assert.Equal("Test2", user.Identities.Skip(1).First().Name);
        Assert.Equal("Test1", user.Identities.Skip(2).First().Name);
    }
 
    [Fact]
    public void AddingPreservesNewIdentitiesAndDropsEmpty()
    {
        var existingPrincipal = new ClaimsPrincipal(new ClaimsIdentity());
        var identityNoAuthTypeWithClaim = new ClaimsIdentity();
        identityNoAuthTypeWithClaim.AddClaim(new Claim("identityNoAuthTypeWithClaim", "yes"));
        existingPrincipal.AddIdentity(identityNoAuthTypeWithClaim);
        var identityEmptyWithAuthType = new ClaimsIdentity("empty");
        existingPrincipal.AddIdentity(identityEmptyWithAuthType);
 
        Assert.False(existingPrincipal.Identity.IsAuthenticated);
 
        var newPrincipal = new ClaimsPrincipal();
        var newEmptyIdentity = new ClaimsIdentity();
        var identityTwo = new ClaimsIdentity("yep");
        newPrincipal.AddIdentity(newEmptyIdentity);
        newPrincipal.AddIdentity(identityTwo);
 
        var user = SecurityHelper.MergeUserPrincipal(existingPrincipal, newPrincipal);
 
        // Preserve newPrincipal order
        Assert.False(user.Identity.IsAuthenticated);
        Assert.Null(user.Identity.Name);
 
        Assert.Equal(4, user.Identities.Count());
        Assert.Equal(newEmptyIdentity, user.Identities.Skip(0).First());
        Assert.Equal(identityTwo, user.Identities.Skip(1).First());
        Assert.Equal(identityNoAuthTypeWithClaim, user.Identities.Skip(2).First());
        Assert.Equal(identityEmptyWithAuthType, user.Identities.Skip(3).First());
 
        // This merge should drop newEmptyIdentity since its empty
        user = SecurityHelper.MergeUserPrincipal(user, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
 
        Assert.Equal("Gamma", user.Identity.AuthenticationType);
        Assert.Equal("Test3", user.Identity.Name);
 
        Assert.Equal(4, user.Identities.Count());
        Assert.Equal("Test3", user.Identities.Skip(0).First().Name);
        Assert.Equal(identityTwo, user.Identities.Skip(1).First());
        Assert.Equal(identityNoAuthTypeWithClaim, user.Identities.Skip(2).First());
        Assert.Equal(identityEmptyWithAuthType, user.Identities.Skip(3).First());
    }
}