public void EnsureGetDomainHintReturnsConsumersForNonTenant()
{
ClaimsPrincipal principal = ClaimsPrincipalFactory.FromTenantIdAndObjectId(TestConstants.MsaTenantId, TestConstants.ObjectId);
string domainHint = principal.GetDomainHint();
Assert.AreEqual <string>("consumers", domainHint);
}
public void Unprotecting_Ticket_With_Invalid_JWT_Throws_SecurityException()
{
// Arrange
var ticketFormat = TicketFormat();
var authProps = new AuthenticationProperties();
authProps.StoreTokens(new[]
{
new AuthenticationToken()
{
Name = "jwt", Value = "Evil Token"
}
});
var encryptedString = ticketFormat.Protect(
new AuthenticationTicket(
ClaimsPrincipalFactory.CreatePrincipal(new[]
{
new Claim(ClaimTypes.GivenName, "Blah")
}),
authProps,
"Cookies"));
// Act & assert
Assert.Null(ticketFormat.Unprotect(encryptedString));
}
public void FromTenantIdAndObjectId_NullParameters_ThrowsException()
{
var objectId = "objectId";
var tenantId = "tenantId";
Assert.Throws <ArgumentNullException>("value", () => ClaimsPrincipalFactory.FromTenantIdAndObjectId(tenantId, null));
Assert.Throws <ArgumentNullException>("value", () => ClaimsPrincipalFactory.FromTenantIdAndObjectId(null, objectId));
}
public void EnsureGetLoginHintIsNullWithSimpleClaimsPrincipal()
{
ClaimsPrincipal principal = ClaimsPrincipalFactory.FromTenantIdAndObjectId(TestConstants.TenantId, TestConstants.ObjectId);
string loginHint = principal.GetLoginHint();
Assert.IsNull(loginHint);
}
public void EnsureGetDisplayNameIsNullWithSimpleClaimsPrincipal()
{
ClaimsPrincipal principal = ClaimsPrincipalFactory.FromTenantIdAndObjectId(TestConstants.TenantId, TestConstants.ObjectId);
string displayName = principal.GetDisplayName();
Assert.IsNull(displayName);
}
public void EnsureGetTenantIdReturnsProperValue()
{
ClaimsPrincipal principal = ClaimsPrincipalFactory.FromTenantIdAndObjectId(TestConstants.TenantId, TestConstants.ObjectId);
string tenantId = principal.GetTenantId();
Assert.AreEqual <string>(TestConstants.TenantId, tenantId);
}
public void FromTenantIdAndObjectId_ValidParameters_ReturnsClaimsPrincipal()
{
var claimsIdentityResult = ClaimsPrincipalFactory.FromTenantIdAndObjectId(TestConstants.Utid, TestConstants.Uid).Identity as ClaimsIdentity;
Assert.NotNull(claimsIdentityResult);
Assert.Equal(2, claimsIdentityResult.Claims.Count());
Assert.Equal(TestConstants.Uid, claimsIdentityResult.FindFirst(ClaimConstants.UniqueObjectIdentifier)?.Value);
Assert.Equal(TestConstants.Utid, claimsIdentityResult.FindFirst(ClaimConstants.UniqueTenantIdentifier)?.Value);
}
public void FromTenantIdAndObjectId_ValidParameters_ReturnsClaimsPrincipal()
{
var claimsIdentityResult = ClaimsPrincipalFactory.FromTenantIdAndObjectId(_tenantId, _objectId).Identity as ClaimsIdentity;
Assert.NotNull(claimsIdentityResult);
Assert.Equal(2, claimsIdentityResult.Claims.Count());
Assert.Equal(_objectId, claimsIdentityResult.FindFirst(ClaimConstants.Oid)?.Value);
Assert.Equal(_tenantId, claimsIdentityResult.FindFirst(ClaimConstants.Tid)?.Value);
}
// Get information about the changed messages and send to browser via SignalR.
// A production application would typically queue a background job for reliability.
private async Task GetChangedMessagesAsync(IEnumerable <ChangeNotification> notifications)
{
List <NotificationViewModel> notificationsToDisplay = new List <NotificationViewModel>();
foreach (var notification in notifications)
{
SubscriptionStore subscription = subscriptionStore.GetSubscriptionInfo(notification.SubscriptionId.Value);
// Set the claims for ObjectIdentifier and TenantId, and
// use the above claims for the current HttpContext
if (!string.IsNullOrEmpty(subscription.UserId))
{
HttpContext.User = ClaimsPrincipalFactory.FromTenantIdAndObjectId(subscription.TenantId, subscription.UserId);
}
if (notification.Resource.Contains("/message", StringComparison.InvariantCultureIgnoreCase))
{
// Initialize the GraphServiceClient.
var graphClient = await GraphServiceClientFactory.GetAuthenticatedGraphClient(appSettings.Value.BaseUrlWithoutVersion, async() =>
{
return(await tokenAcquisition.GetAccessTokenForAppAsync($"{appSettings.Value.BaseUrlWithoutVersion}/.default"));
});
var request = new MessageRequest(graphServiceClient.BaseUrl + "/" + notification.Resource, string.IsNullOrEmpty(subscription.UserId) ? graphClient : graphServiceClient, null);
try
{
var responseValue = await request.GetAsync();
notificationsToDisplay.Add(new NotificationViewModel(new
{
From = responseValue?.From?.EmailAddress?.Address,
responseValue?.Subject,
SentDateTime = responseValue?.SentDateTime.HasValue ?? false ? responseValue?.SentDateTime.Value.ToString() : string.Empty,
To = responseValue?.ToRecipients?.Select(x => x.EmailAddress.Address)?.ToList(),
}));
}
catch (ServiceException se)
{
string errorMessage = se.Error.Message;
string requestId = se.Error.InnerError?.AdditionalData["request-id"]?.ToString();
string requestDate = se.Error.InnerError?.AdditionalData["date"]?.ToString();
logger.LogError($"RetrievingMessages: { errorMessage } Request ID: { requestId } Date: { requestDate }");
}
}
else
{
notificationsToDisplay.Add(new NotificationViewModel(notification.Resource));
}
}
if (notificationsToDisplay.Count > 0)
{
await notificationService.SendNotificationToClient(notificationHub, notificationsToDisplay);
}
}
public void ValidateFromTenantIdAndObjectIdHaveExpectedClaims()
{
ClaimsPrincipal principal = ClaimsPrincipalFactory.FromTenantIdAndObjectId(TestConstants.TenantId, TestConstants.ObjectId);
Assert.IsTrue(principal.HasClaim(x => x.Type == "tid"));
Assert.IsTrue(principal.HasClaim(x => x.Type == "oid"));
var tidClaim = principal.FindFirst("tid");
var oidClaim = principal.FindFirst("oid");
Assert.AreEqual <string>(TestConstants.TenantId, tidClaim.Value);
Assert.AreEqual <string>(TestConstants.ObjectId, oidClaim.Value);
}
public TokenWithClaimsPrincipal GenerateAccessTokenWithClaimsPrincipal(string userName,
IEnumerable <Claim> userClaims)
{
var userClaimList = userClaims.ToList();
var accessToken = this.GenerateAccessToken(userName, userClaimList);
return(new TokenWithClaimsPrincipal()
{
AccessToken = accessToken,
ClaimsPrincipal = ClaimsPrincipalFactory.CreatePrincipal(
MergeUserClaimsWithDefaultClaims(userName, userClaimList)),
AuthProperties = CreateAuthProperties(accessToken)
});
}
public void Unprotecting_Ticket_With_Empty_AuthProps_Throws_ArgumentNullException()
{
// Arrange
var ticketFormat = TicketFormat();
var encryptedString = ticketFormat.Protect(
new AuthenticationTicket(
ClaimsPrincipalFactory.CreatePrincipal(new[]
{
new Claim(ClaimTypes.GivenName, "Blah")
}),
new AuthenticationProperties(),
"Cookies"));
// Act & assert
Assert.Null(ticketFormat.Unprotect(encryptedString));
}
public async Task CreateUserAsync_should_transform_array_claims()
{
var accessorMock = new Mock <IAccessTokenProviderAccessor>();
var loggerMock = new Mock <ILogger <ClaimsPrincipalFactory> >();
var sut = new ClaimsPrincipalFactory(accessorMock.Object, loggerMock.Object);
var user = await sut.CreateUserAsync(new RemoteUserAccount
{
AdditionalProperties = new Dictionary <string, object>
{
["name"] = "name",
["role"] = "[\"role\"]"
}
}, new RemoteAuthenticationUserOptions
{
AuthenticationType = "oidc",
NameClaim = "name",
RoleClaim = "role"
}).ConfigureAwait(false);
Assert.Contains(user.Claims, c => c.Type == "role" && c.Value == "role");
}
public void FromTenantIdAndObjectId_NullParameters_ThrowsException()
{
Assert.Throws <ArgumentNullException>(TestConstants.Value, () => ClaimsPrincipalFactory.FromTenantIdAndObjectId(TestConstants.Utid, null));
Assert.Throws <ArgumentNullException>(TestConstants.Value, () => ClaimsPrincipalFactory.FromTenantIdAndObjectId(null, TestConstants.Uid));
}
