public void PopulateProviderCredentials_MicrosoftAccount_CreatesExpectedCredentials()
{
const string UserIdClaimValue = "MicrosoftId";
MicrosoftAccountCredentials credentials = new MicrosoftAccountCredentials();
TokenResult tokenResult = new TokenResult();
tokenResult.Properties.Add(TokenResult.Authentication.AccessTokenName, "TestAccessToken");
tokenResult.Properties.Add(TokenResult.Authentication.RefreshTokenName, "TestRefreshToken");
tokenResult.Properties.Add("AccessTokenExpiration", "2015-03-12T16:49:28.504Z");
Dictionary <string, string> claims = new Dictionary <string, string>
{
{ "Claim1", "Value1" },
{ "Claim2", "Value1" },
{ "Claim3", "Value1" },
{ ClaimTypes.NameIdentifier, UserIdClaimValue }
};
tokenResult.Claims = claims;
MobileAppUser.PopulateProviderCredentials(tokenResult, credentials);
Assert.Equal("TestAccessToken", credentials.AccessToken);
Assert.Equal("TestRefreshToken", credentials.RefreshToken);
Assert.Equal(DateTimeOffset.Parse("2015-03-12T16:49:28.504Z"), credentials.AccessTokenExpiration);
Assert.Equal(UserIdClaimValue, credentials.UserId);
Assert.Equal(claims.Count, credentials.Claims.Count);
}
public void TryParseLoginToken_NoTokenValidation_ReturnsExpectedClaims()
{
// Arrange
Mock <MobileAppTokenHandler> tokenHandlerMock = new Mock <MobileAppTokenHandler>(this.config);
MobileAppAuthenticationHandlerMock authHandlerMock = new MobileAppAuthenticationHandlerMock(this.loggerMock.Object, tokenHandlerMock.Object);
MobileAppAuthenticationOptions skipOptions = new MobileAppAuthenticationOptions();
skipOptions.SigningKey = "SOME_SIGNING_KEY";
skipOptions.SkipTokenSignatureValidation = true;
JwtSecurityToken skipToken = GetTestToken("SOME_OTHER_KEY");
// Act
ClaimsPrincipal skipClaimsPrincipal;
bool skipResult = authHandlerMock.TryParseLoginToken(skipToken.RawData, skipOptions, out skipClaimsPrincipal);
// Assert
tokenHandlerMock.Verify(h => h.TryValidateLoginToken(It.IsAny <string>(), It.IsAny <string>(), out skipClaimsPrincipal), Times.Never);
Assert.True(skipResult);
MobileAppUser user = this.tokenHandler.CreateServiceUser((ClaimsIdentity)skipClaimsPrincipal.Identity, skipToken.RawData);
Assert.Equal("Facebook:1234", user.Id);
Assert.True(user.Identity.IsAuthenticated);
Claim[] claims = user.Claims.ToArray();
Assert.Equal(8, claims.Length);
Assert.Equal("Frank", claims.Single(p => p.Type == ClaimTypes.GivenName).Value);
Assert.Equal("Miller", claims.Single(p => p.Type == ClaimTypes.Surname).Value);
Assert.Equal("Admin", claims.Single(p => p.Type == ClaimTypes.Role).Value);
Assert.Equal("Facebook:1234", claims.Single(p => p.Type == "uid").Value);
Assert.Equal("MyClaimValue", claims.Single(p => p.Type == "my_custom_claim").Value);
}
public async Task GetIdentitiesAsync_Throws_IfGatewayUrlNotInAppSettings()
{
// Arrange
ConfigurationManager.AppSettings["EMA_RuntimeUrl"] = null;
// ServiceUser should be authenticated to hit the exception
MobileAppUser user = new MobileAppUser(CreateMockClaimsIdentity(Enumerable.Empty <Claim>(), true));
user.MobileAppAuthenticationToken = "1234567890";
NullReferenceException ex = null;
// Act
try
{
ex = await Assert.ThrowsAsync <NullReferenceException>(() => user.GetIdentityAsync <FacebookCredentials>());
}
finally
{
// reset the config for future tests
ConfigurationManager.RefreshSection("appSettings");
}
// Assert
Assert.NotNull(ex);
Assert.Equal("The 'EMA_RuntimeUrl' app setting is missing from the configuration.", ex.Message);
}
public void PopulateProviderCredentials_Facebook_CreatesExpectedCredentials()
{
const string UserIdClaimValue = "FacebookId";
FacebookCredentials credentials = new FacebookCredentials();
TokenResult tokenResult = new TokenResult();
tokenResult.Properties.Add(TokenResult.Authentication.AccessTokenName, "TestAccessToken");
Dictionary <string, string> claims = new Dictionary <string, string>
{
{ "Claim1", "Value1" },
{ "Claim2", "Value1" },
{ "Claim3", "Value1" },
{ ClaimTypes.NameIdentifier, UserIdClaimValue }
};
tokenResult.Claims = claims;
MobileAppUser.PopulateProviderCredentials(tokenResult, credentials);
Assert.Equal("TestAccessToken", credentials.AccessToken);
Assert.Equal(UserIdClaimValue, credentials.UserId);
Assert.Equal(claims.Count, credentials.Claims.Count);
}
public void TryParseLoginToken_ReturnsExpectedClaims()
{
// Arrange
MobileAppAuthenticationOptions options = new MobileAppAuthenticationOptions();
options.SigningKey = "SOME_SIGNING_KEY";
// SkipTokenSignatureValidation defaults to false
JwtSecurityToken token = GetTestToken(options.SigningKey);
// Act
ClaimsPrincipal claimsPrincipal;
bool result = this.handlerMock.TryParseLoginToken(token.RawData, options, out claimsPrincipal);
// Assert
Assert.True(result);
MobileAppUser user = this.tokenHandler.CreateServiceUser((ClaimsIdentity)claimsPrincipal.Identity, token.RawData);
Assert.Equal("Facebook:1234", user.Id);
Assert.True(user.Identity.IsAuthenticated);
Claim[] claims = user.Claims.ToArray();
Assert.Equal(8, claims.Length);
Assert.Equal("Frank", claims.Single(p => p.Type == ClaimTypes.GivenName).Value);
Assert.Equal("Miller", claims.Single(p => p.Type == ClaimTypes.Surname).Value);
Assert.Equal("Admin", claims.Single(p => p.Type == ClaimTypes.Role).Value);
Assert.Equal("Facebook:1234", claims.Single(p => p.Type == "uid").Value);
Assert.Equal("MyClaimValue", claims.Single(p => p.Type == "my_custom_claim").Value);
}
public void IsTokenValid_ReturnsTrue_WhenTokenIsValid()
{
// Arrange
TokenResult tokenResult = new TokenResult();
// Act
bool result = MobileAppUser.IsTokenValid(tokenResult);
// Assert
Assert.True(result);
}
public async Task GetIdentitiesAsync_ReturnsNull_IfUserNotAuthenticated()
{
// Arrange
MobileAppUser user = new MobileAppUser(CreateMockClaimsIdentity(Enumerable.Empty <Claim>(), false));
// Act
var tokenResult = await user.GetIdentityAsync <FacebookCredentials>();
// Assert
Assert.Null(tokenResult);
}
public void UserPropertiesAreValid()
{
// Arrange
// Act
MobileAppUser user = this.CreateTestUser();
// Assert
this.tokenHandlerMock.Verify();
Assert.Equal(this.facebookCredentials.UserId, user.Id);
Assert.True(user.Identity.IsAuthenticated);
}
private void ValidateLoginToken(string token, FacebookCredentials expectedCredentials)
{
// validate the token and get the claims principal
ClaimsPrincipal claimsPrincipal = null;
Assert.True(this.tokenHandler.TryValidateLoginToken(token, TestSecretKey, out claimsPrincipal));
// create a user from the token and validate properties
MobileAppUser user = this.tokenHandler.CreateServiceUser((ClaimsIdentity)claimsPrincipal.Identity, token);
Assert.Equal(expectedCredentials.UserId, user.Id);
Assert.Equal(token, user.MobileAppAuthenticationToken);
}
public async Task GetIdentitiesAsync_ReturnsNull_IfMobileAppAuthenticationTokenIsNullOrEmpty(string token)
{
// Arrange
MobileAppUser user = new MobileAppUser(CreateMockClaimsIdentity(Enumerable.Empty <Claim>(), true));
user.MobileAppAuthenticationToken = token;
// Act
var tokenResult = await user.GetIdentityAsync <FacebookCredentials>();
// Assert
Assert.Null(tokenResult);
}
private IHttpActionResult GetUserDetails()
{
MobileAppUser user = this.User as MobileAppUser;
JObject details = null;
if (user != null)
{
details = new JObject
{
{ "id", user.Id },
};
}
return(this.Json(details));
}
public void IsTokenValid_ReturnsFalse_WhenTokenIsInvalid()
{
// Arrange
// This is what is returned when a token is not found.
TokenResult tokenResult = new TokenResult()
{
Diagnostics = "Token not found in store. id=sid:90BF712CA4464DDCADED130D8E5D1D8E, name=Twitter"
};
// Act
bool result = MobileAppUser.IsTokenValid(tokenResult);
// Assert
Assert.False(result);
}
public async Task <IActionResult> OnGetAsync(string id)
{
if (id == null)
{
return(NotFound());
}
MobileAppUser = await _context.MobileAppUsers.FirstOrDefaultAsync(m => m.Id == id);
if (MobileAppUser == null)
{
return(NotFound());
}
return(Page());
}
public void CreateUser_DoesNotSetUserId_WhenSpecifiedLevelIsNotUser()
{
// Arrange
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, "provider:providerId"),
};
ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims);
// Act
MobileAppUser user = this.tokenHandler.CreateServiceUser(claimsIdentity, null);
// Assert
Assert.Null(user.Id);
Assert.False(user.Identity.IsAuthenticated);
}
public async Task <IActionResult> OnPostAsync(string id)
{
if (id == null)
{
return(NotFound());
}
MobileAppUser = await _context.MobileAppUsers.FindAsync(id);
if (MobileAppUser != null)
{
_context.MobileAppUsers.Remove(MobileAppUser);
await _context.SaveChangesAsync();
}
return(RedirectToPage("./Index"));
}
/// <summary>
/// Create a test user
/// </summary>
private MobileAppUser CreateTestUser()
{
Claim[] claims = new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, this.facebookCredentials.UserId)
};
TokenInfo info = this.tokenHandler.CreateTokenInfo(claims, TimeSpan.FromDays(10), this.key);
JwtSecurityToken token = info.Token;
ClaimsPrincipal claimsPrincipal = null;
this.tokenHandler.TryValidateLoginToken(token.RawData, this.key, out claimsPrincipal);
MobileAppUser user = this.tokenHandler.CreateServiceUser((ClaimsIdentity)claimsPrincipal.Identity, null);
return(user);
}
public void CreateUser_ReturnsAnonymous_IfInvalidUserId(string invalidUserId)
{
// Arrange
List <Claim> claims = new List <Claim>();
if (invalidUserId != null)
{
claims.Add(new Claim(ClaimTypes.NameIdentifier, invalidUserId));
}
ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims);
// Act
MobileAppUser user = this.tokenHandler.CreateServiceUser(claimsIdentity, null);
// Assert
Assert.Null(user.Id);
Assert.False(user.Identity.IsAuthenticated);
}
public void CreateUser_ReturnsUser_IfUnknownProviderName()
{
// Arrange
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, "unknown:providerId"),
};
// Fake that we've been authenticated
Mock <ClaimsIdentity> mockClaimsIdentity = new Mock <ClaimsIdentity>(claims);
mockClaimsIdentity.CallBase = true;
mockClaimsIdentity.SetupGet(c => c.IsAuthenticated).Returns(true);
// Act
MobileAppUser user = this.tokenHandler.CreateServiceUser(mockClaimsIdentity.Object, null);
// Assert
Assert.Equal("unknown:providerId", user.Id);
Assert.True(user.Identity.IsAuthenticated);
}
public void PopulateProviderCredentials_Twitter_CreatesExpectedCredentials()
{
TwitterCredentials credentials = new TwitterCredentials();
TokenResult tokenResult = new TokenResult();
tokenResult.Properties.Add(TokenResult.Authentication.AccessTokenName, "TestAccessToken");
tokenResult.Properties.Add("AccessTokenSecret", "TestAccessTokenSecret");
Dictionary <string, string> claims = new Dictionary <string, string>
{
{ "Claim1", "Value1" },
{ "Claim2", "Value1" },
{ "Claim3", "Value1" }
};
tokenResult.Claims = claims;
MobileAppUser.PopulateProviderCredentials(tokenResult, credentials);
Assert.Equal("TestAccessToken", credentials.AccessToken);
Assert.Equal("TestAccessTokenSecret", credentials.AccessTokenSecret);
Assert.Equal(claims.Count, credentials.Claims.Count);
}
public void CreateUser_DeterminesUserIdFromClaims()
{
// single uid claim
Claim[] claims = new Claim[]
{
new Claim("uid", "Facebook:1234")
};
ClaimsIdentity claimsIdentity = CreateMockClaimsIdentity(claims, true);
MobileAppUser user = this.tokenHandler.CreateServiceUser(claimsIdentity, null);
Assert.Equal("Facebook:1234", user.Id);
// single NameIdentifier claim
claims = new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, "Facebook:1234")
};
claimsIdentity = CreateMockClaimsIdentity(claims, true);
user = this.tokenHandler.CreateServiceUser(claimsIdentity, null);
Assert.Equal("Facebook:1234", user.Id);
// BOTH uid and NameIdentifier claims
// expect the NameIdentifier claim to take precedence
claims = new Claim[]
{
new Claim("uid", "Facebook:1234"),
new Claim(ClaimTypes.NameIdentifier, "Google:5678")
};
claimsIdentity = CreateMockClaimsIdentity(claims, true);
user = this.tokenHandler.CreateServiceUser(claimsIdentity, null);
Assert.Equal("Google:5678", user.Id);
// if there are no claims, the user id will be null
claimsIdentity = CreateMockClaimsIdentity(Enumerable.Empty <Claim>(), true);
user = this.tokenHandler.CreateServiceUser(claimsIdentity, null);
Assert.Equal(null, user.Id);
}
public string Get()
{
MobileAppUser user = this.User as MobileAppUser;
return("Hello from secured controller! UserId: " + user.Id);
}
/// <inheritdoc />
public virtual MobileAppUser CreateServiceUser(ClaimsIdentity claimsIdentity, string authToken)
{
MobileAppUser user = new MobileAppUser(claimsIdentity);
if (user.Identity.IsAuthenticated)
{
// Determine the user ID based on either the uid or NameIdentifier claims.
string userIdValue = claimsIdentity.GetClaimValueOrNull(ClaimTypes.NameIdentifier) ?? claimsIdentity.GetClaimValueOrNull("uid");
string prefix;
string userId;
if (!string.IsNullOrEmpty(userIdValue) &&
this.TryParseUserId(userIdValue, out prefix, out userId))
{
user.Id = userIdValue;
user.MobileAppAuthenticationToken = authToken;
}
else
{
// if no user name specified or the format is invalid,
// set to anonymous
SetAnonymousUser(user);
}
}
return user;
}
internal static MobileAppUser SetAnonymousUser(MobileAppUser user)
{
if (user != null)
{
user.Id = null;
user.MobileAppAuthenticationToken = null;
}
return user;
}
public async Task GetIdentitiesAsync_Throws_IfGatewayUrlNotInAppSettings()
{
// Arrange
ConfigurationManager.AppSettings["EMA_RuntimeUrl"] = null;
// ServiceUser should be authenticated to hit the exception
MobileAppUser user = new MobileAppUser(CreateMockClaimsIdentity(Enumerable.Empty<Claim>(), true));
user.MobileAppAuthenticationToken = "1234567890";
NullReferenceException ex = null;
// Act
try
{
ex = await Assert.ThrowsAsync<NullReferenceException>(() => user.GetIdentityAsync<FacebookCredentials>());
}
finally
{
// reset the config for future tests
ConfigurationManager.RefreshSection("appSettings");
}
// Assert
Assert.NotNull(ex);
Assert.Equal("The 'EMA_RuntimeUrl' app setting is missing from the configuration.", ex.Message);
}
public async Task GetIdentitiesAsync_ReturnsNull_IfMobileAppAuthenticationTokenIsNullOrEmpty(string token)
{
// Arrange
MobileAppUser user = new MobileAppUser(CreateMockClaimsIdentity(Enumerable.Empty<Claim>(), true));
user.MobileAppAuthenticationToken = token;
// Act
var tokenResult = await user.GetIdentityAsync<FacebookCredentials>();
// Assert
Assert.Null(tokenResult);
}
public async Task GetIdentitiesAsync_ReturnsNull_IfUserNotAuthenticated()
{
// Arrange
MobileAppUser user = new MobileAppUser(CreateMockClaimsIdentity(Enumerable.Empty<Claim>(), false));
// Act
var tokenResult = await user.GetIdentityAsync<FacebookCredentials>();
// Assert
Assert.Null(tokenResult);
}
/// <summary>
/// Enables the registration of a device installation for push notifications via PUT request.
/// If the specified installationId does not exist on the notification hub, a new installation is created and registered.
/// If the specified installationId already exists, the installation is modified.
/// </summary>
/// <param name="installationId">The installation id to register or modify.</param>
/// <param name="notificationInstallation">The <see cref="NotificationInstallation"/> object to register.</param>
/// <returns><see cref="HttpResponseMessage"/> describing the result of the operation.</returns>
public async Task <HttpResponseMessage> PutInstallation(string installationId, NotificationInstallation notificationInstallation)
{
if (!ModelState.IsValid)
{
throw new HttpResponseException(this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, this.ModelState));
}
this.ValidateInstallationId(installationId);
this.ValidateNotificationInstallation(installationId, notificationInstallation);
ITraceWriter traceWriter = this.Configuration.Services.GetTraceWriter();
// The installation object that will be sent to NH.
Installation installation = this.CreateInstallation(notificationInstallation);
HashSet <string> tagsAssociatedWithInstallationId = await this.GetTagsAssociatedWithInstallationId(notificationInstallation.InstallationId);
MobileAppUser serviceUser = this.GetCurrentUser();
if (tagsAssociatedWithInstallationId.Count == 0)
{
// Installation does not exist on NH. Add it.
if (installation.Tags == null)
{
installation.Tags = new List <string>();
}
// Tag the installation with the UserId if authenticated.
if (serviceUser != null && serviceUser.Identity.IsAuthenticated)
{
string incomingUserTag = string.Format(UserIdTagPlaceholder, serviceUser.Id);
installation.Tags.Add(incomingUserTag);
}
try
{
await this.UpsertInstallationAsync(installation);
}
catch (HttpResponseException)
{
throw;
}
catch (Exception ex)
{
string error = RResources.NotificationHub_CreateOrUpdateInstallationFailed.FormatForUser(installationId, ex.Message);
traceWriter.Error(error, ex, this.Request, ServiceLogCategories.NotificationControllers);
traceWriter.Error(error, ex, this.Request, LogCategories.NotificationControllers);
// We return 4xx status code on error as it is impossible to know whether it is bad input or a
// server error from NH. As a result we err on the bad request side.
return(this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message));
}
}
else
{
// Installation already existed on NH.
if (serviceUser != null && serviceUser.Identity.IsAuthenticated)
{
// Because the user is authenticated, copy all previous tags except UserId.
CopyTagsToInstallation(installation, tagsAssociatedWithInstallationId, false);
// Add the incoming UserId.
string incomingUserTag = string.Format(UserIdTagPlaceholder, serviceUser.Id);
AddTagToInstallation(installation, incomingUserTag);
}
else
{
// Because the request is anonymous, copy all previous tags to the installation object, including the previous user tag.
CopyTagsToInstallation(installation, tagsAssociatedWithInstallationId, true);
}
try
{
await this.UpsertInstallationAsync(installation);
}
catch (HttpResponseException)
{
throw;
}
catch (Exception ex)
{
string error = RResources.NotificationHub_CreateOrUpdateInstallationFailed.FormatForUser(installationId, ex.Message);
traceWriter.Error(error, ex, this.Request, ServiceLogCategories.NotificationControllers);
traceWriter.Error(error, ex, this.Request, LogCategories.NotificationControllers);
// We return 4xx status code on error as it is impossible to know whether it is bad input or a
// server error from NH. As a result we err on the bad request side.
return(this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message));
}
}
return(this.Request.CreateResponse(HttpStatusCode.OK));
}
