public void RequireSslPrependsHttpsScheme()
{
MockHttpRequest.Reset();
OpenIdRelyingParty rp = TestSupport.CreateRelyingParty(null);
rp.Settings.RequireSsl = true;
Identifier mockId = TestSupport.GetMockIdentifier(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20, true);
string noSchemeId = stripScheme(mockId);
var request = rp.CreateRequest(noSchemeId, TestSupport.Realm, TestSupport.ReturnTo);
Assert.IsTrue(request.ClaimedIdentifier.ToString().StartsWith("https://", StringComparison.OrdinalIgnoreCase));
}
public void DiscoverRequireSslWithSecureRedirects()
{
MockHttpRequest.Reset();
Identifier claimedId = TestSupport.GetMockIdentifier(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20, true);
// Add a couple of chained redirect pages that lead to the claimedId.
// All redirects should be secure.
Uri userSuppliedUri = TestSupport.GetFullUrl("/someSecurePage", null, true);
Uri secureMidpointUri = TestSupport.GetFullUrl("/secureStop", null, true);
MockHttpRequest.RegisterMockRedirect(userSuppliedUri, secureMidpointUri);
MockHttpRequest.RegisterMockRedirect(secureMidpointUri, new Uri(claimedId.ToString()));
Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, true);
Assert.AreEqual(1, userSuppliedIdentifier.Discover().Count());
}
public void DiscoveryWithRedirects()
{
MockHttpRequest.Reset();
Identifier claimedId = TestSupport.GetMockIdentifier(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20);
// Add a couple of chained redirect pages that lead to the claimedId.
Uri userSuppliedUri = TestSupport.GetFullUrl("/someSecurePage", null, true);
Uri insecureMidpointUri = TestSupport.GetFullUrl("/insecureStop");
MockHttpRequest.RegisterMockRedirect(userSuppliedUri, insecureMidpointUri);
MockHttpRequest.RegisterMockRedirect(insecureMidpointUri, new Uri(claimedId.ToString()));
// don't require secure SSL discovery for this test.
Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, false);
Assert.AreEqual(1, userSuppliedIdentifier.Discover().Count());
}
public void DiscoverRequireSslWithInsecureRedirect()
{
MockHttpRequest.Reset();
Identifier claimedId = TestSupport.GetMockIdentifier(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20, true);
// Add a couple of chained redirect pages that lead to the claimedId.
// Include an insecure HTTP jump in those redirects to verify that
// the ultimate endpoint is never found as a result of high security profile.
Uri userSuppliedUri = TestSupport.GetFullUrl("/someSecurePage", null, true);
Uri insecureMidpointUri = TestSupport.GetFullUrl("/insecureStop");
MockHttpRequest.RegisterMockRedirect(userSuppliedUri, insecureMidpointUri);
MockHttpRequest.RegisterMockRedirect(insecureMidpointUri, new Uri(claimedId.ToString()));
Identifier userSuppliedIdentifier = new UriIdentifier(userSuppliedUri, true);
userSuppliedIdentifier.Discover();
}
public void UnsolicitedAssertionWithRequireSslWithoutSecureIdentityUrl()
{
MockHttpRequest.Reset();
Mocks.MockHttpRequest.RegisterMockRPDiscovery();
TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval;
Identifier claimedId = TestSupport.GetMockIdentifier(scenario, ProtocolVersion.V20);
Identifier localId = TestSupport.GetDelegateUrl(scenario);
OpenIdProvider op = TestSupport.CreateProvider(null);
IResponse assertion = op.PrepareUnsolicitedAssertion(TestSupport.Realm, claimedId, localId);
var opAuthWebResponse = (Response)assertion;
var opAuthResponse = (DotNetOpenId.Provider.EncodableResponse)opAuthWebResponse.EncodableMessage;
var rp = TestSupport.CreateRelyingParty(TestSupport.RelyingPartyStore, opAuthResponse.RedirectUrl,
opAuthResponse.EncodedFields.ToNameValueCollection());
rp.Settings.RequireSsl = true;
Assert.AreEqual(AuthenticationStatus.Failed, rp.Response.Status);
Assert.IsNull(rp.Response.ClaimedIdentifier);
}
public void TearDown()
{
MockHttpRequest.Reset();
}
