public async Task AzureDevOpsRestApi_GetAuthorityAsync_WwwAuthenticateMultiple_ReturnsBearerAuthority()
{
var context = new TestCommandContext();
var uri = new Uri("https://example.com");
const string expectedAuthority = "https://login.microsoftonline.com/test-authority";
var httpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized);
httpResponse.Headers.WwwAuthenticate.ParseAdd("Bearer");
httpResponse.Headers.WwwAuthenticate.ParseAdd($"Bearer authorization_uri={expectedAuthority}");
httpResponse.Headers.WwwAuthenticate.ParseAdd("NTLM [test-challenge-string]");
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
httpHandler.Setup(HttpMethod.Head, uri, httpResponse);
context.HttpClientFactory.MessageHandler = httpHandler;
var api = new AzureDevOpsRestApi(context);
string actualAuthority = await api.GetAuthorityAsync(uri);
Assert.Equal(expectedAuthority, actualAuthority);
}
public async Task AzureDevOpsRestApi_CreatePersonalAccessTokenAsync_IdentSvcReturnsHttp500_ThrowsException()
{
var context = new TestCommandContext();
var orgUri = new Uri("https://dev.azure.com/org/");
JsonWebToken accessToken = CreateJwt();
IEnumerable <string> scopes = new[] { AzureDevOpsConstants.PersonalAccessTokenScopes.ReposWrite };
var identityServiceUri = new Uri("https://identity.example.com/");
var locSvcRequestUri = new Uri(orgUri, ExpectedLocationServicePath);
var locSvcResponse = CreateLocationServiceResponse(identityServiceUri);
var identSvcRequestUri = new Uri(identityServiceUri, ExpectedIdentityServicePath);
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
httpHandler.Setup(HttpMethod.Get, locSvcRequestUri, x =>
{
AssertAcceptJson(x);
AssertBearerToken(x, accessToken);
return(locSvcResponse);
});
httpHandler.Setup(HttpMethod.Post, identSvcRequestUri, HttpStatusCode.InternalServerError);
context.HttpClientFactory.MessageHandler = httpHandler;
var api = new AzureDevOpsRestApi(context);
await Assert.ThrowsAsync <Exception>(() => api.CreatePersonalAccessTokenAsync(orgUri, accessToken, scopes));
}
public async Task AzureDevOpsRestApi_GetAuthorityAsync_BothWwwAuthAndVssResourceHeaders_ReturnsWwwAuthAuthority()
{
var context = new TestCommandContext();
var uri = new Uri("https://example.com");
var aadTenantIdWwwAuth = Guid.NewGuid();
var aadTenantIdVssRes = Guid.NewGuid();
string expectedAuthority = $"https://login.microsoftonline.com/{aadTenantIdWwwAuth:D}";
var httpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized);
httpResponse.Headers.Add(AzureDevOpsConstants.VssResourceTenantHeader, aadTenantIdVssRes.ToString("D"));
httpResponse.Headers.WwwAuthenticate.ParseAdd($"Bearer authorization_uri={expectedAuthority}");
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
httpHandler.Setup(HttpMethod.Head, uri, httpResponse);
context.HttpClientFactory.MessageHandler = httpHandler;
var api = new AzureDevOpsRestApi(context);
string actualAuthority = await api.GetAuthorityAsync(uri);
Assert.Equal(expectedAuthority, actualAuthority);
}
public async Task AzureDevOpsRestApi_GetAuthorityAsync_VssResourceTenantMsa_ReturnsCommonAuthority()
{
var context = new TestCommandContext();
var uri = new Uri("https://example.com");
var msaTenantId = Guid.Empty;
const string expectedAuthority = CommonAuthority;
var httpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Headers = { { AzureDevOpsConstants.VssResourceTenantHeader, msaTenantId.ToString("D") } }
};
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
httpHandler.Setup(HttpMethod.Head, uri, httpResponse);
context.HttpClientFactory.MessageHandler = httpHandler;
var api = new AzureDevOpsRestApi(context);
string actualAuthority = await api.GetAuthorityAsync(uri);
Assert.Equal(expectedAuthority, actualAuthority);
}
public async Task AzureDevOpsRestApi_GetAuthorityAsync_VssResourceTenantMsa_ReturnsOrganizationsAuthority()
{
var context = new TestCommandContext();
var uri = new Uri("https://example.com");
var msaTenantId = Guid.Empty;
// This is only the case because we're using MSA pass-through.. in the future, if and when we
// move away from MSA pass-through, this should be the common authority.
const string expectedAuthority = OrganizationsAuthority;
var httpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Headers = { { AzureDevOpsConstants.VssResourceTenantHeader, msaTenantId.ToString("D") } }
};
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
httpHandler.Setup(HttpMethod.Head, uri, httpResponse);
context.HttpClientFactory.MessageHandler = httpHandler;
var api = new AzureDevOpsRestApi(context);
string actualAuthority = await api.GetAuthorityAsync(uri);
Assert.Equal(expectedAuthority, actualAuthority);
}
public void AzureDevOpsRestApi_TryGetFirstJsonStringField(
string json, string fieldName, bool expectedResult, string expectedValue)
{
bool actualResult = AzureDevOpsRestApi.TryGetFirstJsonStringField(json, fieldName, out string actualValue);
Assert.Equal(expectedResult, actualResult);
Assert.Equal(expectedValue, actualValue);
}
public void AzureDevOpsRestApi_TryGetAuthorityFromHeader(string headerValue, bool expectedResult, string expectedAuthority)
{
var header = headerValue is null ? null : AuthenticationHeaderValue.Parse(headerValue);
bool actualResult = AzureDevOpsRestApi.TryGetAuthorityFromHeader(header, out string actualAuthority);
Assert.Equal(expectedResult, actualResult);
Assert.Equal(expectedAuthority, actualAuthority);
}
public async Task AzureDevOpsRestApi_GetAuthorityAsync_NoNetwork_ThrowsException()
{
var context = new TestCommandContext();
var uri = new Uri("https://example.com");
var httpHandler = new TestHttpMessageHandler {
SimulateNoNetwork = true
};
context.HttpClientFactory.MessageHandler = httpHandler;
var api = new AzureDevOpsRestApi(context);
await Assert.ThrowsAsync <HttpRequestException>(() => api.GetAuthorityAsync(uri));
}
public async Task AzureDevOpsRestApi_CreatePersonalAccessTokenAsync_ReturnsPAT()
{
var context = new TestCommandContext();
var orgUri = new Uri("https://dev.azure.com/org/");
const string expectedPat = "PERSONAL-ACCESS-TOKEN";
JsonWebToken accessToken = CreateJwt();
IEnumerable <string> scopes = new[] { AzureDevOpsConstants.PersonalAccessTokenScopes.ReposWrite };
var identityServiceUri = new Uri("https://identity.example.com/");
var locSvcRequestUri = new Uri(orgUri, ExpectedLocationServicePath);
var locSvcResponse = CreateLocationServiceResponse(identityServiceUri);
var identSvcRequestUri = new Uri(identityServiceUri, ExpectedIdentityServicePath);
var identSvcResponse = CreateIdentityServiceResponse(expectedPat);
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
httpHandler.Setup(HttpMethod.Get, locSvcRequestUri, x =>
{
AssertAcceptJson(x);
AssertBearerToken(x, accessToken);
return(locSvcResponse);
});
httpHandler.Setup(HttpMethod.Post, identSvcRequestUri, x =>
{
AssertAcceptJson(x);
AssertBearerToken(x, accessToken);
return(identSvcResponse);
});
context.HttpClientFactory.MessageHandler = httpHandler;
var api = new AzureDevOpsRestApi(context);
string actualPat = await api.CreatePersonalAccessTokenAsync(orgUri, accessToken, scopes);
Assert.Equal(expectedPat, actualPat);
}
public async Task AzureDevOpsRestApi_CreatePersonalAccessTokenAsync_LocSvcReturnsHttp500_ThrowsException()
{
var context = new TestCommandContext();
var orgUri = new Uri("https://dev.azure.com/org/");
const string accessToken = "ACCESS-TOKEN";
IEnumerable <string> scopes = new[] { AzureDevOpsConstants.PersonalAccessTokenScopes.ReposWrite };
var locSvcRequestUri = new Uri(orgUri, ExpectedLocationServicePath);
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
httpHandler.Setup(HttpMethod.Get, locSvcRequestUri, HttpStatusCode.InternalServerError);
context.HttpClientFactory.MessageHandler = httpHandler;
var api = new AzureDevOpsRestApi(context);
await Assert.ThrowsAsync <Exception>(() => api.CreatePersonalAccessTokenAsync(orgUri, accessToken, scopes));
}
public async Task AzureDevOpsRestApi_CreatePersonalAccessTokenAsync_IdentSvcReturnsHttp500WithError_ThrowsExceptionWithErrorMessage()
{
const string serverErrorMessage = "ERROR123: This is a test error.";
var context = new TestCommandContext();
var orgUri = new Uri("https://dev.azure.com/org/");
const string accessToken = "ACCESS-TOKEN";
IEnumerable <string> scopes = new[] { AzureDevOpsConstants.PersonalAccessTokenScopes.ReposWrite };
var identityServiceUri = new Uri("https://identity.example.com/");
var locSvcRequestUri = new Uri(orgUri, ExpectedLocationServicePath);
var locSvcResponse = CreateLocationServiceResponse(identityServiceUri);
var identSvcRequestUri = new Uri(identityServiceUri, ExpectedIdentityServicePath);
var identSvcError = CreateIdentityServiceErrorResponse(serverErrorMessage);
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
httpHandler.Setup(HttpMethod.Get, locSvcRequestUri, x =>
{
AssertAcceptJson(x);
AssertBearerToken(x, accessToken);
return(locSvcResponse);
});
httpHandler.Setup(HttpMethod.Post, identSvcRequestUri, _ => identSvcError);
context.HttpClientFactory.MessageHandler = httpHandler;
var api = new AzureDevOpsRestApi(context);
Exception exception = await Assert.ThrowsAsync <Exception>(
() => api.CreatePersonalAccessTokenAsync(orgUri, accessToken, scopes));
Assert.Contains(serverErrorMessage, exception.Message, StringComparison.Ordinal);
}
public async Task AzureDevOpsRestApi_GetAuthorityAsync_NullUri_ThrowsException()
{
var api = new AzureDevOpsRestApi(new TestCommandContext());
await Assert.ThrowsAsync <ArgumentNullException>(() => api.GetAuthorityAsync(null));
}
