protected void ProviderEndpoint1_AuthenticationChallenge(object sender, DotNetOpenId.Provider.AuthenticationChallengeEventArgs e) { if (!e.Request.IsReturnUrlDiscoverable) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, "return_to could not be verified using RP discovery realm {0}.", e.Request.Realm)); } TestSupport.Scenarios scenario = (TestSupport.Scenarios)Enum.Parse(typeof(TestSupport.Scenarios), new Uri(e.Request.LocalIdentifier).AbsolutePath.TrimStart('/')); switch (scenario) { case TestSupport.Scenarios.AutoApproval: e.Request.IsAuthenticated = true; break; case TestSupport.Scenarios.ApproveOnSetup: e.Request.IsAuthenticated = !e.Request.Immediate; break; default: // All other scenarios are done programmatically only. throw new InvalidOperationException("Unrecognized scenario"); } e.Request.Response.Send(); }
void parameterizedTest(TestSupport.Scenarios scenario, ProtocolVersion version, AuthenticationRequestMode requestMode, AuthenticationStatus expectedResult) { Identifier claimedId = TestSupport.GetMockIdentifier(scenario, version); parameterizedProgrammaticTest(scenario, version, claimedId, requestMode, expectedResult, true); parameterizedProgrammaticTest(scenario, version, claimedId, requestMode, expectedResult, false); }
void parameterizedOPIdentifierTest(TestSupport.Scenarios scenario, AuthenticationRequestMode requestMode, AuthenticationStatus expectedResult) { ProtocolVersion version = ProtocolVersion.V20; // only this version supports directed identity UriIdentifier claimedIdentifier = TestSupport.GetDirectedIdentityUrl(TestSupport.Scenarios.ApproveOnSetup, version); Identifier opIdentifier = TestSupport.GetMockOPIdentifier(TestSupport.Scenarios.ApproveOnSetup, claimedIdentifier); parameterizedProgrammaticOPIdentifierTest(opIdentifier, version, claimedIdentifier, requestMode, expectedResult, true); parameterizedProgrammaticOPIdentifierTest(opIdentifier, version, claimedIdentifier, requestMode, expectedResult, false); }
public void BasicUnsolicitedAssertion() { Mocks.MockHttpRequest.RegisterMockRPDiscovery(); TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval; Identifier claimedId = TestSupport.GetMockIdentifier(scenario, ProtocolVersion.V20); Identifier localId = TestSupport.GetDelegateUrl(scenario); OpenIdProvider op = TestSupport.CreateProvider(null); IResponse assertion = op.PrepareUnsolicitedAssertion(TestSupport.Realm, claimedId, localId); var rpResponse = TestSupport.CreateRelyingPartyResponse(TestSupport.RelyingPartyStore, assertion); Assert.AreEqual(AuthenticationStatus.Authenticated, rpResponse.Status); Assert.AreEqual(claimedId, rpResponse.ClaimedIdentifier); }
void parameterizedProgrammaticTest(TestSupport.Scenarios scenario, ProtocolVersion version, Identifier claimedUrl, AuthenticationRequestMode requestMode, AuthenticationStatus expectedResult, bool provideStore) { var request = TestSupport.CreateRelyingPartyRequest(!provideStore, scenario, version); request.Mode = requestMode; var rpResponse = TestSupport.CreateRelyingPartyResponseThroughProvider(request, opReq => opReq.IsAuthenticated = expectedResult == AuthenticationStatus.Authenticated); Assert.AreEqual(expectedResult, rpResponse.Status); Assert.AreEqual(claimedUrl, rpResponse.ClaimedIdentifier); }
static ServiceEndpoint getServiceEndpoint(TestSupport.Scenarios scenario, ProtocolVersion version) { Protocol protocol = Protocol.Lookup(version); ServiceEndpoint ep = ServiceEndpoint.CreateForClaimedIdentifier( TestSupport.GetIdentityUrl(scenario, version), TestSupport.GetDelegateUrl(scenario), TestSupport.GetFullUrl(TestSupport.ProviderPage), new[] { protocol.ClaimedIdentifierServiceTypeURI }, 10, 10 ); return(ep); }
protected void Page_Load(object sender, EventArgs e) { TestSupport.Scenarios scenario = (TestSupport.Scenarios)Enum.Parse(typeof(TestSupport.Scenarios), Request.QueryString["user"]); UriBuilder providerEndpoint = new UriBuilder(Request.Url); providerEndpoint.Query = "user="******"GET" ? Request.QueryString : Request.Form); if (provider.Request != null) { if (!provider.Request.IsResponseReady) { var idreq = provider.Request as IAuthenticationRequest; idreq.ClaimedIdentifier = new Uri(Request.Url, Page.ResolveUrl("~/DirectedIdentityEndpoint.aspx?user="******"&version=" + ProtocolVersion.V20)); switch (scenario) { case TestSupport.Scenarios.AutoApproval: // immediately approve idreq.IsAuthenticated = true; break; case TestSupport.Scenarios.AutoApprovalAddFragment: idreq.SetClaimedIdentifierFragment("frag"); idreq.IsAuthenticated = true; break; case TestSupport.Scenarios.ApproveOnSetup: idreq.IsAuthenticated = !idreq.Immediate; break; case TestSupport.Scenarios.AlwaysDeny: idreq.IsAuthenticated = false; break; case TestSupport.Scenarios.ExtensionFullCooperation: case TestSupport.Scenarios.ExtensionPartialCooperation: throw new NotImplementedException(); //idreq.IsAuthenticated = true; //break; default: throw new InvalidOperationException("Unrecognized scenario"); } } provider.Request.Response.Send(); } }
public void UnsolicitedAssertionWithBadCapitalization() { Mocks.MockHttpRequest.RegisterMockRPDiscovery(); TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval; Identifier claimedId = TestSupport.GetMockIdentifier(scenario, ProtocolVersion.V20); claimedId = claimedId.ToString().ToUpper(); // make all caps, which is not right Identifier localId = TestSupport.GetDelegateUrl(scenario); OpenIdProvider op = TestSupport.CreateProvider(null); IResponse assertion = op.PrepareUnsolicitedAssertion(TestSupport.Realm, claimedId, localId); var rpResponse = TestSupport.CreateRelyingPartyResponse(TestSupport.RelyingPartyStore, assertion); Assert.AreEqual(AuthenticationStatus.Failed, rpResponse.Status); }
void parameterizedIdentityEndpointPage(ProtocolVersion version) { Protocol protocol = Protocol.Lookup(version); TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval; Identifier identityUrl = TestSupport.GetIdentityUrl(scenario, version); string html = UITestSupport.Host.ProcessRequest(identityUrl); TestSupport.Logger.InfoFormat("{0} response:{1}{2}", identityUrl, Environment.NewLine, html); Assert.IsTrue(Regex.IsMatch(html, string.Format(CultureInfo.InvariantCulture, @"\<link rel=""{1}"" href=""http://[^/]+/{0}""\>\</link\>", Regex.Escape(TestSupport.ProviderPage), Regex.Escape(protocol.HtmlDiscoveryProviderKey)))); Assert.IsTrue(Regex.IsMatch(html, string.Format(CultureInfo.InvariantCulture, @"\<link rel=""{1}"" href=""http://[^/]+{0}""\>\</link\>", Regex.Escape(new Uri(TestSupport.GetDelegateUrl(scenario).ToString()).AbsolutePath), Regex.Escape(protocol.HtmlDiscoveryLocalIdKey)))); }
protected T ParameterizedTest <T>(TestSupport.Scenarios scenario, ProtocolVersion version, IExtensionRequest extension) where T : IExtensionResponse, new() { var rpRequest = TestSupport.CreateRelyingPartyRequest(false, scenario, version); if (extension != null) { rpRequest.AddExtension(extension); } var response = TestSupport.CreateRelyingPartyResponseThroughProvider(rpRequest, request => { TestSupport.SetAuthenticationFromScenario(scenario, request); ExtensionsResponder(request); }); Assert.AreEqual(AuthenticationStatus.Authenticated, response.Status); return(response.GetExtension <T>()); }
public void UnsolicitedAssertionWithRequireSslWithoutSecureIdentityUrl() { MockHttpRequest.Reset(); Mocks.MockHttpRequest.RegisterMockRPDiscovery(); TestSupport.Scenarios scenario = TestSupport.Scenarios.AutoApproval; Identifier claimedId = TestSupport.GetMockIdentifier(scenario, ProtocolVersion.V20); Identifier localId = TestSupport.GetDelegateUrl(scenario); OpenIdProvider op = TestSupport.CreateProvider(null); IResponse assertion = op.PrepareUnsolicitedAssertion(TestSupport.Realm, claimedId, localId); var opAuthWebResponse = (Response)assertion; var opAuthResponse = (DotNetOpenId.Provider.EncodableResponse)opAuthWebResponse.EncodableMessage; var rp = TestSupport.CreateRelyingParty(TestSupport.RelyingPartyStore, opAuthResponse.RedirectUrl, opAuthResponse.EncodedFields.ToNameValueCollection()); rp.Settings.RequireSsl = true; Assert.AreEqual(AuthenticationStatus.Failed, rp.Response.Status); Assert.IsNull(rp.Response.ClaimedIdentifier); }
private void ExtensionsResponder(OPRequest request) { var sregRequest = request.GetExtension <ClaimsRequest>(); var sregResponse = sregRequest != null?sregRequest.CreateResponse() : null; var aeFetchRequest = request.GetExtension <FetchRequest>(); var aeFetchResponse = new FetchResponse(); var aeStoreRequest = request.GetExtension <StoreRequest>(); var aeStoreResponse = new StoreResponse(); var papeRequest = request.GetExtension <PolicyRequest>(); var papeResponse = new PolicyResponse(); TestSupport.Scenarios scenario = (TestSupport.Scenarios)Enum.Parse(typeof(TestSupport.Scenarios), new Uri(request.LocalIdentifier).AbsolutePath.TrimStart('/')); switch (scenario) { case TestSupport.Scenarios.ExtensionFullCooperation: if (sregRequest != null) { if (sregRequest.FullName != SregDemandLevel.NoRequest) { sregResponse.FullName = "Andrew Arnott"; } if (sregRequest.Email != SregDemandLevel.NoRequest) { sregResponse.Email = "*****@*****.**"; } } if (aeFetchRequest != null) { var att = aeFetchRequest.GetAttribute(nicknameTypeUri); if (att != null) { aeFetchResponse.AddAttribute(att.Respond("Andrew")); } att = aeFetchRequest.GetAttribute(emailTypeUri); if (att != null) { string[] emails = new[] { "*****@*****.**", "*****@*****.**" }; string[] subset = new string[Math.Min(emails.Length, att.Count)]; Array.Copy(emails, subset, subset.Length); aeFetchResponse.AddAttribute(att.Respond(subset)); } foreach (var att2 in aeFetchRequest.Attributes) { if (storedAttributes.ContainsKey(att2.TypeUri)) { aeFetchResponse.AddAttribute(storedAttributes[att2.TypeUri]); } } } if (papeRequest != null) { if (papeRequest.MaximumAuthenticationAge.HasValue) { papeResponse.AuthenticationTimeUtc = DateTime.UtcNow - (papeRequest.MaximumAuthenticationAge.Value - TimeSpan.FromSeconds(30)); } if (papeRequest.PreferredAuthLevelTypes.Contains(PapeConstants.AuthenticationLevels.NistTypeUri)) { papeResponse.NistAssuranceLevel = NistAssuranceLevel.Level1; } } break; case TestSupport.Scenarios.ExtensionPartialCooperation: if (sregRequest != null) { if (sregRequest.FullName == SregDemandLevel.Require) { sregResponse.FullName = "Andrew Arnott"; } if (sregRequest.Email == SregDemandLevel.Require) { sregResponse.Email = "*****@*****.**"; } } if (aeFetchRequest != null) { var att = aeFetchRequest.GetAttribute(nicknameTypeUri); if (att != null && att.IsRequired) { aeFetchResponse.AddAttribute(att.Respond("Andrew")); } att = aeFetchRequest.GetAttribute(emailTypeUri); if (att != null && att.IsRequired) { string[] emails = new[] { "*****@*****.**", "*****@*****.**" }; string[] subset = new string[Math.Min(emails.Length, att.Count)]; Array.Copy(emails, subset, subset.Length); aeFetchResponse.AddAttribute(att.Respond(subset)); } foreach (var att2 in aeFetchRequest.Attributes) { if (att2.IsRequired && storedAttributes.ContainsKey(att2.TypeUri)) { aeFetchResponse.AddAttribute(storedAttributes[att2.TypeUri]); } } } break; } if (aeStoreRequest != null) { foreach (var att in aeStoreRequest.Attributes) { storedAttributes[att.TypeUri] = att; } aeStoreResponse.Succeeded = true; } if (sregRequest != null) { request.AddResponseExtension(sregResponse); } if (aeFetchRequest != null) { request.AddResponseExtension(aeFetchResponse); } if (aeStoreRequest != null) { request.AddResponseExtension(aeStoreResponse); } if (papeRequest != null) { request.AddResponseExtension(papeResponse); } }