public void ShouldSetReferrerFromRedirectParam() { var appHost = TestServer.Current; var subject = new AzureAuthenticationProvider(new TestAzureGraphService()); var auth = new Authenticate { UserName = "******" }; var session = new AuthUserSession(); var request = new MockHttpRequest("myapp", "GET", "text", "/myapp", new NameValueCollection { { "redirect", "http://localhost/myapp/secure-resource" } }, Stream.Null, null) { Items = { { Keywords.Session, session } } }; //subject.Request = request; var mockAuthService = MockAuthService(request, appHost); var result = subject.Authenticate(mockAuthService.Object, session, auth); // subject.Post(auth); Assert.Equal("http://localhost/myapp/secure-resource", session.ReferrerUrl); }
public void ShouldRequestTokenWithCustomDirectoryResolver(string username) { var appHost = TestServer.Current; var directory = new ApplicationRegistration { ClientId = "custom-clientid", ClientSecret = "custom-clientsecret", DirectoryName = "custom-foodomain.com" }; var auth = new Authenticate { UserName = username }; var subject = new AzureAuthenticationProvider(new TestAzureGraphService()) { ApplicationDirectoryResolver = (serviceBase, registryService, s) => directory, }; var session = new AuthUserSession { State = "D79E5777-702E-4260-9A62-37F75FF22CCE", UserName = auth.UserName }; subject.CallbackUrl = "http://localhost/myapp/"; var request = new MockHttpRequest("myapp", "GET", "text", "/myapp", new NameValueCollection { { "code", "AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrqqf_ZT_p5uEAEJJ_nZ3UmphWygRNy2C3jJ239gV_DBnZ2syeg95Ki-374WHUP-i3yIhv5i-7KU2CEoPXwURQp6IVYMw-DjAOzn7C3JCu5wpngXmbZKtJdWmiBzHpcO2aICJPu1KvJrDLDP20chJBXzVYJtkfjviLNNW7l7Y3ydcHDsBRKZc3GuMQanmcghXPyoDg41g8XbwPudVh7uCmUponBQpIhbuffFP_tbV8SNzsPoFz9CLpBCZagJVXeqWoYMPe2dSsPiLO9Alf_YIe5zpi-zY4C3aLw5g9at35eZTfNd0gBRpR5ojkMIcZZ6IgAA" }, { "session_state", "7B29111D-C220-4263-99AB-6F6E135D75EF" }, { "state", "D79E5777-702E-4260-9A62-37F75FF22CCE" } }, Stream.Null, new NameValueCollection()); var mockAuthService = MockAuthService(request, appHost); var response = (IHttpResult)subject.Authenticate(mockAuthService.Object, session, auth); Assert.True(session.IsAuthenticated); var tokens = session.GetAuthTokens("ms-graph"); Assert.NotNull(tokens); Assert.Equal("ms-graph", tokens.Provider); Assert.Equal(tokens.AccessTokenSecret, TokenHelper.AccessToken); Assert.NotNull(tokens.RefreshTokenExpiry); Assert.Equal(tokens.RefreshToken, TokenHelper.RefreshToken); // Regardless of what is entered up front, Azure will determine what the identity values are Assert.Equal("d542096aa0b94e2195856b57e43257e4", tokens.UserId); // oid Assert.Equal("*****@*****.**", tokens.UserName); Assert.Equal("Some User", tokens.DisplayName); Assert.Equal(session.UserName, tokens.UserName); Assert.Equal(session.LastName, tokens.LastName); Assert.Equal(session.FirstName, tokens.FirstName); Assert.Equal(session.DisplayName, tokens.DisplayName); var result = (IHttpResult)response; Assert.StartsWith("http://localhost#s=1", result.Headers["Location"]); }
public void ShouldRedirectToFailurePathIfErrorIn() { var appHost = TestServer.Current; // See https://tools.ietf.org/html/rfc6749#section-4.1.2.1 var subject = new AzureAuthenticationProvider(new TestAzureGraphService()) { FailureRedirectPath = "/auth-failure" }; var auth = new Authenticate { UserName = "******" }; var request = new MockHttpRequest("auth", "GET", "text", "/auth/foo?error=invalid_request", new NameValueCollection { { "error", "invalid_request" } }, Stream.Null, new NameValueCollection()); var mockAuthService = MockAuthService(request, appHost); var response = subject.Authenticate(mockAuthService.Object, new AuthUserSession(), auth); var result = (IHttpResult)response; //var redirectRequest = new Uri(result.Headers["Location"]); Assert.Equal("http://localhost/auth-failure?f=invalid_request&response_type=code", result.Headers["Location"]); var query = PclExportClient.Instance.ParseQueryString(new Uri(result.Headers["Location"]).Query); Assert.Equal("code", query["response_type"]); }
public void ShouldSetCallbackUrlWithoutParameters() { var appHost = TestServer.Current; var subject = new AzureAuthenticationProvider(new TestAzureGraphService()); var auth = new Authenticate { UserName = "******" }; var request = new MockHttpRequest("auth", "GET", "text", "/auth/foo/bar?redirect=" + "http://localhost/secure-resource".UrlEncode(), new NameValueCollection { { "redirect", "http://localhost/secure-resource" } }, Stream.Null, null); var mockAuthService = MockAuthService(request, appHost); var response = subject.Authenticate(mockAuthService.Object, new AuthUserSession(), auth); var result = (IHttpResult)response; var codeRequest = new Uri(result.Headers["Location"]); var query = PclExportClient.Instance.ParseQueryString(codeRequest.Query); Assert.Equal("code", query["response_type"]); Assert.Equal("http://localhost/auth/foo/bar", subject.CallbackUrl); Assert.Equal(query["redirect_uri"].UrlDecode(), subject.CallbackUrl); }
public void ShouldBeAuthProvider() { var subject = new AzureAuthenticationProvider(new TestAzureGraphService()); Assert.IsAssignableFrom <AuthProvider>(subject); Assert.Equal("ms-graph", subject.Provider); }
public void ShouldRequestCodeWithCustomDirectoryResolver(string clientId, string clientSecret , string directoryName, string username) { var appHost = TestServer.Current; var directory = new ApplicationRegistration { ClientId = clientId, ClientSecret = clientSecret, DirectoryName = directoryName }; var subject = new AzureAuthenticationProvider(new TestAzureGraphService()) { ApplicationDirectoryResolver = (serviceBase, registryService, session) => directory }; var auth = new Authenticate() { UserName = username }; var authService = MockAuthService(appHost: appHost); var response = subject.Authenticate(authService.Object, new AuthUserSession(), auth); var result = (IHttpResult)response; if (string.IsNullOrWhiteSpace(username)) { Assert.StartsWith($"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={clientId}&response_type=code&redirect_uri=http%3a%2f%2flocalhost%2f&scope=https%3a%2f%2fgraph.microsoft.com%2fUser.Read+offline%5faccess+openid+profile", result.Headers["Location"]); } else { Assert.StartsWith($"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={clientId}&response_type=code&redirect_uri=http%3a%2f%2flocalhost%2f&domain_hint={username}&scope=https%3a%2f%2fgraph.microsoft.com%2fUser.Read+offline%5faccess+openid+profile", result.Headers["Location"]); } var codeRequest = new Uri(result.Headers["Location"]); var query = new NameValueCollection(); Microsoft.AspNetCore.WebUtilities.QueryHelpers.ParseQuery(codeRequest.Query) .ForEach((key, values) => query.Add(key, values.ToString())); if (!string.IsNullOrWhiteSpace(username)) { Assert.Equal(username, query["domain_hint"]); } Assert.Equal("code", query["response_type"]); Assert.Equal(query["client_id"], clientId); Assert.Equal(query["redirect_uri"].UrlDecode(), subject.CallbackUrl); }
public void ShouldSaveOAuth2StateValue() { var appHost = TestServer.Current; var subject = new AzureAuthenticationProvider(new TestAzureGraphService()); var auth = new Authenticate { UserName = "******" }; var session = new AuthUserSession(); var response = subject.Authenticate(MockAuthService(appHost: appHost).Object, session, auth); var result = (IHttpResult)response; var codeRequest = new Uri(result.Headers["Location"]); var query = PclExportClient.Instance.ParseQueryString(codeRequest.Query); var state = query["state"]; Assert.Equal(session.State, state); }
public void ShouldAbortIfStateValuesDoNotMatch() { // var appHost = TestServer.Current; var subject = new AzureAuthenticationProvider(new TestAzureGraphService()); var auth = new Authenticate { UserName = "******" }; subject.CallbackUrl = "http://localhost/myapp/"; var request = new MockHttpRequest("myapp", "GET", "text", "/myapp", new NameValueCollection { { "code", "code123" }, { "session_state", "dontcare" }, { "state", "state123" } }, Stream.Null, new NameValueCollection()); var mockAuthService = MockAuthService(request); using (new HttpResultsFilter { StringResultFn = (tokenRequest, s) => @"{ ""access_token"": ""fake token"", ""id_token"": ""eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctODkwYS0yNzRhNzJhNzMwOWUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83ZmU4MTQ0Ny1kYTU3LTQzODUtYmVjYi02ZGU1N2YyMTQ3N2UvIiwiaWF0IjoxMzg4NDQwODYzLCJuYmYiOjEzODg0NDA4NjMsImV4cCI6MTM4ODQ0NDc2MywidmVyIjoiMS4wIiwidGlkIjoiN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0NzdlIiwib2lkIjoiNjgzODlhZTItNjJmYS00YjE4LTkxZmUtNTNkZDEwOWQ3NGY1IiwidXBuIjoiZnJhbmttQGNvbnRvc28uY29tIiwidW5pcXVlX25hbWUiOiJmcmFua21AY29udG9zby5jb20iLCJzdWIiOiJKV3ZZZENXUGhobHBTMVpzZjd5WVV4U2hVd3RVbTV5elBtd18talgzZkhZIiwiZmFtaWx5X25hbWUiOiJNaWxsZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ."" }" }) { var session = new AuthUserSession { State = "state133" // Not the same as the state in the request above }; try { subject.Authenticate(mockAuthService.Object, session, auth); } catch (UnauthorizedAccessException) { } Assert.False(session.IsAuthenticated); } }
public void ShouldRequestCode() { var appHost = TestServer.Current; var subject = new AzureAuthenticationProvider(new TestAzureGraphService()); var auth = new Authenticate { UserName = "******" }; var authService = MockAuthService(appHost: appHost); var response = subject.Authenticate(authService.Object, new AuthUserSession(), auth); var result = (IHttpResult)response; Assert.StartsWith("https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=clientid&response_type=code&redirect_uri=http%3a%2f%2flocalhost%2f&[email protected]&scope=https%3a%2f%2fgraph.microsoft.com%2fUser.Read", result.Headers["Location"]); var codeRequest = new Uri(result.Headers["Location"]); var query = PclExportClient.Instance.ParseQueryString(codeRequest.Query); Assert.Equal("code", query["response_type"]); Assert.Equal("clientid", query["client_id"]); Assert.Equal(query["redirect_uri"].UrlDecode(), subject.CallbackUrl); Assert.Equal("*****@*****.**", query["domain_hint"]); }
public PeopleService(AzureAuthenticationProvider authenticationProvider) { _authenticationProvider = authenticationProvider; }
public void ShouldRequestToken() { var appHost = TestServer.Current; var subject = new AzureAuthenticationProvider(new TestAzureGraphService()) { }; var auth = new Authenticate { UserName = "******" }; var session = new AuthUserSession { State = "D79E5777-702E-4260-9A62-37F75FF22CCE", UserName = auth.UserName }; subject.CallbackUrl = "http://localhost/myapp/"; var request = new MockHttpRequest("myapp", "GET", "text", "/myapp", new NameValueCollection { { "code", "AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrqqf_ZT_p5uEAEJJ_nZ3UmphWygRNy2C3jJ239gV_DBnZ2syeg95Ki-374WHUP-i3yIhv5i-7KU2CEoPXwURQp6IVYMw-DjAOzn7C3JCu5wpngXmbZKtJdWmiBzHpcO2aICJPu1KvJrDLDP20chJBXzVYJtkfjviLNNW7l7Y3ydcHDsBRKZc3GuMQanmcghXPyoDg41g8XbwPudVh7uCmUponBQpIhbuffFP_tbV8SNzsPoFz9CLpBCZagJVXeqWoYMPe2dSsPiLO9Alf_YIe5zpi-zY4C3aLw5g9at35eZTfNd0gBRpR5ojkMIcZZ6IgAA" }, { "session_state", "7B29111D-C220-4263-99AB-6F6E135D75EF" }, { "state", "D79E5777-702E-4260-9A62-37F75FF22CCE" } }, Stream.Null, new NameValueCollection()) { HttpMethod = "POST", Items = { { Keywords.Session, session } } }; var mockAuthService = MockAuthService(request, appHost); using (new HttpResultsFilter { StringResultFn = (tokenRequest, s) => { Assert.Equal("https://login.microsoftonline.com/common/oauth2/v2.0/token", tokenRequest.RequestUri.ToString()); Assert.Equal("POST", tokenRequest.Method); Assert.Equal("application/x-www-form-urlencoded", tokenRequest.ContentType); return(TokenHelper.GetIdToken()); } }) { //var response = authService.Post(auth); var response = (IHttpResult)subject.Authenticate(mockAuthService.Object, session, auth); Assert.True(session.IsAuthenticated); var tokens = session.GetAuthTokens("ms-graph"); Assert.NotNull(tokens); Assert.Equal("ms-graph", tokens.Provider); Assert.Equal(tokens.AccessTokenSecret, TokenHelper.AccessToken); Assert.NotNull(tokens.RefreshTokenExpiry); Assert.Equal(tokens.RefreshToken, TokenHelper.RefreshToken); Assert.Equal("d542096aa0b94e2195856b57e43257e4", tokens.UserId); // oid Assert.Equal("*****@*****.**", tokens.UserName); Assert.Equal("User", tokens.LastName); Assert.Equal("Some", tokens.FirstName); Assert.Equal("Some User", tokens.DisplayName); Assert.Equal(session.UserName, tokens.UserName); Assert.Equal(session.LastName, tokens.LastName); Assert.Equal(session.FirstName, tokens.FirstName); Assert.Equal(session.DisplayName, tokens.DisplayName); var result = (IHttpResult)response; Assert.StartsWith("http://localhost#s=1", result.Headers["Location"]); } }