public async Task When_No_Client_Secret_Is_Passed_Then_Not_Authorized_Is_Returned() { // ARRANGE var introspectionResponse = new IntrospectionResponse { Active = true, Scope = new List <string> { "GetMethod" } }; var options = new Oauth2IntrospectionOptions { InstrospectionEndPoint = "http://localhost:5000/introspect", ClientId = "client_id" }; var createServer = CreateServer(options); var client = createServer.CreateClient(); var httpRequestMessage = new HttpRequestMessage(); httpRequestMessage.Headers.Add("Authorization", "Bearer accessToken"); httpRequestMessage.Method = HttpMethod.Get; httpRequestMessage.RequestUri = new Uri("http://localhost/protectedoperation"); // ACT var result = await client.SendAsync(httpRequestMessage).ConfigureAwait(false); // ASSERT Assert.NotNull(result); Assert.True(result.StatusCode == HttpStatusCode.Unauthorized); }
public async Task ValidateToken_InvalidToken_ActiveFalse() { // Arrrange string accessToken = "invalidRandomToken"; EFormidlingAccessValidator sut = new EFormidlingAccessValidator(GetMockObjectWithResponse(false), _loggerMock.Object); // Act IntrospectionResponse actual = await sut.ValidateToken(accessToken); // Assert Assert.False(actual.Active); }
public async Task ValidateToken_ValidToken_ActiveTrue() { // Arrrange string expectedIssuer = "studio"; string accessToken = JwtTokenMock.GenerateAccessToken("studio", "studio.designer", TimeSpan.FromMinutes(2)); EFormidlingAccessValidator sut = new EFormidlingAccessValidator(GetMockObjectWithResponse(true), _loggerMock.Object); // Act IntrospectionResponse actual = await sut.ValidateToken(accessToken); // Assert Assert.True(actual.Active); Assert.Equal(expectedIssuer, actual.Iss); }
public async Task ValidateToken_TokenHintEFormidling_EFormidlingServiceCalled() { // Arrange IntrospectionResponse expected = new() { Active = true, Iss = "digdir" }; _eformidlingValidatorService.Setup(efvs => efvs.ValidateToken(It.IsAny <string>())).ReturnsAsync(new IntrospectionResponse { Active = true, Iss = "digdir" }); var requestMessage = new HttpRequestMessage(HttpMethod.Post, _baseUrl) { Content = new FormUrlEncodedContent(new Dictionary <string, string>() { { "token", "thisIsMyRandomToken" }, { "token_type_hint", "eFormidlingAccessToken" } }), }; requestMessage.Content.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded"); HttpClient client = GetTestClient(_eformidlingValidatorService.Object); string token = JwtTokenMock.GenerateToken(_testPrincipal, TimeSpan.FromMinutes(2)); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); // Act HttpResponseMessage res = await client.SendAsync(requestMessage); string responseString = await res.Content.ReadAsStringAsync(); IntrospectionResponse actual = JsonSerializer.Deserialize <IntrospectionResponse>(responseString, _options); // Assert Assert.Equal(HttpStatusCode.OK, res.StatusCode); AdvancedAsserts.Equal(expected, actual); _eformidlingValidatorService.Verify(efvs => efvs.ValidateToken(It.IsAny <string>()), Times.Once()); }
public async Task ValidateToken_ValidationThrowsException_ActiveFalse() { // Arrrange string accessToken = "validTokenInvalidIssuer"; EFormidlingAccessValidator sut = new EFormidlingAccessValidator(GetMockObjectWithResponse(false, true), _loggerMock.Object); // Act IntrospectionResponse actual = await sut.ValidateToken(accessToken); // Assert _loggerMock.Verify( x => x.Log( LogLevel.Information, It.IsAny <EventId>(), It.IsAny <It.IsAnyType>(), It.IsAny <Exception>(), (Func <It.IsAnyType, Exception, string>)It.IsAny <object>()), Times.Once); Assert.False(actual.Active); }
public async Task When_Passing_NotWellFormed_TokenIntrospectionEndPoint_Then_Exception_Is_Thrown() { // ARRANGE var introspectionResponse = new IntrospectionResponse { Active = true, Scope = new List <string> { "GetMethod" } }; var json = JsonConvert.SerializeObject(introspectionResponse); var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(json) }; var fakeHttpHandler = new FakeHttpMessageHandler(httpResponseMessage); var options = new Oauth2IntrospectionOptions { InstrospectionEndPoint = "invalid_url", ClientId = "MyBlog", ClientSecret = "MyBlog", BackChannelHttpHandler = fakeHttpHandler }; var createServer = CreateServer(options); var client = createServer.CreateClient(); var httpRequestMessage = new HttpRequestMessage(); httpRequestMessage.Headers.Add("Authorization", "Bearer accessToken"); httpRequestMessage.Method = HttpMethod.Get; httpRequestMessage.RequestUri = new Uri("http://localhost/protectedoperation"); // ACT var result = await client.SendAsync(httpRequestMessage).ConfigureAwait(false); // ASSERTS Assert.NotNull(result); Assert.True(result.StatusCode == HttpStatusCode.Unauthorized); }
public async Task <IEnumerable <IntrospectionResponse> > Execute(IEnumerable <string> rpts) { if (rpts == null || !rpts.Any()) { throw new ArgumentNullException(nameof(rpts)); } var concatenatedRpts = string.Join(",", rpts); _umaServerEventSource.StartToIntrospect(concatenatedRpts); var rptsInformation = await _rptRepository.Get(rpts); if (rptsInformation == null || !rptsInformation.Any()) { throw new BaseUmaException(ErrorCodes.InvalidRpt, string.Format(ErrorDescriptions.TheRptsDontExist, concatenatedRpts)); } var tickets = await _ticketRepository.Get(rptsInformation.Select(r => r.TicketId)); if (tickets == null || !tickets.Any() || tickets.Count() != rptsInformation.Count()) { throw new BaseUmaException(ErrorCodes.InternalError, ErrorDescriptions.AtLeastOneTicketDoesntExist); } var result = new List <IntrospectionResponse>(); foreach (var rptInformation in rptsInformation) { var record = new IntrospectionResponse { Expiration = rptInformation.ExpirationDateTime.ConvertToUnixTimestamp(), IssuedAt = rptInformation.CreateDateTime.ConvertToUnixTimestamp() }; var ticket = tickets.First(t => t.Id == rptInformation.TicketId); if (rptInformation.ExpirationDateTime < DateTime.UtcNow || ticket.ExpirationDateTime < DateTime.UtcNow) { _umaServerEventSource.RptHasExpired(rptInformation.Value); record.IsActive = false; } else { record.Permissions = new List <PermissionResponse> { new PermissionResponse { ResourceSetId = rptInformation.ResourceSetId, Scopes = ticket.Scopes, Expiration = ticket.ExpirationDateTime.ConvertToUnixTimestamp() } }; record.IsActive = true; } result.Add(record); } _umaServerEventSource.EndIntrospection(JsonConvert.SerializeObject(result)); return(result); }
public async Task When_Permissions_Are_Returned_Then_Claims_Are_Added() { // ARRANGE var introspectionResponse = new IntrospectionResponse { IsActive = true, Permissions = new List <PermissionResponse> { new PermissionResponse { ResourceSetId = "resource_set_id", Scopes = new List <string> { "execute" } } } }; var searchOperationResponse = new List <ResourceResponse> { new ResourceResponse { ResourceSetId = "resource_set_id" } // ApplicationName = "application_name", // OperationName = "operation_name" }; var stubIdentityServerUmaClientFactory = new Mock <IIdentityServerUmaClientFactory>(); var stubIntrospectionClient = new Mock <IIntrospectionClient>(); stubIntrospectionClient .Setup(s => s.GetByResolution(It.IsAny <string>(), It.IsAny <string>())) .ReturnsAsync(introspectionResponse); stubIdentityServerUmaClientFactory .Setup(s => s.GetIntrospectionClient()) .Returns(() => stubIntrospectionClient.Object); var stubIdentityServerUmaManagerClientFactory = new Mock <IIdentityServerUmaManagerClientFactory>(); var stubOperationClient = new Mock <IResourceClient>(); stubOperationClient.Setup(s => s.SearchResources(It.IsAny <SearchResourceRequest>(), It.IsAny <Uri>(), It.IsAny <string>())) .ReturnsAsync(searchOperationResponse); stubIdentityServerUmaManagerClientFactory.Setup(s => s.GetResourceClient()) .Returns(stubOperationClient.Object); var umaIntrospectionOptions = new UmaIntrospectionOptions { UmaConfigurationUrl = "http://localhost/uma", ResourcesUrl = "http://localhost/resources", IdentityServerUmaManagerClientFactory = stubIdentityServerUmaManagerClientFactory.Object, IdentityServerUmaClientFactory = stubIdentityServerUmaClientFactory.Object }; var createServer = CreateServer(umaIntrospectionOptions); var httpRequestMessage = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri("http://localhost/operation") }; httpRequestMessage.Headers.Add("Authorization", "Bearer RPT"); var client = createServer.CreateClient(); // ACT var result = await client.SendAsync(httpRequestMessage).ConfigureAwait(false); // ASSERT Assert.True(result.StatusCode == HttpStatusCode.OK); }
/// <summary> /// Asserts that two introspection responses as equal /// </summary> public static void Equal(IntrospectionResponse expected, IntrospectionResponse actual) { Assert.Equal(expected.Active, actual.Active); Assert.Equal(expected.Iss, actual.Iss); }