public void ThrowsYubikeyInvalidResponseExceptionWhenExceptionWhileClientCall()
{
var response = new Mock <IYubicoResponse>();
response.SetupGet(x => x.Status).Returns(YubicoResponseStatus.Ok);
response.SetupGet(x => x.PublicId).Returns("some other id");
var client = new Mock <IYubicoClient>();
client.Setup(x => x.Verify(It.IsAny <string>())).Throws <WebException>();
var configuration = new YubikeyConfiguration {
Users = new List <UserMapping> {
new UserMapping("some name", "some id")
}
};
var formCollection = new NameValueCollection {
{ "yubiKey", "some id" }
};
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost/test/", UriKind.Absolute), null, null, formCollection);
var target = new YubikeyCheckAttribute(configuration, client.Object)
{
SkipIdentityNameCheck = true,
};
target.OnActionExecuting(context);
}
public void NullConfigurationThrowsWhenInstance()
{
var target = new YubikeyCheckAttribute(null, new YubicoClientAdapter())
{
ImageOnly = true
};
target.OnActionExecuting(MvcTestBase.CreateRequestContext(new Uri("http://localhost/test/?42FE943EC8A64735A978D1F81D5FFD00", UriKind.Absolute)));
}
public void CreatesNoAuditByDefault()
{
var configuration = new ConfigurationBase();
var target = new SampleAuthenticator(configuration);
target.AuditEvent(new Exception("Sample"), MvcTestBase.CreateRequestContext());
var result = target.InternalAudit;
Assert.IsNull(result);
}
public void ContinuesProcessingWhenUrlIsNull()
{
var context = MvcTestBase.CreateRequestContext((Uri)null);
var target = new SampleAuthenticator(new ConfigurationBase())
{
ImageOnly = true,
};
target.OnActionExecuting(context);
}
public void DoesNotInterceptNonImageRequestsWhenImageOnly()
{
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost/test/", UriKind.Absolute));
var target = new YubikeyCheckAttribute(new YubikeyConfiguration(), new YubicoClientAdapter())
{
ImageOnly = true
};
target.OnActionExecuting(context);
Assert.IsNull(context.Result);
}
public void NotBlocksLessThanConfiguredFastCalls()
{
var context = MvcTestBase.CreateRequestContext();
// we want to allow max 1 requests in one second
var target = new MinimumRequestTimeDistanceAttribute();
// calling 1 times should NOT throw an exception
target.OnActionExecuting(context);
var contentResult = context.Result as ContentResult;
Assert.IsNull(contentResult);
}
public void NotBlocksConfiguredFastCallsWithoutClientId()
{
// we setup a request context that returns always the same session id
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost"), string.Empty, string.Empty);
// we want to allow max 1 requests in one second
var target = new MinimumRequestTimeDistanceAttribute();
// calling 2 times should not throw an exception
target.OnActionExecuting(context);
target.OnActionExecuting(context);
Assert.IsNotNull(target);
}
public void RedirectsIfExceptionAndActionIsSet()
{
// todo: still having issues testing this: the newly generated UrlHelper needs "something" to build up a URL
var context = MvcTestBase.CreateRequestContext(new Uri("http://exception/Home/Index"));
var target = new SampleAuthenticator(new ConfigurationBase())
{
InvalidKeyAction = "Index"
};
target.OnActionExecuting(context);
var redirectResult = context.Result as RedirectResult;
Assert.IsNotNull(redirectResult);
Assert.AreEqual("/Home/Index/", redirectResult.Url);
}
public void DeliversImageForCorrectRequest()
{
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost/test/?42FE943EC8A64735A978D1F81D5FFD00", UriKind.Absolute));
var target = new YubikeyCheckAttribute(new YubikeyConfiguration(), new YubicoClientAdapter())
{
ImageOnly = true
};
target.OnActionExecuting(context);
var fileResult = context.Result as FileResult;
Assert.IsNotNull(fileResult);
Assert.AreEqual("image/png", fileResult.ContentType);
}
public void CallsRequestGateIfWanted()
{
var hasBeenCalled = false;
var mock = new Mock <IGate>();
mock.Setup(x => x.CheckRequestGate).Returns(true);
mock.Setup(x => x.CheckStatisticGate).Returns(false);
mock.Setup(x => x.RequestGate(It.IsAny <string>(), It.IsAny <HttpRequestBase>())).Returns(() => hasBeenCalled = true);
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost"), string.Empty, string.Empty);
var target = new TestGateMvcAttribute(mock.Object);
target.OnActionExecuting(context);
Assert.IsTrue(hasBeenCalled);
}
public void NotBlocksLessThanConfiguredFastCalls()
{
var context = MvcTestBase.CreateRequestContext();
// we want to allow max 2 requests in one second
var target = new FastRequestsProtectionAttribute {
RequestsPerSecondAndClient = 2
};
// calling 2 times should NOT block
target.OnActionExecuting(context);
target.OnActionExecuting(context);
Assert.IsNotNull(target);
Assert.IsNull(context.Result);
}
[ExcludeFromCodeCoverage] // since we expect an exception, we cannot get 100% code coverage
public void BlocksConfiguredFastCalls()
{
// we setup a request context that returns always the same session id
var context = MvcTestBase.CreateRequestContext();
// we want to allow max 1 requests in one second
var target = new MinimumRequestTimeDistanceAttribute();
// calling 2 times should block execution
target.OnActionExecuting(context);
target.OnActionExecuting(context);
var contentResult = context.Result as ContentResult;
Assert.IsNotNull(contentResult);
Assert.AreEqual("client has been blocked...", contentResult.Content);
}
public void CreatesCallsAuditForSuccessByDefault()
{
var configuration = new ConfigurationBase
{
Audit = new TypeConfiguration
{
TypeName = "Sem.Authentication.AppInfrastructure.DebugAudit, Sem.Authentication",
}
};
var target = new SampleAuthenticator(configuration);
target.AuditEvent(MvcTestBase.CreateRequestContext());
var result = target.InternalAudit;
Assert.IsNotNull(result);
}
public void ThrowsInvalidOperationExceptionWhenNoUsers()
{
var client = SetupClient(YubicoResponseStatus.Ok, "some id");
var configuration = new YubikeyConfiguration {
Users = null
};
var formCollection = new NameValueCollection {
{ "yubiKey", "some id" }
};
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost/test/", UriKind.Absolute), null, null, formCollection);
var target = new YubikeyCheckAttribute(configuration, client.Object)
{
SkipIdentityNameCheck = true,
};
target.OnActionExecuting(context);
}
public void NotBlocksConfiguredFastCallsWithoutClientId()
{
// we setup a request context that returns always the same session id
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost"), string.Empty, string.Empty);
// we want to allow max 2 requests in one second
var target = new FastRequestsProtectionAttribute {
RequestsPerSecondAndClient = 2
};
// calling 4 times without client id should not block
target.OnActionExecuting(context);
target.OnActionExecuting(context);
target.OnActionExecuting(context);
target.OnActionExecuting(context);
Assert.IsNotNull(target);
}
public void RedirectsConfiguredFastCalls()
{
// we setup a request context that returns always the same session id
var context = MvcTestBase.CreateRequestContext();
// we want to allow max 1 requests in one second
var target = new MinimumRequestTimeDistanceAttribute {
FaultAction = "Fault"
};
// calling 3 times should throw an exception
target.OnActionExecuting(context);
Assert.IsNotInstanceOfType(context.Result, typeof(RedirectResult));
target.OnActionExecuting(context);
target.OnActionExecuting(context);
Assert.IsInstanceOfType(context.Result, typeof(RedirectResult));
}
public void ThrowsWhenUnKnownIdAndMatchingUser()
{
var client = SetupClient(YubicoResponseStatus.Ok, "some id");
var configuration = new YubikeyConfiguration {
Users = new List <UserMapping> {
new UserMapping("some name", "some id")
}
};
var formCollection = new NameValueCollection {
{ "yubiKey", "some id" }
};
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost/test/", UriKind.Absolute), null, null, formCollection, "some unknown name");
var target = new YubikeyCheckAttribute(configuration, client.Object)
{
SkipIdentityNameCheck = false,
};
target.OnActionExecuting(context);
}
[ExcludeFromCodeCoverage] // since we expect an exception, we cannot get 100% code coverage
public void BlocksConfiguredFastCalls()
{
// we setup a request context that returns always the same session id
var context = MvcTestBase.CreateRequestContext();
// we want to allow max 2 requests in one second
var target = new FastRequestsProtectionAttribute {
RequestsPerSecondAndClient = 2
};
// calling 3 times should block access
target.OnActionExecuting(context);
target.OnActionExecuting(context);
target.OnActionExecuting(context);
var contentResult = context.Result as ContentResult;
Assert.IsNotNull(contentResult);
Assert.AreEqual("client has been blocked...", contentResult.Content);
}
public void ThrowsNullResponseExceptionForNullResponse()
{
var client = SetupClient();
var configuration = new YubikeyConfiguration {
Users = new List <UserMapping> {
new UserMapping("some name", "some id")
}
};
var formCollection = new NameValueCollection {
{ "yubiKey", "some id" }
};
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost/test/", UriKind.Absolute), null, null, formCollection);
var target = new YubikeyCheckAttribute(configuration, client.Object)
{
SkipIdentityNameCheck = true,
};
target.OnActionExecuting(context);
}
public void RedirectsConfiguredFastCalls()
{
// we setup a request context that returns always the same session id
var context = MvcTestBase.CreateRequestContext();
// we want to allow max 2 requests in one second
var target = new FastRequestsProtectionAttribute {
RequestsPerSecondAndClient = 2, FaultAction = "Fault"
};
// first call should NOT redirect
target.OnActionExecuting(context);
Assert.IsNotInstanceOfType(context.Result, typeof(RedirectResult));
target.OnActionExecuting(context);
// calling 3 times should redirect
target.OnActionExecuting(context);
Assert.IsInstanceOfType(context.Result, typeof(RedirectResult));
}
public void NotCallsStatisticsGateIfNotWanted()
{
var hasBeenCalled = false;
var mock = new Mock <IGate>();
mock.Setup(x => x.CheckRequestGate).Returns(false);
mock.Setup(x => x.CheckStatisticGate).Returns(false);
mock.Setup(x => x.StatisticsGate(It.IsAny <string>(), It.IsAny <ConcurrentDictionary <string, ClientStatistic> >())).Returns(() => hasBeenCalled = true);
var context = MvcTestBase.CreateRequestContext(new Uri("http://localhost"), string.Empty, string.Empty);
var target = new TestGateMvcAttribute(mock.Object);
target.OnActionExecuting(context);
Assert.IsFalse(hasBeenCalled);
// call gate to execute the code
mock.Setup(x => x.CheckStatisticGate).Returns(true);
target.OnActionExecuting(context);
Assert.IsTrue(hasBeenCalled);
}
public async Task NotBlocksMultipleLessThanConfiguredFastCalls()
{
// we setup a request context that returns always the same session id
var context = MvcTestBase.CreateRequestContext();
// we want to allow max 1 requests in one second
var target = new MinimumRequestTimeDistanceAttribute();
// calling 1 times should NOT throw an exception
target.OnActionExecuting(context);
var contentResult1 = context.Result as ContentResult;
Assert.IsNull(contentResult1);
await Task.Delay(1001);
// calling 2 times should NOT throw an exception
target.OnActionExecuting(context);
var contentResult2 = context.Result as ContentResult;
Assert.IsNull(contentResult2);
}
public async Task NotBlocksMultipleLessThanConfiguredFastCalls()
{
// we setup a request context that returns always the same session id
var context = MvcTestBase.CreateRequestContext();
// we want to allow max 2 requests in one second
var target = new FastRequestsProtectionAttribute
{
RequestsPerSecondAndClient = 2,
MaxRetentionTimeOfStatistics = 50,
};
// calling 2 times should NOT throw an exception
target.OnActionExecuting(context);
target.OnActionExecuting(context);
await Task.Delay(100);
// calling 2 times should NOT throw an exception
target.OnActionExecuting(context);
target.OnActionExecuting(context);
Assert.IsNotNull(target);
}
public void RendersExpectedInputBoxWithImageForAction()
{
const string Expected = "<img class=\"yubikeyCaption\" alt=\"YubiKey: \" id=\"yubiKeyImage\" src=\"/Home/targetaction?42FE943EC8A64735A978D1F81D5FFD00\" /><input class=\"yubikeyInput\" id=\"yubiKey\" name=\"yubiKey\" text=\"\"/>";
var result = MvcTestBase.CreateHtmlHelper().YubikeyInput("targetaction", new YubikeyConfiguration());
Assert.AreEqual(Expected, result.ToHtmlString());
}