public async Task Test_AzureController_SecurityException_Fail()
{
//Arrange
//Authorization Code absent
AzureADAuthModel googleAuthModel = new AzureADAuthModel
{
APIKey = "<api key>"
};
AzureAuthenticator authenticator = new AzureAuthenticator(this.SecuritySettings,
this.MockAzureClient.Object);
var controller = new AzureController(authenticator);
try
{
//Act
var result = await controller.Create(googleAuthModel);
}
catch (SecurityException ex)
{
//Assert
Assert.IsType <SecurityException>(ex);
this.MockAzureClient.Verify(x => x.PostSecurityRequest(), Times.Never);
}
}
public async Task Test_AzureController_AzureAuthorizeAttribute_InvalidAPIKey_ReturnsUnauthorizedResult()
{
var config = new ConfigurationBuilder()
.AddJsonFile("securitySettings.json")
.Build();
// Arrange
var server = new TestServer(new WebHostBuilder()
.UseConfiguration(config)
.UseStartup <Startup>());
var client = server.CreateClient();
var url = "/azure";
var expected = HttpStatusCode.Unauthorized;
AzureADAuthModel azureADAuthModel = new AzureADAuthModel
{
APIKey = "invalid api key"
};
HttpContent httpContent = new StringContent(JsonConvert.SerializeObject(azureADAuthModel));
// Act
var response = await client.PostAsync(url, httpContent);
// Assert
Assert.Equal(expected, response.StatusCode);
//Arrange
var bytes = new byte[2] {
103, 104
};
httpContent = new ByteArrayContent(bytes);
try
{
// Act
response = await client.PostAsync(url, httpContent);
}
catch (SecurityException ex)
{
// Assert
Assert.IsType <SecurityException>(ex);
}
}
public async Task <IActionResult> Create([FromBody] AzureADAuthModel user)
{
try
{
var response = await this.authentication.IsValidUser(user);
if (response.IsAuthenticated && !string.IsNullOrEmpty(response.AccessToken))
{
return(new ObjectResult(response.AccessToken));
}
return(BadRequest());
}
catch (Exception ex)
{
throw new SecurityException(ex.Message);
}
}
public async Task Test_AzureController_Pass()
{
//Arrange
AzureADAuthModel azureADAuthModel = new AzureADAuthModel
{
APIKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
};
AzureAuthenticator azureAuthenticator = new AzureAuthenticator(this.SecuritySettings, this.MockAzureClient.Object);
var controller = new AzureController(azureAuthenticator);
//Act
var result = await controller.Create(azureADAuthModel);
//Assert
Assert.IsType <ObjectResult>(result);
Assert.True((result as ObjectResult).Value.ToString().IsValidJwtToken());
this.MockAzureClient.Verify(x => x.PostSecurityRequest(), Times.Once);
}
public async Task Test_AzureController_InvalidAPIKey_Fail()
{
//Arrange
//Invalid API Key
AzureADAuthModel azureADAuthModel = new AzureADAuthModel
{
APIKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
};
AzureAuthenticator azureAuthenticator = new AzureAuthenticator(this.SecuritySettings, this.MockAzureClient.Object);
var controller = new AzureController(azureAuthenticator);
//Act
var result = await controller.Create(azureADAuthModel);
//Assert
Assert.IsType <BadRequestResult>(result);
this.MockAzureClient.Verify(x => x.PostSecurityRequest(), Times.Never);
}
public async Task Test_AzureController_AzureAuth_Fail()
{
//Arrange
//Azure Client returns IsAuthenticated false
this.MockAzureClient = this.InitMockAzureClient(this.SecuritySettings, false);
AzureADAuthModel azureADAuthModel = new AzureADAuthModel
{
APIKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
};
AzureAuthenticator azureAuthenticator = new AzureAuthenticator(this.SecuritySettings, this.MockAzureClient.Object);
var controller = new AzureController(azureAuthenticator);
//Act
var result = await controller.Create(azureADAuthModel);
//Assert
Assert.IsType <BadRequestResult>(result);
this.MockAzureClient.Verify(x => x.PostSecurityRequest(), Times.Once);
}
