public async Task When_Authenticate_ResourceOwner_Then_Claims_Are_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string subject = "subject";
var parameter = new LocalAuthenticationParameter
{
UserName = "******",
Password = "******"
};
var resourceOwner = new ResourceOwner
{
Id = subject
};
_authenticateResourceOwnerServiceStub.Setup(r => r.AuthenticateResourceOwnerAsync(It.IsAny <string>(),
It.IsAny <string>()))
.Returns(Task.FromResult(resourceOwner));
// ACT
var res = await _localUserAuthenticationAction.Execute(parameter);
// ASSERT
Assert.NotNull(res);
}
public async Task When_Passing_Needed_Parameter_To_LocalUserAuthentication_Then_Operation_Is_Called()
{
// ARRANGE
InitializeFakeObjects();
var localAuthenticationParameter = new LocalAuthenticationParameter
{
Password = "******",
UserName = "******"
};
var resourceOwner = new ResourceOwner
{
Password = "******",
Id = "username"
};
_localUserAuthenticationActionFake.Setup(l => l.Execute(It.IsAny <LocalAuthenticationParameter>()))
.Returns(Task.FromResult(resourceOwner));
// ACT
var result = await _authenticateActions.LocalUserAuthentication(localAuthenticationParameter);
// ASSERT
Assert.NotNull(result);
Assert.True(result.Id == "username" && result.Password == "password");
}
public async Task When_Resource_Owner_Cannot_Be_Authenticated_Then_Error_Message_Is_Returned()
{
var authenticateService = new Mock <IAuthenticateResourceOwnerService>();
authenticateService.SetupGet(x => x.Amr).Returns("pwd");
authenticateService
.Setup(
x => x.AuthenticateResourceOwner(
It.IsAny <string>(),
It.IsAny <string>(),
It.IsAny <CancellationToken>()))
.ReturnsAsync((ResourceOwner)null);
InitializeFakeObjects(authenticateService.Object);
var localAuthenticationParameter = new LocalAuthenticationParameter();
var authorizationParameter = new AuthorizationParameter();
var result = await _localUserAuthenticationAction !.Execute(
localAuthenticationParameter,
authorizationParameter,
"",
"",
CancellationToken.None)
.ConfigureAwait(false);
Assert.NotNull(result.ErrorMessage);
}
public async Task When_Resource_Owner_Credentials_Are_Correct_Then_Event_Is_Logged_And_Claims_Are_Returned()
{
// ARRANGE
const string subject = "subject";
InitializeFakeObjects();
var localAuthenticationParameter = new LocalAuthenticationParameter();
var authorizationParameter = new AuthorizationParameter();
var resourceOwner = new ResourceOwner
{
Id = subject
};
_authenticateResourceOwnerServiceStub.Setup(r => r.AuthenticateResourceOwnerAsync(It.IsAny <string>(), It.IsAny <string>())).Returns(Task.FromResult(resourceOwner));
// ACT
var result = await _localUserAuthenticationAction.Execute(localAuthenticationParameter,
authorizationParameter,
null);
// Specify the resource owner authentication date
Assert.NotNull(result);
Assert.NotNull(result.Claims);
Assert.True(result.Claims.Any(r => r.Type == ClaimTypes.AuthenticationInstant ||
r.Type == Jwt.Constants.StandardResourceOwnerClaimNames.Subject));
}
public async Task <ResourceOwner> LocalUserAuthentication(LocalAuthenticationParameter localAuthenticationParameter)
{
if (localAuthenticationParameter == null)
{
throw new ArgumentNullException("localAuthenticationParameter");
}
return(await _localUserAuthenticationAction.Execute(localAuthenticationParameter));
}
public async Task When_Passing_Null_LocalAuthenticateParameter_To_The_Action_LocalUserAuthentication_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var localAuthenticationParameter = new LocalAuthenticationParameter();
// ACT & ASSERT
await Assert.ThrowsAsync <ArgumentNullException>(() => _authenticateActions.LocalOpenIdUserAuthentication(null, null, null, null));
await Assert.ThrowsAsync <ArgumentNullException>(() => _authenticateActions.LocalOpenIdUserAuthentication(localAuthenticationParameter, null, null, null));
}
public async Task When_Passing_Null_Parameter_Then_Exceptions_Are_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var localAuthenticationParameter = new LocalAuthenticationParameter();
// ACTS & ASSERTS
await Assert.ThrowsAsync <ArgumentNullException>(() => _localUserAuthenticationAction.Execute(null, null, null));
await Assert.ThrowsAsync <ArgumentNullException>(() => _localUserAuthenticationAction.Execute(localAuthenticationParameter, null, null));
}
public async Task When_Resource_Owner_Cannot_Be_Authenticated_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var localAuthenticationParameter = new LocalAuthenticationParameter();
var authorizationParameter = new AuthorizationParameter();
_resourceOwnerAuthenticateHelperStub.Setup(r => r.Authenticate(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <IEnumerable <string> >())).Returns(Task.FromResult((ResourceOwner)null));
// ACT & ASSERT
await Assert.ThrowsAsync <IdentityServerAuthenticationException>(() => _localUserAuthenticationAction.Execute(localAuthenticationParameter, authorizationParameter, null, null));
}
/// <summary>
/// Authenticate local user account.
/// </summary>
/// <param name="localAuthenticationParameter">User's credentials</param>
/// <param name="authorizationParameter">Authorization parameters</param>
/// <param name="code">Encrypted & signed authorization parameters</param>
/// <param name="issuerName"></param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> for the async operation.</param>
/// <returns>Consent screen or redirect to the Index page.</returns>
public async Task <LocalOpenIdAuthenticationResult> Execute(
LocalAuthenticationParameter localAuthenticationParameter,
AuthorizationParameter authorizationParameter,
string code,
string issuerName,
CancellationToken cancellationToken)
{
var resourceOwner =
(localAuthenticationParameter.UserName == null || localAuthenticationParameter.Password == null)
? null
: await _resourceOwnerServices.Authenticate(
localAuthenticationParameter.UserName,
localAuthenticationParameter.Password,
cancellationToken,
authorizationParameter.AmrValues)
.ConfigureAwait(false);
if (resourceOwner == null)
{
return(new LocalOpenIdAuthenticationResult
{
ErrorMessage = Strings.TheResourceOwnerCredentialsAreNotCorrect
});
}
var claims = new[]
{
new Claim(
ClaimTypes.AuthenticationInstant,
DateTimeOffset.UtcNow.ConvertToUnixTimestamp().ToString(CultureInfo.InvariantCulture),
ClaimValueTypes.Integer)
}.Add(resourceOwner.Claims);
return(new LocalOpenIdAuthenticationResult
{
EndpointResult =
await _authenticateHelper.ProcessRedirection(
authorizationParameter,
code,
resourceOwner.Subject !,
claims,
issuerName,
cancellationToken)
.ConfigureAwait(false),
Claims = claims,
TwoFactor = resourceOwner.TwoFactorAuthentication
});
public async Task <ResourceOwner> Execute(LocalAuthenticationParameter localAuthenticationParameter)
{
if (localAuthenticationParameter == null)
{
throw new ArgumentNullException("localAuthenticationParameter");
}
var record = await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(localAuthenticationParameter.UserName,
localAuthenticationParameter.Password);
if (record == null)
{
throw new IdentityServerAuthenticationException(ErrorDescriptions.TheResourceOwnerCredentialsAreNotCorrect);
}
return(record);
}
public async Task When_ResourceOwner_Cannot_Be_Authenticated_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new LocalAuthenticationParameter
{
UserName = "******",
Password = "******"
};
_authenticateResourceOwnerServiceStub.Setup(r => r.AuthenticateResourceOwnerAsync(It.IsAny <string>(),
It.IsAny <string>()))
.Returns(Task.FromResult((ResourceOwner)null));
// ACT & ASSERT
var exception = await Assert.ThrowsAsync <IdentityServerAuthenticationException>(() => _localUserAuthenticationAction.Execute(parameter));
Assert.True(exception.Message == ErrorDescriptions.TheResourceOwnerCredentialsAreNotCorrect);
}
public async Task <LocalOpenIdAuthenticationResult> LocalOpenIdUserAuthentication(
LocalAuthenticationParameter localAuthenticationParameter,
AuthorizationParameter authorizationParameter,
string code)
{
if (localAuthenticationParameter == null)
{
throw new ArgumentNullException("localAuthenticationParameter");
}
if (authorizationParameter == null)
{
throw new ArgumentNullException("authorizationParameter");
}
return(await _localOpenIdUserAuthenticationAction.Execute(
localAuthenticationParameter,
authorizationParameter,
code));
}
public async Task When_Passing_Parameters_Needed_To_The_Action_LocalUserAuthentication_Then_The_Action_Is_Called()
{
// ARRANGE
InitializeFakeObjects();
var authorizationParameter = new AuthorizationParameter
{
ClientId = "clientId"
};
var localUserAuthentication = new LocalAuthenticationParameter
{
UserName = "******"
};
// ACT
await _authenticateActions.LocalOpenIdUserAuthentication(localUserAuthentication, authorizationParameter, null, null);
// ASSERT
_localOpenIdUserAuthenticationActionFake.Verify(a => a.Execute(localUserAuthentication,
authorizationParameter,
null, null));
}
public async Task When_Resource_Owner_Credentials_Are_Correct_Then_Event_Is_Logged_And_Claims_Are_Returned()
{
const string subject = "subject";
var localAuthenticationParameter = new LocalAuthenticationParameter {
Password = "******", UserName = subject
};
var authorizationParameter = new AuthorizationParameter {
ClientId = "client"
};
var resourceOwner = new ResourceOwner {
Subject = subject
};
var authenticateService = new Mock <IAuthenticateResourceOwnerService>();
authenticateService.SetupGet(x => x.Amr).Returns("pwd");
authenticateService
.Setup(
x => x.AuthenticateResourceOwner(
It.IsAny <string>(),
It.IsAny <string>(),
It.IsAny <CancellationToken>()))
.ReturnsAsync(resourceOwner);
InitializeFakeObjects(authenticateService.Object);
var result = await _localUserAuthenticationAction !.Execute(
localAuthenticationParameter,
authorizationParameter,
"",
"",
CancellationToken.None)
.ConfigureAwait(false);
// Specify the resource owner authentication date
Assert.NotNull(result.Claims);
Assert.Contains(
result.Claims,
r => r.Type == ClaimTypes.AuthenticationInstant || r.Type == OpenIdClaimTypes.Subject);
}
/// <summary>
/// Authenticate local user account.
/// Exceptions :
/// Throw the exception <see cref="IdentityServerAuthenticationException "/> if the user cannot be authenticated
/// </summary>
/// <param name="localAuthenticationParameter">User's credentials</param>
/// <param name="authorizationParameter">Authorization parameters</param>
/// <param name="code">Encrypted & signed authorization parameters</param>
/// <param name="claims">Returned the claims of the authenticated user</param>
/// <returns>Consent screen or redirect to the Index page.</returns>
public async Task <LocalOpenIdAuthenticationResult> Execute(
LocalAuthenticationParameter localAuthenticationParameter,
AuthorizationParameter authorizationParameter,
string code)
{
if (localAuthenticationParameter == null)
{
throw new ArgumentNullException(nameof(localAuthenticationParameter));
}
if (authorizationParameter == null)
{
throw new ArgumentNullException(nameof(authorizationParameter));
}
var resourceOwner = await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(localAuthenticationParameter.UserName,
localAuthenticationParameter.Password);
if (resourceOwner == null)
{
throw new IdentityServerAuthenticationException("the resource owner credentials are not correct");
}
var claims = resourceOwner.Claims == null ? new List <Claim>() : resourceOwner.Claims.ToList();
claims.Add(new Claim(ClaimTypes.AuthenticationInstant,
DateTimeOffset.UtcNow.ConvertToUnixTimestamp().ToString(CultureInfo.InvariantCulture),
ClaimValueTypes.Integer));
return(new LocalOpenIdAuthenticationResult
{
ActionResult = await _authenticateHelper.ProcessRedirection(authorizationParameter,
code,
resourceOwner.Id,
claims),
Claims = claims
});
}
