public void ShouldFailOnInvalidCredentials()
{
var filter = new HawkRequestFilter((id) =>
{
return new HawkCredential
{
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var headers = new NameValueCollection();
var request = new Mock<IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "localhost");
headers.Add("Authorization", "Hawk id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\"");
var response = new Mock<IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized);
response.VerifySet(r => r.StatusDescription = "Invalid credentials");
}
public void ShouldReturnChallengeOnEmptyAuthHeaderWithStatusUnauthorized()
{
var filter = new HawkRequestFilter((id) =>
{
return(new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
});
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var headers = new NameValueCollection();
var request = new Mock <IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "localhost");
var response = new Mock <IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized);
response.Verify(r => r.AddHeader("WwwAuthenticate", It.Is <string>(s => s.Contains("Hawk"))));
}
public void ShouldFailOnUnknownBadMac()
{
var filter = new HawkRequestFilter((id) =>
{
return(new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
});
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var headers = new NameValueCollection();
var request = new Mock <IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "localhost");
headers.Add("Authorization", "Hawk id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\"");
var response = new Mock <IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized);
response.VerifySet(r => r.StatusDescription = "Bad mac");
}
public void ShouldNotAuthorizeOnWrongAuthScheme()
{
var filter = new HawkRequestFilter(GetCredential);
var headers = new NameValueCollection();
var request = new Mock <IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Authorization", "Basic ");
var response = new Mock <IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = 401);
}
public void ShouldFailOnInvalidAuthFormat()
{
var filter = new HawkRequestFilter(GetCredential);
var headers = new NameValueCollection();
var request = new Mock<IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "localhost");
headers.Add("Authorization", "Hawk ");
var response = new Mock<IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.BadRequest);
response.VerifySet(r => r.StatusDescription = "Invalid header format");
}
public void ShouldFailOnWMissingHostHeader()
{
var filter = new HawkRequestFilter(GetCredential);
var headers = new NameValueCollection();
var request = new Mock <IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Authorization", "Hawk id = \"123\", ts = \"1353788437\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"");
var response = new Mock <IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.BadRequest);
response.VerifySet(r => r.StatusDescription = "Missing Host header");
}
public void ShouldFailOnInvalidAuthFormat()
{
var filter = new HawkRequestFilter(GetCredential);
var headers = new NameValueCollection();
var request = new Mock <IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "localhost");
headers.Add("Authorization", "Hawk ");
var response = new Mock <IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.BadRequest);
response.VerifySet(r => r.StatusDescription = "Invalid header format");
}
public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new HawkRequestFilter((id) =>
{
return(credential);
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var headers = new NameValueCollection();
var request = new Mock <IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "example.com");
headers.Add("Authorization", "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
var response = new Mock <IHttpResponse>();
response.Setup(r => r.StatusCode).Throws(new Exception("StatusCode should not be set"));
filter.Execute(request.Object, response.Object, new object());
}
public void ShouldFailOnMissingCredentials()
{
var filter = new HawkRequestFilter((id) => { return(null); });
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var headers = new NameValueCollection();
var request = new Mock <IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "localhost");
headers.Add("Authorization", "Hawk id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\"");
var response = new Mock <IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized);
response.VerifySet(r => r.StatusDescription = "Missing credentials");
}
public void ShouldFailOnMissingAuthAttribute()
{
var filter = new HawkRequestFilter(GetCredential);
var headers = new NameValueCollection();
var request = new Mock<IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "localhost");
headers.Add("Authorization", "Hawk ts = \"1353788437\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"");
var response = new Mock<IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized);
response.VerifySet(r => r.StatusDescription = "Missing attributes");
}
public void ShoulThrowWhenInvalidRepositoryType()
{
var filter = new HawkRequestFilter(typeof(object));
}
public void ShouldReturnChallengeOnEmptyAuthHeaderWithStatusUnauthorized()
{
var filter = new HawkRequestFilter((id) =>
{
return new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var headers = new NameValueCollection();
var request = new Mock<IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "localhost");
var response = new Mock<IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized);
response.Verify(r => r.AddHeader("WwwAuthenticate", It.Is<string>(s => s.Contains("Hawk"))));
}
public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new HawkRequestFilter((id) =>
{
return credential;
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var headers = new NameValueCollection();
var request = new Mock<IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Host", "example.com");
headers.Add("Authorization", "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
var response = new Mock<IHttpResponse>();
response.Setup(r => r.StatusCode).Throws(new Exception("StatusCode should not be set"));
filter.Execute(request.Object, response.Object, new object());
}
public void ShouldNotAuthorizeOnWrongAuthScheme()
{
var filter = new HawkRequestFilter(GetCredential);
var headers = new NameValueCollection();
var request = new Mock<IHttpRequest>();
request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a");
request.SetupGet(r => r.HttpMethod).Returns("GET");
request.SetupGet(r => r.Headers).Returns(headers);
headers.Add("Authorization", "Basic ");
var response = new Mock<IHttpResponse>();
filter.Execute(request.Object, response.Object, new object());
response.VerifySet(r => r.StatusCode = 401);
}
public void ShoulThrowWhenInvalidRepositoryType()
{
var filter = new HawkRequestFilter(typeof(object));
}
