public void GetHttpClient_AddsHandler()
{
TestMessageHandler handler = new TestMessageHandler();
CloudFoundryOptions options = new CloudFoundryOptions()
{
BackchannelHttpHandler = handler
};
var resolver = new CloudFoundryTokenKeyResolver(options);
var client = resolver.GetHttpClient();
client.GetAsync("http://localhost/");
Assert.NotNull(handler.LastRequest);
}
public async Task FetchKeySet_IssuesHttpRequest_ReturnsKeyset()
{
var keyset = "{ 'keys':[{'kid':'legacy-token-key','alg':'SHA256withRSA','value':'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+7xH35bYBppsn54cBW+\nFlrveTe+3L4xl7ix13XK8eBcCmNOyBhNzhks6toDiRjrgw5QW76cFirVRFIVQkiZ\nsUwDyGOax3q8NOJyBFXiplIUScrx8aI0jkY/Yd6ixAc5yBSBfXThy4EF9T0xCyt4\nxWLYNXMRwe88Y+i+MEoLNXWRbhjJm76LN7rsdIxALbS0vJNWUDALWjtE6FeYX6uU\nL9msAzlCQkdnSvwMmr8Ij2O3IVMxHDJXOZinFqt9zVfXwO11o7ZmiskZnRz1/V0f\nvbUQAadkcDEUt1gk9cbrAhiipg8VWDMsC7VUXuekJZjme5f8oWTwpsgP6cTUzwSS\n6wIDAQAB\n-----END PUBLIC KEY-----','kty':'RSA','use':'sig','n':'AJPu8R9+W2AaabJ+eHAVvhZa73k3vty+MZe4sdd1yvHgXApjTsgYTc4ZLOraA4kY64MOUFu+nBYq1URSFUJImbFMA8hjmsd6vDTicgRV4qZSFEnK8fGiNI5GP2HeosQHOcgUgX104cuBBfU9MQsreMVi2DVzEcHvPGPovjBKCzV1kW4YyZu+ize67HSMQC20tLyTVlAwC1o7ROhXmF+rlC/ZrAM5QkJHZ0r8DJq/CI9jtyFTMRwyVzmYpxarfc1X18DtdaO2ZorJGZ0c9f1dH721EAGnZHAxFLdYJPXG6wIYoqYPFVgzLAu1VF7npCWY5nuX/KFk8KbID+nE1M8Ekus=','e':'AQAB'}]}";
var handler = new TestMessageHandler();
var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK)
{
Content = new StringContent(keyset)
};
handler.Response = response;
CloudFoundryTokenKeyResolver.Resolved.Clear();
var resolver = new CloudFoundryTokenKeyResolver("https://foo.bar", handler, true);
var result = await resolver.FetchKeySet();
Assert.NotNull(result);
}
public void ResolveSigningKey_IssuesHttpRequest_DoesntResolveKey()
{
var token = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiI0YjM2NmY4MDdlMjU0MzlmYmRkOTEwZDc4ZjcwYzlhMSIsInN1YiI6ImZlNmExYmUyLWM5MTEtNDM3OC05Y2MxLTVhY2Y1NjA1Y2ZjMiIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsImNsb3VkX2NvbnRyb2xsZXJfc2VydmljZV9wZXJtaXNzaW9ucy5yZWFkIiwidGVzdGdyb3VwIiwib3BlbmlkIl0sImNsaWVudF9pZCI6Im15VGVzdEFwcCIsImNpZCI6Im15VGVzdEFwcCIsImF6cCI6Im15VGVzdEFwcCIsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJ1c2VyX2lkIjoiZmU2YTFiZTItYzkxMS00Mzc4LTljYzEtNWFjZjU2MDVjZmMyIiwib3JpZ2luIjoidWFhIiwidXNlcl9uYW1lIjoiZGF2ZSIsImVtYWlsIjoiZGF2ZSIsImF1dGhfdGltZSI6MTQ3MzYxNTU0MSwicmV2X3NpZyI6IjEwZDM1NzEyIiwiaWF0IjoxNDczNjI0MjU1LCJleHAiOjE0NzM2Njc0NTUsImlzcyI6Imh0dHBzOi8vdWFhLnN5c3RlbS50ZXN0Y2xvdWQuY29tL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJteVRlc3RBcHAiLCJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyX3NlcnZpY2VfcGVybWlzc2lvbnMiXX0.Hth_SXpMAyiTf--U75r40qODlSUr60U730IW28K2VidEltW3lN3_CE7HkSjolRGr-DYuWHRvy3i_EwBfj1WTkBaXL373UzPVvNBnat9Gi-vjz07LwmBohk3baG1mmlL8IoGbQwtsmfUPhmO5C6_M4s9wKmTf9XIZPVo_w7zPJadrXfHLfx6iQob7CYpTTix2VBWya29iL7kmD1J1UDT5YRg2J9XT30iFuL6BvPQTkuGnX3ivDuUOSdxM8Z451i0VJmc0LYFBCLJ-Tz6bJ2d0wrtfsbCfuNtxjmGJevcL2jKQbEoiliYj60qNtZdT-ijGUdZjE9caxQ2nOkDkowacpw";
var keyset = "{ 'keys':[{'kid':'foobar','alg':'SHA256withRSA','value':'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+7xH35bYBppsn54cBW+\nFlrveTe+3L4xl7ix13XK8eBcCmNOyBhNzhks6toDiRjrgw5QW76cFirVRFIVQkiZ\nsUwDyGOax3q8NOJyBFXiplIUScrx8aI0jkY/Yd6ixAc5yBSBfXThy4EF9T0xCyt4\nxWLYNXMRwe88Y+i+MEoLNXWRbhjJm76LN7rsdIxALbS0vJNWUDALWjtE6FeYX6uU\nL9msAzlCQkdnSvwMmr8Ij2O3IVMxHDJXOZinFqt9zVfXwO11o7ZmiskZnRz1/V0f\nvbUQAadkcDEUt1gk9cbrAhiipg8VWDMsC7VUXuekJZjme5f8oWTwpsgP6cTUzwSS\n6wIDAQAB\n-----END PUBLIC KEY-----','kty':'RSA','use':'sig','n':'AJPu8R9+W2AaabJ+eHAVvhZa73k3vty+MZe4sdd1yvHgXApjTsgYTc4ZLOraA4kY64MOUFu+nBYq1URSFUJImbFMA8hjmsd6vDTicgRV4qZSFEnK8fGiNI5GP2HeosQHOcgUgX104cuBBfU9MQsreMVi2DVzEcHvPGPovjBKCzV1kW4YyZu+ize67HSMQC20tLyTVlAwC1o7ROhXmF+rlC/ZrAM5QkJHZ0r8DJq/CI9jtyFTMRwyVzmYpxarfc1X18DtdaO2ZorJGZ0c9f1dH721EAGnZHAxFLdYJPXG6wIYoqYPFVgzLAu1VF7npCWY5nuX/KFk8KbID+nE1M8Ekus=','e':'AQAB'}]}";
var handler = new TestMessageHandler();
var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK)
{
Content = new StringContent(keyset)
};
handler.Response = response;
CloudFoundryTokenKeyResolver.Resolved.Clear();
var resolver = new CloudFoundryTokenKeyResolver("https://foo.bar", handler, true);
var result = resolver.ResolveSigningKey(token, null, "legacy-token-key", null);
Assert.NotNull(handler.LastRequest);
Assert.False(CloudFoundryTokenKeyResolver.Resolved.ContainsKey("legacy-token-key"));
Assert.Null(result);
}
public async void CreateTicketAsync_SendsTokenInfoRequest_ReturnsValidTokenInfo()
{
TestMessageHandler handler = new TestMessageHandler();
var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK)
{
Content = new StringContent(TestHelpers.GetValidTokenInfoRequestResponse())
};
handler.Response = response;
HttpClient client = new HttpClient(handler);
var opts = new CloudFoundryOAuthOptions()
{
Backchannel = client
};
MyTestCloudFoundryHandler testHandler = GetTestHandler(opts);
ClaimsIdentity identity = new ClaimsIdentity();
#if NETCOREAPP3_0
var payload = JsonDocument.Parse(TestHelpers.GetValidTokenInfoRequestResponse());
var tokens = OAuthTokenResponse.Success(payload);
#else
var payload = JObject.Parse(TestHelpers.GetValidTokenInfoRequestResponse());
var tokens = OAuthTokenResponse.Success(payload);
#endif
var resp = await testHandler.TestCreateTicketAsync(identity, new AuthenticationProperties(), tokens);
Assert.NotNull(handler.LastRequest);
Assert.Equal(HttpMethod.Post, handler.LastRequest.Method);
Assert.Equal(opts.TokenInfoUrl.ToLowerInvariant(), handler.LastRequest.RequestUri.ToString().ToLowerInvariant());
Assert.Equal("testssouser", identity.Name);
Assert.Equal(4, identity.Claims.Count());
identity.HasClaim(ClaimTypes.Email, "*****@*****.**");
identity.HasClaim(ClaimTypes.NameIdentifier, "13bb6841-e4d6-4a9a-876c-9ef13aa61cc7");
identity.HasClaim(ClaimTypes.Name, "testssouser");
identity.HasClaim("openid", string.Empty);
}
public void BuildChallengeUrl_CreatesCorrectUrl()
{
var handler = new TestMessageHandler();
var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK)
{
Content = new StringContent(TestHelpers.GetValidTokenRequestResponse())
};
handler.Response = response;
var client = new HttpClient(handler);
var opts = new CloudFoundryOAuthOptions()
{
Backchannel = client
};
var testHandler = GetTestHandler(opts);
var props = new AuthenticationProperties();
var result = testHandler.TestBuildChallengeUrl(props, "https://foo.bar/redirect");
Assert.Equal("http://Default_OAuthServiceUrl/oauth/authorize?response_type=code&client_id=Default_ClientId&redirect_uri=https%3A%2F%2Ffoo.bar%2Fredirect&scope=", result);
}
public async void CreateTicketAsync_SendsTokenInfoRequest_ReturnsValidTokenInfo()
{
TestMessageHandler handler = new TestMessageHandler();
var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK);
response.Content = new StringContent(TestHelpers.GetValidTokenInfoRequestResponse());
handler.Response = response;
HttpClient client = new HttpClient(handler);
MyTestCloudFoundryHandler testHandler = new MyTestCloudFoundryHandler(client);
var opts = new CloudFoundryOptions();
var context = new DefaultHttpContext();
context.Features.Set <IHttpResponseFeature>(new TestResponse());
var logger = new LoggerFactory().CreateLogger("CreateTicketAsync_SendsTokenRequest");
await testHandler.InitializeAsync(opts, context, logger, UrlEncoder.Default);
ClaimsIdentity identity = new ClaimsIdentity();
var payload = JObject.Parse(TestHelpers.GetValidTokenInfoRequestResponse());
var tokens = OAuthTokenResponse.Success(payload);
var resp = await testHandler.TestCreateTicketAsync(identity, new AuthenticationProperties(), tokens);
Assert.NotNull(handler.LastRequest);
Assert.Equal(HttpMethod.Post, handler.LastRequest.Method);
Assert.Equal(opts.TokenInfoUrl.ToLowerInvariant(), handler.LastRequest.RequestUri.ToString().ToLowerInvariant());
Assert.Equal("testssouser", identity.Name);
Assert.Equal(4, identity.Claims.Count());
identity.HasClaim(ClaimTypes.Email, "*****@*****.**");
identity.HasClaim(ClaimTypes.NameIdentifier, "13bb6841-e4d6-4a9a-876c-9ef13aa61cc7");
identity.HasClaim(ClaimTypes.Name, "testssouser");
identity.HasClaim("openid", string.Empty);
}
public async void BuildChallengeUrl_CreatesCorrectUrl()
{
TestMessageHandler handler = new TestMessageHandler();
var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK);
response.Content = new StringContent(TestHelpers.GetValidTokenRequestResponse());
handler.Response = response;
HttpClient client = new HttpClient(handler);
MyTestCloudFoundryHandler testHandler = new MyTestCloudFoundryHandler(client);
var opts = new CloudFoundryOptions();
var context = new DefaultHttpContext();
context.Features.Set <IHttpResponseFeature>(new TestResponse());
var logger = new LoggerFactory().CreateLogger("ExchangeCodeAsync_SendsTokenRequest");
await testHandler.InitializeAsync(opts, context, logger, UrlEncoder.Default);
AuthenticationProperties props = new AuthenticationProperties();
string result = testHandler.TestBuildChallengeUrl(props, "http://foo.bar/redirect");
Assert.Equal("http://Default_OAuthServiceUrl/oauth/authorize?response_type=code&client_id=Default_ClientId&redirect_uri=http%3A%2F%2Ffoo.bar%2Fredirect&scope=", result);
}
