Example #1
0
        public async Task FederatedUsernameNullPasswordTestAsync()
        {
            using (var httpManager = new MockHttpManager())
            {
                httpManager.AddInstanceDiscoveryMockHandler();
                AddMockHandlerDefaultUserRealmDiscovery(httpManager);
                AddMockHandlerMex(httpManager);

                // Mex does not return integrated auth endpoint (.../13/windowstransport)
                httpManager.AddMockHandlerContentNotFound(HttpMethod.Post,
                                                          "https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport");

                PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
                                              .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
                                              .WithHttpManager(httpManager)
                                              .BuildConcrete();

                SecureString str = null;

                // Call acquire token
                MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>(
                    async() => await app.AcquireTokenByUsernamePassword(
                        TestConstants.s_scope,
                        TestConstants.s_user.Username,
                        str).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false);

                // Check inner exception
                Assert.AreEqual(MsalError.ParsingWsTrustResponseFailed, result.ErrorCode);

                // There should be no cached entries.
                Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
            }
        }
Example #2
0
        public async Task ManagedUsernameNoPasswordAcquireTokenTestAsync()
        {
            using (var httpManager = new MockHttpManager())
            {
                httpManager.AddInstanceDiscoveryMockHandler();
                AddMockResponseforManagedAccounts(httpManager);

                PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
                                              .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                                              .WithHttpManager(httpManager)
                                              .BuildConcrete();

                SecureString str = null;

                // Call acquire token
                MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>(
                    async() => await app.AcquireTokenByUsernamePassword(
                        TestConstants.s_scope,
                        TestConstants.s_user.Username,
                        str).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false);

                // Check error code
                Assert.AreEqual(MsalError.PasswordRequiredForManagedUserError, result.ErrorCode);

                // There should be no cached entries.
                Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
            }
        }
Example #3
0
        public async Task SilentAuthStrategyFallbackTestAsync()
        {
            using (var harness = CreateBrokerHelper())
            {
                //SilentRequest should always get an exception from the local client strategy and use the broker strategy instead when the right error codes
                //are thrown.

                // Arrange
                var mockBroker      = Substitute.For <IBroker>();
                var expectedAccount = Substitute.For <IAccount>();
                mockBroker.GetAccountsAsync(
                    TestConstants.ClientId,
                    TestConstants.RedirectUri,
                    AuthorityInfo.FromAuthorityUri(TestConstants.AuthorityCommonTenant, true),
                    Arg.Any <ICacheSessionManager>(),
                    Arg.Any <IInstanceDiscoveryManager>()).Returns(new[] { expectedAccount });
                mockBroker.IsBrokerInstalledAndInvokable().Returns(false);

                var platformProxy = Substitute.For <IPlatformProxy>();
                platformProxy.CanBrokerSupportSilentAuth().Returns(true);
                platformProxy.CreateBroker(null, null).ReturnsForAnyArgs(mockBroker);

                harness.ServiceBundle.SetPlatformProxyForTest(platformProxy);

                var mockClientStrategy         = Substitute.For <ISilentAuthRequestStrategy>();
                var mockBrokerStrategy         = Substitute.For <ISilentAuthRequestStrategy>();
                var brokerAuthenticationResult = new AuthenticationResult();

                var invalidGrantException = new MsalClientException(MsalError.InvalidGrantError);
                var noAccountException    = new MsalClientException(MsalError.NoAccountForLoginHint);
                var noTokensException     = new MsalClientException(MsalError.NoTokensFoundError);

                mockBrokerStrategy.ExecuteAsync(default).Returns(brokerAuthenticationResult);
Example #4
0
        public async Task AcquireTokenByIntegratedWindowsAuthTest_ManagedUserAsync()
        {
            // Arrange
            using (var httpManager = new MockHttpManager())
            {
                httpManager.AddInstanceDiscoveryMockHandler();

                AddMockHandlerDefaultUserRealmDiscovery_ManagedUser(httpManager);

                PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
                                              .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
                                              .WithHttpManager(httpManager)
                                              .BuildConcrete();

                // Act
                MsalClientException exception = await AssertException.TaskThrowsAsync <MsalClientException>(
                    async() => await app
                    .AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope)
                    .WithUsername(TestConstants.s_user.Username)
                    .ExecuteAsync(CancellationToken.None)
                    .ConfigureAwait(false)).ConfigureAwait(false);

                // Assert
                Assert.AreEqual(MsalError.IntegratedWindowsAuthNotSupportedForManagedUser, exception.ErrorCode);
            }
        }
Example #5
0
        public void NoAuthPrefix()
        {
            var scheme             = new SSHCertAuthenticationScheme("kid", "jwk");
            MsalClientException ex = AssertException.Throws <MsalClientException>(() => scheme.AuthorizationHeaderPrefix);

            Assert.AreEqual(MsalError.SSHCertUsedAsHttpHeader, ex.ErrorCode);
        }
Example #6
0
        public async Task PopWhenBrokerDoesNotSupportPop_Async()
        {
            // Arrange

            var mockBroker = Substitute.For <IBroker>();

            mockBroker.IsBrokerInstalledAndInvokable(AuthorityType.Aad).Returns(true);
            mockBroker.IsPopSupported.Returns(false);

            var pca = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
                      .WithExperimentalFeatures(true)
                      .WithBrokerPreview()
                      .WithTestBroker(mockBroker)
                      .BuildConcrete();

            pca.ServiceBundle.Config.BrokerCreatorFunc = (x, y, z) => mockBroker;

            // Act

            MsalClientException ex = await AssertException.TaskThrowsAsync <MsalClientException>(async() =>
                                                                                                 await pca.AcquireTokenInteractive(TestConstants.s_graphScopes)
                                                                                                 .WithProofOfPossession(TestConstants.Nonce, HttpMethod.Get, new Uri(TestConstants.AuthorityCommonTenant))
                                                                                                 .ExecuteAsync()
                                                                                                 .ConfigureAwait(false))
                                     .ConfigureAwait(false);

            Assert.AreEqual(MsalError.BrokerDoesNotSupportPop, ex.ErrorCode);
            Assert.AreEqual(MsalErrorMessage.BrokerDoesNotSupportPop, ex.Message);
        }
Example #7
0
        public async Task ExperimentalFeatureExceptionAsync()
        {
            var cca = ConfidentialClientApplicationBuilder.Create(Guid.NewGuid().ToString()).WithClientSecret("some-secret").Build();
            MsalClientException ex = await AssertException.TaskThrowsAsync <MsalClientException>(
                () => cca.AcquireTokenForClient(new[] { "scope" }).WithProofOfPossession(null).ExecuteAsync())
                                     .ConfigureAwait(false);

            Assert.AreEqual(MsalError.ExperimentalFeature, ex.ErrorCode);
        }
Example #8
0
        [TestMethod]  // TODO: bogavril - expect this case to be removed - MSAL should accept different port
        public async Task DefaultOsBrowserWebUi_ReturnUriInvalid_Async()
        {
            string differentPortRedirectUri = TestAuthorizationResponseUri.Replace(TestRedirectUri, "http://localhost:1111");

            MsalClientException ex = await AssertException.TaskThrowsAsync <MsalClientException>(
                () => AcquireAuthCodeAsync(responseUriString : differentPortRedirectUri))
                                     .ConfigureAwait(false);

            Assert.AreEqual(MsalError.LoopbackResponseUriMisatch, ex.ErrorCode);
        }
Example #9
0
        public void SilentAuthStrategyFallbackTest()
        {
            using (var harness = CreateBrokerHelper())
            {
                //SilentRequest should always get an exception from the local client strategy and use the broker strategy instead when the right error codes
                //are thrown.

                // Arrange
                var mockBroker      = Substitute.For <IBroker>();
                var expectedAccount = Substitute.For <IAccount>();
                mockBroker.GetAccountsAsync(TestConstants.ClientId, TestConstants.RedirectUri).Returns(new[] { expectedAccount });
                mockBroker.IsBrokerInstalledAndInvokable().Returns(false);

                var platformProxy = Substitute.For <IPlatformProxy>();
                platformProxy.CanBrokerSupportSilentAuth().Returns(true);
                platformProxy.CreateBroker(null).Returns(mockBroker);

                harness.ServiceBundle.SetPlatformProxyForTest(platformProxy);

                var mockClientStrategy             = Substitute.For <ISilentAuthRequestStrategy>();
                var mockBrokerStrategy             = Substitute.For <ISilentAuthRequestStrategy>();
                var mockBrokerAuthenticationResult = new AuthenticationResult();

                var invlidGrantException = new MsalClientException(MsalError.InvalidGrantError);
                var NoAccountException   = new MsalClientException(MsalError.NoAccountForLoginHint);
                var NoTokensException    = new MsalClientException(MsalError.NoTokensFoundError);

                mockBrokerStrategy.ExecuteAsync(new CancellationToken()).Returns(mockBrokerAuthenticationResult);
                mockClientStrategy.ExecuteAsync(new CancellationToken()).Throws(invlidGrantException);

                //Execute silent request with invalid grant
                var silentRequest = new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters, mockClientStrategy, mockBrokerStrategy);
                var result        = silentRequest.ExecuteTestAsync(new CancellationToken()).Result;
                Assert.AreEqual(result, mockBrokerAuthenticationResult);

                //Execute silent request with no accounts exception
                mockClientStrategy = Substitute.For <ISilentAuthRequestStrategy>();
                mockClientStrategy.ExecuteAsync(new CancellationToken()).Throws(NoAccountException);
                silentRequest = new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters, mockClientStrategy, mockBrokerStrategy);
                result        = silentRequest.ExecuteTestAsync(new CancellationToken()).Result;
                Assert.AreEqual(result, mockBrokerAuthenticationResult);

                //Execute silent request with no tokens exception
                mockClientStrategy = Substitute.For <ISilentAuthRequestStrategy>();
                mockClientStrategy.ExecuteAsync(new CancellationToken()).Throws(NoTokensException);
                silentRequest = new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters, mockClientStrategy, mockBrokerStrategy);
                result        = silentRequest.ExecuteTestAsync(new CancellationToken()).Result;
                Assert.AreEqual(result, mockBrokerAuthenticationResult);
            }
        }
Example #10
0
        public async Task MexEndpointFailsToResolveTestAsync()
        {
            using (var httpManager = new MockHttpManager())
            {
                httpManager.AddInstanceDiscoveryMockHandler();
                httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityOrganizationsTenant);
                AddMockHandlerDefaultUserRealmDiscovery(httpManager);

                // MEX
                httpManager.AddMockHandler(
                    new MockHttpMessageHandler
                {
                    ExpectedUrl     = "https://msft.sts.microsoft.com/adfs/services/trust/mex",
                    ExpectedMethod  = HttpMethod.Get,
                    ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(
                            File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml"))
                            .Replace("<wsp:All>", " "))
                    }
                });

                PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
                                              .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                                              .WithHttpManager(httpManager)
                                              .WithTelemetry(new TraceTelemetryConfig())
                                              .BuildConcrete();

                // Call acquire token, Mex parser fails
                MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>(
                    async() => await app.AcquireTokenByUsernamePassword(
                        TestConstants.s_scope,
                        TestConstants.s_user.Username,
                        _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false);

                // Check exception message
                Assert.AreEqual("Parsing WS metadata exchange failed", result.Message);
                Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode);

                // There should be no cached entries.
                Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
            }
        }
Example #11
0
        public async Task PopWhenBrokerIsNotEnabledForATS_Async()
        {
            // Arrange
            var pca = PublicClientApplicationBuilder
                      .Create(TestConstants.ClientId)
                      .WithExperimentalFeatures()
                      .BuildConcrete();

            // Act

            MsalClientException ex = await AssertException.TaskThrowsAsync <MsalClientException>(async() =>
                                                                                                 await pca.AcquireTokenSilent(TestConstants.s_graphScopes, TestConstants.LocalAccountId)
                                                                                                 .WithProofOfPossession(TestConstants.Nonce, HttpMethod.Get, new Uri(TestConstants.AuthorityCommonTenant))
                                                                                                 .ExecuteAsync()
                                                                                                 .ConfigureAwait(false))
                                     .ConfigureAwait(false);

            Assert.AreEqual(MsalError.BrokerRequiredForPop, ex.ErrorCode);
            Assert.AreEqual(MsalErrorMessage.BrokerRequiredForPop, ex.Message);
        }
Example #12
0
        public async Task AcquireTokenByIntegratedWindowsAuthTest_UnknownUserAsync()
        {
            // Arrange
            using (var httpManager = new MockHttpManager())
            {
                httpManager.AddInstanceDiscoveryMockHandler();
                httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant);

                // user realm discovery - unknown user type
                httpManager.AddMockHandler(
                    new MockHttpMessageHandler
                {
                    ExpectedMethod  = HttpMethod.Get,
                    ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
                    {
                        Content = new StringContent(
                            "{\"ver\":\"1.0\"," +
                            "\"account_type\":\"Bogus\"}")
                    }
                });

                PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
                                              .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
                                              .WithHttpManager(httpManager)
                                              .WithTelemetry(new TraceTelemetryConfig())
                                              .BuildConcrete();

                // Act
                MsalClientException exception = await AssertException.TaskThrowsAsync <MsalClientException>(
                    async() => await app
                    .AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope)
                    .WithUsername(TestConstants.s_user.Username)
                    .ExecuteAsync(CancellationToken.None)
                    .ConfigureAwait(false)).ConfigureAwait(false);

                // Assert
                Assert.AreEqual(MsalError.UnknownUserType, exception.ErrorCode);
            }
        }
Example #13
0
        public void MsalClientException_FromMessageAndCode()
        {
            // Act
            var msalException = new MsalClientException(ExCode, ExMessage);

            // Assert
            var msalClientException = msalException as MsalClientException;

            Assert.AreEqual(ExCode, msalClientException.ErrorCode);
            Assert.AreEqual(ExMessage, msalClientException.Message);
            Assert.IsNull(msalClientException.InnerException);

            // Act
            string piiMessage = MsalLogger.GetPiiScrubbedExceptionDetails(msalException);

            // Assert
            Assert.IsFalse(string.IsNullOrEmpty(piiMessage));
            Assert.IsTrue(
                piiMessage.Contains(typeof(MsalClientException).Name),
                "The pii message should contain the exception type");
            Assert.IsTrue(piiMessage.Contains(ExCode));
            Assert.IsFalse(piiMessage.Contains(ExMessage));
        }
Example #14
0
        public void MsalClientExceptionCanSerializeAndDeserializeRoundTrip()
        {
            var ex = new MsalClientException(SomeErrorCode, SomeErrorMessage);

            SerializeDeserializeAndValidate(ex, typeof(MsalClientException), false);
        }