public static Tuple <ServerWithAuthorizationCode, ResourceOwner> GetCredentialsFromAuthorizationRedirect(this IWebOperationContext context)
{
var code = context.IncomingRequest.UriTemplateMatch.QueryParameters.Get("code");
var state = context.IncomingRequest.UriTemplateMatch.QueryParameters.Get("state");
if (string.IsNullOrEmpty(code))
{
throw new InvalidAuthorizationRequestException("the query parameters 'code' is not set.");
}
if (string.IsNullOrEmpty(state))
{
throw new InvalidAuthorizationRequestException("the query parameters 'state' is not set.");
}
if (!state.Contains("_"))
{
throw new InvalidAuthorizationRequestException("the query parameters 'state' must be of type '<GUID of Server>_<GUID of ResourceOwner>'");
}
var states = state.Split('_');
var server = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(new Guid(states[0]));
var resourceOwner = ResourceOwners.GetResourceOwner(new Guid(states[1]));
var token = Tokens.GetToken(server, resourceOwner);
token.AuthorizationCode = code;
return(new Tuple <ServerWithAuthorizationCode, ResourceOwner>(server, resourceOwner));
}
public void DisposeAndLoad()
{
Tokens.CleanUpForTests();
var server1 = ServersWithAuthorizationCode.Add("testclient", "testsecret",
new Uri("http://example.com/uri1"),
new Uri("http://example.org/access"),
new Uri("http://example.com/uri2"));
var resourceOwner1 = ResourceOwners.Add("testuser");
Token token = Tokens.GetToken(server1, resourceOwner1);
token.Expires = DateTime.Now;
token.AccessToken = "token1";
token.AuthorizationCode = "token2";
token.RefreshToken = "token3";
Tokens.SaveToIsoStore();
Tokens.LoadFromIsoStore();
var tokenAfter = Tokens.GetToken(server1, resourceOwner1);
tokenAfter.Should().NotBeNull();
tokenAfter.Expires.ToString().Should().Be(token.Expires.ToString());
tokenAfter.AccessToken.Should().Be(token.AccessToken);
tokenAfter.AuthorizationCode.Should().Be(token.AuthorizationCode);
tokenAfter.RefreshToken.Should().Be(token.RefreshToken);
}
public void GetCredentialsFromAuthorizationRedirectTest()
{
var resourceOwner = ResourceOwners.Add("testusercredetials1");
var authorizationRequestUri = new Uri("http://example.com/TokenTest/AuthRequest");
var accessTokenRequestUri = new Uri("http://example.com/TokenTest/AuthAccess");
var redirectUri = new Uri("http://example.com/TokenTest/Redirect");
var server = ServersWithAuthorizationCode.Add("testclienid", "testsecret", authorizationRequestUri, accessTokenRequestUri, redirectUri);
Mock <IWebOperationContext> mockContext = new Mock <IWebOperationContext> {
DefaultValue = DefaultValue.Mock
};
var context = mockContext.Object;
context.IncomingRequest.UriTemplateMatch.RequestUri = new Uri("http://example.org/TokenTest/Redirect");
context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("code", "Splx10BeZQQYbYS6WxSbIA");
context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("state", server.Guid.ToString() + "_" + resourceOwner.Guid.ToString());
var tuple = context.GetCredentialsFromAuthorizationRedirect();
tuple.Item1.AuthorizationRequestUri.ToString().Should().Be(server.AuthorizationRequestUri.ToString());
tuple.Item1.RedirectionUri.ToString().Should().Be(server.RedirectionUri.ToString());
tuple.Item1.ClientId.Should().Be(server.ClientId);
tuple.Item2.Name.Should().Be(resourceOwner.Name);
tuple.Item2.Guid.Should().Be(resourceOwner.Guid);
var token = Tokens.GetToken(tuple.Item1, tuple.Item2);
token.AuthorizationCode.Should().Be("Splx10BeZQQYbYS6WxSbIA");
}
public void RedirectToAuthorizationTest()
{
var resourceOwner = ResourceOwners.Add("testauthredirect1");
var authorizationRequestUri = new Uri("http://example.com/TokenTest/AuthRequest");
var accessTokenRequestUri = new Uri("http://example.com/TokenTest/accessTokenRequestUri");
var redirectUri = new Uri("http://example.com/TokenTest/Redirect");
var server = ServersWithAuthorizationCode.Add("testauthredirectserver", "testsecret", authorizationRequestUri, accessTokenRequestUri, redirectUri, new List <string>()
{
"scope1", "scope2"
});
var mock = new Mock <IWebOperationContext>()
{
};
var context = mock.Object;
mock.SetupAllProperties();
context.RedirectToAuthorization(server, resourceOwner);
context.OutgoingResponse.StatusCode.Should().Be(HttpStatusCode.Redirect);
var expectedRedirectionUri = "http://example.com/TokenTest/AuthRequest?response_type=code&client_id=" +
server.ClientId +
"&state=" + server.Guid + "_" + resourceOwner.Guid +
"&scope=scope1+scope2" +
"&redirect_uri=http%3a%2f%2fexample.com%2fTokenTest%2fRedirect";
context.OutgoingResponse.Location.Should().Be(expectedRedirectionUri);
var token = Tokens.GetToken(server, resourceOwner);
token.RedirectUri.ToString().Should().Be(redirectUri.ToString());
}
public void GetAuthorizationCodeViaUserAgentAndRequestProtectedResource()
{
//TODO: webrequest mocken
// diesen dann mit "Pseudo"-Auth-Code ausstatten, die SetToken(server, incommingRequest) => resoruceOwner
// und die WebRequest.Authorize(server, resourceOwner) anschubsen
// dabei müssen die UserCredentials richtig gesetzt sein
var resourceOwnertmp = ResourceOwners.GetResourceOwner(_resourceOwnerName);
var servertmp = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(_clientId, _authorizationRequestUri, _accessTokenRequestUri, _redirectionUri);
var mockContext = new Mock <IWebOperationContext> {
DefaultValue = DefaultValue.Mock
};
mockContext.SetupAllProperties();
var context = mockContext.Object;
context.IncomingRequest.UriTemplateMatch.RequestUri = _redirectionUri;
context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("code", "Splx10BeZQQYbYS6WxSbIA");
context.IncomingRequest.UriTemplateMatch.QueryParameters.Add("state", servertmp.Guid.ToString() + "_" + resourceOwnertmp.Guid.ToString());
var tuple = context.GetCredentialsFromAuthorizationRedirect();
var server = tuple.Item1;
var resourceOwner = tuple.Item2;
server.Should().Be(servertmp);
resourceOwner.Should().Be(resourceOwner);
var webRequest = resourceOwner.GetSignedRequestFor(server, "http://example.com/ProtectedResource");;
//Test ob WebRequest richtig unterschrieben wurde
Assert.Fail("Test is not completed yet");
}
public void TokenFromXElement()
{
var element = new XElement("Token");
var server = ServersWithAuthorizationCode.Add("testclient1", "testsecret",
new Uri("http://example.com/uri1"),
new Uri("http://example.org/access"),
new Uri("http://example.com/uri2"));
var resourceOwner = ResourceOwners.Add("testuser1");
element.Add(new XElement("Server", server.Guid.ToString()));
element.Add(new XElement("ResourceOwner", resourceOwner.Name));
element.Add(new XElement("AuthorizationCode", "foobar4"));
element.Add(new XElement("AccessToken", "foobar1"));
element.Add(new XElement("RefreshToken", "foobar2"));
element.Add(new XElement("Expires", DateTime.Today.ToString()));
element.Add(new XElement("RedirectUri", "http://example.org/redirect"));
var token = Token.FromXElement(element);
token.Server.Should().NotBeNull();
token.ResourceOwner.Should().Be(resourceOwner);
token.AuthorizationCode.Should().Be("foobar4");
token.AccessToken.Should().Be("foobar1");
token.RefreshToken.Should().Be("foobar2");
token.RedirectUri.Should().Be("http://example.org/redirect");
}
public void CreateResourceOwner()
{
ResourceOwners.CleanUpForTests();
var resourceOwner = ResourceOwners.Add("user1");
Assert.IsNotNull(resourceOwner);
Assert.AreEqual("user1", resourceOwner.Name);
}
public void ConfigureServices(IServiceCollection services)
{
var isSqlServer = bool.Parse(Configuration["isSqlServer"]);
var isSqlLite = bool.Parse(Configuration["isSqlLite"]);
// Add the dependencies needed to enable CORS
services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()));
var connectionString = Configuration["Data:DefaultConnection:ConnectionString"];
// Configure the rate limitation
services.Configure <RateLimitationOptions>(opt =>
{
opt.IsEnabled = true;
opt.RateLimitationElements = new List <RateLimitationElement>
{
new RateLimitationElement
{
Name = "PostToken",
NumberOfRequests = 20,
SlidingTime = 2000
}
};
opt.MemoryCache = new MemoryCache(new MemoryCacheOptions());
});
var dataSourceType = DataSourceTypes.InMemory;
if (isSqlServer)
{
dataSourceType = DataSourceTypes.SqlServer;
}
else if (isSqlLite)
{
dataSourceType = DataSourceTypes.SqlLite;
}
// Configure Simple identity server
services.AddSimpleIdentityServer(new DataSourceOptions
{
DataSourceType = dataSourceType,
ConnectionString = connectionString,
Clients = Clients.Get(),
JsonWebKeys = JsonWebKeys.Get(),
ResourceOwners = ResourceOwners.Get(),
Scopes = Scopes.Get(),
Translations = Translations.Get()
}, _swaggerOptions);
services.AddLogging();
}
public void GetResourceOwner()
{
ResourceOwners.CleanUpForTests();
ResourceOwners.Add("user1");
ResourceOwners.Add("user2");
var resourceOwner = ResourceOwners.GetResourceOwner("user1");
resourceOwner.Name.Should().Be("user1");
ResourceOwners.GetResourceOwner(resourceOwner.Guid).Should().NotBeNull();
var resourceOwnerNull = ResourceOwners.GetResourceOwner("foo");
resourceOwnerNull.Should().BeNull();
ResourceOwners.GetResourceOwner(Guid.NewGuid()).Should().BeNull();
}
public void SetUp()
{
Tokens.CleanUpForTests();
ResourceOwners.CleanUpForTests();
ServersWithAuthorizationCode.CleanUpForTests();
var authorizationRequestUri = new Uri("http://example.org/GetAccessAndRefreshTokenTest/Authorization");
var accessTokenUri = new Uri("http://example.org/GetAccessAndRefreshTokenTest/Access");
var redirectionUri = new Uri("http://example.org/GetAccessAndRefreshTokenTest/redirectionUri");
_server = ServersWithAuthorizationCode.Add("123456789", "testsecret", authorizationRequestUri, accessTokenUri, redirectionUri);
_resourceOwner = ResourceOwners.Add("Test");
_token = Tokens.GetToken(_server, _resourceOwner);
_token.RedirectUri = _server.RedirectionUri;
_token.AuthorizationCode = "Aplx10BeZQQYbYS6WxSbIA";
}
public void AuthorizesMeToAccessTo()
{
var resourceOwner1 = ResourceOwners.Add("testusertoken1");
var resourceOwner2 = ResourceOwners.Add("testusertoken2");
var authorizationRequestUri = new Uri("http://example.com/TokenTest/AuthRequest");
var accessTokenRequestUri = new Uri("http://example.com/TokenTest/AccessRequest");
var redirectUri = new Uri("http://example.com/TokenTest/Redirect");
var server = ServersWithAuthorizationCode.Add("testclienid", "testsecret", authorizationRequestUri, accessTokenRequestUri, redirectUri);
var token = new Token(server, resourceOwner1);
token.AuthorizationCode = "foobar";
Tokens.AddToken(token);
resourceOwner1.AuthorizesMeToAccessTo(server).Should().BeTrue();
resourceOwner2.AuthorizesMeToAccessTo(server).Should().BeFalse();
}
public void DisposeAndLoad()
{
ResourceOwners.CleanUpForTests();
ResourceOwners.Add("user1");
ResourceOwners.Add("user2");
ResourceOwners.SaveToIsoStore();
ResourceOwners.LoadFromIsoStore();
var resourceOwner = ResourceOwners.GetResourceOwner("user1");
Assert.IsNotNull(resourceOwner);
Assert.AreEqual("user1", resourceOwner.Name);
var resourceOwnerNull = ResourceOwners.GetResourceOwner("foo");
Assert.IsNull(resourceOwnerNull);
}
public void SetUp()
{
_resourceOwnerName = "stoeren";
if (!ResourceOwners.ResourceOwnerExists(_resourceOwnerName))
{
ResourceOwners.Add(_resourceOwnerName);
}
_clientId = "268852326492238";
_clientSharedSecret = "124564561125648";
_authorizationRequestUri = new Uri("http://example.com/AuthorizationRequest");
_accessTokenRequestUri = new Uri("http://example.com/access");
_redirectionUri = new Uri("http://example.com/RedirectionUri");
if (!ServersWithAuthorizationCode.ServerWithAuthorizationCodeExists(_clientId, _authorizationRequestUri, _accessTokenRequestUri, _redirectionUri))
{
ServersWithAuthorizationCode.Add(_clientId, _clientSharedSecret, _authorizationRequestUri, _accessTokenRequestUri, _redirectionUri);
}
}
public void CreateServerAndUsersAndGetCorrectRedirectToAuthorizationRequest()
{
// Spec v2-22 4.1.1
var resourceOwner = ResourceOwners.GetResourceOwner(_resourceOwnerName);
var server = ServersWithAuthorizationCode.GetServerWithAuthorizationCode(_clientId, _authorizationRequestUri,
_accessTokenRequestUri,
_redirectionUri);
var mockContext = new Mock <IWebOperationContext> {
DefaultValue = DefaultValue.Mock
};
mockContext.SetupAllProperties();
resourceOwner.AuthorizesMeToAccessTo(server).Should().BeFalse();
var context = mockContext.Object;
context.RedirectToAuthorization(server, resourceOwner);
context.OutgoingResponse.StatusCode.Should().Be(HttpStatusCode.Redirect);
context.OutgoingResponse.Location.Should().NotBeNullOrEmpty();
}
public void GetSignedRequestTest()
{
var resourceOwner = ResourceOwners.Add("testusersignedRequest");
var server = ServersWithAuthorizationCode.Add("clientid",
"secret",
new Uri("http://example.org/auth"),
new Uri("http://example.org/access"),
new Uri("http://example.org/redirect"));
var token = new Token(server, resourceOwner);
Tokens.AddToken(token);
token.AuthorizationCode = "authcode";
token.AccessToken = "access123";
token.Expires = DateTime.Now.AddHours(1);
var location1 = "http://example.org/protectedresource1";
var location2 = "http://example.org/protectedresource2?foo=bar";
var webRequest1 = resourceOwner.GetSignedRequestFor(server, location1);
var webRequest2 = resourceOwner.GetSignedRequestFor(server, location2);
webRequest1.RequestUri.Should().Be(location1 + "?access_token=access123");
webRequest2.RequestUri.Should().Be(location2 + "&access_token=access123");
}
private void CmdResourceOwnerCreateClick(object sender, EventArgs e)
{
_resourceOwner = ResourceOwners.Add(txtResourceOwnerName.Text);
lblResourceOwnerGUID.Text = _resourceOwner.Guid.ToString();
}
public void SetUp()
{
ResourceOwners.CleanUpForTests();
ServersWithAuthorizationCode.CleanUpForTests();
Tokens.CleanUpForTests();
}
