public async Task WhenSignatureVerificationSucceeds_InvokesConfiguredCallback()
{
_request.Headers["Authorization"] = "TestScheme abc123";
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", "john.doe") }));
var successResult = new RequestSignatureVerificationResultSuccess(
new Client("c1", "test", SignatureAlgorithm.CreateForVerification("s3cr3t"), TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(1)),
new Signature(),
principal);
A.CallTo(() => _options.RequestSignatureVerifier.VerifySignature(
A <IOwinRequest> .That.Matches(ConvertedRequest),
A <SignedHttpRequestAuthenticationOptions> ._))
.Returns(successResult);
RequestSignatureVerificationResult resultFromCallback = null;
_options.OnIdentityVerified = (request, success) => {
resultFromCallback = success;
return(Task.CompletedTask);
};
await _method();
resultFromCallback.Should().Be(successResult);
}
public async Task WhenSignatureVerificationSucceeds_ReturnsAuthenticationTicket()
{
_request.Headers["Authorization"] = "TestScheme abc123";
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", "john.doe") }));
var successResult = new RequestSignatureVerificationResultSuccess(
new Client(
"c1",
"test",
SignatureAlgorithm.CreateForVerification("s3cr3t"),
TimeSpan.FromMinutes(1),
TimeSpan.FromMinutes(1),
RequestTargetEscaping.RFC3986),
new HttpRequestForVerification(),
principal);
A.CallTo(() => _options.RequestSignatureVerifier.VerifySignature(
A <IOwinRequest> .That.Matches(ConvertedRequest),
A <SignedHttpRequestAuthenticationOptions> ._))
.Returns(successResult);
var actual = await _method();
actual.Should().BeEquivalentTo(new AuthenticationTicket(principal.Identity as ClaimsIdentity, new AuthenticationProperties()));
}
public async Task WhenVerificationSucceeds_InvokesConfiguredCallback()
{
_httpRequest.Headers["Authorization"] = "tests-scheme abc123";
var principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", "john.doe") }));
var successResult = new RequestSignatureVerificationResultSuccess(
new Client(
"app1",
"Unit test app",
new CustomSignatureAlgorithm("test"),
TimeSpan.FromMinutes(1),
TimeSpan.FromMinutes(1),
RequestTargetEscaping.RFC3986),
new HttpRequestForVerification(),
principal);
A.CallTo(() => _requestSignatureVerifier.VerifySignature(_httpRequest, _options))
.Returns(successResult);
RequestSignatureVerificationResult resultFromCallback = null;
_options.OnIdentityVerified = (request, success) => {
resultFromCallback = success;
return(Task.CompletedTask);
};
await _sut.DoAuthenticate();
resultFromCallback.Should().Be(successResult);
}
public VerifySignature()
{
_httpRequest = new DefaultHttpContext().Request;
_httpRequest.Method = "POST";
_httpRequest.Scheme = "https";
_httpRequest.Host = new HostString("unittest.com", 9000);
_options = new SignedRequestAuthenticationOptions();
_requestForVerification = new HttpRequestForVerification {
Method = HttpMethod.Post,
RequestUri = "https://unittest.com:9000".ToUri(),
Signature = (Signature)TestModels.Signature.Clone()
};
_verificationSuccessResult = new RequestSignatureVerificationResultSuccess(
new Client(
_requestForVerification.Signature.KeyId,
"Unit test app",
new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA256),
TimeSpan.FromMinutes(1),
TimeSpan.FromMinutes(1),
RequestTargetEscaping.RFC3986),
_requestForVerification,
new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", "john.doe") })));
}
