Example #1
0
            public async Task GivenMatchingApiKeyWithOwnerScopeOfSelf_ItSetsUserInOwinEnvironment()
            {
                // Arrange
                var user = new User {
                    Key = 1234, Username = "******", EmailAddress = "*****@*****.**"
                };
                TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions());

                var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1, out string plaintextApiKey);

                apiKeyCredential.Scopes.Add(new Scope(1234, "thePackage", "theAction"));

                handler.OwinContext.Request.Headers.Set(
                    ServicesConstants.ApiKeyHeaderName,
                    plaintextApiKey);
                handler.MockAuth.SetupAuth(apiKeyCredential, user, credentialValue: plaintextApiKey);

                // Act
                await handler.InvokeAuthenticateCoreAsync();

                // Assert
                var authUser = Assert.IsType <AuthenticatedUser>(
                    handler.OwinContext.Environment[ServicesConstants.CurrentUserOwinEnvironmentKey]);

                Assert.Same(user, authUser.User);
            }
Example #2
0
            public async Task GivenMatchingApiKey_ItSetsUserInOwinEnvironment()
            {
                // Arrange
                Guid apiKey = Guid.NewGuid();
                var  user   = new User()
                {
                    Username = "******", EmailAddress = "*****@*****.**"
                };
                TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()
                {
                    RootPath = "/api"
                });

                handler.OwinContext.Request.Path = "/api/v2/packages";
                handler.OwinContext.Request.Headers.Set(
                    Constants.ApiKeyHeaderName,
                    apiKey.ToString().ToLowerInvariant());
                handler.MockAuth.SetupAuth(CredentialBuilder.CreateV1ApiKey(apiKey), user);

                // Act
                await handler.InvokeAuthenticateCoreAsync();

                // Assert
                var authUser = Assert.IsType <AuthenticatedUser>(
                    handler.OwinContext.Environment[Constants.CurrentUserOwinEnvironmentKey]);

                Assert.Same(user, authUser.User);
            }
Example #3
0
            public async Task GivenMatchingApiKey_ItReturnsTicketWithUserNameAndRoles()
            {
                // Arrange
                Guid apiKey = Guid.NewGuid();
                var  user   = new User()
                {
                    Username = "******", EmailAddress = "*****@*****.**"
                };
                TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()
                {
                    RootPath = "/api"
                });

                handler.OwinContext.Request.Path = "/api/v2/packages";
                handler.OwinContext.Request.Headers.Set(
                    Constants.ApiKeyHeaderName,
                    apiKey.ToString().ToLowerInvariant());
                handler.MockAuth.SetupAuth(CredentialBuilder.CreateV1ApiKey(apiKey), user);

                // Act
                var ticket = await handler.InvokeAuthenticateCoreAsync();

                // Assert
                Assert.NotNull(ticket);
                Assert.Equal(apiKey.ToString().ToLower(), ticket.Identity.GetClaimOrDefault(NuGetClaims.ApiKey));
            }
            public async Task GivenNoApiKeyHeader_ItReturnsNull()
            {
                // Arrange
                TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions());

                // Act
                var ticket = await handler.InvokeAuthenticateCoreAsync();

                // Assert
                Assert.Null(ticket);
            }
            public async Task GivenNoUserMatchingApiKey_ItReturnsNull()
            {
                // Arrange
                Guid apiKey = Guid.NewGuid();
                TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions());

                handler.OwinContext.Request.Headers.Set(
                    Constants.ApiKeyHeaderName,
                    apiKey.ToString().ToLowerInvariant());

                // Act
                var ticket = await handler.InvokeAuthenticateCoreAsync();

                // Assert
                Assert.Null(ticket);
            }
Example #6
0
            public async Task GivenNoApiKeyHeader_ItReturnsNull()
            {
                // Arrange
                TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions()
                {
                    RootPath = "/api"
                });

                handler.OwinContext.Request.Path = "/api/v2/packages";

                // Act
                var ticket = await handler.InvokeAuthenticateCoreAsync();

                // Assert
                Assert.Null(ticket);
            }
            public async Task GivenMatchingApiKeyWithOwnerScopeOfOrganization_ItSetsUserInOwinEnvironment(bool isAdmin)
            {
                // Arrange
                var organization = new Organization()
                {
                    Key = 2345
                };
                var user = new User {
                    Key = 1234, Username = "******", EmailAddress = "*****@*****.**"
                };

                user.Organizations.Add(new Membership
                {
                    OrganizationKey = 2345,
                    Organization    = organization,
                    IsAdmin         = isAdmin
                });

                TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions());

                var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1);

                apiKeyCredential.Scopes.Add(new Scope(2345, "thePackage", "theAction"));

                handler.OwinContext.Request.Headers.Set(
                    Constants.ApiKeyHeaderName,
                    apiKeyCredential.Value.ToLowerInvariant());
                handler.MockAuth.SetupAuth(apiKeyCredential, user);

                // Act
                await handler.InvokeAuthenticateCoreAsync();

                // Assert
                var authUser = Assert.IsType <AuthenticatedUser>(
                    handler.OwinContext.Environment[Constants.CurrentUserOwinEnvironmentKey]);

                Assert.Same(user, authUser.User);
            }
Example #8
0
            public async Task GivenMatchingApiKey_ItSetsUserInOwinEnvironment()
            {
                // Arrange
                var user = new User {
                    Username = "******", EmailAddress = "*****@*****.**"
                };
                TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions());

                var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1);

                handler.OwinContext.Request.Headers.Set(
                    Constants.ApiKeyHeaderName,
                    apiKeyCredential.Value.ToLowerInvariant());
                handler.MockAuth.SetupAuth(apiKeyCredential, user);

                // Act
                await handler.InvokeAuthenticateCoreAsync();

                // Assert
                var authUser = Assert.IsType <AuthenticatedUser>(
                    handler.OwinContext.Environment[Constants.CurrentUserOwinEnvironmentKey]);

                Assert.Same(user, authUser.User);
            }
Example #9
0
            public async Task GivenApiKeyWithOwnerScopeThatDoesNotMatch_WritesUnauthorizedResponse()
            {
                // Arrange
                var user = new User {
                    Key = 1234, Username = "******", EmailAddress = "*****@*****.**"
                };
                TestableApiKeyAuthenticationHandler handler = await TestableApiKeyAuthenticationHandler.CreateAsync(new ApiKeyAuthenticationOptions());

                var apiKeyCredential = new CredentialBuilder().CreateApiKey(Fakes.ExpirationForApiKeyV1, out string plaintextApiKey);

                apiKeyCredential.Scopes.Add(new Scope(2345, "thePackage", "theAction"));

                handler.OwinContext.Request.Headers.Set(
                    ServicesConstants.ApiKeyHeaderName,
                    plaintextApiKey);
                handler.MockAuth.SetupAuth(apiKeyCredential, user, credentialValue: plaintextApiKey);

                // Act
                var body = await handler.OwinContext.Response.CaptureBodyAsString(async() =>
                                                                                  await handler.InvokeAuthenticateCoreAsync());

                // Assert
                Assert.Equal(Strings.ApiKeyNotAuthorized, handler.OwinContext.Response.ReasonPhrase);
                Assert.Equal(Strings.ApiKeyNotAuthorized, body);
                Assert.Equal(403, handler.OwinContext.Response.StatusCode);
            }