public async Task BankIdAuthentication_Login_Returns_Form_And_Status()
{
// Arrange
using var server = CreateServer(o =>
{
o.UseSimulatedEnvironment()
.AddSameDevice();
},
DefaultAppConfiguration(async context =>
{
await context.ChallengeAsync(BankIdDefaults.SameDeviceAuthenticationScheme);
}),
services =>
{
services.AddTransient(s => _bankIdLoginOptionsProtector.Object);
});
// Act
var request = CreateRequestWithStateCookie(server, "/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y");
var transaction = await request.GetAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, transaction.StatusCode);
var document = await HtmlDocumentHelper.FromContent(transaction.Content);
Assert.NotNull(document.GetElement <IHtmlFormElement>("form[id='bankIdLoginForm']"));
Assert.NotNull(document.GetElement <IHtmlDivElement>("div[id='bankIdLoginStatus']"));
Assert.NotNull(document.GetElement <IHtmlImageElement>("img.qr-code-image"));
Assert.Equal("/", document.GetInputValue("input[name='ReturnUrl']"));
Assert.Equal("/", document.GetInputValue("input[name='CancelReturnUrl']"));
Assert.Equal("X", document.GetInputValue("input[name='LoginOptions']"));
Assert.Equal("true", document.GetInputValue("input[name='AutoLogin']"));
}
public async Task BankIdAuthentication_Login_Returns_Form_With_Resolved_Cancel_Url()
{
// Arrange
var options = new BankIdLoginOptions(new List <string>(), null, false, true, false, false, "~/cru", DefaultStateCookieName);
var mockProtector = new Mock <IBankIdLoginOptionsProtector>();
mockProtector
.Setup(protector => protector.Unprotect(It.IsAny <string>()))
.Returns(options);
using var server = CreateServer(o =>
{
o.UseSimulatedEnvironment()
.AddSameDevice();
},
DefaultAppConfiguration(async context =>
{
await context.ChallengeAsync(BankIdDefaults.SameDeviceAuthenticationScheme);
}),
services =>
{
services.AddTransient(s => mockProtector.Object);
});
// Act
var request = CreateRequestWithStateCookie(server, "/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y");
var transaction = await request.GetAsync();
// Assert
Assert.Equal(HttpStatusCode.OK, transaction.StatusCode);
var document = await HtmlDocumentHelper.FromContent(transaction.Content);
Assert.Equal("/cru", document.GetInputValue("input[name='CancelReturnUrl']"));
}
private async Task <HttpResponseMessage> GetInitializeResponse(HttpClient client, object initializeRequestBody)
{
// Arrange csrf info
var loginResponse = await client.GetAsync("/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y");
var loginCookies = loginResponse.Headers.GetValues("set-cookie");
var document = await HtmlDocumentHelper.FromContent(loginResponse.Content);
var csrfToken = document.GetRequestVerificationToken();
// Arrange acting request
var initializeRequest = new JsonContent(initializeRequestBody);
initializeRequest.Headers.Add("Cookie", loginCookies);
initializeRequest.Headers.Add("RequestVerificationToken", csrfToken);
return(await client.PostAsync("/BankIdAuthentication/Api/Initialize", initializeRequest));
}
public async Task Cancel_Calls_CancelApi()
{
// Arrange mocks
var autoLaunchOptions = new BankIdLoginOptions(new List <string>(), null, false, true, false, false, string.Empty, DefaultStateCookieName);
var mockProtector = new Mock <IBankIdLoginOptionsProtector>();
mockProtector
.Setup(protector => protector.Unprotect(It.IsAny <string>()))
.Returns(autoLaunchOptions);
var testBankIdApi = new TestBankIdApi(new BankIdSimulatedApiClient());
using var server = CreateServer(
o =>
{
o.UseSimulatedEnvironment().AddSameDevice();
o.AuthenticationBuilder.Services.AddTransient <IBankIdLauncher, TestBankIdLauncher>();
},
DefaultAppConfiguration(async context =>
{
await context.ChallengeAsync(BankIdDefaults.SameDeviceAuthenticationScheme);
}),
services =>
{
services.AddTransient(s => mockProtector.Object);
services.AddSingleton <IBankIdApiClient>(s => testBankIdApi);
});
// Arrange csrf info
var loginRequest = CreateRequestWithStateCookie(server, "/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y");
var loginResponse = await loginRequest.GetAsync();
var loginCookies = loginResponse.Headers.GetValues("set-cookie");
var document = await HtmlDocumentHelper.FromContent(loginResponse.Content);
var csrfToken = document.GetRequestVerificationToken();
// Arrange acting request
var testReturnUrl = "/TestReturnUrl";
var testOptions = "TestOptions";
var initializeRequest = new JsonContent(new { returnUrl = testReturnUrl, loginOptions = testOptions });
initializeRequest.Headers.Add("Cookie", loginCookies);
initializeRequest.Headers.Add("RequestVerificationToken", csrfToken);
// Act
var client = server.CreateClient();
var initializeTransaction = await client.PostAsync("/BankIdAuthentication/Api/Initialize", initializeRequest);
var initializeResponseContent = await initializeTransaction.Content.ReadAsStringAsync();
var initializeObject = JsonConvert.DeserializeAnonymousType(initializeResponseContent, new { RedirectUri = "", OrderRef = "", IsAutoLaunch = false });
var cancelRequest = new JsonContent(new
{
orderRef = initializeObject.OrderRef,
loginOptions = "TestOptions",
cancelReturnUrl = "/"
});
cancelRequest.Headers.Add("Cookie", loginCookies);
cancelRequest.Headers.Add("RequestVerificationToken", csrfToken);
// Act
var cancelTransaction = await client.PostAsync("/BankIdAuthentication/Api/Cancel", cancelRequest);
// Assert
Assert.Equal(HttpStatusCode.OK, cancelTransaction.StatusCode);
Assert.True(testBankIdApi.CancelAsyncIsCalled);
}
public async Task AutoLaunch_Sets_Correct_RedirectUri()
{
// Arrange mocks
var autoLaunchOptions = new BankIdLoginOptions(new List <string>(), null, false, true, false, false, string.Empty);
var mockProtector = new Mock <IBankIdLoginOptionsProtector>();
mockProtector
.Setup(protector => protector.Unprotect(It.IsAny <string>()))
.Returns(autoLaunchOptions);
using var client = CreateServer(
o =>
{
o.AuthenticationBuilder.Services.TryAddTransient <IBankIdLauncher, TestBankIdLauncher>();
o.UseSimulatedEnvironment().AddSameDevice();
},
DefaultAppConfiguration(async context =>
{
await context.ChallengeAsync(BankIdDefaults.SameDeviceAuthenticationScheme);
}),
services =>
{
services.AddTransient(s => mockProtector.Object);
})
.CreateClient();
// Arrange csrf info
var loginResponse = await client.GetAsync("/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y");
var loginCookies = loginResponse.Headers.GetValues("set-cookie");
var loginContent = await loginResponse.Content.ReadAsStringAsync();
var document = await HtmlDocumentHelper.FromContent(loginResponse.Content);
var csrfToken = document.GetRequestVerificationToken();
// Arrange acting request
var testReturnUrl = "/TestReturnUrl";
var testOptions = "TestOptions";
var initializeRequest = new JsonContent(new { returnUrl = testReturnUrl, loginOptions = testOptions });
initializeRequest.Headers.Add("Cookie", loginCookies);
initializeRequest.Headers.Add("RequestVerificationToken", csrfToken);
// Act
var transaction = await client.PostAsync("/BankIdAuthentication/Api/Initialize", initializeRequest);
// Assert
Assert.Equal(HttpStatusCode.OK, transaction.StatusCode);
var responseContent = await transaction.Content.ReadAsStringAsync();
var responseObject = JsonConvert.DeserializeAnonymousType(responseContent, new { RedirectUri = "", OrderRef = "", IsAutoLaunch = false });
Assert.True(responseObject.IsAutoLaunch);
var encodedReturnParam = UrlEncoder.Default.Encode(testReturnUrl);
var expectedUrl = $"http://localhost/BankIdAuthentication/Login?returnUrl={encodedReturnParam}&loginOptions={testOptions}";
Assert.Equal(expectedUrl, responseObject.RedirectUri);
}