public void WhenAuthorizationCodeHasExpired_ThenThrowException() { var mocker = new AutoMoqer(); mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.AuthorizationCode); mocker.GetMock <IConfiguration>().Setup(x => x.AuthorizationTokenExpirationLength).Returns(300); mocker.SetInstance <IOAuthIssuer>(new OAuthIssuer()); var issuer = new OAuthIssuer(); var token = issuer.GenerateAuthorizationToken(new TokenData { ConsumerId = 1, Timestamp = DateTime.UtcNow.AddHours(-1).Ticks }); mocker.GetMock <IOAuthRequest>().Setup(x => x.AuthorizationCode).Returns(token); var authorizer = mocker.Resolve <AuthorizationCodeAuthorizer>(); try { authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object); Assert.Fail("Exception not thrown"); } catch (OAuthException ex) { Assert.AreEqual(ErrorCode.InvalidRequest, ex.ErrorCode); Assert.IsTrue(ex.ErrorDescription.HasValue()); } }
public void DecodeAuthorizationToken_DecodesToken() { var ticks = DateTime.Now.Ticks; var data = new TokenData { ConsumerId = 1, Timestamp = ticks, ResourceOwnerId = 3 }; var issuer = new OAuthIssuer(); var token1 = issuer.GenerateAuthorizationToken(data); var token = issuer.DecodeAuthorizationToken(token1); Assert.AreEqual(1, token.ConsumerId); Assert.AreEqual(ticks, token.Timestamp); Assert.AreEqual(3, token.ResourceOwnerId); Assert.IsNull(token.RedirectUri); data = new TokenData { ConsumerId = 1, Timestamp = ticks, ResourceOwnerId = 3, RedirectUri = "http://test.com" }; token1 = issuer.GenerateAuthorizationToken(data); token = issuer.DecodeAuthorizationToken(token1); Assert.AreEqual(1, token.ConsumerId); Assert.AreEqual(ticks, token.Timestamp); Assert.AreEqual(3, token.ResourceOwnerId); Assert.AreEqual("http://test.com", token.RedirectUri); }
public void WhenAccessTokenIsValid_ThenReturnTrue() { var mocker = new AutoMoqer(); mocker.MockServiceLocator(); var issuer = new OAuthIssuer(); mocker.GetMock <IOAuthServiceLocator>().Setup(x => x.Issuer).Returns(issuer); mocker.GetMock <IConfiguration>().Setup(x => x.AccessTokenExpirationLength).Returns(3600); var validator = mocker.Resolve <ResourceRequestAuthorizer>(); var token = issuer.GenerateAccessToken(new TokenData { ConsumerId = 1, ResourceOwnerId = 5, Timestamp = DateTimeOffset.UtcNow.AddMinutes(-5).Ticks }); mocker.GetMock <IOAuthRequest>().Setup(x => x.AccessToken).Returns(token); var result = validator.Authorize(mocker.GetMock <IOAuthRequest>().Object); Assert.IsTrue(result); }
public void WhenConsumerIsNolongerApproved_ThenThrowsException() { var mocker = new AutoMoqer(); mocker.GetMock <IOAuthRequest>().Setup(x => x.ContentType).Returns(ContentType.FormEncoded); mocker.GetMock <IOAuthRequest>().Setup(x => x.ClientId).Returns("clientid"); mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.RefreshToken); mocker.GetMock <IConsumerRepository>().Setup(x => x.GetByClientId("clientid")).Returns(new ConsumerImpl { ConsumerId = 12, ClientId = "clientid", Secret = "clientsecret" }); mocker.GetMock <IResourceOwnerRepository>().Setup(x => x.IsConsumerApproved(10, 12)).Returns(false); mocker.GetMock <IOAuthRequest>().Setup(x => x.ClientSecret).Returns("clientsecret"); mocker.SetInstance <IOAuthIssuer>(new OAuthIssuer()); var issuer = new OAuthIssuer(); var authorizer = mocker.Resolve <RefreshTokenRequestAuthorizer>(); var token = issuer.GenerateRefreshToken(new TokenData { ConsumerId = 12, ResourceOwnerId = 10, Timestamp = 1 }); mocker.GetMock <IOAuthRequest>().Setup(x => x.RefreshToken).Returns(token); try { authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object); Assert.Fail("Exception not thrown"); } catch (OAuthException ex) { Assert.AreEqual(ErrorCode.UnauthorizedClient, ex.ErrorCode); Assert.IsTrue(!string.IsNullOrWhiteSpace(ex.ErrorDescription)); } }
public void AccessTokenAndRefreshTokenAreNotEqual() { var issuer = new OAuthIssuer(); var data = new TokenData { ConsumerId = 12345, ResourceOwnerId = 12345, Timestamp = DateTime.Now.Ticks }; var accessToken = issuer.GenerateAccessToken(data); var refreshToken = issuer.GenerateRefreshToken(data); Assert.AreNotEqual(accessToken, refreshToken); }
public void DecodeAccessToken_DecodesToken() { var ticks = DateTime.Now.Ticks; var data = new TokenData { ConsumerId = 1, ResourceOwnerId = 2, Timestamp = ticks }; var issuer = new OAuthIssuer(); var token1 = issuer.GenerateAccessToken(data); var token = issuer.DecodeAccessToken(token1); Assert.AreEqual(2, token.ResourceOwnerId); Assert.AreEqual(ticks, token.Timestamp); }
public void GenerateRefreshToken_GeneratesToken() { var ticks = DateTime.Now.Ticks; var data = new TokenData { ConsumerId = 1, ResourceOwnerId = 2, Timestamp = ticks }; var issuer = new OAuthIssuer(); var token1 = issuer.GenerateRefreshToken(data); var token2 = issuer.GenerateRefreshToken(data); var token3 = issuer.GenerateRefreshToken(data); Assert.AreNotEqual(token1, token2); Assert.AreNotEqual(token1, token3); Assert.AreNotEqual(token2, token3); }
public void GenerateAuthorizationToken_GeneratesCode() { var ticks = DateTime.Now.Ticks; var data = new TokenData { ConsumerId = 1, ResourceOwnerId = 2, Timestamp = ticks, RedirectUri = "http://www.test.com" }; var issuer = new OAuthIssuer(); var token1 = issuer.GenerateAuthorizationToken(data); data.RedirectUri = null; var token2 = issuer.GenerateAuthorizationToken(data); data.RedirectUri = "http://test.com"; var token3 = issuer.GenerateAuthorizationToken(data); Assert.AreNotEqual(token1, token2); Assert.AreNotEqual(token1, token3); Assert.AreNotEqual(token2, token3); }
public void WhenDataIsValid_ThenNewTokenIsCreated() { var mocker = new AutoMoqer(); mocker.GetMock <IOAuthRequest>().Setup(x => x.ContentType).Returns(ContentType.FormEncoded); mocker.GetMock <IOAuthRequest>().Setup(x => x.ClientId).Returns("clientid"); mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.RefreshToken); mocker.GetMock <IConsumerRepository>().Setup(x => x.GetByClientId("clientid")).Returns(new ConsumerImpl { ConsumerId = 12, ClientId = "clientid", Secret = "clientsecret" }); mocker.GetMock <IResourceOwnerRepository>().Setup(x => x.IsConsumerApproved(10, 12)).Returns(true); mocker.GetMock <IOAuthRequest>().Setup(x => x.ClientSecret).Returns("clientsecret"); mocker.SetInstance <IOAuthIssuer>(new OAuthIssuer()); var issuer = new OAuthIssuer(); var authorizer = mocker.Resolve <RefreshTokenRequestAuthorizer>(); var token = issuer.GenerateRefreshToken(new TokenData { ConsumerId = 12, ResourceOwnerId = 10, Timestamp = 1 }); mocker.GetMock <IOAuthRequest>().Setup(x => x.RefreshToken).Returns(token); var newToken = authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object); Assert.IsNotNull(newToken); var accessTokenData = issuer.DecodeAccessToken(newToken.AccessToken); Assert.IsNotNull(accessTokenData); Assert.AreEqual(10, accessTokenData.ResourceOwnerId); Assert.IsTrue(accessTokenData.Timestamp > DateTimeOffset.UtcNow.AddMinutes(-5).Ticks); var refreshTokenData = issuer.DecodeRefreshToken(newToken.RefreshToken); Assert.IsNotNull(refreshTokenData); Assert.AreEqual(12, refreshTokenData.ConsumerId); Assert.AreEqual(10, refreshTokenData.ResourceOwnerId); Assert.IsTrue(refreshTokenData.Timestamp > DateTimeOffset.UtcNow.AddMinutes(-5).Ticks); }
public void WhenRedirectUriDoesNotMatch_ThenExceptionIsThrown() { var mocker = new AutoMoqer(); mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.AuthorizationCode); mocker.GetMock <IConfiguration>().Setup(x => x.AuthorizationTokenExpirationLength).Returns(300); mocker.GetMock <IConfiguration>().Setup(x => x.AccessTokenExpirationLength).Returns(500); var issuer = new OAuthIssuer(); mocker.SetInstance <IOAuthIssuer>(issuer); var token = issuer.GenerateAuthorizationToken(new TokenData { ConsumerId = 1, Timestamp = DateTime.UtcNow.Ticks, RedirectUri = "http://test.com" }); mocker.GetMock <IOAuthRequest>().Setup(x => x.AuthorizationCode).Returns(token); var authorizer = mocker.Resolve <AuthorizationCodeAuthorizer>(); try { authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object); Assert.Fail("Exception not thrown"); } catch (OAuthException ex) { Assert.AreEqual(ErrorCode.InvalidRequest, ex.ErrorCode); Assert.IsTrue(ex.ErrorDescription.HasValue()); } mocker.GetMock <IOAuthRequest>().Setup(x => x.RedirectUri).Returns("http://test.com"); var result = authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object); Assert.IsNotNull(result); Assert.IsTrue(result.AccessToken.HasValue()); Assert.AreEqual(500, result.ExpiresIn); Assert.IsTrue(result.RefreshToken.HasValue()); }
public void ReturnsAccessToken() { var mocker = new AutoMoqer(); mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.AuthorizationCode); mocker.GetMock <IConfiguration>().Setup(x => x.AuthorizationTokenExpirationLength).Returns(300); mocker.GetMock <IConfiguration>().Setup(x => x.AccessTokenExpirationLength).Returns(500); var issuer = new OAuthIssuer(); mocker.SetInstance <IOAuthIssuer>(issuer); var token = issuer.GenerateAuthorizationToken(new TokenData { ConsumerId = 1, Timestamp = DateTime.UtcNow.Ticks }); mocker.GetMock <IOAuthRequest>().Setup(x => x.AuthorizationCode).Returns(token); var authorizer = mocker.Resolve <AuthorizationCodeAuthorizer>(); var result = authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object); Assert.IsNotNull(result); Assert.IsTrue(result.AccessToken.HasValue()); Assert.AreEqual(500, result.ExpiresIn); Assert.IsTrue(result.RefreshToken.HasValue()); }
public void GenerateRefreshToken_ThrowExceptionWhenDataIsNull() { var issuer = new OAuthIssuer(); issuer.GenerateRefreshToken(null); }
public void DecodeAccessToken_ThrowsExceptionWhenDataIsNull() { var issuer = new OAuthIssuer(); issuer.DecodeAccessToken(null); }
public void GenerateAuthorizationToken_ThrowsExceptionWhenDataIsNull() { var issuer = new OAuthIssuer(); issuer.GenerateAuthorizationToken(null); }