public void TestOauthStolenAppId(ApplicationType appType) { InitApiHelpers(appType); var defaultAppInfo = GetDefaultApplication(appType); using (var appInfo = AuthenticationInfoProvider.Current.Manager.GetApplication( new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "app_stolen"))) { // Oauth APITestFramework.Resources.PublicAPI.Authentication auth = oAuthAPI.GetCodeSuccess(appInfo.Key, "code_direct"); Assume.That(auth, Is.Not.Null, "Failed to parse the server's response"); if (appType == ApplicationType.SecondParty) { Assume.That(auth.Error, Is.EqualTo(Enums.PublicAPIAuthCode.Success.ToString()), auth.Message); // Access Token auth = tokenAPI.AccessTokenSuccess(appInfo.Key, "oauth_code", defaultAppInfo.Secret, auth.Code); Assert.That(auth, Is.Not.Null, "Failed to parse the server's response"); Assert.That(auth.Error, Is.EqualTo(Enums.PublicAPIAuthCode.SecretInvalid.ToString()), auth.Message); } else { Assert.That(auth.Error, Is.EqualTo(Enums.PublicAPIAuthCode.ResponseTypeInvalid.ToString()), "Wrong error message for oauth call for 3rd party app."); } } }
private string GetAccessToken(string tokenType, ApplicationType appType) { var appInfo = GetDefaultApplication(appType); switch (tokenType) { case "random": return(Util.GetUniqueString(StolenToken.Length, false)); case "expired": APITestFramework.Resources.PublicAPI.Authentication auth = Authenticate(appInfo.Key, appInfo.Secret, appType); Thread.Sleep(int.Parse(auth.AccessTokenExpiresIn)); return(auth.AccessToken); case "overridden": auth = Authenticate(appInfo.Key, appInfo.Secret, appType); string result = auth.AccessToken; auth = Authenticate(appInfo.Key, appInfo.Secret, appType); return(result); case "stolen": return(StolenToken); case "empty": return(string.Empty); } return(null); }
public void TestOauthInvalidAppId(string type, object errorCode, ApplicationType appType) { InitApiHelpers(appType); Dictionary <string, object> oauthParams = new Dictionary <string, object>() { }; oauthParams.Add("response_type", "code_direct"); switch (type) { case "Invalid": oauthParams.Add("app_id", "9d02c2aa122f971ee25bd9eb04880123"); break; case "Sequential": oauthParams.Add("app_id", Util.GetMd5Hash(Util.GetUniqueString(10, true))); break; default: break; } Handler handler = oAuthAPI.Read(oauthParams); Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid"); APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent); Assert.That(result, Is.Not.Null, "Failed to parse the server's response"); Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message); }
private APITestFramework.Resources.PublicAPI.Authentication Authenticate(string appId, string secret, ApplicationType apptype, List <string> scope = null) { APITestFramework.Resources.PublicAPI.Authentication auth = GetAndValidateOAuthCode(appId, apptype); auth = tokenAPI.AccessTokenSuccess(appId, "oauth_code", secret, auth.Code); Assume.That(auth, Is.Not.Null, "Getting an access token from TokenAPI is not successful!"); Assume.That(auth.Error, Is.EqualTo(Enums.PublicAPIResultCode.Success.ToString()), "Getting an access token from TokenAPI is not successful!"); Assume.That(auth.AccessToken, Is.Not.Null.And.Not.Empty, "Getting an access token from TokenAPI is not successful!"); return(auth); }
public void TestInjection(string param, object errorCode, ApplicationType appType) { InitApiHelpers(appType); using (var appInfo = AuthenticationInfoProvider.Current.Manager.GetApplication( new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "full_scope"))) { Dictionary <string, object> oauthParams = new Dictionary <string, object>() { }; switch (param) { case "AppId": oauthParams.Add("app_id", "' or 1=1"); oauthParams.Add("response_type", "code_direct"); break; case "redirect_url": oauthParams.Add("app_id", appInfo.Key); oauthParams.Add("redirect_url", "' or 1=1"); oauthParams.Add("scope", "client_r"); oauthParams.Add("response_type", "code"); //oauthParams.Add("state", "0"); break; case "scope": oauthParams.Add("app_id", appInfo.Key); oauthParams.Add("scope", "' or 1=1"); oauthParams.Add("response_type", "code_direct"); break; case "state": oauthParams.Add("app_id", appInfo.Key); oauthParams.Add("state", "' or 1=1"); oauthParams.Add("response_type", "code_direct"); break; case "response_type": oauthParams.Add("app_id", appInfo.Key); oauthParams.Add("response_type", "' or 1=1"); break; } Handler handler = oAuthAPI.Read(oauthParams); Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid"); APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent); Assert.That(result, Is.Not.Null, "Failed to parse the server's response"); Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message); } }
public void TestOauthValidInput(string redirect_url, string scope, string state, string response_type, ApplicationType appType) { InitApiHelpers(appType); var appInfo = GetDefaultApplication(appType); Dictionary <string, object> oauthParams = new Dictionary <string, object>() { }; oauthParams.Add("app_id", appInfo.Key); if (null != redirect_url) { oauthParams.Add("redirect_url", redirect_url); } if (null != scope) { oauthParams.Add("scope", scope); } if (null != state) { oauthParams.Add("state", state); } if (null != response_type) { oauthParams.Add("response_type", response_type); } Handler handler = oAuthAPI.Read(oauthParams); Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid"); APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent); Assert.That(result, Is.Not.Null, "Failed to parse the server's response"); if (response_type == "code_direct" && appType == ApplicationType.ThirdParty) { Assert.That(int.Parse(result.Error), Is.EqualTo(Enums.PublicAPIAuthCode.ResponseTypeInvalid), "Wrong error code. Received message: '" + result.Message + "', while expected 'Invalid Response Type' "); } else { Assert.That(int.Parse(result.Error), Is.EqualTo(Enums.PublicAPIAuthCode.Success), result.Message); } }
private APITestFramework.Resources.PublicAPI.Authentication GetAndValidateOAuthCode(string appId, ApplicationType apptype, List <string> scope = null) { if (apptype == ApplicationType.SecondParty) { APITestFramework.Resources.PublicAPI.Authentication auth = oAuthAPI.GetCodeSuccess(appId, "code_direct", scopeList: scope); Assume.That(auth, Is.Not.Null, "Getting code from OAuth is not successful!"); Assume.That(auth.Error, Is.EqualTo(Enums.PublicAPIResultCode.Success.ToString()), "Getting code from OAuth is not successful!"); Assume.That(auth.Code, Is.Not.Null.And.Not.Empty, "Getting code from OAuth is not successful!"); return(auth); } var subscriber = new ApplicationSubscriber(); Assert.That(subscriber.Subscribe(appId, ApplicationSubscriber.DefaultRedirectUrl, FullScope, AuthenticationInfoProvider.Current.DefaultCompanyName, AuthenticationInfoProvider.Current.DefaultUserLogin, AuthenticationInfoProvider.Current.DefaultUserPassword), Is.EqualTo(AuthResponseCode.Success)); return(new APITestFramework.Resources.PublicAPI.Authentication { Code = subscriber.ResultOauthCode }); }
public void TestUseRefreshTokenToAccessPublicApi(ApplicationType appType) { InitHelpers(appType); var appInfo = GetDefaultApplication(appType); APITestFramework.Resources.PublicAPI.Authentication auth = Authenticate(appInfo.Key, appInfo.Secret, appType); Dictionary <string, object> urlParams = new Dictionary <string, object>() { ["partition"] = appInfo.Company.Partition, }; Dictionary <string, string> newHeaders = new Dictionary <string, string>() { ["Content-Type"] = PublicAPIConnection.HEADER_APP_XML, [PublicAPIConnection.HEADER_OAUTH_TOKEN] = auth.RefreshToken }; WriteClientFail(newHeaders, urlParams, Enums.PublicAPIResultCode.InvalidAccessToken); }
public void TestWriteDataWithAccessTokenInUrl(ApplicationType appType) { InitHelpers(appType); var appInfo = GetDefaultApplication(appType); APITestFramework.Resources.PublicAPI.Authentication auth = Authenticate(appInfo.Key, appInfo.Secret, appType); Dictionary <string, object> urlParams = new Dictionary <string, object>() { ["partition"] = appInfo.Company.Partition, [PublicAPIConnection.HEADER_OAUTH_TOKEN] = auth.AccessToken }; Dictionary <string, string> newHeaders = new Dictionary <string, string>() { { "Content-Type", PublicAPIConnection.HEADER_APP_XML }, }; WriteClientFail(newHeaders, urlParams); }
public void TestAuthorizedUserReadDataInvalidPartition(ApplicationType appType) { InitHelpers(appType); var appInfo = GetDefaultApplication(appType); APITestFramework.Resources.PublicAPI.Authentication auth = Authenticate(appInfo.Key, appInfo.Secret, appType); Dictionary <string, object> urlParams = new Dictionary <string, object>() { ["partition"] = int.Parse(appInfo.Company.Partition) + 1, ["condition"] = "Client.P_Id=10001", }; Dictionary <string, string> newHeaders = new Dictionary <string, string>() { { "Content-Type", PublicAPIConnection.HEADER_APP_XML }, { PublicAPIConnection.HEADER_OAUTH_TOKEN, auth.AccessToken } }; ReadClientFail(newHeaders, urlParams); }
public void TestOauthInvalidInput(string redirect_url, string scope, string state, string response_type, object errorCode, ApplicationType appType) { InitApiHelpers(appType); var appInfo = GetDefaultApplication(appType); Dictionary <string, object> oauthParams = new Dictionary <string, object>() { }; oauthParams.Add("app_id", appInfo.Key); if (null != redirect_url) { oauthParams.Add("redirect_url", redirect_url); } if (null != scope) { oauthParams.Add("scope", scope); } if (null != state) { oauthParams.Add("state", state); } if (null != response_type) { oauthParams.Add("response_type", response_type); } Handler handler = oAuthAPI.Read(oauthParams); Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid"); APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent); Assert.That(result, Is.Not.Null, "Failed to parse the server's response"); Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message); }
public void TestOauthWithoutScopeRegister(string scope, string type, object errorCode, ApplicationType appType) { InitApiHelpers(appType); using (var appInfoRead = AuthenticationInfoProvider.Current.Manager.GetApplication( new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "read_scope"))) { using (var appInfoWrite = AuthenticationInfoProvider.Current.Manager.GetApplication( new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "write_scope"))) { Dictionary <string, object> oauthParams = new Dictionary <string, object>() { }; oauthParams.Add("response_type", "code_direct"); oauthParams.Add("scope", scope); string appId = string.Empty; switch (type) { case "read": appId = appInfoWrite.Key; break; case "write": appId = appInfoRead.Key; break; } oauthParams.Add("app_id", appId); Handler handler = oAuthAPI.Read(oauthParams); Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid"); APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent); Assert.That(result, Is.Not.Null, "Failed to parse the server's response"); Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message); } } }
public void TestOauthVerifyRedirectUrlValid(ApplicationType appType) { InitApiHelpers(appType); var appInfo = GetDefaultApplication(appType); Dictionary <string, object> oauthParams = new Dictionary <string, object>() { }; oauthParams.Add("app_id", appInfo.Key); oauthParams.Add("response_type", "code_direct"); oauthParams.Add("redirect_url", "http://localhost/dummy"); oauthParams.Add("scope", DefaultReadPermissions); Handler handler = oAuthAPI.Read(oauthParams); Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid"); APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent); Assert.That(result, Is.Not.Null, "Failed to parse the server's response"); Assert.That(int.Parse(result.Error), Is.EqualTo(appType == ApplicationType.SecondParty ? Enums.PublicAPIAuthCode.Success : Enums.PublicAPIAuthCode.ResponseTypeInvalid), "Wrong error code. Error message: " + result.Message); }