public void IssueAccessTokenForClientCredentials()
        {
            ClientBase cl = new ClientBase { ClientId = "123", ClientSecret = "secret" };
            AccessTokenBase token = new AccessTokenBase{ ExpiresIn = 120, Token = Guid.NewGuid().ToString()};

            TokenContext context = new TokenContext
            {
                Client = new ClientBase { ClientId = "123", ClientSecret = "secret" },
                GrantType = Parameters.GrantTypeValues.ClientCredentials
            };

            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x=>x.AuthenticateClient(context)).Returns(true);
            mckClientService.Setup(x => x.FindClient("123")).Returns(cl);
            Mock<ITokenService> mckTokenService = new Mock<ITokenService>();
            mckTokenService.Setup(x=>x.IssueAccessToken(cl)).Returns(token);
            Mock<IServiceFactory> mckServiceFactory = new Mock<IServiceFactory>();
            mckServiceFactory.SetupGet(x=>x.ClientService).Returns(mckClientService.Object);
            mckServiceFactory.SetupGet(x=>x.TokenService).Returns(mckTokenService.Object);

            ClientCredentialsProcessor processor = new ClientCredentialsProcessor(mckServiceFactory.Object);

            processor.Process(context);

            mckClientService.VerifyAll();
            mckServiceFactory.VerifyAll();
            mckTokenService.VerifyAll();

            Assert.AreEqual(token, context.Token);
        }
        public void TestProcessingNullInvalidAuthorizationGrantContext()
        {
            TokenContext context = new TokenContext()
            {
                Client = new ClientBase { ClientId = "321", ClientSecret = "secret" },
                AuthorizationCode = "123",
                GrantType = Parameters.GrantTypeValues.AuthorizationCode,
                RedirectUri = new Uri("http://www.mysites.com/callback"),
                Scope = new string[] { "create", "delete" }
            };

            Mock<IAuthorizationGrantService> mckAuthService = new Mock<IAuthorizationGrantService>();
            
            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(true);
            Mock<IServiceFactory> mckFactory = new Mock<IServiceFactory>();
            mckFactory.SetupGet(x => x.AuthorizationGrantService).Returns(mckAuthService.Object);
            mckFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);

            AuthenticationCodeProcessor processor = new AuthenticationCodeProcessor(mckFactory.Object);

            CommonProcessorErrorAssert(processor, context, Parameters.ErrorParameters.ErrorValues.InvalidGrant);

            mckFactory.VerifyAll();
            mckClientService.VerifyAll();
            mckAuthService.VerifyAll();
        }
        public void TestIssueingAccessTokenInvalidResourceOwner()
        {
            TokenContext context = new TokenContext();

            context.GrantType = Parameters.GrantTypeValues.Password;

            context.Client = new ClientBase
            {
                ClientId = "123",
                ClientSecret = "secret"
            };
            context.ResourceOwnerPassword = "******";
            context.ResourceOwnerUsername = "******";

            Mock<IResourceOwnerService> mckResourceOwnerService = new Mock<IResourceOwnerService>();
            mckResourceOwnerService.Setup(x => x.CredentialsAreValid(context)).Returns(false);

            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(true);

            Mock<IServiceFactory> mckServicFactory = new Mock<IServiceFactory>();
            mckServicFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);
            mckServicFactory.SetupGet(x => x.ResourceOwnerService).Returns(mckResourceOwnerService.Object);

            ResourceOwnerPasswordCredentialProcessor processor = new ResourceOwnerPasswordCredentialProcessor(mckServicFactory.Object);

            AssertExceptionResponse(context, processor, Parameters.ErrorParameters.ErrorValues.InvalidRequest, 400);
                        
            mckClientService.VerifyAll();
            mckResourceOwnerService.VerifyAll();
            mckServicFactory.VerifyAll();
        }
Ejemplo n.º 4
0
        public void TestUnhandledGrantTypeContext()
        {
            TokenContext context = new TokenContext
            {
                AuthorizationCode = "auth-code",
                Client = new ClientBase { ClientId = "client-id", ClientSecret = "secret" },
                GrantType = Parameters.GrantTypeValues.AuthorizationCode,
                RedirectUri = new Uri("http://www.mysite.com/callback")
            };

            Mock<IServiceFactory> mckServiceFactory = new Mock<IServiceFactory>();
            Mock<IContextInspector<ITokenContext>> mckInspector = new Mock<IContextInspector<ITokenContext>>();
            Mock<ContextProcessor<ITokenContext>> mckUnsupportedProcessor = new Mock<ContextProcessor<ITokenContext>>(mckServiceFactory.Object);
            mckUnsupportedProcessor.Setup(x => x.IsSatisfiedBy(context)).Returns(false);


            SimpleServiceLocator locator = new SimpleServiceLocator();
            locator.RegisterAll<ContextProcessor<ITokenContext>>(mckUnsupportedProcessor.Object);
            locator.RegisterAll<IContextInspector<ITokenContext>>(mckInspector.Object);
            ServiceLocator.SetLocatorProvider(() => locator);

            TokenProvider provider = new TokenProvider();

            provider.GrantAccessToken(context);
        }
        public void TestNullClientContext()
        {
            TokenContext context = new TokenContext();

            context.GrantType = Parameters.GrantTypeValues.AuthorizationCode;
            SpecificationInspector inspector = new SpecificationInspector();
            inspector.Inspect(context);
        }
        public void TestSatisfiedByMethod()
        {
            TokenContext context = new TokenContext();
            context.GrantType = Parameters.GrantTypeValues.AuthorizationCode;

            AuthenticationCodeProcessor processor = new AuthenticationCodeProcessor(new Mock<IServiceFactory>().Object);

            Assert.IsTrue(processor.IsSatisfiedBy(context));
        }
        public void TestProcessorSatisfiedBy()
        {
            TokenContext context = new TokenContext { GrantType = Parameters.GrantTypeValues.AuthorizationCode };

            RefreshTokenProcessor processor = new RefreshTokenProcessor(new Mock<IServiceFactory>().Object);

            Assert.IsFalse(processor.IsSatisfiedBy(context));
            context.GrantType = Parameters.GrantTypeValues.RefreshToken;
            Assert.IsTrue(processor.IsSatisfiedBy(context));
        }
        public void TestProcessorIsNotSatisified()
        {
            TokenContext context = new TokenContext();

            context.GrantType = Parameters.GrantTypeValues.AuthorizationCode;

            ResourceOwnerPasswordCredentialProcessor processor = new ResourceOwnerPasswordCredentialProcessor(new Mock<IServiceFactory>().Object);

            Assert.IsFalse(processor.IsSatisfiedBy(context));
        }
        public void TestIsSatisfiedByClientCredentialsGrant()
        {
            TokenContext context = new TokenContext();

            context.GrantType = Parameters.GrantTypeValues.ClientCredentials;

            ClientCredentialsProcessor processor = new ClientCredentialsProcessor(new Mock<IServiceFactory>().Object);

            Assert.IsTrue(processor.IsSatisfiedBy(context));
        }
        public void TestIsNotSatisfiedByAuthorizationCodeGrant()
        {
            TokenContext context = new TokenContext();

            context.GrantType = Parameters.GrantTypeValues.AuthorizationCode;

            ClientCredentialsProcessor processor = new ClientCredentialsProcessor(new Mock<IServiceFactory>().Object);

            Assert.IsFalse(processor.IsSatisfiedBy(context));
        }
        public void TestWrongGrantType()
        {
            TokenContext context = new TokenContext
            {
                GrantType = Parameters.GrantTypeValues.ClientCredentials,
            };

            RefreshAccessTokenInspector inspector = new RefreshAccessTokenInspector();

            inspector.Inspect(context);
        }
        public void TestWronGrantType()
        {
            TokenContext ctx = new TokenContext
            {
                GrantType = Parameters.GrantTypeValues.AuthorizationCode
            };

            ResourceOwnerPasswordCredentialInspector inspector = new ResourceOwnerPasswordCredentialInspector();

            inspector.Inspect(ctx);
        }
        public void TestMissingRefreshTokenContext()
        {
            TokenContext context = new TokenContext
            {
                GrantType = Parameters.GrantTypeValues.RefreshToken,
                Scope = new string[] { "create", "delete" }
            };

            RefreshAccessTokenInspector inspector = new RefreshAccessTokenInspector();

            CommonAssertInspector(inspector, context);
        }
        public void TestContextMissingClientSecret()
        {
            TokenContext context = new TokenContext();

            context.GrantType = Parameters.GrantTypeValues.AuthorizationCode;
            context.Client = new ClientBase
            {
                ClientId = "123"
            };
            SpecificationInspector inspector = new SpecificationInspector();
            CommonAssertInspector(inspector, context);
        }
        public void TestValidContext()
        {
            TokenContext context = new TokenContext
            {
                GrantType = Parameters.GrantTypeValues.RefreshToken,
                RefreshToken = "refresh",
                Scope = new string[] { "create", "delete" }
            };

            RefreshAccessTokenInspector inspector = new RefreshAccessTokenInspector();

            inspector.Inspect(context);
        }
        public void TestContextMissingPassword()
        {
            TokenContext ctx = new TokenContext
            {
                GrantType = Parameters.GrantTypeValues.Password,
                ResourceOwnerUsername = "******",
                Scope = new string[] { "create", "delete" }
            };

            ResourceOwnerPasswordCredentialInspector inspector = new ResourceOwnerPasswordCredentialInspector();

            CommonAssertInspector(inspector, ctx);
        }
        public void TestValidContext()
        {
            TokenContext context = new TokenContext();

            context.GrantType = Parameters.GrantTypeValues.AuthorizationCode;
            context.Client = new ClientBase
            {
                ClientId = "123",
                ClientSecret = "secret"
            };
            SpecificationInspector inspector = new SpecificationInspector();
            inspector.Inspect(context);
        }
        public void TestValidContext()
        {
            TokenContext ctx = new TokenContext
            {
                GrantType = Parameters.GrantTypeValues.Password,
                ResourceOwnerUsername = "******",
                ResourceOwnerPassword = "******",
                Scope = new string[] { "create", "delete" }
            };

            ResourceOwnerPasswordCredentialInspector inspector = new ResourceOwnerPasswordCredentialInspector();

            inspector.Inspect(ctx);
        }
        public void TestExchangingRefreshTokenForWrongClient()
        {
            ClientBase client = new ClientBase { ClientId = "id", ClientSecret = "secret" };
            
            TokenContext context = new TokenContext
            {
                RefreshToken = "refresh_token",
                Client = new ClientBase { ClientId = "id" },
                ResourceOwnerUsername = "******"
            };
            RefreshTokenBase refreshToken = new RefreshTokenBase
            {
                ClientId = "123",
                Scope = new string[] { "create", "delete" },
                Token = "refresh_token"
            };

            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(true);
            mckClientService.Setup(x => x.FindClient("id")).Returns(client);

            Mock<ITokenService> mckTokenService = new Mock<ITokenService>();
            mckTokenService.Setup(x => x.FindRefreshToken("refresh_token")).Returns(refreshToken);

            Mock<IServiceFactory> mckFactory = new Mock<IServiceFactory>();
            mckFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);
            mckFactory.SetupGet(x => x.TokenService).Returns(mckTokenService.Object);

            RefreshTokenProcessor processor = new RefreshTokenProcessor(mckFactory.Object);

            try
            {
                processor.Process(context);
                Assert.Fail("no exception trhown");
            }
            catch (OAuthErrorResponseException<IOAuthContext> x)
            {
                Assert.AreEqual(Parameters.ErrorParameters.ErrorValues.InvalidClient, x.Error);
            }
            catch (Exception x)
            {
                Assert.Fail("unexpected exception: " + x.Message);
            }

            mckFactory.VerifyAll();
            mckClientService.VerifyAll();
            mckTokenService.VerifyAll();
        }
        public void TestExchangingRefreshTokenForAccessToken()
        {
            ClientBase client = new ClientBase{ ClientId = "id", ClientSecret = "secret" };
            AccessTokenBase token = new AccessTokenBase{
                ExpiresIn = 120,
                RefreshToken = "refresh_token",
                Token = "new-token",
                TokenType = Parameters.AccessTokenTypeValues.Bearer
            };
            TokenContext context = new TokenContext
            {
                RefreshToken = "refresh_token",
                Client = client,
                ResourceOwnerUsername = "******"
            };
            RefreshTokenBase refreshToken = new RefreshTokenBase
            {
                ClientId = "id",
                Scope = new string[] { "create", "delete" },
                Token = "refresh_token"
            };

            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(true);
            mckClientService.Setup(x => x.FindClient("id")).Returns(client);

            Mock<ITokenService> mckTokenService = new Mock<ITokenService>();
            mckTokenService.Setup(x => x.FindRefreshToken("refresh_token")).Returns(refreshToken);
            mckTokenService.Setup(x => x.IssueAccessToken(refreshToken)).Returns(token);

            Mock<IServiceFactory> mckFactory = new Mock<IServiceFactory>();
            mckFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);
            mckFactory.SetupGet(x => x.TokenService).Returns(mckTokenService.Object);

            RefreshTokenProcessor processor = new RefreshTokenProcessor(mckFactory.Object);

            processor.Process(context);

            Assert.AreEqual(token, context.Token);

            mckFactory.VerifyAll();
            mckClientService.VerifyAll();
            mckTokenService.VerifyAll();
        }
        public void TestIssueingAccessToken()
        {
            TokenContext context = new TokenContext();

            context.GrantType = Parameters.GrantTypeValues.Password;

            context.Client = new ClientBase
            {
                ClientId = "123",
                ClientSecret = "secret"
            };
            context.ResourceOwnerPassword = "******";
            context.ResourceOwnerUsername = "******";

            AccessTokenBase token = new AccessTokenBase();
            Mock<IResourceOwnerService> mckResourceOwnerService = new Mock<IResourceOwnerService>();
            mckResourceOwnerService.Setup(x => x.CredentialsAreValid(context)).Returns(true);

            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(true);

            Mock<ITokenService> mckTokenService = new Mock<ITokenService>();
            mckTokenService.Setup(x => x.IssueAccessTokenForResourceOwner(context)).Returns(token);

            Mock<IServiceFactory> mckServicFactory = new Mock<IServiceFactory>();
            mckServicFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);
            mckServicFactory.SetupGet(x => x.TokenService).Returns(mckTokenService.Object);
            mckServicFactory.SetupGet(x => x.ResourceOwnerService).Returns(mckResourceOwnerService.Object);

            ResourceOwnerPasswordCredentialProcessor processor = new ResourceOwnerPasswordCredentialProcessor(mckServicFactory.Object);

            processor.Process(context);

            Assert.AreEqual(token, context.Token);
            mckClientService.VerifyAll();
            mckResourceOwnerService.VerifyAll();
            mckServicFactory.VerifyAll();
            mckTokenService.VerifyAll();

                 
        }
        public void TestProcessingValidContext()
        {
            TokenContext context = new TokenContext()
            {
                Client = new ClientBase { ClientId = "321", ClientSecret = "secret" },
                AuthorizationCode = "123",
                GrantType = Parameters.GrantTypeValues.AuthorizationCode,
                RedirectUri = new Uri("http://www.mysites.com/callback"),
                Scope = new string[] { "create", "delete" }
            };

			IAuthorizationGrant authorizationGrant = new AuthorizationGrantBase { Code = "123" };

            Mock<IAuthorizationGrantService> mckAuthService = new Mock<IAuthorizationGrantService>();
            mckAuthService.Setup(x => x.FindAuthorizationGrant("123")).Returns(authorizationGrant);
			mckAuthService.Setup(x => x.ConsumeGrant(It.IsAny<IAuthorizationGrant>()));
            mckAuthService.Setup(x => x.ValidateGrant(context, authorizationGrant)).Returns(true);

            Mock<ITokenService> mckTokenService = new Mock<ITokenService>();
            mckTokenService.Setup(x => x.IssueAccessToken(authorizationGrant)).Returns(new AccessTokenBase { TokenType = "bearer", RefreshToken = "refresh_token", Token = "token", ExpiresIn = 120 });
            
            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(true);

            Mock<IServiceFactory> mckFactory = new Mock<IServiceFactory>();
            mckFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);
            mckFactory.SetupGet(x => x.TokenService).Returns(mckTokenService.Object);
            mckFactory.SetupGet(x => x.AuthorizationGrantService).Returns(mckAuthService.Object);
            AuthenticationCodeProcessor processor = new AuthenticationCodeProcessor(mckFactory.Object);

            processor.Process(context);

            Assert.IsNotNull(context.Token);
            Assert.AreEqual(120, context.Token.ExpiresIn);
            Assert.AreEqual("refresh_token", context.Token.RefreshToken);
            Assert.AreEqual("token", context.Token.Token);

            mckFactory.VerifyAll();
            mckClientService.VerifyAll();
            mckTokenService.VerifyAll();
        }
        public void TestInvalidValidContext()
        {
            TokenContext context = new TokenContext();

            context.GrantType = "";

            SpecificationInspector inspector = new SpecificationInspector();
            try
            {
                inspector.Inspect(context);
                Assert.Fail("Did not throw an exception");
            }
            catch (OAuthErrorResponseException<ITokenContext> x)
            {
                Assert.AreEqual(Parameters.ErrorParameters.ErrorValues.InvalidRequest, x.Error);
            }
            catch (Exception)
            {
                Assert.Fail("Unexpected exception was thrown");
            }
        }
        public void IssueAccessTokenForInvalidClientCredentials()
        {
            ClientBase cl = new ClientBase { ClientId = "123", ClientSecret = "secret" };
            AccessTokenBase token = new AccessTokenBase { ExpiresIn = 120, Token = Guid.NewGuid().ToString() };

            TokenContext context = new TokenContext
            {
                Client = cl,
                GrantType = Parameters.GrantTypeValues.ClientCredentials
            };

            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(false);
            Mock<IServiceFactory> mckServiceFactory = new Mock<IServiceFactory>();
            mckServiceFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);


            ClientCredentialsProcessor processor = new ClientCredentialsProcessor(mckServiceFactory.Object);

            try
            {

                processor.Process(context);
                Assert.Fail("no exception thrown");
            }
            catch (OAuthErrorResponseException<ITokenContext> x)
            {
                Assert.AreEqual(Parameters.ErrorParameters.ErrorValues.UnauthorizedClient, x.Error);
                Assert.AreEqual(401, x.HttpStatusCode);
            }
            catch (Exception x)
            {
                Assert.Fail("unexpected exception was thrown: " + x.Message);
            }

            mckClientService.VerifyAll();
            mckServiceFactory.VerifyAll();
        }
        public void TestInvalidRefreshTokenForClient()
        {
            ClientBase client = new ClientBase { ClientId = "id", ClientSecret = "secret" };

            TokenContext context = new TokenContext
            {
                RefreshToken = "refresh_token",
                Client = client
            };

            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(true);
            mckClientService.Setup(x => x.FindClient("id")).Returns(client);

            Mock<ITokenService> mckTokenService = new Mock<ITokenService>();
            mckTokenService.Setup(x => x.FindRefreshToken("refresh_token")).Returns((RefreshTokenBase)null);


            Mock<IServiceFactory> mckFactory = new Mock<IServiceFactory>();
            mckFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);
            mckFactory.SetupGet(x => x.TokenService).Returns(mckTokenService.Object);

            RefreshTokenProcessor processor = new RefreshTokenProcessor(mckFactory.Object);
            
            AssertExceptionResponse(context, processor, Parameters.ErrorParameters.ErrorValues.InvalidRequest, 400);

            mckFactory.VerifyAll();
            mckClientService.VerifyAll();
            mckTokenService.VerifyAll();
        }
        public void TestInvalidClientExchangingRefreshToken()
        {
            ClientBase client = new ClientBase { ClientId = "id", ClientSecret = "secret" };

            TokenContext context = new TokenContext
            {
                RefreshToken = "refresh_token",
                Client = client
            };

            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(false);

            Mock<IServiceFactory> mckFactory = new Mock<IServiceFactory>();
            mckFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);

            RefreshTokenProcessor processor = new RefreshTokenProcessor(mckFactory.Object);

            AssertExceptionResponse(context, processor, Parameters.ErrorParameters.ErrorValues.UnauthorizedClient, 401);

            mckFactory.VerifyAll();
            mckClientService.VerifyAll();
        }
 private static void AssertExceptionResponse(TokenContext context, RefreshTokenProcessor processor, string parameter, int httpStatusCode)
 {
     try
     {
         processor.Process(context);
         Assert.Fail("no exception thrown");
     }
     catch (OAuthErrorResponseException<ITokenContext> x)
     {
         Assert.AreEqual(parameter, x.Error);
         Assert.AreEqual(httpStatusCode, x.HttpStatusCode);
     }
     catch (Exception x)
     {
         Assert.Fail("Unexpected exception: " + x.Message);
     }
 }
 private static void AssertExceptionResponse(TokenContext context, ResourceOwnerPasswordCredentialProcessor processor, string parameter, int httpStatusCode)
 {
     try
     {
         processor.Process(context);
         Assert.Fail("No exception was thrown");
     }
     catch (OAuthErrorResponseException<ITokenContext> x)
     {
         Assert.AreEqual(parameter, x.Error);
         Assert.AreEqual(httpStatusCode, x.HttpStatusCode);
     }
     catch (OAuthErrorResponseException<IOAuthContext> x)
     {
         Assert.AreEqual(parameter, x.Error);
         Assert.AreEqual(httpStatusCode, x.HttpStatusCode);
     }
     catch (Exception x)
     {
         Assert.Fail("Unexpected exception was thrown: " + x.Message);
     }
 }
        public void TestProcessingMismatchedRedirectUri()
        {
            TokenContext context = new TokenContext()
            {
                AuthorizationCode = "123",
                RedirectUri = new Uri("http://www.mysites.com/callback"),
                Client = new ClientBase { ClientId = "client", ClientSecret = "secret" }
            };

            Mock<IAuthorizationGrantService> mckAuthService = new Mock<IAuthorizationGrantService>();
            mckAuthService.Setup(x => x.FindAuthorizationGrant("123")).Returns(new AuthorizationGrantBase());

            Mock<IClientService> mckClientService = new Mock<IClientService>();
            mckClientService.Setup(x => x.AuthenticateClient(context)).Returns(true);

            Mock<IServiceFactory> mckFactory = new Mock<IServiceFactory>();
            mckFactory.SetupGet(x => x.AuthorizationGrantService).Returns(mckAuthService.Object);
            mckFactory.SetupGet(x => x.ClientService).Returns(mckClientService.Object);

            AuthenticationCodeProcessor processor = new AuthenticationCodeProcessor(mckFactory.Object);
            CommonProcessorErrorAssert(processor, context, Parameters.ErrorParameters.ErrorValues.InvalidGrant);

            mckFactory.VerifyAll();
            mckAuthService.VerifyAll();
        }