public void WhenAuthorizationCodeHasExpired_ThenThrowException()
{
var mocker = new AutoMoqer();
mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.AuthorizationCode);
mocker.GetMock <IConfiguration>().Setup(x => x.AuthorizationTokenExpirationLength).Returns(300);
mocker.SetInstance <IOAuthIssuer>(new OAuthIssuer());
var issuer = new OAuthIssuer();
var token = issuer.GenerateAuthorizationToken(new TokenData {
ConsumerId = 1, Timestamp = DateTime.UtcNow.AddHours(-1).Ticks
});
mocker.GetMock <IOAuthRequest>().Setup(x => x.AuthorizationCode).Returns(token);
var authorizer = mocker.Resolve <AuthorizationCodeAuthorizer>();
try
{
authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object);
Assert.Fail("Exception not thrown");
}
catch (OAuthException ex)
{
Assert.AreEqual(ErrorCode.InvalidRequest, ex.ErrorCode);
Assert.IsTrue(ex.ErrorDescription.HasValue());
}
}
public void DecodeAuthorizationToken_DecodesToken()
{
var ticks = DateTime.Now.Ticks;
var data = new TokenData {
ConsumerId = 1, Timestamp = ticks, ResourceOwnerId = 3
};
var issuer = new OAuthIssuer();
var token1 = issuer.GenerateAuthorizationToken(data);
var token = issuer.DecodeAuthorizationToken(token1);
Assert.AreEqual(1, token.ConsumerId);
Assert.AreEqual(ticks, token.Timestamp);
Assert.AreEqual(3, token.ResourceOwnerId);
Assert.IsNull(token.RedirectUri);
data = new TokenData {
ConsumerId = 1, Timestamp = ticks, ResourceOwnerId = 3, RedirectUri = "http://test.com"
};
token1 = issuer.GenerateAuthorizationToken(data);
token = issuer.DecodeAuthorizationToken(token1);
Assert.AreEqual(1, token.ConsumerId);
Assert.AreEqual(ticks, token.Timestamp);
Assert.AreEqual(3, token.ResourceOwnerId);
Assert.AreEqual("http://test.com", token.RedirectUri);
}
public void WhenAccessTokenIsValid_ThenReturnTrue()
{
var mocker = new AutoMoqer();
mocker.MockServiceLocator();
var issuer = new OAuthIssuer();
mocker.GetMock <IOAuthServiceLocator>().Setup(x => x.Issuer).Returns(issuer);
mocker.GetMock <IConfiguration>().Setup(x => x.AccessTokenExpirationLength).Returns(3600);
var validator = mocker.Resolve <ResourceRequestAuthorizer>();
var token =
issuer.GenerateAccessToken(new TokenData
{
ConsumerId = 1,
ResourceOwnerId = 5,
Timestamp = DateTimeOffset.UtcNow.AddMinutes(-5).Ticks
});
mocker.GetMock <IOAuthRequest>().Setup(x => x.AccessToken).Returns(token);
var result = validator.Authorize(mocker.GetMock <IOAuthRequest>().Object);
Assert.IsTrue(result);
}
public void WhenConsumerIsNolongerApproved_ThenThrowsException()
{
var mocker = new AutoMoqer();
mocker.GetMock <IOAuthRequest>().Setup(x => x.ContentType).Returns(ContentType.FormEncoded);
mocker.GetMock <IOAuthRequest>().Setup(x => x.ClientId).Returns("clientid");
mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.RefreshToken);
mocker.GetMock <IConsumerRepository>().Setup(x => x.GetByClientId("clientid")).Returns(new ConsumerImpl {
ConsumerId = 12, ClientId = "clientid", Secret = "clientsecret"
});
mocker.GetMock <IResourceOwnerRepository>().Setup(x => x.IsConsumerApproved(10, 12)).Returns(false);
mocker.GetMock <IOAuthRequest>().Setup(x => x.ClientSecret).Returns("clientsecret");
mocker.SetInstance <IOAuthIssuer>(new OAuthIssuer());
var issuer = new OAuthIssuer();
var authorizer = mocker.Resolve <RefreshTokenRequestAuthorizer>();
var token = issuer.GenerateRefreshToken(new TokenData {
ConsumerId = 12, ResourceOwnerId = 10, Timestamp = 1
});
mocker.GetMock <IOAuthRequest>().Setup(x => x.RefreshToken).Returns(token);
try
{
authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object);
Assert.Fail("Exception not thrown");
}
catch (OAuthException ex)
{
Assert.AreEqual(ErrorCode.UnauthorizedClient, ex.ErrorCode);
Assert.IsTrue(!string.IsNullOrWhiteSpace(ex.ErrorDescription));
}
}
public void AccessTokenAndRefreshTokenAreNotEqual()
{
var issuer = new OAuthIssuer();
var data = new TokenData {
ConsumerId = 12345, ResourceOwnerId = 12345, Timestamp = DateTime.Now.Ticks
};
var accessToken = issuer.GenerateAccessToken(data);
var refreshToken = issuer.GenerateRefreshToken(data);
Assert.AreNotEqual(accessToken, refreshToken);
}
public void DecodeAccessToken_DecodesToken()
{
var ticks = DateTime.Now.Ticks;
var data = new TokenData {
ConsumerId = 1, ResourceOwnerId = 2, Timestamp = ticks
};
var issuer = new OAuthIssuer();
var token1 = issuer.GenerateAccessToken(data);
var token = issuer.DecodeAccessToken(token1);
Assert.AreEqual(2, token.ResourceOwnerId);
Assert.AreEqual(ticks, token.Timestamp);
}
public void GenerateRefreshToken_GeneratesToken()
{
var ticks = DateTime.Now.Ticks;
var data = new TokenData {
ConsumerId = 1, ResourceOwnerId = 2, Timestamp = ticks
};
var issuer = new OAuthIssuer();
var token1 = issuer.GenerateRefreshToken(data);
var token2 = issuer.GenerateRefreshToken(data);
var token3 = issuer.GenerateRefreshToken(data);
Assert.AreNotEqual(token1, token2);
Assert.AreNotEqual(token1, token3);
Assert.AreNotEqual(token2, token3);
}
public void GenerateAuthorizationToken_GeneratesCode()
{
var ticks = DateTime.Now.Ticks;
var data = new TokenData {
ConsumerId = 1, ResourceOwnerId = 2, Timestamp = ticks, RedirectUri = "http://www.test.com"
};
var issuer = new OAuthIssuer();
var token1 = issuer.GenerateAuthorizationToken(data);
data.RedirectUri = null;
var token2 = issuer.GenerateAuthorizationToken(data);
data.RedirectUri = "http://test.com";
var token3 = issuer.GenerateAuthorizationToken(data);
Assert.AreNotEqual(token1, token2);
Assert.AreNotEqual(token1, token3);
Assert.AreNotEqual(token2, token3);
}
public void WhenDataIsValid_ThenNewTokenIsCreated()
{
var mocker = new AutoMoqer();
mocker.GetMock <IOAuthRequest>().Setup(x => x.ContentType).Returns(ContentType.FormEncoded);
mocker.GetMock <IOAuthRequest>().Setup(x => x.ClientId).Returns("clientid");
mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.RefreshToken);
mocker.GetMock <IConsumerRepository>().Setup(x => x.GetByClientId("clientid")).Returns(new ConsumerImpl {
ConsumerId = 12, ClientId = "clientid", Secret = "clientsecret"
});
mocker.GetMock <IResourceOwnerRepository>().Setup(x => x.IsConsumerApproved(10, 12)).Returns(true);
mocker.GetMock <IOAuthRequest>().Setup(x => x.ClientSecret).Returns("clientsecret");
mocker.SetInstance <IOAuthIssuer>(new OAuthIssuer());
var issuer = new OAuthIssuer();
var authorizer = mocker.Resolve <RefreshTokenRequestAuthorizer>();
var token = issuer.GenerateRefreshToken(new TokenData {
ConsumerId = 12, ResourceOwnerId = 10, Timestamp = 1
});
mocker.GetMock <IOAuthRequest>().Setup(x => x.RefreshToken).Returns(token);
var newToken = authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object);
Assert.IsNotNull(newToken);
var accessTokenData = issuer.DecodeAccessToken(newToken.AccessToken);
Assert.IsNotNull(accessTokenData);
Assert.AreEqual(10, accessTokenData.ResourceOwnerId);
Assert.IsTrue(accessTokenData.Timestamp > DateTimeOffset.UtcNow.AddMinutes(-5).Ticks);
var refreshTokenData = issuer.DecodeRefreshToken(newToken.RefreshToken);
Assert.IsNotNull(refreshTokenData);
Assert.AreEqual(12, refreshTokenData.ConsumerId);
Assert.AreEqual(10, refreshTokenData.ResourceOwnerId);
Assert.IsTrue(refreshTokenData.Timestamp > DateTimeOffset.UtcNow.AddMinutes(-5).Ticks);
}
public void WhenRedirectUriDoesNotMatch_ThenExceptionIsThrown()
{
var mocker = new AutoMoqer();
mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.AuthorizationCode);
mocker.GetMock <IConfiguration>().Setup(x => x.AuthorizationTokenExpirationLength).Returns(300);
mocker.GetMock <IConfiguration>().Setup(x => x.AccessTokenExpirationLength).Returns(500);
var issuer = new OAuthIssuer();
mocker.SetInstance <IOAuthIssuer>(issuer);
var token = issuer.GenerateAuthorizationToken(new TokenData {
ConsumerId = 1, Timestamp = DateTime.UtcNow.Ticks, RedirectUri = "http://test.com"
});
mocker.GetMock <IOAuthRequest>().Setup(x => x.AuthorizationCode).Returns(token);
var authorizer = mocker.Resolve <AuthorizationCodeAuthorizer>();
try
{
authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object);
Assert.Fail("Exception not thrown");
}
catch (OAuthException ex)
{
Assert.AreEqual(ErrorCode.InvalidRequest, ex.ErrorCode);
Assert.IsTrue(ex.ErrorDescription.HasValue());
}
mocker.GetMock <IOAuthRequest>().Setup(x => x.RedirectUri).Returns("http://test.com");
var result = authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object);
Assert.IsNotNull(result);
Assert.IsTrue(result.AccessToken.HasValue());
Assert.AreEqual(500, result.ExpiresIn);
Assert.IsTrue(result.RefreshToken.HasValue());
}
public void ReturnsAccessToken()
{
var mocker = new AutoMoqer();
mocker.GetMock <IOAuthRequest>().Setup(x => x.GrantType).Returns(GrantType.AuthorizationCode);
mocker.GetMock <IConfiguration>().Setup(x => x.AuthorizationTokenExpirationLength).Returns(300);
mocker.GetMock <IConfiguration>().Setup(x => x.AccessTokenExpirationLength).Returns(500);
var issuer = new OAuthIssuer();
mocker.SetInstance <IOAuthIssuer>(issuer);
var token = issuer.GenerateAuthorizationToken(new TokenData {
ConsumerId = 1, Timestamp = DateTime.UtcNow.Ticks
});
mocker.GetMock <IOAuthRequest>().Setup(x => x.AuthorizationCode).Returns(token);
var authorizer = mocker.Resolve <AuthorizationCodeAuthorizer>();
var result = authorizer.Authorize(mocker.GetMock <IOAuthRequest>().Object);
Assert.IsNotNull(result);
Assert.IsTrue(result.AccessToken.HasValue());
Assert.AreEqual(500, result.ExpiresIn);
Assert.IsTrue(result.RefreshToken.HasValue());
}
public void GenerateRefreshToken_ThrowExceptionWhenDataIsNull()
{
var issuer = new OAuthIssuer();
issuer.GenerateRefreshToken(null);
}
public void DecodeAccessToken_ThrowsExceptionWhenDataIsNull()
{
var issuer = new OAuthIssuer();
issuer.DecodeAccessToken(null);
}
public void GenerateAuthorizationToken_ThrowsExceptionWhenDataIsNull()
{
var issuer = new OAuthIssuer();
issuer.GenerateAuthorizationToken(null);
}
