protected void ProviderEndpoint1_AuthenticationChallenge(object sender, DotNetOpenId.Provider.AuthenticationChallengeEventArgs e)
{
if (!e.Request.IsReturnUrlDiscoverable)
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture,
"return_to could not be verified using RP discovery realm {0}.", e.Request.Realm));
}
TestSupport.Scenarios scenario = (TestSupport.Scenarios)Enum.Parse(typeof(TestSupport.Scenarios),
new Uri(e.Request.LocalIdentifier).AbsolutePath.TrimStart('/'));
switch (scenario)
{
case TestSupport.Scenarios.AutoApproval:
e.Request.IsAuthenticated = true;
break;
case TestSupport.Scenarios.ApproveOnSetup:
e.Request.IsAuthenticated = !e.Request.Immediate;
break;
default:
// All other scenarios are done programmatically only.
throw new InvalidOperationException("Unrecognized scenario");
}
e.Request.Response.Send();
}
void parameterizedTest(TestSupport.Scenarios scenario, ProtocolVersion version,
AuthenticationRequestMode requestMode, AuthenticationStatus expectedResult)
{
Identifier claimedId = TestSupport.GetMockIdentifier(scenario, version);
parameterizedProgrammaticTest(scenario, version, claimedId, requestMode, expectedResult, true);
parameterizedProgrammaticTest(scenario, version, claimedId, requestMode, expectedResult, false);
}
void parameterizedOPIdentifierTest(TestSupport.Scenarios scenario,
AuthenticationRequestMode requestMode, AuthenticationStatus expectedResult)
{
ProtocolVersion version = ProtocolVersion.V20; // only this version supports directed identity
UriIdentifier claimedIdentifier = TestSupport.GetDirectedIdentityUrl(TestSupport.Scenarios.ApproveOnSetup, version);
Identifier opIdentifier = TestSupport.GetMockOPIdentifier(TestSupport.Scenarios.ApproveOnSetup, claimedIdentifier);
parameterizedProgrammaticOPIdentifierTest(opIdentifier, version, claimedIdentifier, requestMode, expectedResult, true);
parameterizedProgrammaticOPIdentifierTest(opIdentifier, version, claimedIdentifier, requestMode, expectedResult, false);
}
public void BasicUnsolicitedAssertion()
{
Mocks.MockHttpRequest.RegisterMockRPDiscovery();
TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval;
Identifier claimedId = TestSupport.GetMockIdentifier(scenario, ProtocolVersion.V20);
Identifier localId = TestSupport.GetDelegateUrl(scenario);
OpenIdProvider op = TestSupport.CreateProvider(null);
IResponse assertion = op.PrepareUnsolicitedAssertion(TestSupport.Realm, claimedId, localId);
var rpResponse = TestSupport.CreateRelyingPartyResponse(TestSupport.RelyingPartyStore, assertion);
Assert.AreEqual(AuthenticationStatus.Authenticated, rpResponse.Status);
Assert.AreEqual(claimedId, rpResponse.ClaimedIdentifier);
}
void parameterizedProgrammaticTest(TestSupport.Scenarios scenario, ProtocolVersion version,
Identifier claimedUrl, AuthenticationRequestMode requestMode,
AuthenticationStatus expectedResult, bool provideStore)
{
var request = TestSupport.CreateRelyingPartyRequest(!provideStore, scenario, version);
request.Mode = requestMode;
var rpResponse = TestSupport.CreateRelyingPartyResponseThroughProvider(request,
opReq => opReq.IsAuthenticated = expectedResult == AuthenticationStatus.Authenticated);
Assert.AreEqual(expectedResult, rpResponse.Status);
Assert.AreEqual(claimedUrl, rpResponse.ClaimedIdentifier);
}
static ServiceEndpoint getServiceEndpoint(TestSupport.Scenarios scenario, ProtocolVersion version)
{
Protocol protocol = Protocol.Lookup(version);
ServiceEndpoint ep = ServiceEndpoint.CreateForClaimedIdentifier(
TestSupport.GetIdentityUrl(scenario, version),
TestSupport.GetDelegateUrl(scenario),
TestSupport.GetFullUrl(TestSupport.ProviderPage),
new[] { protocol.ClaimedIdentifierServiceTypeURI },
10,
10
);
return(ep);
}
protected void Page_Load(object sender, EventArgs e)
{
TestSupport.Scenarios scenario = (TestSupport.Scenarios)Enum.Parse(typeof(TestSupport.Scenarios), Request.QueryString["user"]);
UriBuilder providerEndpoint = new UriBuilder(Request.Url);
providerEndpoint.Query = "user="******"GET" ? Request.QueryString : Request.Form);
if (provider.Request != null)
{
if (!provider.Request.IsResponseReady)
{
var idreq = provider.Request as IAuthenticationRequest;
idreq.ClaimedIdentifier = new Uri(Request.Url, Page.ResolveUrl("~/DirectedIdentityEndpoint.aspx?user="******"&version=" + ProtocolVersion.V20));
switch (scenario)
{
case TestSupport.Scenarios.AutoApproval:
// immediately approve
idreq.IsAuthenticated = true;
break;
case TestSupport.Scenarios.AutoApprovalAddFragment:
idreq.SetClaimedIdentifierFragment("frag");
idreq.IsAuthenticated = true;
break;
case TestSupport.Scenarios.ApproveOnSetup:
idreq.IsAuthenticated = !idreq.Immediate;
break;
case TestSupport.Scenarios.AlwaysDeny:
idreq.IsAuthenticated = false;
break;
case TestSupport.Scenarios.ExtensionFullCooperation:
case TestSupport.Scenarios.ExtensionPartialCooperation:
throw new NotImplementedException();
//idreq.IsAuthenticated = true;
//break;
default:
throw new InvalidOperationException("Unrecognized scenario");
}
}
provider.Request.Response.Send();
}
}
public void UnsolicitedAssertionWithBadCapitalization()
{
Mocks.MockHttpRequest.RegisterMockRPDiscovery();
TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval;
Identifier claimedId = TestSupport.GetMockIdentifier(scenario, ProtocolVersion.V20);
claimedId = claimedId.ToString().ToUpper(); // make all caps, which is not right
Identifier localId = TestSupport.GetDelegateUrl(scenario);
OpenIdProvider op = TestSupport.CreateProvider(null);
IResponse assertion = op.PrepareUnsolicitedAssertion(TestSupport.Realm, claimedId, localId);
var rpResponse = TestSupport.CreateRelyingPartyResponse(TestSupport.RelyingPartyStore, assertion);
Assert.AreEqual(AuthenticationStatus.Failed, rpResponse.Status);
}
void parameterizedIdentityEndpointPage(ProtocolVersion version)
{
Protocol protocol = Protocol.Lookup(version);
TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval;
Identifier identityUrl = TestSupport.GetIdentityUrl(scenario, version);
string html = UITestSupport.Host.ProcessRequest(identityUrl);
TestSupport.Logger.InfoFormat("{0} response:{1}{2}", identityUrl, Environment.NewLine, html);
Assert.IsTrue(Regex.IsMatch(html, string.Format(CultureInfo.InvariantCulture,
@"\<link rel=""{1}"" href=""http://[^/]+/{0}""\>\</link\>",
Regex.Escape(TestSupport.ProviderPage),
Regex.Escape(protocol.HtmlDiscoveryProviderKey))));
Assert.IsTrue(Regex.IsMatch(html, string.Format(CultureInfo.InvariantCulture,
@"\<link rel=""{1}"" href=""http://[^/]+{0}""\>\</link\>",
Regex.Escape(new Uri(TestSupport.GetDelegateUrl(scenario).ToString()).AbsolutePath),
Regex.Escape(protocol.HtmlDiscoveryLocalIdKey))));
}
protected T ParameterizedTest <T>(TestSupport.Scenarios scenario, ProtocolVersion version, IExtensionRequest extension)
where T : IExtensionResponse, new()
{
var rpRequest = TestSupport.CreateRelyingPartyRequest(false, scenario, version);
if (extension != null)
{
rpRequest.AddExtension(extension);
}
var response = TestSupport.CreateRelyingPartyResponseThroughProvider(rpRequest, request => {
TestSupport.SetAuthenticationFromScenario(scenario, request);
ExtensionsResponder(request);
});
Assert.AreEqual(AuthenticationStatus.Authenticated, response.Status);
return(response.GetExtension <T>());
}
public void UnsolicitedAssertionWithRequireSslWithoutSecureIdentityUrl()
{
MockHttpRequest.Reset();
Mocks.MockHttpRequest.RegisterMockRPDiscovery();
TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval;
Identifier claimedId = TestSupport.GetMockIdentifier(scenario, ProtocolVersion.V20);
Identifier localId = TestSupport.GetDelegateUrl(scenario);
OpenIdProvider op = TestSupport.CreateProvider(null);
IResponse assertion = op.PrepareUnsolicitedAssertion(TestSupport.Realm, claimedId, localId);
var opAuthWebResponse = (Response)assertion;
var opAuthResponse = (DotNetOpenId.Provider.EncodableResponse)opAuthWebResponse.EncodableMessage;
var rp = TestSupport.CreateRelyingParty(TestSupport.RelyingPartyStore, opAuthResponse.RedirectUrl,
opAuthResponse.EncodedFields.ToNameValueCollection());
rp.Settings.RequireSsl = true;
Assert.AreEqual(AuthenticationStatus.Failed, rp.Response.Status);
Assert.IsNull(rp.Response.ClaimedIdentifier);
}
private void ExtensionsResponder(OPRequest request)
{
var sregRequest = request.GetExtension <ClaimsRequest>();
var sregResponse = sregRequest != null?sregRequest.CreateResponse() : null;
var aeFetchRequest = request.GetExtension <FetchRequest>();
var aeFetchResponse = new FetchResponse();
var aeStoreRequest = request.GetExtension <StoreRequest>();
var aeStoreResponse = new StoreResponse();
var papeRequest = request.GetExtension <PolicyRequest>();
var papeResponse = new PolicyResponse();
TestSupport.Scenarios scenario = (TestSupport.Scenarios)Enum.Parse(typeof(TestSupport.Scenarios),
new Uri(request.LocalIdentifier).AbsolutePath.TrimStart('/'));
switch (scenario)
{
case TestSupport.Scenarios.ExtensionFullCooperation:
if (sregRequest != null)
{
if (sregRequest.FullName != SregDemandLevel.NoRequest)
{
sregResponse.FullName = "Andrew Arnott";
}
if (sregRequest.Email != SregDemandLevel.NoRequest)
{
sregResponse.Email = "*****@*****.**";
}
}
if (aeFetchRequest != null)
{
var att = aeFetchRequest.GetAttribute(nicknameTypeUri);
if (att != null)
{
aeFetchResponse.AddAttribute(att.Respond("Andrew"));
}
att = aeFetchRequest.GetAttribute(emailTypeUri);
if (att != null)
{
string[] emails = new[] { "*****@*****.**", "*****@*****.**" };
string[] subset = new string[Math.Min(emails.Length, att.Count)];
Array.Copy(emails, subset, subset.Length);
aeFetchResponse.AddAttribute(att.Respond(subset));
}
foreach (var att2 in aeFetchRequest.Attributes)
{
if (storedAttributes.ContainsKey(att2.TypeUri))
{
aeFetchResponse.AddAttribute(storedAttributes[att2.TypeUri]);
}
}
}
if (papeRequest != null)
{
if (papeRequest.MaximumAuthenticationAge.HasValue)
{
papeResponse.AuthenticationTimeUtc = DateTime.UtcNow - (papeRequest.MaximumAuthenticationAge.Value - TimeSpan.FromSeconds(30));
}
if (papeRequest.PreferredAuthLevelTypes.Contains(PapeConstants.AuthenticationLevels.NistTypeUri))
{
papeResponse.NistAssuranceLevel = NistAssuranceLevel.Level1;
}
}
break;
case TestSupport.Scenarios.ExtensionPartialCooperation:
if (sregRequest != null)
{
if (sregRequest.FullName == SregDemandLevel.Require)
{
sregResponse.FullName = "Andrew Arnott";
}
if (sregRequest.Email == SregDemandLevel.Require)
{
sregResponse.Email = "*****@*****.**";
}
}
if (aeFetchRequest != null)
{
var att = aeFetchRequest.GetAttribute(nicknameTypeUri);
if (att != null && att.IsRequired)
{
aeFetchResponse.AddAttribute(att.Respond("Andrew"));
}
att = aeFetchRequest.GetAttribute(emailTypeUri);
if (att != null && att.IsRequired)
{
string[] emails = new[] { "*****@*****.**", "*****@*****.**" };
string[] subset = new string[Math.Min(emails.Length, att.Count)];
Array.Copy(emails, subset, subset.Length);
aeFetchResponse.AddAttribute(att.Respond(subset));
}
foreach (var att2 in aeFetchRequest.Attributes)
{
if (att2.IsRequired && storedAttributes.ContainsKey(att2.TypeUri))
{
aeFetchResponse.AddAttribute(storedAttributes[att2.TypeUri]);
}
}
}
break;
}
if (aeStoreRequest != null)
{
foreach (var att in aeStoreRequest.Attributes)
{
storedAttributes[att.TypeUri] = att;
}
aeStoreResponse.Succeeded = true;
}
if (sregRequest != null)
{
request.AddResponseExtension(sregResponse);
}
if (aeFetchRequest != null)
{
request.AddResponseExtension(aeFetchResponse);
}
if (aeStoreRequest != null)
{
request.AddResponseExtension(aeStoreResponse);
}
if (papeRequest != null)
{
request.AddResponseExtension(papeResponse);
}
}
