Auth fully working, not all tests updated

aau-giraf · Dec 9, 2024 · 6e67c50 · 6e67c50
1 parent 2164eed
commit 6e67c50
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 10 deletions.
diff --git a/Giraf.IntegrationTests/Endpoints/CitizenEndpointTests.cs b/Giraf.IntegrationTests/Endpoints/CitizenEndpointTests.cs
@@ -26,7 +26,7 @@ public async Task GetAllCitizens_ReturnsListOfCitizens()
             factory.SeedDb(scope, seeder);
             var client = factory.CreateClient();
 
-            TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]);
+            client.AttachClaimsToken(scope, seeder.Users["admin"]);
 
             // Act
             var response = await client.GetAsync("/citizens");
@@ -71,7 +71,7 @@ public async Task GetCitizenById_ReturnsCitizen_WhenCitizenExists()
             factory.SeedDb(scope, seeder);
             var client = factory.CreateClient();
 
-            TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]);
+            client.AttachClaimsToken(scope, seeder.Users["admin"]);
 
             var citizenId = seeder.Citizens[0].Id;
 
@@ -117,7 +117,7 @@ public async Task UpdateCitizen_ReturnsOk_WhenCitizenExists()
             factory.SeedDb(scope, seeder);
             var client = factory.CreateClient();
 
-            TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]);
+            client.AttachClaimsToken(scope, seeder.Users["admin"]);
 
             var citizenId = seeder.Citizens[0].Id;
 
@@ -169,6 +169,7 @@ public async Task AddCitizen_ReturnsOk_WhenOrganizationExists()
             var scope = factory.Services.CreateScope();
             factory.SeedDb(scope, seeder);
             var client = factory.CreateClient();
+
             client.AttachClaimsToken(scope, seeder.Users["admin"]);
 
             var createCitizenDto = new CreateCitizenDTO("New", "Citizen");
@@ -200,7 +201,7 @@ public async Task AddCitizen_ReturnsNotFound_WhenOrganizationDoesNotExist()
             seeder.SeedUsers(scope.ServiceProvider.GetRequiredService<UserManager<GirafUser>>());
             var client = factory.CreateClient();
 
-            TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]);
+            client.AttachClaimsToken(scope, seeder.Users["admin"]);
 
             var createCitizenDto = new CreateCitizenDTO("New", "Citizen");
 
@@ -226,7 +227,7 @@ public async Task RemoveCitizen_ReturnsNoContent_WhenCitizenExistsInOrganization
             factory.SeedDb(scope, seeder);
             var client = factory.CreateClient();
 
-            TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]);
+            client.AttachClaimsToken(scope, seeder.Users["admin"]);
 
             // Get the organization ID and citizen ID
             var organizationId = seeder.Organizations.First().Id;
@@ -258,7 +259,7 @@ public async Task RemoveCitizen_ReturnsNotFound_WhenCitizenDoesNotExist()
             factory.SeedDb(scope, seeder);
             var client = factory.CreateClient();
 
-            TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]);
+            client.AttachClaimsToken(scope, seeder.Users["admin"]);
 
             var organizationId = seeder.Organizations.First().Id;
 
@@ -287,7 +288,7 @@ public async Task RemoveCitizen_ReturnsBadRequest_WhenCitizenNotInOrganization()
             );
             var client = factory.CreateClient();
 
-            TestAuthHandler.SetTestClaims(scope, seeder.Users["owner"]);
+            client.AttachClaimsToken(scope, seeder.Users["admin"]);
 
             var organizationId = seeder.Organizations[1].Id;
             var citizenId = seeder.Citizens[0].Id;

diff --git a/GirafAPI/Authorization/OrgAdminRequirement.cs b/GirafAPI/Authorization/OrgAdminRequirement.cs
@@ -1,4 +1,5 @@
 using GirafAPI.Data;
+using GirafAPI.Entities.Organizations;
 using GirafAPI.Entities.Users;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
@@ -45,7 +46,18 @@ protected override async Task HandleRequirementAsync(
 
         var httpContext = _httpContextAccessor.HttpContext;
         var orgIdInUrl = httpContext.Request.RouteValues["orgId"];
-        var organization = await _dbContext.Organizations.FindAsync(orgIdInUrl);
+        Organization organization;
+
+        if (orgIdInUrl is string) // The test environment sends route values as strings
+        {
+            int orgId = Convert.ToInt32(orgIdInUrl);
+            organization = await _dbContext.Organizations.FindAsync(orgId);
+        }
+        else
+        {
+            organization = await _dbContext.Organizations.FindAsync(orgIdInUrl);
+        }
+
         if (organization == null)
         {
             // Succeed and let the endpoint return NotFound

diff --git a/GirafAPI/Authorization/OrgMemberRequirement.cs b/GirafAPI/Authorization/OrgMemberRequirement.cs
@@ -1,4 +1,5 @@
 using GirafAPI.Data;
+using GirafAPI.Entities.Organizations;
 using GirafAPI.Entities.Users;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
@@ -45,8 +46,18 @@ protected override async Task HandleRequirementAsync(
 
         var httpContext = _httpContextAccessor.HttpContext;
         var orgIdInUrl = httpContext.Request.RouteValues["orgId"];
+        Organization organization;
+
+        if (orgIdInUrl is string) // The test environment sends route values as strings
+        {
+            int orgId = Convert.ToInt32(orgIdInUrl);
+            organization = await _dbContext.Organizations.FindAsync(orgId);
+        }
+        else
+        {
+            organization = await _dbContext.Organizations.FindAsync(orgIdInUrl);
+        }
 
-        var organization = await _dbContext.Organizations.FindAsync(orgIdInUrl);
         if (organization == null)
         {
             // Succeed and let the endpoint return NotFound

diff --git a/GirafAPI/Authorization/OrgOwnerRequirement.cs b/GirafAPI/Authorization/OrgOwnerRequirement.cs
@@ -1,3 +1,5 @@
+using GirafAPI.Data;
+using GirafAPI.Entities.Organizations;
 using GirafAPI.Entities.Users;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
@@ -13,11 +15,15 @@ public class OrgOwnerAuthorizationHandler : AuthorizationHandler<OrgOwnerRequire
 {
     private readonly IHttpContextAccessor _httpContextAccessor;
     private readonly UserManager<GirafUser> _userManager;
+    private readonly GirafDbContext _dbContext;
 
-    public OrgOwnerAuthorizationHandler(IHttpContextAccessor httpContextAccessor, UserManager<GirafUser> userManager)
+    public OrgOwnerAuthorizationHandler(IHttpContextAccessor httpContextAccessor, 
+                                        UserManager<GirafUser> userManager,
+                                        GirafDbContext dbContext)
     {
         _httpContextAccessor = httpContextAccessor;
         _userManager = userManager;
+        _dbContext = dbContext;
     }
 
     protected override async Task HandleRequirementAsync(
@@ -43,6 +49,24 @@ protected override async Task HandleRequirementAsync(
 
         var httpContext = _httpContextAccessor.HttpContext;
         var orgIdInUrl = httpContext.Request.RouteValues["orgId"];
+        Organization organization;
+
+        if (orgIdInUrl is string) // The test environment sends route values as strings
+        {
+            int orgId = Convert.ToInt32(orgIdInUrl);
+            organization = await _dbContext.Organizations.FindAsync(orgId);
+        }
+        else
+        {
+            organization = await _dbContext.Organizations.FindAsync(orgIdInUrl);
+        }
+
+        if (organization == null)
+        {
+            // Succeed and let the endpoint return NotFound
+            context.Succeed(requirement);
+            return;
+        }
 
         if (orgIds.Contains(orgIdInUrl))
         {