diff --git a/Giraf.IntegrationTests/Endpoints/CitizenEndpointTests.cs b/Giraf.IntegrationTests/Endpoints/CitizenEndpointTests.cs index 6e6db6a..8b24aa5 100644 --- a/Giraf.IntegrationTests/Endpoints/CitizenEndpointTests.cs +++ b/Giraf.IntegrationTests/Endpoints/CitizenEndpointTests.cs @@ -26,7 +26,7 @@ public async Task GetAllCitizens_ReturnsListOfCitizens() factory.SeedDb(scope, seeder); var client = factory.CreateClient(); - TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]); + client.AttachClaimsToken(scope, seeder.Users["admin"]); // Act var response = await client.GetAsync("/citizens"); @@ -71,7 +71,7 @@ public async Task GetCitizenById_ReturnsCitizen_WhenCitizenExists() factory.SeedDb(scope, seeder); var client = factory.CreateClient(); - TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]); + client.AttachClaimsToken(scope, seeder.Users["admin"]); var citizenId = seeder.Citizens[0].Id; @@ -117,7 +117,7 @@ public async Task UpdateCitizen_ReturnsOk_WhenCitizenExists() factory.SeedDb(scope, seeder); var client = factory.CreateClient(); - TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]); + client.AttachClaimsToken(scope, seeder.Users["admin"]); var citizenId = seeder.Citizens[0].Id; @@ -169,6 +169,7 @@ public async Task AddCitizen_ReturnsOk_WhenOrganizationExists() var scope = factory.Services.CreateScope(); factory.SeedDb(scope, seeder); var client = factory.CreateClient(); + client.AttachClaimsToken(scope, seeder.Users["admin"]); var createCitizenDto = new CreateCitizenDTO("New", "Citizen"); @@ -200,7 +201,7 @@ public async Task AddCitizen_ReturnsNotFound_WhenOrganizationDoesNotExist() seeder.SeedUsers(scope.ServiceProvider.GetRequiredService>()); var client = factory.CreateClient(); - TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]); + client.AttachClaimsToken(scope, seeder.Users["admin"]); var createCitizenDto = new CreateCitizenDTO("New", "Citizen"); @@ -226,7 +227,7 @@ public async Task RemoveCitizen_ReturnsNoContent_WhenCitizenExistsInOrganization factory.SeedDb(scope, seeder); var client = factory.CreateClient(); - TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]); + client.AttachClaimsToken(scope, seeder.Users["admin"]); // Get the organization ID and citizen ID var organizationId = seeder.Organizations.First().Id; @@ -258,7 +259,7 @@ public async Task RemoveCitizen_ReturnsNotFound_WhenCitizenDoesNotExist() factory.SeedDb(scope, seeder); var client = factory.CreateClient(); - TestAuthHandler.SetTestClaims(scope, seeder.Users["admin"]); + client.AttachClaimsToken(scope, seeder.Users["admin"]); var organizationId = seeder.Organizations.First().Id; @@ -287,7 +288,7 @@ public async Task RemoveCitizen_ReturnsBadRequest_WhenCitizenNotInOrganization() ); var client = factory.CreateClient(); - TestAuthHandler.SetTestClaims(scope, seeder.Users["owner"]); + client.AttachClaimsToken(scope, seeder.Users["admin"]); var organizationId = seeder.Organizations[1].Id; var citizenId = seeder.Citizens[0].Id; diff --git a/GirafAPI/Authorization/OrgAdminRequirement.cs b/GirafAPI/Authorization/OrgAdminRequirement.cs index b242445..350129d 100755 --- a/GirafAPI/Authorization/OrgAdminRequirement.cs +++ b/GirafAPI/Authorization/OrgAdminRequirement.cs @@ -1,4 +1,5 @@ using GirafAPI.Data; +using GirafAPI.Entities.Organizations; using GirafAPI.Entities.Users; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; @@ -45,7 +46,18 @@ protected override async Task HandleRequirementAsync( var httpContext = _httpContextAccessor.HttpContext; var orgIdInUrl = httpContext.Request.RouteValues["orgId"]; - var organization = await _dbContext.Organizations.FindAsync(orgIdInUrl); + Organization organization; + + if (orgIdInUrl is string) // The test environment sends route values as strings + { + int orgId = Convert.ToInt32(orgIdInUrl); + organization = await _dbContext.Organizations.FindAsync(orgId); + } + else + { + organization = await _dbContext.Organizations.FindAsync(orgIdInUrl); + } + if (organization == null) { // Succeed and let the endpoint return NotFound diff --git a/GirafAPI/Authorization/OrgMemberRequirement.cs b/GirafAPI/Authorization/OrgMemberRequirement.cs index 8811c6a..c8e82a2 100755 --- a/GirafAPI/Authorization/OrgMemberRequirement.cs +++ b/GirafAPI/Authorization/OrgMemberRequirement.cs @@ -1,4 +1,5 @@ using GirafAPI.Data; +using GirafAPI.Entities.Organizations; using GirafAPI.Entities.Users; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; @@ -45,8 +46,18 @@ protected override async Task HandleRequirementAsync( var httpContext = _httpContextAccessor.HttpContext; var orgIdInUrl = httpContext.Request.RouteValues["orgId"]; + Organization organization; + + if (orgIdInUrl is string) // The test environment sends route values as strings + { + int orgId = Convert.ToInt32(orgIdInUrl); + organization = await _dbContext.Organizations.FindAsync(orgId); + } + else + { + organization = await _dbContext.Organizations.FindAsync(orgIdInUrl); + } - var organization = await _dbContext.Organizations.FindAsync(orgIdInUrl); if (organization == null) { // Succeed and let the endpoint return NotFound diff --git a/GirafAPI/Authorization/OrgOwnerRequirement.cs b/GirafAPI/Authorization/OrgOwnerRequirement.cs index 3e05d3a..ab8e6bd 100644 --- a/GirafAPI/Authorization/OrgOwnerRequirement.cs +++ b/GirafAPI/Authorization/OrgOwnerRequirement.cs @@ -1,3 +1,5 @@ +using GirafAPI.Data; +using GirafAPI.Entities.Organizations; using GirafAPI.Entities.Users; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; @@ -13,11 +15,15 @@ public class OrgOwnerAuthorizationHandler : AuthorizationHandler _userManager; + private readonly GirafDbContext _dbContext; - public OrgOwnerAuthorizationHandler(IHttpContextAccessor httpContextAccessor, UserManager userManager) + public OrgOwnerAuthorizationHandler(IHttpContextAccessor httpContextAccessor, + UserManager userManager, + GirafDbContext dbContext) { _httpContextAccessor = httpContextAccessor; _userManager = userManager; + _dbContext = dbContext; } protected override async Task HandleRequirementAsync( @@ -43,6 +49,24 @@ protected override async Task HandleRequirementAsync( var httpContext = _httpContextAccessor.HttpContext; var orgIdInUrl = httpContext.Request.RouteValues["orgId"]; + Organization organization; + + if (orgIdInUrl is string) // The test environment sends route values as strings + { + int orgId = Convert.ToInt32(orgIdInUrl); + organization = await _dbContext.Organizations.FindAsync(orgId); + } + else + { + organization = await _dbContext.Organizations.FindAsync(orgIdInUrl); + } + + if (organization == null) + { + // Succeed and let the endpoint return NotFound + context.Succeed(requirement); + return; + } if (orgIds.Contains(orgIdInUrl)) {