public async Task Returns_failure_if_bad_Aurthorization_header() { const string AudianceForTest = "audianceForTest"; const string IssuerUrlForTest = "https://issuerUrl.for.test/"; var fakeApiAuthorizationSettingsOptions = new FakeOptions <OidcApiAuthorizationSettings>() { Value = new OidcApiAuthorizationSettings() { Audience = AudianceForTest, IssuerUrl = IssuerUrlForTest } }; var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor() { TokenToReturn = null // No Authorization token was found. }; var service = new OidcApiAuthorizationService( fakeApiAuthorizationSettingsOptions, fakeAuthorizationHeaderBearerTokenExractor, jwtSecurityTokenHandlerWrapper: null, // Not accessed in this test. oidcConfigurationManager: null); // Not accessed in this test. ApiAuthorizationResult result = await service.AuthorizeAsync( httpRequestHeaders : null); Assert.True(result.Failed); Assert.Equal( "Authorization header is missing, invalid format, or is not a Bearer token.", result.FailureReason); }
public async Task Returns_failure_for_unauthorized_token(string exceptionTypeToThrow) { const string AudienceForTest = "AudienceForTest"; const string IssuerUrlForTest = "https://issuerUrl.for.test/"; const string ExtractedTokenForTest = "ExtractedTokenForTest"; Exception exceptionToThrow = exceptionTypeToThrow == "SecurityTokenException" ? new SecurityTokenException() : new Exception(); var fakeApiAuthorizationSettingsOptions = new FakeOptions <OidcApiAuthorizationSettings>() { Value = new OidcApiAuthorizationSettings() { Audience = AudienceForTest, IssuerUrl = IssuerUrlForTest } }; var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor() { TokenToReturn = ExtractedTokenForTest }; var fakeJwtSecurityTokenHandlerWrapper = new FakeJwtSecurityTokenHandlerWrapper() { // Throw for unauthrorized token. ExceptionToThrow = exceptionToThrow }; var fakeOidcConfigurationManager = new FakeOidcConfigurationManager() { SecurityKeysForTest = new List <SecurityKey>() }; IHeaderDictionary httpRequestHeaders = null; var service = new OidcApiAuthorizationService( fakeApiAuthorizationSettingsOptions, fakeAuthorizationHeaderBearerTokenExractor, fakeJwtSecurityTokenHandlerWrapper, fakeOidcConfigurationManager); ApiAuthorizationResult result = await service.AuthorizeAsync( httpRequestHeaders); Assert.True(result.Failed); Assert.Equal(1, fakeJwtSecurityTokenHandlerWrapper.ValidateTokenCalledCount); Assert.Equal(0, fakeOidcConfigurationManager.RequestRefreshCalledCount); }
public async Task Retrys_once_if_SecurityTokenSignatureKeyNotFoundException() { const string AudianceForTest = "AudianceForTest"; const string IssuerUrlForTest = "https://issuerUrl.for.test/"; const string ExtractedTokenForTest = "ExtractedTokenForTest"; var fakeApiAuthorizationSettingsOptions = new FakeOptions <OidcApiAuthorizationSettings>() { Value = new OidcApiAuthorizationSettings() { Audience = AudianceForTest, IssuerUrl = IssuerUrlForTest } }; var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor() { TokenToReturn = ExtractedTokenForTest }; var fakeJwtSecurityTokenHandlerWrapper = new FakeJwtSecurityTokenHandlerWrapper() { ThrowFirstTime = true }; var fakeOidcConfigurationManager = new FakeOidcConfigurationManager() { SecurityKeysForTest = new List <SecurityKey>() }; IHeaderDictionary httpRequestHeaders = null; var service = new OidcApiAuthorizationService( fakeApiAuthorizationSettingsOptions, fakeAuthorizationHeaderBearerTokenExractor, fakeJwtSecurityTokenHandlerWrapper, fakeOidcConfigurationManager); ApiAuthorizationResult result = await service.AuthorizeAsync( httpRequestHeaders); Assert.True(result.Success); Assert.Equal(2, fakeJwtSecurityTokenHandlerWrapper.ValidateTokenCalledCount); Assert.Equal(1, fakeOidcConfigurationManager.RequestRefreshCalledCount); }
public async Task Returns_failure_if_cant_get_signing_keys_from_issuer() { const string AudianceForTest = "AudianceForTest"; const string IssuerUrlForTest = "https://issuerUrl.for.test/"; const string ExtractedTokenForTest = "ExtractedTokenForTest"; const string ExceptionMessageForTest = "ExceptionMessageForTest"; var fakeApiAuthorizationSettingsOptions = new FakeOptions <OidcApiAuthorizationSettings>() { Value = new OidcApiAuthorizationSettings() { Audience = AudianceForTest, IssuerUrl = IssuerUrlForTest } }; var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor() { TokenToReturn = ExtractedTokenForTest }; var fakeOidcConfigurationManager = new FakeOidcConfigurationManager() { ExceptionMessageForTest = ExceptionMessageForTest, }; IHeaderDictionary httpRequestHeaders = null; var service = new OidcApiAuthorizationService( fakeApiAuthorizationSettingsOptions, fakeAuthorizationHeaderBearerTokenExractor, jwtSecurityTokenHandlerWrapper: null, // Not accessed in this test. fakeOidcConfigurationManager); ApiAuthorizationResult result = await service.AuthorizeAsync( httpRequestHeaders); Assert.True(result.Failed); Assert.StartsWith( "Problem getting signing keys from Open ID Connect provider (issuer).", result.FailureReason); }
public async Task Returns_success_for_happy_path() { const string AudianceForTest = "AudianceForTest"; const string IssuerUrlForTest = "https://issuerUrl.for.test/"; const string ExtractedTokenForTest = "ExtractedTokenForTest"; var fakeApiAuthorizationSettingsOptions = new FakeOptions <OidcApiAuthorizationSettings>() { Value = new OidcApiAuthorizationSettings() { Audience = AudianceForTest, IssuerUrl = IssuerUrlForTest } }; var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor() { TokenToReturn = ExtractedTokenForTest }; var fakeJwtSecurityTokenHandlerWrapper = new FakeJwtSecurityTokenHandlerWrapper(); var fakeOidcConfigurationManager = new FakeOidcConfigurationManager() { SecurityKeysForTest = new List <SecurityKey>() }; IHeaderDictionary httpRequestHeaders = null; var service = new OidcApiAuthorizationService( fakeApiAuthorizationSettingsOptions, fakeAuthorizationHeaderBearerTokenExractor, fakeJwtSecurityTokenHandlerWrapper, fakeOidcConfigurationManager); ApiAuthorizationResult result = await service.AuthorizeAsync( httpRequestHeaders); Assert.True(result.Success); }