public async Task WhenSignatureVerificationFails_InvokesConfiguredCallback()
{
_request.Headers["Authorization"] = "TestScheme abc123";
var failureResult = new RequestSignatureVerificationResultFailure(
new Client("c1", "test", SignatureAlgorithm.CreateForVerification("s3cr3t"), TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(1)),
new Signature(),
SignatureVerificationFailure.HeaderMissing("A header is missing.", null));
A.CallTo(() => _options.RequestSignatureVerifier.VerifySignature(
A <IOwinRequest> .That.Matches(ConvertedRequest),
A <SignedHttpRequestAuthenticationOptions> ._))
.Returns(failureResult);
RequestSignatureVerificationResult resultFromCallback = null;
_options.OnIdentityVerificationFailed = (request, failure) => {
resultFromCallback = failure;
return(Task.CompletedTask);
};
await _method();
resultFromCallback.Should().Be(failureResult);
}
public async Task WhenVerificationFails_InvokesConfiguredCallback()
{
_httpRequest.Headers["Authorization"] = "tests-scheme abc123";
var cause = SignatureVerificationFailure.InvalidSignatureString("Invalid signature");
var failureResult = new RequestSignatureVerificationResultFailure(
new Client(
"app1",
"Unit test app",
new CustomSignatureAlgorithm("test"),
TimeSpan.FromMinutes(1),
TimeSpan.FromMinutes(1),
RequestTargetEscaping.RFC3986),
new HttpRequestForVerification(),
cause);
A.CallTo(() => _requestSignatureVerifier.VerifySignature(_httpRequest, _options))
.Returns(failureResult);
RequestSignatureVerificationResult resultFromCallback = null;
_options.OnIdentityVerificationFailed = (request, failure) => {
resultFromCallback = failure;
return(Task.CompletedTask);
};
await _sut.DoAuthenticate();
resultFromCallback.Should().Be(failureResult);
}
public async Task WhenSignatureVerificationFails_ReturnsNull()
{
_request.Headers["Authorization"] = "TestScheme abc123";
var failureResult = new RequestSignatureVerificationResultFailure(
new Client("c1", "test", SignatureAlgorithm.CreateForVerification("s3cr3t"), TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(1)),
new Signature(),
SignatureVerificationFailure.HeaderMissing("A header is missing.", null));
A.CallTo(() => _options.RequestSignatureVerifier.VerifySignature(
A <IOwinRequest> .That.Matches(ConvertedRequest),
A <SignedHttpRequestAuthenticationOptions> ._))
.Returns(failureResult);
var actual = await _method();
actual.Should().BeNull();
}
