public void NewAndOlderApiSecretAreEqualsThrows() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; string apiKey = appIdentity.ApiKey; string currentApiSecret = appIdentity.ApiSecret; string randomApiSecret = this.GetRandomSecret(); // Ya que el secreto actual de la aplicación de pruebas sólo tiene letras, // para saltar las validaciones del nuevo secreto se establece en la aplicación, // un secreto aleatorio y a así validar que el nuevo secreto sea igual al actual. TestContext.CurrentContext.DatabaseHelper().UpdateApiSecret(apiKey, randomApiSecret); AspenException exception = Assert.Throws<AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, randomApiSecret) .UpdateApiSecret(randomApiSecret); }); Assert.That(exception.EventId, Is.EqualTo("15864")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.NotAcceptable)); StringAssert.IsMatch("El nuevo secreto no debe ser igual al actual.", exception.Message); // Se reestablece el secreto predeterminado. TestContext.CurrentContext.DatabaseHelper().UpdateApiSecret(apiKey, currentApiSecret); }
public void MismatchTokenBetweenAppsWhenAppSignedRequestThrows() { IAppIdentity appIdentityMaster = AutonomousAppIdentity.Master; IAutonomousApp clientAppMaster = AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(appIdentityMaster) .Authenticate() .GetClient(); Assert.That(clientAppMaster, Is.Not.Null); Assert.That(clientAppMaster.AuthToken, Is.Not.Null); Assert.That(clientAppMaster.AuthToken.Token, Is.Not.Null); IAppIdentity appIdentityHelper = AutonomousAppIdentity.Helper; IAutonomousApp clientAppHelper = AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(appIdentityHelper) .Authenticate() .GetClient(); Assert.That(clientAppHelper, Is.Not.Null); Assert.That(clientAppHelper.AuthToken, Is.Not.Null); Assert.That(clientAppHelper.AuthToken.Token, Is.Not.Null); IPayloadClaimsManager mismatchTokenClaimBehavior = InvalidTokenPayloadClaim.WithClaimBehavior(() => clientAppHelper.AuthToken.Token); ServiceLocator.Instance.RegisterPayloadClaimsManager(mismatchTokenClaimBehavior); AspenException exception = Assert.Throws <AspenException>(() => clientAppMaster.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15846")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("No coinciden los datos recibidos del token vs los valores esperados. ¿Se modificaron los valores en tránsito o está utilizando el ApiKey en otra aplicación?", exception.Message); }
public void UseOlderSecretWhenAppSigninRequestThrows() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; string apiKey = appIdentity.ApiKey; string currentApiSecret = appIdentity.ApiSecret; string newApiSecret = new Password(128).Next(); Assert.DoesNotThrow(() => AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, currentApiSecret) .UpdateApiSecret(newApiSecret)); AspenException exception = Assert.Throws<AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, currentApiSecret) .Authenticate() .GetClient(); }); Assert.That(exception.EventId, Is.EqualTo("20007")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest)); StringAssert.IsMatch("El contenido de la cabecera personalizada 'X-PRO-Auth-Payload' no es válido. Invalid signature. ¿Está utilizando las credenciales proporcionadas?", exception.Message); TestContext.CurrentContext.DatabaseHelper().UpdateApiSecret(apiKey, currentApiSecret); }
public void NotIncludeSpecialCharsNewApiSecretThrows() { string invalidNewApiSecret = this.GetRandomSecret(includeSpecial: false); AspenException exception = Assert.Throws<AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(AutonomousAppIdentity.Master) .UpdateApiSecret(invalidNewApiSecret); }); Assert.That(exception.EventId, Is.EqualTo("15864")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.NotAcceptable)); StringAssert.IsMatch("Utilice secretos complejos para mantener su aplicación segura. Combine mayúsculas y minúsculas, números y caracteres especiales", exception.Message); }
public void UpdateApiSecretRequestWorks() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; string apiKey = appIdentity.ApiKey; string currentApiSecret = appIdentity.ApiSecret; string newApiSecret = this.GetRandomSecret(); Assert.That(newApiSecret.Length, Is.GreaterThanOrEqualTo(128)); Assert.DoesNotThrow(() => AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, currentApiSecret) .UpdateApiSecret(newApiSecret)); TestContext.CurrentContext.DatabaseHelper().UpdateApiSecret(apiKey, currentApiSecret); }
public void ApiKeyScopeMismatchThrows() { IAppIdentity delegatedAppIdentity = DelegatedAppIdentity.Master; AspenException exception = Assert.Throws <AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(delegatedAppIdentity) .Authenticate() .GetClient(); }); Assert.That(exception.EventId, Is.EqualTo("1000478")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Forbidden)); StringAssert.IsMatch("ApiKey no tiene permisos para realizar la operación. Alcance requerido: 'Autonomous'", exception.Message); }
public void InvalidAppCredentialThrows() { string recognizedApiKey = AutonomousAppIdentity.Master.ApiKey; string invalidApiSecret = Guid.NewGuid().ToString(); AspenException exception = Assert.Throws <AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(recognizedApiKey, invalidApiSecret) .Authenticate() .GetClient(); }); Assert.That(exception.EventId, Is.EqualTo("20007")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest)); StringAssert.IsMatch("El contenido de la cabecera personalizada 'X-PRO-Auth-Payload' no es válido", exception.Message); }
public void UnrecognizedApiKeyThrows() { string randomApiKey = Guid.NewGuid().ToString(); string apiKeySecret = AutonomousAppIdentity.Master.ApiSecret; AspenException exception = Assert.Throws <AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(randomApiKey, apiKeySecret) .Authenticate() .GetClient(); }); Assert.That(exception.EventId, Is.EqualTo("20005")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.BadRequest)); StringAssert.IsMatch("Identificador de ApiKey no válido para la cabecera personalizada 'X-PRO-Auth-App'", exception.Message); }
public void SecretFormatMustBeEncryptedTypeAfterUpdate() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; string apiKey = appIdentity.ApiKey; string currentApiSecret = appIdentity.ApiSecret; string newApiSecret = this.GetRandomSecret(); Assert.DoesNotThrow(() => AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, currentApiSecret) .UpdateApiSecret(newApiSecret)); // El tipo de formato del secreto debe ser 'SecretFormat.Encrypted' (1) Assert.IsTrue(TestContext.CurrentContext.DatabaseHelper().AppSecretFormatIsEncrypted(apiKey)); TestContext.CurrentContext.DatabaseHelper().UpdateApiSecret(apiKey, currentApiSecret); }
public void InvalidMaxLengthNewApiSecretThrows() { int maxLengthAllowed = 214; int randomMaxLength = new Random().Next(maxLengthAllowed + 1, maxLengthAllowed * 2); string invalidNewApiSecret = this.GetRandomSecret(randomMaxLength); AspenException exception = Assert.Throws<AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(AutonomousAppIdentity.Master) .UpdateApiSecret(invalidNewApiSecret); }); Assert.That(exception.EventId, Is.EqualTo("15892")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.NotAcceptable)); StringAssert.IsMatch("El nuevo secreto excede la longitud máxima permitida", exception.Message); }
public void InvalidMinLengthNewApiSecretThrows() { int minLengthAllowed = 128; int randomMinLength = new Random().Next(10, minLengthAllowed - 1); string invalidNewApiSecret = this.GetRandomSecret(randomMinLength); AspenException exception = Assert.Throws<AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(AutonomousAppIdentity.Master) .UpdateApiSecret(invalidNewApiSecret); }); Assert.That(exception.EventId, Is.EqualTo("15864")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.NotAcceptable)); StringAssert.IsMatch("'NewValue' debe ser mayor o igual que 128 caracteres", exception.Message); }
public void NullOrEmptyNewApiSecretThrows() { string[] invalidNewApiSecrets = { null, string.Empty, " " }; foreach (string newApiSecret in invalidNewApiSecrets) { AspenException exception = Assert.Throws<AspenException>(() => { AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(AutonomousAppIdentity.Master) .UpdateApiSecret(newApiSecret); }); Assert.That(exception.EventId, Is.EqualTo("15864")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.NotAcceptable)); StringAssert.IsMatch("'NewValue' no debería estar vacío.", exception.Message); } }
public void UseNewSecretWhenAppSigninRequestWorks() { IAppIdentity appIdentity = AutonomousAppIdentity.Master; string apiKey = appIdentity.ApiKey; string currentApiSecret = appIdentity.ApiSecret; string newApiSecret = this.GetRandomSecret(); Assert.DoesNotThrow(() => AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, currentApiSecret) .UpdateApiSecret(newApiSecret)); IAutonomousApp client = AutonomousApp.Initialize(CachePolicy.BypassCache) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(apiKey, newApiSecret) .Authenticate() .GetClient(); Assert.That(client, Is.Not.Null); Assert.That(client.AuthToken, Is.Not.Null); Assert.That(client.AuthToken.Token, Is.Not.Null); TestContext.CurrentContext.DatabaseHelper().UpdateApiSecret(apiKey, currentApiSecret); }
/// <summary> /// Obtiene un cliente para a partir de la aplicación autónoma de pruebas, omitiendo los valores almacenados en memoria. /// </summary> /// <param name="cachePolicy">La política para el tratamiento de la información almacenada por caché.</param> /// <returns>Instancia de <see cref="IAutonomousApp"/> para interactuar con el servicio.</returns> public IAutonomousApp GetAutonomousClient(CachePolicy cachePolicy = CachePolicy.BypassCache) => AutonomousApp.Initialize(cachePolicy) .RoutingTo(TestingEndpointProvider.Default) .WithIdentity(AutonomousAppIdentity.Master) .Authenticate() .GetClient();