public async Task TestInstanceDiscovery_WhenAuthorityIsInvalidButValidationIsNotRequired_ShouldCacheTheProvidedAuthority() { for (int i = 0; i < 2; i++) // Prepare 2 mock responses { HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant) { Method = HttpMethod.Get, Url = $"https://{InstanceDiscovery.DefaultTrustedAuthority}/common/discovery/instance", ResponseMessage = MockHelpers.CreateFailureResponseMessage("{\"error\":\"invalid_instance\"}") }); } CallState callState = new CallState(Guid.NewGuid()); string host = "invalid_instance.example.com"; // ADAL still behaves correctly using developer provided authority var entry = await InstanceDiscovery.GetMetadataEntry(new Uri($"https://{host}/tenant"), false, callState).ConfigureAwait(false); Assert.AreEqual(host, entry.PreferredNetwork); // No exception raised, the host is returned as-is Assert.AreEqual(1, HttpMessageHandlerFactory.MockHandlersCount()); // 1 mock response is consumed, 1 remaining // Subsequent requests do not result in further authority validation network requests for the process lifetime var entry2 = await InstanceDiscovery.GetMetadataEntry(new Uri($"https://{host}/tenant"), false, callState).ConfigureAwait(false); Assert.AreEqual(host, entry2.PreferredNetwork); Assert.AreEqual(1, HttpMessageHandlerFactory.MockHandlersCount()); // Still 1 mock response remaining, so no new request was attempted }
public async Task AuthenticationContextAuthorityValidationTestAsync() { AuthenticationContext context = null; AuthenticationResult result = null; try { context = new AuthenticationContext("https://login.contoso.com/adfs"); await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, platformParameters); } catch (ArgumentException ex) { Assert.AreEqual(ex.ParamName, "validateAuthority"); } MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultRedirectUri + "?code=some-code")); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }); //whitelisted authority context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, true); result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, platformParameters, new UserIdentifier(TestConstants.DefaultDisplayableId, UserIdentifierType.RequiredDisplayableId)); Assert.IsNotNull(result); Assert.AreEqual(result.AccessToken, "some-access-token"); Assert.IsNotNull(result.UserInfo); //add handler to return failed discovery response HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler() { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateFailureResponseMessage( "{\"error\":\"invalid_instance\",\"error_description\":\"AADSTS70002: Error in validating authority.\"}") }); try { context = new AuthenticationContext("https://login.microsoft0nline.com/common"); result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, platformParameters); } catch (AdalException ex) { Assert.AreEqual(ex.ErrorCode, AdalError.AuthorityNotInValidList); } }
public async Task FullCoveragePositiveTestAsync() { MockHttpMessageHandler mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant) { Method = HttpMethod.Get, Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/devicecode", ResponseMessage = MockHelpers.CreateSuccessDeviceCodeResponseMessage() }; HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler); mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant) { Method = HttpMethod.Post, Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/token", ResponseMessage = MockHelpers.CreateFailureResponseMessage("{\"error\":\"authorization_pending\"," + "\"error_description\":\"AADSTS70016: Pending end-user authorization." + "\\r\\nTrace ID: f6c2c73f-a21d-474e-a71f-d8b121a58205\\r\\nCorrelation ID: " + "36fe3e82-442f-4418-b9f4-9f4b9295831d\\r\\nTimestamp: 2015-09-24 19:51:51Z\"," + "\"error_codes\":[70016],\"timestamp\":\"2015-09-24 19:51:51Z\",\"trace_id\":" + "\"f6c2c73f-a21d-474e-a71f-d8b121a58205\",\"correlation_id\":" + "\"36fe3e82-442f-4418-b9f4-9f4b9295831d\"}") }; HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant) { Method = HttpMethod.Post, Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/token", ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultResource) }); TokenCache cache = new TokenCache(); AuthenticationContext ctx = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, cache); DeviceCodeResult dcr = await ctx.AcquireDeviceCodeAsync("some-resource", "some-client").ConfigureAwait(false); Assert.IsNotNull(dcr); Assert.AreEqual("some-device-code", dcr.DeviceCode); Assert.AreEqual("some-user-code", dcr.UserCode); Assert.AreEqual("some-URL", dcr.VerificationUrl); Assert.AreEqual(5, dcr.Interval); Assert.AreEqual("some-message", dcr.Message); Assert.AreEqual("some-client", dcr.ClientId); AuthenticationResult result = await ctx.AcquireTokenByDeviceCodeAsync(dcr).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); // There should be one cached entry. Assert.AreEqual(1, ctx.TokenCache.Count); }
public async Task PositiveTestAsync() { DeviceCodeResult dcr = new DeviceCodeResult() { ClientId = TestConstants.DefaultClientId, Resource = TestConstants.DefaultResource, DeviceCode = "device-code", ExpiresOn = (DateTimeOffset.UtcNow + TimeSpan.FromMinutes(10)), Interval = 5, Message = "get token here", UserCode = "user-code", VerificationUrl = "https://login.microsoftonline.com/home.oauth2/token" }; MockHttpMessageHandler mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant) { Method = HttpMethod.Post, Url = "https://login.microsoftonline.com/home/oauth2/token", ResponseMessage = MockHelpers.CreateFailureResponseMessage("{\"error\":\"authorization_pending\"," + "\"error_description\":\"AADSTS70016: Pending end-user authorization." + "\\r\\nTrace ID: f6c2c73f-a21d-474e-a71f-d8b121a58205\\r\\nCorrelation ID: " + "36fe3e82-442f-4418-b9f4-9f4b9295831d\\r\\nTimestamp: 2015-09-24 19:51:51Z\"," + "\"error_codes\":[70016],\"timestamp\":\"2015-09-24 19:51:51Z\",\"trace_id\":" + "\"f6c2c73f-a21d-474e-a71f-d8b121a58205\",\"correlation_id\":" + "\"36fe3e82-442f-4418-b9f4-9f4b9295831d\"}") }; HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant) { Method = HttpMethod.Post, Url = "https://login.microsoftonline.com/home/oauth2/token", ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultResource) }); TokenCache cache = new TokenCache(); AuthenticationContext ctx = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, cache); AuthenticationResult result = await ctx.AcquireTokenByDeviceCodeAsync(dcr).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); }
public async Task NegativeDeviceCodeTimeoutTestAsync() { MockHttpMessageHandler mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant) { Method = HttpMethod.Get, Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/devicecode", ResponseMessage = MockHelpers.CreateSuccessDeviceCodeResponseMessage("1") }; HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler); mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant) { Method = HttpMethod.Post, Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/token", ResponseMessage = MockHelpers.CreateFailureResponseMessage("{\"error\":\"authorization_pending\"," + "\"error_description\":\"AADSTS70016: Pending end-user authorization." + "\\r\\nTrace ID: f6c2c73f-a21d-474e-a71f-d8b121a58205\\r\\nCorrelation ID: " + "36fe3e82-442f-4418-b9f4-9f4b9295831d\\r\\nTimestamp: 2015-09-24 19:51:51Z\"," + "\"error_codes\":[70016],\"timestamp\":\"2015-09-24 19:51:51Z\",\"trace_id\":" + "\"f6c2c73f-a21d-474e-a71f-d8b121a58205\",\"correlation_id\":" + "\"36fe3e82-442f-4418-b9f4-9f4b9295831d\"}") }; HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler); mockMessageHandler = new MockHttpMessageHandler(TestConstants.DefaultAuthorityHomeTenant) { Method = HttpMethod.Post, Url = TestConstants.DefaultAuthorityHomeTenant + "oauth2/token", ResponseMessage = MockHelpers.CreateDeviceCodeExpirationErrorResponse() }; HttpMessageHandlerFactory.AddMockHandler(mockMessageHandler); TokenCache cache = new TokenCache(); AuthenticationContext ctx = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, cache); DeviceCodeResult dcr = await ctx.AcquireDeviceCodeAsync("some resource", "some authority").ConfigureAwait(false); Assert.IsNotNull(dcr); AuthenticationResult result; AdalServiceException ex = AssertException.TaskThrows <AdalServiceException>(async() => result = await ctx.AcquireTokenByDeviceCodeAsync(dcr).ConfigureAwait(false)); Assert.IsTrue(ex.Message.Contains("Verification code expired")); }
public async Task UserRealmDiscoveryTest() { AuthenticationContext context = new AuthenticationContext(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/" + TestConstants.DefaultDisplayableId, new TokenCache()); await context.Authenticator.UpdateFromTemplateAsync(null); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/" + TestConstants.DefaultDisplayableId) { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"Federated\",\"domain_name\":\"microsoft.com\"," + "\"federation_protocol\":\"WSTrust\",\"federation_metadata_url\":" + "\"https://msft.sts.microsoft.com/adfs/services/trust/mex\"," + "\"federation_active_auth_url\":\"https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed\"" + ",\"cloud_instance_name\":\"login.microsoftonline.com\"}") }, QueryParams = new Dictionary <string, string>() { { "api-version", "1.0" } } }); UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, TestConstants.DefaultDisplayableId, CallState.Default); VerifyUserRealmResponse(userRealmResponse, "Federated"); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/" + TestConstants.DefaultDisplayableId) { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"Unknown\",\"cloud_instance_name\":\"login.microsoftonline.com\"}") }, QueryParams = new Dictionary <string, string>() { { "api-version", "1.0" } } }); userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, TestConstants.DefaultDisplayableId, CallState.Default); VerifyUserRealmResponse(userRealmResponse, "Unknown"); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/" + null) { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateFailureResponseMessage("unknown_user") }); AdalException ex = AssertException.TaskThrows <AdalException>(() => UserRealmDiscoveryResponse.CreateByDiscoveryAsync(context.Authenticator.UserRealmUri, null, CallState.Default)); Assert.AreEqual(AdalError.UnknownUser, ex.Message); // All mocks are consumed Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount()); }