public void TestOauthStolenAppId(ApplicationType appType)
{
InitApiHelpers(appType);
var defaultAppInfo = GetDefaultApplication(appType);
using (var appInfo = AuthenticationInfoProvider.Current.Manager.GetApplication(
new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "app_stolen")))
{
// Oauth
APITestFramework.Resources.PublicAPI.Authentication auth = oAuthAPI.GetCodeSuccess(appInfo.Key, "code_direct");
Assume.That(auth, Is.Not.Null, "Failed to parse the server's response");
if (appType == ApplicationType.SecondParty)
{
Assume.That(auth.Error, Is.EqualTo(Enums.PublicAPIAuthCode.Success.ToString()), auth.Message);
// Access Token
auth = tokenAPI.AccessTokenSuccess(appInfo.Key, "oauth_code", defaultAppInfo.Secret, auth.Code);
Assert.That(auth, Is.Not.Null, "Failed to parse the server's response");
Assert.That(auth.Error, Is.EqualTo(Enums.PublicAPIAuthCode.SecretInvalid.ToString()), auth.Message);
}
else
{
Assert.That(auth.Error, Is.EqualTo(Enums.PublicAPIAuthCode.ResponseTypeInvalid.ToString()), "Wrong error message for oauth call for 3rd party app.");
}
}
}
private string GetAccessToken(string tokenType, ApplicationType appType)
{
var appInfo = GetDefaultApplication(appType);
switch (tokenType)
{
case "random": return(Util.GetUniqueString(StolenToken.Length, false));
case "expired":
APITestFramework.Resources.PublicAPI.Authentication auth =
Authenticate(appInfo.Key, appInfo.Secret, appType);
Thread.Sleep(int.Parse(auth.AccessTokenExpiresIn));
return(auth.AccessToken);
case "overridden":
auth = Authenticate(appInfo.Key, appInfo.Secret, appType);
string result = auth.AccessToken;
auth = Authenticate(appInfo.Key, appInfo.Secret, appType);
return(result);
case "stolen": return(StolenToken);
case "empty": return(string.Empty);
}
return(null);
}
public void TestOauthInvalidAppId(string type, object errorCode, ApplicationType appType)
{
InitApiHelpers(appType);
Dictionary <string, object> oauthParams = new Dictionary <string, object>()
{
};
oauthParams.Add("response_type", "code_direct");
switch (type)
{
case "Invalid":
oauthParams.Add("app_id", "9d02c2aa122f971ee25bd9eb04880123");
break;
case "Sequential":
oauthParams.Add("app_id", Util.GetMd5Hash(Util.GetUniqueString(10, true)));
break;
default:
break;
}
Handler handler = oAuthAPI.Read(oauthParams);
Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");
APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message);
}
private APITestFramework.Resources.PublicAPI.Authentication Authenticate(string appId, string secret, ApplicationType apptype, List <string> scope = null)
{
APITestFramework.Resources.PublicAPI.Authentication auth = GetAndValidateOAuthCode(appId, apptype);
auth = tokenAPI.AccessTokenSuccess(appId, "oauth_code", secret, auth.Code);
Assume.That(auth, Is.Not.Null, "Getting an access token from TokenAPI is not successful!");
Assume.That(auth.Error, Is.EqualTo(Enums.PublicAPIResultCode.Success.ToString()), "Getting an access token from TokenAPI is not successful!");
Assume.That(auth.AccessToken, Is.Not.Null.And.Not.Empty, "Getting an access token from TokenAPI is not successful!");
return(auth);
}
public void TestInjection(string param, object errorCode, ApplicationType appType)
{
InitApiHelpers(appType);
using (var appInfo = AuthenticationInfoProvider.Current.Manager.GetApplication(
new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "full_scope")))
{
Dictionary <string, object> oauthParams = new Dictionary <string, object>()
{
};
switch (param)
{
case "AppId":
oauthParams.Add("app_id", "' or 1=1");
oauthParams.Add("response_type", "code_direct");
break;
case "redirect_url":
oauthParams.Add("app_id", appInfo.Key);
oauthParams.Add("redirect_url", "' or 1=1");
oauthParams.Add("scope", "client_r");
oauthParams.Add("response_type", "code");
//oauthParams.Add("state", "0");
break;
case "scope":
oauthParams.Add("app_id", appInfo.Key);
oauthParams.Add("scope", "' or 1=1");
oauthParams.Add("response_type", "code_direct");
break;
case "state":
oauthParams.Add("app_id", appInfo.Key);
oauthParams.Add("state", "' or 1=1");
oauthParams.Add("response_type", "code_direct");
break;
case "response_type":
oauthParams.Add("app_id", appInfo.Key);
oauthParams.Add("response_type", "' or 1=1");
break;
}
Handler handler = oAuthAPI.Read(oauthParams);
Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");
APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message);
}
}
public void TestOauthValidInput(string redirect_url, string scope, string state, string response_type, ApplicationType appType)
{
InitApiHelpers(appType);
var appInfo = GetDefaultApplication(appType);
Dictionary <string, object> oauthParams = new Dictionary <string, object>()
{
};
oauthParams.Add("app_id", appInfo.Key);
if (null != redirect_url)
{
oauthParams.Add("redirect_url", redirect_url);
}
if (null != scope)
{
oauthParams.Add("scope", scope);
}
if (null != state)
{
oauthParams.Add("state", state);
}
if (null != response_type)
{
oauthParams.Add("response_type", response_type);
}
Handler handler = oAuthAPI.Read(oauthParams);
Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");
APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
if (response_type == "code_direct" && appType == ApplicationType.ThirdParty)
{
Assert.That(int.Parse(result.Error), Is.EqualTo(Enums.PublicAPIAuthCode.ResponseTypeInvalid), "Wrong error code. Received message: '" + result.Message + "', while expected 'Invalid Response Type' ");
}
else
{
Assert.That(int.Parse(result.Error), Is.EqualTo(Enums.PublicAPIAuthCode.Success), result.Message);
}
}
private APITestFramework.Resources.PublicAPI.Authentication GetAndValidateOAuthCode(string appId, ApplicationType apptype, List <string> scope = null)
{
if (apptype == ApplicationType.SecondParty)
{
APITestFramework.Resources.PublicAPI.Authentication auth = oAuthAPI.GetCodeSuccess(appId, "code_direct", scopeList: scope);
Assume.That(auth, Is.Not.Null, "Getting code from OAuth is not successful!");
Assume.That(auth.Error, Is.EqualTo(Enums.PublicAPIResultCode.Success.ToString()), "Getting code from OAuth is not successful!");
Assume.That(auth.Code, Is.Not.Null.And.Not.Empty, "Getting code from OAuth is not successful!");
return(auth);
}
var subscriber = new ApplicationSubscriber();
Assert.That(subscriber.Subscribe(appId, ApplicationSubscriber.DefaultRedirectUrl, FullScope, AuthenticationInfoProvider.Current.DefaultCompanyName,
AuthenticationInfoProvider.Current.DefaultUserLogin,
AuthenticationInfoProvider.Current.DefaultUserPassword), Is.EqualTo(AuthResponseCode.Success));
return(new APITestFramework.Resources.PublicAPI.Authentication {
Code = subscriber.ResultOauthCode
});
}
public void TestUseRefreshTokenToAccessPublicApi(ApplicationType appType)
{
InitHelpers(appType);
var appInfo = GetDefaultApplication(appType);
APITestFramework.Resources.PublicAPI.Authentication auth =
Authenticate(appInfo.Key, appInfo.Secret, appType);
Dictionary <string, object> urlParams = new Dictionary <string, object>()
{
["partition"] = appInfo.Company.Partition,
};
Dictionary <string, string> newHeaders = new Dictionary <string, string>()
{
["Content-Type"] = PublicAPIConnection.HEADER_APP_XML,
[PublicAPIConnection.HEADER_OAUTH_TOKEN] = auth.RefreshToken
};
WriteClientFail(newHeaders, urlParams, Enums.PublicAPIResultCode.InvalidAccessToken);
}
public void TestWriteDataWithAccessTokenInUrl(ApplicationType appType)
{
InitHelpers(appType);
var appInfo = GetDefaultApplication(appType);
APITestFramework.Resources.PublicAPI.Authentication auth =
Authenticate(appInfo.Key, appInfo.Secret, appType);
Dictionary <string, object> urlParams = new Dictionary <string, object>()
{
["partition"] = appInfo.Company.Partition,
[PublicAPIConnection.HEADER_OAUTH_TOKEN] = auth.AccessToken
};
Dictionary <string, string> newHeaders = new Dictionary <string, string>()
{
{ "Content-Type", PublicAPIConnection.HEADER_APP_XML },
};
WriteClientFail(newHeaders, urlParams);
}
public void TestAuthorizedUserReadDataInvalidPartition(ApplicationType appType)
{
InitHelpers(appType);
var appInfo = GetDefaultApplication(appType);
APITestFramework.Resources.PublicAPI.Authentication auth =
Authenticate(appInfo.Key, appInfo.Secret, appType);
Dictionary <string, object> urlParams = new Dictionary <string, object>()
{
["partition"] = int.Parse(appInfo.Company.Partition) + 1,
["condition"] = "Client.P_Id=10001",
};
Dictionary <string, string> newHeaders = new Dictionary <string, string>()
{
{ "Content-Type", PublicAPIConnection.HEADER_APP_XML },
{ PublicAPIConnection.HEADER_OAUTH_TOKEN, auth.AccessToken }
};
ReadClientFail(newHeaders, urlParams);
}
public void TestOauthInvalidInput(string redirect_url, string scope, string state, string response_type, object errorCode, ApplicationType appType)
{
InitApiHelpers(appType);
var appInfo = GetDefaultApplication(appType);
Dictionary <string, object> oauthParams = new Dictionary <string, object>()
{
};
oauthParams.Add("app_id", appInfo.Key);
if (null != redirect_url)
{
oauthParams.Add("redirect_url", redirect_url);
}
if (null != scope)
{
oauthParams.Add("scope", scope);
}
if (null != state)
{
oauthParams.Add("state", state);
}
if (null != response_type)
{
oauthParams.Add("response_type", response_type);
}
Handler handler = oAuthAPI.Read(oauthParams);
Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");
APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message);
}
public void TestOauthWithoutScopeRegister(string scope, string type, object errorCode, ApplicationType appType)
{
InitApiHelpers(appType);
using (var appInfoRead = AuthenticationInfoProvider.Current.Manager.GetApplication(
new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "read_scope")))
{
using (var appInfoWrite = AuthenticationInfoProvider.Current.Manager.GetApplication(
new ApplicationSpecBuilder().ParameterEquals("type", appType.ToString()).ParameterContains("categories", "write_scope")))
{
Dictionary <string, object> oauthParams = new Dictionary <string, object>()
{
};
oauthParams.Add("response_type", "code_direct");
oauthParams.Add("scope", scope);
string appId = string.Empty;
switch (type)
{
case "read":
appId = appInfoWrite.Key;
break;
case "write":
appId = appInfoRead.Key;
break;
}
oauthParams.Add("app_id", appId);
Handler handler = oAuthAPI.Read(oauthParams);
Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");
APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
Assert.That(int.Parse(result.Error), Is.EqualTo(errorCode), result.Message);
}
}
}
public void TestOauthVerifyRedirectUrlValid(ApplicationType appType)
{
InitApiHelpers(appType);
var appInfo = GetDefaultApplication(appType);
Dictionary <string, object> oauthParams = new Dictionary <string, object>()
{
};
oauthParams.Add("app_id", appInfo.Key);
oauthParams.Add("response_type", "code_direct");
oauthParams.Add("redirect_url", "http://localhost/dummy");
oauthParams.Add("scope", DefaultReadPermissions);
Handler handler = oAuthAPI.Read(oauthParams);
Assert.That(handler.HttpCode, Is.EqualTo(System.Net.HttpStatusCode.OK), "The http code is invalid");
APITestFramework.Resources.PublicAPI.Authentication result = XmlHelper.ParseXMLString <APITestFramework.Resources.PublicAPI.Authentication>(handler.RawContent);
Assert.That(result, Is.Not.Null, "Failed to parse the server's response");
Assert.That(int.Parse(result.Error), Is.EqualTo(appType == ApplicationType.SecondParty ?
Enums.PublicAPIAuthCode.Success :
Enums.PublicAPIAuthCode.ResponseTypeInvalid), "Wrong error code. Error message: " + result.Message);
}
