public async Task OnRedirectToIdentityProvider_DefaultUserFlow_DoesntUpdateContext() { var errorAccessor = Substitute.For <ILoginErrorAccessor>(); var options = new MicrosoftIdentityOptions() { SignUpSignInPolicyId = DefaultUserFlow }; var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, options, errorAccessor); var httpContext = HttpContextUtilities.CreateHttpContext(); var authProperties = new AuthenticationProperties(); authProperties.Items.Add(OidcConstants.PolicyKey, DefaultUserFlow); var context = new RedirectContext(httpContext, _authScheme, new OpenIdConnectOptions(), authProperties) { ProtocolMessage = new OpenIdConnectMessage() { IssuerAddress = _defaultIssuer } }; await handler.OnRedirectToIdentityProvider(context).ConfigureAwait(false); errorAccessor.DidNotReceive().SetMessage(httpContext, Arg.Any <string>()); Assert.Null(context.ProtocolMessage.Scope); Assert.Null(context.ProtocolMessage.ResponseType); Assert.Equal(_defaultIssuer, context.ProtocolMessage.IssuerAddress); Assert.True(context.Properties.Items.ContainsKey(OidcConstants.PolicyKey)); }
public void Configure(string name, OpenIdConnectOptions options) { var azureADB2CScheme = GetAzureADB2CScheme(name); var azureADB2COptions = _azureADB2COptions.Get(azureADB2CScheme); if (name != azureADB2COptions.OpenIdConnectSchemeName) { return; } options.ClientId = azureADB2COptions.ClientId; options.ClientSecret = azureADB2COptions.ClientSecret; options.Authority = BuildAuthority(azureADB2COptions); options.CallbackPath = azureADB2COptions.CallbackPath ?? options.CallbackPath; options.SignedOutCallbackPath = azureADB2COptions.SignedOutCallbackPath ?? options.SignedOutCallbackPath; options.SignInScheme = azureADB2COptions.CookieSchemeName; options.UseTokenLifetime = true; options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name" }; var handlers = new AzureADB2COpenIDConnectEventHandlers(azureADB2CScheme, azureADB2COptions); options.Events = new OpenIdConnectEvents { OnRedirectToIdentityProvider = handlers.OnRedirectToIdentityProvider, OnRemoteFailure = handlers.OnRemoteFailure }; }
public async Task OnRemoteError_HandlesResponseWhenErrorIsUnknown() { // Arrange var handlers = new AzureADB2COpenIDConnectEventHandlers( AzureADB2CDefaults.AuthenticationScheme, new AzureADB2COptions() { SignUpSignInPolicyId = "B2C_1_SiUpIn" }); var remoteFailureContext = new RemoteFailureContext( new DefaultHttpContext(), new AuthenticationScheme( AzureADB2CDefaults.AuthenticationScheme, displayName: null, handlerType: typeof(OpenIdConnectHandler)), new OpenIdConnectOptions(), new OpenIdConnectProtocolException("some_other_error")); // Act await handlers.OnRemoteFailure(remoteFailureContext); // Assert Assert.Equal(StatusCodes.Status302Found, remoteFailureContext.Response.StatusCode); Assert.Equal("/AzureADB2C/Account/Error", remoteFailureContext.Response.Headers.Location); Assert.True(remoteFailureContext.Result.Handled); }
public async Task OnRemoteError_HandlesResponseWhenUserCancelsFlowFromTheAzureADB2CUserInterface() { // Arrange var handlers = new AzureADB2COpenIDConnectEventHandlers( AzureADB2CDefaults.AuthenticationScheme, new AzureADB2COptions() { SignUpSignInPolicyId = "B2C_1_SiUpIn" }); var remoteFailureContext = new RemoteFailureContext( new DefaultHttpContext(), new AuthenticationScheme( AzureADB2CDefaults.AuthenticationScheme, displayName: null, handlerType: typeof(OpenIdConnectHandler)), new OpenIdConnectOptions(), new OpenIdConnectProtocolException("access_denied")); // Act await handlers.OnRemoteFailure(remoteFailureContext); // Assert Assert.Equal(StatusCodes.Status302Found, remoteFailureContext.Response.StatusCode); Assert.Equal("/", remoteFailureContext.Response.Headers.Location); Assert.True(remoteFailureContext.Result.Handled); }
public async void OnRedirectToIdentityProvider_CustomUserFlow_UpdatesContext() { var options = new MicrosoftIdentityOptions() { SignUpSignInPolicyId = DefaultUserFlow }; var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, options); var httpContext = HttpContextUtilities.CreateHttpContext(); var authProperties = new AuthenticationProperties(); authProperties.Items.Add(OidcConstants.PolicyKey, CustomUserFlow); var context = new RedirectContext(httpContext, _authScheme, new OpenIdConnectOptions(), authProperties) { ProtocolMessage = new OpenIdConnectMessage() { IssuerAddress = _defaultIssuer } }; await handler.OnRedirectToIdentityProvider(context).ConfigureAwait(false); Assert.Equal(OpenIdConnectScope.OpenIdProfile, context.ProtocolMessage.Scope); Assert.Equal(OpenIdConnectResponseType.IdToken, context.ProtocolMessage.ResponseType); Assert.Equal(_customIssuer, context.ProtocolMessage.IssuerAddress, true); Assert.False(context.Properties.Items.ContainsKey(OidcConstants.PolicyKey)); }
public async void OnRemoteFailure_PasswordReset_RedirectsSuccessfully() { var httpContext = Substitute.For <HttpContext>(); httpContext.Request.PathBase = PathBase; var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, new MicrosoftIdentityOptions()); var passwordResetException = "'access_denied', error_description: 'AADB2C90118: The user has forgotten their password. Correlation ID: f99deff4-f43b-43cc-b4e7-36141dbaf0a0 Timestamp: 2018-03-05 02:49:35Z', error_uri: 'error_uri is null'"; await handler.OnRemoteFailure(new RemoteFailureContext(httpContext, _authScheme, new OpenIdConnectOptions(), new OpenIdConnectProtocolException(passwordResetException))).ConfigureAwait(false); httpContext.Response.Received().Redirect($"{httpContext.Request.PathBase}/MicrosoftIdentity/Account/ResetPassword/{OpenIdConnectDefaults.AuthenticationScheme}"); }
public async void OnRemoteFailure_OtherException_RedirectsSuccessfully() { var httpContext = Substitute.For <HttpContext>(); httpContext.Request.PathBase = PathBase; var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, new MicrosoftIdentityOptions()); var otherException = "Generic exception."; await handler.OnRemoteFailure(new RemoteFailureContext(httpContext, _authScheme, new OpenIdConnectOptions(), new OpenIdConnectProtocolException(otherException))); httpContext.Response.Received().Redirect($"{httpContext.Request.PathBase}/MicrosoftIdentity/Account/Error"); }
public async void OnRemoteFailure_Cancel_RedirectsSuccessfully() { var httpContext = Substitute.For <HttpContext>(); httpContext.Request.PathBase = PathBase; var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, new MicrosoftIdentityOptions()); var cancelException = "'access_denied', error_description: 'AADB2C90091: The user has canceled entering self-asserted information. Correlation ID: d01c8878-0732-4eb2-beb8-da82a57432e0 Timestamp: 2018-03-05 02:56:49Z ', error_uri: 'error_uri is null'"; await handler.OnRemoteFailure(new RemoteFailureContext(httpContext, _authScheme, new OpenIdConnectOptions(), new OpenIdConnectProtocolException(cancelException))); httpContext.Response.Received().Redirect($"{httpContext.Request.PathBase}/"); }
public async Task OnRedirectToIdentityProvider_CustomUserFlow_UpdatesContext(bool hasClientCredentials) { var errorAccessor = Substitute.For <ILoginErrorAccessor>(); var options = new MicrosoftIdentityOptions() { SignUpSignInPolicyId = DefaultUserFlow }; if (hasClientCredentials) { options.ClientSecret = TestConstants.ClientSecret; } var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, options, errorAccessor); var httpContext = HttpContextUtilities.CreateHttpContext(); var authProperties = new AuthenticationProperties(); authProperties.Items.Add(OidcConstants.PolicyKey, CustomUserFlow); var context = new RedirectContext(httpContext, _authScheme, new OpenIdConnectOptions(), authProperties) { ProtocolMessage = new OpenIdConnectMessage() { IssuerAddress = _defaultIssuer, Scope = TestConstants.Scopes, }, }; await handler.OnRedirectToIdentityProvider(context).ConfigureAwait(false); errorAccessor.DidNotReceive().SetMessage(httpContext, Arg.Any <string>()); Assert.Equal(TestConstants.Scopes, context.ProtocolMessage.Scope); Assert.Equal(_customIssuer, context.ProtocolMessage.IssuerAddress, true); Assert.False(context.Properties.Items.ContainsKey(OidcConstants.PolicyKey)); if (hasClientCredentials) { Assert.Equal(OpenIdConnectResponseType.CodeIdToken, context.ProtocolMessage.ResponseType); } else { Assert.Equal(OpenIdConnectResponseType.IdToken, context.ProtocolMessage.ResponseType); } }
public async Task OnRedirectToIdentityProviderHandler_UpdatesRequestForOtherPolicies() { // Arrange var handlers = new AzureADB2COpenIDConnectEventHandlers( AzureADB2CDefaults.AuthenticationScheme, new AzureADB2COptions() { SignUpSignInPolicyId = "B2C_1_SiUpIn" }); var authenticationProperties = new AuthenticationProperties(new Dictionary <string, string> { [AzureADB2CDefaults.PolicyKey] = "B2C_1_EP" }); var redirectContext = new RedirectContext( new DefaultHttpContext(), new AuthenticationScheme(AzureADB2CDefaults.AuthenticationScheme, "", typeof(OpenIdConnectHandler)), new OpenIdConnectOptions(), authenticationProperties) { ProtocolMessage = new OpenIdConnectMessage { Scope = OpenIdConnectScope.OpenId, ResponseType = OpenIdConnectResponseType.Code, IssuerAddress = "https://login.microsoftonline.com/tfp/domain.onmicrosoft.com/B2C_1_EP/v2.0" } }; // Act await handlers.OnRedirectToIdentityProvider(redirectContext); // Assert Assert.Equal(OpenIdConnectScope.OpenIdProfile, redirectContext.ProtocolMessage.Scope); Assert.Equal(OpenIdConnectResponseType.IdToken, redirectContext.ProtocolMessage.ResponseType); Assert.Equal( "https://login.microsoftonline.com/tfp/domain.onmicrosoft.com/b2c_1_ep/v2.0", redirectContext.ProtocolMessage.IssuerAddress); Assert.False(authenticationProperties.Items.ContainsKey(AzureADB2CDefaults.PolicyKey)); }