public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new RequiresHawkAttribute((id) =>
{
return(credential);
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
request.Headers.Host = "example.com";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
public void ShouldReturnChallengeOnEmptyAuthHeaderWithStatusUnauthorized()
{
var filter = new RequiresHawkAttribute((id) =>
{
return(new HawkCredential
{
Id = "123",
Algorithm = "hmac-sha-0",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
});
});
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
context.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.IsTrue(context.Response.Headers.WwwAuthenticate.Any(h => h.Scheme == "Hawk"));
}
public void ShouldParseValidBewit()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new RequiresHawkAttribute((id) =>
{
return(credential);
});
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential, 1000);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a&bewit=" + bewit);
request.Headers.Host = "example.com";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
public void ShouldFailOnInvalidCredentials()
{
var filter = new RequiresHawkAttribute((id) =>
{
return new HawkCredential
{
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\"");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.AreEqual("Invalid credentials", context.Response.ReasonPhrase);
}
public void ShouldFailOnUnknownBadMac()
{
var filter = new RequiresHawkAttribute((id) =>
{
return(new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
});
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"/qwS4UjfVWMcU4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.AreEqual("Bad mac", context.Response.ReasonPhrase);
}
public void ShouldFailOnInvalidCredentials()
{
var filter = new RequiresHawkAttribute((id) =>
{
return(new HawkCredential
{
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
});
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\"");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.AreEqual("Invalid credentials", context.Response.ReasonPhrase);
}
public void ShouldFailOnInvalidAuthFormat()
{
var filter = new RequiresHawkAttribute(GetCredential);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.BadRequest, context.Response.StatusCode);
Assert.AreEqual("Invalid header format", context.Response.ReasonPhrase);
}
public void ShouldFailOnWMissingHostHeader()
{
var filter = new RequiresHawkAttribute(GetCredential);
var request = new HttpRequestMessage();
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "id = \"123\", ts = \"1353788437\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"");
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.BadRequest, context.Response.StatusCode);
Assert.AreEqual("Missing Host header", context.Response.ReasonPhrase);
}
public void ShouldNotAuthorizeOnWrongAuthScheme()
{
var filter = new RequiresHawkAttribute(GetCredential);
var request = new HttpRequestMessage(HttpMethod.Get,
"http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Basic");
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.IsNotNull(context.Response);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
}
public void ShouldFailOnMissingAuthAttribute()
{
var filter = new RequiresHawkAttribute(GetCredential);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "ts = \"1353788437\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.AreEqual("Missing attributes", context.Response.ReasonPhrase);
}
public void ShouldFailOnInvalidAuthFormat()
{
var filter = new RequiresHawkAttribute(GetCredential);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.BadRequest, context.Response.StatusCode);
Assert.AreEqual("Invalid header format", context.Response.ReasonPhrase);
}
public void ShouldFailOnCredentialsFuncException()
{
var filter = new RequiresHawkAttribute((id) => { throw new Exception("Invalid"); });
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\"");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.AreEqual("Unknown user", context.Response.ReasonPhrase);
}
public void ShouldFailOnCredentialsFuncException()
{
var filter = new RequiresHawkAttribute((id) => { throw new Exception("Invalid"); });
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\"");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.AreEqual("Unknown user", context.Response.ReasonPhrase);
}
public void ShouldSkipAuthenticationForEndpoint()
{
var filter = new RequiresHawkAttribute((id) =>
{
return(new HawkCredential
{
Id = "123",
Algorithm = "hmac-sha-0",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
});
}, (r) => !r.RequestUri.AbsoluteUri.EndsWith("$metadata"));
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/$metadata");
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.IsNull(context.Response);
}
public void ShoulThrowWhenInvalidRepositoryType()
{
var filter = new RequiresHawkAttribute(typeof(object));
}
public void ShouldSkipAuthenticationForEndpoint()
{
var filter = new RequiresHawkAttribute((id) =>
{
return new HawkCredential
{
Id = "123",
Algorithm = "hmac-sha-0",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
}, (r) => !r.RequestUri.AbsoluteUri.EndsWith("$metadata"));
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/$metadata");
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.IsNull(context.Response);
}
public void ShouldReturnChallengeOnEmptyAuthHeaderWithStatusUnauthorized()
{
var filter = new RequiresHawkAttribute((id) =>
{
return new HawkCredential
{
Id = "123",
Algorithm = "hmac-sha-0",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
});
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
context.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.IsTrue(context.Response.Headers.WwwAuthenticate.Any(h => h.Scheme == "Hawk"));
}
public void ShouldParseValidBewit()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new RequiresHawkAttribute((id) =>
{
return credential;
});
var bewit = Hawk.GetBewit("example.com", new Uri("http://example.com:8080/resource/4?filter=a"), credential, 1000);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a&bewit=" + bewit);
request.Headers.Host = "example.com";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
public void ShouldParseValidAuthHeaderWithSha256()
{
var credential = new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
var filter = new RequiresHawkAttribute((id) =>
{
return credential;
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000);
var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header");
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"",
ts, mac));
request.Headers.Host = "example.com";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(Thread.CurrentPrincipal.GetType(), typeof(ClaimsPrincipal));
}
public void ShouldNotAuthorizeOnWrongAuthScheme()
{
var filter = new RequiresHawkAttribute(GetCredential);
var request = new HttpRequestMessage(HttpMethod.Get,
"http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Basic");
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.IsNotNull(context.Response);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
}
public void ShouldFailOnWMissingHostHeader()
{
var filter = new RequiresHawkAttribute(GetCredential);
var request = new HttpRequestMessage();
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "id = \"123\", ts = \"1353788437\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"");
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.BadRequest, context.Response.StatusCode);
Assert.AreEqual("Missing Host header", context.Response.ReasonPhrase);
}
public void ShoulThrowWhenInvalidRepositoryType()
{
var filter = new RequiresHawkAttribute(typeof(object));
}
public void ShouldFailOnMissingAuthAttribute()
{
var filter = new RequiresHawkAttribute(GetCredential);
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "ts = \"1353788437\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.AreEqual("Missing attributes", context.Response.ReasonPhrase);
}
public void ShouldFailOnUnknownBadMac()
{
var filter = new RequiresHawkAttribute((id) =>
{
return new HawkCredential
{
Id = "123",
Algorithm = "hmacsha256",
Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",
User = "******"
};
});
var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString();
var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com:8080/resource/4?filter=a");
request.Headers.Authorization = new AuthenticationHeaderValue("Hawk", "id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"/qwS4UjfVWMcU4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\"");
request.Headers.Host = "localhost";
var context = new HttpActionContext();
context.ControllerContext = new HttpControllerContext();
context.ControllerContext.Request = request;
filter.OnAuthorization(context);
Assert.AreEqual(HttpStatusCode.Unauthorized, context.Response.StatusCode);
Assert.AreEqual("Bad mac", context.Response.ReasonPhrase);
}
