public async Task TenantChangedRequest()
{
MockTransportBuilder builder = new MockTransportBuilder
{
AccessTokenLifetime = TimeSpan.Zero,
};
MockTransport transport = builder.Build();
SecretClientOptions options = new SecretClientOptions
{
Transport = transport,
};
MockCredential credential = new MockCredential(transport);
SecretClient client = new SecretClient(VaultUri, credential, options);
KeyVaultSecret secret = await client.GetSecretAsync("test-secret").ConfigureAwait(false);
Assert.AreEqual("secret-value", secret.Value);
builder.TenantId = "de763a21-49f7-4b08-a8e1-52c8fbc103b4";
try
{
await client.GetSecretAsync("test-secret").ConfigureAwait(false);
Assert.Fail("Expected a 401 Unauthorized response");
}
catch (RequestFailedException ex) when(ex.Status == 401)
{
}
}
public void Setup()
{
expectedTenantId = null;
cred = new MockCredential
{
GetTokenCallback = (trc, _) =>
{
Assert.AreEqual(scopes, trc.Scopes);
Assert.AreEqual(expectedTenantId, trc.TenantId);
}
};
}
public async Task ContainerRegistryChallengeAuthenticationPolicy_CachesRefreshToken()
{
// Arrange
int refreshTokenRequests = 0;
int accessTokenRequests = 0;
string mockJwt = GetMockJwt(TimeSpan.FromHours(3));
// We expect the refresh token request method to be called only the first time.
MockAuthenticationClient mockClient = new MockAuthenticationClient(
service =>
{
refreshTokenRequests++;
return(new AcrRefreshToken(mockJwt));
},
(service, scope) =>
{
accessTokenRequests++;
return(new AcrAccessToken($"TestAcrAccessToken{accessTokenRequests}"));
});
MockCredential mockCredential = new MockCredential();
var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient);
// We'll send two GET requests - each will receive a challenge response
MockTransport transport = CreateMockTransport(
GetChallengeResponse(), new MockResponse(200),
GetChallengeResponse(), new MockResponse(200));
// Act
await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default);
MockRequest firstRequest = transport.Requests[0];
// Assert
string authHeaderValue;
Assert.IsTrue(firstRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue));
Assert.AreEqual("Bearer TestAcrAccessToken1", authHeaderValue);
Assert.AreEqual(1, refreshTokenRequests);
Assert.AreEqual(1, accessTokenRequests);
// Act
await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default);
MockRequest secondRequest = transport.Requests[2];
// Assert
Assert.IsTrue(secondRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue));
Assert.AreEqual("Bearer TestAcrAccessToken2", authHeaderValue);
Assert.AreEqual(1, refreshTokenRequests);
Assert.AreEqual(2, accessTokenRequests);
}
public async Task ContainerRegistryChallengeAuthenticationPolicy_RequestsTokenOnForceRefresh()
{
// Arrange
int refreshTokenRequests = 0;
int accessTokenRequests = 0;
MockAuthenticationClient mockClient = new MockAuthenticationClient(
service =>
{
refreshTokenRequests++;
return(new AcrRefreshToken(GetMockJwt(TimeSpan.FromHours(3))));
},
(service, scope) =>
{
accessTokenRequests++;
return(new AcrAccessToken($"TestAcrAccessToken{accessTokenRequests}"));
});
MockCredential mockCredential = new MockCredential();
var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient);
// Getting a different service name will invalidate the token and force a refresh.
MockTransport transport = CreateMockTransport(
GetChallengeResponse("example1"), new MockResponse(200),
GetChallengeResponse("example2"), new MockResponse(200));
// Act
await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default);
MockRequest firstRequest = transport.Requests[0];
// Assert
string authHeaderValue;
Assert.IsTrue(firstRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue));
Assert.AreEqual("Bearer TestAcrAccessToken1", authHeaderValue);
Assert.AreEqual(1, refreshTokenRequests);
Assert.AreEqual(1, accessTokenRequests);
// Act
await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default);
MockRequest secondRequest = transport.Requests[2];
// Assert
Assert.IsTrue(secondRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue));
Assert.AreEqual("Bearer TestAcrAccessToken2", authHeaderValue);
Assert.AreEqual(2, refreshTokenRequests);
Assert.AreEqual(2, accessTokenRequests);
}
public async Task ContainerRegistryChallengeAuthenticationPolicy_UsesTokenProvidedByAuthClient()
{
MockAuthenticationClient mockClient = GetMockAuthClient();
MockCredential mockCredential = new MockCredential();
var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient);
MockTransport transport = CreateMockTransport(GetChallengeResponse(), new MockResponse(200));
await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default);
MockRequest request = transport.Requests[0];
Assert.IsTrue(request.Headers.TryGetValue(HttpHeader.Names.Authorization, out string authHeaderValue));
Assert.AreEqual("Bearer TestAcrAccessToken", authHeaderValue);
}
public void Setup()
{
int callCount = 0;
_expectedTenantId = null;
_cred = new MockCredential
{
GetTokenCallback = (trc, _) =>
{
++callCount;
Assert.AreEqual(_scopes, trc.Scopes);
Assert.AreEqual(_expectedTenantId, trc.TenantId);
// Validate that the token cache is working.
Assert.That(callCount, Is.LessThanOrEqualTo(1));
}
};
}
public async Task UsesScopeFromBearerChallange()
{
// Arrange
bool firstRequest = true;
string initialMismatchedScope = "https://disk.compute.azure.com/.default";
string serviceChallengeResponseScope = "https://storage.azure.com";
string[] initialMismatchedScopes = new string[] { initialMismatchedScope };
string[] serviceChallengeResponseScopes = new string[] { serviceChallengeResponseScope + "/.default" };
int callCount = 0;
MockCredential mockCredential = new MockCredential()
{
GetTokenCallback = (trc, _) =>
{
Assert.IsTrue(callCount <= 1);
Assert.AreEqual(serviceChallengeResponseScopes, trc.Scopes);
callCount++;
}
};
StorageBearerTokenChallengeAuthorizationPolicy tokenChallengeAuthorizationPolicy = new StorageBearerTokenChallengeAuthorizationPolicy(mockCredential, initialMismatchedScopes, enableTenantDiscovery: true);
MockResponse challengeResponse = new MockResponse((int)HttpStatusCode.Unauthorized);
challengeResponse.AddHeader(
new HttpHeader(
HttpHeader.Names.WwwAuthenticate,
$"Bearer authorization_uri=https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize resource_id={serviceChallengeResponseScope}"));
MockTransport transport = CreateMockTransport(
_ =>
{
MockResponse response = firstRequest switch
{
true => challengeResponse,
false => new MockResponse(200)
};
firstRequest = false;
return(response);
});
// Act
await SendGetRequest(transport, tokenChallengeAuthorizationPolicy, uri : new Uri("https://example.com"));
await SendGetRequest(transport, tokenChallengeAuthorizationPolicy, uri : new Uri("https://example.com"));
}
public async Task GeneratesPhoneNumberClientUsingTokenCredential(string?locale)
{
TokenCredential tokenCredential;
if (Mode == RecordedTestMode.Playback)
{
tokenCredential = new MockCredential();
}
else
{
tokenCredential = new DefaultAzureCredential();
}
var client = CreateClientWithTokenCredential(tokenCredential);
// Smoke test to ensure that client generated from token is able to work as expected.
var numbersPagable = client.GetAllPhoneNumbersAsync();
var numbers = await numbersPagable.ToEnumerableAsync();
Assert.IsNotNull(numbers);
}
public async Task ChallengePolicySetsToken()
{
MockAuthenticationClient mockClient = new MockAuthenticationClient();
MockCredential mockCredential = new MockCredential();
var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient);
var challengeResponse = new MockResponse(401);
string challenge = "Bearer realm=\"https://example.azurecr.io/oauth2/token\",service=\"example.azurecr.io\",scope=\"repository:library/hello-world:metadata_read\",error=\"invalid_token\"";
challengeResponse.AddHeader(new HttpHeader(HttpHeader.Names.WwwAuthenticate, challenge));
MockTransport transport = CreateMockTransport(challengeResponse, new MockResponse(200));
await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default);
MockRequest request = transport.Requests[0];
Assert.IsTrue(request.Headers.TryGetValue(HttpHeader.Names.Authorization, out string authHeaderValue));
Assert.AreEqual("Bearer TestAcrAccessToken", authHeaderValue);
}
public async Task GeneratesIdentityUsingTokenCredentialWithScopes(params string[] scopes)
{
TokenCredential tokenCredential;
if (Mode == RecordedTestMode.Playback)
{
tokenCredential = new MockCredential();
}
else
{
tokenCredential = new DefaultAzureCredential();
}
CommunicationIdentityClient client = CreateInstrumentedCommunicationIdentityClientWithToken(tokenCredential);
Response <CommunicationUserIdentifier> userResponse = await client.CreateUserAsync();
Response <CommunicationUserToken> tokenResponse = await client.IssueTokenAsync(userResponse.Value, scopes : scopes.Select(x => new CommunicationTokenScope(x)));
Assert.IsNotNull(tokenResponse.Value);
Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.Token));
Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.User.Id));
}
public SmsClient CreateSmsClientWithToken()
{
Uri endpoint = TestEnvironment.LiveTestEndpoint;
TokenCredential tokenCredential;
if (Mode == RecordedTestMode.Playback)
{
tokenCredential = new MockCredential();
}
else
{
#region Snippet:Azure_Communication_Sms_Tests_Samples_CreateSmsClientWithToken
//@@ string endpoint = "<endpoint_url>";
//@@ TokenCredential tokenCredential = new DefaultAzureCredential();
/*@@*/ tokenCredential = new DefaultAzureCredential();
//@@ SmsClient client = new SmsClient(new Uri(endpoint), tokenCredential);
#endregion Snippet:Azure_Communication_Sms_Tests_Samples_CreateSmsClientWithToken
}
SmsClient client = new SmsClient(endpoint, tokenCredential, CreateSmsClientOptionsWithCorrelationVectorLogs());
return(InstrumentClient(client));
}
public async Task SendingSmsMessageUsingTokenCredential()
{
TokenCredential tokenCredential;
if (Mode == RecordedTestMode.Playback)
{
tokenCredential = new MockCredential();
}
else
{
tokenCredential = new DefaultAzureCredential();
}
SmsClient client = InstrumentClient(
new SmsClient(
new Uri(ConnectionString.Parse(TestEnvironment.ConnectionString, allowEmptyValues: true).GetRequired("endpoint")),
tokenCredential,
InstrumentClientOptions(new SmsClientOptions())));
try
{
SmsSendResult result = await client.SendAsync(
from : TestEnvironment.FromPhoneNumber,
to : TestEnvironment.ToPhoneNumber,
message : "Hi");
Console.WriteLine($"Sms id: {result.MessageId}");
Assert.IsFalse(string.IsNullOrWhiteSpace(result.MessageId));
Assert.AreEqual(202, result.HttpStatusCode);
Assert.IsTrue(result.Successful);
}
catch (RequestFailedException ex)
{
Console.WriteLine(ex.Message);
}
catch (Exception ex)
{
Assert.Fail($"Unexpected error: {ex}");
}
}
/// <summary>
/// Creates a <see cref="CallingServerClient" />.
/// </summary>
/// <returns>The instrumented <see cref="CallingServerClient"/>.</returns>
protected CallingServerClient CreateInstrumentedCallingServerClientWithToken()
{
Uri endpoint = TestEnvironment.LiveTestStaticEndpoint;
TokenCredential tokenCredential;
if (Mode == RecordedTestMode.Playback)
{
tokenCredential = new MockCredential();
}
else
{
tokenCredential = new DefaultAzureCredential();
#region Snippet:Azure_Communication_CallingServer_Tests_Samples_CreateCallingServerClientWithToken
//@@ var endpoint = new Uri("https://my-resource.communication.azure.com");
//@@ TokenCredential tokenCredential = new DefaultAzureCredential();
//@@ var client = new CallingServerClient(endpoint, tokenCredential);
#endregion Snippet:Azure_Communication_CallingServer_Tests_Samples_CreateCallingServerClientWithToken
}
CallingServerClient client = new CallingServerClient(endpoint, tokenCredential, CreateServerCallingClientOptionsWithCorrelationVectorLogs());
return(InstrumentClient(client));
}
public async Task SendingSmsMessageUsingTokenCredential()
{
TokenCredential tokenCredential;
if (Mode == RecordedTestMode.Playback)
{
tokenCredential = new MockCredential();
}
else
{
tokenCredential = new DefaultAzureCredential();
}
SmsClient client = InstrumentClient(
new SmsClient(
TestEnvironment.LiveTestEndpoint,
tokenCredential,
InstrumentClientOptions(new SmsClientOptions())));
try
{
SmsSendResult result = await client.SendAsync(
from : TestEnvironment.FromPhoneNumber,
to : TestEnvironment.ToPhoneNumber,
message : "Hi");
Console.WriteLine($"Sms id: {result.MessageId}");
assertHappyPath(result);
}
catch (RequestFailedException ex)
{
Console.WriteLine(ex.Message);
Assert.Fail($"Unexpected error: {ex}");
}
catch (Exception ex)
{
Assert.Fail($"Unexpected error: {ex}");
}
}
public async Task ContainerRegistryChallengeAuthenticationPolicy_RefreshesRefreshToken()
{
// Arrange
int refreshTokenRequests = 0;
int accessTokenRequests = 0;
TimeSpan refreshOffset = TimeSpan.FromSeconds(30);
TimeSpan expiryTime = TimeSpan.FromSeconds(35);
string mockJwt = GetMockJwt(expiryTime);
// We expect the refresh token request method to be called the first and third times.
MockAuthenticationClient mockClient = new MockAuthenticationClient(
service =>
{
refreshTokenRequests++;
return(new AcrRefreshToken(mockJwt));
},
(service, scope) =>
{
accessTokenRequests++;
return(new AcrAccessToken($"TestAcrAccessToken{accessTokenRequests}"));
});
MockCredential mockCredential = new MockCredential();
// Set expiration 5 seconds longer than refresh time. Result should be that it tries to refresh in 5 seconds.
var policy = new ContainerRegistryChallengeAuthenticationPolicy(mockCredential, "TestScope", mockClient, tokenRefreshOffset: refreshOffset);
// We'll send three GET requests - each will receive a challenge response
// In the last one, the token will need to be refreshed so a new request for it will be sent
MockTransport transport = CreateMockTransport(
GetChallengeResponse(), new MockResponse(200),
GetChallengeResponse(), new MockResponse(200),
GetChallengeResponse(), new MockResponse(200));
// Act
await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default);
MockRequest firstRequest = transport.Requests[0];
// Assert
string authHeaderValue;
Assert.IsTrue(firstRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue));
Assert.AreEqual("Bearer TestAcrAccessToken1", authHeaderValue);
Assert.AreEqual(1, refreshTokenRequests);
Assert.AreEqual(1, accessTokenRequests);
// Act
await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default);
MockRequest secondRequest = transport.Requests[2];
// Assert
Assert.IsTrue(secondRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue));
Assert.AreEqual("Bearer TestAcrAccessToken2", authHeaderValue);
Assert.AreEqual(1, refreshTokenRequests);
Assert.AreEqual(2, accessTokenRequests);
// Act
await Task.Delay(expiryTime - refreshOffset);
await SendGetRequest(transport, policy, uri : new Uri("https://example.azurecr.io/acr/v1/hello-world/_tags/latest"), cancellationToken : default);
MockRequest thirdRequest = transport.Requests[4];
// Wait for bg thread to complete its refresh request.
await Task.Delay(TimeSpan.FromSeconds(1));
// Assert
Assert.IsTrue(thirdRequest.Headers.TryGetValue(HttpHeader.Names.Authorization, out authHeaderValue));
Assert.AreEqual("Bearer TestAcrAccessToken3", authHeaderValue);
Assert.AreEqual(2, refreshTokenRequests);
Assert.AreEqual(3, accessTokenRequests);
}
