public async Task TransformAsyncMapsAuth0RoleClaimToStandardRoleClaimTest()
{
var logger = _output.BuildLoggerFor <ClaimsTransformer>();
var identity = new ClaimsIdentity("Bearer", ClaimType.Subject, ClaimType.Role);
var principal = new ClaimsPrincipal(identity);
var account = Model.Create <Account>();
var expectedRole = Guid.NewGuid().ToString();
identity.AddClaim(new Claim(ClaimType.Subject, Guid.NewGuid().ToString()));
identity.AddClaim(new Claim(ClaimType.Auth0Roles, expectedRole));
var manager = Substitute.For <IAccountQuery>();
manager.GetAccount(Arg.Is <User>(x => x.Username == identity.Name), Arg.Any <CancellationToken>())
.Returns(account);
var target = new ClaimsTransformer(manager, logger);
await target.TransformAsync(principal).ConfigureAwait(false);
var expected = identity.GetClaimValue <string>(ClaimType.Role);
expected.Should().Be(expectedRole);
identity.Claims.Should().NotContain(x => x.Type == ClaimType.Auth0Roles);
}
/// <summary>
/// Handles all request comming into server
/// </summary>
/// <param name="request">request being sent to server</param>
/// <param name="cancellationToken">operation </param>
/// <returns>success</returns>
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
try
{
//get token from request
string token = new RequestTransformer().GetToken(request);
if (token == null)
{
return(base.SendAsync(request, cancellationToken));
}
// check if token is valid. returns principals
var incommingprincipal = new VerifyJWT().VerifyToken(token);
// Authenticates principals and gets user claims fromd db
ClaimsPrincipal AuthenticatedPrincipal = new ClaimsTransformer().Authenticate(incommingprincipal);
// create IPrincipal
IPrincipal principal = AuthenticatedPrincipal;
// run thread in principal
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
return(base.SendAsync(request, cancellationToken));
}
catch (Exception)
{
// send to unauthenticated
return(UnAuthenticated());
}
}
/// <summary>
/// Method to call the claims transformer to create the
///
/// @author: Rachel Dang
/// @updated: 04/28/18
/// </summary>
/// <param name="username"></param>
/// <param name="isFirstTimeUser"></param>
/// <returns></returns>
private ResponseDto <ClaimsIdentity> CreateClaimsIdentity(string username)
{
// Check if user is a first time user from the SSO
var isFirstTimeUser = CheckIfFirstTimeUser(username);
// If user is invalid and an error occurs, return dto with error
if (isFirstTimeUser.Error != null)
{
return(new ResponseDto <ClaimsIdentity>
{
Error = GeneralErrorMessages.GENERAL_ERROR
});
}
// Call the Claims Transformer manager to create the claims identity
var transformer = new ClaimsTransformer();
if (isFirstTimeUser.Data == true)
{
return(new ResponseDto <ClaimsIdentity>
{
Data = transformer.CreateSsoClaimsIdentity(username)
});
}
return(new ResponseDto <ClaimsIdentity>
{
Data = transformer.CreateAuthenticationClaimsIdentity(username)
});
}
// manual way of invoking claims transformation
protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
var transformer = new ClaimsTransformer();
var principal = transformer.Authenticate(string.Empty, ClaimsPrincipal.Current);
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
}
// claims transformation
protected void Application_PostAuthenticateRequest()
{
if (ClaimsPrincipal.Current.Identity.IsAuthenticated)
{
var principal = new ClaimsTransformer().Authenticate(string.Empty, ClaimsPrincipal.Current);
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
}
public async Task TransformAsyncSkipsProcessingWhenUserNotAuthenticatedTest()
{
var logger = _output.BuildLoggerFor <ClaimsTransformer>();
var identity = new ClaimsIdentity();
var principal = new ClaimsPrincipal(identity);
var manager = Substitute.For <IAccountQuery>();
var target = new ClaimsTransformer(manager, logger);
await target.TransformAsync(principal).ConfigureAwait(false);
await manager.DidNotReceive().GetAccount(Arg.Any <User>(), Arg.Any <CancellationToken>())
.ConfigureAwait(false);
}
public async Task TransformAsyncDoesNotAddProfileIdClaimWhenStoreReturnsNullAccountTest()
{
var logger = _output.BuildLoggerFor <ClaimsTransformer>();
var identity = new ClaimsIdentity("Bearer", ClaimType.Subject, ClaimType.Role);
var principal = new ClaimsPrincipal(identity);
identity.AddClaim(new Claim(ClaimType.Subject, Guid.NewGuid().ToString()));
var manager = Substitute.For <IAccountQuery>();
var target = new ClaimsTransformer(manager, logger);
await target.TransformAsync(principal).ConfigureAwait(false);
principal.HasClaim(x => x.Type == ClaimType.ProfileId).Should().BeFalse();
}
public async Task TransformAsyncAddsProfileIdClaimFromStoreToIdentityTest()
{
var logger = _output.BuildLoggerFor <ClaimsTransformer>();
var identity = new ClaimsIdentity("Bearer", ClaimType.Subject, ClaimType.Role);
var principal = new ClaimsPrincipal(identity);
var account = Model.Create <Account>();
identity.AddClaim(new Claim(ClaimType.Subject, Guid.NewGuid().ToString()));
var manager = Substitute.For <IAccountQuery>();
manager.GetAccount(Arg.Is <User>(x => x.Username == identity.Name), Arg.Any <CancellationToken>())
.Returns(account);
var target = new ClaimsTransformer(manager, logger);
await target.TransformAsync(principal).ConfigureAwait(false);
var expected = principal.Identity.As <ClaimsIdentity>().GetClaimValue <string>(ClaimType.ProfileId);
expected.Should().Be(account.Id.ToString());
}
public async Task TransformAsyncDoesNotAddProfileIdClaimWhenAlreadyPresentTest()
{
var logger = _output.BuildLoggerFor <ClaimsTransformer>();
var claims = new[]
{
new Claim(ClaimType.Subject, Guid.NewGuid().ToString()),
new Claim(ClaimTypes.Name, Guid.NewGuid().ToString()),
new Claim(ClaimType.ProfileId, Guid.NewGuid().ToString())
};
var identity = new ClaimsIdentity(claims, "Bearer", ClaimType.Subject, ClaimType.Role);
var principal = new ClaimsPrincipal(identity);
var manager = Substitute.For <IAccountQuery>();
var target = new ClaimsTransformer(manager, logger);
await target.TransformAsync(principal).ConfigureAwait(false);
var expected = principal.Identity.As <ClaimsIdentity>().Claims.Where(x => x.Type == ClaimType.ProfileId);
expected.Should().HaveCount(1);
await manager.DidNotReceive().GetAccount(Arg.Any <User>(), CancellationToken.None).ConfigureAwait(false);
}
public async Task TransformAsyncProvidesAdditionalClaimsToManagerWhenGettingAccountTest()
{
var email = Guid.NewGuid().ToString();
var firstName = Guid.NewGuid().ToString();
var lastName = Guid.NewGuid().ToString();
var logger = _output.BuildLoggerFor <ClaimsTransformer>();
var identity = new ClaimsIdentity("Bearer", ClaimType.Subject, ClaimType.Role);
identity.AddClaim(new Claim(ClaimType.Subject, Guid.NewGuid().ToString()));
identity.AddClaim(new Claim(ClaimType.Email, email));
identity.AddClaim(new Claim(ClaimType.GivenName, firstName));
identity.AddClaim(new Claim(ClaimType.Surname, lastName));
var principal = new ClaimsPrincipal(identity);
var account = Model.Create <Account>();
var manager = Substitute.For <IAccountQuery>();
manager.GetAccount(Arg.Is <User>(x => x.Username == identity.Name), Arg.Any <CancellationToken>())
.Returns(account);
var target = new ClaimsTransformer(manager, logger);
await target.TransformAsync(principal).ConfigureAwait(false);
await manager.Received(1).GetAccount(Arg.Any <User>(), CancellationToken.None).ConfigureAwait(false);
await manager.Received().GetAccount(Arg.Is <User>(x => x.Email == email), CancellationToken.None)
.ConfigureAwait(false);
await manager.Received().GetAccount(Arg.Is <User>(x => x.FirstName == firstName), CancellationToken.None)
.ConfigureAwait(false);
await manager.Received().GetAccount(Arg.Is <User>(x => x.LastName == lastName), CancellationToken.None)
.ConfigureAwait(false);
}
