Exemple #1
0
        /// <summary>
        ///     Handle the request to authorize the request
        /// </summary>
        /// <param name="request">The request to handle</param>
        /// <param name="jsonRequest">The parameters of the call, if JSON request</param>
        public DnoaAuthZResponse HandleTokenRequest(IRequest request, CreateAccessToken jsonRequest)
        {
            OutgoingWebResponse response = GetResponse(request, jsonRequest);

            var responseBody = response.Body.FromJson <Dictionary <string, string> >();

            if (response.Status == HttpStatusCode.OK)
            {
                return(new DnoaAuthZResponse
                {
                    AccessToken = responseBody[@"access_token"],
                    RefreshToken = responseBody[@"refresh_token"],
                    ExpiresIn = responseBody[@"expires_in"],
                    TokenType = responseBody[@"token_type"],
                    Scope = responseBody[@"scope"],
                });
            }

            string error   = (responseBody.ContainsKey(@"error")) ? responseBody[@"error"] : string.Empty;
            string message = (responseBody.ContainsKey(@"error_description"))
                ? responseBody[@"error_description"]
                : error;

            throw LogicErrorThrower.RuleViolation(message);
        }
Exemple #2
0
            public void WhenPostCreateAccessForRefreshToken_ThenCreatesResource()
            {
                Client.AddCredentials(Clients.Test.ClientApplication.ClientIdentifier,
                                      Clients.Test.ClientApplication.ClientSecret);

                //Get an access token
                CreateAccessToken request1 = MakeCreateAccessToken();

                request1.Username = Clients.Test.ClientUserAccount.AuthInfo.Username;
                request1.Password = Clients.Test.ClientUserAccount.Password;
                CreateAccessTokenResponse result1 = Client.Post(request1);

                Assert.True(result1.AccessToken.HasValue());
                Assert.Equal(TimeSpan.FromMinutes(15).TotalSeconds.ToString(CultureInfo.InvariantCulture),
                             result1.ExpiresIn);
                Assert.True(result1.RefreshToken.HasValue());
                Assert.Equal(AccessScope.Profile, result1.Scope);

                // Get a refresh token
                var request2 = new CreateAccessToken
                {
                    GrantType    = GrantTypes.RefreshToken,
                    RefreshToken = result1.RefreshToken,
                };
                CreateAccessTokenResponse result2 = Client.Post(request2);

                Assert.True(result2.AccessToken.HasValue());
                Assert.Equal(TimeSpan.FromMinutes(15).TotalSeconds.ToString(CultureInfo.InvariantCulture),
                             result2.ExpiresIn);
                Assert.True(result2.RefreshToken.HasValue());
                Assert.Equal(AccessScope.Profile, result2.Scope);
            }
Exemple #3
0
            public void WhenPostCreateAccessTokenWithoutClientApplicationCredentials_ThenThrows()
            {
                CreateAccessToken request = MakeCreateAccessToken();

                Assert.Throws <InvalidOperationException>(HttpErrorCode.FromHttpStatusCode(HttpStatusCode.BadRequest),
                                                          () => Client.Post <HttpWebResponse>(request));
            }
Exemple #4
0
            public void WhenPostCreateAccessTokenForNormalUser_ThenAccessTokenReturned()
            {
                Assert.Equal("user", normalUser.Roles);

                CreateAccessToken request = MakeCreateAccessToken(normalUser);

                AssertTokenCreated(Client.Post(request));
            }
Exemple #5
0
            public void WhenPostCreateAccessTokenForParticipantUser_ThenAccessTokenReturned()
            {
                Assert.Equal("participant", participantUser.Roles);

                CreateAccessToken request = MakeCreateAccessToken(participantUser);

                AssertTokenCreated(Client.Post(request));
            }
Exemple #6
0
        public CreateAccessTokenResponse Post(CreateAccessToken body)
        {
            return(ProcessRequest(body, HttpStatusCode.Created, () =>
            {
                var response = this.AccessTokensManager.CreateAccessToken(this.Request, body);
                this.SetLocationHeader(GetCreateAccessTokenResponseId(response));

                return response;
            }));
        }
Exemple #7
0
            public void WhenPostCreateAccessTokenWithUnknownUsername_ThenThrows()
            {
                Client.AddCredentials(Clients.Test.ClientApplication.ClientIdentifier,
                                      Clients.Test.ClientApplication.ClientSecret);

                CreateAccessToken request = MakeCreateAccessToken();

                Assert.Throws <InvalidOperationException>(HttpErrorCode.FromHttpStatusCode(HttpStatusCode.BadRequest),
                                                          () => Client.Post <HttpWebResponse>(request));
            }
Exemple #8
0
            public void WhenPostCreateAccessTokenWithUnknownClientApplication_ThenThrows()
            {
                Client.AddCredentials("aclientapp", "asecret");

                CreateAccessToken request = MakeCreateAccessToken();

                request.Username = Clients.Test.ClientUserAccount.AuthInfo.Username;
                request.Password = Clients.Test.ClientUserAccount.Password;

                Assert.Throws <InvalidOperationException>(HttpErrorCode.FromHttpStatusCode(HttpStatusCode.BadRequest),
                                                          () => Client.Post <HttpWebResponse>(request));
            }
Exemple #9
0
            public void WhenPostCreateAccessTokenWithWrongUserPassword_ThenThrows()
            {
                Client.AddCredentials(Clients.Test.ClientApplication.ClientIdentifier,
                                      Clients.Test.ClientApplication.ClientSecret);

                CreateAccessToken request = MakeCreateAccessToken();

                request.Username = Clients.Test.ClientUserAccount.AuthInfo.Username;
                request.Password = "******";
                Assert.Throws <InvalidOperationException>(HttpErrorCode.FromHttpStatusCode(HttpStatusCode.BadRequest),
                                                          () => Client.Post <HttpWebResponse>(request));
            }
Exemple #10
0
 public void Initialize()
 {
     validator = new CreateAccessTokenValidator();
     dto       = new CreateAccessToken
     {
         GrantType    = GrantTypes.AccessToken,
         Password     = "******",
         Username     = "******",
         RefreshToken = "arefreshtoken",
         Scope        = "ascope",
     };
 }
Exemple #11
0
        private OutgoingWebResponse GetResponse(IRequest request, CreateAccessToken jsonRequest)
        {
            var authZServer = new AuthorizationServer(OAuthorizationServer);

            if (request.ContentType == MimeTypes.Json)
            {
                // Request is coming from A JSON client
                return(authZServer.HandleTokenRequest(ConvertJsonRequestToFormRequest(request, jsonRequest)));
            }
            // Request is likely coming from DNOA client
            return(authZServer.HandleTokenRequest((HttpRequestBase)request.OriginalRequest));
        }
Exemple #12
0
        public async Task Should_Throw_IdentityException_On_Not_Existing_User()
        {
            //arrange
            var(fakeUser, sut, _) = Arrange();
            var createAccessToken = new CreateAccessToken(fakeUser.Id);

            //act
            Func <Task> action = async() => await sut.Handle(createAccessToken, new CancellationToken());

            //assert
            action.Should().Throw <IdentityException>();
            await Task.CompletedTask;
        }
Exemple #13
0
        public async Task Should_Create_AccessToken()
        {
            //arrange
            var(fakeUser, sut, userRepository) = Arrange();
            userRepository.GetAsync(Arg.Any <string>()).ReturnsForAnyArgs(fakeUser);
            userRepository.GetAsync(Arg.Any <Guid>()).ReturnsForAnyArgs(fakeUser);
            var createAccessToken = new CreateAccessToken(fakeUser.Id);

            //act
            Func <Task> action = async() => await sut.Handle(createAccessToken, new CancellationToken());

            //assert
            action.Should().NotThrow();
            await Task.CompletedTask;
        }
Exemple #14
0
            public override void WhenPostCreateAccessToken_ThenCreatesResource()
            {
                Client.AddCredentials(Clients.Test.ClientApplication.ClientIdentifier,
                                      Clients.Test.ClientApplication.ClientSecret);

                CreateAccessToken request = MakeCreateAccessToken();

                request.Username = Clients.Test.ClientUserAccount.AuthInfo.Username;
                request.Password = Clients.Test.ClientUserAccount.Password;
                CreateAccessTokenResponse result = Client.Post(request);

                Assert.True(result.AccessToken.HasValue());
                Assert.Equal(TimeSpan.FromMinutes(15).TotalSeconds.ToString(CultureInfo.InvariantCulture),
                             result.ExpiresIn);
                Assert.True(result.RefreshToken.HasValue());
                Assert.Equal(AccessScope.Profile, result.Scope);
            }
Exemple #15
0
        /// <summary>
        ///     Creates a new access token for a specific user.
        /// </summary>
        internal CreateAccessTokenResponse CreateAccessToken(IRequest request, CreateAccessToken body)
        {
            Guard.NotNull(() => request, request);
            Guard.NotNull(() => body, body);

            // Delegate to DNOA to process the incoming request
            DnoaAuthZResponse response = DnoaAuthorizationServer.HandleTokenRequest(request, body);

            var accessToken = new CreateAccessTokenResponse
            {
                AccessToken  = response.AccessToken,
                RefreshToken = response.RefreshToken,
                ExpiresIn    = response.ExpiresIn,
                TokenType    = response.TokenType,
                Scope        = response.Scope,
            };

            //TODO: Audit the creation of the access_token

            return(accessToken);
        }
Exemple #16
0
        /// <summary>
        ///     Populates the request object form fields from fields in body
        /// </summary>
        /// <remarks>
        ///     The DotNetOpenAuth library expects a <see cref="MimeTypes.FormUrlEncoded" /> request that contains all the
        ///     necessary form fields,
        ///     (equivalent to the fields in the JSON body).
        ///     When we call this REST method from the DotNetOpenAuth client, the form fields are populated,
        ///     AND ServiceStack reads them into the fields of the JSON body for us.
        ///     When we call this REST method from a JsonClient however, the form fields are not populated from the fields of the
        ///     JSON body.
        ///     This needs to be done manually before the DotNetOpenAuth methods will complete properly.
        /// </remarks>
        private static HttpRequestMessage ConvertJsonRequestToFormRequest(IRequest request,
                                                                          CreateAccessToken jsonRequest)
        {
            var requestMsg = new HttpRequestMessage(HttpMethod.Post, request.AbsoluteUri);

            var fields = new List <KeyValuePair <string, string> >
            {
                new KeyValuePair <string, string>(@"grant_type", jsonRequest.GrantType),
                new KeyValuePair <string, string>(@"username", jsonRequest.Username),
                new KeyValuePair <string, string>(@"password", jsonRequest.Password),
                new KeyValuePair <string, string>(@"refresh_token", jsonRequest.RefreshToken),
                new KeyValuePair <string, string>(@"scope", jsonRequest.Scope),
            };

            // Fill in form content
            requestMsg.Content = new FormUrlEncodedContent(fields);

            //Copy any headers from original request (except ContentType and ContentLength)
            request.Headers
            .ToDictionary()
            .ForEach((name, value) =>
            {
                if (!name.Equals(HttpHeaders.ContentType) &&
                    !name.Equals(HttpHeaders.ContentLength))
                {
                    requestMsg.Headers.Add(name, value);
                }
            });

            // Set caching header
            requestMsg.Headers.Add(HttpHeaders.CacheControl, new[]
            {
                "no-store",
                "no-cache"
            });

            return(requestMsg);
        }
Exemple #17
0
 CreateAccessTokenResponse IAccessTokensManager.CreateAccessToken(IRequest request, CreateAccessToken body)
 {
     return(CreateAccessToken(request, body));
 }