Ejemplo n.º 1
0
        public static Tuple <ServerWithAuthorizationCode, ResourceOwner> GetCredentialsFromAuthorizationRedirect(this IWebOperationContext context)
        {
            var code  = context.IncomingRequest.UriTemplateMatch.QueryParameters.Get("code");
            var state = context.IncomingRequest.UriTemplateMatch.QueryParameters.Get("state");

            if (string.IsNullOrEmpty(code))
            {
                throw new InvalidAuthorizationRequestException("the query parameters 'code' is not set.");
            }

            if (string.IsNullOrEmpty(state))
            {
                throw new InvalidAuthorizationRequestException("the query parameters 'state' is not set.");
            }

            if (!state.Contains("_"))
            {
                throw new InvalidAuthorizationRequestException("the query parameters 'state' must be of type '<GUID of Server>_<GUID of ResourceOwner>'");
            }
            var states = state.Split('_');

            var server        = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(new Guid(states[0]));
            var resourceOwner = ResourceOwners.GetResourceOwner(new Guid(states[1]));

            var token = Tokens.GetToken(server, resourceOwner);

            token.AuthorizationCode = code;

            return(new Tuple <ServerWithAuthorizationCode, ResourceOwner>(server, resourceOwner));
        }
Ejemplo n.º 2
0
        public void DisposeAndLoad()
        {
            Tokens.CleanUpForTests();
            var server1 = ServersWithAuthorizationCode.Add("testclient", "testsecret",
                                                           new Uri("http://example.com/uri1"),
                                                           new Uri("http://example.org/access"),
                                                           new Uri("http://example.com/uri2"));
            var resourceOwner1 = ResourceOwners.Add("testuser");

            Token token = Tokens.GetToken(server1, resourceOwner1);

            token.Expires           = DateTime.Now;
            token.AccessToken       = "token1";
            token.AuthorizationCode = "token2";
            token.RefreshToken      = "token3";

            Tokens.SaveToIsoStore();
            Tokens.LoadFromIsoStore();

            var tokenAfter = Tokens.GetToken(server1, resourceOwner1);

            tokenAfter.Should().NotBeNull();
            tokenAfter.Expires.ToString().Should().Be(token.Expires.ToString());
            tokenAfter.AccessToken.Should().Be(token.AccessToken);
            tokenAfter.AuthorizationCode.Should().Be(token.AuthorizationCode);
            tokenAfter.RefreshToken.Should().Be(token.RefreshToken);
        }
        public void GetCredentialsFromAuthorizationRedirectTest()
        {
            var resourceOwner = ResourceOwners.Add("testusercredetials1");

            var authorizationRequestUri = new Uri("http://example.com/TokenTest/AuthRequest");
            var accessTokenRequestUri   = new Uri("http://example.com/TokenTest/AuthAccess");
            var redirectUri             = new Uri("http://example.com/TokenTest/Redirect");
            var server = ServersWithAuthorizationCode.Add("testclienid", "testsecret", authorizationRequestUri, accessTokenRequestUri, redirectUri);

            Mock <IWebOperationContext> mockContext = new Mock <IWebOperationContext> {
                DefaultValue = DefaultValue.Mock
            };
            var context = mockContext.Object;

            context.IncomingRequest.UriTemplateMatch.RequestUri = new Uri("http://example.org/TokenTest/Redirect");
            context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("code", "Splx10BeZQQYbYS6WxSbIA");
            context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("state", server.Guid.ToString() + "_" + resourceOwner.Guid.ToString());
            var tuple = context.GetCredentialsFromAuthorizationRedirect();

            tuple.Item1.AuthorizationRequestUri.ToString().Should().Be(server.AuthorizationRequestUri.ToString());
            tuple.Item1.RedirectionUri.ToString().Should().Be(server.RedirectionUri.ToString());
            tuple.Item1.ClientId.Should().Be(server.ClientId);

            tuple.Item2.Name.Should().Be(resourceOwner.Name);
            tuple.Item2.Guid.Should().Be(resourceOwner.Guid);

            var token = Tokens.GetToken(tuple.Item1, tuple.Item2);

            token.AuthorizationCode.Should().Be("Splx10BeZQQYbYS6WxSbIA");
        }
        public void RedirectToAuthorizationTest()
        {
            var resourceOwner = ResourceOwners.Add("testauthredirect1");

            var authorizationRequestUri = new Uri("http://example.com/TokenTest/AuthRequest");
            var accessTokenRequestUri   = new Uri("http://example.com/TokenTest/accessTokenRequestUri");
            var redirectUri             = new Uri("http://example.com/TokenTest/Redirect");
            var server = ServersWithAuthorizationCode.Add("testauthredirectserver", "testsecret", authorizationRequestUri, accessTokenRequestUri, redirectUri, new List <string>()
            {
                "scope1", "scope2"
            });

            var mock = new Mock <IWebOperationContext>()
            {
            };
            var context = mock.Object;

            mock.SetupAllProperties();

            context.RedirectToAuthorization(server, resourceOwner);
            context.OutgoingResponse.StatusCode.Should().Be(HttpStatusCode.Redirect);

            var expectedRedirectionUri = "http://example.com/TokenTest/AuthRequest?response_type=code&client_id=" +
                                         server.ClientId +
                                         "&state=" + server.Guid + "_" + resourceOwner.Guid +
                                         "&scope=scope1+scope2" +
                                         "&redirect_uri=http%3a%2f%2fexample.com%2fTokenTest%2fRedirect";

            context.OutgoingResponse.Location.Should().Be(expectedRedirectionUri);

            var token = Tokens.GetToken(server, resourceOwner);

            token.RedirectUri.ToString().Should().Be(redirectUri.ToString());
        }
        public void GetAuthorizationCodeViaUserAgentAndRequestProtectedResource()
        {
            //TODO: webrequest mocken
            // diesen dann mit "Pseudo"-Auth-Code ausstatten, die SetToken(server, incommingRequest) => resoruceOwner
            // und die WebRequest.Authorize(server, resourceOwner) anschubsen
            // dabei müssen die UserCredentials richtig gesetzt sein

            var resourceOwnertmp = ResourceOwners.GetResourceOwner(_resourceOwnerName);
            var servertmp        = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(_clientId, _authorizationRequestUri, _accessTokenRequestUri, _redirectionUri);

            var mockContext = new Mock <IWebOperationContext> {
                DefaultValue = DefaultValue.Mock
            };

            mockContext.SetupAllProperties();
            var context = mockContext.Object;

            context.IncomingRequest.UriTemplateMatch.RequestUri = _redirectionUri;
            context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("code", "Splx10BeZQQYbYS6WxSbIA");
            context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("state", servertmp.Guid.ToString() + "_" + resourceOwnertmp.Guid.ToString());
            var tuple = context.GetCredentialsFromAuthorizationRedirect();

            var server        = tuple.Item1;
            var resourceOwner = tuple.Item2;

            server.Should().Be(servertmp);
            resourceOwner.Should().Be(resourceOwner);


            var webRequest = resourceOwner.GetSignedRequestFor(server, "http://example.com/ProtectedResource");;

            //Test ob WebRequest richtig unterschrieben wurde

            Assert.Fail("Test is not completed yet");
        }
Ejemplo n.º 6
0
        public void TokenFromXElement()
        {
            var element = new XElement("Token");
            var server  = ServersWithAuthorizationCode.Add("testclient1", "testsecret",
                                                           new Uri("http://example.com/uri1"),
                                                           new Uri("http://example.org/access"),
                                                           new Uri("http://example.com/uri2"));
            var resourceOwner = ResourceOwners.Add("testuser1");

            element.Add(new XElement("Server", server.Guid.ToString()));
            element.Add(new XElement("ResourceOwner", resourceOwner.Name));
            element.Add(new XElement("AuthorizationCode", "foobar4"));
            element.Add(new XElement("AccessToken", "foobar1"));
            element.Add(new XElement("RefreshToken", "foobar2"));
            element.Add(new XElement("Expires", DateTime.Today.ToString()));
            element.Add(new XElement("RedirectUri", "http://example.org/redirect"));

            var token = Token.FromXElement(element);

            token.Server.Should().NotBeNull();
            token.ResourceOwner.Should().Be(resourceOwner);
            token.AuthorizationCode.Should().Be("foobar4");
            token.AccessToken.Should().Be("foobar1");
            token.RefreshToken.Should().Be("foobar2");
            token.RedirectUri.Should().Be("http://example.org/redirect");
        }
Ejemplo n.º 7
0
        public void CreateResourceOwner()
        {
            ResourceOwners.CleanUpForTests();
            var resourceOwner = ResourceOwners.Add("user1");

            Assert.IsNotNull(resourceOwner);
            Assert.AreEqual("user1", resourceOwner.Name);
        }
Ejemplo n.º 8
0
        public void ConfigureServices(IServiceCollection services)
        {
            var isSqlServer = bool.Parse(Configuration["isSqlServer"]);
            var isSqlLite   = bool.Parse(Configuration["isSqlLite"]);

            // Add the dependencies needed to enable CORS
            services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()
                                                          .AllowAnyMethod()
                                                          .AllowAnyHeader()));
            var connectionString = Configuration["Data:DefaultConnection:ConnectionString"];

            // Configure the rate limitation
            services.Configure <RateLimitationOptions>(opt =>
            {
                opt.IsEnabled = true;
                opt.RateLimitationElements = new List <RateLimitationElement>
                {
                    new RateLimitationElement
                    {
                        Name             = "PostToken",
                        NumberOfRequests = 20,
                        SlidingTime      = 2000
                    }
                };
                opt.MemoryCache = new MemoryCache(new MemoryCacheOptions());
            });

            var dataSourceType = DataSourceTypes.InMemory;

            if (isSqlServer)
            {
                dataSourceType = DataSourceTypes.SqlServer;
            }
            else if (isSqlLite)
            {
                dataSourceType = DataSourceTypes.SqlLite;
            }

            // Configure Simple identity server
            services.AddSimpleIdentityServer(new DataSourceOptions
            {
                DataSourceType   = dataSourceType,
                ConnectionString = connectionString,
                Clients          = Clients.Get(),
                JsonWebKeys      = JsonWebKeys.Get(),
                ResourceOwners   = ResourceOwners.Get(),
                Scopes           = Scopes.Get(),
                Translations     = Translations.Get()
            }, _swaggerOptions);

            services.AddLogging();
        }
Ejemplo n.º 9
0
        public void GetResourceOwner()
        {
            ResourceOwners.CleanUpForTests();
            ResourceOwners.Add("user1");
            ResourceOwners.Add("user2");

            var resourceOwner = ResourceOwners.GetResourceOwner("user1");

            resourceOwner.Name.Should().Be("user1");
            ResourceOwners.GetResourceOwner(resourceOwner.Guid).Should().NotBeNull();

            var resourceOwnerNull = ResourceOwners.GetResourceOwner("foo");

            resourceOwnerNull.Should().BeNull();
            ResourceOwners.GetResourceOwner(Guid.NewGuid()).Should().BeNull();
        }
        public void SetUp()
        {
            Tokens.CleanUpForTests();
            ResourceOwners.CleanUpForTests();
            ServersWithAuthorizationCode.CleanUpForTests();

            var authorizationRequestUri = new Uri("http://example.org/GetAccessAndRefreshTokenTest/Authorization");
            var accessTokenUri          = new Uri("http://example.org/GetAccessAndRefreshTokenTest/Access");
            var redirectionUri          = new Uri("http://example.org/GetAccessAndRefreshTokenTest/redirectionUri");

            _server                  = ServersWithAuthorizationCode.Add("123456789", "testsecret", authorizationRequestUri, accessTokenUri, redirectionUri);
            _resourceOwner           = ResourceOwners.Add("Test");
            _token                   = Tokens.GetToken(_server, _resourceOwner);
            _token.RedirectUri       = _server.RedirectionUri;
            _token.AuthorizationCode = "Aplx10BeZQQYbYS6WxSbIA";
        }
Ejemplo n.º 11
0
        public void AuthorizesMeToAccessTo()
        {
            var resourceOwner1 = ResourceOwners.Add("testusertoken1");
            var resourceOwner2 = ResourceOwners.Add("testusertoken2");

            var authorizationRequestUri = new Uri("http://example.com/TokenTest/AuthRequest");
            var accessTokenRequestUri   = new Uri("http://example.com/TokenTest/AccessRequest");
            var redirectUri             = new Uri("http://example.com/TokenTest/Redirect");
            var server = ServersWithAuthorizationCode.Add("testclienid", "testsecret", authorizationRequestUri, accessTokenRequestUri, redirectUri);

            var token = new Token(server, resourceOwner1);

            token.AuthorizationCode = "foobar";
            Tokens.AddToken(token);

            resourceOwner1.AuthorizesMeToAccessTo(server).Should().BeTrue();
            resourceOwner2.AuthorizesMeToAccessTo(server).Should().BeFalse();
        }
Ejemplo n.º 12
0
        public void DisposeAndLoad()
        {
            ResourceOwners.CleanUpForTests();
            ResourceOwners.Add("user1");
            ResourceOwners.Add("user2");

            ResourceOwners.SaveToIsoStore();
            ResourceOwners.LoadFromIsoStore();

            var resourceOwner = ResourceOwners.GetResourceOwner("user1");

            Assert.IsNotNull(resourceOwner);
            Assert.AreEqual("user1", resourceOwner.Name);

            var resourceOwnerNull = ResourceOwners.GetResourceOwner("foo");

            Assert.IsNull(resourceOwnerNull);
        }
        public void SetUp()
        {
            _resourceOwnerName = "stoeren";
            if (!ResourceOwners.ResourceOwnerExists(_resourceOwnerName))
            {
                ResourceOwners.Add(_resourceOwnerName);
            }

            _clientId                = "268852326492238";
            _clientSharedSecret      = "124564561125648";
            _authorizationRequestUri = new Uri("http://example.com/AuthorizationRequest");
            _accessTokenRequestUri   = new Uri("http://example.com/access");
            _redirectionUri          = new Uri("http://example.com/RedirectionUri");
            if (!ServersWithAuthorizationCode.ServerWithAuthorizationCodeExists(_clientId, _authorizationRequestUri, _accessTokenRequestUri, _redirectionUri))
            {
                ServersWithAuthorizationCode.Add(_clientId, _clientSharedSecret, _authorizationRequestUri, _accessTokenRequestUri, _redirectionUri);
            }
        }
        public void CreateServerAndUsersAndGetCorrectRedirectToAuthorizationRequest()
        {
            // Spec v2-22 4.1.1

            var resourceOwner = ResourceOwners.GetResourceOwner(_resourceOwnerName);
            var server        = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(_clientId, _authorizationRequestUri,
                                                                                            _accessTokenRequestUri,
                                                                                            _redirectionUri);

            var mockContext = new Mock <IWebOperationContext> {
                DefaultValue = DefaultValue.Mock
            };

            mockContext.SetupAllProperties();
            resourceOwner.AuthorizesMeToAccessTo(server).Should().BeFalse();
            var context = mockContext.Object;

            context.RedirectToAuthorization(server, resourceOwner);

            context.OutgoingResponse.StatusCode.Should().Be(HttpStatusCode.Redirect);
            context.OutgoingResponse.Location.Should().NotBeNullOrEmpty();
        }
Ejemplo n.º 15
0
        public void GetSignedRequestTest()
        {
            var resourceOwner = ResourceOwners.Add("testusersignedRequest");
            var server        = ServersWithAuthorizationCode.Add("clientid",
                                                                 "secret",
                                                                 new Uri("http://example.org/auth"),
                                                                 new Uri("http://example.org/access"),
                                                                 new Uri("http://example.org/redirect"));
            var token = new Token(server, resourceOwner);

            Tokens.AddToken(token);
            token.AuthorizationCode = "authcode";
            token.AccessToken       = "access123";
            token.Expires           = DateTime.Now.AddHours(1);

            var location1 = "http://example.org/protectedresource1";
            var location2 = "http://example.org/protectedresource2?foo=bar";

            var webRequest1 = resourceOwner.GetSignedRequestFor(server, location1);
            var webRequest2 = resourceOwner.GetSignedRequestFor(server, location2);

            webRequest1.RequestUri.Should().Be(location1 + "?access_token=access123");
            webRequest2.RequestUri.Should().Be(location2 + "&access_token=access123");
        }
 private void CmdResourceOwnerCreateClick(object sender, EventArgs e)
 {
     _resourceOwner            = ResourceOwners.Add(txtResourceOwnerName.Text);
     lblResourceOwnerGUID.Text = _resourceOwner.Guid.ToString();
 }
 public void SetUp()
 {
     ResourceOwners.CleanUpForTests();
     ServersWithAuthorizationCode.CleanUpForTests();
     Tokens.CleanUpForTests();
 }