public void UserLockedOutForFailedAttemptsSignin()
{
string password = Guid.Empty.ToString();
IAppIdentity appIdentity = DelegatedAppIdentity.Master;
RecognizedUserIdentity userIdentity = new RecognizedUserIdentity(
RecognizedUserIdentity.Master.DocType,
RecognizedUserIdentity.Master.DocNumber,
password);
TestContext.CurrentContext.DatabaseHelper().EnsureUserIsNotLocked(userIdentity.DocType, userIdentity.DocNumber);
int maxFailedPasswordAttempt = TestContext.CurrentContext.DatabaseHelper().GetAppMaxFailedPasswordAttempt(appIdentity.ApiKey);
void Authenticate() =>
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(appIdentity)
.Authenticate(userIdentity)
.GetClient();
AspenException exception;
for (int index = 1; index < maxFailedPasswordAttempt; index++)
{
exception = Assert.Throws <AspenException>(Authenticate);
Assert.That(exception.EventId, Is.EqualTo("97414"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("Combinación de usuario y contraseña invalida. Por favor revise los valores ingresados e intente de nuevo", exception.Message);
}
exception = Assert.Throws <AspenException>(Authenticate);
Assert.That(exception.EventId, Is.EqualTo("97415"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("Usuario ha sido bloqueado por superar el número máximo de intentos de sesión inválidos", exception.Message);
TestContext.CurrentContext.DatabaseHelper().EnsureUserIsNotLocked(userIdentity.DocType, userIdentity.DocNumber);
}
public void MismatchTokenBetweenUsersWhenUserSignedRequestThrows()
{
IAppIdentity commonAppIdentity = DelegatedAppIdentity.Master;
IUserIdentity userIdentityMaster = RecognizedUserIdentity.Master;
IDelegatedApp clientAppMaster = DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(commonAppIdentity)
.Authenticate(userIdentityMaster)
.GetClient();
Assert.That(clientAppMaster, Is.Not.Null);
Assert.That(clientAppMaster.AuthToken, Is.Not.Null);
Assert.That(clientAppMaster.AuthToken.Token, Is.Not.Null);
IUserIdentity userIdentityHelper = RecognizedUserIdentity.Helper;
IDelegatedApp clientAppHelper = DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(commonAppIdentity)
.Authenticate(userIdentityHelper)
.GetClient();
Assert.That(clientAppHelper, Is.Not.Null);
Assert.That(clientAppHelper.AuthToken, Is.Not.Null);
Assert.That(clientAppHelper.AuthToken.Token, Is.Not.Null);
IPayloadClaimsManager mismatchTokenClaimBehavior = InvalidTokenPayloadClaim.WithClaimBehavior(() => clientAppHelper.AuthToken.Token);
ServiceLocator.Instance.RegisterPayloadClaimsManager(mismatchTokenClaimBehavior);
AspenException exception = Assert.Throws <AspenException>(() => clientAppMaster.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15846"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("No coinciden los datos recibidos del token vs los valores esperados. ¿Se modificaron los valores en tránsito o está utilizando el ApiKey en otra aplicación?", exception.Message);
}
public void NullOrEmptyApiKeyHeaderWhenUserSigninRequestThrows()
{
IList <IHeadersManager> headerBehaviors = new List <IHeadersManager>()
{
InvalidApiKeyHeader.WithHeaderBehavior(() => null),
InvalidApiKeyHeader.WithHeaderBehavior(() => string.Empty),
InvalidApiKeyHeader.WithHeaderBehavior(() => " ")
};
foreach (IHeadersManager behavior in headerBehaviors)
{
AspenException exception = Assert.Throws <AspenException>(() =>
{
ServiceLocator.Instance.RegisterHeadersManager(behavior);
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(DelegatedAppIdentity.Master)
.Authenticate(RecognizedUserIdentity.Master)
.GetClient();
});
Assert.That(exception.EventId, Is.EqualTo("20002"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
StringAssert.IsMatch("Se requiere la cabecera personalizada 'X-PRO-Auth-App'", exception.Message);
}
}
public void InvalidSecretFormatUserProfilePropertiesThrows()
{
string fixedDocType = "CC";
string randomDocNumber = new Random().Next(1000000000, int.MaxValue).ToString();
string password = Guid.Empty.ToString();
IAppIdentity appIdentity = DelegatedAppIdentity.Master;
IUserIdentity tempUserIdentity = new RecognizedUserIdentity(fixedDocType, randomDocNumber, password);
Dictionary <string, string> userProfile = new Dictionary <string, string>()
{
{ "Secret", password },
{ "SecretFormat", "InvalidTypeName" }
};
TestContext.CurrentContext.DatabaseHelper().EnsureUserAndProfileInfo(
appIdentity.ApiKey,
tempUserIdentity.DocType,
tempUserIdentity.DocNumber,
userProfile);
AspenException exception = Assert.Throws <AspenException>(() =>
{
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(appIdentity)
.Authenticate(tempUserIdentity)
.GetClient();
});
TestContext.CurrentContext.DatabaseHelper().RemoveUserInfo(tempUserIdentity.DocType, tempUserIdentity.DocNumber);
Assert.That(exception.EventId, Is.EqualTo("97417"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.InternalServerError));
StringAssert.IsMatch("No es posible verificar las credenciales del usuario.", exception.Message);
}
public void ApiKeyScopeMismatchThrows()
{
AspenException exception = Assert.Throws <AspenException>(() =>
{
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(AutonomousAppIdentity.Master)
.Authenticate(RecognizedUserIdentity.Master)
.GetClient();
});
Assert.That(exception.EventId, Is.EqualTo("1000478"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Forbidden));
StringAssert.IsMatch("ApiKey no tiene permisos para realizar la operación. Alcance requerido: 'Delegated'", exception.Message);
}
public void MissingTokenWhenSignedRequestThrows()
{
IDelegatedApp client = DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(DelegatedAppIdentity.Master)
.Authenticate(RecognizedUserIdentity.Master)
.GetClient();
// Se intenta usar una operación que requiere el token de autenticación.
ServiceLocator.Instance.RegisterPayloadClaimsManager(InvalidTokenPayloadClaim.AvoidingClaim());
AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15852"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
StringAssert.IsMatch("'Token' no puede ser nulo ni vacío", exception.Message);
}
public void MissingPayloadHeaderWhenUserSigninRequestThrows()
{
AspenException exception = Assert.Throws <AspenException>(() =>
{
ServiceLocator.Instance.RegisterHeadersManager(InvalidPayloadHeader.AvoidingHeader());
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(DelegatedAppIdentity.Master)
.Authenticate(RecognizedUserIdentity.Master)
.GetClient();
});
Assert.That(exception.EventId, Is.EqualTo("20002"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
StringAssert.IsMatch("Se requiere la cabecera personalizada 'X-PRO-Auth-Payload'", exception.Message);
}
public void NonceAlreadyProcessedWhenSignedRequestThrows()
{
// Se usa un nonce aleatorio con la autenticación del cliente...
ServiceLocator.Instance.RegisterNonceGenerator(new SingleUseNonceGenerator());
IDelegatedApp client = DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(DelegatedAppIdentity.Master)
.Authenticate(RecognizedUserIdentity.Master)
.GetClient();
// Se usa una operación luego de la autenticación con el mismo nonce y debe fallar ya que se está reutilizando...
AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15852"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
StringAssert.IsMatch("Nonce ya procesado para su aplicación", exception.Message);
}
public void InvalidAppKeyCredentialThrows()
{
string recognizedApiKey = AutonomousAppIdentity.Master.ApiKey;
string randomApiSecret = Guid.NewGuid().ToString();
AspenException exception = Assert.Throws <AspenException>(() =>
{
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(recognizedApiKey, randomApiSecret)
.Authenticate(RecognizedUserIdentity.Master)
.GetClient();
});
Assert.That(exception.EventId, Is.EqualTo("20007"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
StringAssert.IsMatch("El contenido de la cabecera personalizada 'X-PRO-Auth-Payload' no es válido", exception.Message);
}
public void UnrecognizedApiKeyThrows()
{
string randomApiKey = Guid.NewGuid().ToString();
string apiKeySecret = AutonomousAppIdentity.Master.ApiSecret;
AspenException exception = Assert.Throws <AspenException>(() =>
{
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(randomApiKey, apiKeySecret)
.Authenticate(RecognizedUserIdentity.Master)
.GetClient();
});
Assert.That(exception.EventId, Is.EqualTo("20005"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
StringAssert.IsMatch("Identificador de ApiKey no válido para la cabecera personalizada 'X-PRO-Auth-App'", exception.Message);
}
public void UserLockoutThrows()
{
IUserIdentity userIdentity = RecognizedUserIdentity.Master;
TestContext.CurrentContext.DatabaseHelper().EnsureUserIsLocked(userIdentity.DocType, userIdentity.DocNumber);
AspenException exception = Assert.Throws <AspenException>(() =>
{
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(DelegatedAppIdentity.Master)
.Authenticate(userIdentity)
.GetClient();
});
Assert.That(exception.EventId, Is.EqualTo("97413"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("Usuario está bloqueado por superar el número máximo de intentos de sesión inválidos", exception.Message);
TestContext.CurrentContext.DatabaseHelper().EnsureUserIsNotLocked(userIdentity.DocType, userIdentity.DocNumber);
}
public void UnrecognizedUserThrows()
{
string fixedDocType = "CC";
string randomDocNumber = new Random().Next(1000000000, int.MaxValue).ToString();
string password = Guid.Empty.ToString();
RecognizedUserIdentity unrecognizedUserIdentity = new RecognizedUserIdentity(fixedDocType, randomDocNumber, password);
AspenException exception = Assert.Throws <AspenException>(() =>
{
DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(DelegatedAppIdentity.Master)
.Authenticate(unrecognizedUserIdentity)
.GetClient();
});
Assert.That(exception.EventId, Is.EqualTo("97412"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("Combinación de usuario y contraseña invalida. Por favor revise los valores ingresados e intente de nuevo", exception.Message);
}
public void NullOrEmptyTokenWhenSignedRequestThrows()
{
IDelegatedApp client = DelegatedApp.Initialize(CachePolicy.BypassCache)
.RoutingTo(TestingEndpointProvider.Default)
.WithIdentity(DelegatedAppIdentity.Master)
.Authenticate(RecognizedUserIdentity.Master)
.GetClient();
IList <IPayloadClaimsManager> payloadBehaviors = new List <IPayloadClaimsManager>()
{
InvalidTokenPayloadClaim.WithClaimBehavior(() => null),
InvalidTokenPayloadClaim.WithClaimBehavior(() => string.Empty),
InvalidTokenPayloadClaim.WithClaimBehavior(() => " ")
};
foreach (IPayloadClaimsManager behavior in payloadBehaviors)
{
ServiceLocator.Instance.RegisterPayloadClaimsManager(behavior);
AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15852"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
StringAssert.IsMatch("'Token' no puede ser nulo ni vacío", exception.Message);
}
}
/// <summary> /// Obtiene un cliente para a partir de la aplicación delegada de pruebas, omitiendo los valores almacenados en memoria. /// </summary> /// <param name="cachePolicy">La política para el tratamiento de la información almacenada por caché.</param> /// <returns>Instancia de <see cref="IDelegatedApp"/> para interactuar con el servicio.</returns> public IDelegatedApp GetDelegatedClient(CachePolicy cachePolicy = CachePolicy.BypassCache) => DelegatedApp.Initialize(cachePolicy) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(DelegatedAppIdentity.Master) .Authenticate(RecognizedUserIdentity.Master) .GetClient();
