public void GetRefreshTokenTest()
{
using (var harness = new MockHttpAndServiceBundle())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle);
var rtItem = new MsalRefreshTokenCacheItem(
MsalTestConstants.ProductionPrefNetworkEnvironment,
MsalTestConstants.ClientId,
"someRT",
MockHelpers.CreateClientInfo());
string rtKey = rtItem.GetKey().ToString();
cache.Accessor.SaveRefreshToken(rtItem);
var authParams = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
MsalTestConstants.Scope,
account: MsalTestConstants.User);
Assert.IsNotNull(cache.FindRefreshTokenAsync(authParams));
// RT is stored by environment, client id and userIdentifier as index.
// any change to authority (within same environment), uniqueid and displyableid will not
// change the outcome of cache look up.
Assert.IsNotNull(cache.FindRefreshTokenAsync(
harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityHomeTenant + "more",
MsalTestConstants.Scope,
account: MsalTestConstants.User)));
}
}
public void GetExpiredAccessToken_WithExtendedExpireStillValid_Test()
{
using (var harness = new MockHttpAndServiceBundle(isExtendedTokenLifetimeEnabled: true))
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle);
var atItem = new MsalAccessTokenCacheItem(
MsalTestConstants.ProductionPrefNetworkEnvironment,
MsalTestConstants.ClientId,
MsalTestConstants.Scope.AsSingleString(),
MsalTestConstants.Utid,
null,
new DateTimeOffset(DateTime.UtcNow),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(2)),
MockHelpers.CreateClientInfo());
atItem.Secret = atItem.GetKey().ToString();
cache.Accessor.SaveAccessToken(atItem);
var param = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
new SortedSet <string>(),
account: new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null));
var cacheItem = cache.FindAccessTokenAsync(param).Result;
Assert.IsNotNull(cacheItem);
Assert.AreEqual(atItem.GetKey().ToString(), cacheItem.GetKey().ToString());
Assert.IsTrue(cacheItem.IsExtendedLifeTimeToken);
}
}
private void CreateBrokerHelper()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: TestConstants.s_extraQueryParams,
claims: TestConstants.Claims);
parameters.IsBrokerEnabled = true;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new MockWebUI());
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker();
_brokerInteractiveRequest =
new BrokerInteractiveRequest(
parameters,
interactiveParameters,
harness.ServiceBundle,
null,
broker);
}
}
public async Task RedirectUriContainsFragmentErrorTestAsync()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: new Dictionary <string, string>
{
{ "extra", "qp" }
});
parameters.RedirectUri = new Uri("some://uri#fragment=not-so-good");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.ForceLogin,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
var request = new InteractiveRequest(
parameters,
interactiveParameters);
var ex = await AssertException.TaskThrowsAsync <ArgumentException>
(() => request.RunAsync()).ConfigureAwait(false);
Assert.IsTrue(ex.Message.Contains(MsalErrorMessage.RedirectUriContainsFragment));
}
}
private void CreateBrokerHelper()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityHomeTenant,
MsalTestConstants.Scope,
new TokenCache(harness.ServiceBundle),
extraQueryParameters: MsalTestConstants.ExtraQueryParams,
claims: MsalTestConstants.Claims);
parameters.IsBrokerEnabled = true;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new MockWebUI());
BrokerFactory brokerFactory = new BrokerFactory();
_brokerInteractiveRequest = new BrokerInteractiveRequest(parameters, interactiveParameters, harness.ServiceBundle, null, brokerFactory.Create(harness.ServiceBundle));
}
}
public async Task WithExtraQueryParamsAndClaimsAsync()
{
IDictionary <string, string> extraQueryParamsAndClaims =
TestConstants.ExtraQueryParameters.ToDictionary(e => e.Key, e => e.Value);
extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims);
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
var cache = new TokenCache(harness.ServiceBundle, false);
var ui = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=some-code"),
QueryParamsToValidate = TestConstants.ExtraQueryParameters
};
MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, ui);
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
var tokenResponseHandler = new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ExpectedQueryParams = TestConstants.ExtraQueryParameters,
ExpectedPostData = new Dictionary <string, string>()
{
{ OAuth2Parameter.Claims, TestConstants.Claims }
},
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
};
harness.HttpManager.AddMockHandler(tokenResponseHandler);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
cache,
extraQueryParameters: TestConstants.ExtraQueryParameters,
claims: TestConstants.Claims);
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.SelectAccount,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
var request = new InteractiveRequest(
parameters,
interactiveParameters);
AuthenticationResult result = await request.RunAsync().ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count());
Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(result.AccessToken, "some-access-token");
}
}
public void TestIsFociMember_EnvAlias()
{
// Arrange
using (var harness = new MockHttpAndServiceBundle())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle);
AuthenticationRequestParameters requestParams = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
MsalTestConstants.Scope,
account: MsalTestConstants.User);
cache.Accessor.SaveAppMetadata(
new MsalAppMetadataCacheItem(
MsalTestConstants.ClientId,
MsalTestConstants.ProductionNotPrefEnvironmentAlias,
"1"));
// Act
bool?result = cache.IsFociMemberAsync(requestParams, "1").Result; //requst params uses ProductionPrefEnvAlias
// Assert
Assert.AreEqual(true, result.Value);
}
}
public async Task BrokerInteractiveRequestBrokerRequiredTestAsync()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockWebUI ui = new MockWebUI()
{
// When the auth code is returned from the authorization server prefixed with msauth://
// this means the user who logged requires cert based auth and broker
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=msauth://some-code")
};
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
harness.ServiceBundle.PlatformProxy.SetBrokerForTest(CreateMockBroker());
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false));
parameters.IsBrokerEnabled = false;
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
new AcquireTokenInteractiveParameters(),
ui);
AuthenticationResult result = await request.RunAsync(CancellationToken.None).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("access-token", result.AccessToken);
}
}
public void GetSubsetScopesMatchedAccessTokenTest()
{
using (var harness = new MockHttpAndServiceBundle())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle);
var atItem = new MsalAccessTokenCacheItem(
MsalTestConstants.ProductionPrefNetworkEnvironment,
MsalTestConstants.ClientId,
MsalTestConstants.Scope.AsSingleString(),
MsalTestConstants.Utid,
null,
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(1)),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(2)),
MockHelpers.CreateClientInfo());
// create key out of access token cache item and then
// set it as the value of the access token.
string atKey = atItem.GetKey().ToString();
atItem.Secret = atKey;
cache.Accessor.SaveAccessToken(atItem);
var param = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
new SortedSet <string>(),
account: MsalTestConstants.User);
param.Scope.Add("r1/scope1");
var item = cache.FindAccessTokenAsync(param).Result;
Assert.IsNotNull(item);
Assert.AreEqual(atKey, item.Secret);
}
}
public void NullArgs()
{
using (var harness = new MockHttpAndServiceBundle())
{
var bundle = harness.ServiceBundle;
AuthenticationRequestParameters requestParams = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false));
var interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.SelectAccount,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
var webUi = NSubstitute.Substitute.For <IWebUI>();
AssertException.Throws <ArgumentNullException>(() =>
new InteractiveRequest(null, requestParams, interactiveParameters, webUi));
AssertException.Throws <ArgumentNullException>(() =>
new InteractiveRequest(bundle, null, interactiveParameters, webUi));
AssertException.Throws <ArgumentNullException>(() =>
new InteractiveRequest(bundle, requestParams, null, webUi));
}
}
public void GetAppTokenFromCacheTest()
{
using (var harness = new MockHttpAndServiceBundle())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle);
var atItem = new MsalAccessTokenCacheItem(
MsalTestConstants.ProductionPrefNetworkEnvironment,
MsalTestConstants.ClientId,
MsalTestConstants.Scope.AsSingleString(),
MsalTestConstants.Utid,
null,
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExtendedExpiresIn)),
MockHelpers.CreateClientInfo());
string atKey = atItem.GetKey().ToString();
atItem.Secret = atKey;
cache.Accessor.SaveAccessToken(atItem);
var authParams = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
MsalTestConstants.Scope);
authParams.ClientCredential = MsalTestConstants.CredentialWithSecret;
authParams.IsClientCredentialRequest = true;
var cacheItem = cache.FindAccessTokenAsync(authParams).Result;
Assert.IsNotNull(cacheItem);
Assert.AreEqual(atItem.GetKey().ToString(), cacheItem.GetKey().ToString());
}
}
[WorkItem(1418)] // test for bug https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1418
public async Task VerifyAuthorizationResult_NoErrorDescription_Async()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
MockWebUI webUi = new MockWebUI()
{
// error code and error description is empty string (not null)
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=some_error&error_description= "),
};
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false));
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
new AcquireTokenInteractiveParameters(),
webUi);
var ex = await AssertException.TaskThrowsAsync <MsalServiceException>(
() => request.ExecuteAsync(CancellationToken.None))
.ConfigureAwait(false);
Assert.AreEqual("some_error", ex.ErrorCode);
Assert.AreEqual(InteractiveRequest.UnknownError, ex.Message);
}
}
public void GetAccessTokenExpiryInRangeTest()
{
using (var harness = new MockHttpAndServiceBundle())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle);
var atItem = new MsalAccessTokenCacheItem(
MsalTestConstants.ProductionPrefNetworkEnvironment,
MsalTestConstants.ClientId,
MsalTestConstants.Scope.AsSingleString(),
MsalTestConstants.Utid,
"",
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromMinutes(4)),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(2)),
MockHelpers.CreateClientInfo());
atItem.Secret = atItem.GetKey().ToString();
cache.Accessor.SaveAccessToken(atItem);
var param = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
new SortedSet <string>(),
account: new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null));
Assert.IsNull(cache.FindAccessTokenAsync(param).Result);
}
}
public async Task FetchTransferToken_FailSilently_Async()
{
// Arrange
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
var msaProvider = new WebAccountProvider("id", "*****@*****.**", null);
Client.Internal.Requests.AuthenticationRequestParameters requestParams =
harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
validateAuthority: true);
requestParams.AppConfig.WindowsBrokerOptions = new WindowsBrokerOptions()
{
MsaPassthrough = true
};
var msaRequest = new WebTokenRequest(msaProvider);
_msaPlugin.CreateWebTokenRequestAsync(msaProvider, requestParams, false, true, false, MsaPassthroughHandler.TransferTokenScopes)
.Returns(Task.FromResult(msaRequest));
_msaPlugin.MapTokenRequestError(WebTokenRequestStatus.ProviderError, 0, true)
.Returns(Tuple.Create("some_provider_error", "", false));
var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.ProviderError);
_wamProxy.RequestTokenForWindowAsync(IntPtr.Zero, msaRequest).Returns(webTokenResponseWrapper);
// Act
var transferToken = await _msaPassthroughHandler.TryFetchTransferTokenInteractiveAsync(requestParams, msaProvider)
.ConfigureAwait(false);
// Assert
Assert.IsNull(transferToken);
}
}
public async Task NoBroker_WebUiOnly_Async()
{
// Arrange - common stuff
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockInstanceDiscovery(harness.HttpManager);
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle, false);
var requestParams = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
cache);
var interactiveParameters = new AcquireTokenInteractiveParameters();
// Arrange - important for test
requestParams.AppConfig.IsBrokerEnabled = false;
var authCodeResult = new Tuple <AuthorizationResult, string>(new AuthorizationResult()
{
Code = "some_auth_code"
}, "pkce_verifier");
_authCodeRequestComponentOverride.FetchAuthCodeAndPkceVerifierAsync(CancellationToken.None)
.Returns(Task.FromResult(authCodeResult));
_authCodeExchangeComponentOverride.FetchTokensAsync(CancellationToken.None)
.Returns(Task.FromResult(_msalTokenResponse));
InteractiveRequest interactiveRequest = new InteractiveRequest(
requestParams,
interactiveParameters,
_authCodeRequestComponentOverride,
_authCodeExchangeComponentOverride,
_brokerExchangeComponentOverride);
// Act
AuthenticationResult result = await interactiveRequest.RunAsync().ConfigureAwait(false);
// Assert - common stuff
Assert.IsNotNull(result);
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken));
Assert.AreEqual(1, cache.Accessor.GetAllAccessTokens().Count());
// Assert - orchestration
#pragma warning disable VSTHRD101 // Avoid unsupported async delegates
Received.InOrder(async() =>
{
await _authCodeRequestComponentOverride
.FetchAuthCodeAndPkceVerifierAsync(default)
public async Task FetchTransferToken_Silent_Async()
{
// Arrange
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
var msaProvider = new WebAccountProvider("id", "*****@*****.**", null);
Client.Internal.Requests.AuthenticationRequestParameters requestParams =
harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
validateAuthority: true);
requestParams.AppConfig.WindowsBrokerOptions = new WindowsBrokerOptions()
{
MsaPassthrough = true
};
var msaRequest = new WebTokenRequest(msaProvider);
_msaPlugin.CreateWebTokenRequestAsync(msaProvider, requestParams, false, false, true, MsaPassthroughHandler.TransferTokenScopes)
.Returns(Task.FromResult(msaRequest));
var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
WebAccount accountFromMsaProvider = new WebAccount(msaProvider, "*****@*****.**", WebAccountState.Connected);
var webTokenResponse = new WebTokenResponse("transfer_token", accountFromMsaProvider);
webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>()
{
webTokenResponse
});
_wamProxy.RequestTokenForWindowAsync(IntPtr.Zero, msaRequest, accountFromMsaProvider).Returns(webTokenResponseWrapper);
_msaPlugin.ParseSuccessfullWamResponse(Arg.Any <WebTokenResponse>(), out Arg.Any <Dictionary <string, string> >())
.Returns(x =>
{
x[1] = new Dictionary <string, string>();
(x[1] as Dictionary <string, string>).Add("code", "actual_transfer_token");
return(new MsalTokenResponse());
});
// Act
var transferToken = await _msaPassthroughHandler.TryFetchTransferTokenSilentAsync(
requestParams,
accountFromMsaProvider)
.ConfigureAwait(false);
// Assert
Assert.AreEqual("actual_transfer_token", transferToken);
}
}
public void GetExactScopesMatchedAccessTokenTest()
{
var atItem = Credential.CreateAccessToken(
MsalTestConstants.HomeAccountId,
MsalTestConstants.ProductionPrefNetworkEnvironment,
new Uri(MsalTestConstants.AuthorityTestTenant).GetRealm(),
MsalTestConstants.ClientId,
ScopeUtils.JoinScopes(MsalTestConstants.Scope),
TimeUtils.GetSecondsFromEpochNow(),
TimeUtils.GetSecondsFromEpochNow() + MsalCacheV2TestConstants.ValidExpiresIn,
TimeUtils.GetSecondsFromEpochNow() + MsalCacheV2TestConstants.ValidExtendedExpiresIn,
TheSecret,
string.Empty);
_storageWorker.WriteCredentials(
new List <Credential>
{
atItem
});
using (var harness = new MockHttpAndServiceBundle())
{
// TODO: In MSALC++, the request parameters only really needs the
// Authority URI itself since the cache isn't meant to
// do ANY network calls.
// So it would be great if we could reduce the complexity/dependencies
// here and do any of the validated authority cache / instance discovery
// outside of the context of the authentication parameters and
// cache interaction and just track the authority we're using...
// AccountId = MsalTestConstants.HomeAccountId,
// Authority = new Uri(MsalTestConstants.AuthorityTestTenant),
var cacheManager = new CacheManager(_storageManager, harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
new SortedSet <string>(MsalCacheV2TestConstants.Scope),
account: MsalTestConstants.User));
Assert.IsTrue(cacheManager.TryReadCache(out var tokenResponse, out var accountResponse));
Assert.IsNotNull(tokenResponse);
Assert.IsNull(accountResponse);
Assert.AreEqual(TheSecret, tokenResponse.AccessToken);
}
}
private static async Task ExecuteTestAsync(
bool withTokenRequest,
Action <ICustomWebUi> customizeWebUiBehavior,
Func <InteractiveRequest, Task> executionBehavior)
{
var customWebUi = Substitute.For <ICustomWebUi>();
customizeWebUiBehavior(customWebUi);
using (var harness = new MockHttpAndServiceBundle())
{
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
if (withTokenRequest)
{
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
}
var parameters = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityHomeTenant,
MsalTestConstants.Scope);
parameters.RedirectUri = new Uri(ExpectedRedirectUri);
parameters.LoginHint = MsalTestConstants.DisplayableId;
var interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.ForceLogin,
ExtraScopesToConsent = MsalTestConstants.ScopeForAnotherResource.ToArray(),
CustomWebUi = customWebUi
};
var request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new CustomWebUiHandler(customWebUi));
await executionBehavior(request).ConfigureAwait(false);
}
}
public void DuplicateQueryParameterErrorTest()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
harness.HttpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityHomeTenant);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: new Dictionary <string, string> {
{ "extra", "qp" }, { "prompt", "login" }
});
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.ForceLogin,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new MockWebUI());
try
{
request.ExecuteAsync(CancellationToken.None).Wait();
Assert.Fail("MsalException should be thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(
MsalError.DuplicateQueryParameterError,
((MsalException)exc.InnerException).ErrorCode);
}
}
}
private void ValidateOathClient(HttpResponseMessage httpResponseMessage, Action <Exception> validationHandler)
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ResponseMessage = httpResponseMessage
});
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityHomeTenant,
MsalTestConstants.Scope,
null);
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = MsalTestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.SelectAccount,
ExtraScopesToConsent = MsalTestConstants.ScopeForAnotherResource.ToArray(),
};
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new MockWebUI());
try
{
request.ExecuteAsync(CancellationToken.None).Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
validationHandler(exc);
}
}
}
private MockHttpAndServiceBundle CreateBrokerHelper()
{
MockHttpAndServiceBundle harness = CreateTestHarness();
_parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: TestConstants.ExtraQueryParameters,
claims: TestConstants.Claims);
_parameters.IsBrokerConfigured = true;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
_acquireTokenSilentParameters = new AcquireTokenSilentParameters();
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(null);
_brokerInteractiveRequest =
new BrokerInteractiveRequestComponent(
_parameters,
interactiveParameters,
broker,
"install_url");
_brokerSilentAuthStrategy =
new SilentBrokerAuthStrategy(
new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters),
harness.ServiceBundle,
_parameters,
_acquireTokenSilentParameters,
broker);
_brokerHttpResponse = new HttpResponse();
_brokerHttpResponse.Body = "SomeBody";
_brokerHttpResponse.StatusCode = HttpStatusCode.Unauthorized;
_brokerHttpResponse.Headers = new HttpResponseMessage().Headers;
return(harness);
}
public void GetAccessTokenUserAssertionMismatchInCacheTest()
{
using (var harness = new MockHttpAndServiceBundle())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle);
var atItem = new MsalAccessTokenCacheItem(
MsalTestConstants.ProductionPrefNetworkEnvironment,
MsalTestConstants.ClientId,
MsalTestConstants.Scope.AsSingleString(),
MsalTestConstants.Utid,
null,
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(1)),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(2)),
MockHelpers.CreateClientInfo());
// create key out of access token cache item and then
// set it as the value of the access token.
string atKey = atItem.GetKey().ToString();
atItem.Secret = atKey;
atItem.UserAssertionHash = harness.ServiceBundle.PlatformProxy.CryptographyManager.CreateBase64UrlEncodedSha256Hash(atKey);
cache.Accessor.SaveAccessToken(atItem);
var authParams = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
MsalTestConstants.Scope);
authParams.UserAssertion = new UserAssertion(atItem.UserAssertionHash + "-random");
var item = cache.FindAccessTokenAsync(authParams).Result;
// cache lookup should fail because there was userassertion hash did not match the one
// stored in token cache item.
Assert.IsNull(item);
}
}
private (Client.Internal.Requests.AuthenticationRequestParameters requestParams, IWebTokenRequestResultWrapper webTokenResponseWrapper) SetupSilentCall(MockHttpAndServiceBundle harness)
{
var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null);
var requestParams = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant);
requestParams.Account = new Account(
$"{TestConstants.Uid}.{TestConstants.Utid}",
TestConstants.DisplayableId,
null,
new Dictionary <string, string>()
{
{ TestConstants.ClientId, "wam_id_1" }
}); // account has wam_id!
var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected);
var webTokenRequest = new WebTokenRequest(wamAccountProvider);
IWebTokenRequestResultWrapper webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
_webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider));
_wamProxy.FindAccountAsync(Arg.Any <WebAccountProvider>(), "wam_id_1").Returns(Task.FromResult(webAccount));
_aadPlugin.CreateWebTokenRequestAsync(
wamAccountProvider,
requestParams,
isForceLoginPrompt: false,
isAccountInWam: true,
isInteractive: false)
.Returns(Task.FromResult(webTokenRequest));
_wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest).
Returns(Task.FromResult(webTokenResponseWrapper));
return(requestParams, webTokenResponseWrapper);
}
private void CreateBrokerHelper()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: TestConstants.ExtraQueryParameters,
claims: TestConstants.Claims);
parameters.IsBrokerConfigured = true;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
AcquireTokenSilentParameters acquireTokenSilentParameters = new AcquireTokenSilentParameters();
//PublicAuthCodeRequest request = new PublicAuthCodeRequest(
// parameters,
// interactiveParameters,
// new MockWebUI());
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(null);
_brokerInteractiveRequest =
new BrokerInteractiveRequestComponent(
parameters,
interactiveParameters,
broker,
"install_url");
_brokerSilentRequest =
new BrokerSilentRequest(
parameters,
acquireTokenSilentParameters,
harness.ServiceBundle,
broker);
}
}
public void BrokerInteractiveRequest_CreateBrokerParametersTest()
{
using (var harness = new MockHttpAndServiceBundle())
{
// Arrange
var parameters = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
null,
null,
null,
MsalTestConstants.ExtraQueryParams);
// Act
BrokerInteractiveRequest brokerInteractiveRequest = new BrokerInteractiveRequest(parameters, null, null, null);
brokerInteractiveRequest.CreateRequestParametersForBroker();
// Assert
Assert.AreEqual(10, brokerInteractiveRequest._brokerPayload.Count);
Assert.AreEqual(CanonicalizedAuthority, brokerInteractiveRequest._brokerPayload[BrokerParameter.Authority]);
Assert.AreEqual(MsalTestConstants.ScopeStr, brokerInteractiveRequest._brokerPayload[BrokerParameter.RequestScopes]);
Assert.AreEqual(MsalTestConstants.ClientId, brokerInteractiveRequest._brokerPayload[BrokerParameter.ClientId]);
Assert.IsFalse(String.IsNullOrEmpty(brokerInteractiveRequest._brokerPayload[BrokerParameter.CorrelationId]));
Assert.AreNotEqual(Guid.Empty.ToString(), brokerInteractiveRequest._brokerPayload[BrokerParameter.CorrelationId]);
Assert.AreEqual(MsalIdHelper.GetMsalVersion(), brokerInteractiveRequest._brokerPayload[BrokerParameter.ClientVersion]);
Assert.AreEqual("NO", brokerInteractiveRequest._brokerPayload[BrokerParameter.Force]);
Assert.AreEqual(string.Empty, brokerInteractiveRequest._brokerPayload[BrokerParameter.Username]);
Assert.AreEqual(MsalTestConstants.RedirectUri, brokerInteractiveRequest._brokerPayload[BrokerParameter.RedirectUri]);
Assert.AreEqual(MsalTestConstants.BrokerExtraQueryParameters, brokerInteractiveRequest._brokerPayload[BrokerParameter.ExtraQp]);
//Assert.AreEqual(MsalTestConstants.BrokerClaims, brokerInteractiveRequest._brokerPayload[BrokerParameter.Claims]); //TODO
Assert.AreEqual(BrokerParameter.OidcScopesValue, brokerInteractiveRequest._brokerPayload[BrokerParameter.ExtraOidcScopes]);
}
}
public void GetRefreshTokenDifferentEnvironmentTest()
{
using (var harness = new MockHttpAndServiceBundle())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle);
var rtItem = new MsalRefreshTokenCacheItem(
MsalTestConstants.SovereignNetworkEnvironment,
MsalTestConstants.ClientId,
"someRT",
MockHelpers.CreateClientInfo());
string rtKey = rtItem.GetKey().ToString();
cache.Accessor.SaveRefreshToken(rtItem);
var authParams = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
MsalTestConstants.Scope,
account: MsalTestConstants.User);
var rt = cache.FindRefreshTokenAsync(authParams).Result;
Assert.IsNull(rt);
}
}
public void RedirectUriContainsFragmentErrorTest()
{
try
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: new Dictionary <string, string>
{
{ "extra", "qp" }
});
parameters.RedirectUri = new Uri("some://uri#fragment=not-so-good");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.ForceLogin,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new MockWebUI());
Assert.Fail("ArgumentException should be thrown here");
}
}
catch (ArgumentException ae)
{
Assert.IsTrue(ae.Message.Contains(MsalErrorMessage.RedirectUriContainsFragment));
}
}
public void TestIsFociMember()
{
// Arrange
using (var harness = new MockHttpAndServiceBundle())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle);
AuthenticationRequestParameters requestParams = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityTestTenant,
MsalTestConstants.Scope,
account: MsalTestConstants.User);
// Act
bool?result = cache.IsFociMemberAsync(requestParams, "1").Result;
// Assert
Assert.IsNull(result, "No app metadata, should return null which indicates <uknown>");
ValidateIsFociMember(cache, requestParams,
metadataFamilyId: "1",
expectedResult: true, // checks for familyId "1"
errMessage: "Valid app metadata, should return true because family Id matches");
ValidateIsFociMember(cache, requestParams,
metadataFamilyId: "2",
expectedResult: false, // checks for familyId "1"
errMessage: "Valid app metadata, should return false because family Id does not match");
ValidateIsFociMember(cache, requestParams,
metadataFamilyId: null,
expectedResult: false, // checks for familyId "1"
errMessage: "Valid app metadata showing that the app is not member of any family");
}
}
private AuthenticationRequestParameters CreateAuthenticationParametersAndSetupMocks(
MockHttpAndServiceBundle harness,
int numAuthorizationPendingResults,
out HashSet <string> expectedScopes,
bool isAdfs = false)
{
var cache = new TokenCache(harness.ServiceBundle, false);
var parameters = harness.CreateAuthenticationRequestParameters(
isAdfs ? TestConstants.OnPremiseAuthority : TestConstants.AuthorityHomeTenant,
null,
cache,
null,
extraQueryParameters: TestConstants.s_extraQueryParams,
claims: TestConstants.Claims);
if (isAdfs)
{
harness.HttpManager.AddMockHandler(new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateAdfsOpenIdConfigurationResponse(TestConstants.OnPremiseAuthority)
});
}
else
{
TestCommon.MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
}
expectedScopes = new HashSet <string>();
expectedScopes.UnionWith(TestConstants.s_scope);
expectedScopes.Add(OAuth2Value.ScopeOfflineAccess);
expectedScopes.Add(OAuth2Value.ScopeProfile);
expectedScopes.Add(OAuth2Value.ScopeOpenId);
IDictionary <string, string> extraQueryParamsAndClaims =
TestConstants.s_extraQueryParams.ToDictionary(e => e.Key, e => e.Value);
extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims);
// Mock Handler for device code request
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ExpectedPostData = new Dictionary <string, string>()
{
{ OAuth2Parameter.ClientId, TestConstants.ClientId },
{ OAuth2Parameter.Scope, expectedScopes.AsSingleString() }
},
ResponseMessage = isAdfs ? CreateAdfsDeviceCodeResponseSuccessMessage() : CreateDeviceCodeResponseSuccessMessage(),
ExpectedQueryParams = extraQueryParamsAndClaims
});
for (int i = 0; i < numAuthorizationPendingResults; i++)
{
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ExpectedUrl = isAdfs ? "https://fs.contoso.com/adfs/oauth2/token" : "https://login.microsoftonline.com/home/oauth2/v2.0/token",
ResponseMessage = MockHelpers.CreateFailureMessage(
HttpStatusCode.Forbidden,
"{\"error\":\"authorization_pending\"," +
"\"error_description\":\"AADSTS70016: Pending end-user authorization." +
"\\r\\nTrace ID: f6c2c73f-a21d-474e-a71f-d8b121a58205\\r\\nCorrelation ID: " +
"36fe3e82-442f-4418-b9f4-9f4b9295831d\\r\\nTimestamp: 2015-09-24 19:51:51Z\"," +
"\"error_codes\":[70016],\"timestamp\":\"2015-09-24 19:51:51Z\",\"trace_id\":" +
"\"f6c2c73f-a21d-474e-a71f-d8b121a58205\",\"correlation_id\":" +
"\"36fe3e82-442f-4418-b9f4-9f4b9295831d\"}")
});
}
if (numAuthorizationPendingResults > 0)
{
// Mock Handler for devicecode->token exchange request
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ExpectedPostData = new Dictionary <string, string>()
{
{ OAuth2Parameter.ClientId, TestConstants.ClientId },
{ OAuth2Parameter.Scope, expectedScopes.AsSingleString() }
},
ResponseMessage = isAdfs ? MockHelpers.CreateAdfsSuccessTokenResponseMessage() : MockHelpers.CreateSuccessTokenResponseMessage()
});
}
return(parameters);
}
public async Task ATS_AccountWithWamId_Async()
{
// Arrange
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
_webAccountProviderFactory.ClearReceivedCalls();
var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null);
var extraQP = new Dictionary <string, string>()
{
{ "extraQp1", "extraVal1" }, { "instance_aware", "true" }
};
var requestParams = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
extraQueryParameters: extraQP,
validateAuthority: true); // AAD
requestParams.UserConfiguredAuthority = Authority.CreateAuthority("https://login.microsoftonline.com/organizations");
requestParams.Account = new Account(
$"{TestConstants.Uid}.{TestConstants.Utid}",
TestConstants.DisplayableId,
null,
new Dictionary <string, string>()
{
{ TestConstants.ClientId, "wam_id_1" }
}); // account has wam_id!
var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected);
var webTokenRequest = new WebTokenRequest(wamAccountProvider);
var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
var webTokenResponse = new WebTokenResponse();
webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>()
{
webTokenResponse
});
_webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider));
_wamProxy.FindAccountAsync(Arg.Any <WebAccountProvider>(), "wam_id_1").Returns(Task.FromResult(webAccount));
_aadPlugin.CreateWebTokenRequestAsync(
wamAccountProvider,
requestParams,
isForceLoginPrompt: false,
isAccountInWam: true,
isInteractive: false)
.Returns(Task.FromResult(webTokenRequest));
var atsParams = new AcquireTokenSilentParameters();
_wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest).
Returns(Task.FromResult(webTokenResponseWrapper));
_aadPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse);
// Act
var result = await _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams).ConfigureAwait(false);
// Assert
Assert.AreSame(_msalTokenResponse, result);
Assert.AreEqual("yes", webTokenRequest.Properties["validateAuthority"]);
Assert.AreEqual("extraVal1", webTokenRequest.Properties["extraQp1"]);
// Although at the time of writing, MSAL does not support instance aware ...
// WAM does support it but the param is different - discovery=home
Assert.AreEqual("home", webTokenRequest.Properties["discover"]);
Assert.AreEqual("https://login.microsoftonline.com/organizations/", webTokenRequest.Properties["authority"]);
}
}
