public static AccessTokenResult ValidateToken(string token)
{
try
{
if (string.IsNullOrEmpty(token))
{
return(AccessTokenResult.NoToken());
}
var tokenParams = new TokenValidationParameters()
{
RequireSignedTokens = true,
ValidAudience = _jwtAudience,
ValidateAudience = true,
ValidIssuer = _jwtIssuer,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtIssuerSigningKey))
};
// Validate the token
var handler = new JwtSecurityTokenHandler();
var result = handler.ValidateToken(token, tokenParams, out var securityToken);
return(AccessTokenResult.Success(result));
}
catch (SecurityTokenExpiredException)
{
return(AccessTokenResult.Expired());
}
catch (Exception ex)
{
return(AccessTokenResult.Error(ex));
}
}
public void TestGoodRequest()
{
var principal = AccessTokenResult.Success(new System.Security.Claims.ClaimsPrincipal());
tokenProvider.Setup(t => t.ValidateToken(It.IsAny <HttpRequest>())).Returns(principal);
var userEntity = new UserRoleEntity()
{
UserId = "TEST",
RoleName = "TestRole",
};
var tableResult = new TableResult();
tableResult.Result = userEntity;
tableResult.HttpStatusCode = StatusCodes.Status201Created;
userRoleRepository.Setup(t => t.Add(It.IsAny <UserRoleEntity>())).Returns(Task.FromResult(tableResult));
var request = TestFactory.CreateHttpRequest("{\"userId\": \"TEST\",\"roleName\": \"TestRole\",}");
var response = (CreatedResult)_fixture.Run(request, testLogger);
Assert.AreEqual(StatusCodes.Status201Created, response.StatusCode);
var returnEntity = (UserRoleEntity)((TableResult)response.Value).Result;
Assert.AreEqual(userEntity.UserId, returnEntity.UserId);
Assert.AreEqual(userEntity.RoleName, returnEntity.RoleName);
}
public void TestGoodRequest()
{
var principal = AccessTokenResult.Success(new System.Security.Claims.ClaimsPrincipal());
tokenProvider.Setup(t => t.ValidateToken(It.IsAny <HttpRequest>())).Returns(principal);
var userRoleEntity = new UserRoleEntity()
{
UserId = "TEST",
RoleName = "TestRole",
PartitionKey = "TestRole",
RowKey = "TEST"
};
var ctor = typeof(TableQuerySegment <UserRoleEntity>)
.GetConstructors(BindingFlags.Instance | BindingFlags.NonPublic)
.FirstOrDefault(c => c.GetParameters().Count() == 1);
var mockQuerySegment = ctor.Invoke(new object[] { new List <UserRoleEntity>()
{
userRoleEntity
} }) as TableQuerySegment <UserRoleEntity>;
userRoleRepository.Setup(t => t.Get(It.IsAny <String>())).Returns(Task.FromResult(mockQuerySegment));
var request = TestFactory.CreateHttpRequest("{\"userId\": \"TEST\",\"roleName\": \"TestRole\",}");
var response = (OkObjectResult)_fixture.Run(request, userId, testLogger);
Assert.AreEqual(StatusCodes.Status200OK, response.StatusCode);
var returnEntityList = (TableQuerySegment <UserRoleEntity>)response.Value;
var returnEntity = returnEntityList.FirstOrDefault();
Assert.AreEqual(userRoleEntity.UserId, returnEntity.UserId);
Assert.AreEqual(userRoleEntity.RoleName, returnEntity.RoleName);
}
public void TestBadRequestWithAuthToken()
{
var principal = AccessTokenResult.Success(new System.Security.Claims.ClaimsPrincipal());
tokenProvider.Setup(t => t.ValidateToken(It.IsAny <HttpRequest>())).Returns(principal);
var request = TestFactory.CreateHttpRequest("");
var response = (BadRequestObjectResult)_fixture.Run(request, testLogger);
Assert.AreEqual(response.StatusCode, StatusCodes.Status400BadRequest);
}
public async Task <object> GetValueAsync()
{
try
{
// Get the token from the header
if (request.Headers.ContainsKey(AUTH_HEADER_NAME) &&
request.Headers[AUTH_HEADER_NAME].ToString().StartsWith(BEARER_PREFIX))
{
var accessToken = request.Headers["Authorization"].ToString().Substring(BEARER_PREFIX.Length);
// Debugging purposes only, set this to false for production
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
ConfigurationManager <OpenIdConnectConfiguration> configManager =
new ConfigurationManager <OpenIdConnectConfiguration>(
$"{authConfig.Value.Authority}/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration config = null;
config = await configManager.GetConfigurationAsync();
ISecurityTokenValidator tokenValidator = new JwtSecurityTokenHandler();
// Initialize the token validation parameters
TokenValidationParameters validationParameters = new TokenValidationParameters
{
// App Id URI and AppId of this service application are both valid audiences.
ValidAudiences = new[] { authConfig.Value.Audience, authConfig.Value.ClientID },
// Support Azure AD V1 and V2 endpoints.
ValidIssuers = authConfig.Value.ValidIssuers,
IssuerSigningKeys = config.SigningKeys
};
var claimsPrincipal = tokenValidator.ValidateToken(accessToken, validationParameters, out SecurityToken securityToken);
return(AccessTokenResult.Success(claimsPrincipal, securityToken));
}
else
{
return(AccessTokenResult.NoToken());
}
}
catch (SecurityTokenExpiredException)
{
return(AccessTokenResult.Expired());
}
catch (Exception ex)
{
return(AccessTokenResult.Error(ex));
}
}
public void TestGoodRequestButStorageConnectionError()
{
var principal = AccessTokenResult.Success(new System.Security.Claims.ClaimsPrincipal());
tokenProvider.Setup(t => t.ValidateToken(It.IsAny <HttpRequest>())).Returns(principal);
var exception = new NullReferenceException("");
userRepository.Setup(t => t.Add(It.IsAny <UserEntity>(), It.IsAny <String>())).Throws(exception);
var request = TestFactory.CreateHttpRequest("{\"id\": \"TEST\",\"name\": \"Test User\",\"family_name\": \"User\",\"given_name\": \"Test\",\"city\": \"\",\"country\": \"\",\"postalCode\": \"\",\"state\": \"\",\"streetAddress\": \"\",\"email\": \"[email protected]\",\"isNew\": false,}");
var response = (BadRequestObjectResult)_fixture.Run(request, testLogger);
Assert.AreEqual(StatusCodes.Status400BadRequest, response.StatusCode);
}
public void TestDuplicateRecordReturnsConflictStatus()
{
var principal = AccessTokenResult.Success(new System.Security.Claims.ClaimsPrincipal());
tokenProvider.Setup(t => t.ValidateToken(It.IsAny <HttpRequest>())).Returns(principal);
var exception = new StorageException("Conflict");
userRoleRepository.Setup(t => t.Add(It.IsAny <UserRoleEntity>())).Throws(exception);
var request = TestFactory.CreateHttpRequest("{\"userId\": \"TEST\",\"roleName\": \"TestRole\",}");
var response = (ConflictObjectResult)_fixture.Run(request, testLogger);
Assert.AreEqual(StatusCodes.Status409Conflict, response.StatusCode);
}
public void TestGoodRequestButStorageConnectionError()
{
var principal = AccessTokenResult.Success(new System.Security.Claims.ClaimsPrincipal());
tokenProvider.Setup(t => t.ValidateToken(It.IsAny <HttpRequest>())).Returns(principal);
var exception = new NullReferenceException("");
userRoleRepository.Setup(t => t.Get(It.IsAny <String>())).Throws(exception);
var request = TestFactory.CreateHttpRequest("{\"userId\": \"TEST\",\"roleName\": \"TestRole\",}");
var response = (BadRequestObjectResult)_fixture.Run(request, userId, testLogger);
Assert.AreEqual(StatusCodes.Status400BadRequest, response.StatusCode);
}
private AccessTokenResult ValidateToken(HttpRequest request)
{
try
{
var audience = FunctionConfigs.Audience;
var issuer = FunctionConfigs.Issuer;
var mySecurityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(FunctionConfigs.IssuerToken));
// Get the token from the header
if (request != null &&
request.Headers.ContainsKey(AUTH_HEADER_NAME) &&
request.Headers[AUTH_HEADER_NAME].ToString().StartsWith(BEARER_PREFIX))
{
var token = request.Headers[AUTH_HEADER_NAME].ToString().Substring(BEARER_PREFIX.Length);
// Create the parameters
var tokenParams = new TokenValidationParameters()
{
RequireSignedTokens = true,
ValidAudience = audience,
ValidateAudience = true,
ValidIssuer = issuer,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
IssuerSigningKey = mySecurityKey
};
// Validate the token
var handler = new JwtSecurityTokenHandler();
var result = handler.ValidateToken(token, tokenParams, out var securityToken);
return(AccessTokenResult.Success(result));
}
else
{
return(AccessTokenResult.NoToken());
}
}
catch (SecurityTokenExpiredException)
{
return(AccessTokenResult.Expired());
}
catch (Exception ex)
{
return(AccessTokenResult.Error(ex));
}
}
public void TestGoodRequest()
{
var principal = AccessTokenResult.Success(new System.Security.Claims.ClaimsPrincipal());
tokenProvider.Setup(t => t.ValidateToken(It.IsAny <HttpRequest>())).Returns(principal);
var userEntity = new UserEntity()
{
Id = "TEST",
Name = "Test User",
FamilyName = "User",
GivenName = "Test",
City = "",
Country = "",
PostalCode = "",
State = "",
StreetAddress = "",
Email = "*****@*****.**",
};
var tableResult = new TableResult();
tableResult.Result = userEntity;
tableResult.HttpStatusCode = StatusCodes.Status201Created;
userRepository.Setup(t => t.Add(It.IsAny <UserEntity>(), It.IsAny <String>())).Returns(Task.FromResult(tableResult));
var request = TestFactory.CreateHttpRequest("{\"id\": \"TEST\",\"name\": \"Test User\",\"family_name\": \"User\",\"given_name\": \"Test\",\"city\": \"\",\"country\": \"\",\"postalCode\": \"\",\"state\": \"\",\"streetAddress\": \"\",\"email\": \"[email protected]\",\"isNew\": false,}");
var response = (CreatedResult)_fixture.Run(request, testLogger);
Assert.AreEqual(StatusCodes.Status201Created, response.StatusCode);
var returnEntity = (UserEntity)((TableResult)response.Value).Result;
Assert.AreEqual(userEntity.Id, returnEntity.Id);
Assert.AreEqual(userEntity.Name, returnEntity.Name);
Assert.AreEqual(userEntity.FamilyName, returnEntity.FamilyName);
Assert.AreEqual(userEntity.GivenName, returnEntity.GivenName);
Assert.AreEqual(userEntity.City, returnEntity.City);
Assert.AreEqual(userEntity.Country, returnEntity.Country);
Assert.AreEqual(userEntity.PostalCode, returnEntity.PostalCode);
Assert.AreEqual(userEntity.State, returnEntity.State);
Assert.AreEqual(userEntity.StreetAddress, returnEntity.StreetAddress);
Assert.AreEqual(userEntity.Email, returnEntity.Email);
}
public async Task <object> GetValueAsync()
{
try
{
var accessTokenProvider = _request.HttpContext.RequestServices.GetRequiredService <IAccessTokenProvider>();
var result = await accessTokenProvider.ValidateToken(_request);
return(AccessTokenResult.Success(result.Principal));
}
catch (SecurityTokenExpiredException)
{
return(AccessTokenResult.Expired());
}
catch (Exception ex)
{
return(AccessTokenResult.Error(ex));
}
}
public AccessTokenResult ToAccessTokenResult()
{
return(AccessTokenResult.Success(new User(UserId, "test", "test", "1980", "qskdljMOIJOifqsdf", "*****@*****.**")));
}