public async Task OnRedirectToIdentityProvider_DefaultUserFlow_DoesntUpdateContext()
{
var errorAccessor = Substitute.For <ILoginErrorAccessor>();
var options = new MicrosoftIdentityOptions()
{
SignUpSignInPolicyId = DefaultUserFlow
};
var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, options, errorAccessor);
var httpContext = HttpContextUtilities.CreateHttpContext();
var authProperties = new AuthenticationProperties();
authProperties.Items.Add(OidcConstants.PolicyKey, DefaultUserFlow);
var context = new RedirectContext(httpContext, _authScheme, new OpenIdConnectOptions(), authProperties)
{
ProtocolMessage = new OpenIdConnectMessage()
{
IssuerAddress = _defaultIssuer
}
};
await handler.OnRedirectToIdentityProvider(context).ConfigureAwait(false);
errorAccessor.DidNotReceive().SetMessage(httpContext, Arg.Any <string>());
Assert.Null(context.ProtocolMessage.Scope);
Assert.Null(context.ProtocolMessage.ResponseType);
Assert.Equal(_defaultIssuer, context.ProtocolMessage.IssuerAddress);
Assert.True(context.Properties.Items.ContainsKey(OidcConstants.PolicyKey));
}
public void Configure(string name, OpenIdConnectOptions options)
{
var azureADB2CScheme = GetAzureADB2CScheme(name);
var azureADB2COptions = _azureADB2COptions.Get(azureADB2CScheme);
if (name != azureADB2COptions.OpenIdConnectSchemeName)
{
return;
}
options.ClientId = azureADB2COptions.ClientId;
options.ClientSecret = azureADB2COptions.ClientSecret;
options.Authority = BuildAuthority(azureADB2COptions);
options.CallbackPath = azureADB2COptions.CallbackPath ?? options.CallbackPath;
options.SignedOutCallbackPath = azureADB2COptions.SignedOutCallbackPath ?? options.SignedOutCallbackPath;
options.SignInScheme = azureADB2COptions.CookieSchemeName;
options.UseTokenLifetime = true;
options.TokenValidationParameters = new TokenValidationParameters {
NameClaimType = "name"
};
var handlers = new AzureADB2COpenIDConnectEventHandlers(azureADB2CScheme, azureADB2COptions);
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = handlers.OnRedirectToIdentityProvider,
OnRemoteFailure = handlers.OnRemoteFailure
};
}
public async Task OnRemoteError_HandlesResponseWhenErrorIsUnknown()
{
// Arrange
var handlers = new AzureADB2COpenIDConnectEventHandlers(
AzureADB2CDefaults.AuthenticationScheme,
new AzureADB2COptions()
{
SignUpSignInPolicyId = "B2C_1_SiUpIn"
});
var remoteFailureContext = new RemoteFailureContext(
new DefaultHttpContext(),
new AuthenticationScheme(
AzureADB2CDefaults.AuthenticationScheme,
displayName: null,
handlerType: typeof(OpenIdConnectHandler)),
new OpenIdConnectOptions(),
new OpenIdConnectProtocolException("some_other_error"));
// Act
await handlers.OnRemoteFailure(remoteFailureContext);
// Assert
Assert.Equal(StatusCodes.Status302Found, remoteFailureContext.Response.StatusCode);
Assert.Equal("/AzureADB2C/Account/Error", remoteFailureContext.Response.Headers.Location);
Assert.True(remoteFailureContext.Result.Handled);
}
public async Task OnRemoteError_HandlesResponseWhenUserCancelsFlowFromTheAzureADB2CUserInterface()
{
// Arrange
var handlers = new AzureADB2COpenIDConnectEventHandlers(
AzureADB2CDefaults.AuthenticationScheme,
new AzureADB2COptions()
{
SignUpSignInPolicyId = "B2C_1_SiUpIn"
});
var remoteFailureContext = new RemoteFailureContext(
new DefaultHttpContext(),
new AuthenticationScheme(
AzureADB2CDefaults.AuthenticationScheme,
displayName: null,
handlerType: typeof(OpenIdConnectHandler)),
new OpenIdConnectOptions(),
new OpenIdConnectProtocolException("access_denied"));
// Act
await handlers.OnRemoteFailure(remoteFailureContext);
// Assert
Assert.Equal(StatusCodes.Status302Found, remoteFailureContext.Response.StatusCode);
Assert.Equal("/", remoteFailureContext.Response.Headers.Location);
Assert.True(remoteFailureContext.Result.Handled);
}
public async void OnRedirectToIdentityProvider_CustomUserFlow_UpdatesContext()
{
var options = new MicrosoftIdentityOptions()
{
SignUpSignInPolicyId = DefaultUserFlow
};
var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, options);
var httpContext = HttpContextUtilities.CreateHttpContext();
var authProperties = new AuthenticationProperties();
authProperties.Items.Add(OidcConstants.PolicyKey, CustomUserFlow);
var context = new RedirectContext(httpContext, _authScheme, new OpenIdConnectOptions(), authProperties)
{
ProtocolMessage = new OpenIdConnectMessage()
{
IssuerAddress = _defaultIssuer
}
};
await handler.OnRedirectToIdentityProvider(context).ConfigureAwait(false);
Assert.Equal(OpenIdConnectScope.OpenIdProfile, context.ProtocolMessage.Scope);
Assert.Equal(OpenIdConnectResponseType.IdToken, context.ProtocolMessage.ResponseType);
Assert.Equal(_customIssuer, context.ProtocolMessage.IssuerAddress, true);
Assert.False(context.Properties.Items.ContainsKey(OidcConstants.PolicyKey));
}
public async void OnRemoteFailure_PasswordReset_RedirectsSuccessfully()
{
var httpContext = Substitute.For <HttpContext>();
httpContext.Request.PathBase = PathBase;
var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, new MicrosoftIdentityOptions());
var passwordResetException = "'access_denied', error_description: 'AADB2C90118: The user has forgotten their password. Correlation ID: f99deff4-f43b-43cc-b4e7-36141dbaf0a0 Timestamp: 2018-03-05 02:49:35Z', error_uri: 'error_uri is null'";
await handler.OnRemoteFailure(new RemoteFailureContext(httpContext, _authScheme, new OpenIdConnectOptions(), new OpenIdConnectProtocolException(passwordResetException))).ConfigureAwait(false);
httpContext.Response.Received().Redirect($"{httpContext.Request.PathBase}/MicrosoftIdentity/Account/ResetPassword/{OpenIdConnectDefaults.AuthenticationScheme}");
}
public async void OnRemoteFailure_OtherException_RedirectsSuccessfully()
{
var httpContext = Substitute.For <HttpContext>();
httpContext.Request.PathBase = PathBase;
var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, new MicrosoftIdentityOptions());
var otherException = "Generic exception.";
await handler.OnRemoteFailure(new RemoteFailureContext(httpContext, _authScheme, new OpenIdConnectOptions(), new OpenIdConnectProtocolException(otherException)));
httpContext.Response.Received().Redirect($"{httpContext.Request.PathBase}/MicrosoftIdentity/Account/Error");
}
public async void OnRemoteFailure_Cancel_RedirectsSuccessfully()
{
var httpContext = Substitute.For <HttpContext>();
httpContext.Request.PathBase = PathBase;
var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, new MicrosoftIdentityOptions());
var cancelException = "'access_denied', error_description: 'AADB2C90091: The user has canceled entering self-asserted information. Correlation ID: d01c8878-0732-4eb2-beb8-da82a57432e0 Timestamp: 2018-03-05 02:56:49Z ', error_uri: 'error_uri is null'";
await handler.OnRemoteFailure(new RemoteFailureContext(httpContext, _authScheme, new OpenIdConnectOptions(), new OpenIdConnectProtocolException(cancelException)));
httpContext.Response.Received().Redirect($"{httpContext.Request.PathBase}/");
}
public async Task OnRedirectToIdentityProvider_CustomUserFlow_UpdatesContext(bool hasClientCredentials)
{
var errorAccessor = Substitute.For <ILoginErrorAccessor>();
var options = new MicrosoftIdentityOptions()
{
SignUpSignInPolicyId = DefaultUserFlow
};
if (hasClientCredentials)
{
options.ClientSecret = TestConstants.ClientSecret;
}
var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, options, errorAccessor);
var httpContext = HttpContextUtilities.CreateHttpContext();
var authProperties = new AuthenticationProperties();
authProperties.Items.Add(OidcConstants.PolicyKey, CustomUserFlow);
var context = new RedirectContext(httpContext, _authScheme, new OpenIdConnectOptions(), authProperties)
{
ProtocolMessage = new OpenIdConnectMessage()
{
IssuerAddress = _defaultIssuer,
Scope = TestConstants.Scopes,
},
};
await handler.OnRedirectToIdentityProvider(context).ConfigureAwait(false);
errorAccessor.DidNotReceive().SetMessage(httpContext, Arg.Any <string>());
Assert.Equal(TestConstants.Scopes, context.ProtocolMessage.Scope);
Assert.Equal(_customIssuer, context.ProtocolMessage.IssuerAddress, true);
Assert.False(context.Properties.Items.ContainsKey(OidcConstants.PolicyKey));
if (hasClientCredentials)
{
Assert.Equal(OpenIdConnectResponseType.CodeIdToken, context.ProtocolMessage.ResponseType);
}
else
{
Assert.Equal(OpenIdConnectResponseType.IdToken, context.ProtocolMessage.ResponseType);
}
}
public async Task OnRedirectToIdentityProviderHandler_UpdatesRequestForOtherPolicies()
{
// Arrange
var handlers = new AzureADB2COpenIDConnectEventHandlers(
AzureADB2CDefaults.AuthenticationScheme,
new AzureADB2COptions()
{
SignUpSignInPolicyId = "B2C_1_SiUpIn"
});
var authenticationProperties = new AuthenticationProperties(new Dictionary <string, string>
{
[AzureADB2CDefaults.PolicyKey] = "B2C_1_EP"
});
var redirectContext = new RedirectContext(
new DefaultHttpContext(),
new AuthenticationScheme(AzureADB2CDefaults.AuthenticationScheme, "", typeof(OpenIdConnectHandler)),
new OpenIdConnectOptions(),
authenticationProperties)
{
ProtocolMessage = new OpenIdConnectMessage
{
Scope = OpenIdConnectScope.OpenId,
ResponseType = OpenIdConnectResponseType.Code,
IssuerAddress = "https://login.microsoftonline.com/tfp/domain.onmicrosoft.com/B2C_1_EP/v2.0"
}
};
// Act
await handlers.OnRedirectToIdentityProvider(redirectContext);
// Assert
Assert.Equal(OpenIdConnectScope.OpenIdProfile, redirectContext.ProtocolMessage.Scope);
Assert.Equal(OpenIdConnectResponseType.IdToken, redirectContext.ProtocolMessage.ResponseType);
Assert.Equal(
"https://login.microsoftonline.com/tfp/domain.onmicrosoft.com/b2c_1_ep/v2.0",
redirectContext.ProtocolMessage.IssuerAddress);
Assert.False(authenticationProperties.Items.ContainsKey(AzureADB2CDefaults.PolicyKey));
}
