12

Unit Test to assure the Authorized Attribute in MVC is applied

 3 years ago
source link: https://www.aligneddev.net/blog/2017/testmvcauthorizeattribute/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Unit Test to assure the Authorized Attribute in MVC is applied

Originally posted on GeeksWithBlogs.net.

I wanted to Unit Test (in BDD I’d call it a specification) that the controller had the authorize attribute so I found this approach awhile back and forgotten who to give credit for it, but I thought I’d post it, so I won’t have to search for it next time. I put this in a base class and it’s been very useful.

EDIT: March 21st, 2013 I added a way to also verify the correct roles are in the attribute. This is especially nice, sine the attribute takes strings.

EDIT: December 11, 2017. This still works today in Asp.Net MVC. I haven’t tried it in Core, but assume it works there as well.

The helper code

[Authorize(Roles = "Super Admin, User Admin")]
public void MyController2{}

[Authorize]
public void MyController{}

/// <summary> It should require authorization for Controller or ApiController.</summary>
/// <param name="controller"> The controller.</param>
/// <returns>The Authorize Attribute from the controller .</returns>
protected AuthorizeAttribute It_Should_Require_Authorization(object controller)
{
    var type = controller.GetType();
    var attributes = type.GetCustomAttributes(typeof(AuthorizeAttribute), true);
    Assert.IsTrue(attributes.Any(), "No AuthorizeAttribute found");
    return attributes.Any() ? attributes[0] as AuthorizeAttribute : null;
}

/// <summary> It should require authorization for Controller or ApiController.</summary>
/// <param name="controller"> The controller.</param>
/// <param name="roles">      The roles.</param>
protected void It_Should_Require_Authorization(object controller, string[] roles)
{
    var authorizeAttribute = this.It_Should_Require_Authorization(controller);
    if (!roles.Any())
    {
        return;
    }

    if (authorizeAttribute == null)
    {
        return;
    }

    bool all = authorizeAttribute.Roles.Split(',').All(r => roles.Contains(r.Trim()));
    Assert.IsTrue(all);
}

The unit tests

[TestMethod]
public void It_Should_Require_Authorization()
{
  // where this.Controller is the controller you are testing  
  this.It_Should_Require_Authorization(this.Controller);
}

[TestMethod]
public void It_Should_Require_Authorization()
{
    var roles = new[] { "Super Admin", "User Admin" };
    this.It_Should_Require_Authorization(this.Controller, roles);
}

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK