private static OwinRequest Create(Action <OwinRequest> setup)
{
var request = OwinRequest.Create();
setup(request);
return(request);
}
public void AddingExistingIdentityChangesDefaultButPreservesPrior()
{
var request = OwinRequest.Create();
request.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
var helper = new SecurityHelper(request);
request.User.Identity.AuthenticationType.ShouldBe("Alpha");
request.User.Identity.Name.ShouldBe("Test1");
helper.AddUserIdentity(new GenericIdentity("Test2", "Beta"));
request.User.Identity.AuthenticationType.ShouldBe("Beta");
request.User.Identity.Name.ShouldBe("Test2");
helper.AddUserIdentity(new GenericIdentity("Test3", "Gamma"));
request.User.Identity.AuthenticationType.ShouldBe("Gamma");
request.User.Identity.Name.ShouldBe("Test3");
var principal = (ClaimsPrincipal)request.User;
principal.Identities.Count().ShouldBe(3);
principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
}
public void ShouldFailOnUnknownAuthAttribute()
{
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var request = OwinRequest.Create();
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "get";
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.SetHeader("Authorization", new string[] { "Hawk " +
"id = \"123\", ts = \"1353788437\", nonce = \"1353788437\", x = \"3\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"" });
var response = new OwinResponse(request);
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 401;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = GetCredential
}
);
middleware.Invoke(request, response);
Assert.AreEqual(401, response.StatusCode);
Assert.AreEqual("Unknown attributes", logger.Messages[0]);
}
public void When_matcher_is_asked_to_return_a_request_handler_that_is_set_up_that_handler_is_returned()
{
const string testResponse = "test-response";
var routeHandlers = new Dictionary <RouteBase, Func <OwinRequest, object> >
{
{
new RegexRoute("foo/"), r =>
{
return(testResponse);
}
}
};
var matcher = new RouteMatcher(routeHandlers);
var request = OwinRequest.Create();
request.Path = "foo/";
Assert.That(matcher.HasMatch(request), Is.True);
var handler = matcher.GetMatch(request);
Assert.That(handler(request).ToString(), Is.EqualTo(testResponse));
}
public void ShouldSkipAuthOnWrongAuthScheme()
{
var builder = new AppBuilderFactory().Create();
var request = OwinRequest.Create();
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "get";
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.SetHeader("Authorization", new string[] { "Basic " });
var response = new OwinResponse(request);
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 200;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = GetCredential
}
);
middleware.Invoke(request, response);
Assert.IsNotNull(response);
Assert.AreEqual(200, response.StatusCode);
}
public void ShouldFailOnInvalidAuthFormat()
{
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var request = OwinRequest.Create();
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "get";
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.SetHeader("Authorization", new string[] { "Hawk " +
"" });
var response = new OwinResponse(request);
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 401;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = GetCredential
}
);
middleware.Invoke(request, response);
Assert.AreEqual(401, response.StatusCode);
Assert.AreEqual("Invalid header format", logger.Messages[0]);
}
public void CallingMethodInvokesDelegate()
{
var res = new OwinResponse(OwinRequest.Create());
res.CanSendFile.ShouldBe(false);
string aa = null;
long bb = 0;
long? cc = null;
CancellationToken dd = CancellationToken.None;
var cts = new CancellationTokenSource();
res.SendFileAsyncDelegate = (a, b, c, d) =>
{
aa = a;
bb = b;
cc = c;
dd = d;
return(null);
};
res.SendFileAsync("one", 2, 3, cts.Token);
aa.ShouldBe("one");
bb.ShouldBe(2);
cc.ShouldBe(3);
dd.ShouldBe(cts.Token);
res.SendFileAsync("four");
aa.ShouldBe("four");
bb.ShouldBe(0);
cc.ShouldBe(null);
dd.ShouldBe(CancellationToken.None);
}
private RequestInstance BuildRequest(Action <OwinRequest> configure)
{
OwinRequest request = OwinRequest.Create();
configure(request);
return(new RequestInstance(request.Dictionary, _app));
}
public void SendAsyncKeyDeterminesIfYouCanCallSendFileAsync()
{
var res = new OwinResponse(OwinRequest.Create());
res.CanSendFile.ShouldBe(false);
res.SendFileAsyncDelegate = (a, b, c, d) => null;
res.CanSendFile.ShouldBe(true);
}
public void MissingHeaderReturnsNull()
{
var req = OwinRequest.Create();
req.GetHeader("missing").ShouldBe(null);
req.GetHeaderUnmodified("missing").ShouldBe(null);
req.GetHeaderSplit("missing").ShouldBe(null);
}
public void SingleHeaderReturnedAsSingle()
{
var req = OwinRequest.Create();
req.Headers["x-custom"] = new[] { "one" };
req.GetHeader("x-custom").ShouldBe("one");
req.GetHeaderSplit("x-custom").ShouldBe(new[] { "one" });
req.GetHeaderUnmodified("x-custom").ShouldBe(new[] { "one" });
}
public void DelimitedHeaderSplitByGetHeaderSplit()
{
var req = OwinRequest.Create();
req.Headers["x-custom"] = new[] { "one,two" };
req.GetHeader("x-custom").ShouldBe("one,two");
req.GetHeaderSplit("x-custom").ShouldBe(new[] { "one", "two" });
req.GetHeaderUnmodified("x-custom").ShouldBe(new[] { "one,two" });
}
public void AddHeaderAppendedAsAdditionalArrayItem()
{
var req = OwinRequest.Create();
req.AddHeader("x-custom", "one");
req.Headers["x-custom"].ShouldBe(new[] { "one" });
req.AddHeader("x-custom", "two,three");
req.Headers["x-custom"].ShouldBe(new[] { "one", "two,three" });
}
public void ComplexHeaderReturnedIntactByGetHeaderUnmodified()
{
var req = OwinRequest.Create();
req.Headers["x-custom"] = new[] { "one,two", "three" };
req.GetHeader("x-custom").ShouldBe("one,two,three");
req.GetHeaderSplit("x-custom").ShouldBe(new[] { "one", "two", "three" });
req.GetHeaderUnmodified("x-custom").ShouldBe(new[] { "one,two", "three" });
}
public void SetHeaderAssignsSingleValue()
{
var req = OwinRequest.Create();
req.SetHeader("x-custom", "one");
req.Headers["x-custom"].ShouldBe(new[] { "one" });
req.SetHeader("x-custom", "two,three");
req.Headers["x-custom"].ShouldBe(new[] { "two,three" });
}
public void AddHeaderJoinedCollapsesExistingArray()
{
var req = OwinRequest.Create();
req.SetHeaderUnmodified("x-custom", "one", "two,three");
req.Headers["x-custom"].ShouldBe(new[] { "one", "two,three" });
req.AddHeaderJoined("x-custom", "four,five", "six");
req.Headers["x-custom"].ShouldBe(new[] { "one,two,three,four,five,six" });
}
public Task TheDefaultDefaultShouldBe404()
{
var builder = new AppBuilder();
var app = builder.Build();
var request = OwinRequest.Create();
var response = new OwinResponse(request);
return(app(request.Environment).Then(() => response.StatusCode.ShouldBe(404)));
}
private static void AssertPathMatches(RouteMatcher matcher, string path, string expectedResponse)
{
var request = OwinRequest.Create();
request.Path = path;
var match = matcher.GetMatch(request);
Assert.That(match(request).ToString(), Is.EqualTo(expectedResponse), "invalid match for path:" + path);
}
public static void BuildGet(IDictionary <string, object> environment, string url)
{
var uri = new Uri(url);
var request = OwinRequest.Create(environment);
request.Protocol = "HTTP/1.1";
request.Method = "GET";
BuildRequestFromUri(request, uri);
}
public void AddHeaderUnmodifiedAppendedAsGiven()
{
var req = OwinRequest.Create();
req.AddHeaderUnmodified("x-custom", "one");
req.Headers["x-custom"].ShouldBe(new[] { "one" });
req.AddHeaderUnmodified("x-custom", "two,three");
req.Headers["x-custom"].ShouldBe(new[] { "one", "two,three" });
req.AddHeaderUnmodified("x-custom", "four,five", "six");
req.Headers["x-custom"].ShouldBe(new[] { "one", "two,three", "four,five", "six" });
}
public void SetHeaderJoinedAssignsSingleJoinedValue()
{
var req = OwinRequest.Create();
req.SetHeaderJoined("x-custom", "one");
req.Headers["x-custom"].ShouldBe(new[] { "one" });
req.SetHeaderJoined("x-custom", "two", "three");
req.Headers["x-custom"].ShouldBe(new[] { "two,three" });
req.SetHeaderJoined("x-custom", "four,five", "six");
req.Headers["x-custom"].ShouldBe(new[] { "four,five,six" });
}
public void SetHeaderUnmodifiedAssignsArrayAsProvided()
{
var req = OwinRequest.Create();
req.SetHeaderUnmodified("x-custom", "one");
req.Headers["x-custom"].ShouldBe(new[] { "one" });
req.SetHeaderUnmodified("x-custom", "two", "three");
req.Headers["x-custom"].ShouldBe(new[] { "two", "three" });
req.SetHeaderUnmodified("x-custom", "four,five", "six");
req.Headers["x-custom"].ShouldBe(new[] { "four,five", "six" });
}
public void AddHeaderJoinedAppendedToSingleArrayItem()
{
var req = OwinRequest.Create();
req.AddHeaderJoined("x-custom", "one");
req.Headers["x-custom"].ShouldBe(new[] { "one" });
req.AddHeaderJoined("x-custom", "two,three");
req.Headers["x-custom"].ShouldBe(new[] { "one,two,three" });
req.AddHeaderJoined("x-custom", "four,five", "six");
req.Headers["x-custom"].ShouldBe(new[] { "one,two,three,four,five,six" });
}
public void When_matcher_is_asked_to_match_a_path_that_is_not_set_up_no_match_is_found()
{
var routeHandlers = new Dictionary <RouteBase, Func <OwinRequest, object> >();
var matcher = new RouteMatcher(routeHandlers);
var request = OwinRequest.Create();
request.Path = "foo/";
Assert.That(matcher.HasMatch(request), Is.False);
}
// [Fact] //TODO: don't split quoted commas
public void QuotedCommaShouldNotBeSplit()
{
var req = OwinRequest.Create();
req.SetHeaderUnmodified("x-custom", "\"one,two\"");
req.GetHeaderSplit("x-custom").ShouldBe(new[] { "\"one,two\"" });
req.AddHeaderUnmodified("x-custom", "\"three,four\"");
req.GetHeaderUnmodified("x-custom").ShouldBe(new[] { "\"one,two\"", "\"three,four\"" });
req.GetHeaderSplit("x-custom").ShouldBe(new[] { "\"one,two\"", "\"three,four\"" });
req.AddHeaderJoined("x-custom", "\"five,six\"");
req.GetHeaderUnmodified("x-custom").ShouldBe(new[] { "\"one,two\",\"three,four\",\"five,six\"" });
req.GetHeaderSplit("x-custom").ShouldBe(new[] { "\"one,two\"", "\"three,four\"", "\"five,six\"" });
}
public void When_matcher_is_asked_to_return_a_request_handler_that_is_not_set_up_null_is_returned()
{
var matcher = new RouteMatcher(new Dictionary <RouteBase, Func <OwinRequest, object> > {
});
var request = OwinRequest.Create();
request.Path = "foo/";
Assert.That(matcher.HasMatch(request), Is.False);
var handler = matcher.GetMatch(request);
Assert.That(handler, Is.Null);
}
public void ContentTypeSetsOrRemovesAppropriateHeader()
{
var request = OwinRequest.Create();
var response = new OwinResponse(request);
response.Headers.ContainsKey("Content-Type").ShouldBe(false);
response.ContentType.ShouldBe(null);
response.ContentType = "text/plain";
response.Headers["Content-Type"].ShouldBe(new[] { "text/plain" });
response.ContentType.ShouldBe("text/plain");
response.ContentType = null;
response.Headers.ContainsKey("Content-Type").ShouldBe(false);
response.ContentType.ShouldBe(null);
}
public void When_matcher_is_asked_to_match_a_path_that_is_set_up_match_is_found()
{
var routeHandlers = new Dictionary <RouteBase, Func <OwinRequest, object> >();
routeHandlers.Add(new RegexRoute("foo/"), r => { return("test-response"); });
var matcher = new RouteMatcher(routeHandlers);
var request = OwinRequest.Create();
request.Path = "foo/";
Assert.That(matcher.HasMatch(request), Is.True);
}
public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var logger = new Logger();
var builder = new AppBuilderFactory().Create();
builder.SetLoggerFactory(new LoggerFactory(logger));
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var request = OwinRequest.Create();
request.Set <Action <Action <object>, object> >("server.OnSendingHeaders", RegisterForOnSendingHeaders);
request.Method = "get";
request.SetHeader("Host", new string[] { "example.com" });
request.SetUri(new Uri("http://example.com:8080/resource/4?filter=a"));
request.SetHeader("Authorization", new string[] { "Hawk " +
string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac) });
var response = new OwinResponse(request);
var middleware = new HawkAuthenticationMiddleware(
new AppFuncTransition((env) =>
{
response.StatusCode = 200;
return(Task.FromResult <object>(null));
}),
builder,
new HawkAuthenticationOptions
{
Credentials = (id) => Task.FromResult(credential)
}
);
middleware.Invoke(request, response);
Assert.AreEqual(200, response.StatusCode);
Assert.IsTrue(logger.Messages.Count == 0);
}
private static OwinRequest CreateRequest(string url, string method)
{
var uri = new Uri(url);
var request = OwinRequest.Create();
request.Protocol = "HTTP/1.1";
request.Method = method;
// Setup a empty stream by default
var response = new OwinResponse(request);
response.Body = new MemoryStream();
BuildRequestFromUri(request, uri);
return(request);
}