public void DuplicateQueryParameterErrorTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
HandlerData data = new HandlerData()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = null
};
AcquireTokenInteractiveHandler handler = new AcquireTokenInteractiveHandler(data,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
(User)null, UiOptions.ForceLogin, "extra=qp&prompt=login", new MockWebUI());
handler.PreRunAsync().Wait();
try
{
handler.PreTokenRequest().Wait();
Assert.Fail("MsalException should be thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(MsalError.DuplicateQueryParameter, ((MsalException)exc.InnerException).ErrorCode);
}
}
public void AcquireTokenInteractiveHandlerConstructor_InitializeBrokerParameters()
{
var acquireTokenInteractiveHandler = new AcquireTokenInteractiveHandler(_requestData,
TestConstants.DefaultRedirectUri, null, UserIdentifier.AnyUser,
ExtraQueryParameters, null, Claims);
Assert.AreEqual(11, acquireTokenInteractiveHandler.brokerParameters.Count);
var brokerParams = acquireTokenInteractiveHandler.brokerParameters;
Assert.AreEqual(CanonicalizedAuthority, brokerParams[BrokerParameter.Authority]);
Assert.AreEqual(Resource, brokerParams[BrokerParameter.Resource]);
Assert.AreEqual(ClientId, brokerParams[BrokerParameter.ClientId]);
Assert.AreEqual(acquireTokenInteractiveHandler.CallState.CorrelationId.ToString(), brokerParams[BrokerParameter.CorrelationId]);
Assert.AreEqual(AdalIdHelper.GetClientVersion(), brokerParams[BrokerParameter.ClientVersion]);
Assert.AreEqual("NO", brokerParams[BrokerParameter.Force]);
Assert.AreEqual(string.Empty, brokerParams[BrokerParameter.Username]);
Assert.AreEqual(UserIdentifierType.OptionalDisplayableId.ToString(), brokerParams[BrokerParameter.UsernameType]);
Assert.AreEqual(TestConstants.DefaultRedirectUri, brokerParams[BrokerParameter.RedirectUri]);
Assert.AreEqual(ExtraQueryParameters, brokerParams[BrokerParameter.ExtraQp]);
Assert.AreEqual(Claims, brokerParams[BrokerParameter.Claims]);
}
public void NullUserForActAsCurrentUserTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
try
{
HandlerData data = new HandlerData()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = null
};
AcquireTokenInteractiveHandler handler = new AcquireTokenInteractiveHandler(data,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(User)null, UiOptions.ActAsCurrentUser, "extra=qp", new MockWebUI());
Assert.Fail("ArgumentException should be thrown here");
}
catch (ArgumentException ae)
{
Assert.IsTrue(ae.Message.Contains(MsalErrorMessage.LoginHintNullForUiOption));
}
}
public void CacheWithMultipleUsersAndRestrictToSingleUserTrueTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = TokenCacheHelper.CreateCacheWithItems();
try
{
HandlerData data = new HandlerData()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = true,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
AcquireTokenInteractiveHandler handler = new AcquireTokenInteractiveHandler(data,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
new User {
UniqueId = TestConstants.DefaultUniqueId
}, UiOptions.ForceLogin, "extra=qp",
new MockWebUI());
Assert.Fail("ArgumentException should be thrown here");
}
catch (ArgumentException ae)
{
Assert.AreEqual(
"Cache cannot have entries for more than 1 unique id when RestrictToSingleUser is set to TRUE.",
ae.Message);
}
}
public void VerifyAuthorizationResultTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp,
TestConstants.DefaultAuthorityHomeTenant + "?error=" + OAuthError.LoginRequired);
HandlerData data = new HandlerData()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = null
};
AcquireTokenInteractiveHandler handler = new AcquireTokenInteractiveHandler(data,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(string)null, UiOptions.ForceLogin, "extra=qp", webUi);
handler.PreRunAsync().Wait();
try
{
handler.PreTokenRequest().Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(MsalError.UserInteractionRequired, ((MsalException)exc.InnerException).ErrorCode);
}
webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp,
TestConstants.DefaultAuthorityHomeTenant + "?error=invalid_request&error_description=some error description");
handler = new AcquireTokenInteractiveHandler(data,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(string)null, UiOptions.ForceLogin, "extra=qp", webUi);
handler.PreRunAsync().Wait();
try
{
handler.PreTokenRequest().Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode);
Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message);
}
}
public static string AcquireAccessCode(AuthenticationContext context, string resource, string clientId, Uri redirectUri, UserIdentifier userId)
{
var handler = new AcquireTokenInteractiveHandler(context.Authenticator, context.TokenCache, resource, clientId, redirectUri, PromptBehavior.Auto, userId, null,
context.CreateWebAuthenticationDialog(PromptBehavior.Auto), true);
handler.CallState = null;
context.Authenticator.AuthorizationUri = context.Authority + "oauth2/authorize";
handler.AcquireAuthorization();
return(handler.authorizationResult.Code);
}
/// <summary>
/// Gets URL of the authorize endpoint including the query parameters.
/// </summary>
/// <param name="scope"></param>
/// <param name="redirectUri"></param>
/// <param name="loginHint"></param>
/// <param name="extraQueryParameters"></param>
/// <param name="additionalScope"></param>
/// <param name="authority"></param>
/// <param name="policy"></param>
/// <returns>URL of the authorize endpoint including the query parameters.</returns>
public async Task <Uri> GetAuthorizationRequestUrlAsync(string[] scope, string redirectUri, string loginHint, string extraQueryParameters, string[] additionalScope, string authority, string policy)
{
Authenticator authenticator = new Authenticator(authority, this.ValidateAuthority, this.CorrelationId);
HandlerData data = this.GetHandlerData(authenticator, scope, policy, this.UserTokenCache);
data.ClientKey = new ClientKey(this.ClientId);
var handler =
new AcquireTokenInteractiveHandler(data, additionalScope,
new Uri(redirectUri), null, loginHint, null, extraQueryParameters, null);
return(await handler.CreateAuthorizationUriAsync(this.CorrelationId).ConfigureAwait(false));
}
private async Task <AuthenticationResult> AcquireTokenCommonAsync(Authenticator authenticator, string[] scope, string[] additionalScope, Uri redirectUri, User user, UiOptions uiOptions, string extraQueryParameters, string policy)
{
if (this.PlatformParameters == null)
{
this.PlatformParameters = PlatformPlugin.DefaultPlatformParameters;
}
var handler =
new AcquireTokenInteractiveHandler(
this.GetHandlerData(authenticator, scope, policy, this.UserTokenCache), additionalScope, redirectUri,
this.PlatformParameters, user, uiOptions, extraQueryParameters,
this.CreateWebAuthenticationDialog(this.PlatformParameters));
return(await handler.RunAsync().ConfigureAwait(false));
}
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest()
{
//this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
HandlerData data = new HandlerData()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
AcquireTokenInteractiveHandler handler = new AcquireTokenInteractiveHandler(data,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi);
handler.PreRunAsync().Wait();
handler.PreTokenRequest().Wait();
}
public void NoCacheLookup()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
IWebUI ui = Substitute.For <IWebUI>();
AuthorizationResult ar = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
ui.AcquireAuthorizationAsync(Arg.Any <Uri>(), Arg.Any <Uri>(), Arg.Any <IDictionary <string, string> >(),
Arg.Any <CallState>())
.Returns(ar);
MockHttpMessageHandler mockHandler = new MockHttpMessageHandler();
mockHandler.Method = HttpMethod.Post;
mockHandler.QueryParams = new Dictionary <string, string>()
{
{ "p", "some-policy" }
};
mockHandler.ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage();
HttpMessageHandlerFactory.MockHandler = mockHandler;
HandlerData data = new HandlerData()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = "some-policy",
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
AcquireTokenInteractiveHandler handler = new AcquireTokenInteractiveHandler(data,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(), TestConstants.DefaultDisplayableId,
UiOptions.SelectAccount, "extra=qp", ui);
Task <AuthenticationResult> task = handler.RunAsync();
task.Wait();
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(2, cache.Count);
Assert.AreEqual(result.Token, "some-access-token");
//both cache entry authorities are TestConstants.DefaultAuthorityHomeTenant
foreach (var item in cache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, item.Authority);
}
}
//[Description("Test to verify forms auth parameters.")]
public async Task IncludeFormsAuthParamsTest()
{
Verify.IsFalse(await AcquireTokenInteractiveHandler.IncludeFormsAuthParamsAsync(null));
}
public void IncludeFormsAuthParamsTest()
{
Assert.IsFalse(AcquireTokenInteractiveHandler.IncludeFormsAuthParams());
}
