public void ValidateHS256Token_IncorrectIssuer_ReturnsError()
{
var settings = GetHS256TestSettings();
settings.Issuer = "local.auth.issuer1";
var tokenString = GenerateHS256Token();
var mockSettings = new Mock <IOptions <SecuritySettings> >();
mockSettings.Setup(m => m.Value).Returns(() => settings);
try
{
var service = new JwtTokenService(new List <ISecurityService> {
new Hs256SecurityService(mockSettings.Object)
}, mockSettings.Object);
var result = service.Validate(tokenString);
Assert.Fail();
}
catch (Exception ex)
{
Assert.AreEqual(ex.Message, "Invalid issuer: local.auth0.issuer");
}
}
public void GenerateHS256Token_Success()
{
var mockSettings = new Mock <IOptions <SecuritySettings> >();
mockSettings.Setup(m => m.Value).Returns(() => GetHS256TestSettings());
var service = new JwtTokenService(new List <ISecurityService> {
new Hs256SecurityService(mockSettings.Object)
}, mockSettings.Object);
var result = service.GenerateToken(_email);
var token = result;
Assert.IsNotNull(token);
var principal = service.Validate(token.Token);
Assert.IsNotNull(principal);
var identity = principal.Identity;
Assert.IsTrue(identity.IsAuthenticated);
var claims = principal.Claims;
Assert.IsTrue(claims.Any(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" && c.Value == _email));
Assert.IsTrue(claims.Any(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" && c.Value == _email));
Assert.IsTrue(claims.Any(c => c.Type == "aud" && c.Value == _audience));
Assert.IsTrue(claims.Any(c => c.Type == "iss" && c.Value == _issuer));
}
public void ValidateRS256Token_IncorrectAudience_ReturnsError()
{
var newAudience = "local.auth.audience1";
var settings = GetRS256TestSettings();
settings.Audience = "local.auth.audience1";
var tokenString = GenerateRS256Token(settings);
var mockSettings = new Mock <IOptions <SecuritySettings> >();
mockSettings.Setup(m => m.Value).Returns(() => GetRS256TestSettings());
try
{
var service = new JwtTokenService(new List <ISecurityService> {
new Rs256SecurityService(mockSettings.Object)
}, mockSettings.Object);
var result = service.Validate(tokenString);
Assert.Fail();
}
catch (Exception ex)
{
Assert.AreEqual(ex.Message, $"Invalid audience: {newAudience}");
}
}
public void ValidateRS256Token_InvalidSignature_ReturnsError()
{
var settings = GetRS256TestSettings();
settings.SigningKey = "123";
var tokenString = GenerateRS256Token();
var mockSettings = new Mock <IOptions <SecuritySettings> >();
mockSettings.Setup(m => m.Value).Returns(() => settings);
try
{
var service = new JwtTokenService(new List <ISecurityService> {
new Rs256SecurityService(mockSettings.Object)
}, mockSettings.Object);
var result = service.Validate(tokenString);
Assert.Fail();
}
catch (Exception ex)
{
Assert.AreEqual(ex.Message, "Invalid signature");
}
}
public void ValidateToken_InvalidSecurityType_ReturnsError()
{
var settings = new SecuritySettings
{
Audience = _audience,
Issuer = _issuer,
SigningKey = _signingKey
};
var mockSettings = new Mock <IOptions <SecuritySettings> >();
mockSettings.Setup(m => m.Value).Returns(() => settings);
var tokenString = GenerateRS256Token();
try
{
var service = new JwtTokenService(new List <ISecurityService> {
new Rs256SecurityService(mockSettings.Object)
}, mockSettings.Object);
var result = service.Validate(tokenString);
Assert.Fail();
}
catch (Exception ex)
{
Assert.AreEqual(ex.Message, "Invalid security type");
}
}
public void ValidateHS256Token_NoSecurityService_ReturnsError()
{
var tokenString = GenerateHS256Token();
var mockSettings = new Mock <IOptions <SecuritySettings> >();
mockSettings.Setup(m => m.Value).Returns(() => GetHS256TestSettings());
try
{
var service = new JwtTokenService(new List <ISecurityService>(), mockSettings.Object);
var result = service.Validate(tokenString);
Assert.Fail();
}
catch (Exception ex)
{
Assert.AreEqual(ex.Message, "Service for type 'HS256' not found");
}
}
public void ValidateRS256Token_CertificateWithoutPrivateKey_ReturnsError()
{
var settings = GetRS256TestSettings();
settings.CertificateData = "***";
var mockSettings = new Mock <IOptions <SecuritySettings> >();
mockSettings.Setup(m => m.Value).Returns(() => settings);
try
{
var tokenString = GenerateRS256Token();
var service = new JwtTokenService(new List <ISecurityService> {
new Rs256SecurityService(mockSettings.Object)
}, mockSettings.Object);
var result = service.Validate(tokenString);
Assert.Fail();
}
catch (Exception ex)
{
Assert.AreEqual(ex.Message, "Certificate is not X509Certificate2 or does not have private key");
}
}
