public void ShouldReturnChallengeOnEmptyAuthHeaderWithStatusUnauthorized() { var filter = new HawkRequestFilter((id) => { return(new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }); }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString(); var headers = new NameValueCollection(); var request = new Mock <IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "localhost"); var response = new Mock <IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized); response.Verify(r => r.AddHeader("WwwAuthenticate", It.Is <string>(s => s.Contains("Hawk")))); }
public void ShouldFailOnUnknownBadMac() { var filter = new HawkRequestFilter((id) => { return(new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }); }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString(); var headers = new NameValueCollection(); var request = new Mock <IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "localhost"); headers.Add("Authorization", "Hawk id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\""); var response = new Mock <IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized); response.VerifySet(r => r.StatusDescription = "Bad mac"); }
public void ShouldNotAuthorizeOnWrongAuthScheme() { var filter = new HawkRequestFilter(GetCredential); var headers = new NameValueCollection(); var request = new Mock <IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Authorization", "Basic "); var response = new Mock <IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = 401); }
public void ShouldFailOnInvalidAuthFormat() { var filter = new HawkRequestFilter(GetCredential); var headers = new NameValueCollection(); var request = new Mock<IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "localhost"); headers.Add("Authorization", "Hawk "); var response = new Mock<IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.BadRequest); response.VerifySet(r => r.StatusDescription = "Invalid header format"); }
public void ShouldFailOnWMissingHostHeader() { var filter = new HawkRequestFilter(GetCredential); var headers = new NameValueCollection(); var request = new Mock <IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Authorization", "Hawk id = \"123\", ts = \"1353788437\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\""); var response = new Mock <IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.BadRequest); response.VerifySet(r => r.StatusDescription = "Missing Host header"); }
public void ShouldFailOnInvalidAuthFormat() { var filter = new HawkRequestFilter(GetCredential); var headers = new NameValueCollection(); var request = new Mock <IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "localhost"); headers.Add("Authorization", "Hawk "); var response = new Mock <IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.BadRequest); response.VerifySet(r => r.StatusDescription = "Invalid header format"); }
public void ShouldFailOnCredentialsFuncException() { var filter = new HawkRequestFilter((id) => { throw new Exception("Invalid"); }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString(); var headers = new NameValueCollection(); var request = new Mock<IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "localhost"); headers.Add("Authorization", "Hawk id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\""); var response = new Mock<IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized); response.VerifySet(r => r.StatusDescription = "Unknown user"); }
public void ShouldParseValidAuthHeaderWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var filter = new HawkRequestFilter((id) => { return(credential); }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var headers = new NameValueCollection(); var request = new Mock <IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "example.com"); headers.Add("Authorization", "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac)); var response = new Mock <IHttpResponse>(); response.Setup(r => r.StatusCode).Throws(new Exception("StatusCode should not be set")); filter.Execute(request.Object, response.Object, new object()); }
public void ShouldFailOnMissingCredentials() { var filter = new HawkRequestFilter((id) => { return(null); }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString(); var headers = new NameValueCollection(); var request = new Mock <IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "localhost"); headers.Add("Authorization", "Hawk id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\""); var response = new Mock <IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized); response.VerifySet(r => r.StatusDescription = "Missing credentials"); }
public void ShouldFailOnMissingAuthAttribute() { var filter = new HawkRequestFilter(GetCredential); var headers = new NameValueCollection(); var request = new Mock<IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "localhost"); headers.Add("Authorization", "Hawk ts = \"1353788437\", mac = \"/qwS4UjfVWMcUyW6EEgUH4jlr7T/wuKe3dKijvTvSos=\", ext = \"hello\""); var response = new Mock<IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized); response.VerifySet(r => r.StatusDescription = "Missing attributes"); }
public void ShouldReturnChallengeOnEmptyAuthHeaderWithStatusUnauthorized() { var filter = new HawkRequestFilter((id) => { return new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString(); var headers = new NameValueCollection(); var request = new Mock<IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "localhost"); var response = new Mock<IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized); response.Verify(r => r.AddHeader("WwwAuthenticate", It.Is<string>(s => s.Contains("Hawk")))); }
public void ShouldParseValidAuthHeaderWithSha256() { var credential = new HawkCredential { Id = "123", Algorithm = "hmacsha256", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; var filter = new HawkRequestFilter((id) => { return credential; }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000); var mac = Hawk.CalculateMac("example.com", "get", new Uri("http://example.com:8080/resource/4?filter=a"), "hello", ts.ToString(), "j4h3g2", credential, "header"); var headers = new NameValueCollection(); var request = new Mock<IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "example.com"); headers.Add("Authorization", "Hawk " + string.Format("id = \"456\", ts = \"{0}\", nonce=\"j4h3g2\", mac = \"{1}\", ext = \"hello\"", ts, mac)); var response = new Mock<IHttpResponse>(); response.Setup(r => r.StatusCode).Throws(new Exception("StatusCode should not be set")); filter.Execute(request.Object, response.Object, new object()); }
public void ShouldNotAuthorizeOnWrongAuthScheme() { var filter = new HawkRequestFilter(GetCredential); var headers = new NameValueCollection(); var request = new Mock<IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Authorization", "Basic "); var response = new Mock<IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = 401); }
public void ShouldFailOnUnknownCredentialsAlgorithm() { var filter = new HawkRequestFilter((id) => { return new HawkCredential { Id = "123", Algorithm = "hmac-sha-0", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", User = "******" }; }); var ts = Math.Floor(Hawk.ConvertToUnixTimestamp(DateTime.Now) / 1000).ToString(); var headers = new NameValueCollection(); var request = new Mock<IHttpRequest>(); request.SetupGet(r => r.AbsoluteUri).Returns("http://example.com:8080/resource/4?filter=a"); request.SetupGet(r => r.HttpMethod).Returns("GET"); request.SetupGet(r => r.Headers).Returns(headers); headers.Add("Host", "localhost"); headers.Add("Authorization", "Hawk id = \"456\", ts = \"" + ts + "\", nonce=\"k3j4h2\", mac = \"qrP6b5tiS2CO330rpjUEym/USBM=\", ext = \"hello\""); var response = new Mock<IHttpResponse>(); filter.Execute(request.Object, response.Object, new object()); response.VerifySet(r => r.StatusCode = (int)HttpStatusCode.Unauthorized); response.VerifySet(r => r.StatusDescription = "Unknown algorithm"); }