public void GetRefreshTokenTest() { using (var harness = new MockHttpAndServiceBundle()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle); var rtItem = new MsalRefreshTokenCacheItem( MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.ClientId, "someRT", MockHelpers.CreateClientInfo()); string rtKey = rtItem.GetKey().ToString(); cache.Accessor.SaveRefreshToken(rtItem); var authParams = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, MsalTestConstants.Scope, account: MsalTestConstants.User); Assert.IsNotNull(cache.FindRefreshTokenAsync(authParams)); // RT is stored by environment, client id and userIdentifier as index. // any change to authority (within same environment), uniqueid and displyableid will not // change the outcome of cache look up. Assert.IsNotNull(cache.FindRefreshTokenAsync( harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityHomeTenant + "more", MsalTestConstants.Scope, account: MsalTestConstants.User))); } }
public void GetExpiredAccessToken_WithExtendedExpireStillValid_Test() { using (var harness = new MockHttpAndServiceBundle(isExtendedTokenLifetimeEnabled: true)) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle); var atItem = new MsalAccessTokenCacheItem( MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.ClientId, MsalTestConstants.Scope.AsSingleString(), MsalTestConstants.Utid, null, new DateTimeOffset(DateTime.UtcNow), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(2)), MockHelpers.CreateClientInfo()); atItem.Secret = atItem.GetKey().ToString(); cache.Accessor.SaveAccessToken(atItem); var param = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, new SortedSet <string>(), account: new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null)); var cacheItem = cache.FindAccessTokenAsync(param).Result; Assert.IsNotNull(cacheItem); Assert.AreEqual(atItem.GetKey().ToString(), cacheItem.GetKey().ToString()); Assert.IsTrue(cacheItem.IsExtendedLifeTimeToken); } }
private void CreateBrokerHelper() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: TestConstants.s_extraQueryParams, claims: TestConstants.Claims); parameters.IsBrokerEnabled = true; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters(); InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new MockWebUI()); IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(); _brokerInteractiveRequest = new BrokerInteractiveRequest( parameters, interactiveParameters, harness.ServiceBundle, null, broker); } }
public async Task RedirectUriContainsFragmentErrorTestAsync() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: new Dictionary <string, string> { { "extra", "qp" } }); parameters.RedirectUri = new Uri("some://uri#fragment=not-so-good"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.ForceLogin, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; var request = new InteractiveRequest( parameters, interactiveParameters); var ex = await AssertException.TaskThrowsAsync <ArgumentException> (() => request.RunAsync()).ConfigureAwait(false); Assert.IsTrue(ex.Message.Contains(MsalErrorMessage.RedirectUriContainsFragment)); } }
private void CreateBrokerHelper() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityHomeTenant, MsalTestConstants.Scope, new TokenCache(harness.ServiceBundle), extraQueryParameters: MsalTestConstants.ExtraQueryParams, claims: MsalTestConstants.Claims); parameters.IsBrokerEnabled = true; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters(); InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new MockWebUI()); BrokerFactory brokerFactory = new BrokerFactory(); _brokerInteractiveRequest = new BrokerInteractiveRequest(parameters, interactiveParameters, harness.ServiceBundle, null, brokerFactory.Create(harness.ServiceBundle)); } }
public async Task WithExtraQueryParamsAndClaimsAsync() { IDictionary <string, string> extraQueryParamsAndClaims = TestConstants.ExtraQueryParameters.ToDictionary(e => e.Key, e => e.Value); extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims); using (MockHttpAndServiceBundle harness = CreateTestHarness()) { var cache = new TokenCache(harness.ServiceBundle, false); var ui = new MockWebUI() { MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=some-code"), QueryParamsToValidate = TestConstants.ExtraQueryParameters }; MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, ui); MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); var tokenResponseHandler = new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedQueryParams = TestConstants.ExtraQueryParameters, ExpectedPostData = new Dictionary <string, string>() { { OAuth2Parameter.Claims, TestConstants.Claims } }, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }; harness.HttpManager.AddMockHandler(tokenResponseHandler); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, cache, extraQueryParameters: TestConstants.ExtraQueryParameters, claims: TestConstants.Claims); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.SelectAccount, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; var request = new InteractiveRequest( parameters, interactiveParameters); AuthenticationResult result = await request.RunAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count()); Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(result.AccessToken, "some-access-token"); } }
public void TestIsFociMember_EnvAlias() { // Arrange using (var harness = new MockHttpAndServiceBundle()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle); AuthenticationRequestParameters requestParams = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, MsalTestConstants.Scope, account: MsalTestConstants.User); cache.Accessor.SaveAppMetadata( new MsalAppMetadataCacheItem( MsalTestConstants.ClientId, MsalTestConstants.ProductionNotPrefEnvironmentAlias, "1")); // Act bool?result = cache.IsFociMemberAsync(requestParams, "1").Result; //requst params uses ProductionPrefEnvAlias // Assert Assert.AreEqual(true, result.Value); } }
public async Task BrokerInteractiveRequestBrokerRequiredTestAsync() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockWebUI ui = new MockWebUI() { // When the auth code is returned from the authorization server prefixed with msauth:// // this means the user who logged requires cert based auth and broker MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=msauth://some-code") }; MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); harness.ServiceBundle.PlatformProxy.SetBrokerForTest(CreateMockBroker()); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false)); parameters.IsBrokerEnabled = false; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, new AcquireTokenInteractiveParameters(), ui); AuthenticationResult result = await request.RunAsync(CancellationToken.None).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("access-token", result.AccessToken); } }
public void GetSubsetScopesMatchedAccessTokenTest() { using (var harness = new MockHttpAndServiceBundle()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle); var atItem = new MsalAccessTokenCacheItem( MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.ClientId, MsalTestConstants.Scope.AsSingleString(), MsalTestConstants.Utid, null, new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(1)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(2)), MockHelpers.CreateClientInfo()); // create key out of access token cache item and then // set it as the value of the access token. string atKey = atItem.GetKey().ToString(); atItem.Secret = atKey; cache.Accessor.SaveAccessToken(atItem); var param = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, new SortedSet <string>(), account: MsalTestConstants.User); param.Scope.Add("r1/scope1"); var item = cache.FindAccessTokenAsync(param).Result; Assert.IsNotNull(item); Assert.AreEqual(atKey, item.Secret); } }
public void NullArgs() { using (var harness = new MockHttpAndServiceBundle()) { var bundle = harness.ServiceBundle; AuthenticationRequestParameters requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false)); var interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.SelectAccount, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; var webUi = NSubstitute.Substitute.For <IWebUI>(); AssertException.Throws <ArgumentNullException>(() => new InteractiveRequest(null, requestParams, interactiveParameters, webUi)); AssertException.Throws <ArgumentNullException>(() => new InteractiveRequest(bundle, null, interactiveParameters, webUi)); AssertException.Throws <ArgumentNullException>(() => new InteractiveRequest(bundle, requestParams, null, webUi)); } }
public void GetAppTokenFromCacheTest() { using (var harness = new MockHttpAndServiceBundle()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle); var atItem = new MsalAccessTokenCacheItem( MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.ClientId, MsalTestConstants.Scope.AsSingleString(), MsalTestConstants.Utid, null, new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExtendedExpiresIn)), MockHelpers.CreateClientInfo()); string atKey = atItem.GetKey().ToString(); atItem.Secret = atKey; cache.Accessor.SaveAccessToken(atItem); var authParams = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, MsalTestConstants.Scope); authParams.ClientCredential = MsalTestConstants.CredentialWithSecret; authParams.IsClientCredentialRequest = true; var cacheItem = cache.FindAccessTokenAsync(authParams).Result; Assert.IsNotNull(cacheItem); Assert.AreEqual(atItem.GetKey().ToString(), cacheItem.GetKey().ToString()); } }
[WorkItem(1418)] // test for bug https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1418 public async Task VerifyAuthorizationResult_NoErrorDescription_Async() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); MockWebUI webUi = new MockWebUI() { // error code and error description is empty string (not null) MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=some_error&error_description= "), }; AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false)); InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, new AcquireTokenInteractiveParameters(), webUi); var ex = await AssertException.TaskThrowsAsync <MsalServiceException>( () => request.ExecuteAsync(CancellationToken.None)) .ConfigureAwait(false); Assert.AreEqual("some_error", ex.ErrorCode); Assert.AreEqual(InteractiveRequest.UnknownError, ex.Message); } }
public void GetAccessTokenExpiryInRangeTest() { using (var harness = new MockHttpAndServiceBundle()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle); var atItem = new MsalAccessTokenCacheItem( MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.ClientId, MsalTestConstants.Scope.AsSingleString(), MsalTestConstants.Utid, "", new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromMinutes(4)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(2)), MockHelpers.CreateClientInfo()); atItem.Secret = atItem.GetKey().ToString(); cache.Accessor.SaveAccessToken(atItem); var param = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, new SortedSet <string>(), account: new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null)); Assert.IsNull(cache.FindAccessTokenAsync(param).Result); } }
public async Task FetchTransferToken_FailSilently_Async() { // Arrange using (MockHttpAndServiceBundle harness = CreateTestHarness()) { var msaProvider = new WebAccountProvider("id", "*****@*****.**", null); Client.Internal.Requests.AuthenticationRequestParameters requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, validateAuthority: true); requestParams.AppConfig.WindowsBrokerOptions = new WindowsBrokerOptions() { MsaPassthrough = true }; var msaRequest = new WebTokenRequest(msaProvider); _msaPlugin.CreateWebTokenRequestAsync(msaProvider, requestParams, false, true, false, MsaPassthroughHandler.TransferTokenScopes) .Returns(Task.FromResult(msaRequest)); _msaPlugin.MapTokenRequestError(WebTokenRequestStatus.ProviderError, 0, true) .Returns(Tuple.Create("some_provider_error", "", false)); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.ProviderError); _wamProxy.RequestTokenForWindowAsync(IntPtr.Zero, msaRequest).Returns(webTokenResponseWrapper); // Act var transferToken = await _msaPassthroughHandler.TryFetchTransferTokenInteractiveAsync(requestParams, msaProvider) .ConfigureAwait(false); // Assert Assert.IsNull(transferToken); } }
public async Task NoBroker_WebUiOnly_Async() { // Arrange - common stuff using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockInstanceDiscovery(harness.HttpManager); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle, false); var requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, cache); var interactiveParameters = new AcquireTokenInteractiveParameters(); // Arrange - important for test requestParams.AppConfig.IsBrokerEnabled = false; var authCodeResult = new Tuple <AuthorizationResult, string>(new AuthorizationResult() { Code = "some_auth_code" }, "pkce_verifier"); _authCodeRequestComponentOverride.FetchAuthCodeAndPkceVerifierAsync(CancellationToken.None) .Returns(Task.FromResult(authCodeResult)); _authCodeExchangeComponentOverride.FetchTokensAsync(CancellationToken.None) .Returns(Task.FromResult(_msalTokenResponse)); InteractiveRequest interactiveRequest = new InteractiveRequest( requestParams, interactiveParameters, _authCodeRequestComponentOverride, _authCodeExchangeComponentOverride, _brokerExchangeComponentOverride); // Act AuthenticationResult result = await interactiveRequest.RunAsync().ConfigureAwait(false); // Assert - common stuff Assert.IsNotNull(result); Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken)); Assert.AreEqual(1, cache.Accessor.GetAllAccessTokens().Count()); // Assert - orchestration #pragma warning disable VSTHRD101 // Avoid unsupported async delegates Received.InOrder(async() => { await _authCodeRequestComponentOverride .FetchAuthCodeAndPkceVerifierAsync(default)
public async Task FetchTransferToken_Silent_Async() { // Arrange using (MockHttpAndServiceBundle harness = CreateTestHarness()) { var msaProvider = new WebAccountProvider("id", "*****@*****.**", null); Client.Internal.Requests.AuthenticationRequestParameters requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, validateAuthority: true); requestParams.AppConfig.WindowsBrokerOptions = new WindowsBrokerOptions() { MsaPassthrough = true }; var msaRequest = new WebTokenRequest(msaProvider); _msaPlugin.CreateWebTokenRequestAsync(msaProvider, requestParams, false, false, true, MsaPassthroughHandler.TransferTokenScopes) .Returns(Task.FromResult(msaRequest)); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success); WebAccount accountFromMsaProvider = new WebAccount(msaProvider, "*****@*****.**", WebAccountState.Connected); var webTokenResponse = new WebTokenResponse("transfer_token", accountFromMsaProvider); webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>() { webTokenResponse }); _wamProxy.RequestTokenForWindowAsync(IntPtr.Zero, msaRequest, accountFromMsaProvider).Returns(webTokenResponseWrapper); _msaPlugin.ParseSuccessfullWamResponse(Arg.Any <WebTokenResponse>(), out Arg.Any <Dictionary <string, string> >()) .Returns(x => { x[1] = new Dictionary <string, string>(); (x[1] as Dictionary <string, string>).Add("code", "actual_transfer_token"); return(new MsalTokenResponse()); }); // Act var transferToken = await _msaPassthroughHandler.TryFetchTransferTokenSilentAsync( requestParams, accountFromMsaProvider) .ConfigureAwait(false); // Assert Assert.AreEqual("actual_transfer_token", transferToken); } }
public void GetExactScopesMatchedAccessTokenTest() { var atItem = Credential.CreateAccessToken( MsalTestConstants.HomeAccountId, MsalTestConstants.ProductionPrefNetworkEnvironment, new Uri(MsalTestConstants.AuthorityTestTenant).GetRealm(), MsalTestConstants.ClientId, ScopeUtils.JoinScopes(MsalTestConstants.Scope), TimeUtils.GetSecondsFromEpochNow(), TimeUtils.GetSecondsFromEpochNow() + MsalCacheV2TestConstants.ValidExpiresIn, TimeUtils.GetSecondsFromEpochNow() + MsalCacheV2TestConstants.ValidExtendedExpiresIn, TheSecret, string.Empty); _storageWorker.WriteCredentials( new List <Credential> { atItem }); using (var harness = new MockHttpAndServiceBundle()) { // TODO: In MSALC++, the request parameters only really needs the // Authority URI itself since the cache isn't meant to // do ANY network calls. // So it would be great if we could reduce the complexity/dependencies // here and do any of the validated authority cache / instance discovery // outside of the context of the authentication parameters and // cache interaction and just track the authority we're using... // AccountId = MsalTestConstants.HomeAccountId, // Authority = new Uri(MsalTestConstants.AuthorityTestTenant), var cacheManager = new CacheManager(_storageManager, harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, new SortedSet <string>(MsalCacheV2TestConstants.Scope), account: MsalTestConstants.User)); Assert.IsTrue(cacheManager.TryReadCache(out var tokenResponse, out var accountResponse)); Assert.IsNotNull(tokenResponse); Assert.IsNull(accountResponse); Assert.AreEqual(TheSecret, tokenResponse.AccessToken); } }
private static async Task ExecuteTestAsync( bool withTokenRequest, Action <ICustomWebUi> customizeWebUiBehavior, Func <InteractiveRequest, Task> executionBehavior) { var customWebUi = Substitute.For <ICustomWebUi>(); customizeWebUiBehavior(customWebUi); using (var harness = new MockHttpAndServiceBundle()) { MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); if (withTokenRequest) { harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }); } var parameters = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityHomeTenant, MsalTestConstants.Scope); parameters.RedirectUri = new Uri(ExpectedRedirectUri); parameters.LoginHint = MsalTestConstants.DisplayableId; var interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.ForceLogin, ExtraScopesToConsent = MsalTestConstants.ScopeForAnotherResource.ToArray(), CustomWebUi = customWebUi }; var request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new CustomWebUiHandler(customWebUi)); await executionBehavior(request).ConfigureAwait(false); } }
public void DuplicateQueryParameterErrorTest() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); harness.HttpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityHomeTenant); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: new Dictionary <string, string> { { "extra", "qp" }, { "prompt", "login" } }); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.ForceLogin, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new MockWebUI()); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should be thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual( MsalError.DuplicateQueryParameterError, ((MsalException)exc.InnerException).ErrorCode); } } }
private void ValidateOathClient(HttpResponseMessage httpResponseMessage, Action <Exception> validationHandler) { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = httpResponseMessage }); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityHomeTenant, MsalTestConstants.Scope, null); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = MsalTestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.SelectAccount, ExtraScopesToConsent = MsalTestConstants.ScopeForAnotherResource.ToArray(), }; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new MockWebUI()); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { validationHandler(exc); } } }
private MockHttpAndServiceBundle CreateBrokerHelper() { MockHttpAndServiceBundle harness = CreateTestHarness(); _parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: TestConstants.ExtraQueryParameters, claims: TestConstants.Claims); _parameters.IsBrokerConfigured = true; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters(); _acquireTokenSilentParameters = new AcquireTokenSilentParameters(); IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(null); _brokerInteractiveRequest = new BrokerInteractiveRequestComponent( _parameters, interactiveParameters, broker, "install_url"); _brokerSilentAuthStrategy = new SilentBrokerAuthStrategy( new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters), harness.ServiceBundle, _parameters, _acquireTokenSilentParameters, broker); _brokerHttpResponse = new HttpResponse(); _brokerHttpResponse.Body = "SomeBody"; _brokerHttpResponse.StatusCode = HttpStatusCode.Unauthorized; _brokerHttpResponse.Headers = new HttpResponseMessage().Headers; return(harness); }
public void GetAccessTokenUserAssertionMismatchInCacheTest() { using (var harness = new MockHttpAndServiceBundle()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle); var atItem = new MsalAccessTokenCacheItem( MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.ClientId, MsalTestConstants.Scope.AsSingleString(), MsalTestConstants.Utid, null, new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(1)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromHours(2)), MockHelpers.CreateClientInfo()); // create key out of access token cache item and then // set it as the value of the access token. string atKey = atItem.GetKey().ToString(); atItem.Secret = atKey; atItem.UserAssertionHash = harness.ServiceBundle.PlatformProxy.CryptographyManager.CreateBase64UrlEncodedSha256Hash(atKey); cache.Accessor.SaveAccessToken(atItem); var authParams = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, MsalTestConstants.Scope); authParams.UserAssertion = new UserAssertion(atItem.UserAssertionHash + "-random"); var item = cache.FindAccessTokenAsync(authParams).Result; // cache lookup should fail because there was userassertion hash did not match the one // stored in token cache item. Assert.IsNull(item); } }
private (Client.Internal.Requests.AuthenticationRequestParameters requestParams, IWebTokenRequestResultWrapper webTokenResponseWrapper) SetupSilentCall(MockHttpAndServiceBundle harness) { var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null); var requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant); requestParams.Account = new Account( $"{TestConstants.Uid}.{TestConstants.Utid}", TestConstants.DisplayableId, null, new Dictionary <string, string>() { { TestConstants.ClientId, "wam_id_1" } }); // account has wam_id! var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected); var webTokenRequest = new WebTokenRequest(wamAccountProvider); IWebTokenRequestResultWrapper webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); _webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider)); _wamProxy.FindAccountAsync(Arg.Any <WebAccountProvider>(), "wam_id_1").Returns(Task.FromResult(webAccount)); _aadPlugin.CreateWebTokenRequestAsync( wamAccountProvider, requestParams, isForceLoginPrompt: false, isAccountInWam: true, isInteractive: false) .Returns(Task.FromResult(webTokenRequest)); _wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest). Returns(Task.FromResult(webTokenResponseWrapper)); return(requestParams, webTokenResponseWrapper); }
private void CreateBrokerHelper() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: TestConstants.ExtraQueryParameters, claims: TestConstants.Claims); parameters.IsBrokerConfigured = true; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters(); AcquireTokenSilentParameters acquireTokenSilentParameters = new AcquireTokenSilentParameters(); //PublicAuthCodeRequest request = new PublicAuthCodeRequest( // parameters, // interactiveParameters, // new MockWebUI()); IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(null); _brokerInteractiveRequest = new BrokerInteractiveRequestComponent( parameters, interactiveParameters, broker, "install_url"); _brokerSilentRequest = new BrokerSilentRequest( parameters, acquireTokenSilentParameters, harness.ServiceBundle, broker); } }
public void BrokerInteractiveRequest_CreateBrokerParametersTest() { using (var harness = new MockHttpAndServiceBundle()) { // Arrange var parameters = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, null, null, null, MsalTestConstants.ExtraQueryParams); // Act BrokerInteractiveRequest brokerInteractiveRequest = new BrokerInteractiveRequest(parameters, null, null, null); brokerInteractiveRequest.CreateRequestParametersForBroker(); // Assert Assert.AreEqual(10, brokerInteractiveRequest._brokerPayload.Count); Assert.AreEqual(CanonicalizedAuthority, brokerInteractiveRequest._brokerPayload[BrokerParameter.Authority]); Assert.AreEqual(MsalTestConstants.ScopeStr, brokerInteractiveRequest._brokerPayload[BrokerParameter.RequestScopes]); Assert.AreEqual(MsalTestConstants.ClientId, brokerInteractiveRequest._brokerPayload[BrokerParameter.ClientId]); Assert.IsFalse(String.IsNullOrEmpty(brokerInteractiveRequest._brokerPayload[BrokerParameter.CorrelationId])); Assert.AreNotEqual(Guid.Empty.ToString(), brokerInteractiveRequest._brokerPayload[BrokerParameter.CorrelationId]); Assert.AreEqual(MsalIdHelper.GetMsalVersion(), brokerInteractiveRequest._brokerPayload[BrokerParameter.ClientVersion]); Assert.AreEqual("NO", brokerInteractiveRequest._brokerPayload[BrokerParameter.Force]); Assert.AreEqual(string.Empty, brokerInteractiveRequest._brokerPayload[BrokerParameter.Username]); Assert.AreEqual(MsalTestConstants.RedirectUri, brokerInteractiveRequest._brokerPayload[BrokerParameter.RedirectUri]); Assert.AreEqual(MsalTestConstants.BrokerExtraQueryParameters, brokerInteractiveRequest._brokerPayload[BrokerParameter.ExtraQp]); //Assert.AreEqual(MsalTestConstants.BrokerClaims, brokerInteractiveRequest._brokerPayload[BrokerParameter.Claims]); //TODO Assert.AreEqual(BrokerParameter.OidcScopesValue, brokerInteractiveRequest._brokerPayload[BrokerParameter.ExtraOidcScopes]); } }
public void GetRefreshTokenDifferentEnvironmentTest() { using (var harness = new MockHttpAndServiceBundle()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle); var rtItem = new MsalRefreshTokenCacheItem( MsalTestConstants.SovereignNetworkEnvironment, MsalTestConstants.ClientId, "someRT", MockHelpers.CreateClientInfo()); string rtKey = rtItem.GetKey().ToString(); cache.Accessor.SaveRefreshToken(rtItem); var authParams = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, MsalTestConstants.Scope, account: MsalTestConstants.User); var rt = cache.FindRefreshTokenAsync(authParams).Result; Assert.IsNull(rt); } }
public void RedirectUriContainsFragmentErrorTest() { try { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: new Dictionary <string, string> { { "extra", "qp" } }); parameters.RedirectUri = new Uri("some://uri#fragment=not-so-good"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.ForceLogin, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new MockWebUI()); Assert.Fail("ArgumentException should be thrown here"); } } catch (ArgumentException ae) { Assert.IsTrue(ae.Message.Contains(MsalErrorMessage.RedirectUriContainsFragment)); } }
public void TestIsFociMember() { // Arrange using (var harness = new MockHttpAndServiceBundle()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle); AuthenticationRequestParameters requestParams = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityTestTenant, MsalTestConstants.Scope, account: MsalTestConstants.User); // Act bool?result = cache.IsFociMemberAsync(requestParams, "1").Result; // Assert Assert.IsNull(result, "No app metadata, should return null which indicates <uknown>"); ValidateIsFociMember(cache, requestParams, metadataFamilyId: "1", expectedResult: true, // checks for familyId "1" errMessage: "Valid app metadata, should return true because family Id matches"); ValidateIsFociMember(cache, requestParams, metadataFamilyId: "2", expectedResult: false, // checks for familyId "1" errMessage: "Valid app metadata, should return false because family Id does not match"); ValidateIsFociMember(cache, requestParams, metadataFamilyId: null, expectedResult: false, // checks for familyId "1" errMessage: "Valid app metadata showing that the app is not member of any family"); } }
private AuthenticationRequestParameters CreateAuthenticationParametersAndSetupMocks( MockHttpAndServiceBundle harness, int numAuthorizationPendingResults, out HashSet <string> expectedScopes, bool isAdfs = false) { var cache = new TokenCache(harness.ServiceBundle, false); var parameters = harness.CreateAuthenticationRequestParameters( isAdfs ? TestConstants.OnPremiseAuthority : TestConstants.AuthorityHomeTenant, null, cache, null, extraQueryParameters: TestConstants.s_extraQueryParams, claims: TestConstants.Claims); if (isAdfs) { harness.HttpManager.AddMockHandler(new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = MockHelpers.CreateAdfsOpenIdConfigurationResponse(TestConstants.OnPremiseAuthority) }); } else { TestCommon.MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); } expectedScopes = new HashSet <string>(); expectedScopes.UnionWith(TestConstants.s_scope); expectedScopes.Add(OAuth2Value.ScopeOfflineAccess); expectedScopes.Add(OAuth2Value.ScopeProfile); expectedScopes.Add(OAuth2Value.ScopeOpenId); IDictionary <string, string> extraQueryParamsAndClaims = TestConstants.s_extraQueryParams.ToDictionary(e => e.Key, e => e.Value); extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims); // Mock Handler for device code request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedPostData = new Dictionary <string, string>() { { OAuth2Parameter.ClientId, TestConstants.ClientId }, { OAuth2Parameter.Scope, expectedScopes.AsSingleString() } }, ResponseMessage = isAdfs ? CreateAdfsDeviceCodeResponseSuccessMessage() : CreateDeviceCodeResponseSuccessMessage(), ExpectedQueryParams = extraQueryParamsAndClaims }); for (int i = 0; i < numAuthorizationPendingResults; i++) { harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedUrl = isAdfs ? "https://fs.contoso.com/adfs/oauth2/token" : "https://login.microsoftonline.com/home/oauth2/v2.0/token", ResponseMessage = MockHelpers.CreateFailureMessage( HttpStatusCode.Forbidden, "{\"error\":\"authorization_pending\"," + "\"error_description\":\"AADSTS70016: Pending end-user authorization." + "\\r\\nTrace ID: f6c2c73f-a21d-474e-a71f-d8b121a58205\\r\\nCorrelation ID: " + "36fe3e82-442f-4418-b9f4-9f4b9295831d\\r\\nTimestamp: 2015-09-24 19:51:51Z\"," + "\"error_codes\":[70016],\"timestamp\":\"2015-09-24 19:51:51Z\",\"trace_id\":" + "\"f6c2c73f-a21d-474e-a71f-d8b121a58205\",\"correlation_id\":" + "\"36fe3e82-442f-4418-b9f4-9f4b9295831d\"}") }); } if (numAuthorizationPendingResults > 0) { // Mock Handler for devicecode->token exchange request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedPostData = new Dictionary <string, string>() { { OAuth2Parameter.ClientId, TestConstants.ClientId }, { OAuth2Parameter.Scope, expectedScopes.AsSingleString() } }, ResponseMessage = isAdfs ? MockHelpers.CreateAdfsSuccessTokenResponseMessage() : MockHelpers.CreateSuccessTokenResponseMessage() }); } return(parameters); }
public async Task ATS_AccountWithWamId_Async() { // Arrange using (MockHttpAndServiceBundle harness = CreateTestHarness()) { _webAccountProviderFactory.ClearReceivedCalls(); var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null); var extraQP = new Dictionary <string, string>() { { "extraQp1", "extraVal1" }, { "instance_aware", "true" } }; var requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, extraQueryParameters: extraQP, validateAuthority: true); // AAD requestParams.UserConfiguredAuthority = Authority.CreateAuthority("https://login.microsoftonline.com/organizations"); requestParams.Account = new Account( $"{TestConstants.Uid}.{TestConstants.Utid}", TestConstants.DisplayableId, null, new Dictionary <string, string>() { { TestConstants.ClientId, "wam_id_1" } }); // account has wam_id! var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected); var webTokenRequest = new WebTokenRequest(wamAccountProvider); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success); var webTokenResponse = new WebTokenResponse(); webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>() { webTokenResponse }); _webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider)); _wamProxy.FindAccountAsync(Arg.Any <WebAccountProvider>(), "wam_id_1").Returns(Task.FromResult(webAccount)); _aadPlugin.CreateWebTokenRequestAsync( wamAccountProvider, requestParams, isForceLoginPrompt: false, isAccountInWam: true, isInteractive: false) .Returns(Task.FromResult(webTokenRequest)); var atsParams = new AcquireTokenSilentParameters(); _wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest). Returns(Task.FromResult(webTokenResponseWrapper)); _aadPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse); // Act var result = await _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams).ConfigureAwait(false); // Assert Assert.AreSame(_msalTokenResponse, result); Assert.AreEqual("yes", webTokenRequest.Properties["validateAuthority"]); Assert.AreEqual("extraVal1", webTokenRequest.Properties["extraQp1"]); // Although at the time of writing, MSAL does not support instance aware ... // WAM does support it but the param is different - discovery=home Assert.AreEqual("home", webTokenRequest.Properties["discover"]); Assert.AreEqual("https://login.microsoftonline.com/organizations/", webTokenRequest.Properties["authority"]); } }