parent
06dfa2e687
commit
f47c7959af
@ -0,0 +1,170 @@
|
||||
using System;
|
||||
using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.Text.Encodings.Web;
|
||||
using System.Threading.Tasks;
|
||||
using AutoFixture;
|
||||
using AutoFixture.AutoMoq;
|
||||
using Jellyfin.Api.Auth;
|
||||
using Jellyfin.Api.Constants;
|
||||
using MediaBrowser.Controller.Entities;
|
||||
using MediaBrowser.Controller.Net;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Logging.Abstractions;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Moq;
|
||||
using Xunit;
|
||||
|
||||
namespace Jellyfin.Api.Tests.Auth
|
||||
{
|
||||
public class CustomAuthenticationHandlerTests
|
||||
{
|
||||
private readonly IFixture _fixture;
|
||||
|
||||
private readonly Mock<IAuthService> _authServiceMock;
|
||||
private readonly Mock<IOptionsMonitor<AuthenticationSchemeOptions>> _optionsMock;
|
||||
private readonly Mock<ISystemClock> _clockMock;
|
||||
private readonly Mock<IServiceProvider> _serviceProviderMock;
|
||||
private readonly Mock<IAuthenticationService> _authenticationServiceMock;
|
||||
private readonly UrlEncoder _urlEncoder;
|
||||
private readonly HttpContext _context;
|
||||
|
||||
private readonly CustomAuthenticationHandler _sut;
|
||||
private readonly AuthenticationScheme _scheme;
|
||||
|
||||
public CustomAuthenticationHandlerTests()
|
||||
{
|
||||
_fixture = new Fixture().Customize(new AutoMoqCustomization {ConfigureMembers = true});
|
||||
AllowFixtureCircularDependencies();
|
||||
|
||||
_authServiceMock = _fixture.Freeze<Mock<IAuthService>>();
|
||||
_optionsMock = _fixture.Freeze<Mock<IOptionsMonitor<AuthenticationSchemeOptions>>>();
|
||||
_clockMock = _fixture.Freeze<Mock<ISystemClock>>();
|
||||
_serviceProviderMock = _fixture.Freeze<Mock<IServiceProvider>>();
|
||||
_authenticationServiceMock = _fixture.Freeze<Mock<IAuthenticationService>>();
|
||||
_fixture.Register<ILoggerFactory>(() => new NullLoggerFactory());
|
||||
|
||||
_urlEncoder = UrlEncoder.Default;
|
||||
|
||||
_serviceProviderMock.Setup(s => s.GetService(typeof(IAuthenticationService)))
|
||||
.Returns(_authenticationServiceMock.Object);
|
||||
|
||||
_optionsMock.Setup(o => o.Get(It.IsAny<string>()))
|
||||
.Returns(new AuthenticationSchemeOptions
|
||||
{
|
||||
ForwardAuthenticate = null
|
||||
});
|
||||
|
||||
_context = new DefaultHttpContext
|
||||
{
|
||||
RequestServices = _serviceProviderMock.Object
|
||||
};
|
||||
|
||||
_scheme = new AuthenticationScheme(
|
||||
_fixture.Create<string>(),
|
||||
null,
|
||||
typeof(CustomAuthenticationHandler));
|
||||
|
||||
_sut = _fixture.Create<CustomAuthenticationHandler>();
|
||||
_sut.InitializeAsync(_scheme, _context).Wait();
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HandleAuthenticateAsyncShouldFailWithNullUser()
|
||||
{
|
||||
_authServiceMock.Setup(
|
||||
a => a.Authenticate(
|
||||
It.IsAny<HttpRequest>(),
|
||||
It.IsAny<AuthenticatedAttribute>()))
|
||||
.Returns((User) null);
|
||||
|
||||
var authenticateResult = await _sut.AuthenticateAsync();
|
||||
|
||||
Assert.False(authenticateResult.Succeeded);
|
||||
Assert.Equal("Invalid user", authenticateResult.Failure.Message);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HandleAuthenticateAsyncShouldFailOnSecurityException()
|
||||
{
|
||||
var errorMessage = _fixture.Create<string>();
|
||||
|
||||
_authServiceMock.Setup(
|
||||
a => a.Authenticate(
|
||||
It.IsAny<HttpRequest>(),
|
||||
It.IsAny<AuthenticatedAttribute>()))
|
||||
.Throws(new SecurityException(errorMessage));
|
||||
|
||||
var authenticateResult = await _sut.AuthenticateAsync();
|
||||
|
||||
Assert.False(authenticateResult.Succeeded);
|
||||
Assert.Equal(errorMessage, authenticateResult.Failure.Message);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HandleAuthenticateAsyncShouldSucceedWithUser()
|
||||
{
|
||||
SetupUser();
|
||||
var authenticateResult = await _sut.AuthenticateAsync();
|
||||
|
||||
Assert.True(authenticateResult.Succeeded);
|
||||
Assert.Null(authenticateResult.Failure);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HandleAuthenticateAsyncShouldAssignNameClaim()
|
||||
{
|
||||
var user = SetupUser();
|
||||
var authenticateResult = await _sut.AuthenticateAsync();
|
||||
|
||||
Assert.True(authenticateResult.Principal.HasClaim(ClaimTypes.Name, user.Name));
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(true)]
|
||||
[InlineData(false)]
|
||||
public async Task HandleAuthenticateAsyncShouldAssignRoleClaim(bool isAdmin)
|
||||
{
|
||||
var user = SetupUser(isAdmin);
|
||||
var authenticateResult = await _sut.AuthenticateAsync();
|
||||
|
||||
var expectedRole = user.Policy.IsAdministrator ? UserRoles.Administrator : UserRoles.User;
|
||||
Assert.True(authenticateResult.Principal.HasClaim(ClaimTypes.Role, expectedRole));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HandleAuthenticateAsyncShouldAssignTicketCorrectScheme()
|
||||
{
|
||||
SetupUser();
|
||||
var authenticatedResult = await _sut.AuthenticateAsync();
|
||||
|
||||
Assert.Equal(_scheme.Name, authenticatedResult.Ticket.AuthenticationScheme);
|
||||
}
|
||||
|
||||
private User SetupUser(bool isAdmin=false)
|
||||
{
|
||||
var user = _fixture.Create<User>();
|
||||
user.Policy.IsAdministrator = isAdmin;
|
||||
|
||||
_authServiceMock.Setup(
|
||||
a => a.Authenticate(
|
||||
It.IsAny<HttpRequest>(),
|
||||
It.IsAny<AuthenticatedAttribute>()))
|
||||
.Returns(user);
|
||||
|
||||
return user;
|
||||
}
|
||||
|
||||
private void AllowFixtureCircularDependencies()
|
||||
{
|
||||
// A circular dependency exists in the User entity around parent folders,
|
||||
// this allows Autofixture to generate a User regardless, rather than throw
|
||||
// an error.
|
||||
_fixture.Behaviors.OfType<ThrowingRecursionBehavior>().ToList()
|
||||
.ForEach(b => _fixture.Behaviors.Remove(b));
|
||||
_fixture.Behaviors.Add(new OmitOnRecursionBehavior());
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in new issue