private static NotificationInstallationsController InitializeAuthenticatedController()
{
string signingKey = "6523e58bc0eec42c31b9635d5e0dfc23b6d119b73e633bf3a5284c79bb4a1ede"; // SHA256 hash of 'secret_key'
HttpConfiguration config = new HttpConfiguration();
AppServiceTokenHandler handler = new AppServiceTokenHandler(config);
string url = "http://localhost";
Claim[] claims = new Claim[] { new Claim("sub", "my:userid") };
// Create a token the same way as App Service Authentication
JwtSecurityToken token = AppServiceLoginHandler.CreateToken(claims, signingKey, url, url, TimeSpan.FromDays(10));
// Validate that token and parse it into a ClaimsPrincipal the same way as App Service Authentication
ClaimsPrincipal user = null;
string[] validIssAud = new[] { url };
handler.TryValidateLoginToken(token.RawData, signingKey, validIssAud, validIssAud, out user);
NotificationInstallationsController controller = new NotificationInstallationsController();
controller.Configuration = config;
controller.Request = new HttpRequestMessage();
controller.User = user;
return(controller);
}
public AppServiceTokenHandlerTests()
{
this.config = new HttpConfiguration();
this.tokenHandlerMock = new Mock <AppServiceTokenHandler>(this.config)
{
CallBase = true
};
this.tokenHandler = this.tokenHandlerMock.Object;
this.credentials = new FacebookCredentials
{
UserId = "Facebook:1234",
AccessToken = "abc123"
};
}
public static IAppServiceTokenHandler GetAppServiceTokenHandler(this HttpConfiguration config)
{
if (config == null)
{
throw new ArgumentNullException("config");
}
IAppServiceTokenHandler handler;
if (!config.Properties.TryGetValue(ServiceTokenHandlerKey, out handler))
{
handler = new AppServiceTokenHandler(config);
config.Properties[ServiceTokenHandlerKey] = handler;
}
return(handler);
}
public void ValidateToken_PassesWithValidToken()
{
// Arrange
string audience = this.testWebsiteUrls[0];
string issuer = this.testWebsiteUrls[0];
TimeSpan lifetime = new TimeSpan(24, 0, 0);
DateTime tokenCreationDate = DateTime.UtcNow;
DateTime tokenExpiryDate = tokenCreationDate + lifetime;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDate, tokenExpiryDate, audience, issuer);
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
// Assert
AppServiceTokenHandler.ValidateToken(token.RawData, this.testSecretKey, audience, issuer);
}
public void ValidateToken_ThrowsArgumentException_WithMalformedToken()
{
// Arrange
string audience = this.testWebsiteUrls[0];
string issuer = this.testWebsiteUrls[0];
TimeSpan lifetime = new TimeSpan(24, 0, 0);
DateTime tokenCreationDate = DateTime.UtcNow;
DateTime tokenExpiryDate = tokenCreationDate + lifetime;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDate, tokenExpiryDate, audience, issuer);
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
ArgumentException ex = Assert.Throws <ArgumentException>(() =>
AppServiceTokenHandler.ValidateToken(token.RawData + ".malformedbits.!.2.", this.testSecretKey, audience, issuer));
// Assert
Assert.Contains("IDX10708: 'System.IdentityModel.Tokens.JwtSecurityTokenHandler' cannot read this string", ex.Message, StringComparison.Ordinal);
}
public void ValidateToken_ThrowsSecurityTokenValidationException_WhenIssuerIsBlank()
{
// Arrange
string audience = this.testWebsiteUrls[0];
string issuer = string.Empty;
TimeSpan lifetime = new TimeSpan(24, 0, 0);
DateTime tokenCreationDate = DateTime.UtcNow;
DateTime tokenExpiryDate = tokenCreationDate + lifetime;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDate, tokenExpiryDate, audience, issuer);
tokenDescriptor.TokenIssuerName = string.Empty;
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
SecurityTokenInvalidIssuerException ex = Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
AppServiceTokenHandler.ValidateToken(token.RawData, this.testSecretKey, audience, issuer));
// Assert
Assert.Contains("IDX10211: Unable to validate issuer. The 'issuer' parameter is null or whitespace", ex.Message, StringComparison.Ordinal);
}
public void ValidateToken_ThrowsSecurityTokenValidationException_WhenTokenExpired()
{
// Arrange
string audience = this.testWebsiteUrls[0];
string issuer = this.testWebsiteUrls[0];
TimeSpan lifetime = new TimeSpan(0, 0, 1);
DateTime tokenCreationDate = DateTime.UtcNow + new TimeSpan(-1, 0, 0);
DateTime tokenExpiryDate = tokenCreationDate + lifetime;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDate, tokenExpiryDate, audience, issuer);
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
System.Threading.Thread.Sleep(1000);
SecurityTokenExpiredException ex = Assert.Throws <SecurityTokenExpiredException>(() =>
AppServiceTokenHandler.ValidateToken(token.RawData, this.testSecretKey, audience, issuer));
// Assert
Assert.Contains("IDX10223: Lifetime validation failed. The token is expired", ex.Message, StringComparison.Ordinal);
}
public void ValidateToken_ThrowsSecurityTokenValidationException_WhenValidFromIsAfterCurrentTime()
{
// Arrange
string audience = this.testWebsiteUrls[0];
string issuer = this.testWebsiteUrls[0];
TimeSpan lifetimeFiveMinute = new TimeSpan(0, 5, 0);
DateTime tokenCreationDateInFuture = DateTime.UtcNow + new TimeSpan(1, 0, 0);
DateTime tokenExpiryDate = tokenCreationDateInFuture + lifetimeFiveMinute;
SecurityTokenDescriptor tokenDescriptor = this.GetTestSecurityTokenDescriptor(tokenCreationDateInFuture, tokenExpiryDate, audience, issuer);
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken;
// Act
// Assert
SecurityTokenNotYetValidException ex = Assert.Throws <SecurityTokenNotYetValidException>(() =>
AppServiceTokenHandler.ValidateToken(token.RawData, this.testSecretKey, audience, issuer));
Assert.Contains("IDX10222: Lifetime validation failed. The token is not yet valid", ex.Message, StringComparison.Ordinal);
}