public async Task BankIdAuthentication_Login_Returns_Form_And_Status() { // Arrange using var server = CreateServer(o => { o.UseSimulatedEnvironment() .AddSameDevice(); }, DefaultAppConfiguration(async context => { await context.ChallengeAsync(BankIdDefaults.SameDeviceAuthenticationScheme); }), services => { services.AddTransient(s => _bankIdLoginOptionsProtector.Object); }); // Act var request = CreateRequestWithStateCookie(server, "/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y"); var transaction = await request.GetAsync(); // Assert Assert.Equal(HttpStatusCode.OK, transaction.StatusCode); var document = await HtmlDocumentHelper.FromContent(transaction.Content); Assert.NotNull(document.GetElement <IHtmlFormElement>("form[id='bankIdLoginForm']")); Assert.NotNull(document.GetElement <IHtmlDivElement>("div[id='bankIdLoginStatus']")); Assert.NotNull(document.GetElement <IHtmlImageElement>("img.qr-code-image")); Assert.Equal("/", document.GetInputValue("input[name='ReturnUrl']")); Assert.Equal("/", document.GetInputValue("input[name='CancelReturnUrl']")); Assert.Equal("X", document.GetInputValue("input[name='LoginOptions']")); Assert.Equal("true", document.GetInputValue("input[name='AutoLogin']")); }
public async Task BankIdAuthentication_Login_Returns_Form_With_Resolved_Cancel_Url() { // Arrange var options = new BankIdLoginOptions(new List <string>(), null, false, true, false, false, "~/cru", DefaultStateCookieName); var mockProtector = new Mock <IBankIdLoginOptionsProtector>(); mockProtector .Setup(protector => protector.Unprotect(It.IsAny <string>())) .Returns(options); using var server = CreateServer(o => { o.UseSimulatedEnvironment() .AddSameDevice(); }, DefaultAppConfiguration(async context => { await context.ChallengeAsync(BankIdDefaults.SameDeviceAuthenticationScheme); }), services => { services.AddTransient(s => mockProtector.Object); }); // Act var request = CreateRequestWithStateCookie(server, "/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y"); var transaction = await request.GetAsync(); // Assert Assert.Equal(HttpStatusCode.OK, transaction.StatusCode); var document = await HtmlDocumentHelper.FromContent(transaction.Content); Assert.Equal("/cru", document.GetInputValue("input[name='CancelReturnUrl']")); }
private async Task <HttpResponseMessage> GetInitializeResponse(HttpClient client, object initializeRequestBody) { // Arrange csrf info var loginResponse = await client.GetAsync("/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y"); var loginCookies = loginResponse.Headers.GetValues("set-cookie"); var document = await HtmlDocumentHelper.FromContent(loginResponse.Content); var csrfToken = document.GetRequestVerificationToken(); // Arrange acting request var initializeRequest = new JsonContent(initializeRequestBody); initializeRequest.Headers.Add("Cookie", loginCookies); initializeRequest.Headers.Add("RequestVerificationToken", csrfToken); return(await client.PostAsync("/BankIdAuthentication/Api/Initialize", initializeRequest)); }
public async Task Cancel_Calls_CancelApi() { // Arrange mocks var autoLaunchOptions = new BankIdLoginOptions(new List <string>(), null, false, true, false, false, string.Empty, DefaultStateCookieName); var mockProtector = new Mock <IBankIdLoginOptionsProtector>(); mockProtector .Setup(protector => protector.Unprotect(It.IsAny <string>())) .Returns(autoLaunchOptions); var testBankIdApi = new TestBankIdApi(new BankIdSimulatedApiClient()); using var server = CreateServer( o => { o.UseSimulatedEnvironment().AddSameDevice(); o.AuthenticationBuilder.Services.AddTransient <IBankIdLauncher, TestBankIdLauncher>(); }, DefaultAppConfiguration(async context => { await context.ChallengeAsync(BankIdDefaults.SameDeviceAuthenticationScheme); }), services => { services.AddTransient(s => mockProtector.Object); services.AddSingleton <IBankIdApiClient>(s => testBankIdApi); }); // Arrange csrf info var loginRequest = CreateRequestWithStateCookie(server, "/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y"); var loginResponse = await loginRequest.GetAsync(); var loginCookies = loginResponse.Headers.GetValues("set-cookie"); var document = await HtmlDocumentHelper.FromContent(loginResponse.Content); var csrfToken = document.GetRequestVerificationToken(); // Arrange acting request var testReturnUrl = "/TestReturnUrl"; var testOptions = "TestOptions"; var initializeRequest = new JsonContent(new { returnUrl = testReturnUrl, loginOptions = testOptions }); initializeRequest.Headers.Add("Cookie", loginCookies); initializeRequest.Headers.Add("RequestVerificationToken", csrfToken); // Act var client = server.CreateClient(); var initializeTransaction = await client.PostAsync("/BankIdAuthentication/Api/Initialize", initializeRequest); var initializeResponseContent = await initializeTransaction.Content.ReadAsStringAsync(); var initializeObject = JsonConvert.DeserializeAnonymousType(initializeResponseContent, new { RedirectUri = "", OrderRef = "", IsAutoLaunch = false }); var cancelRequest = new JsonContent(new { orderRef = initializeObject.OrderRef, loginOptions = "TestOptions", cancelReturnUrl = "/" }); cancelRequest.Headers.Add("Cookie", loginCookies); cancelRequest.Headers.Add("RequestVerificationToken", csrfToken); // Act var cancelTransaction = await client.PostAsync("/BankIdAuthentication/Api/Cancel", cancelRequest); // Assert Assert.Equal(HttpStatusCode.OK, cancelTransaction.StatusCode); Assert.True(testBankIdApi.CancelAsyncIsCalled); }
public async Task AutoLaunch_Sets_Correct_RedirectUri() { // Arrange mocks var autoLaunchOptions = new BankIdLoginOptions(new List <string>(), null, false, true, false, false, string.Empty); var mockProtector = new Mock <IBankIdLoginOptionsProtector>(); mockProtector .Setup(protector => protector.Unprotect(It.IsAny <string>())) .Returns(autoLaunchOptions); using var client = CreateServer( o => { o.AuthenticationBuilder.Services.TryAddTransient <IBankIdLauncher, TestBankIdLauncher>(); o.UseSimulatedEnvironment().AddSameDevice(); }, DefaultAppConfiguration(async context => { await context.ChallengeAsync(BankIdDefaults.SameDeviceAuthenticationScheme); }), services => { services.AddTransient(s => mockProtector.Object); }) .CreateClient(); // Arrange csrf info var loginResponse = await client.GetAsync("/BankIdAuthentication/Login?returnUrl=%2F&loginOptions=X&orderRef=Y"); var loginCookies = loginResponse.Headers.GetValues("set-cookie"); var loginContent = await loginResponse.Content.ReadAsStringAsync(); var document = await HtmlDocumentHelper.FromContent(loginResponse.Content); var csrfToken = document.GetRequestVerificationToken(); // Arrange acting request var testReturnUrl = "/TestReturnUrl"; var testOptions = "TestOptions"; var initializeRequest = new JsonContent(new { returnUrl = testReturnUrl, loginOptions = testOptions }); initializeRequest.Headers.Add("Cookie", loginCookies); initializeRequest.Headers.Add("RequestVerificationToken", csrfToken); // Act var transaction = await client.PostAsync("/BankIdAuthentication/Api/Initialize", initializeRequest); // Assert Assert.Equal(HttpStatusCode.OK, transaction.StatusCode); var responseContent = await transaction.Content.ReadAsStringAsync(); var responseObject = JsonConvert.DeserializeAnonymousType(responseContent, new { RedirectUri = "", OrderRef = "", IsAutoLaunch = false }); Assert.True(responseObject.IsAutoLaunch); var encodedReturnParam = UrlEncoder.Default.Encode(testReturnUrl); var expectedUrl = $"http://localhost/BankIdAuthentication/Login?returnUrl={encodedReturnParam}&loginOptions={testOptions}"; Assert.Equal(expectedUrl, responseObject.RedirectUri); }