public void GetValidRequestContextFromCache_UnmappedOidcUser()
        {
            var entitiesToSave = new List <IEntity>();

            // Setup provider, provider user and user account
            var provider = new OidcIdentityProvider {
                Name = "ID Provider " + Guid.NewGuid()
            };

            entitiesToSave.Add(provider);

            var userAccount = new UserAccount {
                Name = "Test User " + Guid.NewGuid(), AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active
            };

            entitiesToSave.Add(userAccount);

            // Provider user has no associated user account
            var providerUser = new OidcIdentityProviderUser
            {
                Name = "Provider User" + Guid.NewGuid(),
                IdentityProviderForUser = provider.As <IdentityProvider>()
            };

            entitiesToSave.Add(providerUser);

            Entity.Save(entitiesToSave);

            var cache = new IdentityProviderContextCache();
            var requestContextData = cache.GetRequestContextData(RequestContext.TenantId, provider.Id, providerUser.Name, true);

            Assert.IsNull(requestContextData, "Context data should be null");
        }
Exemple #2
0
        private void CreateEntityModel(string idpUserName, bool active, out OidcIdentityProvider idProvider, out OidcIdentityProviderUser idProviderUser, out UserAccount userAccount)
        {
            var entitiesToSave = new List <IEntity>();

            // Setup provider, provider user and user account
            idProvider = new OidcIdentityProvider
            {
                Name = "ID Provider " + Guid.NewGuid(),
                IsProviderEnabled = true,
                OidcClientId      = "5E9762FD-8EB8-4626-AB5A-A52A05041DC0",
                OidcClientSecret  = "cZ7xNZiBvPB41Clw0i0FnR4LRqfHvj2H3tBt6c8l",
                OidcIdentityProviderConfigurationUrl = "https://rndev20adfs.sp.local/adfs/.well-known/openid-configuration",
                OidcUserIdentityClaim = "upn"
            };
            entitiesToSave.Add(idProvider);

            userAccount = new UserAccount {
                Name = "Test User " + Guid.NewGuid(), AccountStatus_Enum = active ? UserAccountStatusEnum_Enumeration.Active : UserAccountStatusEnum_Enumeration.Disabled
            };
            entitiesToSave.Add(userAccount);

            idProviderUser = new OidcIdentityProviderUser
            {
                AssociatedUserAccount = userAccount,
                Name = idpUserName,
                IdentityProviderForUser = idProvider.As <IdentityProvider>()
            };
            entitiesToSave.Add(idProviderUser);

            Entity.Save(entitiesToSave);
        }
        public void GetValidRequestContextFromCache_DisabledToActiveUserAccount()
        {
            var entitiesToSave = new List <IEntity>();

            // Setup provider, provider user and user account
            var provider = new OidcIdentityProvider {
                Name = "ID Provider " + Guid.NewGuid()
            };

            entitiesToSave.Add(provider);

            var userAccount = new UserAccount {
                Name = "Test User " + Guid.NewGuid(), AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Disabled
            };

            entitiesToSave.Add(userAccount);

            // Provider user has no associated user account
            var providerUser = new OidcIdentityProviderUser
            {
                AssociatedUserAccount = userAccount,
                Name = "Provider User" + Guid.NewGuid(),
                IdentityProviderForUser = provider.As <IdentityProvider>()
            };

            entitiesToSave.Add(providerUser);

            Entity.Save(entitiesToSave);

            var cache = new IdentityProviderContextCache();
            var requestContextData = cache.GetRequestContextData(RequestContext.TenantId, provider.Id, providerUser.Name, false);

            Assert.IsNotNull(requestContextData, "Context data should not be null");

            requestContextData = cache.GetRequestContextData(RequestContext.TenantId, provider.Id, providerUser.Name, true);

            Assert.IsNull(requestContextData, "Context data should be null");

            // Change the account to active
            userAccount.AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active;
            userAccount.Save();

            cache.CacheInvalidator.OnEntityChange(new IEntity[] { userAccount }, InvalidationCause.Save, null);

            requestContextData = cache.GetRequestContextData(RequestContext.TenantId, provider.Id, providerUser.Name, true);

            Assert.IsNotNull(requestContextData, "Context data should not be null");
        }
        public void GetValidRequestContextFromCache_OidcProviderInvalidateOnUserChange()
        {
            var entitiesToSave = new List <IEntity>();

            // Setup provider, provider user and user account
            var provider = new OidcIdentityProvider {
                Name = "ID Provider " + Guid.NewGuid()
            };

            entitiesToSave.Add(provider);

            var userAccount = new UserAccount {
                Name = "Test User " + Guid.NewGuid(), AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active
            };

            entitiesToSave.Add(userAccount);

            var providerUser = new OidcIdentityProviderUser
            {
                AssociatedUserAccount = userAccount,
                Name = "Provider User" + Guid.NewGuid(),
                IdentityProviderForUser = provider.As <IdentityProvider>()
            };

            entitiesToSave.Add(providerUser);

            Entity.Save(entitiesToSave);

            var cache = new IdentityProviderContextCache();
            var requestContextData = cache.GetRequestContextData(RequestContext.TenantId, provider.Id, providerUser.Name, true);

            Assert.IsNotNull(requestContextData, "Context data should not be null.");
            Assert.AreEqual(userAccount.Id, requestContextData.Identity.Id, "The context identity user id is invalid.");
            Assert.AreEqual(userAccount.Name, requestContextData.Identity.Name, "The context identity user name is invalid.");
            Assert.AreEqual(provider.Id, requestContextData.Identity.IdentityProviderId, "The context identity provider is invalid.");
            Assert.AreEqual(providerUser.Id, requestContextData.Identity.IdentityProviderUserId, "The context identity provider user id is invalid.");
            Assert.AreEqual(provider.IsOfType[0].Alias, requestContextData.Identity.IdentityProviderTypeAlias, "The context identity provider alias is invalid.");

            // This should invalidate the cache
            providerUser.AssociatedUserAccount = null;
            providerUser.Save();

            cache.CacheInvalidator.OnEntityChange(new IEntity[] { providerUser }, InvalidationCause.Save, null);

            requestContextData = cache.GetRequestContextData(RequestContext.TenantId, provider.Id, providerUser.Name, true);
            Assert.IsNull(requestContextData, "Context data should be null.");
        }
Exemple #5
0
        public void ProcessOidcAuthorizationResponse()
        {
            var context = RequestContext.GetContext();

            OidcIdentityProvider     idProvider     = null;
            OidcIdentityProviderUser idProviderUser = null;
            UserAccount userAccount = null;

            try
            {
                string tenantName = GetCurrentTenantName();
                CreateEntityModel("*****@*****.**", true, out idProvider, out idProviderUser, out userAccount);

                var code = Guid.NewGuid().ToString();

                // Mock config provider and http client

                var expectedTokenRequestMessage = new OpenIdConnectMessage
                {
                    GrantType    = "authorization_code",
                    Code         = code,
                    ClientSecret = Factory.SecuredData.Read((Guid)idProvider.OidcClientSecretSecureId),
                    ClientId     = idProvider.OidcClientId,
                    RedirectUri  = "https://test.com/spapi/data/v1/login/oidc/authresponse/" + tenantName
                };

                var validResponseMessage = new HttpResponseMessage {
                    Content = new StringContent(_openIdTokenResponse)
                };

                var mockRepo      = new MockRepository(MockBehavior.Strict);
                var configUrl     = idProvider.OidcIdentityProviderConfigurationUrl;
                var configManager = mockRepo.Create <IOpenIdConnectConfigurationManager>();
                configManager.Setup(w => w.GetIdentityProviderConfigurationAsync(configUrl)).Returns(Task.FromResult(_oidcConfig));
                var httpClient = mockRepo.Create <IHttpClient>();
                httpClient.Setup(w => w.PostAsync(new Uri(_oidcConfig.TokenEndpoint), It.Is <HttpContent>(c => ValidateTokenRequestMessage(expectedTokenRequestMessage, c))))
                .Returns(Task.FromResult(validResponseMessage));

                var oidcLoginHandler = new OpenIdConnectLoginHandler(configManager.Object, true);

                var idpLoginRequest = new IdentityProviderLoginRequest
                {
                    Tenant             = context.Tenant.Name,
                    IdentityProviderId = idProvider.Id,
                    RedirectUrl        = "https://test.com/login/callback"
                };
                var baseUri = new Uri("https://test.com");

                // Get code auth uri, get state
                var uri = Task.Run(() => oidcLoginHandler.GetAuthorizationCodeRequestUrl(idpLoginRequest, baseUri)).Result;

                var queryValues    = uri.ParseQueryString();
                var state          = queryValues["state"];
                var validatedState = oidcLoginHandler.ValidateAuthState(state);

                var result =
                    Task.Run(() => oidcLoginHandler.ProcessOidcAuthorizationResponse(tenantName, code, validatedState, baseUri, httpClient.Object)).Result;

                Assert.IsNotNull(result, "The authorization result is invalid.");
                Assert.IsNotNull(result.RequestContextData, "The authorization result context data is invalid.");
                Assert.IsNotNull(result.IdentityProviderUserName, "The authorization result user name is invalid.");

                Assert.AreEqual(RequestContext.TenantId, result.RequestContextData.Tenant.Id, "The tenant is invalid");
                Assert.AreEqual(userAccount.Id, result.RequestContextData.Identity.Id, "The user account is invalid");
                Assert.AreEqual(idProvider.Id, result.RequestContextData.Identity.IdentityProviderId, "The identity provider id is invalid");
                Assert.AreEqual(userAccount.Name, result.RequestContextData.Identity.Name, "The identity provider id is invalid");
                Assert.AreEqual(idProviderUser.Name, result.IdentityProviderUserName, "The identity provider id is invalid");

                mockRepo.VerifyAll();
            }
            finally
            {
                DeleteEntity(idProvider);
                DeleteEntity(idProviderUser);
                DeleteEntity(userAccount);
            }
        }