public async Task FederatedUsernameNullPasswordTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); // Mex does not return integrated auth endpoint (.../13/windowstransport) httpManager.AddMockHandlerContentNotFound(HttpMethod.Post, "https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport"); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .BuildConcrete(); SecureString str = null; // Call acquire token MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, str).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check inner exception Assert.AreEqual(MsalError.ParsingWsTrustResponseFailed, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public async Task ManagedUsernameNoPasswordAcquireTokenTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseforManagedAccounts(httpManager); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .WithHttpManager(httpManager) .BuildConcrete(); SecureString str = null; // Call acquire token MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, str).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check error code Assert.AreEqual(MsalError.PasswordRequiredForManagedUserError, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public async Task SilentAuthStrategyFallbackTestAsync() { using (var harness = CreateBrokerHelper()) { //SilentRequest should always get an exception from the local client strategy and use the broker strategy instead when the right error codes //are thrown. // Arrange var mockBroker = Substitute.For <IBroker>(); var expectedAccount = Substitute.For <IAccount>(); mockBroker.GetAccountsAsync( TestConstants.ClientId, TestConstants.RedirectUri, AuthorityInfo.FromAuthorityUri(TestConstants.AuthorityCommonTenant, true), Arg.Any <ICacheSessionManager>(), Arg.Any <IInstanceDiscoveryManager>()).Returns(new[] { expectedAccount }); mockBroker.IsBrokerInstalledAndInvokable().Returns(false); var platformProxy = Substitute.For <IPlatformProxy>(); platformProxy.CanBrokerSupportSilentAuth().Returns(true); platformProxy.CreateBroker(null, null).ReturnsForAnyArgs(mockBroker); harness.ServiceBundle.SetPlatformProxyForTest(platformProxy); var mockClientStrategy = Substitute.For <ISilentAuthRequestStrategy>(); var mockBrokerStrategy = Substitute.For <ISilentAuthRequestStrategy>(); var brokerAuthenticationResult = new AuthenticationResult(); var invalidGrantException = new MsalClientException(MsalError.InvalidGrantError); var noAccountException = new MsalClientException(MsalError.NoAccountForLoginHint); var noTokensException = new MsalClientException(MsalError.NoTokensFoundError); mockBrokerStrategy.ExecuteAsync(default).Returns(brokerAuthenticationResult);
public async Task AcquireTokenByIntegratedWindowsAuthTest_ManagedUserAsync() { // Arrange using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); AddMockHandlerDefaultUserRealmDiscovery_ManagedUser(httpManager); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .BuildConcrete(); // Act MsalClientException exception = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app .AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope) .WithUsername(TestConstants.s_user.Username) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false)).ConfigureAwait(false); // Assert Assert.AreEqual(MsalError.IntegratedWindowsAuthNotSupportedForManagedUser, exception.ErrorCode); } }
public void NoAuthPrefix() { var scheme = new SSHCertAuthenticationScheme("kid", "jwk"); MsalClientException ex = AssertException.Throws <MsalClientException>(() => scheme.AuthorizationHeaderPrefix); Assert.AreEqual(MsalError.SSHCertUsedAsHttpHeader, ex.ErrorCode); }
public async Task PopWhenBrokerDoesNotSupportPop_Async() { // Arrange var mockBroker = Substitute.For <IBroker>(); mockBroker.IsBrokerInstalledAndInvokable(AuthorityType.Aad).Returns(true); mockBroker.IsPopSupported.Returns(false); var pca = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithExperimentalFeatures(true) .WithBrokerPreview() .WithTestBroker(mockBroker) .BuildConcrete(); pca.ServiceBundle.Config.BrokerCreatorFunc = (x, y, z) => mockBroker; // Act MsalClientException ex = await AssertException.TaskThrowsAsync <MsalClientException>(async() => await pca.AcquireTokenInteractive(TestConstants.s_graphScopes) .WithProofOfPossession(TestConstants.Nonce, HttpMethod.Get, new Uri(TestConstants.AuthorityCommonTenant)) .ExecuteAsync() .ConfigureAwait(false)) .ConfigureAwait(false); Assert.AreEqual(MsalError.BrokerDoesNotSupportPop, ex.ErrorCode); Assert.AreEqual(MsalErrorMessage.BrokerDoesNotSupportPop, ex.Message); }
public async Task ExperimentalFeatureExceptionAsync() { var cca = ConfidentialClientApplicationBuilder.Create(Guid.NewGuid().ToString()).WithClientSecret("some-secret").Build(); MsalClientException ex = await AssertException.TaskThrowsAsync <MsalClientException>( () => cca.AcquireTokenForClient(new[] { "scope" }).WithProofOfPossession(null).ExecuteAsync()) .ConfigureAwait(false); Assert.AreEqual(MsalError.ExperimentalFeature, ex.ErrorCode); }
[TestMethod] // TODO: bogavril - expect this case to be removed - MSAL should accept different port public async Task DefaultOsBrowserWebUi_ReturnUriInvalid_Async() { string differentPortRedirectUri = TestAuthorizationResponseUri.Replace(TestRedirectUri, "http://localhost:1111"); MsalClientException ex = await AssertException.TaskThrowsAsync <MsalClientException>( () => AcquireAuthCodeAsync(responseUriString : differentPortRedirectUri)) .ConfigureAwait(false); Assert.AreEqual(MsalError.LoopbackResponseUriMisatch, ex.ErrorCode); }
public void SilentAuthStrategyFallbackTest() { using (var harness = CreateBrokerHelper()) { //SilentRequest should always get an exception from the local client strategy and use the broker strategy instead when the right error codes //are thrown. // Arrange var mockBroker = Substitute.For <IBroker>(); var expectedAccount = Substitute.For <IAccount>(); mockBroker.GetAccountsAsync(TestConstants.ClientId, TestConstants.RedirectUri).Returns(new[] { expectedAccount }); mockBroker.IsBrokerInstalledAndInvokable().Returns(false); var platformProxy = Substitute.For <IPlatformProxy>(); platformProxy.CanBrokerSupportSilentAuth().Returns(true); platformProxy.CreateBroker(null).Returns(mockBroker); harness.ServiceBundle.SetPlatformProxyForTest(platformProxy); var mockClientStrategy = Substitute.For <ISilentAuthRequestStrategy>(); var mockBrokerStrategy = Substitute.For <ISilentAuthRequestStrategy>(); var mockBrokerAuthenticationResult = new AuthenticationResult(); var invlidGrantException = new MsalClientException(MsalError.InvalidGrantError); var NoAccountException = new MsalClientException(MsalError.NoAccountForLoginHint); var NoTokensException = new MsalClientException(MsalError.NoTokensFoundError); mockBrokerStrategy.ExecuteAsync(new CancellationToken()).Returns(mockBrokerAuthenticationResult); mockClientStrategy.ExecuteAsync(new CancellationToken()).Throws(invlidGrantException); //Execute silent request with invalid grant var silentRequest = new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters, mockClientStrategy, mockBrokerStrategy); var result = silentRequest.ExecuteTestAsync(new CancellationToken()).Result; Assert.AreEqual(result, mockBrokerAuthenticationResult); //Execute silent request with no accounts exception mockClientStrategy = Substitute.For <ISilentAuthRequestStrategy>(); mockClientStrategy.ExecuteAsync(new CancellationToken()).Throws(NoAccountException); silentRequest = new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters, mockClientStrategy, mockBrokerStrategy); result = silentRequest.ExecuteTestAsync(new CancellationToken()).Result; Assert.AreEqual(result, mockBrokerAuthenticationResult); //Execute silent request with no tokens exception mockClientStrategy = Substitute.For <ISilentAuthRequestStrategy>(); mockClientStrategy.ExecuteAsync(new CancellationToken()).Throws(NoTokensException); silentRequest = new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters, mockClientStrategy, mockBrokerStrategy); result = silentRequest.ExecuteTestAsync(new CancellationToken()).Result; Assert.AreEqual(result, mockBrokerAuthenticationResult); } }
public async Task MexEndpointFailsToResolveTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedUrl = "https://msft.sts.microsoft.com/adfs/services/trust/mex", ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml")) .Replace("<wsp:All>", " ")) } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Call acquire token, Mex parser fails MsalClientException result = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check exception message Assert.AreEqual("Parsing WS metadata exchange failed", result.Message); Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public async Task PopWhenBrokerIsNotEnabledForATS_Async() { // Arrange var pca = PublicClientApplicationBuilder .Create(TestConstants.ClientId) .WithExperimentalFeatures() .BuildConcrete(); // Act MsalClientException ex = await AssertException.TaskThrowsAsync <MsalClientException>(async() => await pca.AcquireTokenSilent(TestConstants.s_graphScopes, TestConstants.LocalAccountId) .WithProofOfPossession(TestConstants.Nonce, HttpMethod.Get, new Uri(TestConstants.AuthorityCommonTenant)) .ExecuteAsync() .ConfigureAwait(false)) .ConfigureAwait(false); Assert.AreEqual(MsalError.BrokerRequiredForPop, ex.ErrorCode); Assert.AreEqual(MsalErrorMessage.BrokerRequiredForPop, ex.Message); }
public async Task AcquireTokenByIntegratedWindowsAuthTest_UnknownUserAsync() { // Arrange using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); // user realm discovery - unknown user type httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\"," + "\"account_type\":\"Bogus\"}") } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Act MsalClientException exception = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app .AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope) .WithUsername(TestConstants.s_user.Username) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false)).ConfigureAwait(false); // Assert Assert.AreEqual(MsalError.UnknownUserType, exception.ErrorCode); } }
public void MsalClientException_FromMessageAndCode() { // Act var msalException = new MsalClientException(ExCode, ExMessage); // Assert var msalClientException = msalException as MsalClientException; Assert.AreEqual(ExCode, msalClientException.ErrorCode); Assert.AreEqual(ExMessage, msalClientException.Message); Assert.IsNull(msalClientException.InnerException); // Act string piiMessage = MsalLogger.GetPiiScrubbedExceptionDetails(msalException); // Assert Assert.IsFalse(string.IsNullOrEmpty(piiMessage)); Assert.IsTrue( piiMessage.Contains(typeof(MsalClientException).Name), "The pii message should contain the exception type"); Assert.IsTrue(piiMessage.Contains(ExCode)); Assert.IsFalse(piiMessage.Contains(ExMessage)); }
public void MsalClientExceptionCanSerializeAndDeserializeRoundTrip() { var ex = new MsalClientException(SomeErrorCode, SomeErrorMessage); SerializeDeserializeAndValidate(ex, typeof(MsalClientException), false); }