public async Task AuthenticateOrganisation_RequestTestTokenWithValidExternalToken_ReturnsNewToken()
{
// Arrange
List <Claim> claims = new List <Claim>();
string orgNr = "974760223";
string brgOrgNr = "974760673";
object iso6523Consumer = new
{
authority = "iso6523-actorid-upis",
ID = $"9908:{orgNr}"
};
object brgConsumer = new
{
authority = "iso6523-actorid-upis",
ID = $"9908:{brgOrgNr}"
};
claims.Add(new Claim("consumer", JsonConvert.SerializeObject(iso6523Consumer)));
claims.Add(new Claim("client_orgno", orgNr));
claims.Add(new Claim("scope", "altinn:instances.write altinn:instances.read"));
ClaimsIdentity identity = new ClaimsIdentity(OrganisationIdentity);
identity.AddClaims(claims);
ClaimsPrincipal externalPrincipal = new ClaimsPrincipal(identity);
string externalToken = JwtTokenMock.GenerateToken(externalPrincipal, TimeSpan.FromMinutes(2));
Mock <ISblCookieDecryptionService> cookieDecryptionService = new Mock <ISblCookieDecryptionService>();
HttpClient client = GetTestClient(cookieDecryptionService.Object);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", externalToken);
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "/authentication/api/v1/convert?test=true");
// Act
HttpResponseMessage response = await client.SendAsync(requestMessage);
// Assert
string token = await response.Content.ReadAsStringAsync();
ClaimsPrincipal principal = JwtTokenMock.ValidateToken(token);
Assert.NotNull(principal);
Assert.True(principal.HasClaim(c => c.Type == "urn:altinn:org"));
Assert.Equal("ttd", principal.FindFirst(c => c.Type == "urn:altinn:org").Value);
}
public async Task AuthenticateEndUser_RequestTokenWithValidExternalToken_ReturnsNewToken()
{
// Arrange
string expectedAuthLevel = "4";
List <Claim> claims = new List <Claim>();
string pid = "19108000239";
string amr = "MinId-PIN";
string acr = "Level4";
claims.Add(new Claim("pid", pid));
claims.Add(new Claim("amr", amr));
claims.Add(new Claim("acr", acr));
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaims(claims);
ClaimsPrincipal externalPrincipal = new ClaimsPrincipal(identity);
UserProfile userProfile = new UserProfile {
UserId = 20000, PartyId = 50001, UserName = "******"
};
_userProfileService.Setup(u => u.GetUser(It.IsAny <string>())).ReturnsAsync(userProfile);
HttpClient client = GetTestClient(_cookieDecryptionService.Object, _userProfileService.Object);
string externalToken = JwtTokenMock.GenerateToken(externalPrincipal, TimeSpan.FromMinutes(2));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", externalToken);
string url = "/authentication/api/v1/exchange/id-porten";
// Act
HttpResponseMessage response = await client.GetAsync(url);
// Assert
string token = await response.Content.ReadAsStringAsync();
ClaimsPrincipal principal = JwtTokenMock.ValidateToken(token);
SecurityToken securityToken = JwtTokenMock.GetSecurityToken(token);
SecurityToken securityTokenExternal = JwtTokenMock.GetSecurityToken(externalToken);
Assert.NotNull(principal);
Assert.True(principal.HasClaim(c => c.Type == "urn:altinn:userid"));
Assert.True(principal.HasClaim(c => c.Type == "pid"));
Assert.Equal(expectedAuthLevel, principal.FindFirstValue("urn:altinn:authlevel"));
Assert.Equal(securityTokenExternal.ValidTo, securityToken.ValidTo);
}
public async Task AuthenticateStudioToken_ValidToken_ReturnsNewToken()
{
// Arrange
string accessToken = JwtTokenMock.GenerateAccessToken("studio", "studio.designer", TimeSpan.FromMinutes(2));
HttpClient client = GetTestClient(_cookieDecryptionService.Object, _userProfileService.Object);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "/authentication/api/v1/exchange/altinnstudio");
// Act
HttpResponseMessage response = await client.SendAsync(requestMessage);
// Assert
string token = await response.Content.ReadAsStringAsync();
ClaimsPrincipal principal = JwtTokenMock.ValidateToken(token);
Assert.NotNull(principal);
Assert.True(principal.HasClaim(c => c.Type == "urn:altinn:app"));
}
public async Task AuthenticateUser_RequestTokenWithValidAltinnCookie_ReturnsNewToken()
{
// Arrange
UserAuthenticationModel userAuthenticationModel = new UserAuthenticationModel
{
IsAuthenticated = true,
AuthenticationLevel = SecurityLevel.QuiteSensitive,
AuthenticationMethod = AuthenticationMethod.AltinnPIN,
PartyID = 23,
UserID = 434,
Username = "******"
};
Mock <ISblCookieDecryptionService> cookieDecryptionService = new Mock <ISblCookieDecryptionService>();
cookieDecryptionService.Setup(s => s.DecryptTicket(It.IsAny <string>())).ReturnsAsync(userAuthenticationModel);
HttpClient client = GetTestClient(cookieDecryptionService.Object);
string url = "/authentication/api/v1/authentication?goto=http%3A%2F%2Flocalhost";
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, url);
requestMessage.Headers.Add("Cookie", ".ASPXAUTH=asdasdasd");
// Act
HttpResponseMessage response = await client.SendAsync(requestMessage);
// Assert
Assert.Equal(HttpStatusCode.Found, response.StatusCode);
string token = null;
string sameSite = null;
bool httpOnly = false;
bool sessionCookie = true;
response.Headers.TryGetValues(HeaderNames.SetCookie, out IEnumerable <string> cookies);
foreach (string cookie in cookies)
{
string[] cookieParts = cookie.Split("; ");
foreach (string cookiePart in cookieParts)
{
string[] cookieKeyValue = cookiePart.Split('=');
switch (cookieKeyValue[0])
{
case "AltinnStudioRuntime":
token = cookieKeyValue[1];
break;
case "httponly":
httpOnly = true;
break;
case "expires":
// Cookies WITHOUT 'expires' are session cookies. They are gone when the browser is closed.
sessionCookie = false;
break;
case "samesite":
sameSite = cookieKeyValue[1];
break;
}
}
}
Assert.NotNull(token);
ClaimsPrincipal principal = JwtTokenMock.ValidateToken(token);
Assert.NotNull(principal);
Assert.NotNull(sameSite);
Assert.Equal("lax", sameSite);
Assert.True(httpOnly);
Assert.True(sessionCookie);
}