public async Task When_Adding_Permission_Then_TicketId_Is_Returned()
{
const string baseUrl = "http://localhost:5000";
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
var resource = await _resourceSetClient.AddByResolution(new PostResourceSet
{
Name = "picture",
Scopes = new List <string>
{
"read"
}
}, baseUrl + "/.well-known/uma-configuration", "header");
// ACT
var ticket = await _permissionClient.AddByResolution(new PostPermission
{
ResourceSetId = resource.Id,
Scopes = new List <string>
{
"read"
}
}, baseUrl + "/.well-known/uma-configuration", "header");
// ASSERT
Assert.NotNull(ticket);
Assert.NotEmpty(ticket.TicketId);
}
public async Task When_Scopes_Doesnt_Exist_Then_Error_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
var resource = await _resourceSetClient.AddByResolution(new PostResourceSet
{
Name = "picture",
Scopes = new List <string>
{
"read"
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
// ACT
var ticket = await _permissionClient.AddByResolution(new PostPermission
{
ResourceSetId = resource.Content.Id,
Scopes = new List <string>
{
"scopescopescope"
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
// ASSERTS
Assert.True(ticket.ContainsError);
Assert.Equal("invalid_scope", ticket.Error.Error);
Assert.Equal("one or more scopes are not valid", ticket.Error.ErrorDescription);
}
public async Task When_Client_Is_Not_Authenticated_Then_Error_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
var resource = await _resourceSetClient.AddByResolution(new PostResourceSet
{
Name = "picture",
Scopes = new List <string>
{
"read"
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
// ACT
UserStore.Instance().ClientId = null;
var ticket = await _permissionClient.AddByResolution(new PostPermission
{
ResourceSetId = resource.Content.Id,
Scopes = new List <string>
{
"read"
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
UserStore.Instance().ClientId = "client";
// ASSERTS
Assert.True(ticket.ContainsError);
Assert.Equal("invalid_request", ticket.Error.Error);
Assert.Equal("the client_id cannot be extracted", ticket.Error.ErrorDescription);
}
public async Task When_Adding_Policy_Then_Information_Can_Be_Returned()
{
const string baseUrl = "http://localhost:5000";
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
var addResponse = await _resourceSetClient.AddByResolution(new PostResourceSet
{
Name = "picture",
Scopes = new List <string>
{
"read"
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
// ACT
var response = await _policyClient.AddByResolution(new PostPolicy
{
Rules = new List <PostPolicyRule>
{
new PostPolicyRule
{
IsResourceOwnerConsentNeeded = false,
Claims = new List <PostClaim>
{
new PostClaim
{
Type = "role",
Value = "administrator"
}
},
Scopes = new List <string>
{
"read"
}
}
},
ResourceSetIds = new List <string>
{
addResponse.Id
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
var information = await _policyClient.GetByResolution(response.PolicyId, baseUrl + "/.well-known/uma2-configuration", "header");
// ASSERT
Assert.NotNull(response);
Assert.False(string.IsNullOrWhiteSpace(response.PolicyId));
Assert.NotNull(information);
Assert.True(information.Rules.Count() == 1);
Assert.True(information.ResourceSetIds.Count() == 1 && information.ResourceSetIds.First() == addResponse.Id);
var rule = information.Rules.First();
Assert.False(rule.IsResourceOwnerConsentNeeded);
Assert.True(rule.Claims.Count() == 1);
Assert.True(rule.Scopes.Count() == 1);
}
public async Task When_Add_Resource_And_No_Name_Is_Specified_Then_Error_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
// ACT
var resource = await _resourceSetClient.AddByResolution(new PostResourceSet
{
Name = string.Empty
},
baseUrl + "/.well-known/uma2-configuration", "header");
// ASSERT
Assert.NotNull(resource);
Assert.True(resource.ContainsError);
Assert.Equal("invalid_request", resource.Error.Error);
Assert.Equal("the parameter name needs to be specified", resource.Error.ErrorDescription);
}
public async Task When_Adding_Resource_Then_Information_Can_Be_Retrieved()
{
const string baseUrl = "http://localhost:5000";
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
// ACT
var resource = await _resourceSetClient.AddByResolution(new PostResourceSet
{
Name = "name",
Scopes = new List <string>
{
"scope"
}
},
baseUrl + "/.well-known/uma-configuration", "header");
// ASSERT
Assert.NotNull(resource);
}
public async Task When_Introspecting_RptToken_Then_Information_Are_Returned()
{
const string baseUrl = "http://localhost:5000";
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
// 1. Add resource.
var addResource = await _resourceSetClient.AddByResolution(new PostResourceSet
{
Name = "picture",
Scopes = new List<string>
{
"read"
}
}, baseUrl + "/.well-known/uma-configuration", "header");
// 2. Add authorization policy.
var addPolicy = await _policyClient.AddByResolution(new PostPolicy
{
Rules = new List<PostPolicyRule>
{
new PostPolicyRule
{
IsResourceOwnerConsentNeeded = false,
Scopes = new List<string>
{
"read"
},
ClientIdsAllowed = new List<string>
{
"client"
}
}
},
ResourceSetIds = new List<string>
{
addResource.Id
}
}, baseUrl + "/.well-known/uma-configuration", "header");
// 3. Add the permission.
var addPermission = await _permissionClient.AddByResolution(new PostPermission
{
ResourceSetId = addResource.Id,
Scopes = new List<string>
{
"read"
}
}, baseUrl + "/.well-known/uma-configuration", "header");
// 4. Get RPT token
var authResponse = await _authorizationClient.GetByResolution(new PostAuthorization
{
TicketId = addPermission.TicketId
}, baseUrl + "/.well-known/uma-configuration", "header");
// ACT
// 5. Introspect the RPT token.
var introspectionResult = await _introspectionClient.GetByResolution(authResponse.Rpt, baseUrl + "/.well-known/uma-configuration");
// ASSERT
Assert.NotNull(introspectionResult);
Assert.True(introspectionResult.IsActive);
}
public async Task When_Add_Policy_And_Scope_Doesnt_Exists_Then_Error_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
var addResponse = await _resourceSetClient.AddByResolution(new PostResourceSet
{
Name = "picture",
Scopes = new List <string>
{
"read"
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
// ACT
var response = await _policyClient.AddByResolution(new PostPolicy
{
ResourceSetIds = new List <string>
{
addResponse.Content.Id
},
Rules = new List <PostPolicyRule>
{
new PostPolicyRule
{
Scopes = new List <string>
{
"scope"
}
}
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
// ASSERT
Assert.NotNull(response);
Assert.True(response.ContainsError);
Assert.Equal("invalid_scope", response.Error.Error);
Assert.Equal("one or more scopes don't belong to a resource set", response.Error.ErrorDescription);
}
public async Task When_Using_TicketId_Grant_Type_Then_AccessToken_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
var jwsPayload = new JwsPayload();
jwsPayload.Add("iss", "http://server.example.com");
jwsPayload.Add("sub", "248289761001");
jwsPayload.Add("aud", "s6BhdRkqt3");
jwsPayload.Add("nonce", "n-0S6_WzA2Mj");
jwsPayload.Add("exp", "1311281970");
jwsPayload.Add("iat", "1311280970");
var jwt = _jwsGenerator.Generate(jwsPayload, JwsAlg.RS256, _server.SharedCtx.SignatureKey);
// ACT
var result = await _clientAuthSelector.UseClientSecretPostAuth("resource_server", "resource_server") // Get PAT.
.UseClientCredentials("uma_protection", "uma_authorization")
.ResolveAsync(baseUrl + "/.well-known/uma2-configuration");
var resource = await _resourceSetClient.AddByResolution(new PostResourceSet // Add ressource.
{
Name = "name",
Scopes = new List <string>
{
"read",
"write",
"execute"
}
},
baseUrl + "/.well-known/uma2-configuration", result.Content.AccessToken);
var addPolicy = await _policyClient.AddByResolution(new PostPolicy // Add an authorization policy.
{
Rules = new List <PostPolicyRule>
{
new PostPolicyRule
{
IsResourceOwnerConsentNeeded = false,
Scopes = new List <string>
{
"read"
},
ClientIdsAllowed = new List <string>
{
"resource_server"
},
Claims = new List <PostClaim>
{
new PostClaim {
Type = "sub", Value = "248289761001"
}
}
}
},
ResourceSetIds = new List <string>
{
resource.Content.Id
}
}, baseUrl + "/.well-known/uma2-configuration", result.Content.AccessToken);
var ticket = await _permissionClient.AddByResolution(new PostPermission // Add permission & retrieve a ticket id.
{
ResourceSetId = resource.Content.Id,
Scopes = new List <string>
{
"read"
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
var token = await _clientAuthSelector.UseClientSecretPostAuth("resource_server", "resource_server") // Try to get the access token via "ticket_id" grant-type.
.UseTicketId(ticket.Content.TicketId, jwt)
.ResolveAsync(baseUrl + "/.well-known/uma2-configuration");
// ASSERTS.
Assert.NotNull(token);
}
