public void Test_ThrowsArgumentNullExceptionIfHttpContextIsNull()
{
var authenticator = new SpnegoAuthenticator(issuer.Object, logger.Object);
Assert.Throws <ArgumentNullException>(() => authenticator.Authenticate(null));
issuer.Verify(i => i.Authenticate(It.IsAny <string>()), Times.Never);
}
public void Test_Returns_NotSuccess_If_Authorization_HeaderIsNull()
{
var authenticator = new SpnegoAuthenticator(issuer.Object, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.False(result.Succeeded);
issuer.Verify(i => i.Authenticate(It.IsAny <string>()), Times.Never);
}
public void Test_Returns_NotSuccess_If_Authorization_Header_DoesNotStartsWithNegotiate()
{
headers.Add("Authorization", "foo");
var authenticator = new SpnegoAuthenticator(issuer.Object, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.False(result.Succeeded);
issuer.Verify(i => i.Authenticate(It.IsAny <string>()), Times.Never);
}
public void Test_Challenge_SetsStatus401_And_NecessaryHeaders_InTheResponse()
{
var authenticator = new SpnegoAuthenticator(issuer.Object, logger.Object);
authenticator.Challenge(null, context.Object);
response.VerifySet(r => r.StatusCode = 401);
Assert.NotNull(response.Object.Headers[HeaderNames.WWWAuthenticate]);
Assert.Equal(AuthConstants.SPNEGO_DEFAULT_SCHEME, response.Object.Headers[HeaderNames.WWWAuthenticate]);
}
public void Test_Returns_NotSuccess_NoCredentialsMessage_If_Authorization_Header_StartsWithNegotiate_ButTokenIsEmpty()
{
headers.Add("Authorization", $"{AuthConstants.SPNEGO_DEFAULT_SCHEME} ");
var authenticator = new SpnegoAuthenticator(issuer.Object, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.False(result.Succeeded);
Assert.Equal("No credentials", result.Failure.Message);
issuer.Verify(i => i.Authenticate(It.IsAny <string>()), Times.Never);
}
public void Test_Returns_FailureWithAccessDeniedMessage_If_IssuerThrowsAnyException()
{
headers.Add("Authorization", "Negotiate SOMEBASE64TOKEN");
issuer.Setup(i => i.Authenticate("SOMEBASE64TOKEN")).Returns(() => throw new Exception());
var authenticator = new SpnegoAuthenticator(issuer.Object, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.False(result.Succeeded);
Assert.Equal("Access denied!", result.Failure.Message);
issuer.Verify(i => i.Authenticate(It.Is <string>(s => s == "SOMEBASE64TOKEN")), Times.Once);
}
public void Test_Returns_Success_If_IssuerAuthenticatesWithAValidToken()
{
headers.Add("Authorization", $"{AuthConstants.SPNEGO_DEFAULT_SCHEME} SOMEBASE64TOKEN");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
issuer.Setup(i => i.Authenticate("SOMEBASE64TOKEN")).Returns(ticket);
var authenticator = new SpnegoAuthenticator(issuer.Object, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.True(result.Succeeded);
Assert.Equal("Foo User", result.Principal.Identity.Name);
issuer.Verify(i => i.Authenticate(It.Is <string>(s => s == "SOMEBASE64TOKEN")), Times.Once);
}