public void OnAuthorization_RedirectsToAuthorizationRedirectPath_OnlyWhenUserDeniedGrantingPermissions(string requestUrl, string expectedRedirectUrl)
{
FacebookClient client = MockHelpers.CreateFacebookClient();
IFacebookPermissionService permissionService = MockHelpers.CreatePermissionService(new[] { "" });
FacebookConfiguration config = MockHelpers.CreateConfiguration(client, permissionService);
config.AuthorizationRedirectPath = "~/home/permissions";
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
AuthorizationContext context = new AuthorizationContext(
MockHelpers.CreateControllerContext(new NameValueCollection
{
{ "signed_request", "exampleSignedRequest" }
},
null,
new Uri(requestUrl)),
MockHelpers.CreateActionDescriptor(new[] { new FacebookAuthorizeAttribute("email") }));
authorizeFilter.OnAuthorization(context);
ContentResult result = Assert.IsAssignableFrom <JavaScriptRedirectResult>(context.Result);
Assert.Equal("text/html", result.ContentType);
Assert.Equal(
String.Format("<script>window.top.location = '{0}';</script>", expectedRedirectUrl),
result.Content);
}
public void BindModel_ReturnsExpectedFacebookRedirectContext()
{
FacebookConfiguration config = new FacebookConfiguration();
config.AppId = "123456";
config.ClientProvider = new DefaultFacebookClientProvider(config);
FacebookRedirectContextModelBinder redirectContextBinder =
new FacebookRedirectContextModelBinder(config);
ControllerContext controllerContext = MockHelpers.CreateControllerContext(
null,
new NameValueCollection
{
{ "originUrl", "https://apps.facebook.com/123456/home/index" },
{ "permissions", "email,user_likes" }
}
);
ModelBindingContext modelBindingContext = new ModelBindingContext();
FacebookRedirectContext context = Assert.IsType <FacebookRedirectContext>(
redirectContextBinder.BindModel(controllerContext, modelBindingContext)
);
Assert.Equal("https://apps.facebook.com/123456/home/index", context.OriginUrl);
// Redirect URL should not have any permissions on it. That's handled by the authorization filter.
Assert.Equal(
"https://www.facebook.com/dialog/oauth?redirect_uri=https%3A%2F%2Fapps.facebook.com%2F123456%2Fhome%2Findex&client_id=123456",
context.RedirectUrl
);
Assert.Equal(2, context.RequiredPermissions.Length);
Assert.Equal("email", context.RequiredPermissions[0]);
Assert.Equal("user_likes", context.RequiredPermissions[1]);
Assert.Same(config, context.Configuration);
}
public void BindModel_ReturnsExpectedFacebookContext_WhenSignedRequestComesFromQuery()
{
FacebookConfiguration config = new FacebookConfiguration();
config.AppSecret = "3e29b24f825e737d97aed5eb62df5076";
config.ClientProvider = new DefaultFacebookClientProvider(config);
FacebookContextModelBinder contextBinder = new FacebookContextModelBinder(config);
ControllerContext controllerContext = MockHelpers.CreateControllerContext(
null,
new NameValueCollection
{
{
"signed_request",
"x1yDEgacN3N5iu23Ji8NLYp9LGO1-cUXKHTJQrMqzVQ.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEzNTM5MTMyMDAsImlzc3VlZF9hdCI6MTM1MzkwNzQ5Miwib2F1dGhfdG9rZW4iOiJBQUFGUlJPcWtwZ01CQURBSjNQZk5vNldXMlJ5WkFSQ1hjU0daQlhpNTBLTG9wRzFwYmFwc2M2aThKY3h6WkFQN1pDSnlpcXVHYlc3WXlCam1aQjh0UWpyelZ2VTNrYm44b3N3WXR5czkzTWdaRFpEIiwidXNlciI6eyJjb3VudHJ5IjoidXMiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjIxfX0sInVzZXJfaWQiOiIxNzgyNTkwMSJ9"
}
}
);
FacebookContext context = Assert.IsType <FacebookContext>(
contextBinder.BindModel(controllerContext, new ModelBindingContext())
);
Assert.NotNull((object)context.SignedRequest);
Assert.NotNull(context.AccessToken);
Assert.Equal("17825901", context.UserId);
}
public void OnAuthorization_RedirectsToOAuthDialog_ForMissingPermissions()
{
FacebookClient client = MockHelpers.CreateFacebookClient();
IFacebookPermissionService permissionService = MockHelpers.CreatePermissionService(
new[] { "" }
);
FacebookConfiguration config = MockHelpers.CreateConfiguration(
client,
permissionService
);
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
AuthorizationContext context = new AuthorizationContext(
MockHelpers.CreateControllerContext(
new NameValueCollection {
{ "signed_request", "exampleSignedRequest" }
}
),
MockHelpers.CreateActionDescriptor(
new[] { new FacebookAuthorizeAttribute("email", "user_likes") }
)
);
authorizeFilter.OnAuthorization(context);
ContentResult result = Assert.IsType <ShowPromptResult>(context.Result);
Assert.Equal("text/html", result.ContentType);
Assert.Equal(
"<script>window.top.location = 'https://www.facebook.com/dialog/oauth?redirect_uri=example.com';</script>",
result.Content
);
}
private AuthorizationContext BuildSignedAuthorizationContext(
string requestUrl,
string permission,
HttpCookieCollection requestCookies = null
)
{
var permissions = permission == null ? new string[0] : new string[] { permission };
var requestUri = new Uri(requestUrl);
var context = new AuthorizationContext(
MockHelpers.CreateControllerContext(
new NameValueCollection {
{ "signed_request", "exampleSignedRequest" }
},
HttpUtility.ParseQueryString(requestUri.Query),
requestUri,
requestCookies
),
MockHelpers.CreateActionDescriptor(
new[] { new FacebookAuthorizeAttribute(permissions) }
)
);
return(context);
}
public void BindModel_ReturnsInvalidModelState_WhenSignedRequestIsNull()
{
FacebookConfiguration config = new FacebookConfiguration();
config.AppSecret = "abcdef";
config.ClientProvider = new DefaultFacebookClientProvider(config);
FacebookContextModelBinder contextBinder = new FacebookContextModelBinder(config);
ControllerContext controllerContext = MockHelpers.CreateControllerContext();
ModelBindingContext modelBindingContext = new ModelBindingContext();
object context = contextBinder.BindModel(controllerContext, modelBindingContext);
Assert.Null(context);
Assert.False(modelBindingContext.ModelState.IsValid);
}
public void OnAuthorization_RedirectsToOAuthDialog_WhenSignedRequestIsNull()
{
FacebookConfiguration config = MockHelpers.CreateConfiguration();
FacebookAuthorizeFilter authorizeFilter = new FacebookAuthorizeFilter(config);
AuthorizationContext context = new AuthorizationContext(
MockHelpers.CreateControllerContext(),
MockHelpers.CreateActionDescriptor(new[] { new FacebookAuthorizeAttribute("email") }));
authorizeFilter.OnAuthorization(context);
ContentResult result = Assert.IsType <JavaScriptRedirectResult>(context.Result);
Assert.Equal("text/html", result.ContentType);
Assert.Equal(
"<script>window.top.location = 'https://www.facebook.com/dialog/oauth?redirect_uri=https%3A%2F%2Fapps.facebook.com%2FDefaultAppId%2F\\u0026client_id=DefaultAppId';</script>",
result.Content);
}
public void BindModel_ReturnsInvalidModelState_WhenOriginUrlIsNull()
{
FacebookConfiguration config = new FacebookConfiguration();
config.AppId = "123456";
config.ClientProvider = new DefaultFacebookClientProvider(config);
FacebookRedirectContextModelBinder redirectContextBinder = new FacebookRedirectContextModelBinder(config);
ControllerContext controllerContext = MockHelpers.CreateControllerContext(
null,
new NameValueCollection
{
{ "permissions", "email,user_likes" }
});
ModelBindingContext modelBindingContext = new ModelBindingContext();
FacebookRedirectContext context = Assert.IsType <FacebookRedirectContext>(redirectContextBinder.BindModel(controllerContext, modelBindingContext));
Assert.False(modelBindingContext.ModelState.IsValid);
}