Ejemplo n.º 1
0
        public void ShouldFailValidationDueToMissingDate()
        {
            // Arrange
            IHmacConfiguration configuration  = CreateConfiguration();
            IHmacSigner        signer         = new HmacSigner(configuration, _keyRepository);
            HmacValidator      validator      = new HmacValidator(configuration, signer);
            DateTimeOffset     dateTimeOffset = DateTimeOffset.UtcNow.AddMinutes(-3);
            string             dateString     = dateTimeOffset.ToString(HmacConstants.DateHeaderFormat, _dateHeaderCulture);
            HttpRequestBase    request        = CreateRequest(dateString);
            HmacSignatureData  signatureData  = signer.GetSignatureDataFromHttpRequest(request);
            string             signature      = signer.CreateSignature(signatureData);

            request.Headers[HmacConstants.AuthorizationHeaderName] = string.Format(
                HmacConstants.AuthorizationHeaderFormat,
                configuration.AuthorizationScheme,
                signature);

            request.Headers.Remove(HmacConstants.DateHeaderName);

            // Act
            HmacValidationResult result = validator.ValidateHttpRequest(request);

            // Assert
            Assert.IsNotNull(result);
            Assert.IsNotNull(result.ErrorMessage);
            Assert.AreEqual(result.ResultCode, HmacValidationResultCode.DateMissing);
        }
Ejemplo n.º 2
0
        public void ShouldFailValidationDueToMissingKey()
        {
            // Arrange
            Mock <IHmacKeyRepository> mockKeyRepo = new Mock <IHmacKeyRepository>();

            mockKeyRepo.Setup(r => r.GetHmacKeyForUsername(It.IsAny <string>())).Returns((string)null);
            IHmacConfiguration configuration  = CreateConfiguration();
            IHmacSigner        signer         = new HmacSigner(configuration, mockKeyRepo.Object);
            HmacValidator      validator      = new HmacValidator(configuration, signer);
            DateTimeOffset     dateTimeOffset = DateTimeOffset.UtcNow.AddMinutes(-3);
            string             dateString     = dateTimeOffset.ToString(HmacConstants.DateHeaderFormat, _dateHeaderCulture);
            HttpRequestBase    request        = CreateRequest(dateString);
            HmacSignatureData  signatureData  = signer.GetSignatureDataFromHttpRequest(request);

            signatureData.Key = "TestKey";
            string signature = signer.CreateSignature(signatureData);

            request.Headers[HmacConstants.AuthorizationHeaderName] = string.Format(
                HmacConstants.AuthorizationHeaderFormat,
                configuration.AuthorizationScheme,
                signature);

            // Act
            HmacValidationResult result = validator.ValidateHttpRequest(request);

            // Assert
            Assert.IsNotNull(result);
            Assert.IsNotNull(result.ErrorMessage);
            Assert.AreEqual(result.ResultCode, HmacValidationResultCode.KeyMissing);
        }
Ejemplo n.º 3
0
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
            {
                return;
            }

            IHmacConfiguration configuration = _configurationManager.Get("Example");
            IHmacSigner        signer        = new HmacSigner(configuration, _keyRepository);
            IHmacValidator     validator     = new HmacValidator(configuration, signer);

            HmacValidationResult result = validator.ValidateHttpRequest(filterContext.HttpContext.Request);

            if (result.ResultCode == HmacValidationResultCode.Ok)
            {
                return;
            }

            HttpResponseBase response = filterContext.HttpContext.Response;

            validator.AddWwwAuthenticateHeader(response, configuration.AuthorizationScheme);
            response.Headers.Add("X-Auth-ErrorCode", result.ResultCode.ToString());
            response.StatusCode = (int)HttpStatusCode.Unauthorized;
            response.Write(result.ErrorMessage);
            response.End();
        }
Ejemplo n.º 4
0
        public void ShouldFailValidationDueToInvalidAuthorization()
        {
            // Arrange
            IHmacConfiguration configuration  = CreateConfiguration();
            IHmacSigner        signer         = new HmacSigner(configuration, _keyRepository);
            HmacValidator      validator      = new HmacValidator(configuration, signer);
            DateTimeOffset     dateTimeOffset = DateTimeOffset.UtcNow.AddMinutes(-3);
            string             dateString     = dateTimeOffset.ToString(HmacConstants.DateHeaderFormat, _dateHeaderCulture);
            HttpRequestBase    request        = CreateRequest(dateString);

            request.Headers[HmacConstants.AuthorizationHeaderName] = "blahblah";

            // Act
            HmacValidationResult result = validator.ValidateHttpRequest(request);

            // Assert
            Assert.IsNotNull(result);
            Assert.IsNotNull(result.ErrorMessage);
            Assert.AreEqual(result.ResultCode, HmacValidationResultCode.AuthorizationInvalid);
        }